Ridgeline Network and
Service Management
Software
Security Feature Pack 1
Increase Network Availability
Identity Manager role-based access control helps reduce network noise by enabling switches at the network edge to enforce the right policies at the right time and consistently across the network.
Leverage Existing Network Infrastructure
Identity Manager can be used in Ridgeline to deliver a robust network access control solution with existing Summit® and BlackDiamond® 8800 series switches in the network. This increases ROI and can reduce the total cost of ownership.
Reduce Training and Other Overhead
The intuitive user interface and end-to-end workflows help administrators and operators quickly set up, provision, and manage role-based access control policies across the network.
Reduce IT Support Costs
Identity Manager reduces time needed to locate users or devices in the network. Ridgeline network and service management software and the ExtremeXOS network operating system provide extensive information about identities and their locations, which can reduce IT support and troubleshooting time.
Reduce Compliance and Audit Costs
Identity Manager helps to meet compliance requirements for enterprises, and those mandated for agencies and organizations in the federal framework.
The IT and network organizations within enterprises are challenged more than ever to serve users with a diverse set of application and network access requirements based on user or device profiles, location, and presence. The need for the network to understand user and device “presence,” as well as location “awareness” from an identity-oriented approach has become critical as organizational changes rapidly occur and as the workforce becomes more agile.
Network and IT functions are now faced with the challenge of managing network-wide access rights for users in a consistent manner, and ensuring that users have access to the right applications and resources at the right time, and at the right location.
Extreme Networks® Ridgeline Security Feature Pack 1 includes the Identity Manager feature. The Ridgeline Identity Manager working in conjunction with the ExtremeXOS® modular operating system brings user, device, location and presence awareness in networks, and helps in enforcing corporate policies at every network point of entry.
Identity Manager provides network-wide reporting of identities and also helps administrators manage network-wide role-based policies for both users and devices
• The Ridgeline policy manager can be used to create granular policy constructs that can be associated with roles.
• Ridgeline deploys roles along with the match criteria and policies to ExtremeXOS switches in the network.
• The Identity Manager feature in ExtremeXOS discovers identities in the network and places the identities into roles based on the configured match criteria. The policies associated with these roles are also enforced in the switches.
• The identities discovered in the network are reported by ExtremeXOS switches to Ridgeline in real-time along with details such as the role, NetBIOS host name, MAC address, IP ARP binding, etc.
• The Identity Manager feature in Ridgeline provides a real-time view of all identities across the network.
Identity Management – Solution Overview
The need for the network to understand user and device presence, as well as location awareness from an identity-oriented approach has become critical as organization changes occur rapidly and as the workforce becomes more mobile. Network and IT functions are now faced with the challenge of managing network-wide access rights for users in a consistent manner, ensuring that users have access to the right applications and resources at the right time, and at the right location.
Extreme Networks Identity Manager solution offers a comprehensive set of features and tools to help IT managers effectively manage and enforce network-wide role-based access control.
• The Ridgeline Identity Manager provides the management and provisioning functions to create and manage roles that can be used to classify or categorize various users including employees, contractors, guests and others that connect to the organization network.
Ridgeline with
Security Feature Pack 1 Internet
Employees ERP Applications& Data
Contractors Customer Data
Guests Inventory Applications
Edge
1122334455667788991010 131314141515161617171818191920202121222223232424 MGMT = MGMT =FAN =FAN = PSU = PSU = PSU-E = PSU-E = STACK NO 11111212 1122334455667788991010 131314141515161617171818191920202121222223232424 MGMT =MGMT =FAN =FAN =PSU = PSU = PSU-E = PSU-E = STACK NO 11111212 1122334455667788991010 131314141515161617171818191920202121222223232424 MGMT =
MGMT =FAN =FAN =PSU = PSU = PSU-E = PSU-E = STACK NO 11111212 `
Increase Network Availability
The Identity Manager role-based access control helps reduce network noise by enabling switches at the network edge to enforce the right policies at the right time and consistently across the network.
Roles are logical containers into which identities can be placed when they match certain criteria (a set of attributes). The complete set of match criteria that can be used for role definitions is listed below.
Ridgeline provides an easy-to-use and intuitive interface to create, manage and deploy roles to the network.
Complete Role Hierarchy Visualization ID Management Roles Match Criteria Policies Role Configuration Details
Microsoft Active Directory/LDAP Attributes
Attribute Name LDAP Attribute Name Format
City Locality-Name String
Company Company String
Country Country-Name String
Department Department String
Emp-Id Employee-ID String
State State-Or-Province Name String
Title Title String
Email-Id Email-Addresses String
Link Layer Discovery Protocol (LLDP) Attributes
Device Capability Device Manufacturer Device Model Client/Device Attributes MAC Address MAC OUI IP Address
Roles can also be nested to create a role hierarchy to match or customize an organization’s security policy. Policies created using the integrated policy manager in Ridgeline can be attached to the configured roles. The integrated policy manager features an easy-to-use GUI and workflows to define granular policies such as Access Control Lists (ACLs), Quality of Service (QoS) parameters, rate limiting and other capabilities. These
policies can be used to associate with roles. The roles and the associated policies are distributed and synchronized with ExtremeXOS-based switches running Identity Manager. The policies are enforced by the switches when identities are discovered and placed into roles based on the match criteria.
5650-01 Policy Manager Workflows
Define Policies
Craft Policy Rules
Deploy for Identity Manager and Gain Visibility
Network Security and Threat Management
Ridgeline’s Network Security Manager provides a simple yet effective integration with McAfee Network Security Manager (NSM). Ridgeline provides visibility and correlation between malicious users and threats to identities that are managed using the Identity Manager. Ridgeline provides capabilities to collect and parse security violations or threats reported by McAfee NSMs in the network, correlate these threats with identities managed using the Identity Manager, and can apply policies dynamically in the network to mitigate the threat.
Reduce IT Support Costs for Organizations
Identity Manager helps shorten the time taken to locate and troubleshoot the users or devices in the network. In addition, Ridgeline provides extensive information about identities:
• Location by edge switch and port • Authentication method used • Authentication status
• Authorizations (for example, VLAN memberships, currently identified role for the user, etc.)
This can significantly reduce the time taken for IT support personnel to help and troubleshoot problems reported by users.
Meet Compliance and Audit Requirements
Identity Manager can help meet compliance requirements for enterprises, and requirements mandated for agencies and organizations in the federal framework.
• Support for strong EAP types in IEEE 802.1X coupled with role-based
Leverage Existing Network Infrastructure
The Extreme Networks Identity Management solution does not require organizations to replace switches or add other hardware or software products in order to get the role-based access control feature. Ridgeline can work with existing Summit X series and BlackDiamond 8K series switches in the network to deliver a robust network access control. This
Technical Specifications
The Security Feature Pack 1 is an add-on feature pack that can be enabled on Ridgeline-based software release 3.1 or higher with appropriate licensing. Please refer to the “Ordering Information” section for a complete list of part numbers and descriptions.
The Security Feature Pack 1 contains the following features as of Ridgeline 3.1-based software release.
• Identity Management
The following network security platforms can be integrated with the Ridgeline Network Security Manager included in Security Feature Pack 1.
• McAfee Network Security Manager (Version 5.1.17.5)
Identity Management
Technical Specifications
The following table provides the list of ExtremeXOS-based switches that support the Identity Management feature.
Products Extreme Networks OS Requirements Summit X150 series
Summit X250 series Summit X350 series Summit X450e series Summit X450a series Summit X460 series Summit X480 series Summit X650 series
ExtremeXOS 12.5.2 or later
BlackDiamond 8500 series modules ExtremeXOS 12.5.2 or later
BlackDiamond 8800 c-Series modules ExtremeXOS 12.5.2 or later
BlackDiamond 8900 series modules ExtremeXOS 12.5.2 or later
BlackDiamond 8900-xl series modules ExtremeXOS 12.5.2 or later
Ordering Information
Part
Number Name Description
83505 Security FP1 Base-50 Security FP 1 includes the Identity Management feature which provides Role-Based Access Control management capabilities. Provides management capability for 50 network devices. Requires Ridgeline 3.1 Base-50. Key only.
83506 Security FP1 Add 50 Devices Security FP1 Add 50 Devices is a scalability upgrade to provide management capability to an additional 50 network devices. Requires Security FP 1 Base-50. Key only.
83507 Security FP1 Add 250 Devices Security FP1 Add 250 Devices is a scalability upgrade to provide management capability to an additional 250 network devices. Requires Security FP 1 Base-50. Key only.
83508 Security FP1 Up To 2000 Devices Security FP1 Up To 2000 Devices is a scalability upgrade to provide management capability to a maximum of 2000 network devices. Requires Security FP 1 Base-50. Key only.
For the latest Ridgeline-based software product specifications, Security Feature Pack 1 specifications, service packs and evaluation software/licenses, please visit the Ridgeline page on our Website: http://www.extremenetworks.com/go/ridgeline.
