Unifying Wired, Wireless, and Security Management

Unifying Wired, Wireless,

and Security

Management

Wade Wells

Consulting Architect

HP Networking

HP/Brainstorm 2015 Sessions

Monday 2:30

SDN Apps for Education

Room: Tamboti

Tuesday 8:30

1:1/BYOD Best Practices

Room: Tamboti

Tuesday 9:45

Unifying Wired & Wireless

Room: Tamboti

Tuesday 8:30

Desktop Virtualization

Room: Acacia

Monday 2:30

What is

HyperConverence?

Room: Ironwood

Tuesday 1:15

Optimizing for Google

Drive

Room: Tamboti

Tuesday 11:00

Deploying 802.11ac

Your K12 HP Networking Team

Jeff Szczerbinski

Networking Specialist

414-431-8166

[email protected]

Jim Pointer

Solutions Architect

608-235-1601

[email protected]

IMC to the Rescue

Reactive

Complex

Running a network without exposure =

setting yourself up for failure

50%

of downtime is due to

network outages

90%

of the time required to

fix a problem just

trying to isolate the

problem

http://www.yankeegroup.com/ResearchDocument. do?id=16040

*Research carried out by Unisphere, 2012

•

Increased Visibility

•

Faster Time to Resolution

•

Faster Time to Innocence

•

Expand functionality far

beyond the typical NMS

•

Extensive Reporting

Capabilities

IMC:

Complete

management for dynamic agile networks

Across entire network

Campus/Branch

•

Unified wired and wireless management

•

Security with BYOD administration

•

Zero touch deployment

•

Consistent policy across

wired & wireless

•

Supports up to 6000 devices models

Not Just HP Products

•

Maximize network availability

•

Gain network visibility

Simplified, proactive management that spans the network

Data Center

•

Automation and orchestration

•

Visualization of virtualized networks

Comprehensive management capabilities

Single platform built on top of modular, service oriented architecture

Fault

Alarms

Syslog

& Trap

Mgr

Configuration

Intelligent

Configuration

Center

Compliance

Center

VLAN & ACL

Manager

Accounting

Network Assets

Performance

Performance

Mgmt

Virtual

Network

Mgmt

Security

Security Control Center

FCAPS

IMC

Platform

Add-On

Modules

Remote

Site

Manager

VAN

Connect

Manager

Service

Health

Manager

App

Perform.

Manager

Intelligent

Analysis

Reporter

User

Behavior

Analyzer

Service

Oper

Mgmt

Network

Traffic

Analyzer

User

Access

Manager

Endpoint

Admission

Defense

BIMS

TACACS+

Authent

Manager

IPSec

VPN Mgr

VPN Mgr

MPLS

Wireless

Services

Mgr

QoS Mgr

vMon

Extended API

Resource

Automate

Manager

VAN SDN

Manager

VAN

Fabric

Manager

UCHM

www.hp.com/networking/imc

CY1

Slide 9

CY1

Based on VAN SDN Manager - We may want to rethink this slide. Most of the modules have full FCAPS for their individual technologies

spheres.

Automates and orchestrates traditional and software defined networks

Infrastructure Automation

Connection activation

•

Accelerates provisioning of apps

•

Automates VM connectivity

•

Error free configuration

•

Supports multi-vendor hypervisor

Enabling SDN

Service orchestration

Infrastructure

SDN Architecture

Controller

Applications

IMC SDN

Manager

Core

Switch

Core

Router

Access

Switch

Load

Balancer

Firewall

IPS

App 2

App 3

App 1

•

FCAPS for SDN environments

•

Manages all layers of SDN

•

Completes SDN architecture

•

Automated service modeling

and deployment

•

Dynamic configuration of devices

•

Service agility for all networks

VM

Policy based,

Error free

IMC base platform functionality

Comprehensive, multi-vendor management

•

Network discovery

•

Automated topology

creation

•

Automated asset

gathering

•

Virtualization aware

(HyperV, KVM and

VMware)

•

Performance

monitoring

•

SNMP trap collecting

•

SYSLOG collecting

•

Email and SMS alarm

notification

•

Automated

configuration

backups

•

Network wide

configuration

changes

•

Network wide

configuration audits

•

Automated policy

verifications

•

Auto-deployment

•

Root-cause alarm and

event suppression

Discover

Monitor

Manage

Troubleshoot

•

On-demand

reporting

•

Scheduled reporting

•

Auto-delivered

reports

Optimized network

Report

IMC base platform functionality

Comprehensive, multi-vendor management

•

Network discovery

•

Automated topology

creation

•

Automated asset

gathering

•

Virtualization aware

(HyperV, KVM and

VMware)

•

Performance

monitoring

•

SNMP trap collecting

•

SYSLOG collecting

•

Email and SMS alarm

notification

•

Automated

configuration

backups

•

Network wide

configuration

changes

•

Network wide

configuration audits

•

Automated policy

verifications

•

Auto-deployment

•

Root-cause alarm and

event suppression

Discover

Monitor

Manage

Troubleshoot

•

On-demand

reporting

•

Scheduled reporting

•

Auto-delivered

reports

Optimized network

Report

IMC base platform functionality

Comprehensive, multi-vendor management

•

Network discovery

•

Automated topology

creation

•

Automated asset

gathering

•

Virtualization aware

(HyperV, KVM and

VMware)

•

Performance

monitoring

•

SNMP trap collecting

•

SYSLOG collecting

•

Email and SMS alarm

notification

•

Automated

configuration

backups

•

Network wide

configuration

changes

•

Network wide

configuration audits

•

Automated policy

verifications

•

Auto-deployment

•

Root-cause alarm and

event suppression

Discover

Monitor

Manage

Troubleshoot

•

On-demand

reporting

•

Scheduled reporting

•

Auto-delivered

reports

Optimized network

Report

IMC base platform functionality

Comprehensive, multi-vendor management

•

Network discovery

•

Automated topology

creation

•

Automated asset

gathering

•

Virtualization aware

(HyperV, KVM and

VMware)

•

Performance

monitoring

•

SNMP trap collecting

•

SYSLOG collecting

•

Email and SMS alarm

notification

•

Automated

configuration

backups

•

Network wide

configuration

changes

•

Network wide

configuration audits

•

Automated policy

verifications

•

Auto-deployment

•

Root-cause alarm and

event suppression

Discover

Monitor

Manage

Troubleshoot

•

On-demand

reporting

•

Scheduled reporting

•

Auto-delivered

reports

Optimized network

Report

IMC base platform functionality

Comprehensive, multi-vendor management

•

Network discovery

•

Automated topology

creation

•

Automated asset

gathering

•

Virtualization aware

(HyperV, KVM and

VMware)

•

Performance

monitoring

•

SNMP trap collecting

•

SYSLOG collecting

•

Email and SMS alarm

notification

•

Automated

configuration

backups

•

Network wide

configuration

changes

•

Network wide

configuration audits

•

Automated policy

verifications

•

Auto-deployment

•

Root-cause alarm and

event suppression

Discover

Monitor

Manage

Troubleshoot

•

On-demand

reporting

•

Scheduled reporting

•

Auto-delivered

reports

Optimized network

Report

Extended Functionality with

Value-Add Module

Unified Wired and Wireless Management

Unified Wired and Wireless Management

•

Monitors wired/wireless infrastructure

•

Simplifies deployment, management

and troubleshooting

•

Provides a single topology

Unified BYOD Essentials

On-boarding

Provisioning

Monitoring

Secure Network Access Control

•

Supports BYOD

•

Enforces consistent policy across wired and

wireless networks

•

Postures health of endpoint devices

•

Monitors user behavior

HP BYOD Common Scenarios

•

Guest Needs to register and actively be approved prior to

gaining access.

•

Different Access Rights can be configured based on

conditions:

Time of day, Type of device, OS, location, etc.

•

Employees can login BYOD devices directly via drop-down

for employee credential entry.

•

Employee can gain access to corporate resources, while

guests get access to internet only.

Self-Registration with Manual Approval

•

Guest Manager(s) Receive notification that a user

has registered and is waiting for approval.

•

Guest Manager can receive direct link for one-click

registration, or guest management portal link as

shown.

•

Guest Manager Logs in to self-service portal

•

Can see all guests, and any-guests that are waiting

for approval.

•

Guest Manager Can Approve from mobile interface

(shown here) or full web interface.

•

Employee with Guest Manager rights can also

quickly generate a guest account with mobile device

and QR code.

•

Single Click generation of guest account.

•

User can scan QR code to quickly login.

HP BYOD Common Scenarios

•

Guest goes through self-registration process, then

is

automatically approved and moved to guest

network.

•

Different Access Rights can be configured based on

conditions:

Time of day, Type of device, OS,

location, etc.

•

Employees can login BYOD devices directly via

drop-down for employee credential entry.

•

Employee can gain access to corporate resources,

while guests get access to internet only.

Automatic Self Registration

•

Guest is automatically disassociated with wireless

which causes client to associate. Upon

re-connection they will be placed on guest network.

•

Manual approval from Guest Manager Not Required

•

Guest Manager can still see guest registration

Greater visibility and control of network usage

•

Unlocks power of data monitored

-

Including Netflow, NetStream and Sflow

-

Enables user-based traffic flows and

network usage

•

In-depth rule-and-policy-based analysis

-

Including fault and SLA analysis

•

Easy to understand reports based on traffic,

application, session baseline and traffic trend

Visibility into a Software-defined Network at all layers

IMC VAN SDN Manager

Infrastructure

•

Deploys, monitors and

manages OpenFlow switches

•

Visualizes traffic flow and

performance monitoring

•

Graphical OpenFlow

Controller

Applications

•

Unified management of single

and teamed controllers

•

Detailed monitoring and

management functions

•

Backup and restore

•

Installs SDN applications onto

appropriate controller(s)

•

Enforces application licensing

•

Application metrics

Allows for customized reporting

HP IMC Intelligent Analysis Reporter

Extends reporting capabilities

•

In-depth data collection of network

information

•

Report design tools - templates

•

Report management includes

automation/distribution

IMC Unified wired and wireless management with

Wireless Services Manager

Wired & Wireless network visibility

•

Status and traffic monitoring of hundreds of wired/wireless

devices from a single screen

•

Simplified wired/wireless network deployment, management

and troubleshooting

•

Robust reporting for compliance

IMC Wireless Services Manager (WSM)

•

Discover wireless access points (AP) & connected clients

•

Track device status, network performance, and

user connections

•

Ensure consistency with AP configuration backup

•

Map your wireless network

•

Optimize wireless coverage with heat map

•

Location based services

Where are your APs?

How strong

are the APs?

MAC: 00:24:d6:94:d7:52

Advantage: Intelligent Management Center

Leading in functionality for today’s network’s requirements

Intelligent Management

Center

Solarwinds Orion

Network Performance Manager

Cisco Prime Infrastructure

Monitoring

Configuration

Bring your

own device

Multivendor

Support

Wireless

management

Simplified

licensing

Virtualization

monitoring&

configuration

Infrastructure

automation

With functionality

Virtual Application Networks deliver automation, agility

Industry’s most complete software-defined data center network fabric

40 Switches – over XX million ports

Virtual Application Networks SDN Controller

Virtual Cloud

Networks App

Security App

Sentinel

Balancing App

Load

Management

Non-OpenFlow

VAN Network

Resource Automation

VAN Connection Mgr

Infrastructure

Control

Application

VAN SDN

Manager

SDN Ar

chit

ectur

e

Intelligent

Management Center

Software-Defined Networking (SDN)

Unified Wired & Wireless Network & Management

Unified BYOD Essentials

Complete unified Bring Your Own Device (BYOD) solution

Simple, scalable and secure

On-boarding

Provisioning

Monitoring

Management

Infrastructure

Layer

Control

Layer

Application

Layer

Management

SD

N Architecture

Network Access Control (NAC)

Ensure security policy conformance

•

“All devices connecting to my network must

conform to a security policy I define”

•

Security Policy Enforcement with Endpoint

Admission Defense (EAD)*

−

AV & Definitions, OS Patches, FW, banned SW

−

Dissolvable & Permanent iNode clients for common OS

•

Includes Desktop Asset Manager

−

Device inventory management

−

Data Leakage prevention

Au

then

ticate

Secure

VLAN= Voice

Isolation Network

VLAN= Sales

Simplify the deployment and management of multi site networks

Multi-site management

•

Branch Intelligent Management System (BIMS)*

−

Zero touch deployment of CPE & remote site devices

−

Dynamic IP and NAT

•

Remote Site Manager (RSM)*

−

Light weight IMC agent that can be hosted on

remote sites

−

Information sent back to Central manager via secure

tunnel

•

Provides a Multi Tenant Management solution

−

Resolves issues of overlapping IP ranges

* Additional IMC Module

A

Office B

Branch

NAT

NAT

HTTP/HTTPS

Office C

IMC

SNMP/Telnet/SSH

A

A

A

Module solution map

One platform for multiple solution requirements

Multisite Mgmt

BIMS

Zero

touch

Cloud/Virtualization

SHM

Service

Monitoring

APM

Application

Monitoring

eAPI

Cloud tools

vMon

Hypervisor

traffic

monitoring

Network Access

BYOD

UBA

Usage

Monitor

NTA

Traffic

Monitor

WSM

Wireless

Mgmt

EAD

Posture

Provision

EAD

Posturing

RSM

Secure

mgmt

VCM

Network

Orchest.

UAM

Access

UAM

Access

HP IMC platform portfolio

IMC Standard

•

Includes 50 device license

•

Hierarchical model support

•

Expandable device support*

•

Modular

Advanced networks

IMC Basic WLAN

•

Fault, config and performance

•

Unified wired and wireless

management

•

Fixed functionality

•

Fixed 50 device limit

•

Includes 50 license of WSM

IMC Basic

•

Fault, config, and performance

•

Fixed 50 device limit

•

Fixed functionality

Small, simple networks

IMC Smart Connect WLAN

•

Virtual appliance w/OS and dB

•

IMC Standard w/50 device

•

User Access Manager with

50 user devices

IMC Smart Connect

•

Virtual appliance w/OS and dB

•

IMC Standard w/ 50 device

•

User Access Manager with

50 user devices

BYOD specific

IMC Enterprise

•

Full FCAPS

•

Includes 50 device license

•

Hierarchical model support

•

Includes NTA module

& eAPI license

•

Expandable device support*

•

Modular

Complete management for

dynamic, agile networks

IMC delivering on business requirements

Across entire network

•

Maximize network availability through powerful monitoring

across network including applications and service health

•

Network visualization and visibility from network health to

specific device details and network events

Campus/Branch

•

Manage one network with unified wired and wireless

management

•

Secure your network with Bring your own device

administration

•

Zero touch deployment

•

Policy management across the network

•

Comprehensive configuration across 3rd party devices,

ACL, VLAN, policies, SLA, etc with automation tools

•

Asset management

Data Center

•

Data center orchestration

•

Visualization of virtualization networks

•

Support for MDC and IRF topologies

Module review

Modules Description

Network Traffic Analyzer

Gain real time information about user and application bandwidth usage

User Access Manager

Policy based user access authentication

Endpoint Admission Defense

Integrates security policy management with endpoint posture assessment

Wireless Services Manager

Unified management of wired and wireless networks

Service Operation Management

Full lifecycle IT management

Branch Intelligent Management Systems

Remote management of branch networks

QoS Manager

Enhances visibility and control over QoS configurations on network devices

User Behavior Auditor

Reduce security threats through user behavior audits

IPSec/VPN Manager

Determine status, performance, problem, and resolution for IPSec/VPNs

eAPIs License

Enables external platforms to leverage IMC functionality

VAN Connection Manager

Accelerates application deployment through automation and orchestration

Service Health Manager

End to end service monitoring, service assurance

Application Performance Manager

Monitors network impact to applications

Intelligent Analysis Reporter

Customized reporting tools

Remote Site Manager

Secure remote management

TACACS+ Authentication Manager

Authentication, authorization and accounting based on TACACs protocol

MPLS VPN Manager

Supports MPLS VPN management and service deployment

Network Traffic Analyzer

Allows greater visibility and control of

network usage

•

Unlocks power of data monitored

−

Including Netflow, NetStream and SFlow

−

Enables user-based traffic flows and

network usage

•

In-depth rule-and-policy-based analysis,

−

Including fault and SLA analysis

•

Easy to understand reports based on traffic,

application and session baseline and trend of

network traffic

User access manager

Unified wired and wireless access control

Unified access management

•

Policy-based user and device authentication and

authorization and enforcement

•

Access rules based on user role, device type and endpoint

integrity

•

Advanced Mobile device profiling (fingerprinting)

•

802.1X authentication & simplified self registration portal

option

•

Traffic shaping for optimal bandwidth allocation

•

Integration with HP TippingPoint IPS

•

Customizable portal to match customer’s brand

Employee

Guest

IMC Policy enforcement

Application access

Endpoint Admission Defense

Posturing for enhanced network

security

•

Automatically blocks suspicious

traffic and protects data

•

Client health check (supports

Windows, Linux, MAC)

IMC Unified wired and wireless management with

Wireless Services Manager

Wired & Wireless network visibility

•

Status and traffic monitoring of hundreds of wired/wireless

devices from a single screen

•

Simplified wired/wireless network deployment, management

and troubleshooting

•

Robust reporting for compliance

IMC Wireless Services Manager (WSM)

•

Discover wireless access points (AP) & connected clients

•

Track device status, network performance, and

user connections

•

Ensure consistency with AP configuration backup

•

Map your wireless network

•

Optimize wireless coverage with heat map

•

Location based services

Where are your APs?

How strong

are the APs?

MAC: 00:24:d6:94:d7:52

Service Operations Manager

Service Desk

IT network flow

Requirement

Fault

Issue

Repository

Configuration

Change

Release

Optimize IT responsiveness to end user service

requests with ticket integration into IMCs alert and

configuration capabilities

Branch intelligent management system

Zero touch configuration for branch

devices in batches

•

Out of path from DVPN

•

Automatic software upgrades

•

Branch device zero-touch configuration

startup

•

Comprehensive monitoring of physical

links

•

Capable of managing devices in up to

10,000 branches

Branch

Headquarters

Unified management

Data center

Integrated

applications

Multilayer

security

Converged

infrastructure

Accelerated

application

delivery

QoS Manager

Platform for defining, applying, and monitoring QoS policies on a system-wide basis

for HP Networking routers and switches.

View policies in IMC

Discover QoS

configs on your

devices and import

into IMC

Create traffic

classifiers

Plan with QoS

properties and

traffic rules, and

an assigned set of

network elements

View

Discover

Define

Plan

Deploy

Deploy/remove your

QoS policies to their

assigned network

devices.

Know what sites are being accessed from your network

User Behavior Auditor

Audit online behavior of internal users

•

Provides comprehensive log collection and audit functions

•

Scalable network log audit and analysis solution

Real-time visibility in who/what is consuming bandwidth

•

Audit on-line behavior by user or IP address

•

websites, specific URLs, database access and operations,

file transfers, and FTP access

Effectively manage resources and capacity planning

•

Understand traffic patterns, application and session performance and

trends

Greater visibility and control for DVPN

HP IMC IPSec VPN Manager

Comprehensive IPSec VPN management

•

Domains

•

Device

•

Tunnel

•

Topology

•

Proposal

•

IKE security

DVPN support

•

Pre-defined DVPN security templates

•

DVPN auto discovery

•

DVPN management and provisioning

Campus

Branch

Branch

WAN

IMC IVM

Extended APIs

•

Utilizes RESTful implementation for

simplified integration

•

Over 200 eAPIs are available

•

Included with IMC Enterprise

•

Licensable upgrade for IMC Standard

The Extended API integrates across IMC

Organizations can use eAPIs to integrate third-party applications with

IMC’s open and extensible SOA platform.

Virtual Application Networks Manager Module

Enables IT to provision applications

quickly

•

Reduces provisioning time from weeks

to minutes

•

Automates and orchestrates

VM network connectivity

•

Eliminates manual configuration

•

Leverages template, policy based

approach

•

Supports vSphere and KVM

Process for deploying apps

System

Admin

Network

Admin

Deploying an

Exchange VM

App

Deployed

Characterize

IMC VAN

Manager

1

Orchestrate

VM

IMC VAN

Manager

3

Minutes

Wow! That

was fast!

… ready!

Virtualizing

Virtualize

Plug-in

2

vCenter

Application Performance Manager (APM)

Visualize and measure the health of business

applications and the impact to network performance

•

Single pane visibility of server, application, performance

and infrastructure

−

Monitor performance and health of applications

−

Automatic discovery of applications

−

Fault management for monitored applications

•

Comprehensive reporting of monitored objects

•

Logical step towards service management, and bridges gap

between network ops, server ops and application teams

•

Broad range of supported applications

HP IMC Service Health Manager

Provides end-to-end

service monitoring and

assurance

•

Visual service modeling

•

Includes predefined and

custom key performance

indicators (KPIs)

•

Complete Network Quality

Assurance (NQA) Link

Monitoring

•

Comprehensive SHM

reports

Link KPI (Delay, Jitter)

KPI

KQI

Network

availability

Link

availability

Application

response time

The average recovery

time of service fault

Business

model

More…

1. Network service assessment report

2. Failure root cause analysis and positioning

3. Trend Analysis \ quality deterioration prediction

CPU is running at full load? Interface bandwidth is insufficient ?

Alarm KPI Link Down? Attack? Configuration KPI

Configuration exception? Agent need to upgrade?

Traffic KPI User traffic Application traffic Server KPI App performance DB performance

Securely extends IMC's core platform capability to remote sites by deploying remote

agents

HP IMC Remote Site Manager

Comprehensive, efficient remote

site management

•

Support firewalled remote networks

(NAT or Proxy)

•

Isolated local network discovery

•

Remote site service monitoring

•

Secure communication to agents with SSL

A

Office B

Branch

NAT

NAT

HTTP/HTTPS

Office C

IMC

SNMP/Telnet/SSH

A

A

A

Extends the reporting capabilities within IMC to include customized reporting

HP IMC Intelligent Analysis Reporter

•

In-depth data collection of network

information

•

Report design tools - templates

•

Report management includes

automation/distribution

•

Exports into a variety of formats

Provides basic authentication, authorization and accounting functions for

network devices or users

HP IMC TACACS + Authentication Manager

•

Supports TACACS+ device

identification and authentication

•

Flexible authorization policies

•

Comprehensive user and

log monitoring

•

Centralized device user

management

MPLS VPN Management

•

CE-CE link management

•

Supports OSPF deployment between CE

and PE

•

Get VPN service reports

‒

VPN,SA

resource, traffic, connectivity report

•

Analyze VPN traffic and services via

−

Network Traffic Analyzer Module

−

QoS management

Industry’s first comprehensive SDN management tool

IMC VAN SDN Manager

•

Completes the SDN architecture with management

•

Configuration, monitoring & policy mgmt for all SDN

layers

•

OpenFlow switch management

•

SDN controller performance management

•

One application for managing SDN and traditional

environments

1_{Compared with Cisco Nexus 1010 Virtual Services Appliance}

50%

less management

complexity

10X

acceleration of

SDN deployments

Infrastructure

Controller

Applications

IMC SDN Manager

SDN Ar

chit

ectur

e

Industry’s only policy-based network automation tool for the entire network

IMC VAN Resource Automation Manager

•

Network service modeling for

applications and tenants

•

Policy driven resource provisioning from

edge to core

•

Easy to design with drag and drop GUI

•

Service agility for traditional networks

5X

Provisioning Accuracy

Improvement

1_{Compared with Cisco Nexus 1010 Virtual Services Appliance}

200X

Faster Service

Deployment

Core

Switch

Core

Router

Access

Switch

Load

Balancer

Firewall

IPS

App 2

App 3

App 1

Thank you

Demo: