Upload
aruba-networks-an-hp-company
View
506
Download
0
Tags:
Embed Size (px)
Citation preview
#1 Mar-27-13
Company Overview
Dima Kumets, Product Manager [email protected]
Service: Cloud Web Filtering and Malware Protection Aruba Instant Integration + Certified for Interop on Campus and RAP
Infrastructure: 13 data centers, 100% uptime
Security Product Line: New security service - Umbrella by OpenDNS (November 2012)
#2 Mar-27-13
Company Overview
Dima Kumets, Product Manager [email protected]
Agenda • Challenges in security in EDU • Umbrella technical overview • Umbrella dashboard • Q&A
#3 Mar-27-13
1_Light Title Only
#3 Mar-27-13 Umbrella Confidential
IT for Education has changed
TODAY
WI-FI EVERYWHERE
LAPTOPS AND BYOD
MULTI OS AND PLATFROM
EXPLODING BANDWIDTH
ROAMING USERS
PAST
COMPUTER LABS
MANAGED DESKTOPS
SINGLE PLATFORM
LIMITED BANDWIDTH
100% ON PREM
#4 Mar-27-13 #4 Mar-27-13 Umbrella Confidential
Challenges in Education IT
Needs Challenges
Laptops roaming off premises
BYOD
High Performance
Growing bandwidth
CIPA Compliance
Malware Botnets
#5 Mar-27-13
1_Light Title Only
#5 Mar-27-13 Umbrella Confidential
Security – in the past
Got a problem? Buy a box.
Increasing bandwidth? Add a box
New campus? Add a box
Increased enrollment? Add a box
Box too slow? Add a box
Adding more servers? Add a box
More reports to store? Add a box
Boxes start to break? Add a box
New ports to protect? Add a box
Managing too many boxes? Add a box to manage boxes
#6 Mar-27-13
Security Appliances Growing demands are putting IT on a security appliance treadmill
And your users? They've left the building.
#7 Mar-27-13
What is Umbrella?
Malware and Botnet protection with
BYOD support and AD Integration
Roaming protection for employees and
students
Web filtering for any device connecting to
guest Wi-Fi
Mobile Protection for iOS and Android
Web filtering 59+ categories, blacklists, whitelists and bypass feature.
Web dashboard easy to use, manage policy, deploy new identities and view reports anywhere
Malware and botnet protection prevents infection and blocks bots from reaching command & control points.
Zero downtime since launch in 2006 with global data centers and bgp routing
#8 Mar-27-13
OpenDNS Enterprise – Global Network
Globally distributed servers at 13 PoPs with more planned using Anycast IPs with BGP routing and the best peering in the industry.
Built from the ground-up for reliability and 100% uptime.
Sao Paulo, BR Datacenter TBD
Palo Alto, US Switch & Data
Seattle, US The Westin Building
Los Angeles, US Equinix Los Angeles
New York, US 111 8th Ave
Ashburn, US Equinix Ashburn
Miami, US Nap of the Americas
Chicago, US 350 E. Cermak
Dallas, US Dallas Infomart
London, UK Telehouse North
Amsterdam, NL TeleCity 1
Frankfurt, DE Equinix Frankfurt
Point of Presence (PoP) Private Peering Datacenter
TODAY
PLANNED
Hong Kong, HK Mega iAdvantage
Tokyo, JP Datacenter TBD
Singapore, SG Equinix Singapore
Sydney, AU Datacenter TBD
#9 Mar-27-13
Cloud Architecture: Under the hood
Campus NetworkInternet
Custom Block Page
Malware, BotnetAUP Violations
Permitted DomainDNS Response
DNS Query
Roaming Users
No bottlenecks
ReportingPolicy
Real-TimeThreats
Real-time Threats and domain categorization is 100% in the cloud.
No bottlenecks DNS with protection is faster than plain ISP or carrier DNS.
Unprecedented Scale No bandwidth constraints or sizing guides.
Full coverage Any and all devices on the network. Roaming users protected using lightweight agent.
#10 Mar-27-13
Umbrella Enterprise for EDU
Network Wide Coverage • Protection for any device connecting to the campus network • IT managed devices with zero touch deploy • Full BYOD coverage including Mac, Windows, tablets, game consoles, etc • Block page bypass – allow privileged users to bypass blocking without software • Deploy in minutes
Interoperability certified
• Enter External IP range in Umbrella dashboard
• Set DHCP DNS to our IPs
Alt - forward :53 to OpenDNS IPs Aruba Campus
Integrated
• OpenDNS login in Virtual controller
Virtual controller self configures using API calls to Umbrella
Aruba Instant
Local recursive DNS
• Forward DNS to OpenDNS
• Enter External IP range in Umbrella dashboard
Local DNS Cache with OpenDNS Local DNS
#11 Mar-27-13
Umbrella Insights for EDU
Active Directory Integration • Group based policy with ranked rules • Per-user reporting with roll-ups per group and organization wide • Full coverage. Non-AD users protected with default policy • Internal IP/IP range based rules available • Pre-configured VM, Connector and config files downloaded from dashboard
Insights
• Linux VM for VMWare ESXi – forwards DNS • Connector on DC – cloud sync for users
+groups • Pre-configured downloads • Monitoring from Umbrella Dashboard
Active Directory Group
#12 Mar-27-13
Umbrella Everywhere for EDU
Off Network Protection • Lightweight agent for Windows and Mac • Identification only via EDNS – all policy and lists are in the cloud • Location aware policy – allows different policy on-network vs roaming • Security without performance impact • Deploy using GPO or RMM in minutes msiexec /i RoamingClient_WIN.msi /qn ORG_ID=<Organization> ORG_FINGERPRINT=<hash> USER_ID=<who is deploying>HIDE_UI=<0 or 1 for systray icon and notifications>
Windows
• Small MSI • Runs as a service • CLI or interactive install
Windows Agent
Mac
• Small pkg • Runs as a service • CLI or interactive install
OS X Agent
#13 Mar-27-13
Umbrella Everywhere for EDU
Mobile Protection • VPN profile for iOS devices • Deployed via app or MDM • Full encryption to protect against man in themiddle • Policy enforcement in the cloud
iOS
• VPN profile • Optional App
iOS
Android
• Beta soon • Encryption and malware
protection
Android
#14 Mar-27-13
Umbrella: Customer Highlights
RETAIL & GUEST WI-FI
COLLEGES & UNIVERSITIE
S
MSP & MANAGED
WI-FI
K-12 SCHOOLS
ENTERPRISES &
SMBs
#15 Mar-27-13
Case Study: Network Maine
Protected: 188,000+ students at 1,000+ schools and libraries in Maine Customer since: 2010 Why they’re using Umbrella: Protection against malware and botnets, web filtering, CIPA Compliance Problem: Hardware solution scaling issues with growing adoption and bandwidth
WHAT THEY’RE SAYING Our previous content filtering solution was the Achilles heel for the network. Anytime it had a performance problem it was felt everywhere since all http traffic went through these appliances. With Umbrella Enterprise we no longer have to worry about performance or scalability. — Jeff Letourneau, Executive Director
#16 Mar-27-13
Case Study: George Washington University
Protected: 25,000 students, 1,600 full-time staff, 3 campuses, many satellite locations. Customer since: 2011 Why they’re using Umbrella: Protection against malware and botnets, elimination of appliance management and maintenance, thorough yet easy-to-manage network protection at multiple locations Problem: Finding a powerful solution to fight the increase in malware infections. Appliances required too much time to manage and scale.
WHAT THEY’RE SAYING Rather than having to put one-off rules into an appliance to allow for exceptions, we can easily assign local technical people the authority to change rules on their own networks in Umbrella. — Matthew Wollenweber, Senior Computer Forensics Information Security System Engineer
Umbrella Dashboard Configure
#18 Mar-27-13
Umbrella Dashboard - Policy
#19 Mar-27-13
Umbrella Dashboard - Identity
#20 Mar-27-13
Umbrella Dashboard - Identity
#21 Mar-27-13
Umbrella Dashboard - Identity
#22 Mar-27-13
Umbrella Dashboard – Security
#23 Mar-27-13
Umbrella Dashboard - Categories
#24 Mar-27-13
Umbrella Dashboard – Blacklist/Whitelist
#25 Mar-27-13
Umbrella Dashboard - Customization
Umbrella Dashboard Reporting
#27 Mar-27-13
Umbrella Dashboard - Reporting
#28 Mar-27-13
Umbrella Dashboard - Reporting
#29 Mar-27-13
Umbrella Dashboard - Reporting
#30 Mar-27-13
Umbrella Dashboard - Reporting
OpenDNS Confidential
Q&A Contact: Dima Kumets, Product Manager - [email protected]
Free Trial for Airheads – [email protected]