intelligent switching: bringing user and application knowledge and control to the lan
Post on 28-Jul-2015
303 Views
Preview:
TRANSCRIPT
Critical IT Tasks
Troubleshooting
» Incident response
Device support
» Printers, VoIP phones
Access Control» Compliance, NAC
New services»Wireless, VoIP
Critical IT Tasks
Troubleshooting
» Incident response
Device support
» Printers, VoIP phones
Access Control» Compliance, NAC
New services»Wireless, VoIP
Critical IT tasks
are made
harder by
today’s
switches.
Intelligent Switching
Simplifies Tasks• What
– New architecture for user and application control• Dynamic and flexible – programmable hardware
• Integrated – user/role/app knowledge plus switching
• Simple – easier to maintain than legacy architecture
• Where– Deployed close to the user for tightest control
– On the same port used for LAN connectivity
• How– Roll out with network upgrades for VoIP, wireless
User and
Application
Control
Intelligent Switching Architecture
User/Device
Apps
Visibility,
Policy
Role
Destination
Native to the switch Business context Smarter LAN
Bottom Line: Having intelligence directly in the switch
simplifies the task of applying controls.
Legacy Architecture
Wire speed
Micro-seconds
Fixed
Packet-based
IP address
Limited to L4
Complex – VLANs/ACLs
Overlay, external apps
Sampled L4 data
Legacy vs. Intelligent Architecture
Performance
Latency
Hardware
Processing
User context
Application detail
Access policies
Security
Audit/troubleshoot
Intelligent Architecture
Wire speed
Micro-seconds
Programmable
Flow-based
Identity, device, role
Rich L7+ detail
Dynamic – by user/role/app
Embedded
Full user/app/resource data
Bottom Line: The legacy switch architecture cannot
support intelligent switching.
Corporate
LAN
The Functions of an Intelligent Switch
Authentication
Role Derivation
Policy Enforcement
Host Assessment
User Behavior Analysis
Allow only valid users onto the network
Query identity store for group/role info
Check endpoint posture
Apply access policy to each flow
Decode every flow, tied to user and app
Audit Trail Track each flow by username, app, file, server
Switch directly supports NAC and other control features
with no additional equipment or applications.
Intelligent Switching in Action
printer
Active Directory
ConSentry InSight
Command Center
IBM contractordjones
IBM
finance server
Internet
guest
wireless employee
Windows
login
employeejsmith
Windows
login
“jsmith” = finance“djones” = IBM contractor
finan
ce ser
ver
IBM
ser
ver
Windows
login
User and application control
Transparent to users
Supports non-user devices
Spans wired/wireless, local/remote
bootup
role = printer
VPN
remote
employee
Windows
login
finance server
VoIP
phone
policy = SIP only on Port 5060
Key Operational Gains
• Avoid VLAN/ACL changes and updates
– Automated role-based control
• Speed incident response and troubleshooting
– Full user and application details
• Simplify controls and auditing for compliance
– Complete log of activity
• Boost employee productivity
– Focus stays on business applications
Case Study: Adaptec
• Complete overhaul of existing Cisco network
• Access switch upgrade requirements:
– Increase bandwidth, support VoIP, wireless
– Tighten user controls – from lab to production, within production
• Options: Cisco brand vs. ConSentry features, simplicity
• Choice: ConSentry intelligent switching
– Time savings for automated user separation – vs. ACLs
– User- vs. port-based access controls – follow the user
– Detailed LAN usage statistics – for audits, network planning
ConSentry saves Adaptec time and money and enables
better control.
Broad Market Adoption
Select Customers (200+) Recognition
“The best example of these new [switch] vendors is ConSentry Networks.”
--Mark Fabbi, Gartner
top related