Embed Size (px)
DESCRIPTION
Presentation from one of the remarkable IT Security events in the Baltic States organized by “Data Security Solutions” (www.dss.lv ) Event took place in Riga, on 7th of November, 2013 and was visited by more than 400 participants at event place and more than 300 via online live streaming.
Citation preview
© 2012 Extreme Networks, Inc. All rights reserved.
Māris Strazdiņš
Extreme Networks
© 2012 Extreme Networks, Inc. All rights reserved.
Modular
Extreme Networks® Product Portfolio
Fixed10/100M 1G 10G 40G 1/10/40G 10/40/100G
Summit X250e
Summit X150
E4G 200/400Only 400 model stacks
Summit X480
Summit X450e
Summit X450a
Summit X460
Summit X350
Summit X650
Summit X670
BlackDiamond 8800 with 8500-Series
Modules
BlackDiamond X Series
SummitStack™
WirelessSingle-Radio AP
Adaptive AP Wallplate AP
Network Management
Ridgeline™
Motorola ADSP
EAS
ReachNXT™
Summit® WM BlackDiamond 8800
with C-Series Modules
BlackDiamond® 8800 with 8900-Series
Modules
8900-40G6X-Xm
VIM3-40G4X*
Summit X440
© 2012 Extreme Networks, Inc. All rights reserved.
Extreme Networks Switches
• Cross-series stacking
• Hitless failover
• Hitless upgrade
• Ease of managability
• Free management software
• EAPS (Ethernet Automatic Protection Switching)
© 2012 Extreme Networks, Inc. All rights reserved.
Ethernet Automatic Protection Switching
EAPS
© 2012 Extreme Networks, Inc. All rights reserved.
© 2012 Extreme Networks, Inc. All rights reserved.
Resilient
Proven
Automated
Virtualized
Different and the same - ExtreneXOS
© 2012 Extreme Networks, Inc. All rights reserved.
ExtremeXOS – Memory Protected
EAPS SNMP
Memory Protected
Memory Protected
Isolate faults between applications and processes to maintain network uptime.
Each process memory protected – process halt does not interrupt other processes
Self-healing – restart without rebooting switch
© 2012 Extreme Networks, Inc. All rights reserved.
ExtremeXOS: CLEAR-Flow
CLEAR-Flow technology is ideally suited for a number of traffic management challenges, including:
• Network security—Intrusion detection, worm and virus containment, and Denial of Service (DoS) suppression
• Network management—Capacity planning, trending analysis, application classification, and Quality of Service (QoS) enforcement
• Network billing—Accounting and Service Level Agreement (SLA) enforcement
© 2012 Extreme Networks, Inc. All rights reserved.
ExtremeXOS: CLEAR-Flow
Attack LaunchedAttack Launched11Analyze
& MeasureAnalyze
& Measure22
Summit® X450a, X450e, X480, and X650
CLEAR-FlowSecurity
Rules Engine
CLEAR-FlowSecurity
Rules Engine11
22
Take ActionTake Action
33
• Permit
• Deny
• QoS Profile
• Mirror
• SNMP Trap
• SYSLOG
• Dynamic CLI Command
• Permit
• Deny
• QoS Profile
• Mirror
• SNMP Trap
• SYSLOG
• Dynamic CLI Command
Continuous Learning Examination Action & Reporting
33
© 2012 Extreme Networks, Inc. All rights reserved.
Identity and Access Management provisioning
Application / Data CenterUser Community Network Infrastructure
IP Manager: John
Finance: Bob
Sales: Alice
Intellectual property data
Customer data
Financial resource systems
Unknown
Unknown
Protected
© 2012 Extreme Networks, Inc. All rights reserved.
Identity and Access Management provisioning
User Community Network Infrastructure
Unknown
IP Manager: John
Finance: Bob
Sales: Alice
Intellectual property data
Customer data
Financial resource systems
• Increased network availability
• Eliminate “noise” traffic and malicious activity within the infrastructure
• Network and data access provisioned based on roles and identity
• Audit network activity per user
• Increased network availability
• Eliminate “noise” traffic and malicious activity within the infrastructure
• Network and data access provisioned based on roles and identity
• Audit network activity per userUnknown
Application / Data CenterProtectedProtected
© 2012 Extreme Networks, Inc. All rights reserved.
Extreme Networks Ridgeline
© 2012 Extreme Networks, Inc. All rights reserved.
Today Network has Zero Visibility into VM Lifecycle
Virtual Machine Managere.g.
NIC NIC
Hypervisor Hypervisor
Switch Port ConfigIP: 1.1.1.2MAC: 00:0AQoS: QP7ACL: Deny HTTP
Network Admin
When a vMotion or Live Migration occurs
automatically or initiated by server admin, the network
admin has NO visibility into VM location or when the
movement occur
Switch Port Config None or Disabled
VM1IP: 1.1.1.2
MAC: 00:0A
VM1IP: 1.1.1.2
MAC: 00:0A
InitiateInitiate
Result:
The VM moves to a destination switch port that is incorrectly configured to deliver network services to the specific VM
Server Admin
© 2012 Extreme Networks, Inc. All rights reserved.
Network Visibility into VM Lifecycle
Virtual Machine Managere.g.
NIC NIC
Hypervisor Hypervisor
Network Admin
VM1IP: 1.1.1.2
MAC: 00:0A
VM1IP: 1.1.1.2
MAC: 00:0A
Switch Port ConfigIP:1.1.1.2MAC:00:0AQoS: QP7ACL:Deny HTTP
Switch Port Config None or Disabled
Location-based VM awareness at the network level for efficient vMotion or Live Migration
VM infoVM info
Switch Port ConfigVirtual Port ProfileIP: 1.1.1.2MAC: 00:0AQoS: QP7ACL: Deny HTTP XNV-enabledXNV™-enabled
Switch Port ConfigVirtual Port ProfileIP: 1.1.1.2MAC: 00:0AQoS: QP7ACL: Deny HTTP
Result:
Both the VM and the Virtual Port Profile moves to the destination switch port. Network-level visibility into VM movement is achieved to deliver better SLA.
Ridgeline™: Through XML integration•Pull Inventory from VMware vCenter•Locate VMs on network switches•Show Inventory VM Switch Port Mapping•Define Virtual Port Profile (VPP)•Assign (VPP) to VMs and Distribute•Respond to VM motion occurrences
InitiateInitiate
QueryQuery
Server Admin
© 2012 Extreme Networks, Inc. All rights reserved.
What’s NEW?
© 2012 Extreme Networks, Inc. All rights reserved.
Māris Strazdiņš[email protected]
THANK YOU!
Official Extreme Networks partner in Latvia
