TECHNICAL WHITEPAPER. Author: Tom Kistner, Chief Software Architect. Table of Contents

Size: px
Start display at page:

Download "TECHNICAL WHITEPAPER. Author: Tom Kistner, Chief Software Architect. Table of Contents"

Transcription

1 TECHNICAL WHITEPAPER Author: Tom Kistner, Chief Software Architect Last update: 18. Dez 2014 Table of Contents Introduction... 2 Terminology... 2 Basic Concepts... 2 Appliances... 3 Hardware...3 Software...3 Shadow Appliances...4 Layer 2 (LAN) functions... 4 Zone management...4 Port management...4 xlan...4 SwitchVPN...4 Layer 3 (IP) functions... 4 IP Network management...4 IPv4 / IPv6 Dual-Stack...5 Gateway functions...5 Uplink handling...5 RouteVPN...5 WiFi... 5 SSIDs and authentication...5 Broadcasts...5 WiFi planner...5 Enterprise integration... 6 Directory Services...6 DNS routing...6 Dynamic Zone assignment...6 Device Management... 6 Device registration...6 Employee Portal...6 Device visibility...6 Applications... 7 Application catalog...7 Custom Applications...7 Web categories...7 Application Groups...7 Policy controls... 7 Outbound/Internal rules...7 Inbound (NAT) rules...8 Guest access...8 Visibility and reporting... 8 Events and Alerts...8 Traffic reporting...8

2 Introduction The Ocedo System enables central, cloud-based network management for organizations of all sizes, across multiple physical locations. It consists of: Ocedo Connect, a controller service hosted by Ocedo in Germany, a local partner, or the end customer. Ocedo Appliances, including Access Points, Switches, and Gateways, deployed on-premise or in virtualized environments. Terminology The Ocedo System defines some keywords for certain objects or concepts. For easier recognition, these are usually printed capitalized and in italic in this document. Here s a short list of the keywords and what they mean: CC Realm Admin Org Site Zone Uplink Device Device Group User User Group Application Application Group Rule SSID Broadcast Appliance Port - Ocedo Connect Controller. - The sum of all Orgs managed on the CC. - Administrator with rights to certain Orgs or the whole Realm. - Managed organization, usually a company. - Networked site, like an office or a datacenter rack. - Network zone (L2 segment or VLAN). - An internet connection in a Site. - Networked device, anything with a MAC address - Group of Devices - Person accessing the network with Devices. - Group of Users - Networked service that users are accessing. - Group of Applications (and optional web categories) - Policy rule, usually combination of users and applications. - WiFi SSID definition, with authentication options. - A WiFi broadcast of an SSID in a Site. - An Ocedo Appliance, hardware or software. - Ethernet connection of an appliance, WAN or LAN. Basic Concepts The Ocedo Connect controller (CC) is multi-tenant capable, so it manages a Realm consisting 2

3 of many organizations (Orgs). Every Org represents an end customer (typically a company). Is is possible to assign administrative rights to individual Admin accounts per-org. Appliances and licensing are also managed on a per-org basis. The Org contains one or more Sites. A Site is a location like an office building, a hosting center or cloud location. Every Site has at least one internet Uplink and one local network Zone. Appliances Ocedo Appliances come in three main function classes: Gateways Provide basic network services to Zones. Handle one or more Uplinks. Enable policy enforcement. Enable extended reporting. Enable AutoVPN in SwitchVPN and RouteVPN flavors. Access Points Provide network access to WiFi Clients. Switches Enable plug-and-play multi-zone L2 connectivity. Provide POE to POE-enabled appliances (including 3rd party devices) All Ocedo Appliances are managed from the CC, including all firmware upgrades. Hardware Ocedo hardware appliances come with a serial number that is used to activate the appliance in the Realm or Org. Check the Ocedo Website for a list of available appliance models. Software Ocedo Gateways are available as software Appliances, in two flavors: Gateway VM A virtual gateway running in any virtualizer like VMware, Hyper-V, KVM, Xen Gateway JumpStart A software gateway image that runs off any USB stick on any Intel-x86 compatible hardware. Software gateways can be freely created in CC, downloaded and deployed instantly. 3

4 Shadow Appliances Shadow Appliances are placeholders for hardware appliances. They can be used and configured just like regular Appliances, and can later be backed by real hardware. Any number of Shadow Appliances can be added to an Org. This facilitates planning and configuration before rolling out a solution. Layer 2 (LAN) functions Zone management Zones are L2 segments that contain one or more L3 (IPv4/6) networks. In the Ocedo System, every Zone has a VLAN tag assigned which is unique across the Org. If no specific VLAN tag is required, the system will pick one from a pool. The GUI offers a unified view of all Zones/VLANs used in the Org. VLANs do not have to be used on the wire, but they re always built-in so a possible future upgrade to a VLAN-capable environment is seamless. Port management Switched and discrete ports of switch and gateway appliances can be managed from a single view across the entire Org, including Zone assignments and information about attached Devices. When connecting Ocedo appliances (gateways, switches, access points), they will automatically set the connecting Ports to carry all required Zones, so manual VLAN transfer assignments are not needed. xlan In smaller Sites, VLAN is often not available, either because unmanaged 3rd-party switches are used, or there s simply no switch at all. For such cases, the Ocedo system offers xlan, a local L2 tunneling technology that allows to layer additional Zones onto a single-segment LAN. This is mainly useful to offer secure guest access. SwitchVPN SwitchVPN is Ocedo s L2 VPN, based on IPsec. It automatically makes a Zone available in a remote Site if it is required there. Two examples of typical use-cases of SwitchVPN are: Broadcast Zone by WiFi in remote sites (full-backhaul remote access parallel to existing private network). Seamlessly connect cloud locations to on-premise equipment (ideal for moving services to the cloud). Layer 3 (IP) functions IP Network management The Ocedo System allows for fully automatic IP numbering, meaning that IPv4 and IPv6 networks are automatically assigned to Zones, drawn from a per-organization pool. Several IP (L3) 4

5 networks can co-exist in a Zone, for example to enable parallel usage of private and public IPs. In order to integrate into existing networks, it is possible to manually specify IP networks. IPv4 / IPv6 Dual-Stack The Ocedo System is dual-stack by default. Even if IPv6 is not required or currently deployed in an Org, all Zones reserve an IPv6 prefix from a pool, so IPv6 can be rolled out with minimal overhead. IPv6 is automatically included in all L3 functions, without extra configuration or management overhead. Gateway functions When an Ocedo Gateway is handling gateway functionality for a Zone, it will provide DHCP, NTP and DNS services automatically. Gateways provide security and reporting functionality for connected Zones (see further below). Routing Gateways will automatically route into connected Zones, either themselves being the gateway for a Zone, or just being a member device in a Zone. It is also possible to set up static routes to 3rd party equipment. Uplink handling An Ocedo Gateway can handle several internet Uplinks, either by concurrent usage or as backup. Some gateway models offer built-in 3G support. Uplinks are monitored by the gateway and fallback/fall-forward operation is fully automatic. RouteVPN RouteVPN is Ocedo s L3 VPN, based on IPSec. It automatically builds required tunnels between Sites if Zones have been flagged as being reachable from other Sites in the same Org. VPN links are constantly monitored, and traffic is included in policy controls (see further below). WiFi SSIDs and authentication The Ocedo System supports defining WPA SSIDs with password as well as enterprise authentication against RADIUS/NPS servers (see Enterprise integration below). Open SSIDs can also be configured to accommodate guest zones. Broadcasts SSIDs can be flexibly broadcasted by-site. Every Broadcast can set additional, advanced WiFi options as well as the captive portal (see further below). Channel selection and transmit power selection can be fully automatic or manually set per-ap. Broadcasting remote Zones is made simple by SwitchVPN (see above). WiFi planner Ocedo s integrated WiFi planner lets you easily visualize WiFi coverage in all Sites. Upload floor plans and place AP placeholders as required. Different coverage-type presets can be selected. Placeholders can automatically be turned in real hardware deployments later. 5

6 Enterprise integration Directory Services The Ocedo System allows syncing Users and selected User Groups from Active Directory and Google Apps directory services. User credentials are not queried by or stored in the CC. In case of an on-premise Active Directory installation, the connection to the domain controller can be securely made through any deployed Ocedo appliance, without the need for firewall rules or exposing the AD to the internet. DNS routing In order to integrate internal DNS zones, Ocedo appliances can use internal third-party DNS servers for specific domains. These DNS routes will also be used by end-user clients. Dynamic Zone assignment It is possible to assign accessing clients to different network zones. This can either be done with AD through the RADIUS/NPS server, or by setting tags on Zones and User Groups or Users. Device Management The Ocedo System allows (but not forces) fleet management of network Devices. A Device is anything that has a MAC address. New Devices are automatically detected and can be registered by the admin or the User owning the Device. Device registration Devices can be registered to a User account (in case responsibility is assignable to a single user), or be assigned to Device Groups (in case it is a shared device, like a printer or a server). Once registered, Devices are recognized throughout the entire Org. Device management is the foundation for policy controls, since it enables applying policy rules to devices (or abstractions like users or groups) instead of IP networks or Zones. Employee Portal The employee portal offloads the task of registering bulk devices onto the end users. It can be activated per-broadcast (wireless) or per-portgroup (wired). Unregistered Devices will then be redirected to the portal, where users can register their Device to their user account by loopback (by specifying address) or by SMS text message (by specifying their mobile number). Both options verify the contact details with the user account. Device visibility Unknown detected devices are shown with available OS, vendor and owner information, if available. The Ocedo System keeps track of IP addresses used by devices. Current device location and connection information is also shown. Device traffic activity can be tracked in Traffic reporting (see further below). 6

7 Applications Applications are networked services that run in the internal network or on the Internet (external Applications). Access to Applications can be regulated by policy. Application catalog Ocedo provides a constantly updated catalog of public applications that are available on the Internet (for example Facebook or Salesforce ). Every catalog application is assigned to a default predefined Application Group (see below). Custom Applications Custom Applications can be defined to enable setting up access policies for internal services, or specific internet-based services. Internal Applications are usually defined on top of a registered server Device or Device Group. It is also possible to define Applications based on IPs, ports or host/domain names. Web categories In addition to the application catalog, a web category catalog is available. Web Categories can be added to Application Groups (see below) in order to include sites that aren t covered by a specific application. Application Groups For convenient basic policy creation, Ocedo predefines a number of Application Groups. These predefined groups contain both catalog Applications and Web Categories to form a consistent match for specific areas (for example Social Networks or Business ). Policy controls Policy controls are built on Rules. There are two types of Rules: Outbound/Internal rules: These rules define the policy for internal Users and Devices accessing internal or external Applications. Inbound (NAT) rules: These rules defined the policy for external (Internet) access to internal Applications. They offer optional support for NAT, port translations and an external host whitelist. Outbound/Internal rules Outbound/Internal Rules specify a source, a target and an action. The action can be either Allow or Deny. The source can be either a special catch-all selection like All registered users, or a custom selection of: User Groups Device Groups 7

8 Individual Users Individual Devices Policy tags The target is either: The special selector Any, matching any target. A selection of Zones. A selection of Application Groups and Applications. A typical structure for a ruleset is to base the Outbound/Internal Rules on User Groups and Device Groups, and make exceptions with tags. Inbound (NAT) rules Internal Applications based on Devices can be made available to the Internet by creating an inbound Rule. This Rule can use DNAT or Full NAT, and also apply a port offset. To limit access to the exposed application to specific external hosts, a host-based whitelist can be specified. Guest access To offer secure access for guests, a specific Zone can be declared as being a guest zone. When using the Captive Portal on the Zone, it can register guests using address, mobile number (via SMS) or Facebook, Twitter or Google social logins. Guest devices are managed separately from employee devices, and guests can be used as a distinct group in Outbound/Internal Rules, so it is possible to have a policy specific to guest users. Visibility and reporting Next to device visibility (see above), the Ocedo System offers continuous automatic monitoring and alerting/notification on network events. Events and Alerts The event log offers live updates on changes in the network status, as well as an ongoing audit trail for configuration changes. Traffic reporting Traffic reporting enables a full view on all generated internal and external traffic, filtered by user, site and date/time. Reporting uses the same Application Groups, Applications and web categories as the policy engine, so the reported results can directly be converted to policy rules if needed. 8

70-642 R4: Configuring Windows Server 2008 Network Infrastructure

70-642 R4: Configuring Windows Server 2008 Network Infrastructure 70-642 R4: Configuring Windows Server 2008 Network Infrastructure Course Introduction Chapter 01 - Understanding and Configuring IP Lesson: Introducing the OSI Model Understanding the Network Layers OSI

More information

APPENDIX 3 LOT 3: WIRELESS NETWORK

APPENDIX 3 LOT 3: WIRELESS NETWORK APPENDIX 3 LOT 3: WIRELESS NETWORK A. TECHNICAL SPECIFICATIONS MAIN PURPOSE The Wi-Fi system should be capable of providing Internet access directly to a user using a smart phone, tablet PC, ipad or Laptop

More information

RAP Installation - Updated

RAP Installation - Updated RAP Installation - Updated August 01, 2012 Aruba Controller Release 6.1.3.2 The Controller has several wizards that can guide you through a variety of configuration processes. On the Configuration tab

More information

VMware vcloud Air Networking Guide

VMware vcloud Air Networking Guide vcloud Air This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new edition. To check for more recent editions of this document,

More information

Creating your fi rst CloudTrax network

Creating your fi rst CloudTrax network CLOUDTAX QUICK STAT GUIDE Creating your fi rst CloudTrax network CloudTrax is a free cloud-based network controller that helps you build, manage and monitor your wireless networks from anywhere in the

More information

MDM Integration with Cisco Identity Service Engine. Secure Access How -To Guides Series

MDM Integration with Cisco Identity Service Engine. Secure Access How -To Guides Series MDM Integration with Cisco Identity Service Engine Secure Access How -To Guides Series Author: Aaron Woland Date: December 2012 Table of Contents Introduction.... 3 What Is the Cisco TrustSec System?...

More information

Internet Filtering Appliance. User s Guide VERSION 1.2

Internet Filtering Appliance. User s Guide VERSION 1.2 Internet Filtering Appliance User s Guide VERSION 1.2 User s Guide VERSION 1.2 InternetSafety.com, Inc 3979 South Main Street Suite 230 Acworth, GA 30101 Phone 678 384 5300 Fax 678 384 5299 1 Table of

More information

Using Cisco UC320W with Windows Small Business Server

Using Cisco UC320W with Windows Small Business Server Using Cisco UC320W with Windows Small Business Server This application note explains how to deploy the Cisco UC320W in a Windows Small Business Server environment. Contents This document includes the following

More information

VLANs. Application Note

VLANs. Application Note VLANs Application Note Table of Contents Background... 3 Benefits... 3 Theory of Operation... 4 IEEE 802.1Q Packet... 4 Frame Size... 5 Supported VLAN Modes... 5 Bridged Mode... 5 Static SSID to Static

More information

Cisco RV 120W Wireless-N VPN Firewall

Cisco RV 120W Wireless-N VPN Firewall Cisco RV 120W Wireless-N VPN Firewall Take Basic Connectivity to a New Level The Cisco RV 120W Wireless-N VPN Firewall combines highly secure connectivity to the Internet as well as from other locations

More information

About the VM-Series Firewall

About the VM-Series Firewall About the VM-Series Firewall Palo Alto Networks VM-Series Deployment Guide PAN-OS 6.0 Contact Information Corporate Headquarters: Palo Alto Networks 4401 Great America Parkway Santa Clara, CA 95054 http://www.paloaltonetworks.com/contact/contact/

More information

Chapter 6 Using Network Monitoring Tools

Chapter 6 Using Network Monitoring Tools Chapter 6 Using Network Monitoring Tools This chapter describes how to use the maintenance features of your Wireless-G Router Model WGR614v9. You can access these features by selecting the items under

More information

Installing and Configuring vcloud Connector

Installing and Configuring vcloud Connector Installing and Configuring vcloud Connector vcloud Connector 2.7.0 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new

More information

Configuring Windows Server 2008 Network Infrastructure

Configuring Windows Server 2008 Network Infrastructure Configuring Windows Server 2008 Network Infrastructure Course Number: 70-642 Certification Exam This course is preparation for the Microsoft Technical Specialist (TS) exam, Exam 70-642: TS: Windows Server

More information

UAG Series. Application Note. Unified Access Gateway. Version 4.00 Edition 1, 04/2014. Copyright 2014 ZyXEL Communications Corporation

UAG Series. Application Note. Unified Access Gateway. Version 4.00 Edition 1, 04/2014. Copyright 2014 ZyXEL Communications Corporation UAG Series Unified Access Gateway Version 4.00 Edition 1, 04/2014 Application Note Copyright 2014 ZyXEL Communications Corporation Table of Contents Scenario 1 How to Activate a Paid Access Hotspot...

More information

XenMobile Integration with Cisco Identity Service Engine. Secure Access How -To Guides Series

XenMobile Integration with Cisco Identity Service Engine. Secure Access How -To Guides Series XenMobile Integration with Cisco Identity Service Engine Secure Access How -To Guides Series Author: Aaron Woland Date: December 2012 Table of Contents Introduction... 3 What Is the Cisco TrustSec System?...

More information

Chapter 8 Router and Network Management

Chapter 8 Router and Network Management Chapter 8 Router and Network Management This chapter describes how to use the network management features of your ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN. These features can be found by

More information

Solution Brief. Branch on Demand. Extending and Securing Access Across the Organization

Solution Brief. Branch on Demand. Extending and Securing Access Across the Organization Solution Brief Branch on Demand Extending and Securing Access Across the Organization Extending Access to Corporate Resources Across the Organization As organizations extend corporate capabilities to teleworkers

More information

Solution Brief. Branch on Demand. Extending and Securing Access Across the Organization

Solution Brief. Branch on Demand. Extending and Securing Access Across the Organization Solution Brief Branch on Demand Extending and Securing Access Across the Organization Branch on Demand Extending Access to Corporate Resources Across the Organization As organizations extend corporate

More information

Cisco RV110W Wireless-N VPN Firewall

Cisco RV110W Wireless-N VPN Firewall Data Sheet Cisco RV110W Wireless-N VPN Firewall Simple, Secure Connectivity for the Small Office/Home Office Figure 1. Cisco RV110W Wireless-N VPN Firewall The Cisco RV110W Wireless-N VPN Firewall provides

More information

WiNG5 CAPTIVE PORTAL DESIGN GUIDE

WiNG5 CAPTIVE PORTAL DESIGN GUIDE WiNG5 DESIGN GUIDE By Sriram Venkiteswaran WiNG5 CAPTIVE PORTAL DESIGN GUIDE June, 2011 TABLE OF CONTENTS HEADING STYLE Introduction To Captive Portal... 1 Overview... 1 Common Applications... 1 Authenticated

More information

Palo Alto Networks User-ID Services. Unified Visitor Management

Palo Alto Networks User-ID Services. Unified Visitor Management Palo Alto Networks User-ID Services Unified Visitor Management Copyright 2011 Aruba Networks, Inc. Aruba Networks trademarks include Airwave, Aruba Networks, Aruba Wireless Networks, the registered Aruba

More information

Cisco RV110W Wireless-N VPN Firewall

Cisco RV110W Wireless-N VPN Firewall Data Sheet Cisco RV110W Wireless-N VPN Firewall Simple, Secure Connectivity for the Small Office/Home Office Figure 1. Cisco RV110W Wireless-N VPN Firewall The Cisco RV110W Wireless-N VPN Firewall provides

More information

Aerohive Networks Inc. Free Bonjour Gateway FAQ

Aerohive Networks Inc. Free Bonjour Gateway FAQ Aerohive Networks Inc. Free Bonjour Gateway FAQ 1. About the Product... 1 2. Installation... 2 3. Management... 3 4. Troubleshooting... 4 1. About the Product What is the Aerohive s Free Bonjour Gateway?

More information

SonicWALL PCI 1.1 Implementation Guide

SonicWALL PCI 1.1 Implementation Guide Compliance SonicWALL PCI 1.1 Implementation Guide A PCI Implementation Guide for SonicWALL SonicOS Standard In conjunction with ControlCase, LLC (PCI Council Approved Auditor) SonicWall SonicOS Standard

More information

Monitoring & Measuring: Wi-Fi as a Service

Monitoring & Measuring: Wi-Fi as a Service Monitoring & Measuring: Wi-Fi as a Service Parker Smith, Director of Business Development, ProCloud Services, ADTRAN IT Professional Wi-Fi Trek 2015 Agenda Wireless Trends and Impacts How Cloud Wireless

More information

VPN Solution Guide Peplink Balance Series. Peplink Balance. VPN Solution Guide. http://www.peplink.com - 1 - Copyright 2015 Peplink

VPN Solution Guide Peplink Balance Series. Peplink Balance. VPN Solution Guide. http://www.peplink.com - 1 - Copyright 2015 Peplink Peplink Balance http://www.peplink.com - 1 - Copyright 2015 Peplink Introduction Introduction Understanding Peplink VPN solutions Peplink's VPN is a complete, seamless system that tightly integrates your

More information

MN-700 Base Station Configuration Guide

MN-700 Base Station Configuration Guide MN-700 Base Station Configuration Guide Contents pen the Base Station Management Tool...3 Log ff the Base Station Management Tool...3 Navigate the Base Station Management Tool...4 Current Base Station

More information

Design and Implementation Guide. Apple iphone Compatibility

Design and Implementation Guide. Apple iphone Compatibility Design and Implementation Guide Apple iphone Compatibility Introduction Security in wireless LANs has long been a concern for network administrators. While securing laptop devices is well understood, new

More information

Cisco WRVS4400N Wireless-N Gigabit Security Router Cisco Small Business Routers

Cisco WRVS4400N Wireless-N Gigabit Security Router Cisco Small Business Routers Cisco WRVS4400N Wireless-N Gigabit Security Router Cisco Small Business Routers Highlights Secure, high-speed wireless network access for small business Gigabit Ethernet connections enable rapid transfer

More information

StoneGate Installation Guide

StoneGate Installation Guide SMC FW IPS SSL VPN VPN StoneGate Installation Guide SOHO Firewalls Updated for StoneGate Management Center 5.0.0 Legal Information End-User License Agreement The use of the products described in these

More information

How To Load balance traffic of Mail server hosted in the Internal network and redirect traffic over preferred Interface

How To Load balance traffic of Mail server hosted in the Internal network and redirect traffic over preferred Interface How To Load balance traffic of Mail server hosted in the Internal network and redirect traffic over preferred Interface How To Configure load sharing and redirect mail server traffic over preferred Gateway

More information

Cisco RV215W Wireless-N VPN Router

Cisco RV215W Wireless-N VPN Router Data Sheet Cisco RV215W Wireless-N VPN Router Simple, Secure Connectivity for the Small Office and Home Office Figure 1. Cisco RV215W Wireless-N VPN Router The Cisco RV215W Wireless-N VPN Router provides

More information

Cisco RV110W Wireless-N VPN Firewall Simple, Secure Connectivity for the Small Office/Home Office

Cisco RV110W Wireless-N VPN Firewall Simple, Secure Connectivity for the Small Office/Home Office Cisco RV110W Wireless-N VPN Firewall Simple, Secure Connectivity for the Small Office/Home Office Figure 1 Cisco RV110W Wireless-N VPN Firewall The Cisco RV110W Wireless-N VPN Firewall provides simple,

More information

V310 Support Note Version 1.0 November, 2011

V310 Support Note Version 1.0 November, 2011 1 V310 Support Note Version 1.0 November, 2011 2 Index How to Register V310 to Your SIP server... 3 Register Your V310 through Auto-Provision... 4 Phone Book and Firmware Upgrade... 5 Auto Upgrade... 6

More information

Barracuda Link Balancer

Barracuda Link Balancer Barracuda Networks Technical Documentation Barracuda Link Balancer Administrator s Guide Version 2.2 RECLAIM YOUR NETWORK Copyright Notice Copyright 2004-2011, Barracuda Networks www.barracuda.com v2.2-110503-01-0503

More information

The Bomgar Appliance in the Network

The Bomgar Appliance in the Network The Bomgar Appliance in the Network The architecture of the Bomgar application environment relies on the Bomgar Appliance as a centralized routing point for all communications between application components.

More information

Installing and Using the vnios Trial

Installing and Using the vnios Trial Installing and Using the vnios Trial The vnios Trial is a software package designed for efficient evaluation of the Infoblox vnios appliance platform. Providing the complete suite of DNS, DHCP and IPAM

More information

The All-in-one Guest Access Solution of

The All-in-one Guest Access Solution of The All-in-one Guest Access Solution of Redefining Networking Integration Tomorrow, Delivered Today Application Guide Series Series Application Guide Providing access in hospitality venues is not the same

More information

Secure WiFi Access in Schools and Educational Institutions. WPA2 / 802.1X and Captive Portal based Access Security

Secure WiFi Access in Schools and Educational Institutions. WPA2 / 802.1X and Captive Portal based Access Security Secure WiFi Access in Schools and Educational Institutions WPA2 / 802.1X and Captive Portal based Access Security Cloudessa, Inc. Palo Alto, CA July 2013 Overview The accelerated use of technology in the

More information

Chapter 6 Using Network Monitoring Tools

Chapter 6 Using Network Monitoring Tools Chapter 6 Using Network Monitoring Tools This chapter describes how to use the maintenance features of your RangeMax Wireless-N Gigabit Router WNR3500. You can access these features by selecting the items

More information

Cisco IT Validates Rigorous Identity and Policy Enforcement in Its Own Wired and Wireless Networks

Cisco IT Validates Rigorous Identity and Policy Enforcement in Its Own Wired and Wireless Networks Cisco IT Article December 2013 End-to-End Security Policy Control Cisco IT Validates Rigorous Identity and Policy Enforcement in Its Own Wired and Wireless Networks Identity Services Engine is an integral

More information

Cisco RV220W Network Security Firewall

Cisco RV220W Network Security Firewall Cisco RV220W Network Security Firewall High-Performance, Highly Secure Connectivity for the Small Office The Cisco RV220W Network Security Firewall lets small offices enjoy secure, reliable, wired and

More information

NXC5500/2500. Application Note. Captive Portal with QR Code. Version 4.20 Edition 2, 02/2015. Copyright 2015 ZyXEL Communications Corporation

NXC5500/2500. Application Note. Captive Portal with QR Code. Version 4.20 Edition 2, 02/2015. Copyright 2015 ZyXEL Communications Corporation NXC5500/2500 Version 4.20 Edition 2, 02/2015 Application Note Captive Portal with QR Code Copyright 2015 ZyXEL Communications Corporation Captive Portal with QR Code What is Captive Portal with QR code?

More information

D-Link Central WiFiManager Configuration Guide

D-Link Central WiFiManager Configuration Guide Table of Contents D-Link Central WiFiManager Configuration Guide Introduction... 3 System Requirements... 3 Access Point Requirement... 3 Latest CWM Modules... 3 Scenario 1 - Basic Setup... 4 1.1. Install

More information

Systems Manager Cloud Based Mobile Device Management

Systems Manager Cloud Based Mobile Device Management Datasheet Systems Manager Systems Manager Cloud Based Mobile Device Management Overview Meraki Systems Manager provides cloud-based over-the-air centralized management, diagnostics, and monitoring of the

More information

Simple security is better security Or: How complexity became the biggest security threat

Simple security is better security Or: How complexity became the biggest security threat Simple security is better security Or: How complexity became the biggest security threat Christoph Litzbach, Pre-Sales Engineer NSG 1 What do they have in common? DATA BREACH 2 Security is HARD! Components

More information

Public Internet Access Done the Right Way

Public Internet Access Done the Right Way Public Internet Access Done the Right Way Supports 500 concurrent logins by default and up to 800 via license upgrade Integrated account generator, Web-based authentication portal and billing system Supports

More information

BYOD Networks for Kommuner

BYOD Networks for Kommuner BYOD Networks for Kommuner Simon Tompson Solutions Architect @MerakiSimon About Meraki The recognized leader in Cloud Networking - Thousands of customer networks in over 100 countries worldwide - World

More information

Network Virtualization Network Admission Control Deployment Guide

Network Virtualization Network Admission Control Deployment Guide Network Virtualization Network Admission Control Deployment Guide This document provides guidance for enterprises that want to deploy the Cisco Network Admission Control (NAC) Appliance for their campus

More information

vcloud Air - Virtual Private Cloud OnDemand Networking Guide

vcloud Air - Virtual Private Cloud OnDemand Networking Guide vcloud Air - Virtual Private Cloud OnDemand Networking Guide vcloud Air This document supports the version of each product listed and supports all subsequent versions until the document is replaced by

More information

Pronto Cloud Controller The Next Generation Control

Pronto Cloud Controller The Next Generation Control Pronto Cloud Controller The Next Generation Control www.prontonetworks.com Cloud Managed Wi-Fi Cloud at its Best The Pronto Cloud Controller (PCC) is a next generation cloud Wi-Fi network configuration,

More information

JOB READY ASSESSMENT BLUEPRINT COMPUTER NETWORKING FUNDAMENTALS - PILOT. Test Code: 4514 Version: 01

JOB READY ASSESSMENT BLUEPRINT COMPUTER NETWORKING FUNDAMENTALS - PILOT. Test Code: 4514 Version: 01 JOB READY ASSESSMENT BLUEPRINT COMPUTER NETWORKING FUNDAMENTALS - PILOT Test Code: 4514 Version: 01 Specific Competencies and Skills Tested in this Assessment: PC Principles Identify physical and equipment

More information

Enabling Multiple Wireless Networks on RV320 VPN Router, WAP321 Wireless-N Access Point, and Sx300 Series Switches

Enabling Multiple Wireless Networks on RV320 VPN Router, WAP321 Wireless-N Access Point, and Sx300 Series Switches print email Article ID: 4941 Enabling Multiple Wireless Networks on RV320 VPN Router, WAP321 Wireless-N Access Point, and Sx300 Series Switches Objective In an ever-changing business environment, your

More information

Meraki Wireless Solution Comparison

Meraki Wireless Solution Comparison Meraki Wireless Solution Comparison Why Meraki? Simplified cloud management Intuitive interface allows devices to be configured in minutes without training or dedicated staff Centrally manage thousands

More information

FAQs: MATRIX NAVAN CNX200. Q: How to configure port triggering?

FAQs: MATRIX NAVAN CNX200. Q: How to configure port triggering? FAQs: MATRIX NAVAN CNX200 Q: How to configure port triggering? Port triggering is a type of port forwarding where outbound traffic on predetermined ports sends inbound traffic to specific incoming ports.

More information

VPN Configuration Guide. Linksys (Belkin) LRT214 / LRT224 Gigabit VPN Router

VPN Configuration Guide. Linksys (Belkin) LRT214 / LRT224 Gigabit VPN Router VPN Configuration Guide Linksys (Belkin) LRT214 / LRT224 Gigabit VPN Router 2014 equinux AG and equinux USA, Inc. All rights reserved. Under copyright law, this manual may not be copied, in whole or in

More information

Break Internet Bandwidth Limits Higher Speed. Extreme Reliability. Reduced Cost.

Break Internet Bandwidth Limits Higher Speed. Extreme Reliability. Reduced Cost. Break Internet Bandwidth Limits Higher Speed. Extreme Reliability. Reduced Cost. Peplink. All Rights Reserved. Unauthorized Reproduction Prohibited Presentation Agenda Peplink Balance Pepwave MAX Features

More information

Enterprise Wireless LAN. Key Features. Benefits. Hotspot/Service Gateway Series

Enterprise Wireless LAN. Key Features. Benefits. Hotspot/Service Gateway Series Key Features Comprehensive Wireless Internet Access Solution Zero Configuration IP Plug and Play Unique Ticket Printer for Easy Service and Accounting Web-based User Authentication, Account Monitoring,

More information

vcloud Director User's Guide

vcloud Director User's Guide vcloud Director 5.5 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new edition. To check for more recent editions of

More information

Configuring PA Firewalls for a Layer 3 Deployment

Configuring PA Firewalls for a Layer 3 Deployment Configuring PA Firewalls for a Layer 3 Deployment Configuring PAN Firewalls for a Layer 3 Deployment Configuration Guide January 2009 Introduction The following document provides detailed step-by-step

More information

A Guide to New Features in Propalms OneGate 4.0

A Guide to New Features in Propalms OneGate 4.0 A Guide to New Features in Propalms OneGate 4.0 Propalms Ltd. Published April 2013 Overview This document covers the new features, enhancements and changes introduced in Propalms OneGate 4.0 Server (previously

More information

ADDING STRONGER AUTHENTICATION for VPN Access Control

ADDING STRONGER AUTHENTICATION for VPN Access Control ADDING STRONGER AUTHENTICATION for VPN Access Control Adding Stronger Authentication for VPN Access Control 1 ADDING STRONGER AUTHENTICATION for VPN Access Control A VIRTUAL PRIVATE NETWORK (VPN) allows

More information

UAG4100 Support Notes

UAG4100 Support Notes 2013 UAG4100 Support Notes CSO ZyXEL 2013/07/29 Table of Contents Scenario 1 Activate a Paid Access Hotspot... 2 Print ticket to access the Internet... 3 Pay with PayPal payment service to access the Internet...

More information

VMware vcloud Air. Enterprise IT Hybrid Data Center TECHNICAL MARKETING DOCUMENTATION

VMware vcloud Air. Enterprise IT Hybrid Data Center TECHNICAL MARKETING DOCUMENTATION TECHNICAL MARKETING DOCUMENTATION October 2014 Table of Contents Purpose and Overview.... 3 1.1 Background............................................................... 3 1.2 Target Audience...........................................................

More information

Meraki MX50 Hardware Installation Guide

Meraki MX50 Hardware Installation Guide Meraki MX50 Hardware Installation Guide January 2011 Copyright 2010, Meraki, Inc. www.meraki.com 660 Alabama St. San Francisco, California 94110 Phone: +1 415 632 5800 Fax: +1 415 632 5899 Copyright: 2010

More information

Chapter 7 Using Network Monitoring Tools

Chapter 7 Using Network Monitoring Tools Chapter 7 Using Network Monitoring Tools This chapter describes how to use the maintenance features of your RangeMax NEXT Wireless Router WNR854T. These features can be found by clicking on the Maintenance

More information

Extending the range of a wireless network by using mesh topology

Extending the range of a wireless network by using mesh topology Extending the range of a wireless network by using mesh topology This example demonstrates how to configure a FortiGate and two FortiAP wireless access point units to extend the reach and availability

More information

DIGIPASS Authentication for SonicWALL SSL-VPN

DIGIPASS Authentication for SonicWALL SSL-VPN DIGIPASS Authentication for SonicWALL SSL-VPN With VACMAN Middleware 3.0 2006 VASCO Data Security. All rights reserved. Page 1 of 53 Integration Guideline Disclaimer Disclaimer of Warranties and Limitations

More information

SSL-VPN 200 Getting Started Guide

SSL-VPN 200 Getting Started Guide Secure Remote Access Solutions APPLIANCES SonicWALL SSL-VPN Series SSL-VPN 200 Getting Started Guide SonicWALL SSL-VPN 200 Appliance Getting Started Guide Thank you for your purchase of the SonicWALL SSL-VPN

More information

IP Address Management: Smoothing the Way to Cloud-Based Services

IP Address Management: Smoothing the Way to Cloud-Based Services White Paper IP Address Management: Smoothing the Way to Cloud-Based Services What You Will Learn Cloud computing offers many operational advantages to service providers. An important element of successful

More information

Seagate NAS OS 4 Reviewers Guide: NAS / NAS Pro / Business Storage Rackmounts

Seagate NAS OS 4 Reviewers Guide: NAS / NAS Pro / Business Storage Rackmounts Seagate NAS OS 4 Reviewers Guide: NAS / NAS Pro / Business Storage Rackmounts Seagate NAS OS 4 Reviewers Guide 2 Purpose of this guide Experience the most common use cases for the product, learn about

More information

University of Hawaii at Manoa Professor: Kazuo Sugihara

University of Hawaii at Manoa Professor: Kazuo Sugihara University of Hawaii at Manoa Professor: Kazuo Sugihara Assignment 2 (ICS426) Network Setup Tutorials By: Yu Fong Okoji (yokoji@hawaii.edu) 10/27/2009 Tutorial on Home Network Setup INTRODUCTION In this

More information

GregSowell.com. Mikrotik Basics

GregSowell.com. Mikrotik Basics Mikrotik Basics Terms Used Layer X When I refer to something being at layer X I m referring to the OSI model. VLAN 802.1Q Layer 2 marking on traffic used to segment sets of traffic. VLAN tags are applied

More information

Wireless Services. The Top Questions to Help You Choose the Right Wireless Solution for Your Business. www.megapath.com

Wireless Services. The Top Questions to Help You Choose the Right Wireless Solution for Your Business. www.megapath.com Wireless Services The Top Questions to Help You Choose the Right Wireless Solution for Your Business Get Started Now: 877.611.6342 to learn more. www.megapath.com Why Go Wireless? Today, it seems that

More information

Kerio Control. Administrator s Guide. Kerio Technologies

Kerio Control. Administrator s Guide. Kerio Technologies Kerio Control Administrator s Guide Kerio Technologies 2015 Kerio Technologies s.r.o. Contents Installing Kerio Control....................................................... 17 Product editions.........................................................

More information

Chapter 6 Using Network Monitoring Tools

Chapter 6 Using Network Monitoring Tools Chapter 6 Using Network Monitoring Tools This chapter describes how to use the maintenance features of your RangeMax Dual Band Wireless-N Router WNDR3300. You can access these features by selecting the

More information

Virtual Data Centre. User Guide

Virtual Data Centre. User Guide Virtual Data Centre User Guide 2 P age Table of Contents Getting Started with vcloud Director... 8 1. Understanding vcloud Director... 8 2. Log In to the Web Console... 9 3. Using vcloud Director... 10

More information

Custom Integration Solutions

Custom Integration Solutions Welcome to this introduction into a true business class network solution for you and your clients This solution has been designed, by integrators, for integrators. We look forward to producing an ever

More information

JK0-022 CompTIA Academic/E2C Security+ Certification Exam CompTIA

JK0-022 CompTIA Academic/E2C Security+ Certification Exam CompTIA JK0-022 CompTIA Academic/E2C Security+ Certification Exam CompTIA To purchase Full version of Practice exam click below; http://www.certshome.com/jk0-022-practice-test.html FOR CompTIA JK0-022 Exam Candidates

More information

Recommended IP Telephony Architecture

Recommended IP Telephony Architecture Report Number: I332-009R-2006 Recommended IP Telephony Architecture Systems and Network Attack Center (SNAC) Updated: 1 May 2006 Version 1.0 SNAC.Guides@nsa.gov This Page Intentionally Left Blank ii Warnings

More information

10/2011 - English Edition 1. Quick Start Guide. NWA1100N-CE CloudEnabled Business N Wireless Access Point

10/2011 - English Edition 1. Quick Start Guide. NWA1100N-CE CloudEnabled Business N Wireless Access Point 10/2011 - English Edition 1 Quick Start Guide NWA1100N-CE CloudEnabled Business N Wireless Access Point Package Contents - 1 x ZyXEL NWA1100N-CE Access Point - 2 x Detachable Antennas - 1 x Power Adapter

More information

Lab 9.1.1 Organizing CCENT Objectives by OSI Layer

Lab 9.1.1 Organizing CCENT Objectives by OSI Layer Lab 9.1.1 Organizing CCENT Objectives by OSI Layer Objectives Organize the CCENT objectives by which layer or layers they address. Background / Preparation In this lab, you associate the objectives of

More information

ADDENDUM 12 TO APPENDIX 8 TO SCHEDULE 3.3

ADDENDUM 12 TO APPENDIX 8 TO SCHEDULE 3.3 ADDENDUM 12 TO APPENDIX 8 TO SCHEDULE 3.3 TO THE Overview EXHIBIT T to Amendment No. 60 Secure Wireless Network Services are based on the IEEE 802.11 set of standards and meet the Commonwealth of Virginia

More information

Dramatically simplifying voice and data networking HOW-TO GUIDE. Bundle Quick Start Guide

Dramatically simplifying voice and data networking HOW-TO GUIDE. Bundle Quick Start Guide Dramatically simplifying voice and data networking HOW-TO GUIDE Bundle Quick Start Guide 2 edgebox How-To Guide - Table of Contents Scope of the Quick-Start Guide...3 edgebox bundles...3

More information

ForeScout CounterACT. Device Host and Detection Methods. Technology Brief

ForeScout CounterACT. Device Host and Detection Methods. Technology Brief ForeScout CounterACT Device Host and Detection Methods Technology Brief Contents Introduction... 3 The ForeScout Approach... 3 Discovery Methodologies... 4 Passive Monitoring... 4 Passive Authentication...

More information

Building Your Complete Remote Access Infrastructure on Windows Server 2012

Building Your Complete Remote Access Infrastructure on Windows Server 2012 Building Your Complete Remote Access nappliance White Paper August 2012 Introduction Remote access is a complex challenge for IT administrators. Providing system access to remote users involves a broad

More information

Cloud Services for Backup Exec. Planning and Deployment Guide

Cloud Services for Backup Exec. Planning and Deployment Guide Cloud Services for Backup Exec Planning and Deployment Guide Chapter 1 Introducing Cloud Services for Backup Exec This chapter includes the following topics: About Cloud Services for Backup Exec Security

More information

Emerson Smart Firewall

Emerson Smart Firewall DeltaV TM Distributed Control System Product Data Sheet Emerson Smart Firewall The Emerson Smart Firewall protects the DeltaV system with an easy to use perimeter defense solution. Purpose built for easy

More information

Networking Devices. Lesson 6

Networking Devices. Lesson 6 Networking Devices Lesson 6 Objectives Exam Objective Matrix Technology Skill Covered Exam Objective Exam Objective Number Network Interface Cards Modems Media Converters Repeaters and Hubs Bridges and

More information

Cisco AnyConnect Secure Mobility Solution Guide

Cisco AnyConnect Secure Mobility Solution Guide Cisco AnyConnect Secure Mobility Solution Guide This document contains the following information: Cisco AnyConnect Secure Mobility Overview, page 1 Understanding How AnyConnect Secure Mobility Works, page

More information

Frequently Asked Questions Aerohive ID Manager

Frequently Asked Questions Aerohive ID Manager Frequently Asked Questions Aerohive ID Manager About the Product... 1 Ordering FAQs... 4 Product Strategy... 6 About the Product 1. What is ID Manager? ID Manager is Aerohive s new cloud-based guest management

More information

How to configure your Thomson SpeedTouch 780WL for ADSL2+

How to configure your Thomson SpeedTouch 780WL for ADSL2+ How to configure your Thomson SpeedTouch 780WL for ADSL2+ Connecting up your router This guide assumes that you have successfully: unpacked your router connected it up to your phone socket using the DSL

More information

Who s Endian? www.cloudrouter.dk

Who s Endian? www.cloudrouter.dk Who s Endian? Endian was founded in 2003 at Appiano, Italy, by a team of experienced network specialists and Linux enthusiasts. Endian s goal and path of development are immediately clear: creating sophisticated

More information