Unifying Wired, Wireless, and Security Management Wade Wells Consulting Architect HP Networking
HP/Brainstorm 2015 Sessions Monday 2:30 SDN Apps for Education Room: Tamboti Monday 2:30 What is HyperConverence? Room: Ironwood Tuesday 8:30 1:1/BYOD Best Practices Room: Tamboti Tuesday 8:30 Desktop Virtualization Room: Acacia Tuesday 9:45 Unifying Wired & Wireless Room: Tamboti Tuesday 11:00 Deploying 802.11ac Room: Tamboti Tuesday 1:15 Optimizing for Google Drive Room: Tamboti
Your K12 HP Networking Team Jeff Szczerbinski Networking Specialist 414-431-8166 jeff.z@hp.com Jim Pointer Solutions Architect 608-235-1601 jim.pointer@hp.com
Running a network without exposure = setting yourself up for failure Complex 90% of the time required to fix a problem just trying to isolate the problem http://www.yankeegroup.com/researchdocument. do?id=16040 Reactive 50% of downtime is due to network outages *Research carried out by Unisphere, 2012 IMC to the Rescue Increased Visibility Faster Time to Resolution Faster Time to Innocence Expand functionality far beyond the typical NMS Extensive Reporting Capabilities... 5
IMC: Complete management for dynamic agile networks Across entire network Simplified, proactive management that spans the network Maximize network availability Gain network visibility Consistent policy across wired & wireless Supports up to 6000 devices models Not Just HP Products Data Center Automation and orchestration Visualization of virtualized networks Consistency across data center Campus/Branch Unified wired and wireless management Security with BYOD administration Zero touch deployment 7
CY1 Comprehensive management capabilities Single platform built on top of modular, service oriented architecture FCAPS Fault Configuration Accounting Performance Security IMC Platform Alarms Syslog & Trap Mgr Intelligent Configuration Center Compliance Center VLAN & ACL Manager Network Assets Performance Mgmt Virtual Network Mgmt Security Control Center Extended API Add-On Modules IPSec VPN Mgr MPLS VPN Mgr Wireless Services Mgr QoS Mgr BIMS User Behavior Analyzer Service Oper Mgmt Network Traffic Analyzer App Perform. Manager User Access Manager Endpoint Admission Defense VAN Connect Manager Remote Site Manager Resource Automate Manager VAN Fabric Manager Intelligent Analysis Reporter vmon Service Health Manager TACACS+ Authent Manager www.hp.com/networking/imc UCHM VAN SDN Manager 9
Slide 9 CY1 Based on VAN SDN Manager - We may want to rethink this slide. Most of the modules have full FCAPS for their individual technologies spheres. Chris Young, 8/5/2013
Infrastructure Automation Automates and orchestrates traditional and software defined networks Connection activation VM Policy based, Error free Accelerates provisioning of apps Automates VM connectivity Error free configuration Supports multi-vendor hypervisor managers SDN Architecture Enabling SDN Applications Controller IMC SDN Manager Infrastructure FCAPS for SDN environments Manages all layers of SDN Completes SDN architecture Service orchestration IPS App 1 Load Balancer App 2 App 3 Access Switch Core Switch Firewall Core Router Automated service modeling and deployment Dynamic configuration of devices Service agility for all networks 10
IMC base platform functionality Comprehensive, multi-vendor management Discover Monitor Manage Troubleshoot Report Network discovery Automated topology creation Automated asset gathering Virtualization aware (HyperV, KVM and VMware) Performance monitoring SNMP trap collecting SYSLOG collecting Email and SMS alarm notification Automated configuration backups Network wide configuration changes Network wide configuration audits Automated policy verifications Root-cause alarm and event suppression On-demand reporting Scheduled reporting Auto-delivered reports Auto-deployment Optimized network 11
IMC base platform functionality Comprehensive, multi-vendor management Discover Monitor Manage Troubleshoot Report Network discovery Automated topology creation Automated asset gathering Virtualization aware (HyperV, KVM and VMware) Performance monitoring SNMP trap collecting SYSLOG collecting Email and SMS alarm notification Automated configuration backups Network wide configuration changes Network wide configuration audits Automated policy verifications Root-cause alarm and event suppression On-demand reporting Scheduled reporting Auto-delivered reports Auto-deployment Optimized network 12
13
IMC base platform functionality Comprehensive, multi-vendor management Discover Monitor Manage Troubleshoot Report Network discovery Automated topology creation Automated asset gathering Virtualization aware (HyperV, KVM and VMware) Performance monitoring SNMP trap collecting SYSLOG collecting Email and SMS alarm notification Automated configuration backups Network wide configuration changes Network wide configuration audits Automated policy verifications Root-cause alarm and event suppression On-demand reporting Scheduled reporting Auto-delivered reports Auto-deployment Optimized network 14
15
IMC base platform functionality Comprehensive, multi-vendor management Discover Monitor Manage Troubleshoot Report Network discovery Automated topology creation Automated asset gathering Virtualization aware (HyperV, KVM and VMware) Performance monitoring SNMP trap collecting SYSLOG collecting Email and SMS alarm notification Automated configuration backups Network wide configuration changes Network wide configuration audits Automated policy verifications Root-cause alarm and event suppression On-demand reporting Scheduled reporting Auto-delivered reports Auto-deployment Optimized network 16
17
IMC base platform functionality Comprehensive, multi-vendor management Discover Monitor Manage Troubleshoot Report Network discovery Automated topology creation Automated asset gathering Virtualization aware (HyperV, KVM and VMware) Performance monitoring SNMP trap collecting SYSLOG collecting Email and SMS alarm notification Automated configuration backups Network wide configuration changes Network wide configuration audits Automated policy verifications Root-cause alarm and event suppression On-demand reporting Scheduled reporting Auto-delivered reports Auto-deployment Optimized network 18
19
Extended Functionality with Value- Add Module
Unified Wired and Wireless Management Unified BYOD Essentials On-boarding Provisioning Monitoring Unified Wired and Wireless Management Monitors wired/wireless infrastructure Simplifies deployment, management and troubleshooting Provides a single topology Secure Network Access Control Supports BYOD Enforces consistent policy across wired and wireless networks Postures health of endpoint devices Monitors user behavior 21
HP BYOD Common Scenarios Self-Registration with Manual Approval Guest Employee Needs Manager(s) with to Guest Logs register Receive in Manager to and self-service notification actively rights be can portal that approved also a user prior to gaining has quickly registered generate access. and a guest is waiting account for approval. with mobile device Can and see QR code. all guests, and any-guests that are waiting Different Guest for approval. Manager Access can Rights receive can direct be configured link for one-click based conditions: registration, Single Click Time generation or guest of day, management of Type guest of device, account. portal OS, link location, as etc. shown. Guest Manager Can Approve from mobile interface Employees (shown User can here) scan can or QR login full code web BYOD to interface. quickly devices login. directly via drop-down for employee credential entry. Employee can gain access to corporate resources, while guests get access to internet only. 22
HP BYOD Common Scenarios Automatic Self Registration Guest Manual goes is approval automatically through from self-registration Guest disassociated Manager with process, Not wireless Required then which is automatically causes client approved to re-associate. and moved Upon to guest reconnection network. they will be placed on guest network. Guest Manager can still see guest registration activity Different Access Rights can be configured based on conditions: Time of day, Type of device, OS, location, etc. Employees can login BYOD devices directly via drop-down for employee credential entry. Employee can gain access to corporate resources, while guests get access to internet only. 23
Network Traffic Analyzer Greater visibility and control of network usage Unlocks power of data monitored - Including Netflow, NetStream and Sflow - Enables user-based traffic flows and network usage In-depth rule-and-policy-based analysis - Including fault and SLA analysis Easy to understand reports based on traffic, application, session baseline and traffic trend 24
IMC VAN SDN Manager Visibility into a Software-defined Network at all layers Infrastructure Controller Applications 25 Deploys, monitors and manages OpenFlow switches Visualizes traffic flow and performance monitoring Graphical OpenFlow troubleshooting Unified management of single and teamed controllers Detailed monitoring and management functions Backup and restore Installs SDN applications onto appropriate controller(s) Enforces application licensing Application metrics
HP IMC Intelligent Analysis Reporter Allows for customized reporting Extends reporting capabilities In-depth data collection of network information Report design tools - templates Report management includes automation/distribution Exports into a variety of formats 26
Let s Take One more look at the GUI
IMC Unified wired and wireless management with Wireless Services Manager Mary MAC: 00:24:d6:94:d7:52 Where are your APs? Who s connected? How strong are the APs? Wired & Wireless network visibility Status and traffic monitoring of hundreds of wired/wireless devices from a single screen Simplified wired/wireless network deployment, management and troubleshooting Robust reporting for compliance IMC Wireless Services Manager (WSM) Discover wireless access points (AP) & connected clients Track device status, network performance, and user connections Ensure consistency with AP configuration backup Map your wireless network Optimize wireless coverage with heat map Location based services 29
Advantage: Intelligent Management Center Leading in functionality for today s network s requirements Intelligent Management Center Cisco Prime Infrastructure Solarwinds Orion Network Performance Manager With functionality Missing functionality Monitoring Configuration Virtualization Multivendor Wireless Bring your monitoring& Support management own device configuration Infrastructure automation Simplified licensing 30
Solutions
Virtual Application Networks deliver automation, agility Industry s most complete software-defined data center network fabric Management VAN SDN Manager VAN Network Resource Automation VAN Connection Mgr SDN Architecture Application Control Infrastructure Virtual Cloud Networks App Sentinel Security App Virtual Application Networks SDN Controller 40 Switches over XX million ports Load Balancing App Non- OpenFlow Intelligent Management Center 32
Complete unified Bring Your Own Device (BYOD) solution Simple, scalable and secure Software-Defined Networking (SDN) Unified Wired & Wireless Network & Management Management Unified BYOD Essentials Application Layer Monitoring Provisioning SDN Architecture Control Layer Management On-boarding Infrastructure Layer 33
Network Access Control (NAC) Authenticate Secure VLAN= Voice Isolation Network VLAN= Sales Ensure security policy conformance All devices connecting to my network must conform to a security policy I define Security Policy Enforcement with Endpoint Admission Defense (EAD)* AV & Definitions, OS Patches, FW, banned SW Dissolvable & Permanent inode clients for common OS Includes Desktop Asset Manager Device inventory management Data Leakage prevention * Additional IMC Module 34
Multi-site management Simplify the deployment and management of multi site networks A: 10.153.89.1/24 B: 10.153.89.1/24 B: 10.153.89.1/24... 10.153.89.1/24 10.153.89.1/24 10.153.89.1/24... IMC A NAT NAT Remote agent Office B SNMP/Telnet/SSH HTTP/HTTPS A Firewall 10.153.89.1/24 10.153.89.1/24 10.153.89.1/24... A A Office C 10.153.89.1/24 10.153.89.1/24 10.153.89.1/24... SNMP/Telnet/SSH Branch Monitor date Control date Branch Intelligent Management System (BIMS)* Zero touch deployment of CPE & remote site devices Dynamic IP and NAT Remote Site Manager (RSM)* Light weight IMC agent that can be hosted on remote sites Information sent back to Central manager via secure tunnel Provides a Multi Tenant Management solution Resolves issues of overlapping IP ranges * Additional IMC Module 35
Module solution map One platform for multiple solution requirements BYOD Network Access UAM Access EAD Posture Provision UBA Usage Monitor NTA Traffic Monitor WSM Wireless Mgmt UAM Access EAD Posturing Cloud/Virtualization Multisite Mgmt VCM Network Orchest. SHM Service Monitoring APM Application Monitoring eapi Cloud tools vmon Hypervisor traffic monitoring RSM Secure mgmt BIMS Zero touch 36
Platform
HP IMC platform portfolio Advanced networks IMC Standard Includes 50 device license Hierarchical model support Expandable device support* Modular IMC Enterprise Full FCAPS Includes 50 device license Hierarchical model support Includes NTA module & eapi license Expandable device support* Modular Small, simple networks IMC Basic Fault, config, and performance Fixed 50 device limit Fixed functionality IMC Basic WLAN Fault, config and performance Unified wired and wireless management Fixed functionality Fixed 50 device limit Includes 50 license of WSM BYOD specific IMC Smart Connect Virtual appliance w/os and db IMC Standard w/ 50 device User Access Manager with 50 user devices IMC Smart Connect WLAN Virtual appliance w/os and db IMC Standard w/50 device User Access Manager with 50 user devices * Additional incremental node licenses 100, 500, 1000, 5000 & Unlimited 38
IMC delivering on business requirements Complete management for dynamic, agile networks Across entire network Maximize network availability through powerful monitoring across network including applications and service health Network visualization and visibility from network health to specific device details and network events Data Center Data center orchestration Visualization of virtualization networks Support for MDC and IRF topologies Ensure consistency by migrating network policies Policy management across the network Comprehensive configuration across 3rd party devices, ACL, VLAN, policies, SLA, etc with automation tools Asset management Campus/Branch Manage one network with unified wired and wireless management Secure your network with Bring your own device administration Zero touch deployment 39
Modules specific slides
Module review Modules Network Traffic Analyzer User Access Manager Endpoint Admission Defense Wireless Services Manager Service Operation Management Branch Intelligent Management Systems QoS Manager User Behavior Auditor IPSec/VPN Manager eapis License VAN Connection Manager Service Health Manager Application Performance Manager Intelligent Analysis Reporter Remote Site Manager TACACS+ Authentication Manager MPLS VPN Manager Description Gain real time information about user and application bandwidth usage Policy based user access authentication Integrates security policy management with endpoint posture assessment Unified management of wired and wireless networks Full lifecycle IT management Remote management of branch networks Enhances visibility and control over QoS configurations on network devices Reduce security threats through user behavior audits Determine status, performance, problem, and resolution for IPSec/VPNs Enables external platforms to leverage IMC functionality Accelerates application deployment through automation and orchestration End to end service monitoring, service assurance Monitors network impact to applications Customized reporting tools Secure remote management Authentication, authorization and accounting based on TACACs protocol Supports MPLS VPN management and service deployment 41
Network Traffic Analyzer Allows greater visibility and control of network usage Unlocks power of data monitored Including Netflow, NetStream and SFlow Enables user-based traffic flows and network usage In-depth rule-and-policy-based analysis, Including fault and SLA analysis Easy to understand reports based on traffic, application and session baseline and trend of network traffic 42
Unified wired and wireless access control User access manager Application access IMC Policy enforcement Employee Guest Unified access management Policy-based user and device authentication and authorization and enforcement Access rules based on user role, device type and endpoint integrity Advanced Mobile device profiling (fingerprinting) 802.1X authentication & simplified self registration portal option Traffic shaping for optimal bandwidth allocation Integration with HP TippingPoint IPS Customizable portal to match customer s brand 43
Endpoint Admission Defense Posturing for enhanced network security Automatically blocks suspicious traffic and protects data Client health check (supports Windows, Linux, MAC) Endpoint Admission Defense 44
IMC Unified wired and wireless management with Wireless Services Manager Mary MAC: 00:24:d6:94:d7:52 Where are your APs? Who s connected? How strong are the APs? Wired & Wireless network visibility Status and traffic monitoring of hundreds of wired/wireless devices from a single screen Simplified wired/wireless network deployment, management and troubleshooting Robust reporting for compliance IMC Wireless Services Manager (WSM) Discover wireless access points (AP) & connected clients Track device status, network performance, and user connections Ensure consistency with AP configuration backup Map your wireless network Optimize wireless coverage with heat map Location based services 45
Service Operations Manager Service Desk Optimize IT responsiveness to end user service requests with ticket integration into IMCs alert and configuration capabilities IT network flow Requirement Fault Issue Repository Configuration Change Release 46
Branch intelligent management system Headquarters Unified management Data center Accelerated application delivery Branch Converged infrastructure Integrated applications Multilayer security Zero touch configuration for branch devices in batches Out of path from DVPN Automatic software upgrades Branch device zero-touch configuration startup Comprehensive monitoring of physical links Capable of managing devices in up to 10,000 branches 47
QoS Manager Platform for defining, applying, and monitoring QoS policies on a system-wide basis for HP Networking routers and switches. View Discover Define Plan Deploy View policies in IMC Discover QoS configs on your devices and import into IMC Create traffic classifiers Plan with QoS properties and traffic rules, and an assigned set of network elements Deploy/remove your QoS policies to their assigned network devices. 48
User Behavior Auditor Know what sites are being accessed from your network Audit online behavior of internal users Provides comprehensive log collection and audit functions Scalable network log audit and analysis solution Real-time visibility in who/what is consuming bandwidth Audit on-line behavior by user or IP address websites, specific URLs, database access and operations, file transfers, and FTP access Effectively manage resources and capacity planning Understand traffic patterns, application and session performance and trends 49
HP IMC IPSec VPN Manager Greater visibility and control for DVPN Campus WAN Secure Data Tunnel IMC IVM Comprehensive IPSec VPN management Domains Device Tunnel Topology Proposal IKE security DVPN support Pre-defined DVPN security templates DVPN auto discovery DVPN management and provisioning Branch Branch 50
Extended APIs The Extended API integrates across IMC Utilizes RESTful implementation for simplified integration Over 200 eapis are available Included with IMC Enterprise Licensable upgrade for IMC Standard Organizations can use eapis to integrate third-party applications with IMC s open and extensible SOA platform. 51
Virtual Application Networks Manager Module System Admin Network Admin Process for deploying apps Deploying an Exchange VM 1 Characterize IMC VAN Manager Virtualize vcenter Virtualizing ready! Minutes Plug-in 2 Choose profile Orchestrate IMC VAN Manager 3 VM Wow! That was fast! App Deployed Enables IT to provision applications quickly Reduces provisioning time from weeks to minutes Automates and orchestrates VM network connectivity Eliminates manual configuration Leverages template, policy based approach Supports vsphere and KVM 52
Application Performance Manager (APM) Visualize and measure the health of business applications and the impact to network performance Single pane visibility of server, application, performance and infrastructure Monitor performance and health of applications Automatic discovery of applications Fault management for monitored applications Comprehensive reporting of monitored objects Logical step towards service management, and bridges gap between network ops, server ops and application teams Broad range of supported applications 53
HP IMC Service Health Manager Web servers KPI KQI Business model Internet VPN Performance KPI CPU is running at full load? Interface bandwidth is insufficient? Network availability Firewall Router (VRF) Router (local) Link KPI (Delay, Jitter) Configuration KPI Configuration exception? Agent need to upgrade? Link availability Alarm KPI Link Down? Attack? IPS The average recovery time of service fault Traffic KPI User traffic Application traffic Application response time 1. Network service assessment report 2. Failure root cause analysis and positioning 3. Trend Analysis \ quality deterioration prediction App servers DB servers Server KPI App performance DB performance More Provides end-to-end service monitoring and assurance Visual service modeling Includes predefined and custom key performance indicators (KPIs) Complete Network Quality Assurance (NQA) Link Monitoring Comprehensive SHM reports 54
HP IMC Remote Site Manager Securely extends IMC's core platform capability to remote sites by deploying remote agents A: 10.153.89.1/24 B: 10.153.89.1/24 B: 10.153.89.1/24... 10.153.89.1/24 10.153.89.1/24 10.153.89.1/24... IMC A NAT NAT Remote agent SNMP/Telnet/SSH HTTP/HTTPS A Firewall A A 10.153.89.1/24 10.153.89.1/24 10.153.89.1/24... SNMP/Telnet/SSH Branch Monitor date Control date Comprehensive, efficient remote site management Support firewalled remote networks (NAT or Proxy) Isolated local network discovery Remote site service monitoring Secure communication to agents with SSL Office B 10.153.89.1/24 10.153.89.1/24 10.153.89.1/24... Office C 55
HP IMC Intelligent Analysis Reporter Extends the reporting capabilities within IMC to include customized reporting NEW! In-depth data collection of network information Report design tools - templates Report management includes automation/distribution Exports into a variety of formats 56
HP IMC TACACS + Authentication Manager Provides basic authentication, authorization and accounting functions for network devices or users Supports TACACS+ device identification and authentication Flexible authorization policies Comprehensive user and log monitoring Centralized device user management 57
MPLS VPN Management CE-CE link management Supports OSPF deployment between CE and PE Get VPN service reports VPN,SA resource, traffic, connectivity report Analyze VPN traffic and services via Network Traffic Analyzer Module QoS management Plan and deployment 58
IMC VAN SDN Manager Industry s first comprehensive SDN management tool SDN Architecture IMC SDN Manager Applications Controller Infrastructure Completes the SDN architecture with management Configuration, monitoring & policy mgmt for all SDN layers OpenFlow switch management SDN controller performance management One application for managing SDN and traditional environments 1 Compared with Cisco Nexus 1010 Virtual Services Appliance 10X acceleration of SDN deployments 50% less management complexity 59
IMC VAN Resource Automation Manager Industry s only policy-based network automation tool for the entire network App 1 App 2 App 3 Network service modeling for applications and tenants Policy driven resource provisioning from edge to core IPS Access Switch Firewall Easy to design with drag and drop GUI Service agility for traditional networks Load Balancer Core Switch Core Router 1 Compared with Cisco Nexus 1010 Virtual Services Appliance 200X Faster Service Deployment 5X Provisioning Accuracy Improvement 60
Thank you Demo: https://www.youtube.com/watch?v=gyioyccpq1y