Ako si “utkať ” vlastnú sieť ýchlo, efektívne a bezpečne · deliver secure identity-based access Converges network functionality, security and ... Endpoint Admission Defense

©2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice

Ako si “utkať ” vlastnú sieť pomocou HP rýchlo, efektívne a bezpečne

Peter Dömény 14. 11. 2013

HP Konvergovaná Infraštruktúra Komplexné riešenie iba od HP

Management software

Servers

Power and cooling

Storage

HP Converged Infrastructure

FlexNetwork Architecture

HP Confidential

Architectural Leadership with FlexNetwork

Open Scalable Secure Agile Consistent

FlexFabric FlexCampus FlexBranch

FlexManagement FlexNetwork Architecture

FlexManagement Converges Network Management & Orchestration

3

FlexFabric FlexCampus FlexBranch Converges and secures

data center network, compute, and storage in the physical and virtual

worlds

Converges wired and wireless networks to

deliver secure identity-based access

Converges network functionality, security and

services for simplicity

© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 4

Príklad nasadenia HP produktov

Data Center

Campus

IMC Single Pane-of-Glass Management

FlexFabric 5900

Switch

Access Core Routing

FlexFabric 11900 Switch

FlexFabric 12900 Switch

HSR 6800 Router

C-Class Servers

ProLiant Servers

vSwitch

FlexFabric 5900

vSwitch

IMC

IP phone Desktops

HP 2920 Switch

Tablet Laptop Access Point

HP10500 with Unified Wired-WLAN Module

Core

Branch HP 830 Unified

Switch

Access point PoE+ Desktops

PoE+

IP phone

Tablet

WAN

VAN

RA

M/C

M

VAN

SD

N

UA

M/E

AD

WSM

NTA

/UB

A

Mod

ule…


FlexFabric Flatter, higher-performance, low-latency two-tier networks

FlexManagement Converges Network

Management and Orchestration

FlexFabric Converges and secures


worlds

FlexBranch Converges network

functionality, security and services for simplicity



FlexManagement



FlexCampus Converges wired and wireless networks to

delivery secure identity-based access


HP FlexFabric Portfolio

IMC Service Orchestration

Access

11900 12500

Core

TP Core Controller, vController - S5100N IPS, Security Subscription Services

BladeSystems Virtual Connect

61xx Blade Switch 58X0, 59X0

HSR6800 / 8800

WAN Aggregation

Management Security


FlexCampus Flatter, high-performance, low-latency two-tier networks





worlds





FlexManagement






HP FlexCampus Portfolio

Core Switching HP 10500

Switch Series HP 8200 zl

Switch Series

Access Switching HP 7500

Switch Series HP 5400 zl

Switch Series HP 3800/3500 Switch Series

HP 5500/5120 Switch Series

HP 2920 Switch Series

Wireless HP MSM760 Controllers

HP MSM720 Controllers

HP MSM765zl Mobility Controller

HP MSM430/46x Access Points

Network Management HP Intelligent Management Center

HP 6600 / HSR6600 Router Series

HP 830 PoE+ Unified Wired-WLAN Switch Series

HP 10500/7500 20G Unified Wired-WLAN

Module


FlexBranch Integrated Branch networking, unified management & best-in-class application delivery





worlds





FlexManagement






HP FlexBranch Product Portfolio

Switches

MSM46x

5400 5500 EI/5500 HI 2920 2530

Routers MSR50 MSR30 MSR20 MSR900

Security IPS RF Manager MSR Firewall

Applications

5120 EI

HP Services zl Module

Network Management HP Intelligent Management Center

Wireless

HP MSR OAP VMware Modules

MSR93x


Fault

Alarms Syslog & Trap

Mgr

Configuration

Intelligent Configuration

Center Compliance Center

VLAN & ACL

Manager

Accounting

Network Assets

Performance

Performance Mgmt

Virtual Network

Mgmt

Security

Security Control Center

FCAPS Model

IMC Platform Features

Add-On Modules

Jednotná platforma vystavaná na modulárnej, službovo orientovanej architektúre

IMC – Inteligentné Menežovacie Centrum

Remote Site

Manager

Virtual App

Ntwks Manager

Service Health

Manager

App Perform. Manager

Intelligent Analysis Reporter

User Behavio

r Analyze

r

Service Oper Mgmt

Network Traffic

Analyzer

User Access Manage

r

Endpoint Admission Defense

BIMS

TACACS+

Authent Manager

IPSec VPN Mgr

MPLS VPN Mgr

Wireless

Services Mgr

QoS Mgr

Voice Services Manager

vMon

VYBRANÉ ZAUJÍMAVOSTI

13

-  IRF delivers design simplicity and protocol consistency at each layer/platform

-  Common platform OS and NMS further simplify configuration and support

-  Active/Active 10 GbE stack and server links delivers scalable performance and highest levels of network resiliency

Intelligent Resilient Framework

Access

Core/Distribution vPC ?

VSS ?

Stackwise ?

VRRP ?

PVST/RSTP ?

STP/MSTP ?

-  Legacy vendors offers a patchwork HA and platform virtualization options

-  Technology/protocols vary based on network layer, switch type and I/O module type

-  Configuration intensive design yields complexity and uncertain reliability

Legacy Vendor Design HP IRF Design

IRF

§  Any link failure will cause topology change ü  Link failure will not cause topology change

HP FlexFabric Data Center Design

FlexFabric Virtualization Optimized Design

Rack servers Blade servers

Legacy Architecture

High-performance 4-chassis virtualized core

Rack servers

Blade servers

IRF

IRF Virtual

Connect

80% performance increase in vMotion 500x faster recovery time 2x network performance

6500

6500/4500

3750/4900

7000 6500

5000 2000

HP 6125G and HP 6125G/XG

•  Same cables, optics and modulesUpdated ASIC

•  More memory, more resilient than previous blade switchesomain

•  Multiple switches in single domain - across enclosure, rack or DC

•  Distributed trunking and failover across group members

•  Redundancy across the enclosure midplane •  Single virtual switch with one IP address

•  Single interface for all HP Networking switches.

Network Security •  FIPS 140-2 •  IPSec •  IKE

New


WiFi - Flexible forwarding options

Centralized forwarding •  All traffic is send through module for processing

Local forwarding mode (distributed) •  The module authenticates wireless clients and

APs and the APs forwards data traffic •  Alleviates the workload of the AC and reduces

latency without compromising security and management

•  For enterprises with branch offices, modules at headquarters are configured in distributed mode

•  Authenticated client have local access in case connectivity to controller is lost

Access Points

Controller

Access Switch

Corporate Network

Access Points

Controller

Access Switch

Corporate Network

Centralized Local forwarding


FlexBranch – Virtualized zl service modules Decreasing branch application time to service

•  Simplifies branch, creates flexibility & agility •  Hosts market leading hypervisors in a

switch

•  Supports all virtualized network services

HP 5400zl switches 43% reduction in space

21% reduction in cost

57% lower power consumption


AllianceONE solutions Partner Tier Applications

•  Microsoft Lync Survivable Branch Module* •  IP Phones Optimized for Microsoft Lync

•  Aastra MX-ONE

•  HP Networking Certified: Rich Media Communications RMC

•  Multiple DevConnect certification for routing gateways, networking and security (SBC) with Aura, IP Office and Avaya IP end point devices*

•  Citrix NetScaler VPX •  Xen Server

•  vSphere

•  F5 BigIP Appliance

•  Riverbed SteelHead RiOS Application*

•  AeroScout RTLS Solutions

•  AirTight SpectraGuard Enterprise

•  Ekahau Real Time Location System (RTLS)

•  .vtFW|zl1: vantronix FireWall •  .vtRT|zl1: vantronix BGP Edge Routing


-  Vulnerability Awareness -  Vulnerability Scanning -  Source Code Analysis -  Software Security Assurance

Hybrid Cloud PaaS

SaaS

APP

IaaS

Division A

Finance

Division B Division A

Private Cloud

Public Cloud

-  Proactive Defense -  Flexible Security-Zone Segmentation -  Well-Known- and

Zero-Day-Exploit Protection -  Adaptive Network Defense

-  Visibility -  Security-Information and Event

Management System -  Event Correlation -  Context-Visibility

Collect Consolidate

Correlate HP Security Intelligence Platform


TippingPoint Next Gen Firewall (NGFW) Series

•  Simple to configure and install with centralized management

•  Effective security based on industry leading security intelligence with weekly DVLabs updates

•  Reliable with (seven 9s) network uptime track record

•  Inline deployment without affecting network performance

Provides visibility and control across application, device and data threat vectors

Over 2,650 security researchers

99.99999% network uptime track

record

7,400 filters of network protection

TippingPoint NGFW S1050F

TippingPoint NGFW S3010F/S3020F

TippingPoint NGFW S8010F/S8005F

Over 2,650 security researchers

ĎAKUJEM ZA POZORNOSŤ

Leadership from edge to the data center core

HP Networking

FlexManagement • Network Node Manager • Operations Automation and Orchestration • Operations Center

• Intelligent Management Center Services

FlexFabric CORE ROUTING AGGREGATION EDGE/SERVER ACCESS SECURITY

FlexBranch SWITCHING WIRELESS SECURITY ROUTING

FlexCampus CORE ROUTING AGGREGATION EDGE SECURITY WIRELESS

HP Confidential 22

© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.

Ako to vyzerá?

HP 5920AF-24XG

5900AF-48XG-4QSFP

11908 12910, 12916

5930AF


MSM466



HP MSM765zl Mobility Controller

HP MSM430/46x Access Points

HP 830 PoE+ Unified Wired-WLAN Switch Series

HP 10500/7500 20G Unified Wired-WLAN Module

Documents

Ako si “utkať ” vlastnú sieť ýchlo, efektívne a bezpečne · deliver secure identity-based access Converges network functionality, security and ... Endpoint Admission Defense