Czy potrzeba nam super-bohatera, żeby naprawić sieć? Andrzej Sawicki Architekt Rozwiązań Sieciowych 6.11.2014
Prognoza IT 2014
Wyzwania trendu BYOD Wielokrotnie więcej urządzeń w sieci Brak dodatkowych ludzi w IT do zarządzania Wiele różnych platform i systemów operacyjnych Brak kontroli nad bezpieczeństwem Objective: Need to deliver & support BYOD poses some serious challenges for the business & specifically IT. There are just too many devices to support, too many form factors, too many operating systems to support. Do customers restrict the kinds of devices? Do they recommend a list of supported devices? Which devices to support? Which operating system to support? Different devices have different chipsets, ASICs, electronics having different performance capabilities leading to dropped connections or slow responses. Think about all variable that IT is faced with – is it a permanent employee? Or a contractor? Or a guest?, are they accessing on company owned or user owned devices? Are they accessing wired network or wireless network. So many simultaneous data points to consider. Biggest apprehension and concern stems from security needs. How do I know who is accessing and it is a legitimate device? How do I ensure security policies are enforced. The right user getting access to right access to corporate resources. Do these devices comply with minimum company defined policies. How do I know there is no malware on that personal device. A key consideration especially in highly regulated industries like finance, healthcare and retail is – does IT have the tools monitor and manage to complying with regulatory requirements?
Przestarzałe sieci ograniczają wdrażanie modelu BYOD Skomplikowane, zagrożone, trudno-zarządzalne Warstwa pośrednicząca - Administratorzy Odrębne sieci i zarządzanie Technologie BYOD LAN WLAN Objective: Show to the customer the challenges for enabling connectivity for BYOD; Speech: Prosumers are accessing the network with multiple devices, unbeknownst to IT, bring upon challenges with implementing an onboarding process that keeps the network secure. There is a need to enable secure access to the network for any personal device with the appropriate user policies in a simple, automated way and one that provides the visibility to usage including potential threats. Separate wired and wireless networks, architecture and management require additional separate infrastructure hardware to meet scale, thereby increasing management, maintenance overhead. Configuring the network requires manual device by device interaction by IT staff – or human middleware that adds to complexity. Networks also vulnerable to threats as more and more devices connect to the network. The combination of complexity and new entry points increases risks and makes the network vulnerable to attack.
Trzy najbardziej pożądane cechy rozwiązania BYOD Funkcjonalność narzędzi Scentralizowana funkcjonalność Logowanie, monitorowanie i raportowanie Łatwość wdrożenia SANS Mobility/BYOD Security Survey March 2012 Objective: Plethora of devices, security and user experience pose significant challenges. To enable BYOD what is IT screaming for help? Let us look at the IT requirements to implement BYOD This HP commissioned study gives a glimpse into IT requirements. Let us look at the top 3. Centralized functionality – IT does not want to have multiple authentication, authorization databases. They want to utilize their existing LDAP/Radius/directory services to authenticate. They want to define user policies in one centralized system to maintain integrity of the policies. No matter how the user accesses, wired, wireless, inside the campus, outside the network, personal device or company owned devices. Second, Logging & monitoring – BYOD is not just about allowing secure access, it is not just about connectivity. IT wants to track user behavior, monitor traffic, bandwidth consumption, have visibility to the application level. Be able to report. The regulatory compliance requires ability to audit usage & access. Third, Make it easy to deploy – BYOD is just on small piece of the puzzle that IT has to deal with every day. Make it easy, make it fit into the existing infrastructure. not another overlay solution but an integrated system.
Rachunek zysków i strat IT/Super-bohater Czy będzie nas na to stać? Czy nie spowoduje to za dużo szumu wokół nas? Co się stanie jak on już sobie pojedzie? Gdzie będzie nocował? Czy to w pełni legalne? Kto wystawi nam fakturę? Kto podejmie się kierowania takim projektem?
HP IMC – Intelligent Management Center
Trzy fazy modelu BYOD HP Intelligent Management Center – Rozwiązanie dla BYOD Onboarding Provisioning Monitoring Identyfikacja urządzenia i użytkownika Określenie praw dostępu Wdrożenie zadanej polityki Niezależnie od lokalizacji Kwarantanna urządzeń z wykrytymi zagrożeniami Wspólne zarządzanie (LAN, WLAN) Integracja z systemami MDM oraz IDS
Sieciowy system operacyjny Model SDN Software Defined Networking (SDN) Nowa architektura sieci Oddzielenie części kontrolnej od sprzętu przetwarzającego ruch sieciowy. Warstwa przełączająca zdefiniowana poprzez scentralizowany kontroler (zespół kontrolerów) OpenFlow Standardowy protokół używany pomiędzy warstwą kontrolną i przełączającą Aplikacje Umożliwiają tworzenie innowacji Aplikacje Sieciowy system operacyjny SDN Oderwanie logiki Sprzęt Warstwa abstrakcji (HAL) Źródło: ONF Forum
Ewolucja architektury serwerowej Innowacja! App App App … Własne aplikacje Standardowe interfejsy i języki programowania Standardowe Systemy Operacyjne (Linux, Windows, etc) Własne systemy operacyjne Standardowe interfejsy Standardowe systemy Intel x86 Własny sprzęt
Historia lubi się powtarzać Innowacja! Funkcjonalności sieciowe MCast Routing QoS … Zastrzeżone Funkcjonalności OS’u Otwarte interfejsy i języki programowania Scentralizowana warstwa zarządzająca Zastrzeżony OS Standardowe interfejsy i protokoły kontrolne Standardowe „programowalne” systemy Zastrzeżony sprzęt
HP Networking - Rozwiązania SDN dla Campus LAN Zarządzanie IMC VAN Resource Automation Manager Architektura SDN Aplikacje Network Protector App Network Optimizer App Kontrola VAN SDN Controller Infrastruktura 2920,3500, 3800,5400, 5500, 5900, 10500 HP has implemented the openflow standard in our products to enable programmatic control of the infrastructure layer of the SDN architecture which includes the physical underlying Hardware of your network The control element resides into the HP VAN SDN controller with intelligence to automate and program the network. It allows central administration and enforcement of central policies across the network. At the Application layer, orchestration of the network is automated using templates with defined user’s service levels and policies for dynamic application delivery. These applications will directly program the network though the control layer using defined APIs. HP VAN framework further enables SDN by providing many management and orchestration of thr physical and virtual network though a single pane of glass that cross all 3 layers of the SDN architecture. Leveraging the Intelligent Management Center (IMC), and the Virtual Application Network Manager
SDN App Store
SDN a bezpieczeństwo BYOD HP Network Protector SDN App. Architektura SDN Aplikacja Bezpieczny BYOD Idealny wgląd Uzupełnia aplikacje AV HP Network Portector App RepDV Database Kontrola VAN SDN Controller Infrastruktura Malicious-site.com Finally, we have our Sentinel Security Application that we announced late last year. This application has already been deployed by several customers including HBO that we shared several months ago. The Sentinel Security application works by instructing the HP Virtual Application Networks SDN controller to program the access layer switches using OpenFlow to intercept malicious traffic by working with HP TippingPoint RepDV Reputation Database. The RepDV database contains information of over 1 Million botnet, malware and spyware sites. As you can imagine in a BYOD world, the risk of botnet threats and malware exploits are greater than ever. As they connect to the enterprise network, you want to be able to immediately detect this kind of network activity and throttle that behavior before infection spreads.
Nowe możliwości dzięki SDN dla BYOD System HP Location Aware w oparciu o SDN (lokalizacja w sieci Wi-Fi) Pozwala podejmować decyzje w oparciu o dokładne dane o lokalizacji wewnątrz budynków, z dokładnością około 2m. Pozwala na uruchomienie nowych usług, takich jak nawigacja wewnątrz budynków, śledzenie zasobów, monitoring Uproszczone wdrożenie – nie wymaga dodatkowego sprzętu ani oprogramowania klienckiego, działa na kontrolerze HP SDN Nawet 60% większa dokładność1 Nie wymaga dodatkowego sprzętu2 Bullets: We talked about unified polices, cloud-manage and SDN-enabled Unified Wired & Wireless Solutions – how do we help customers unlock value from this? With HP’s new Location Aware SDN application that offers accurate indoor location of mobile devices up to 2 meters – and delivering up to 60% more precision versus competing non-SDN-based solutions By leveraging the intelligence from the network – we are opening the door for new business models and new applications that can generate revenue Traditional systems require more infrastructure, survey, poor accuracy New location-based SDN app integrated with VAN SDN controller is designed to help businesses and institutions capitalize on existing infrastructure by transforming the Wi-Fi networks they already maintain into revenue-generating vehicles. The technology isn't limited to increasing focused advertising for retailers but it can also empower businesses to make more granular location decision within a given space. For example you can build an app to find a laptop you forgot in a conference room give the granularity of 2 meters… Many applications currently use GPS to provide location-based services but such approaches only work well outdoors; because GPS can't reliably triangulate a user's position within indoor venues, and more granular location is required. 1,2 Based on HP Internal testing
Pełne rozwiązanie Bring Your Own Device (BYOD) Proste, skalowalne, bezpieczne Software-Defined Networking (SDN) Zunifikowane zarządzanie LAN/WLAN Management Infrastructure Layer SDN Architecture Control Layer Application Technologie BYOD Monitoring Provisioning On-boarding Objective: Overview about Unified Bring Your Own Device (BYOD) Solution to enable connectivity. Speech: HP has taken a holistic approach to solving BYOD challenges by offering a broad solution that goes beyond secure access to the network. HP Unified BYOD solution is the industry’s only complete solution that delivers BYOD essentials such as secure device on-boarding and provisioning through single management application. This solution goes beyond BYOD essentials by delivering unified wired and wireless management and switching platforms that creates a single network for wired as well as wireless connectivity. This solution provides clients a simple, scalable and secure network that is also ready for Software-defined Networking (SDN).
Jakie korzyści z wdrożenia modelu BYOD z HP? Lepsze postrzeganie IT przez biznes Lepsze postrzeganie IT przez pracowników firmy Większa kontrola nad tym, co dzieje się w infrastrukturze Większe bezpieczeństwo Automatyzacja w obszarze sieci Możliwość uruchamiania innowacyjnych usług w modelu SDN Mniejszy nakład pracy da działów IT
hp.com/networking/imctrial Wypróbuj hp.com/networking/imctrial