Presentation is loading. Please wait.

Presentation is loading. Please wait.

UNIFIED ACCESS: APPLICATION VISIBILITY AND CONTROL

Published byProsper Webster Modified over 6 years ago

Similar presentations

Presentation on theme: "UNIFIED ACCESS: APPLICATION VISIBILITY AND CONTROL"— Presentation transcript:

1

2 UNIFIED ACCESS: APPLICATION VISIBILITY AND CONTROL
August, 2015

3 AGENDA Application Visibility and Control Demo Setup Demo
Key Takeaways

4 INDUSTRY TRENDS MOVING TO AN APPLICATION CHAOS?
Devices & BYOD Cloud & Applications Mobility The frontiers between private and professional are blurring. 41.7B App Downloads per year by 2015 Notes: Mobility is the #1 priority for IT decision makers 41.7 Billion apps downloads by 2015 1.2 Billion Smartphones to be shipped in 2014 87% of Enterprises will add video conferencing by 2014 Desktop video conferencing is expected to double by 2017 – Frost & Sullivan The BYOD phenomenon, combined with mobility and the move to the cloud creates an environment where users have access anywhere, anytime and with any device to a broad set of applications. This freedom and flexibility empowers and motivates employees to constantly explore and adopt new applications. Enterprises are getting flooded with new applications: For instance by Q there were about 100 Billion apps downloaded from Apple and Android app stores combined. Another example more specific to the enterprise is that there are over 1000 custom apps developed internally to automate workflows and business process – this category of apps is growing at a blistering rate of 52% quarter over quarter (Good TechnologyTM Mobility Index Report Q2 and Q3 2013). Just identifying SIP based multimedia traffic is not enough. Additionally, many apps are transition to an http interface. We had to augment our application detection capability and then control the network based on the context of the user, device and applications. Ovum: APPLICATION DOWNLOADS: Growth in the content market shows no signs of slowing down. Ovum indicated that during BILLION APPS WERE DOWNLOADED. This figure reached over 18 billion in 2011 and it will reach 41.7 billion in (Source: OVUM, September 2011) 28% of US online adults are using personal cloud services already, along with 41% of US information workers. The market is expected to grow from $500 million to $6 billion in direct revenue by 2016, primarily driven by the adoption of multiple devices. I identify several other revenue models, from advertising to improved retention for related services to business IT purchases, putting the total market impact at $12 billion by The three main players in this space are Apple, Google, and Microsoft, with Apple leading the pack. The personal cloud becomes the third client software platform, following mobile devices and PC OS’es Webification of business applications DETAILED APPLICATION VISIBILITY IS ESSENTIAL TO HANDLE THE APP INVASION

5 NETWORK ANALYTICS VISIBILITY & CONTROL
OV2500 Visibility Application Collection Application Reporting Control Application Enforcement Policy Management OS6860/E OAW4X50 AP’s Notes: As applications migrate towards http/html interface, the app fingerprinting is key to provide visibility Analyst notes: No one else is looking at layer 4-7 as you are. Maybe Cisco will do it in the future with ACI, but I am not hearing from anybody else. Under QoS show consistent on wired and wireless: 11e and 1p INTELLIGENCE AND ENFORCEMENT AT THE EDGE OF THE NETWORK

6 APPLICATION CONTROL POLICIES PER APPLICATION OR APPLICATION GROUP
Visibility Lync Skype BitTorrent FaceTime Box SalesForce AirPlay Control Reserve bandwidth Lower priority Blacklist Limit Bandwidth Limit Bandwidth Prioritize Optimize jitter&latency

7 Intelligent Traffic Control EMPOWER ADMINISTRATORS WITH CONTROL OF THE NETWORK
High priority real-time Medium priority business apps Low priority personal Policy enforcement at network edge Business-critical applications prioritized Harmful/non-compliant applications stopped Harmonized coexistence of business and personal apps

8 CONTEXT-BASED POLICY MANAGEMENT DYNAMIC POLICY CHANGE FOR WIRED AND WIRELESS DEVICES
Limit Facebook maximum bandwidth to 10mbps Limit max bandwidth usage to 1Mbps for all apps which are part of application group file_sharing File_sharing group: Edonkey, RapidShare, Bittorrent Prevent all employees to post on Facebook, except for the marketing team Flag Salesforce.com traffic from sales & executives with maximum priority if using corporate device Lower priority of all app group social media between 8:30 AM and 4:30 PM Social media group: Facebook, LinkedIn, Twitter Engineering Finance Guest Contractor Smartphone Tablet Desktop Printer IP Phone Time Location Posture Medium Limit access Quarantine Prioritize Control BW Video Game Social media USER + DEVICE + SITUATION You may want to skip this slide. But it puts application visibility in the context of policy-based access as one additional dimension. + APPLICATION = POLICY TO BE ENFORCED

9 Application VISIBILITY and CONTROL FUNCTIONAL VIEW
AOS Software AppMon/DPI manager QoS manager/ UNP per flow Hardware Flow Tracket (FT) SHOW THIS SLIDE ONLY TO MORE TECHNICALLY INCLINED AUDIENCE. Flow Tracker The FT session table is responsible for maintaining the states of the IP flows. FT has following characteristics: It can keep track of up to 8K IPv4 or 4K IPv6 flows. It can maintain flow entries for user ports (not supported on LAG ports) It maintains 5-Tuple key for flows: Src Ip, Dest Ip, Src L4 port, Dest L4 port and protocol (TCP/UDP) FT immediately notifies the CPU of new flow creation, flow retire, and flow statistics Signature Matching Engine (IXEngine) responsible for application matching in newly learnt flow and report the result to CPU AOS (Application Monitoring and QoS policies enforcement ) Gets the right list of QoS policies ( sMac, dMAC, sIP,dIP , VLAN,ethertype, etc.) , rules and actions Sets the HW for enforcement In a mixed VC with OS6860E/OS6860, DPI function for traffic coming on OS6860 model would be sent to the external CPU of one of the OS6860E present in the VC. Flow Tracker on the OS6860 unit will mirror the first 15 packets of a flow to the external CPU on a remote OS6860E. The recommendation is to have one OS6860E for every two OS6860 in a VC. If there are multiple OS6860E and multiple OS6860 units in a VC, then the traffic from each of the OS6860 shall be sent to a different OS6860E unit. The management interface currently defined should be carried forward in AOS R01. The custom signature support will be provided in the future utilizing the OV tools . The goal of the solution is to be able to update the IXEngine as well as the protocol bundle (signature) without requiring any reboot of the system. External CPU board Signature Matching Engine (IXEngine)

10 APPLICATION VISIBILITY AND CONTROL SUPPORTED CONFIGURATIONS
Not Supported Supported Configurations OS6860E OS6860E OS6860 OS6860 OS6860E OS6860 OS6860 Mixed stack OS6860E / OS6860 (2 to 1 ratio recommended) OS6860E standalone or stacked OS6860 standalone or stacked

11 APPLICATION VISIBILITY AND CONTROL POSITIONING: AT THE EDGE
Avg 33 flows/port 0 link agg flows Avg flows/port 8K flows is the size of the flow tracker table – 166 ( for 48 port models) to 333 max flows for 24 port model The two configurations on the right are not supported ( pink switches are edge switch with 1G uplink ) Reason: - Appmon is not supported on LAG ports and the flow table (8K will have to be shared b/n all access switches -> reduced number of flows per port -> irrelevant information Application visibility and enforcement should only be enabled at the edge Why not at the aggregation layer? it is not supported on LAG it will not be able to collect enough data to make information relevant It is not a firewall

12 APPLICATION VISIBILITY DEMO SETUP – MONITOR YOUR OWN TRAFFIC
RDP Client Or VIA Client x 6860E OV4.1.2.R03

13 NOW THE DEMO

14 UNIFIED ACCESS WITH application visibility and control KEY takeaways
Visibility of applications in the network Prioritizes business critical applications Increases security: stop risky/non-compliant apps Harmonizes business & personal network use Better use of network resources Simplify roll out of new applications Monitor adoption of new business process Understand customer behavior Notes: Protects investment BYOD ready FE upgrade SDN ready/SW upgrade IPA to AP ugrade

15 v

16 Twitter.com/ALUEnterprise
Follow us on: Twitter.com/ALUEnterprise Facebook.com/ALUEnterprise Youtube.com/user/enterpriseALU Linkedin.com – Group: Alcatel-Lucent Enterprise Updated November 2013 Slideshare.net/tagged/Enterprise Storify.com/ALUEnterprise

17 enterprise.alcatel-lucent.com

Download ppt "UNIFIED ACCESS: APPLICATION VISIBILITY AND CONTROL"

Similar presentations

© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1 High-performance Gigabit Ethernet ports rapidly transfer large files supporting.

© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1 High-performance Gigabit Ethernet ports rapidly transfer large files supporting.
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1 1 © 2011 Cisco and/or its affiliates. All rights reserved. Ingram Micro:

© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1 1 © 2011 Cisco and/or its affiliates. All rights reserved. Ingram Micro:
What’s new in this release? September 6, 2012. Milestone Systems Confidential Milestone’s September release 2012 XProtect ® Web Client 1 Connect instantly.

What’s new in this release? September 6, Milestone Systems Confidential Milestone’s September release 2012 XProtect ® Web Client 1 Connect instantly.
© 2014 Cognizant 4 th March 2015 MBaaS: Mobile Backend as a Service Pablo Gutiérrez / Senior Mobility developer.

© 2014 Cognizant 4 th March 2015 MBaaS: Mobile Backend as a Service Pablo Gutiérrez / Senior Mobility developer.
PRODUCT FOCUS 5/27/14 – 6/6/14 INTRODUCTION Our Product Focus for the next two weeks is CompTIA. CompTIA is most well known for serving as the backbone.

PRODUCT FOCUS 5/27/14 – 6/6/14 INTRODUCTION Our Product Focus for the next two weeks is CompTIA. CompTIA is most well known for serving as the backbone.
Centrix Software Application discovery and management 8 November 2012 Richard Pegden Director of Product Marketing.

Centrix Software Application discovery and management 8 November 2012 Richard Pegden Director of Product Marketing.
Be there without going there. Microsoft Lync is an enterprise-ready, unified communications platform that connects users everywhere, providing a consistent,

Be there without going there. Microsoft Lync is an enterprise-ready, unified communications platform that connects users everywhere, providing a consistent,
Office 365: Efficient Cloud Solutions Wednesday March 12, 9AM Chaz Vossburg / Gabe Laushbaugh.

Office 365: Efficient Cloud Solutions Wednesday March 12, 9AM Chaz Vossburg / Gabe Laushbaugh.
Customer Sales Presentation Stoneware webNetwork Powered by ThinkServer.

Customer Sales Presentation Stoneware webNetwork Powered by ThinkServer.
Mobility Without Vulnerability: Secure and Enable Your Mobile Users, Apps, and Devices David Clapp – Intuitive.

Mobility Without Vulnerability: Secure and Enable Your Mobile Users, Apps, and Devices David Clapp – Intuitive.
© Aastra – 2013 BluStar for iPad / iPhone September 2013 BluStar for iPad/iPhone.

© Aastra – 2013 BluStar for iPad / iPhone September 2013 BluStar for iPad/iPhone.
©2014 Extreme Networks, Inc. All rights reserved. Microsoft Skype for Business Integration Overview Leveraging the Power of Technology Partnerships Niels.

©2014 Extreme Networks, Inc. All rights reserved. Microsoft Skype for Business Integration Overview Leveraging the Power of Technology Partnerships Niels.
© 2013 Avaya Inc. All rights reserved. 1. 2 Avaya UC Collaboration Solution A complete solution for midsize companies Mobility Video SecurityNetworking.

© 2013 Avaya Inc. All rights reserved Avaya UC Collaboration Solution A complete solution for midsize companies Mobility Video SecurityNetworking.
The University of Bolton School of Games Computing & Creative Technologies LCT2516 Network Architecture CCNA Exploration LAN Switching and Wireless Chapter.

The University of Bolton School of Games Computing & Creative Technologies LCT2516 Network Architecture CCNA Exploration LAN Switching and Wireless Chapter.
Leading provider of secure mobility for the enterprise Aruba MOVE Architecture Industry’s most secure WLAN Easiest BYOD & Guest Access Zero-touch.

Leading provider of secure mobility for the enterprise Aruba MOVE Architecture Industry’s most secure WLAN Easiest BYOD & Guest Access Zero-touch.
Opportunity Beyond Ring tones in Mobile Applications Ecosystem Deepak Mittal.

Opportunity Beyond Ring tones in Mobile Applications Ecosystem Deepak Mittal.
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1 Cisco “Your Way” Experience Customer Overview April 2012.

© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1 Cisco “Your Way” Experience Customer Overview April 2012.
Networking Components WILLIAM NELSON LTEC 4550. HUB  Device that operated on Layer 1 of the OSI stack.  All I/O flows out all other ports besides the.

Networking Components WILLIAM NELSON LTEC HUB  Device that operated on Layer 1 of the OSI stack.  All I/O flows out all other ports besides the.
PROPRIETARY © Copyright 2011. Aruba Networks, Inc. All rights reserved PROPRIETARY © Copyright 2013. Aruba Networks, Inc. All rights reserved Aruba Networks.

PROPRIETARY © Copyright Aruba Networks, Inc. All rights reserved PROPRIETARY © Copyright Aruba Networks, Inc. All rights reserved Aruba Networks.
Ton den Braber Channel Manager Benelux Dell SonicWALL The Promises and Pitfalls of BYOD.

Ton den Braber Channel Manager Benelux Dell SonicWALL The Promises and Pitfalls of BYOD.

Similar presentations

Ads by Google