1 / 95

Demo LAB Afina 2014

Demo LAB Afina 2014 . Carlos Valderrábano. Aruba MOVE: Intelligent Access for Mobility. ClearPass. ArubaOS. NETWORK. Monitor Mobility Experience. GUEST. ONGUARD. DEVICE. APP. Wi-Fi AP. SWITCH. CONTROLLER. ONBOARD. MDM. Policies & Workflows. Flow-based Security & QoS.

taini
Download Presentation

Demo LAB Afina 2014

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Demo LAB Afina 2014 Carlos Valderrábano

  2. Aruba MOVE: Intelligent Access for Mobility ClearPass ArubaOS NETWORK Monitor Mobility Experience GUEST ONGUARD DEVICE APP Wi-Fi AP SWITCH CONTROLLER ONBOARD MDM Policies & Workflows Flow-based Security & QoS For Multivendor Networks Analytics & Location Self-Service 2 Confidential

  3. Recognized as an Industry Leader Leader:2013 Wireless LAN MarketScape Champion:2013 Wired & Wireless Landscape Leader:2013 Wired & Wireless Magic Quadrant 3 Confidential

  4. Also a Leader in NAC! Leader:2013 Network Access Control Magic Quadrant 4 Confidential

  5. Trusted by Enterprises Worldwide Technology Finance Social & New Media Media & Ent, Higher Education Healthcare Government Retail Public Venues Primary Education Public Transit Services Oil & Gas Manufacturing Telecom Hospitality 5 Confidential

  6. Education 6 Confidential

  7. Healthcare Confidential

  8. Retail, Industry, Transport Confidential

  9. Finance, High-Tech Confidential

  10. All Wireless Office Confidential

  11. Mobility Is a Team Sport Always-On TAC Organization Largest Enterprise Mobility Community Best-in-Class Integration Partners Seoul 14 180 3K+ 6K+ 16K+ 1.3M+ Support Centers Engineers Partners Support Engineers views / mo. Trained Techs Confidential

  12. Movilidad y Roaming

  13. Challenges for the Wireless Network Unintelligent Clients Many devices are “sticky” in nature • Client Diversity • New device models every 6 months • Mix of Wi-Fi speeds and capabilities • Crowded Wi-Fi • Multiple devices per user • Carriers pushing users to Wi-Fi Confidential

  14. Expected Data Rates for 802.11ac Confidential

  15. Solution: Aruba ClientMatch™ Confidential

  16. Manage the Air: Aruba’s ARM Fair distribution of clients across bands eg. 2.4-GHz and 5-GHz Fair distribution of air-time per radio eg. iPad vs. MacBook vs. iPod Fair distribution of clients across channels eg. Ch 36, 40, 44 Channel 1 Channel 6 Channel 11 Confidential

  17. L2/L3 Mobility L2 Mobility design • Layer 2 Mobility • User keeps application connectivity within domain, if its layer 3 network address is maintained • Client maintains IP address as it roams and is assigned address from same IP subnet L3 Mobility design • Layer 3 Mobility • User roams from AP-Subnet A to an AP-Subnet B. Layer 3 network address must change to maintain L3 connectivity on Subnet B • Aruba L3 Mobility allows the HMD client to maintain the same IP address even though it is roaming to a different subnet Confidential

  18. What’s Aruba’s most famous trademark?SECURITY

  19. Aruba’s Magic Sauce: the Firewall Role-Based Access Control Access Rights SSID-Based Access Control RADIUS LDAP AD Staff Executive Virtual AP 1 SSID: Corp Finance Contractors Legal Voice Corporate Services DMZ HR Virtual AP 2 SSID: GUEST Video Secure Tunnel To DMZ Guest Captive Portal Guest

  20. Secure the Air: Wireless IDS/IPS Integrated to all APs, always-on eg. 40 radios for IPS with 20 APs 5-GHz visibility to Wi-Fi spectrum eg. channels 36,37,38,39 No air-time waste during threat mitigation, against any rogue device Rogue Client Rogue AP Aruba 802.11n Confidential

  21. Clear the Air: Spectrum Analyzer SPECTRUM ANALYZER Cost effective, integrated to all 802.11n APs No specialized chip or time slicing eg. 100% channel visibility Detailed charts, on-demand record/playback eg. No external laptop Confidential

  22. Controladores, Arquitectura y Alta Disponibilidad

  23. Mobility Controllers CAMPUS 7240 2048 CAP/2048 RAP 32K Users 40 Gbps Firewall 7210 512 CAP/512 RAP 16K Users 20 Gbps Firewall Scale 7220 1024 CAP/1024 RAP 24K Users 40 Gbps Firewall LARGE OFFICE M3 512 CAP/1024 RAP 8K Users 20 Gbps Firewall 3600 128CAP/512 RAP 8K Users 4Gbps Firewall 3400 64 CAP/256 RAP 4KUsers 4 Gbps Firewall 3200 32 CAP/128 RAP 2K Users 3 Gbps Firewall Performance Confidential

  24. Summary Scale Performance Confidential

  25. Controller Throughput Confidential

  26. HA Models with Fast Failover • Active / Active • Controller 1 serves APs and acts as Standby for AP served by Controller 2 and vice versa. If one controller fails, the APs will fail over to other controller • Active / Standby • The Active controller serves all AP. If the Active controller fails, all APs will fail over to the Standby controller • N+1 • The Standby controller supports APs from multiple controllers • The AP capacity of the Standby controller must be able to support the total number of APs from the Active Controllers Confidential

  27. Campus Access Points Confidential

  28. Extend Work Desk to Remote Locations Remote Access Points Aruba Virtual Intranet Access (VIA) client Remote Access Points Aruba Virtual Intranet Access (VIA) client • DESIGNED FOR BRANCH OFFICES, HOME OFFICES & BUSINESS TRAVELERS • Secure access to corporate resources • Zero-touch provisioning • Wired & wireless connectivity (APs) • DESIGNED FOR BRANCH OFFICES, HOME OFFICES & BUSINESS TRAVELERS • Secure access to corporate resources • Zero-touch provisioning • Wired & wireless connectivity (APs) Confidential

  29. Airwave

  30. Barriers to Mobile Network Operations • Lack of end-to-end visibility of user network issues • Too many disparate, non-integrated tools • Legacy network management systems not designed with mobile users in mind Network Problems Client Problems Users Focus on service quality and operational efficiency Confidential

  31. Network Management Models New Model: User-Centric Management Old Model: Port-Based Management Many classes of users Multiple devices per user Fully mobile population Control the air Known user population One device per user Fixed locations Manage the wire Visibility and Context: keys to user-centric management Confidential

  32. Global Visibility and Troubleshooting • Network-wide visibility • Root-cause analysis and reporting • RAPIDS rogue AP/client detection • Easy-to-use interface AirWave Centralized Monitoring and Management Home Office Wireless Branch Regional Branch Micro Branch Campus HQ Road Warrior Road Warrior Confidential

  33. AirWave Key Features Confidential

  34. AirWave Visibility Tools • RF Performance • Client RF health, SNR, and speed statistics • Firewall • Application performance / usage by devices, destinations, WLANs, users or roles • RF Capacity • Network-wide AP threshold and usage statistics • Anomaly Detection • Current client count and network usage statistics compared to 40 week rolling average • Watched Clients • SNR, speed and health statistics for VIPs / problem-prone clients Confidential

  35. VisualRF Mapping and Location • Centralized Visibility Dashboard • Displays accurate location information for all wireless users, rogues, and devices • Up-to-date heat maps and channel maps for RF diagnostics • Historical user location playback • Easy import of existing floor plans and building maps • VisualRF Plan provides off-line planning capabilities • Multi-floor & Channel utilization Heat maps, data rates, and sensor coverage provides network-wide visibility of devices, APs, Rogues, and more Historical Location Tracking by User Device

  36. Reports (I): Reports Setup Confidential

  37. Las amenazas invisibles Reports (II): User Sessions User Sessions Report This report provides details pertaining to user sessions in the WLAN. This information contains info such as what OS, Manufacturer or the Device type is being used by the end users. Which radios 802.11 a/b/g/n are being used for connecting to the WLAN How many users are on which SSIDs Number of users by VLAN or Role Amount of time each user is connected for. Amount of bandwidth being consumed by the user. Confidential

  38. Reports (III): RF Health RF Health Report This report can flag Most Noise, Most Channel changes and Most Interfering devices in your WLAN. Confidential

  39. Reports (IV): Device Summary • Device Summary Report • The Device Summary Report identifies devices that are the most or least used devices, and a comprehensive list of all devices. One potential use of this report is to establish more equal bandwidth distribution across multiple devices. This report contains the following items: • Most/Least Utilized by Maximum Number of Simultaneous Users • Most/Least Utilized by Bandwidth • Devices in AMP (example you can filter to only show APs in this list instead of controllers) Confidential

  40. Clearpass: BYOD Seguro

  41. BYOD es ahora genérico BYOD 2013+ BYOD 2012 VPN Device Network User iOS ANY NETWORK Employee Confidential

  42. BYOD Is Changing the IT Service Model PRE-BYOD • Help Desk • Engineering • Operations • POST-BYOD Design desktop, voice, network Build & deploy Self-selected devices, apps & services User-defined infrastructure Self-provision Self-support Support Confidential

  43. Aruba ClearPass Product Summary Policy Manager: AAA Services Device Profiling and Visibility Onguard: NAC Device risk management Guest: Self-Service guest Access Onboarding:BYOD VPN Confidential

  44. BYOD requires Policy… but based on what? NAS Device User Application Employee Contractor Visitor Shopper Patient Access Network ClearPass Confidential

  45. Acceso diferenciado y seguro para todos los usuarios y dispositivos • Identificación de dispositivos como base para ordenar el tráfico y mejorar la seguridad de la red. • Autoprovisión para todos los dispositivos móviles más importantes. • Acceso controlado y recuperación para los dispositivos comprometidos. • Acceso a la red seguro para invitados con flujos de trabajo simplificados. • Seguridad, información y cumplimiento normativo mejorados. Confidential

  46. Habilitar BYOD en los servicios de red Expandir la movilidad AirWave Network Management • Permitir BYOD • Aplicaciones a través de cualquier tipo de acceso a la red • Creación de perfiles según el tipo de cliente que se conecta • Visibilidad de los multiples puntos de acceso • Escalable Mobility Controller ClearPass Access Management + DATA CENTER Thin Access On-Ramps REMOTEOFFICE WIRELESS WIRED VPN OUTDOOR Any Device Confidential

  47. Where does Clear Pass fit? Same as your RADIUS Access Methods Policy Enforcement Points Policy Decision Points VPN ClearPass Policy Manager AAA Wireless User WLAN Controller Customer’s LAN Wired User Switch Active Directory or LDAP Server SQL Store VPN Concentrator Remote User Confidential

  48. Flexible Guest Access ClearPass Policy Manager New Visitor Access Network 3. Sponsor Account enabled, visitor notified via screen, SMS, or email 1. Collect visitor information 2. Sponsor prompted to confirm that guest is valid Confidential

  49. Arquitectura Clearpass ClearPass Policy Manager: Gestióncentralizadaparapoliticas y AAA. Incluye 3 modulos: • ClearPass Profile: Identificar los dispositivos de la red, como base para la toma de decisiones políticas (incluido el acceso de forma gratuita con CPPM) • ClearPass Onboard: Auto-servicio de aprovisionamiento de dispositivos móviles , configuración de la red y la seguridad, distribución y revocación de credenciales del dispositivo. • ClearPassOnGuard: Permite realizar evaluaciones exhaustivas de los dispositivos. Minimizan el riesgo de virus y uso indebido de las aplicaciones y servicios antes de conectar los dispositivos a la red. • ClearPass Guest: Gestión de acceso de invitados (antiguoAmigopod) Confidential

  50. The Campus Architecture for the Next 10 Years Hi-speed Wi-Fi WiredAccess Mobility Core Data Center AirWave ClearPass MobilityControllers MobilityAccessSwitches 802.11n -or- 802.11ac Confidential

More Related