Brocade Monitoring Services Security White Paper



Similar documents
The Business Case for Software-Defined Networking

Brocade Network Monitoring Service (NMS) Helps Maximize Network Uptime and Efficiency

Brocade Premier and Premier-Plus Support

Brocade Technical Assistance Center Frequently Asked Questions

Brocade Fabric Vision Technology Frequently Asked Questions

WHITE PAPER. Cloud Networking: Scaling Data Centers and Connecting Users

The Road to SDN: Software-Based Networking and Security from Brocade

NETWORK FUNCTIONS VIRTUALIZATION. The Top Five Virtualization Mistakes

Multitenancy Options in Brocade VCS Fabrics

Diagnostics and Troubleshooting Using Event Policies and Actions

Scalable Approaches for Multitenant Cloud Data Centers

Brocade and McAfee Change the Secure Networking Landscape with High Performance at Lowest TCO

Brocade VCS Fabrics: The Foundation for Software-Defined Networks

The Brocade SDN Controller in Modern Service Provider Networks

Fibre Channel over Ethernet: Enabling Server I/O Consolidation

Cloud Optimized Performance: I/O-Intensive Workloads Using Flash-Based Storage

VCS Monitoring and Troubleshooting Using Brocade Network Advisor

WHITE PAPER. Enhancing Application Delivery and Load Balancing on Amazon Web Services with Brocade Virtual Traffic Manager

BROCADE FABRIC VISION TECHNOLOGY FREQUENTLY ASKED QUESTIONS

Brocade Virtual Traffic Manager and Microsoft IIS Deployment Guide

NETWORK FUNCTIONS VIRTUALIZATION. Segmenting Virtual Network with Virtual Routers

Facilitating a Holistic Virtualization Solution for the Data Center

Brocade Virtual Traffic Manager and Magento Deployment Guide

BROCADE NETWORK ADVISOR

How To Make Your Phone A Mobile Device Safe And Secure

BASCS in a Nutshell Study Guide for Exam Brocade University Revision

Cisco Unified Communications Remote Management Services

How To Connect Virtual Fibre Channel To A Virtual Box On A Hyperv Virtual Machine

BROCADE PERFORMANCE MANAGEMENT SOLUTIONS

DEDICATED NETWORKS FOR IP STORAGE

Data Center Evolution without Revolution

Ensuring a Smooth Transition to Internet Protocol Version 6 (IPv6)

Cisco Integrated Services Routers Performance Overview

Brocade Virtual Traffic Manager and Microsoft Outlook Web Access Deployment Guide

Scale-Out Storage, Scale-Out Compute, and the Network

Brocade One Data Center Cloud-Optimized Networks

Empirix OneSight for VoIP: Avaya Aura Communication Manager

MITEL. NetSolutions. Flat Rate MPLS VPN

Cisco Application Networking Manager Version 2.0

Building Tomorrow s Data Center Network Today

How To Get A Virtual Managed Enterprise Router From Overure And Brocade

EMC CLARiiON Secure Remote Support Solutions Technical Notes P/N REV A03 October 5, 2010

IP SLAs Overview. Finding Feature Information. Information About IP SLAs. IP SLAs Technology Overview

Increase Simplicity and Improve Reliability with VPLS on the MX Series Routers

Global Load Balancing with Brocade Virtual Traffic Manager

Brocade Virtual Traffic Manager

SolarWinds Certified Professional. Exam Preparation Guide

Ten Ways to Optimize Your Microsoft Hyper-V Environment with Brocade

Service. Strategic Technology Solutions for DNA Technology Solutions and Services That Help You Optimize System Performance, Security and Availability

Secure Access Link. Table of Contents. Introduction. Background. avaya.com. Introduction Background Secure Access Link...

Deploying Brocade Network Advisor in a Secure Environment

Vistara Lifecycle Management

WHITE PAPER September CA Nimsoft For Network Monitoring

Empowering the Enterprise Through Unified Communications & Managed Services Solutions

Ethernet Fabrics: An Architecture for Cloud Networking

IBM Tivoli Network Manager software

WHITE PAPER OCTOBER CA Unified Infrastructure Management for Networks

Brocade Virtual Traffic Manager and Microsoft SharePoint 2010 Deployment Guide

Best Practices for NetFlow/IPFIX Analysis and Reporting

Brocade Campus LAN Switches: Redefining the Economics of

Brocade Virtual Traffic Manager and Oracle EBS 12.1 Deployment Guide

Cisco Prime Virtual Network Analysis Module

NMS300 Network Management System

Enterprise IT is complex. Today, IT infrastructure spans the physical, the virtual and applications, and crosses public, private and hybrid clouds.

SPRINT MANAGED NETWORK SERVICES PRODUCT ANNEX ( MNS Terms and Conditions )

Opengear Technical Note

Whitepaper. Business Service monitoring approach

Brocade SAN Scalability Guidelines: Brocade Fabric OS v7.x

Choosing the Best Open Standards Network Strategy

Managing Dynamic Configuration

Cisco IOS Flexible NetFlow Technology

Cisco TelePresence Select Operate and Cisco TelePresence Remote Assistance Service

Brocade Virtual Traffic Manager and Oracle Application Server 10G Deployment Guide

Cisco Network Analysis Module Software 4.0

Cisco Unified Computing Remote Management Services

White Paper. The Ten Features Your Web Application Monitoring Software Must Have. Executive Summary

Cloud Service Delivery Architecture Solutions for Service Providers

SolarWinds Network Performance Monitor powerful network fault & availabilty management

XO Wide Area Network ( WAN ) Services IP Virtual Private Network Services Ethernet VPLS Services

Securing Cloud Applications with a Distributed Web Application Firewall

Cisco Integrated Video Surveillance Solution: Expand the Capabilities and Value of Physical Security Investments

Focused Vendor Module Avaya Aura Communication Manager (ACM)

BROCADE OPTICS FAMILY

SoLuTIoN guide. CLoud CoMPuTINg ANd ThE CLoud-rEAdy data CENTEr NETWork

November Defining the Value of MPLS VPNs

Der Weg, wie die Verantwortung getragen werden kann!

Information Technology Solutions. Managed IT Services

SNMP Monitoring: One Critical Component to Network Management

Network Management System (NMS) FAQ

Transcription:

WHITE PAPER Monitoring Services Security White Paper In today s globally connected world, the enterprise network is a strategic platform, a platform that demands deep and instantaneous integration between people, information, and ideas. The network is only able to support your business when services, products, and people are aligned with the needs and opportunities of your organization. Monitoring Services provide a set of tools and technologies designed to automate the delivery of both proactive and reactive intelligence and support for high-performance switching and routing platforms. offers these performance-enabling products and services to increase your network availability while simultaneously lowering operational expenses. By integrating support intelligence, automating support activities, and providing proactive insight into your infrastructure investment, your business gains a competitive edge in the network economy. With Monitoring Services, your network operations become simpler, more reliable, and more cost-effective.

Introduction Monitoring Services are delivered via a secure, high-speed remote network infrastructure dedicated to support and management tools. Using an AES 256 encryption connection to customer locations through a Business-to-Business Internet VPN or a private MPLS circuit, the Monitoring Services network provides the necessary infrastructure for Support and its customers to perform a variety of maintenance and management operations. These include, but are not limited to: Automated Fault Management, Proactive Device Monitoring, Remote Diagnostics and data collection, End-to-End Network Performance Monitoring, and secure web portal based Advanced Analytics. Value Proposition When network problems occur, quickly isolating and resolving the problem is paramount to keeping your business on track. However, to effectively diagnose data network problems, a variety of data must first be collected, synthesized, and analyzed to provide actionable intelligence. Historically, this level of analysis required an on-site expert, with raw data collection often falling on the shoulders of the already overworked IT operations team. Due to the high volume of data collected, getting these files into the hands of qualified Support personnel could be time-consuming further hindering the diagnostic process and, more importantly, your business. What this means is that over the lifetime of any given product, the ongoing operational expenses can add up to five or more times the cost of capital expenditures. Troubleshooting, planning, monitoring, and upgrading or adding infrastructure all contribute to this operational expenditure overhead. Monitoring Services reduce this burden by: Automating the reaction process to problems, reducing exposure from downtime Increasing self-sufficiency by integrating expertise in the form of software and services Decreasing and simplifying maintenance efforts Decreasing the number of incident escalations by proactively eliminating outages through expert recommendations Monitoring system health and alerting when critical levels are reached Pinpointing exposure down to chassis, platform, and operating system details so that immediate preventative steps can be taken Monitoring Services provide comprehensive monitoring of your infrastructure 24 hours a day, 365 days a year, allowing you to: Keep IT resources focused on supporting the core business strategy 2

Increase availability and minimize the financial and resource impact of unplanned downtime Reduce operational costs and avoid the budget and technical challenges of an expanded dedicated management team Dramatically reduce the burden of hiring, training, and retention, as well as tools and process development for your technical staff For over a decade, Monitoring Services have been supporting and third-party networking products for many of the top financial institutions and their most demanding enterprise networks. This is a secure solution that is customizable to meet customers unique specifications and security policy guidelines, while keeping your business running amid growing pressure from regulators and customers alike. Service Description Improving network availability while reducing operational costs continues to be the key challenge for IT management. Monitoring Services augment your existing operations with a second set of eyes, using a secure network infrastructure to enable increased availability and efficiency through the acceleration of problem identification and resolution, both reactively and proactively. Connectivity Understanding that every business is different in its connectivity capabilities and requirements, Monitoring Services are engineered to support multiple options by utilizing either an Internet Virtual Private Network (VPN) or private MPLS circuit, depending on either the service level purchased or customer preference. Connectivity options include: B2B Internet VPN: A secure IP Security (IPsec) tunnel over the public Internet. This offers the lowest-cost option, while maintaining appropriate security controls. Internet VPN with Router: Uses the same customer-provided connectivity to the public Internet as above, except that it now terminates in a -provided router at the customer s data center. routers enhance security by including encryption and security matches and protocol that are compatible with the infrastructure at our data collection site. This also provides with visibility to both ends of the VPN tunnel. MPLS VPN: Utilizing Global Support s worldwide Multiprotocol Label Switching (MPLS) Network, dedicated T-1/E-1 connections are made to the customer data center. These terminate in -provided routers. Use of MPLS connectivity can provide improved throughput via dedicated bandwidth, underlying vendor service level agreements (SLAs) and our ability to administer quality of service (QoS) rules for data transmission and priority. Coupled with the -provided router, this solution provides the best connectivity between the customer and data centers. 3

Regardless of the connection method, each and every Monitoring Service implementation includes the following key elements: Technical Support team connectivity to the customer environment using Secure Sockets Layer (SSL)-VPN Authentication, authorization, and accounting (AAA) through the widely adopted Radius protocol, using industry-leading multifactor authentication NMS Site WAN Site Fault Management Monitoring Layer 7 Firewall Performing IDS/IPS Internet/MPLS router ACLs to only allow IPSEC/SSL tunnels through the Telco Routers to the Firewall Remote Access SSL VPN Server for User Access Option #1 MPLS w/ CPE Creates Pvt Mgmt LAN MPLS IPSEC Tunnel (AES 256 Encryption) IPSEC Tunnel (AES 256) Provider Router Running Layer 7 Firewall Code MIB Option #2 Site to Site VPN Creates Pvt Mgmt LAN Option #3 Site to Site VPN w/ CPE Creates Pvt Mgmt LAN Firewalls Creates Private Mgmt LANs on their Routed Network SNMP poll (UDP/161) SNMP poll (UDP/161) SNMP poll (UDP/161) SNMP poll (UDP/161) SSH Console (22) SSH Console (22) SSH Console (22) RDP BNA/DCFM (TCP 3389) RDP BNA/DCFM (TCP 3389) RDP BNA/DCFM (TCP 3389) _SW7500_NetID_01 Mgmt ip: x.x.x.x/x _SW7800_NetID_02 Mgmt ip: x.x.x.x/x _SWDCX_NetID_03 Mgmt ip: x.x.x.x/x SNMP trap (UDP/162) SNMP trap (UDP/162) SCP Support Saves (22) Figure 1. monitoring services network. Automated Fault Management The Automated Fault Management service offering is ideal for accelerating problem resolution through automatic identification, notification, and Service Request creation for issues that need immediate attention. Typical Automated Fault Management alerts are actual hardware (HW) failures or red-light conditions like CPU power supplies, fans, and so forth. 4

monitors for predefined event conditions via Simple Network Monitoring Protocol (SNMP) using User Datagram Protocol (UDP) on port 162. 1 device creates an SNMP Trap based upon a red light condition such as a power supply or fan failure. This alert is sent across the Enterprise via UDP on port 162. Equipment 2 Contact Still using UDP and port 162, and employing AES 256 encryption, the SNMP Trap continues to the Contact over a secure channel in an IP VPN Tunnel established over the Public Internet or an MPLS network connection over Global Support s proprietary network. Enterprise 3 The alert is first filtered to identify those with the highest probability of indicating real problems. At the Contact, a Service Request is generated and forwarded to the appropriate Representative. Firewall Technical Assistance Representative 4 Based upon the customer contact preferences and the severity of the issue, the Technical Assistance Representative then either calls or sends an email to the customer alerting them of the condition and working with them to resolve the problem. page05_mss Figure 2. Automated fault management. Proactive Device Monitoring Proactive Device Monitoring is designed for identifying potentially disruptive situations before they become critical. SNMP polling, coupled with advanced filtering capabilities, allow for low-impact device telemetry. As an additional safety measure, Monitoring Services will not issue any SNMPset commands on any devices. This low-impact telemetry is gathered by issuing SNMPget commands on port 161 at 60-second intervals, yielding a total round-trip network load of less than 100 bytes each, sent and received. 5

3 2 Contact If a device exceeds its performance thresholds, an alert is sent to the Contact, where a Service Request is generated and forwarded to the appropriate Representative. Technical Assistance Representative 1 Utilizing a two-way IPSec VPN connection or MPLS connection, both secured with AES256 encryption, polls customer devices using the SNMPget command over UPD port 161 every 60 seconds for status checks and every 5 minutes for statistic reports. Equipment Devices then respond with status updates across the same VPN connection, giving critical data about key preformance metrics before a failure occurs. Enterprise Firewall 4 Based upon the customer contact preferences and the severity of the issue, the Technical Assistance Representative then either calls or sends an email to the customer alerting them of the condition and working with them to resolve the problem. page06_mss Figure 3. Proactive device monitoring. Remote Troubleshooting Remote Troubleshooting is an optional capability that can be deployed in response to automated fault management alerts, proactive device monitoring alerts, or by customer request and in accordance to specific rules created in concert with the customer s requirements. Remote Troubleshooting accelerates data collection (for example, support saves) and real-time diagnosis by enabling technicians to quickly and securely access the target device and commence problem diagnosis and analysis as soon as an alert is received. Remote Troubleshooting uses J-SAM (the Java version of the Secure Application Manager for data encapsulation), along with industry leading multifactor authentication via the Secure Shell (SSH-2) protocol on port 22. This ensures utmost protection of this direct connection into the core of your enterprise, while enabling the highly skilled staff to perform their duties. 6

3 2 Contact If a device exceeds its performance thresholds, an alert is sent to the Contact, where a Service Request is generated and forwarded to the appropriate Representative. Technical Assistance Representative 1 Utilizing a two-way IPSec VPN connection or MPLS connection, both secured with AES256 encryption, polls customer devices using the SNMPget command over UPD port 161 every 60 seconds for status checks and every 5 minutes for statistic reports. Equipment Devices then respond with status updates across the same VPN connection, giving critical data about key preformance metrics before a failure occurs. Enterprise Firewall 4 Based upon the customer contact preferences and the severity of the issue, the Technical Assistance Representative then either calls or sends an email to the customer alerting them of the condition and working with them to resolve the problem. page06_mss Figure 4. Remote troubleshooting. While Remote Troubleshooting offers a standardized approach to providing secure remote access and maintenance capabilities, it is not a one-size-fits-all solution. recognizes that every customer environment presents unique challenges and opportunities, including business and regulatory requirements and their associated compliance policies and procedures. The access solutions chosen are based upon the customer s decision as to which options best meet their operational and security requirements, including any need for (and availability of) customer on-site personnel to manage connections and provide information during both troubleshooting and routine maintenance monitoring and support. Working with the customer s security, operational, and technical teams, the solution is configured to address any accessibility, connectivity, privacy, and security concerns. 7

Depending upon customer-specific requirements, can include: Connection via a customer s: --Terminal server or security gateway, utilizing multifactor authentication --Router and Firewall Access Control with only select ports needing to be opened View-only/read-only non-administrative logins to customer devices Access via a segmented and secure customer device management LAN A combination of any or all of the above Of course, recommends that all of their customers follow leading industry security practices, such as creating separate security zones separated by firewalls with ingress/egress filtering. Additionally, strongly supports and advocates the customer s own Change Management process as a critical element to ensuring high availability and proper documentation of network maintenance and remediation activity. With a focus on testing and structured promotion of network changes, is confident that the Change Management program will ensure that specific compliance requirements are considered throughout the support process. Conclusion Monitoring Services help you maximize network availability, reduce downtime, and increase operational efficiencies. These services help IT managers do more with less, offloading some of the routine network monitoring and management tasks to networking experts, which allows you to stay focused on your core business. Monitoring Services provide a comprehensive set of tools and technologies designed to enable Technical Services to automate the delivery of support activities. offers these services for increasing network availability while simultaneously lowering operations costs. For more information about solutions, visit www.brocade.com. Corporate Headquarters San Jose, CA USA T: +1-408-333-8000 info@brocade.com European Headquarters Geneva, Switzerland T: +41-22-799-56-40 emea-info@brocade.com Asia Pacific Headquarters Singapore T: +65-6538-4700 apac-info@brocade.com 2015 Communications Systems, Inc. All Rights Reserved. 08/15 GA-WP-1626-02 ADX,, Assurance, the B-wing symbol, DCX, Fabric OS, HyperEdge, ICX, MLX, My, OpenScript, The Effortless Network, VCS, VDX, Vplane, and Vyatta are registered trademarks, and Fabric Vision and vadx are trademarks of Communications Systems, Inc., in the United States and/or in other countries. Other brands, products, or service names mentioned may be trademarks of others. Notice: This document is for informational purposes only and does not set forth any warranty, expressed or implied, concerning any equipment, equipment features, or service offered or to be offered by. reserves the right to make changes to this document at any time, without notice, and assumes no responsibility for its use. This information document describes features that may not be currently available. Contact a sales office for information on feature and product availability. Export of technical data contained in this document may require an export license from the United States government.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information