Upload
ait-partnership-group
View
105
Download
0
Tags:
Embed Size (px)
DESCRIPTION
Wireless in the Data Centre has long been considered inappropriate due to possible security breaches and interruption to critical IT facilities. This is no longer the case however as this presentation demonstrates. Modern wireless technologies are just as safe, if not safer than a hard wired equivalent.
Citation preview
WORK SMART
10/04/2023 1
Wireless in the Data Centre“Decoding the Spin” Seminar
16th July 2014 – FINAL 3
Copyright 2014, All rights reserved
WORK SMART
10/04/2023 2
Enterprise Class Wi-Fi
Copyright 2014, All rights reserved
10/04/20233
Enterprise WLAN Development
Copyright 2014, All rights reserved
WLM (Wireless LAN Management)
WLC (Wireless LAN Controller)
WLA (Wireless Access Point)WLA/ WLM (at edge)
WLA/ WLM (at edge switch)
10/04/20234
Enterprise WLAN Components
Copyright 2014, All rights reserved
WLM (Wireless LAN Management)
WLM (Management)– Configuration– Monitoring/ Reporting– Location– Intruder detection
WLC (Wireless LAN Controller)
WLC (Control)– Radio Resource Management– Encryption– Authentication– Roaming
WLA (Wireless Access Point)
WLA (Access)– Client Traffic
10/04/20235
Enterpise Class Wi-Fi (Aerohive Networks)
Cloud-managed Mobile Networking Company– Cloud (Public & Private), Controller-less Wi-Fi, Routing, VPN, Switching– Visionary Vendor - Gartner MQ for Wired & Wireless LAN 2013
Copyright 2014, All rights reserved
Branch & Teleworker
RoutersEnterprise Wi-Fi
Cloud Services Platform
Public Partner Private (on-premise)
Access Switches
10/04/20236
Firewall (L2 –L7)– UTM level integration– Application control– Deep packet inspection– 712 application signatures
User Profile– Identity based networking– Granular separation of users and devices– Separate by device classification
Security
Copyright 2014, All rights reserved
10/04/20237
Wireless Intrusion Prevention– Wireless DoS detection and prevention– Rogue detection (AP and client)– Countermeasures – Compliance monitoring
Security
Copyright 2014, All rights reserved
10/04/20238
Authentication– 802.1x with RADIUS, Active Directory, OpenLDAP
• Aerohive APs can act as RADIUS server(s) or RADIUS proxy
– Captive Web Portal (CWP) authentication
Private Pre Shared Key– Dedicated key per user– People know PSKs– Secure (AES encryption)– Flexibility of PSK with enterprise security of 802.1x
Security
Copyright 2014, All rights reserved
10/04/20239
Trusted vs Untrusted
Trusted Devices– White list
• Corporate Laptops• 802.1x• Directory Services
Integration
Untrusted Devices– Black list
• Non corporate guests
Copyright 2014, All rights reserved
Everything in between– Shades of grey
• BYOD• Staff owned• Corporate Owned
personal• Corporate Owned
shared
10/04/202310
BYOD/ CYOD
Corporate Owned Devices– Choose Your Own
Device– Tablets– Smartphones– Corporate owned data– Remote wipe
Copyright 2014, All rights reserved
Staff Owned Devices– Bring Your Own
Device– Corporate Data– Ring fenced– Containerised apps
Staff Owned Devices (2)– No corporate data– Guest Access
10/04/202311
Mobile Device Management (MDM)
Mobile Device Onboarding– Configuration profiles
• Wi-Fi configuration/ keys/ certs• Mail/ VPN
Mobile Content Management– Secure content access
• Data Loss Prevention
Mobile Application Management– App store front/ redirection– Authentication enforcement
Copyright 2014, All rights reserved
WORK SMART
10/04/2023 12
Wireless Guest Access / ID Manager
Copyright 2014, All rights reserved
10/04/202313
Guest Access
Aerohive ID Manager– Cloud Enabled Guest Management– Private PSKs more secure than traditional “Starbucks” style CWP– Key delivery options (Mail, SMS, Printed Voucher, Twitter!)– Kiosk Mode
Copyright 2014, All rights reserved
10/04/202314
Secure Guest Access in Data Centre’s
Key management– Temporary PPSKs – Role based key drops into specific user profile/ VLAN– Different user profiles for different customers– Key dies as soon as customer leaves building
Copyright 2014, All rights reserved
10/04/202315
Secure Separation of Guest Networks
Copyright 2014, All rights reserved
Core Switch
Edge Switch
AccessPoints
Internet
DMZ
Guest Network separation using tunneling
Corporate Gateway
GRE Tunnel
Normal Traffic
10/04/202316
Secure Separation of Guest Networks
Copyright 2014, All rights reserved
DMZ
Edge DMZ
Core Switch
Edge Switch
AccessPoints
Internet
Guest Network separation using physical separation
Corporate Gateway
DualPorts
Normal Traffic
Guest Traffic
10/04/202317
Independent Monitoring Network
Copyright 2014, All rights reserved
DMZ
Edge DMZ
Core Switch
Edge Switch
AccessPoints
Internet
Monitoring Network Can be separate to Corporate Network
Corporate Gateway
DualPorts
Traffic via DMZ
Not under your control
WORK SMART
10/04/2023 18
Wireless Power & Environmental
Copyright 2014, All rights reserved
10/04/202319
Intelligent Vs Non-Intelligent Rack PDUs
Copyright 2014, All rights reserved
Millions of $s
10/04/202320
iPDU Adoption Life Cycle – varies by region
Copyright 2014, All rights reserved
10/04/202321
Wired Monitoring ConnectivityIP Address per device– 5 per cabinet– 350 cabinets = 1750 IP addresses
Proprietary Solution – Single point of failure– 350 cabinets = 200+ IP addresses
Copyright 2014, All rights reserved
T1
T2
T3
IP 1
T1
T2
T3
IP 1 IP 2 IP 3 IP 5IP 4
10/04/202322
Wireless Monitoring Connectivity
Copyright 2014, All rights reserved
IP Address per access point– 5 per data centre (or less)
10/04/202323
Wireless iPDUs now available
Easy deployment of best practice monitoring of each rack– Temperature - top middle & bottom– Humidity
Saves ethernet ports– hundreds of PDUs per access point
Can be an ‘isolated’ Wi-fi network– This one has its own ‘SSID’
Typical Wi-Fi Dongle shown
Copyright 2014, All rights reserved
Wi-Fi Dongle
10/04/202324
PX-IOS App PDView
Tablet based PDU managementFeatures: – View PDU configuration – See kW, VA, pF, kWh etc– Switch outlets on and off
Copyright 2014, All rights reserved
10/04/202325
PDView – Per Outlet View
Copyright 2014, All rights reserved
Control – On/Off
Per Outlet Power
10/04/202326
Power Management Reports
Copyright 2014, All rights reserved
Sophisticated reports via web browser
10/04/202327
Health Map of Demo Data Centre
Copyright 2014, All rights reserved
10/04/202328
Tabular Reports - Bill Back Report per Customer
Copyright 2014, All rights reserved
10/04/202329
Tabular Reports - Load per IT Device
Copyright 2014, All rights reserved
10/04/202330
Tabular Reports- Rack KW per cabinet
Copyright 2014, All rights reserved
10/04/202331
Secure Cabinet Access Authentication System
What is SCAAS? – Door locking application for
Cabinets and Containment
Example– French Bank– 3 Containments, 84 Cabinets,
174 Doors, 6 Card Readers, 72 iPDUs
Copyright 2014, All rights reserved
10/04/202332
Secure Cabinet Access Authentication System
SCAAS VA software Door Control Sensor EMKA door handle
BenefitsConnects into PX iPDUsCan be wireless
Copyright 2014, All rights reserved
10/04/202333
SCAAS Features (1)
Collective Door Access Control – Containment Doors, Cabinet Doors (front and back) – A single ID-card reader controls a collection of doors
according to privileges of card-owner
Centralized Management of – Operation (unlock/lock, history-log) – Access Administration (cards, card-owners, privileges) – Site Setup (Containment, Cabinets, Doors, etc.)
Copyright 2014, All rights reserved
10/04/202334
SCAAS Features (2)
Access Log – All activity is logged: presented card, user, unlocked/locked
doors, opened/closed doors, alarms. – Length of log is configurable
Audible Alarms – Unlocked doors by timeout or inside containment – Make use of iPDU buzzer
Copyright 2014, All rights reserved
10/04/202335
Connectivity Summary
The following functionality could potentially use 5 switch ports per rack;– 2 x iPDU– 3 x temperature/humidity– 1 x access control– 1 x web cam
This would be 300 switch ports in a 60 rack data centre compared to 5 (or less) if wireless enabled– Multi-use, non-proprietary, open standards– Easily scalable
Copyright 2014, All rights reserved
10/04/202336
Summary
Speed of deploymentReduced cost of deploymentNo dead patch panel ports to worry aboutNo delays while IT services team provision a switch port for each iPDU or environmental management applianceNon proprietary solution – all product is based on open standardUp to 6,400 sensors and 2,000 metered outlets on a single AP!Cost of a Wi-Fi dongle circa £25
Copyright 2014, All rights reserved
Qs on Wireless Power & Environmental?
WORK SMART
10/04/2023 38
Real Time Tracking of Assets
Copyright 2014, All rights reserved
10/04/202339
Real Time Tracking of Assets within the DC RTLS - Real Time Location SolutionUses same wireless infrastructure – not zigbee or 433.92MHz
Tracking where people go (security/alerting)Lone-worker safety (man down)Asset Tracking & Sensors (locating equipment)
Copyright 2014, All rights reserved
Asset tags:
Wearable tags:Staff badge/pager:
Temp/RH sensors:
10/04/202340
Tracking Personnel in the DC
Copyright 2014, All rights reserved
A complete Wi-Fi-based Real Time Location System for tracking the location and status of assets, inventory and people.
Ekahau Applications
Ekahau RTLS Controller
Ekahau Wi-Fi Tags
Ekahau Site Survey
Asset tags:
Wearable tags:Staff badge/pager:
Temp/RH sensors:
Location beacons:
10/04/202341
Staff Safety and Alarm Escalation
Copyright 2014, All rights reserved
SOS key
Man-down
SOSAlert with detail location
Send email, Screen popup
Send alerts to local staff, remotely open doors.reposition video cameras etc
Patented RSSI Modeling Approach for Indoor Positioning
1. Patented, probabilistic multi-hypothesis tracking algorithms enable the industry’s leading location accuracy and reliability
2. RF characteristics such as multi-path reflections are recorded during the site calibration.
3. Calibration data is stored in the location server
4. Based on the calibration data and the information received from the tag/client, the server software calculates the real-time location
Ekahau RTLS - Technology
WLAN Best Practice • Physical design of the WLAN and placement of access points plays a critical role in
RTLS accuracy• RTLS accuracy relies on ‘Location Coverage’, a combination of access point
density and placement, signal quality, and signal differentiation. • Triangulation is important
• Access points (green circles), placed every 50 to 75 feet around the edge, as well as centre of building
10/04/202344
Airmagnet WLAN Survey
Passive Survey Active Survey
Copyright 2014, All rights reserved
WORK SMART
10/04/2023 45
Working at the Rack
Copyright 2014, All rights reserved
10/04/202346
Mobile Devices & DCIM software
WLAN enables tablets, laptops and mobiles installed with DCIM apps to update at the rack
Copyright 2014, All rights reserved
10/04/202347
Mobile Devices & DCIM software Speeding up the auditing and importing of data Manage change control by issuing work orders directly to mobile devicesMaking it easier to maintain accurate records including photographs
Copyright 2014, All rights reserved
WORK SMART
10/04/2023 48
Summary
Copyright 2014, All rights reserved
Contact – www.ait-pg.co.uk tel: 0845 293 2790 email: [email protected]
10/04/202349
How Enterprise WLAN enables Best Practise!
Reduce the cost, and speed up the time, of deploying iPDUs, sensors, access control, asset tracking and DCIM software.Use 90% less switch ports then wired networks saving costs and reducing dependency on corporate IT teamsAn open 802.11 infrastructure will support mobile computing, as well as monitoring and management applications which means you no longer have to depend on multiple proprietary point solutions.AIT have the expertise to convince your IT teams that security is no longer a valid objection to implementing a WLAN in a data centre.
Copyright 2014, All rights reserved