data sheet brocade ironview network manager · 2010-03-01 · brocade® ®ironview network manager...

BROCADEIRONVIEW NETWORK MANAGER

MANAGEMENT SOFTWARE

HIGHLIGHTS•Industry’sfirstnetworkmanagertodeliverunifiedmanagementofwired,wireless,andMPLSservicesfrom asingleapplication

•ComprehensiveFault,Configuration,Accounting,Performance,andSecurity(FCAPS)managementacrossthe BrocadeIPnetworkingproductfamily

•Flexible,scalablearchitecturethatcanmanagethousandsofBrocadeand third-partydevicesinlargeorganizationswithhighlydistributedenvironments

•Dashboardandthumbnailviewsofwiredandwirelessdevices,currentstatus,eventandalarmsummary,andnetworkvisibilityfortroubleshootingandanalysis

•Comprehensivesecuritymanagementcapabilities,includingBrocadeIronShield360Closed-LoopSecurity

•NetworktopologydiscoverywithLayer2,VLAN,IPsubnet,STP/RSTP,MRPRing,andMPLSviews,aswellasmultiplelayoutandsizingtools

•Rapiddeploymentofgroupnetwork andpolicychangestoreduce operatingexpenses

•Standards-based,highlysecurenetworkmanagementsystembuiltonJava, SNMP,andsFlow(RFC3176)

Reliable, Scalable, and Secure Network Management

DATASHEET www.brocade.com

Brocade®IronView®NetworkManager(INM)providesorganizationswithcomprehensivetoolsforconfiguring,managing,monitoring,andsecuringtheBrocadefamilyofwiredandwirelessnetworkproducts.INMisanintelligentnetworkmanagementsolutionthatreducesthecomplexityofchanging,monitoring,andmanagingnetwork-widefeaturessuchasAccessControlLists(ACLs),ratelimitingpolicies,VirtualLANs(VLANs),softwareandconfigurationupdates,andnetworkalarmsandevents.

UsingINM,organizationscanautomaticallydiscoverBrocadenetworkequipmentandimmediatelyacquire,view,andarchiveconfigurationsforeachdevice.Inaddition,theycaneasilyconfigureanddeploygrouppoliciesforwiredandwirelessproducts.

INMutilizestheBrocadehigh-speed, securearchitecturewithintegratedsFlowtechnology(describedinRFC3176)toprovidehardware-basedreal-timenetworkmonitoringandaccountingcapabilities.Thesefeaturesprovidewire-speedswitchingandroutingperformancewith“always-on”faultandperformancemanagement,capacityplanning,intrusiondetection,securitypolicing,andprecisenetworktrafficaccounting.

INDUSTRY’S FIRST UNIFIED NETWORK MANAGERBrocadeINMistheindustry’sfirstnetworkmanagementsystemtoprovideunifiedmanagementforwired,wireless,andMultiprotocolLabelSwitching(MPLS)servicesfordatacenter,campus,andserviceprovidernetworks.Fromasingleinterface,organizationscanmonitorandmanagetheentireBrocadeIPnetworkingproductportfolio,includingtheBrocadeTurboIron®24Xtop-of-rackswitch,BrocadeFastIron®CXSeriesswitches,andBrocadeServerIron®ADXSeriesofapplicationdeliverycontrollers.

INMprovidescomprehensivemanagementofMPLSservicesthroughtheMPLSManagerapplication,supportingMPLSVirtualPrivateLANServices(VPLS),LocalVPLS,MPLSVirtualLeasedLine(VLL),andLocalVLLserviceswithanintuitiveanduser-friendlyinterface(seeFigure1).

INMalsofeaturesaRepresentationalStateTransfer(REST)-basedNorthboundInterface,providingthecapabilitytointegrateINMwiththird-partyNetworkManagementSystem(NMS)andOperationalSupportSystem(OSS)offerings.Throughthis

interface,clientprogramscanretrieveinventoryinformationaboutBrocadewiredandwirelessdevices,aswellasthird-partydevices,byusingJavaorPerlscripts.

TheServerIronManagerprovidesVirtualIP(VIP)andGlobalServerLoadBalancing(GSLB)managementforBrocadeServerIronapplicationdeliverycontrollers,includingdisplayofphysicalandvirtualIPaddresses,physicalandvirtualserverportbindings,andstatus.

INMalsocentralizesmanagementoftheentirefamilyofBrocadewirelessproducts,includingBrocadeIronPoint®200/250wirelessaccesspoints,IronPointswitches,andtheIronPointmobilitycontrollerseries.RFmonitoringcapabilitieshelpidentify,preventaccessto,andreportonrogueaccesspointsandad-hocclientnetworks.

SIMPLIFIED NETWORK MANAGEMENT INMfeaturesintuitiveandeasy-to-useWeb-basedtoolsthatgreatlysimplifymanagementandreduceadministrationtime,resultinginloweroperationalcosts.BuiltonaJava-basedplatform,INMprovidesseamlesscontroloversoftwareandconfigurationupdatesforBrocadeproductsfromanywhereinthenetwork—resultinginmoreeffectivemanagementofmidsizedandlargenetworks.

TheINMDashboardpresentsat-a-glancesummaryinformationofalldiscoveredBrocadeandthird-partydevices,includinginventoryandeventsummaryinformationusedtoidentifyproblemareasandanticipatepotentialnetworkdowntime (seeFigure2).

TheintegratedTopologyManagerdiscoveryandnetworkmappingcapabilityprovidesLayer2,VLAN,IPsubnet,STP/RSTP,MRPRing,andMPLSviewsofmanageddevices.Apowerfulsearchtoolallowsorganizationstoquicklylocatedevicesbasedonmultiplesearchcriteria.Theycanalsoimporttheirownbackgroundmapsandpositioneachnodeaccordingtoitsgeographicallocation(seeFigure3).

Organizationscangroupandfilterbothdevicesandportsinthedevicetreetodisplayonlyspecifictypesoroperationalstatus.Nodesareshownwithdetailedinformation,includingname,IPaddress,trunkgroups,andinterfacenames. Inaddition,organizationscanquicklygeneratedetailedreportsforall Brocadedevicesinthemap.

Organizationscanalsoconfigure,manage,anddeployconfigurationstogroupsofwiredorwirelessdevicesthroughtheDeviceConfigurationManager,greatlyreducingadministrationoverheadandsimplifyingmanagement.Throughthistool,theycandiscoverandconfigureVLANswithinthenetwork,configurewirelessaccesspointrealms,groupwirelessLANswitchesintodomainsforLayer3mobilitysupport,orexecuteCLIcommandsonspecificdevicesorgroupsofdevicestocreateconfigurationsandreports.

DeviceconfigurationchangescanbetrackedthroughtheintegratedINMChangeManager,whichenablestheviewing,retrieval,andrestorationofconfigurationfiles(seeFigure4).Configurationbackupscanbeperformedmanuallyorscheduledtorunautomatically.

Figure 1.TheINMMPLSManagerprovidescomprehensivemanagementofMPLSservices.

Figure 2. TheINMDashboardpresentssummaryinformationfordiscoveredBrocadeandthird-partydevices.

Apre/post-snapshotfeatureissuesdeviceconfigurationmonitoringcommandsbefore,after,orbeforeandafteraconfigurationchangeisdeployed.

Organizationscanthencompareconfigurationstoquicklyidentifyproblemsduringconfigurationdeployments,andusethemtorollbacktoapreviousconfigurationifnecessary.ChangeManageralsoenablessoftware,diagnostic,andbootimagestobemanuallyorautomaticallyimportedintoINM,whichcanstoremultipleversionsofsoftwarethatcanbedeployedtogroupsofdevices.

Inaddition,theINMReportManagerprovidesarichsetofpredefinedassetreportswithdetailedinformationaboutthediscovereddevices,includingkeyattributessuchasname,IPaddress,versioninformation,producttype,lastscandate/time,andstatus.Thelibraryofpredefinedreportsincludesreportsforwiredandwirelessdevices,modules,VLANs,IPsubnets,IP/MACaddresses,accesspointusage,andmore.

INCREASED NETWORK AVAILABILITYINMincludesapowerfulEventManagertohelptroubleshootnetwork-relatedissues.ItcanreceiveSNMPtraps,Syslogevents,Snort,andsecuritypartnereventmessagesforreporting,analysis,monitoring,andremediation.ItcanalsoprovidealertsaboutanyeventsthatINMisconfiguredtoanalyze,whichhelpsorganizationsincreasenetworkavailabilityandmeettheirServiceLevelAgreements(SLAs).

ThetrapforwardingfeatureallowsINMtofilterSNMPtrapsandpassthemontothird-partyapplicationscapableofmanagingevents

frommultiplevendors.INMcanalsousetheBrocadeCLIconfigurationmanagertosupportfullclosed-loopnetworkremediation,triggeringspecificactionswhencertainerrorconditionsaremet.

TheINMTrafficAnalyzerprovidesmanagementandmonitoringtoolsforsFlowreporting,accounting,andpresentation.TheINMsFlowcollectioncapabilityisidealforgeneratingtrafficreportsandgainingvisibilityintonetworkactivity,evenattheedge,whereplacingsensorsiscostlyandcomplex.Withacustomreportgenerator,organizationscandefineanysetofreportsbasedonthedatacollectedfromsFlow.TheycanalsousetheTrafficAnalyzertoperformnetworktrendingandanalysisfornetwork-widetroubleshooting.

Moreover,INMhelpsorganizationskeeptrackofessentialnetworkperformanceinformationsuchasCPUutilization,powerandfanstatus,andpacketflow.ThePerformanceMonitorisanadvancedgraphingtoolthatcanplotanySNMPvaluethataBrocadeorthird-partydevicesupports.EachgraphcancontainuptofiveSNMPvalues,andcanbeexportedasanimageorCSVfileforfuturereferenceorfurtheranalysis.

ROBUST SECURITY FEATURESToincreaseoverallsecurity,INMcontainsmanyfeaturestomanageallthesecurityaspectsofanetwork.TheMACFilterManagersupportstheimporting,configuration,anddeploymentofMACfiltersto/fromBrocadewiredandwirelessdevicesthatsupportthem.MACfilteringcapabilities

enabletheconfigurationofpermitanddenyfunctionsforsourceanddestinationMACandEthernettype.

INMalsoprovidesthecapabilitytorapidlyconfigureanddeployAccessControlLists(ACLs)inwiredandwirelessswitchesandroutersthroughtheACLManager.UsingACLManager,organizationscanreplicateACLsfromanindividualdeviceorgroupofdevicesontootherBrocadedevices.Inaddition,ACLManagersupportspredefinedandwell-knownserviceACLstosimplifymanagementwhileprovidingtheflexibilitytocustomizethembyaddingnewTCPorUDPports.

AnotherkeysecurityfeatureofINMistheBrocadeIronShield®360Closed-LoopSecurityandIntrusionDetection.INMsFlow

Figure 3. TheINMTopologyManagerprovidesavarietyofviewsformanageddevices.

collectioncapabilitiescanbeintegratedwithopensourceIntrusionDetectionSystems(IDSs),suchasSnort—andintegratedwiththeINMEventManagertoprovideclosed-loopintrusiondetection,prevention,andremediation.

WithIronShield360,thesFlowcollectionmoduleswithinINMcanconvertsFlowtotheopensourcePCAPformat.ThePCAPdatacanthenbepipeddirectlyintoSnortandotheropensourceIDSsoftwaretoidentifyaccidentalormaliciousnetworkactivityandsendalertstoINMthroughtheIDSEventManager.

INMcanthentakedirectremedialactiononthisnetworkactivitythroughauniquesecuritypolicymanager.Thispowerful

Figure 4. TheINMChangeManagerprovidesanefficientwaytoview,retrieve,andrestoreconfigurationfiles.

eventpr oc es s or

eventcol l ec t or

Rem

edia

tion

Actio

n

sFlowsFlowsFlowsFlow

IronView Network Manager

sflow

sFlow Collector

sFlow PCAPConverter

Snort

SnortAlerts

Attacks, Viruses, Threats

Attacks, Viruses, Threats

Figure 5. IronShield360Closed-LoopSecurityhelpsINMdetectandpreventnetworkintrusions.

DATASHEET

©2009BrocadeCommunicationsSystems,Inc.AllRightsReserved.08/09GA-DS-1263-01

Brocade,theB-wingsymbol,BigIron,DCX,FabricOS,FastIron,IronPoint,IronShield,IronView,IronWare,JetCore,NetIron,SecureIron,ServerIron,StorageX,andTurboIronareregisteredtrademarks,andDCFM,ExtraordinaryNetworks,and SANHealtharetrademarksofBrocadeCommunicationsSystems,Inc.,intheUnitedStatesand/orinothercountries.Allotherbrands,products,orservicenamesareormaybetrademarksorservicemarksof,andareusedtoidentify,productsorservicesoftheirrespectiveowners.

Notice:Thisdocumentisforinformationalpurposesonlyanddoesnotsetforthanywarranty,expressedorimplied,concerninganyequipment,equipmentfeature,orserviceofferedortobeofferedbyBrocade.Brocadereservestherighttomakechangestothisdocumentatanytime,withoutnotice,andassumesnoresponsibilityforitsuse.Thisinformationaldocumentdescribesfeaturesthatmaynotbecurrentlyavailable.ContactaBrocadesalesofficeforinformationonfeatureandproductavailability.ExportoftechnicaldatacontainedinthisdocumentmayrequireanexportlicensefromtheUnitedStatesgovernment.

Corporate Headquarters SanJose,CAUSAT:+1-408-333-8000info@brocade.com

European Headquarters Geneva,SwitzerlandT:+41-22-799-56-40 emea-info@brocade.com

Asia Pacific Headquarters SingaporeT:+65-6538-4700 apac-info@brocade.com

www.brocade.com

Windows Linux SolarisSupportedOSVersions 2003ServerSP2,Server2008,

XPProfessionalEditionSP3RedHatEnterpriseLinuxRelease4AS,ES,WS,andDesktop;RedHatEnterpriseLinuxRelease5AdvancedPlatform,BaseServer,andDesktop

9and10SPARC

RecommendedCPUSpeed andMemory

1 to 200 Devices 3.0GHzPentium4,3GBRAM

201 to 1000 Devices MulticoreXeonProcessor3000sequenceorabove(orsimilarAMDprocessor),4GBRAM

1001+ Devices Dual(ormore)Xeon5000sequenceorabove(orsimilarAMDprocessor), 4+GBRAM

1 to 200 Devices 3.0GHzPentium4,3GBRAM

201 to 1000 Devices MulticoreXeonProcessor3000sequenceorabove(orsimilarAMDprocessor),4GBRAM

1001+ Devices Dual(ormore)Xeon5000sequenceorabove(orsimilarAMDprocessor), 4+GBRAM

1 to 200 Devices SunUltraSPARCT1(orsimilarUltraSPARCprocessor),3GBRAM

201 to 1000 Devices SunUltraSPARCT2(orsimilarUltraSPARCprocessor),4GBRAM

1001+ Devices SunUltraSPARCT2+(orsimilarUltraSPARCprocessor),4+GBRAM

RecommendedHDDSpace 200GB 200GB 200GB

SYSTEM REQUIREMENTSINMsoftwareanddocumentationareshippedonaCD-ROM.InadditiontohavingaCD-ROMdrive,thehostsystemmustmeettherequirementsshownbelow.

INM SERVER REQUIREMENTS

INM CLIENT REQUIREMENTS*Windows Linux Solaris

SupportedOS XPProfessionalSP3,VistaBusiness,2003ServerSP2,Server2008

RedHatEnterpriseLinuxRelease5AdvancedPlatform,BaseServer, andDesktop

10SPARC

InternetExplorer IE7.0,IE8.0 Notsupported NotsupportedMozilla Firefox3.0.x Firefox3.0.x Firefox3.0.xJavaPlug-In JRE-1.6.0_13 JRE-1.6.0_13 JRE-1.6.0_13

* Required to access Web-based INM applications; specifications subject to change without notice.

capabilityturnsINMintoafullintrusiondetectionandpreventionsolution.BecausesFlowisavailableonallBrocadeIPswitchesandrouters,INMcost-effectivelydetectsandpreventsintrusionsthroughoutthenetwork—evenattheedge(seeFigure5).

INMprocesseseventsandtakesremedialactionforanumberofanomalydetectionapplications.ByextendingtheeventprocessortohandleeventsfromIronShield360securitypartners,INM

providestheindustry’sfirstclosed-loopsecurityandmanagementsolutionforbothsignatureandanomalydetection.

MAXIMIZING INVESTMENTSTohelpoptimizetechnologyinvestments,Brocadeanditspartnersoffercompletesolutionsthatincludeeducation,support,andservices.Formoreinformation, contactaBrocadesalespartnerorvisitwww.brocade.com.