BROCADEIRONVIEW NETWORK MANAGER
MANAGEMENT SOFTWARE
HIGHLIGHTS•Industry’sfirstnetworkmanagertodeliverunifiedmanagementofwired,wireless,andMPLSservicesfrom asingleapplication
•ComprehensiveFault,Configuration,Accounting,Performance,andSecurity(FCAPS)managementacrossthe BrocadeIPnetworkingproductfamily
•Flexible,scalablearchitecturethatcanmanagethousandsofBrocadeand third-partydevicesinlargeorganizationswithhighlydistributedenvironments
•Dashboardandthumbnailviewsofwiredandwirelessdevices,currentstatus,eventandalarmsummary,andnetworkvisibilityfortroubleshootingandanalysis
•Comprehensivesecuritymanagementcapabilities,includingBrocadeIronShield360Closed-LoopSecurity
•NetworktopologydiscoverywithLayer2,VLAN,IPsubnet,STP/RSTP,MRPRing,andMPLSviews,aswellasmultiplelayoutandsizingtools
•Rapiddeploymentofgroupnetwork andpolicychangestoreduce operatingexpenses
•Standards-based,highlysecurenetworkmanagementsystembuiltonJava, SNMP,andsFlow(RFC3176)
Reliable, Scalable, and Secure Network Management
DATASHEET www.brocade.com
Brocade®IronView®NetworkManager(INM)providesorganizationswithcomprehensivetoolsforconfiguring,managing,monitoring,andsecuringtheBrocadefamilyofwiredandwirelessnetworkproducts.INMisanintelligentnetworkmanagementsolutionthatreducesthecomplexityofchanging,monitoring,andmanagingnetwork-widefeaturessuchasAccessControlLists(ACLs),ratelimitingpolicies,VirtualLANs(VLANs),softwareandconfigurationupdates,andnetworkalarmsandevents.
UsingINM,organizationscanautomaticallydiscoverBrocadenetworkequipmentandimmediatelyacquire,view,andarchiveconfigurationsforeachdevice.Inaddition,theycaneasilyconfigureanddeploygrouppoliciesforwiredandwirelessproducts.
INMutilizestheBrocadehigh-speed, securearchitecturewithintegratedsFlowtechnology(describedinRFC3176)toprovidehardware-basedreal-timenetworkmonitoringandaccountingcapabilities.Thesefeaturesprovidewire-speedswitchingandroutingperformancewith“always-on”faultandperformancemanagement,capacityplanning,intrusiondetection,securitypolicing,andprecisenetworktrafficaccounting.
INDUSTRY’S FIRST UNIFIED NETWORK MANAGERBrocadeINMistheindustry’sfirstnetworkmanagementsystemtoprovideunifiedmanagementforwired,wireless,andMultiprotocolLabelSwitching(MPLS)servicesfordatacenter,campus,andserviceprovidernetworks.Fromasingleinterface,organizationscanmonitorandmanagetheentireBrocadeIPnetworkingproductportfolio,includingtheBrocadeTurboIron®24Xtop-of-rackswitch,BrocadeFastIron®CXSeriesswitches,andBrocadeServerIron®ADXSeriesofapplicationdeliverycontrollers.
INMprovidescomprehensivemanagementofMPLSservicesthroughtheMPLSManagerapplication,supportingMPLSVirtualPrivateLANServices(VPLS),LocalVPLS,MPLSVirtualLeasedLine(VLL),andLocalVLLserviceswithanintuitiveanduser-friendlyinterface(seeFigure1).
INMalsofeaturesaRepresentationalStateTransfer(REST)-basedNorthboundInterface,providingthecapabilitytointegrateINMwiththird-partyNetworkManagementSystem(NMS)andOperationalSupportSystem(OSS)offerings.Throughthis
interface,clientprogramscanretrieveinventoryinformationaboutBrocadewiredandwirelessdevices,aswellasthird-partydevices,byusingJavaorPerlscripts.
TheServerIronManagerprovidesVirtualIP(VIP)andGlobalServerLoadBalancing(GSLB)managementforBrocadeServerIronapplicationdeliverycontrollers,includingdisplayofphysicalandvirtualIPaddresses,physicalandvirtualserverportbindings,andstatus.
INMalsocentralizesmanagementoftheentirefamilyofBrocadewirelessproducts,includingBrocadeIronPoint®200/250wirelessaccesspoints,IronPointswitches,andtheIronPointmobilitycontrollerseries.RFmonitoringcapabilitieshelpidentify,preventaccessto,andreportonrogueaccesspointsandad-hocclientnetworks.
SIMPLIFIED NETWORK MANAGEMENT INMfeaturesintuitiveandeasy-to-useWeb-basedtoolsthatgreatlysimplifymanagementandreduceadministrationtime,resultinginloweroperationalcosts.BuiltonaJava-basedplatform,INMprovidesseamlesscontroloversoftwareandconfigurationupdatesforBrocadeproductsfromanywhereinthenetwork—resultinginmoreeffectivemanagementofmidsizedandlargenetworks.
TheINMDashboardpresentsat-a-glancesummaryinformationofalldiscoveredBrocadeandthird-partydevices,includinginventoryandeventsummaryinformationusedtoidentifyproblemareasandanticipatepotentialnetworkdowntime (seeFigure2).
TheintegratedTopologyManagerdiscoveryandnetworkmappingcapabilityprovidesLayer2,VLAN,IPsubnet,STP/RSTP,MRPRing,andMPLSviewsofmanageddevices.Apowerfulsearchtoolallowsorganizationstoquicklylocatedevicesbasedonmultiplesearchcriteria.Theycanalsoimporttheirownbackgroundmapsandpositioneachnodeaccordingtoitsgeographicallocation(seeFigure3).
Organizationscangroupandfilterbothdevicesandportsinthedevicetreetodisplayonlyspecifictypesoroperationalstatus.Nodesareshownwithdetailedinformation,includingname,IPaddress,trunkgroups,andinterfacenames. Inaddition,organizationscanquicklygeneratedetailedreportsforall Brocadedevicesinthemap.
Organizationscanalsoconfigure,manage,anddeployconfigurationstogroupsofwiredorwirelessdevicesthroughtheDeviceConfigurationManager,greatlyreducingadministrationoverheadandsimplifyingmanagement.Throughthistool,theycandiscoverandconfigureVLANswithinthenetwork,configurewirelessaccesspointrealms,groupwirelessLANswitchesintodomainsforLayer3mobilitysupport,orexecuteCLIcommandsonspecificdevicesorgroupsofdevicestocreateconfigurationsandreports.
DeviceconfigurationchangescanbetrackedthroughtheintegratedINMChangeManager,whichenablestheviewing,retrieval,andrestorationofconfigurationfiles(seeFigure4).Configurationbackupscanbeperformedmanuallyorscheduledtorunautomatically.
Figure 1.TheINMMPLSManagerprovidescomprehensivemanagementofMPLSservices.
Figure 2. TheINMDashboardpresentssummaryinformationfordiscoveredBrocadeandthird-partydevices.
Apre/post-snapshotfeatureissuesdeviceconfigurationmonitoringcommandsbefore,after,orbeforeandafteraconfigurationchangeisdeployed.
Organizationscanthencompareconfigurationstoquicklyidentifyproblemsduringconfigurationdeployments,andusethemtorollbacktoapreviousconfigurationifnecessary.ChangeManageralsoenablessoftware,diagnostic,andbootimagestobemanuallyorautomaticallyimportedintoINM,whichcanstoremultipleversionsofsoftwarethatcanbedeployedtogroupsofdevices.
Inaddition,theINMReportManagerprovidesarichsetofpredefinedassetreportswithdetailedinformationaboutthediscovereddevices,includingkeyattributessuchasname,IPaddress,versioninformation,producttype,lastscandate/time,andstatus.Thelibraryofpredefinedreportsincludesreportsforwiredandwirelessdevices,modules,VLANs,IPsubnets,IP/MACaddresses,accesspointusage,andmore.
INCREASED NETWORK AVAILABILITYINMincludesapowerfulEventManagertohelptroubleshootnetwork-relatedissues.ItcanreceiveSNMPtraps,Syslogevents,Snort,andsecuritypartnereventmessagesforreporting,analysis,monitoring,andremediation.ItcanalsoprovidealertsaboutanyeventsthatINMisconfiguredtoanalyze,whichhelpsorganizationsincreasenetworkavailabilityandmeettheirServiceLevelAgreements(SLAs).
ThetrapforwardingfeatureallowsINMtofilterSNMPtrapsandpassthemontothird-partyapplicationscapableofmanagingevents
frommultiplevendors.INMcanalsousetheBrocadeCLIconfigurationmanagertosupportfullclosed-loopnetworkremediation,triggeringspecificactionswhencertainerrorconditionsaremet.
TheINMTrafficAnalyzerprovidesmanagementandmonitoringtoolsforsFlowreporting,accounting,andpresentation.TheINMsFlowcollectioncapabilityisidealforgeneratingtrafficreportsandgainingvisibilityintonetworkactivity,evenattheedge,whereplacingsensorsiscostlyandcomplex.Withacustomreportgenerator,organizationscandefineanysetofreportsbasedonthedatacollectedfromsFlow.TheycanalsousetheTrafficAnalyzertoperformnetworktrendingandanalysisfornetwork-widetroubleshooting.
Moreover,INMhelpsorganizationskeeptrackofessentialnetworkperformanceinformationsuchasCPUutilization,powerandfanstatus,andpacketflow.ThePerformanceMonitorisanadvancedgraphingtoolthatcanplotanySNMPvaluethataBrocadeorthird-partydevicesupports.EachgraphcancontainuptofiveSNMPvalues,andcanbeexportedasanimageorCSVfileforfuturereferenceorfurtheranalysis.
ROBUST SECURITY FEATURESToincreaseoverallsecurity,INMcontainsmanyfeaturestomanageallthesecurityaspectsofanetwork.TheMACFilterManagersupportstheimporting,configuration,anddeploymentofMACfiltersto/fromBrocadewiredandwirelessdevicesthatsupportthem.MACfilteringcapabilities
enabletheconfigurationofpermitanddenyfunctionsforsourceanddestinationMACandEthernettype.
INMalsoprovidesthecapabilitytorapidlyconfigureanddeployAccessControlLists(ACLs)inwiredandwirelessswitchesandroutersthroughtheACLManager.UsingACLManager,organizationscanreplicateACLsfromanindividualdeviceorgroupofdevicesontootherBrocadedevices.Inaddition,ACLManagersupportspredefinedandwell-knownserviceACLstosimplifymanagementwhileprovidingtheflexibilitytocustomizethembyaddingnewTCPorUDPports.
AnotherkeysecurityfeatureofINMistheBrocadeIronShield®360Closed-LoopSecurityandIntrusionDetection.INMsFlow
Figure 3. TheINMTopologyManagerprovidesavarietyofviewsformanageddevices.
collectioncapabilitiescanbeintegratedwithopensourceIntrusionDetectionSystems(IDSs),suchasSnort—andintegratedwiththeINMEventManagertoprovideclosed-loopintrusiondetection,prevention,andremediation.
WithIronShield360,thesFlowcollectionmoduleswithinINMcanconvertsFlowtotheopensourcePCAPformat.ThePCAPdatacanthenbepipeddirectlyintoSnortandotheropensourceIDSsoftwaretoidentifyaccidentalormaliciousnetworkactivityandsendalertstoINMthroughtheIDSEventManager.
INMcanthentakedirectremedialactiononthisnetworkactivitythroughauniquesecuritypolicymanager.Thispowerful
Figure 4. TheINMChangeManagerprovidesanefficientwaytoview,retrieve,andrestoreconfigurationfiles.
eventpr oc es s or
eventcol l ec t or
Rem
edia
tion
Actio
n
sFlowsFlowsFlowsFlow
IronView Network Manager
sflow
sFlow Collector
sFlow PCAPConverter
Snort
SnortAlerts
Attacks, Viruses, Threats
Attacks, Viruses, Threats
Figure 5. IronShield360Closed-LoopSecurityhelpsINMdetectandpreventnetworkintrusions.
DATASHEET
©2009BrocadeCommunicationsSystems,Inc.AllRightsReserved.08/09GA-DS-1263-01
Brocade,theB-wingsymbol,BigIron,DCX,FabricOS,FastIron,IronPoint,IronShield,IronView,IronWare,JetCore,NetIron,SecureIron,ServerIron,StorageX,andTurboIronareregisteredtrademarks,andDCFM,ExtraordinaryNetworks,and SANHealtharetrademarksofBrocadeCommunicationsSystems,Inc.,intheUnitedStatesand/orinothercountries.Allotherbrands,products,orservicenamesareormaybetrademarksorservicemarksof,andareusedtoidentify,productsorservicesoftheirrespectiveowners.
Notice:Thisdocumentisforinformationalpurposesonlyanddoesnotsetforthanywarranty,expressedorimplied,concerninganyequipment,equipmentfeature,orserviceofferedortobeofferedbyBrocade.Brocadereservestherighttomakechangestothisdocumentatanytime,withoutnotice,andassumesnoresponsibilityforitsuse.Thisinformationaldocumentdescribesfeaturesthatmaynotbecurrentlyavailable.ContactaBrocadesalesofficeforinformationonfeatureandproductavailability.ExportoftechnicaldatacontainedinthisdocumentmayrequireanexportlicensefromtheUnitedStatesgovernment.
Corporate Headquarters SanJose,CAUSAT:[email protected]
European Headquarters Geneva,SwitzerlandT:+41-22-799-56-40 [email protected]
Asia Pacific Headquarters SingaporeT:+65-6538-4700 [email protected]
www.brocade.com
Windows Linux SolarisSupportedOSVersions 2003ServerSP2,Server2008,
XPProfessionalEditionSP3RedHatEnterpriseLinuxRelease4AS,ES,WS,andDesktop;RedHatEnterpriseLinuxRelease5AdvancedPlatform,BaseServer,andDesktop
9and10SPARC
RecommendedCPUSpeed andMemory
1 to 200 Devices 3.0GHzPentium4,3GBRAM
201 to 1000 Devices MulticoreXeonProcessor3000sequenceorabove(orsimilarAMDprocessor),4GBRAM
1001+ Devices Dual(ormore)Xeon5000sequenceorabove(orsimilarAMDprocessor), 4+GBRAM
1 to 200 Devices 3.0GHzPentium4,3GBRAM
201 to 1000 Devices MulticoreXeonProcessor3000sequenceorabove(orsimilarAMDprocessor),4GBRAM
1001+ Devices Dual(ormore)Xeon5000sequenceorabove(orsimilarAMDprocessor), 4+GBRAM
1 to 200 Devices SunUltraSPARCT1(orsimilarUltraSPARCprocessor),3GBRAM
201 to 1000 Devices SunUltraSPARCT2(orsimilarUltraSPARCprocessor),4GBRAM
1001+ Devices SunUltraSPARCT2+(orsimilarUltraSPARCprocessor),4+GBRAM
RecommendedHDDSpace 200GB 200GB 200GB
SYSTEM REQUIREMENTSINMsoftwareanddocumentationareshippedonaCD-ROM.InadditiontohavingaCD-ROMdrive,thehostsystemmustmeettherequirementsshownbelow.
INM SERVER REQUIREMENTS
INM CLIENT REQUIREMENTS*Windows Linux Solaris
SupportedOS XPProfessionalSP3,VistaBusiness,2003ServerSP2,Server2008
RedHatEnterpriseLinuxRelease5AdvancedPlatform,BaseServer, andDesktop
10SPARC
InternetExplorer IE7.0,IE8.0 Notsupported NotsupportedMozilla Firefox3.0.x Firefox3.0.x Firefox3.0.xJavaPlug-In JRE-1.6.0_13 JRE-1.6.0_13 JRE-1.6.0_13
* Required to access Web-based INM applications; specifications subject to change without notice.
capabilityturnsINMintoafullintrusiondetectionandpreventionsolution.BecausesFlowisavailableonallBrocadeIPswitchesandrouters,INMcost-effectivelydetectsandpreventsintrusionsthroughoutthenetwork—evenattheedge(seeFigure5).
INMprocesseseventsandtakesremedialactionforanumberofanomalydetectionapplications.ByextendingtheeventprocessortohandleeventsfromIronShield360securitypartners,INM
providestheindustry’sfirstclosed-loopsecurityandmanagementsolutionforbothsignatureandanomalydetection.
MAXIMIZING INVESTMENTSTohelpoptimizetechnologyinvestments,Brocadeanditspartnersoffercompletesolutionsthatincludeeducation,support,andservices.Formoreinformation, contactaBrocadesalespartnerorvisitwww.brocade.com.