© 2012 Extreme Networks, Inc. All rights reserved. Bret Cofer – Systems Engineering Director The Intelligent Mobile Edge

© 2012 Extreme Networks, Inc. All rights reserved.

Bret Cofer – Systems Engineering Director

The Intelligent Mobile Edge

© 2012 Extreme Networks, Inc. All rights reserved.2

Launch: Intelligent Mobile Edge (IME)

Intelligent Software End-to-End

Cost-Effective and Feature-Rich Edge Switching

802.11n Access Point Deployment

Converged WLAN and Wired Policy

Converged WLAN and Wired Data Plane

BYOD


Infrastructure Requirements

• Convergence of the Network and IT Services

• A Converged Data Plane for both Wired and Wireless

Converged Network

Data

Voice

Video IT Services

Wireless

Mobility

Extreme Networks®

Intelligent Mobile Edge


Intelligent Mobile Edge (IME)

DynamicStatic

4

Convergence of the Network and IT Services

Limited visibility of User, Device, Location, and Presence

Network provisioning and monitoring based on:• IP Address

• TCP/UDP Port Information

• Static ACLs

Manual Configuration

Awareness of User, Device, Location, and Presence

Network provisioning and monitoring based on:• User Identity, Device Identity

• Virtual Machine Identity

• Role-based Access, Dynamic ACLs

Automated Configuration

Proactive Management

Reactive Management

Enabling the move from a Static Network to a Dynamic Network


Resilient and Proven

Memory Protected

PredictablePerformance

AdaptableAcross PlatformsModular

Differentiator: The Power of ExtremeXOS®

ExtremeXOS 15.1 (New)

The Power and Service Predictability of A Single OS From Service Provider, Through The Enterprise Edge

And Core, And Into The Data Center

DistributedPolicies

Intelligent and Personalized

Automation andOpen InterfacesVirtualization

User, Device,

Location Aware


Mobile Onboard: User, Device, Location Awareness

6

Onboarding Users Securely

Provisioning of users and devices with Roles, based on their profiles (wired or wireless)

Onboarding IT Assets Securely Rich Visibility of User/Device Identity, and their Location

Wired EthernetExtreme

Networks® Switching Solution

Wireless EthernetExtremeNetworks Wireless Solution

Onboarding Users

✔

Available today

✔

Available today

Onboarding IT Assets

✔

Available today

✔

Available today

Role-based Policy and

Provisioning

✔

Available today

✔

Available today

LDAP Profile of Users and Devices*

✔

Available today

✭Coming Soon

* Future availability.


Converged Data Plane Scales for 802.11n

WLANController

ApplicationServers

EdgeSwitch

EdgeSwitch

AccessPoint

AccessPoint

EnterpriseCloud

AccessPoint

• Data routed direct in wired data plane• High performance• High scalability for 11n • Extreme Networks 5-9s resilience

• Data routed through controller• Adds latency• Limits scalability• Bottleneck/single point of failure

Hub & Spoke

Bottleneck

ExtremeNetworks®

WLANController

ApplicationServers

EdgeSwitch

EdgeSwitch

Altitude™

AccessPoint

EnterpriseCloud

AltitudeAccessPoint

AltitudeAccessPoint

Converged


Campus Network Evolution: Continued Convergence

Pure Connectivity with Overlay Networks• Wired and wireless

networks acting alone

• Basic device identity management

• Hub & spoke wireless control – north/south traffic

Industry and Competition

*Future product plans subject to change

WiredManagement

WiredTransport

WLANManagement

WLANTransport

Converged WLAN and Wired Data Plane • Wired & wireless switching

convergence for 802.11n

• Identity Management for devices, people & virtual machines

• Scalability and Quality of Experience for BYOD

Converged Transport

Ridgeline WiNG 5

Today

Converged WLAN and Wired Control• Unified identity management

for wired and wireless users*

• Mobile IT administration and onboarding*

• Optional ADSP provides WLAN monitoring and troubleshooting

Ridgeline™ Wired Management

Converged Transport

Coming

Timeline

8


Traditional Identity and Access Management• Identity and Access Management provisioning at the application (i.e.

resource) level

Application / Data CenterUser Community Network Infrastructure

IP Manager: John

Finance: Bob

Sales: Alice

Intellectual property data

Customer data

Financial resource systems

Unknown

Unknown

Protected


Traditional Identity and Access Management• Identity and Access Management provisioning at the application (i.e.

resource) level

User Community Network Infrastructure

Unknown

IP Manager: John

Finance: Bob

Sales: Alice

Intellectual property data

Customer data

Financial resource systems

• Increased network availability

• Eliminate “noise” traffic and malicious activity within the infrastructure

• Network and data access provisioned based on roles and identity

• Audit network activity per userUnknown

Application / Data CenterProtectedProtected


Why the Need for Role-based Access Control?•

User and traffic profiles have changed:

– Users are More Dynamic

• Outsourcing, employees, contractors, guests, students vs. faculty, patient access vs. doctor/nurse

– Increased Risks of “Data in Motion” to Unmanaged Devices

– Pressure of Internal/External Regulatory Compliance


Identity Manager for ExtremeXOS and EPICenter

•Tracking and provisioning of network users based on identity:

– Netlogin 802.1X Login ID

– Netlogin Web-based ID

– Netlogin MAC-radius

– Windows Active Directory Domain Login

(Transparent Authentication via Kerberos Snooping)

• Transparent method of tracking users attached to the network

•Tracking of network devices based on:

– LLDP-based device identification (e.g. VoIP Phone)

– Computer Name

– RFID Tags

– Location, location, location


Internet

Intranet

Mail Servers

CRM Database

Transparent Authentication with Windows AD Login

Active Directory Server

RADIUS ServerLDAP Server

User logs into the Active Directory domain with user name and password

1

ExtremeXOS® network “snoops” the Kerberos login by capturing the user name

2

Active Directory validates and approves user credentials

and responds to host

3ExtremeXOS grants network access based on AD server response

4

Username IP MAC Computer Name VLAN Location

Switch Port #

John_Smith 10.1.1.101 00:00:00:00:01 Laptop_1011 1 24

User and Device Awareness through Transparent Authentication• No software agents required – utilize existing authentication methods

• Do not need to retrain users on logging on to the network

Success


Role-based Access Control (Wired)Role Internet Intranet Mail CRM/Database VLAN

Unauthenticated Yes No No No Default

Contractor Yes Yes No No Default

Employee Yes Yes Yes Yes Default

Internet

Intranet

Mail Servers

Data Center


RADIUS Server

LDAP Server

Role Derivation• Users are assigned to a “role” based on their

attributes (e.g. job function, location, etc…)

• Roles contains dynamic policies that control access to network resources regardless location

Who is John?

LDAP Response

Match Department =Employee

User: JohnRole: EmployeeResource Access = Permit All

Who is Alice?

LDAP Response

Match Company =

IBM

User: AliceRole: ContractorResource Access = Deny Mail and CRM

No Authentication Detected =

Unauthenticated Role

User: BobRole: Unauthenticated Resource Access = Internet Only

14


MatchGroup =

Employee

Role-based Access Control (Wireless)Role Internet Intranet Mail CRM/Database VLAN

Unauthenticated Yes No No No Default

Contractor Yes Yes No No Default

Employee Yes Yes Yes Yes Default


RADIUS Server

LDAP Server

Role Derivation• Users are assigned to a “role” based on their

attributes (e.g. job function, location, etc…)

• Roles contains dynamic policies that control access to network resources regardless location

User: JohnRole: EmployeeResource Access = Permit All

Internet

Intranet

Mail Servers

Data Center

Query

ResponseRole-based access regardless of location, wired, or wireless!

Not dependent on VLANs!


Role-based Access Control (Wireless)

•Wired

– LDAP Attributes:

• Employee/User ID

• Title

• Department

• Company

• City

• State

• Country

– RADIUS Attributes:

• Calling Statio

• Utilizing Existing Data Stores

“If ” user matches a defined attribute value …

…. “Then” place user into a defined ROLE

Wireless

• Location: The zone the client is located

• ESSID: The ESSID the client is associated

• Group: The Group assigned by AAA

• MAC: The MAC address of the device

• Authentication: Authentication used

• Encryption: Encryption used


Summit® WM WLAN Controller

Active Directory

RidgelineTM andMobile Onboard

Protected Packet Rings: EAPS

E4G Cell Site Router

ADSP

ISP/Mobile

Operator

Access: 3G/4G

Campus Core

Service Core

Data Center

BlackDiamond 8800

BlackDiamond X Series

BlackDiamond® X Series

HPC

Access Control: Universal Port

AltitudeTM Access Points

SummitStack™ Virtual Chassis

Remote Campus

Physical Security

End-to-End Portfolio

Ridgeline 3.1 (new)

802.11n Access Points

Summit X440 Intelligent Edge

(new)

Scale Quality of User Experience for BYOD

Price competitively to balance requirements of value and intelligence

User, Device, Location Awareness and Provisioning

17


Intelligent Mobile Edge – Switching

NEW! • Summit® X440 Intelligent Edge Switch

Series

• 10 models

• 12, 24 and 48 ports of GbE

• Supports Gig to 10 Gbe with PoE+

• Identity Management

• Open Standards

• Automation

• Balances cost and functionality• X440-8t• X440-8p• X440-24t• X440-24p• X440-48t• X440-48p

• X440-24t-10G• X440-24p-10G• X440-48t-10G• X440-48p-10G


SummitModel

Active GE Ports

Copper GE Ports

Fiber GE Ports

Shared GE Ports

SummitStack Ports

10GbE Ports

SummitStackVPoE+

X440-8t 12 8 4 0 √ — —

X440-8p 12 8 4 0 √ — √

X440-24t 24 24 4 4 √ — —

X440-24p 24 24 4 4 √ — √

X440-48t 48 48 4 4 √ — —

X440-48p 48 48 4 4 √ — √

X440-24t-10G 24 24 4 4 — √ —

X440-24p-10G 24 24 4 4 — √ √

X440-48t-10G 48 48 2 2 — √ —

X440-48p-10G 48 48 2 2 — √ √

X440-L2-24t* 24 24 4 4 — — —

X440-L2-48t* 48 48 4 4 — — —

SummitStack™ & 10GbE Ports are mutually exclusive

Summit® X440 - Ports

* Future availability.


3G/4G WLAN LAN Data Center The Cloud

Mobility Drives the Cloud

Information

Content

Applications

Seamless User Experience

WIRED

WIRELESS

3G / 4G

Ethernet

Businesses are Being MobilizedExtreme Networks® Can Deliver High Value & Make This a Reality


5-Year TCO Analysis: 5-6k Users

What is the network costing your customer’s business over time?

Wired & Wireless Networks:– Cisco/Aruba vs. Extreme Networks

Network cost affected by:– Operations: Persistent year-over-year cost

of people time

– Capital: Brand premium

– OS Complexity: People time & extensibility limitations

– Expertise Premium: Resource salaries

– Product Flexibility: Sparing inventory &service needs

– Maintenance Premium: Percent of list

– Power/cooling: Growing costs @ 5.2% y/y


Enterprise Solutions Marketing

22

Smartboards

Surveillance Video System

Safari Montage

OR

OR

Wired Wireless Total

Series1

$0

$2,000,000

$4,000,000

$6,000,000

$8,000,000

$10,000,000

$12,000,000

Capital Maintenance Operations Sparing Power/cool$2

.1m

Year 1 Costs

iPads for All Students

Smartboards in Classrooms


Safari Montage

New Science Building

OR

OR

OR

OR


Series1

$0

$2,000,000

$4,000,000

$6,000,000

$8,000,000

$10,000,000

$12,000,000


.2m

Year 2 Costs




Safari Montage


New Library

OR

OR

OR

OR

OR


Series1

$0

$2,000,000

$4,000,000

$6,000,000

$8,000,000

$10,000,000

$12,000,000


.3m

Year 3 Costs




Safari Montage


New Library

12 Teachers & IT Staff

OR

OR

OR

OR

OR

OR


Series1

$0

$2,000,000

$4,000,000

$6,000,000

$8,000,000

$10,000,000

$12,000,000


.3m

Year 4 Costs


Series1

$0

$2,000,000

$4,000,000

$6,000,000

$8,000,000

$10,000,000

$12,000,000

Capital Maintenance Operations Sparing Power/cool

Year 5 Costs

$6.5

m




Safari Montage


New Library

12 Teachers & IT Staff

Football Field

OR

OR

OR

OR

OR

OR

OR

5-Year TCO Analysis: 5-6k Users


Modular

Extreme Networks® Product Portfolio

23

Fixed10/100M 1G 10G 40G 1/10/40G 10/40/100G

Summit X250e

Summit X150

E4G 200/400*Only 400 model stacks

Summit X480

Summit X450e

Summit X450a

Summit X460

Summit X350

Summit X650

Summit X670

BlackDiamond 8800 with 8500-Series Modules

BlackDiamond X Series

SummitStack™

WirelessSingle-Radio AP

Adaptive AP Wallplate AP

Controller w/ AP*

Network Management

Ridgeline™

Motorola ADSP

EAS

ReachNXT™

Summit® WM

BlackDiamond 8800 with C-Series Modules

BlackDiamond® 8800 with 8900-Series Modules

8900-40G6X-Xm

VIM3-40G4X*

Summit X440

VIM4-40G4X*


Cloud-Scale Data Center: Requirements• Cloud Ready/Virtualization

– On Demand Provisioning– Hardware Independence /

High Availability– Automation

• Consolidation– High Computational Density– Physical Location

Consolidation– Reducing Data Center Tiers

• Cloud Scale– 10/40 GbE– Low Latency / Low

Oversubscription• Green

– Efficient Power Management

24


What the Analysts are Saying….

25

CIO survey of Cisco customers, called Extreme a Top 4 Alternative Network Vendor September 2011 report

Rated ‘Data Network Specialist in Data Center Report November 2011 report

Independent tests called our core switch (BDX8) 3X-10X faster than competition November 2011 report

Rated as #1 in modular 40G & #2 overall in 40GNovember 2011 report

Rated a Data Center ‘Champion’ and ‘Exemplary’November 2011 report

ZDNet China Awards BDX “Best 40G Switch”December 2011 report

Digital Times Korea “Hit Switch” Award for x670

November 2011 report


Info-Tech Data Center Vendor Landscape

26

Emerging PlayerLeading VendorLeading ProductAvayaBBrocadeBJuniperForce 10BCiscoHPBExtreme Networks

Trailing Product

• Arista

Trai

ling

Vend

or

Innovator Champion

Market Pillar


Launch: Intelligent Mobile Edge (IME)

Intelligent Software End-to-End

Cost-Effective and Feature-Rich Edge Switching

802.11n Access Point Deployment

Converged WLAN and Wired Policy

Converged WLAN and Wired Data Plane

BYOD


Thank You!

Documents

© 2012 Extreme Networks, Inc. All rights reserved. Bret Cofer – Systems Engineering Director The Intelligent Mobile Edge