As knowledge workers continue to work remotely, work from home has rapidly escalated from one of many remote work options to “the remote work option”. For Network Administrators, this means enabling employees with the basics – laptops and corporate network connectivity, and optimizing application delivery despite unpredictable network performance due to bandwidth contention and latency. This can also result in increased tech support calls from the end-user complaining about the VPN connectivity and poor network performance.
Cisco’s OfficeExtend Access Point (OEAP) allows a Network Administrator to extend the secure, scalable, and manageable corporate WLAN across the internet to the Teleworker’s (employee’s) home. This allows the Teleworker to securely connect back to the private network from their home simply using their regular wireless profile and not having to set up a VPN or other type of remote access. Remote users will be able to connect, have access to corporate resources, and “feel” just like they are connected to the wireless network at the corporate office.
The ease of work from home for employees should not come at a cost of increased administrative load and pre-configuration of access points for network admins. To address this, Cisco’s Office Extend feature makes the remote work option seamless for employees as well as for network administrators using zero-touch deployment.
The simple architecture of OfficeExtend consists of the remote site and corporate office components. The remote site is the home network of the Teleworker and consists of a home router and Cisco’s OfficeExtend Access Point. The Office component consists of Cisco PnP cloud and Catalyst 9800 Wireless LAN Controller.
Cisco’s OfficeExtend Access Point (OEAP) allows a Network Administrator to extend the secure, scalable, and manageable corporate WLAN across the internet to the Teleworker’s (employee’s) home. This allows the Teleworker to securely connect back to the private network from their home simply using their regular wireless profile and not having to set up a VPN or other type of remote access. Remote users will be able to connect, have access to corporate resources, and “feel” just like they are connected to the wireless network at the corporate office.
The ease of work from home for employees should not come at a cost of increased administrative load and pre-configuration of access points for network admins. To address this, Cisco’s Office Extend feature makes the remote work option seamless for employees as well as for network administrators using zero-touch deployment.
The simple architecture of OfficeExtend consists of the remote site and corporate office components. The remote site is the home network of the Teleworker and consists of a home router and Cisco’s OfficeExtend Access Point. The Office component consists of Cisco PnP cloud and Catalyst 9800 Wireless LAN Controller.
Cisco OfficeExtend architecture.
How does it work?
Cisco’s Teleworker Solution using OfficeExtend AP focuses on zero-touch deployment and significantly reduces the extra efforts of employee-specific access point configuration. The network administrator does not have to preconfigure the access points and it can be directly shipped to the Teleworker’s home with no configuration. Teleworker will just need to power up the Cisco AP and connect it behind the home router. The AP will boot, connect to the corporate Wireless LAN Controller (WLC), and will start broadcasting the corporate wireless network at the Teleworker’s home.
Admins can use Cisco’s Network Plug and Play (PnP) to provision the AP’s. On the PnP cloud, admins will have the profiles defined for AP’s based on the AP serial number. The controller profile has information about the primary and secondary IP address of the corporate WLC. The admin can simply import the AP serial numbers using a CSV file and assign them a controller profile.
Workflow for Cisco Teleworker Solution using OfficeExtend AP.
Let’s explore the workflow in detail. After initial boot up, the AP will get the IP address from the home router and connect to the PnP cloud at software.cisco.com. When the PnP cloud receives redirection requests from the AP, it will check for the serial number, assign controller profile, and send the details of corporate wireless controller’s IP address to the AP. The AP will then use this IP address to form a secure CAPWAP tunnel with the corporate WLC.
Once the Control and Provisioning of Wireless Access Points (CAPWAP) tunnel is formed, the AP will download the latest available software and all the advanced configurations from the corporate WLC. After the AP joins the controller as OEAP it will start broadcasting the corporate wireless network at the Teleworker’s home. The teleworker now can connect to this wireless network using secure enterprise authentication, and access the corporate resources and the internet. To make sure that unauthorized AP’s should not join the corporate WLC, the admin can enable the AP authentication on WLC.
What are the Added Advantages of OfficeExtend AP over VPN?
The OfficeExtend establishes a secure Datagram Transport Layer Security (DTLS) connection between the access point and the controller. With simple onboarding, the end-user does not need to install any VPN software and can connect multiple devices to the corporate network. Having corporate SSID broadcasted at home makes it easy to connect and eliminates the need to ever sign on to a VPN.
Advantages of OfficeExtend AP over VPN.
How does the Teleworker Solution Benefits Network Admin and Teleworker?
Teleworker:
Cisco OfficeExtend AP provides the highest level of security and enables the deployments of additional hardware such as Cisco IP phones. This effectively creates a small office for the employee giving them all the access they will expect while at the office. In addition, the solution allows spouses and children to access the Internet, using custom personal SSID, without introducing additional security risks to corporate policy.
Network Administrators:
By using the same management, operations, and infrastructure as the corporate WLAN, the OfficeExtend solution simplifies the process of extending real-time, high-performance network services to remote locations. Network admins have more control and visibility which helps in troubleshooting any connectivity issues from the Teleworker side and gives them the ability to differentiate issues between ISP versus corporate. Admins do not have to define new security policies and the existing Cisco TrustSec policies can be extended to have a more secure network.
Recommended Products for Teleworker Solution on IOS XE Software 17.3.1 release:
Teleworker Solution on IOS XE Software 17.3.1
0 comments:
Post a Comment