Presentation is loading. Please wait.

Presentation is loading. Please wait.

Secure Automated Campus & Fabric Connect

Published byWilliam Hutchinson Modified over 5 years ago

Similar presentations

Presentation on theme: "Secure Automated Campus & Fabric Connect"— Presentation transcript:

1 Secure Automated Campus & Fabric Connect
Nuno Rocha Senior System Engineer March 2019

2 Customer-Driven Networking
Campus Networking Data Center Networking Edge/Campus/ Software Management Edge/Campus Networking Wireless Networking Extreme is a Customer Driven Networking company…. We build and deliver solutions that deliver customer outcomes…our focus is on helping our customers deliver outcomes…customer driven means outside in…. And we’ve come along way in building our competency in delivering customer outcomes… Our heritage…. We have assembled best of breed technologies from each of these companies….put together the best in class features/functions for our from Campus, DC, Edge, Wireless, Core….management….to build our solution pillars Solution pillars Agile data center Automated campus Smart OmniEdge And brought to customer driven outcomes with the applications, services and support for our customers in verticals…

3 Automated Campus

4 Automated Campus – Value Pillars
Simple Secure Intelligent Policy-Driven Automation for Compelling Business Outcomes This is a good place to talk about one of the success stories and tie the reasons for the win to these three value pillers. Simple: True network simplification from SPB (802.1aq or RFC 6329, one of the authors is our own Paul Unbahagen) Single pane of glass 100% application visibility Unified wired and wireless Secure: Ubiquitous Hyper-Segmentation / Stealth Policy-based control Comprehensive security ecosystem Intelligent: True 360 degree network view with context & scale Automated edge Automated network services Similar to the network edge, simplicity, security and intelligence are built into our campus solutions. We deliver simplicity through our innovative Fabric enabled architecture called Fabric Connect. This is a technology we acquired through the Avaya Networking acquisition and it is a technology that has been bringing simplicity and automation to customer networks for many years. It is a technology that has had a profound effect on the customers who have chosen to deploy it… it allows them to be more efficient. To stop performing manual repetitive tasks and focus on things that are much more strategic in nature. From a security perspective, we deliver strong encryption with our switching products and breach containment with Fabric’s hyper-segmentation capability. This offers the ability to create totally isolated secure networks - the benefit being if a breach occurs – the breach is contained just to that segment. It provides a dead-end for a hacker so they don’t compromise other parts of the network. Finally the intelligence of our software and management applications gives us the ability to have a true 360 degree network view.

5 Automated Campus Benefits and Outcomes
Simple “Multicast w/o the complexity – 28x faster” “31x faster ramp to Digital Transformation” Secure “A network that isolates security breaches automatically” “Reduce human error” Intelligent “Network adapts to changing business needs” “Troubleshoot 7x faster” Compare and contrast how the same benefit needs to be articulated differently to a technical audience vs. a business audience Reference the white paper that is available. Source: Fabric Connect – The Quiet Revolution – White Paper

6 Virtual Network Connectivity Services
Automated Campus End-to-End Network Services Layer 3 virtualized unicast Service Layer 3 unicast Service (shortcut) IPv6 virtualized* Service Layer 2 E-LAN Service E-Tree Service Network Services Layer 3* virtualized multicast Service Layer 3 multicast Service (shortcut) IPv6* Service VXLAN* Service E-Line Service Infrastructure Abstracting Service from Infrastructure: Network as a Plug & Play Utility *VSP only

7 11x Faster time to Service with Simple Edge Provisioning
Automated Campus Status Quo NETWORK Video Surveillance Servers With Extreme Hop by hop provisioning Moves, adds and changes require core reconfiguration Vulnerable to human error during change Services coupled to physical topology Edge Provisioning only Core is hands-off Moves, adds, and changes on the fly (no more maintenance windows) Services abstracted from topology NETWORK Application Servers

8 END-TO-END CONTROL PLANE
Enhanced Security with Hyper-Segmentation Prevents Lateral Movements Creating Dead Ends for Hackers Automated Campus Financial Systems Application Servers Personal Data Records END-TO-END CONTROL PLANE Limited VLAN chaining and VRF’s Campus VLANs and ACLs Without Hyper-Segmentation Isolation is fragmented and limited in scale VLAN Chaining With Hyper-Segmentation Zones effortlessly reach across entire network NETWORK Micro-segmentation in the data center Application Servers Here is a depiction of how network segmentation is generally done today. VLAN’s came about to form broadcast domains at the edge of the network. Access Control Lists simply map user permissions to systems. Micro segmentation secures connections mainly between servers in a data center. Attempts to create an end-to-end segment either involves a costly and complex MPLS LAN implementation or using VLAN chaining when IT organizations configure switch-by-switch a VLAN path across the network – including configuring the network core which becomes very risky. With hyper-segmentation, only the network end-points are configured and the end-to-end control plane takes care of everything else. In fact, by just plugging a device into the network a segment can be automatically configured on the network end-point – but more on that later. Because of the ease of configuration, creating hundreds or thousands of unique virtual networks becomes practical. The limit is 16 million. Once Hyper-segments are created, organizations experience a reduction in the attack surface, a quarantine function if a segment is breached, improvement of anomaly scanning, and greater firewall efficiency. Imagine being able to have secure isolated zones for financial transactions, customer records, video surveillance, physical security, R&D groups, executives, IoT devices, kiosks, etc… And one of the best parts is yet to come.

9 Automated Security Policy-Based Service Creation and Access
Campus Financial Systems Application Servers Personal Data Records END-TO-END CONTROL PLANE Individual end-to-end segments deliver secure traffic separation: Hyper-Segmentation Isolate critical applications, information or users Hackers cannot hop from one compromised system to the next Limited VLAN chaining and VRF’s Here is a depiction of how network segmentation is generally done today. VLAN’s came about to form broadcast domains at the edge of the network. Access Control Lists simply map user permissions to systems. Micro segmentation secures connections mainly between servers in a data center. Attempts to create an end-to-end segment either involves a costly and complex MPLS LAN implementation or using VLAN chaining when IT organizations configure switch-by-switch a VLAN path across the network – including configuring the network core which becomes very risky. With hyper-segmentation, only the network end-points are configured and the end-to-end control plane takes care of everything else. In fact, by just plugging a device into the network a segment can be automatically configured on the network end-point – but more on that later. Because of the ease of configuration, creating hundreds or thousands of unique virtual networks becomes practical. The limit is 16 million. Once Hyper-segments are created, organizations experience a reduction in the attack surface, a quarantine function if a segment is breached, improvement of anomaly scanning, and greater firewall efficiency. Imagine being able to have secure isolated zones for financial transactions, customer records, video surveillance, physical security, R&D groups, executives, IoT devices, kiosks, etc… And one of the best parts is yet to come. Security Enhanced Without Increasing Complexity

10 Automated Security Policy-Based Service Creation and Access
Campus Application Servers Personal Data Records Financial Systems Individual end-to-end segments deliver secure traffic separation: Hyper-Segmentation Isolate critical applications, information or users Hackers cannot hop from one compromised system to the next Extreme policy and/or control secures auto-attachment of Users/Devices to hyper-segment Enables granular control over who and what has access to a segment Both hyper-segmentation and policy enforcement for auto-attach are dynamic Limited VLAN chaining and VRF’s Security Enhanced Without Increasing Complexity Here is a depiction of how network segmentation is generally done today. VLAN’s came about to form broadcast domains at the edge of the network. Access Control Lists simply map user permissions to systems. Micro segmentation secures connections mainly between servers in a data center. Attempts to create an end-to-end segment either involves a costly and complex MPLS LAN implementation or using VLAN chaining when IT organizations configure switch-by-switch a VLAN path across the network – including configuring the network core which becomes very risky. With hyper-segmentation, only the network end-points are configured and the end-to-end control plane takes care of everything else. In fact, by just plugging a device into the network a segment can be automatically configured on the network end-point – but more on that later. Because of the ease of configuration, creating hundreds or thousands of unique virtual networks becomes practical. The limit is 16 million. Once Hyper-segments are created, organizations experience a reduction in the attack surface, a quarantine function if a segment is breached, improvement of anomaly scanning, and greater firewall efficiency. Imagine being able to have secure isolated zones for financial transactions, customer records, video surveillance, physical security, R&D groups, executives, IoT devices, kiosks, etc… And one of the best parts is yet to come.

11 Enhanced Security with Elasticity Eliminates Back Door Entry Points
Automated Campus IoTs in Infusion Pump Zone IoT is removed -- zone is automatically contracted NETWORK Infusion Pump Monitor END-TO-END CONTROL PLANE IoT moved -- zone automatically expands appropriately NETWORK Infusion Pump Monitor END-TO-END CONTROL PLANE END-TO-END CONTROL PLANE NETWORK Infusion Pump Monitor

12 Video Surveillance Servers
Fabric Connect is Resilient Delivering 2500X Faster Network Recovery (from mins to milliseconds) Automated Campus Load balanced, active/ active network Full network recovery in milliseconds (L2/3, even multicast) Eliminates the domino effect of protocol overlays Recovers so quick that upper layer communications protocols are unaffected Instantaneous Recovery Video Surveillance Servers Video Surveillance Cameras

13 Automated Campus - Summary
Simple One Protocol, Simple Multicast, ZTP+, Unified Wired & Wireless, Single Pane of Glass Secure Hyper-Segmentation, Elasticity, Stealth, NAC, Policy, IGE, Defender Intelligent Fabric, Edge-only Provisioning, ASAP, Profiling, Workflows, Analytics

14 Fabric Connect – A Closer Look

15 Fabric Connect is Simple: From 4-10 Protocols to 1
Traditional MPLS Fabric Connect Benefits: BGP PIM Faster to Deploy Increased Stability Easier Troubleshooting Faster Resiliency Lower Costs OSPF Extreme Fabric Connect VLANS STP 1 Protocol (IEEE/ IETF Shortest Path Bridging) 802.1

16 Comments Q&A

17

Download ppt "Secure Automated Campus & Fabric Connect"

Similar presentations

Ethernet Switch Features Important to EtherNet/IP

Ethernet Switch Features Important to EtherNet/IP
© Copyright 2012 HP 1 Hoe uw netwerk afstemmen op de evolutie van uw datacenter? Raf Peeters, HP Geert De Ron, RealDolmen.

© Copyright 2012 HP 1 Hoe uw netwerk afstemmen op de evolutie van uw datacenter? Raf Peeters, HP Geert De Ron, RealDolmen.
1 Marc Randall #AvayaATF © 2014 Avaya Inc. All rights reserved. Sr Vice President & General Manager Avaya Networking.

1 Marc Randall #AvayaATF © 2014 Avaya Inc. All rights reserved. Sr Vice President & General Manager Avaya Networking.
Introducing New Additions to ProSafe Advanced Smart Switch Family: GS724TR and GS748TR (ProSafe 24 and 48-port Gigabit Smart Switches with Static Routing)

Introducing New Additions to ProSafe Advanced Smart Switch Family: GS724TR and GS748TR (ProSafe 24 and 48-port Gigabit Smart Switches with Static Routing)
Transitioning to IPv6 April 15,2005 Presented By: Richard Moore PBS Enterprise Technology.

Transitioning to IPv6 April 15,2005 Presented By: Richard Moore PBS Enterprise Technology.
NDN in Local Area Networks Junxiao Shi The University of Arizona 2014-09-04 1.

NDN in Local Area Networks Junxiao Shi The University of Arizona
Stealth Networks- Private and Secure Networking for Critical Assets & Infrastructure July 2014 Ed Koehler - Avaya.

Stealth Networks- Private and Secure Networking for Critical Assets & Infrastructure July 2014 Ed Koehler - Avaya.
VLANs Virtual LANs CIS 278.

VLANs Virtual LANs CIS 278.
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Software Defined Networking.

© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Software Defined Networking.
1 Version 3.0 Module 8 Virtual LANs. 2 Version 3.0.

1 Version 3.0 Module 8 Virtual LANs. 2 Version 3.0.
Citrix Partner Update The Citrix Delivery Centre.

Citrix Partner Update The Citrix Delivery Centre.
VLANs Semester 3, Chapter 3 Allan Johnson Website:

VLANs Semester 3, Chapter 3 Allan Johnson Website:
Institute of Technology, Sligo Dept of Computing Semester 3, version 2.1.3 Semester 3 Chapter 3 VLANs.

Institute of Technology, Sligo Dept of Computing Semester 3, version Semester 3 Chapter 3 VLANs.
Secure Network Design: Designing a Secure Local Area Network IT352 | Network Security |Najwa AlGhamdi1 Case Study

Secure Network Design: Designing a Secure Local Area Network IT352 | Network Security |Najwa AlGhamdi1 Case Study
(part 3).  Switches, also known as switching hubs, have become an increasingly important part of our networking today, because when working with hubs,

(part 3).  Switches, also known as switching hubs, have become an increasingly important part of our networking today, because when working with hubs,
S T A N F O R D U N I V E R S I T Y I N F O R M A T I O N T E C H N O L O G Y S E R V I C E S C o m m u n i c a t i o n S e r v i c e s July 12, 2 0 1.

S T A N F O R D U N I V E R S I T Y I N F O R M A T I O N T E C H N O L O G Y S E R V I C E S C o m m u n i c a t i o n S e r v i c e s July 12,
The Citrix Delivery Center. 2 © 2008 Citrix Systems, Inc. — All rights reserved Every Day, IT Gets More Complex EMPLOYEES PARTNERS CUSTOMERS.

The Citrix Delivery Center. 2 © 2008 Citrix Systems, Inc. — All rights reserved Every Day, IT Gets More Complex EMPLOYEES PARTNERS CUSTOMERS.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Introducing Network Design Concepts Designing and Supporting Computer Networks.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Introducing Network Design Concepts Designing and Supporting Computer Networks.
Vic Liu Liang Xia Zu Qiang Speaker: Vic Liu China Mobile Network as a Service Architecture draft-liu-nvo3-naas-arch-01.

Vic Liu Liang Xia Zu Qiang Speaker: Vic Liu China Mobile Network as a Service Architecture draft-liu-nvo3-naas-arch-01.
15.1 Chapter 15 Connecting LANs, Backbone Networks, and Virtual LANs Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or.

15.1 Chapter 15 Connecting LANs, Backbone Networks, and Virtual LANs Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or.

Similar presentations

Ads by Google