agile network agile management

of 21 /21
Feeling Agile Network

Author: huawei-enterprise-hong-kong

Post on 10-Dec-2014

206 views

Category:

Technology


2 download

Embed Size (px)

DESCRIPTION

By Ms. Ci Ci Zhong, Research and Development, Huawei Enterprise Business Group

TRANSCRIPT

  • 1. Feeling Agile Network
  • 2. Your Needs Web/ProxyApp Server-Group Remote officeEmployee CustomerBYOD GuestDumb terminal ICP App Server EDC DMZ BYOD visits dumb terminal Employee visits dumb terminal Employee communication Simple, Secure, Controlled
  • 3. Agility Features Create an Agile Network Web/ProxyApp Server-Group BYOD ICP App Server EDC DMZ Service layer Network layer User layer Intrane t eSightController Agile Switch InternetInternet Service Orchestration Specified data traffic forwarding path Free Mobility On-demand access control SVF 1.1 Plug-and-play network devices 1.2 Centralized configuration of service templates 1.3 Uniform wired and wireless network monitoring iPCA Quick E2E fault location 50 2 1 3 5 4Unified Security Remote office Customer
  • 4. Lifecycle Agility Features Network Design Fault Location 1 SVF 1.1 Plug-and-Play 1 SVF 1.2 Centralized Configuration 50 2 Free Mobility 3 Service Orchestration 4 Unified Security iPCA 5 Service Deployment Routine Monitoring
  • 5. 1.1 SVF-> Plug-and-Play SVF-Parent SVF-Client 3. Automatically create management channels AS and AP are virtualized. Shield differences of wired and wireless networks and transmit traffic of ASs and APs over same management channels (CAPWAP) 2. Power on SVF-Client 1. Pre-deployment Configure management channel Add port to virtual group eSight Network Design Service Deployment Routine Monitoring Fault Location
  • 6. 1.1 SVF-> Plug-and-Play Experience 1. Display topology after pre-deployment 2. Power on the new device, plug-and-play 3. Clients are vertically virtualized and displayed under Parent 4. Parent panel shows vertically virtualized topology Network Design Service Deployment Routine Monitoring Fault Location
  • 7. Lifecycle Agility Features Network Design Fault Location 1 SVF 1.1 Plug-and-Play 1 SVF 1.2 Centralized Configuration 50 2 Free Mobility 3 Service Orchestration 4 Unified Security iPCA 5 Service Deployment Routine Monitoring
  • 8. 1.2 SVF-> Centralized Configuration SVF-Parent SVF-ClientSVF-Client Ethernet WiFi Service Profile User Group Parent: uses same service profiles for wired and wireless users Client: automatically delivers parameters based on type of access devices User: adapts to the authentication method based on access interface type Network Design Service Deployment Routine Monitoring Fault Location
  • 9. Lifecycle Agility Features Network Design Fault Location 1 SVF 1.1 Plug-and-Play 1 SVF 1.2 Centralized Configuration 50 2 Free Mobility 3 Service Orchestration 4 Unified Security iPCA 5 Service Deployment Routine Monitoring
  • 10. 2 Free Mobility Phase 1 2 Administrator configures user and resource access rights on Agile Controller. Agile Controller translates the configuration into machine language and delivers it to devices on the entire network. When a user logs in, the policy enforcement point obtains user rights configured based on 5W1H conditions, and enforces the access policy. Deploy policies Enforce policies Deliver policies Service flow Policy enforcement pointWAN/Internet Agile Controller WAN/Internet Email, ERP, code HQ access: R&D/sales/guests Branch access: R&D/sales/guests Internet: R&D/sales NGFW SW SW SW SW NGFW SVN Centralized policy control allows network resources to migrate with mobile users Network Design Service Deployment Routine Monitoring Fault Location Data Center Phase
  • 11. 2 Free Mobility Experience 1. Pre-Configure policies 2. Obtain Access policies based on 5W1H Network Design Service Deployment Routine Monitoring Fault Location
  • 12. Lifecycle Agility Features Network Design Fault Location 1 SVF 1.1 Plug-and-Play 1 SVF 1.2 Centralized Configuration 50 2 Free Mobility 3 Service Orchestration 4 Unified Security iPCA 5 Service Deployment Routine Monitoring
  • 13. 3 Service Orchestration Functions: Security resources are concentrated in a resource center to allow flexible allocation of security capabilities based on attributes such as resources, users, and zones, improving security protection capabilities of the entire network. Typical applications: Guest online behavior management Virus cleaning Security resource center User Group Resource Group Internet Tunnel Tunnel Agile Switch Security policy ASG Online behavior management NGFW Firewall Agile Controller Security policy Tunnel Service flow Network Design Service Deployment Routine Monitoring Fault Location
  • 14. 3 Service Orchestration Experience 1. Agile switch GRE Security resource center 2. Flexible service orchestration based on service scenarios Simply drag the mouse Network Design Service Deployment Routine Monitoring Fault Location
  • 15. Lifecycle Agility Features Network Design Fault Location 1 SVF 1.1 Plug-and-Play 1 SVF 1.2 Centralized Configuration1 SVF 1.3 Unified Management 50 2 Free Mobility 3 Service Orchestration 4 Unified Security iPCA 5 Service Deployment Routine Monitoring
  • 16. 4 Unified Security Security event collection Collect event logs from network devices, security devices, servers, and terminals. Big Data analytics Analyze a huge amount of correlated log information to show security condition of the entire network and detect security risks. Network security evaluation Evaluate security threat severity on the entire network, show the attack topology, and identify top-risky assets and zones to provide information for network security protection. Security correlation and active defense Agile Controller delivers adjusted security policies to related devices in response to security events. For example, the devices can log out users or block traffic from these users. Log collection Security policies take effect Big Data analytics Network security evaluation Network Design Service Deployment Routine Monitoring Fault Location
  • 17. 4 Unified Security Experience 1. Network-wide or domain-wide security threat evaluation 2. Focus on TOPN risky assets 3. Drill-down domain-wide threat status, view security detail information and handling suggestions Network Design Service Deployment Routine Monitoring Fault Location
  • 18. Lifecycle Agility Features Network Design Fault Location 1 SVF 1.1 Plug-and-Play 1 SVF 1.2 Centralized Configuration 50 2 Free Mobility 3 Service Orchestration 4 Unified Security iPCA 5 Service Deployment Routine Monitoring
  • 19. 5 iPCA Network Management eSight Agile Switch Operators leased network Shenzhen Headquarters Beijing Branch Mark 1. Device/Link 3. WAN Egress 2. End to End Stat. Network Design Service Deployment Routine Monitoring Fault Location
  • 20. 5 iPCA Experience 1.Device/Link-level measurement 2. End-to-end quick measurement Network Design Service Deployment Routine Monitoring Fault Location 3-1. Create a conservation domain 3-2. Conservation domain measurement