The author of this article is Sergey Fedorov, cisco instructor, CCIE Security # 22974. If the article arouses interest, the author will receive an invite to Habr. Further - from his face (with my insets).
UPD. The purpose of the post is to convey to those interested the fact of the presence of Cisco, and, perhaps, to contemplate the author of the article as an expert in the May buffet.
UPD2. Sergey Fedorov - habrayuzer, if someone did not notice :) Here: fedia . Welcome :)
Why Cisco? This chapter begins the Cisco Sales Course. I will call my short essay so and I.
So why Cisco? What is there in this 5-letter magic word? Is there really nothing better?
Ask any administrator, seller, integrator - everyone will sparkle with the fact that they know a case when there is one or another solution that is simpler, cheaper, better, more productive than the solution from Cisco ...
That's just a step to the left, a step to the right of this wonderful solution, and it becomes much more difficult to find a replacement ...
I’ll try to briefly describe what are the strengths of Cisco solutions.
Coverage.Cisco solutions have no competitors in this parameter. The widest range of all network solutions, from the SOHO market to provider solutions, from small but functional routers, to network management systems of large enterprises.
- Multifunction routers
- Powerful, smart switches
- Active Protection Devices - ASA, ACE
- Intrusion Prevention Systems - IPS
- Wireless Central Access Systems
- Unified Communications (VoIP, video conferencing, telepresence, call management systems)
- Central Host Security Systems (CSA)
- Access Control System (NAC)
- And ... everything else you can think of :)
The main thing is that cisco does not stop there and “keeps its nose to the wind”, investing money in promising areas and coming up with new ones, for example, buying promising developments and integrating them into its decisions. Thus, having received the support of such a giant, interesting solutions have a chance to break into the “people”.
Reliability. Everything breaks, the only question is when. Reliability cisco is checked by years of successful operation. I won’t lie - and Cisco has had unsuccessful series, unsuccessful releases of operating systems, but overall fault tolerance is beyond doubt.
Flexibility.The same hardware, depending on the operating system and stuffing with modules, can perform completely different functions: protective, unified communications gateway, service ... And this means that if you want something new, there is a big chance to buy nothing, but simply dial several teams.
Interdependence. A crooked word, but it reflects the essence. Different pieces of iron that perform different functions can depend on each other and control each other. This allows you to make the network a living organism, and not a set of disparate devices.
Debugging Very important for configuration and customizers: the broadest troubleshooting capabilities built into almost all Cisco devices.
Intellectuality.It’s hard to sell just expensive iron. Need to sell an idea and opportunity. All Cisco devices contain a wide range of technologies, protocols, ideologies, both standard and their own, to expand the capabilities of the network.
Performance. Cisco is a leader in many segments of the market and must meet this high rank. Therefore, unique solutions appear, such as CRS (one such piece of iron is enough to provide communications, say, all of Great Britain!). Now top solutions with 10 gigabyte interfaces are in the segment of firewalls, and in the segment of routers, and in the segment of intrusion prevention systems ...
Replica : A fully populated CRS contains over 1000 linecards at 40 Gbit / s each and theoretically can scale to 92 Tb / s bandwidth via multi-chassis configuration, although multichassis systems of such size were never delivered or shown to public. As of 2009, the largest production CRS-1 system is limited to eight line card chassis, for a total of 10Tbps. While the device was in development, it was known by the code name of HFR, or Huge Fucking Router.
Centralization. Cisco devices can not be managed individually, but I use powerful systems, for example, cisco security manager. You can also centrally collect all kinds of statistics and analyze it - MARS. No one has yet proposed a similar solution to centralizing accounting.
Of course, solutions from one manufacturer will never be the best EVERYWHERE. For example, the favorite task of small offices - to limit the speed and quota to the user - is solved at Cisco expensively. “Why, the simplest free proxy can do this!” Exclaims the meticulous reader and will be right. This is just one example where "there is a much better solution."
Not only that, I will say sedition: not everyone needs Cisco solutions! Why overpay for the simplest solutions that cisco will cost significantly more? Why pay for extra features if you never use them? You only need to think: what if these "excesses" are required?
Well, at the end of the list of typical misconceptions. Rather, it is one thing: Cisco is extremely expensive!
It's a delusion. And it stems from the fact that the customer is offered a solution that is not designed for him! The cisco company has a bunch of resources (some of them I explicitly collected on AntiCisco), allowing you to choose a solution. But the catch is that domestic "medium" companies fall, as a rule, into the lower range of SMB (Small-Medium Business). And they offer them, with an annual turnover of $ 50k, solutions for $ 25k ...
Cyrill : by the way, I used some of the solutions, with the permission of the author, in the article “ Modern Office Infrastructure - 2 ”.
For example, I’ll give a comparison: the customer needs 10 Mbps of Internet, 10 encrypted tunnels with shops of 2 megabits each. Formally, the customer must supply:
- ASA. We take with stock - ASA5510, with an extended license ($ 5000)
- The router exits to the provider (well, as the Customer then wants 2 providers). It is clear that ISR is better. With a margin - 2811 ($ 3500)
- Switch inside naturally L2 / L3, 3560 series, with gigabits ($ 6000)
- Well, set up - 15% minimum.
Total, laying some sort of discount, about 12-13 thousand dollars!
And the Customer has a plan to spend 2, a maximum of 3 thousand dollars. What will the customer say? And then he’ll go buy it inexpensively. We will not name the brands :) He will be satisfied: he saved and solved the problem. Now. And then he will think about the extension, if any.
But it was enough to take a closer look at the task and not stupidly redraw the recommended pictures!
The solution could be this:
- ASA 5505, unlimited users, plus license - $ 1700
- If you want 2x providers or if you need a non-Ethernet connection - ISR 18xx ($ 1,500)
- Leave the switch old if it can VLAN, trunk to ASA, and then route it. If you can not - Catalyst Express - $ 700
- Setting 15%
Total: maximum 3 thousand dollars with discounts, including work. And a bunch of additional amenities that you can configure later and get new functionality.
In general, I’m not dragging anyone by force. My goal is simple - to help make an informed and balanced choice :)
All prosperity and success!
If you have any questions or suggestions on cisco, contact us at AntiCisco : I ’ll be happy to help myself or connect another “heavy artillery” :)
Sincerely, Sergey Fedorov, cisco instructor, CCIE Security # 22974