Tb2053 vukson ballarat_grammar_final
Upcoming SlideShare
Loading in...5
×
 

Tb2053 vukson ballarat_grammar_final

on

  • 1,330 views

 

Statistics

Views

Total Views
1,330
Views on SlideShare
1,330
Embed Views
0

Actions

Likes
0
Downloads
69
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment
  • HP commissioned this report. Any solution should meet these 3 most wanted requirements.
  • Enterprise will need to adopt one of the four strategies based on their business unit needs, and IT policy. Disregard, and block is no longer effective.A comprehensive solution should be able to support Embrace, Contain and Block.The Contain strategy will be relevant for most mainstream organizations. As noted in the followingsections, the Block strategy is too draconian, and the Embrace strategy represents a huge culturalshift that adds technical and operational complexity. A Contain strategy will satisfy the needs ofmost organizations and give them the time to architect effective plans to migrate to an Embracestrategy. A Disregard strategy equates to ignoring the presence of personally owned devices in acorporate environment. This is a poor choice, and organizations that adopt a Disregard strategydon't make any policy or technology changes. In the sections below, we focus on how networkmanagers can use NAC to adopt Contain, Embrace and Block strategies.
  • Our view of the main building blocks based on what we hear from the customers and analysts.Reemphasize the three most wanted at the bottom.
  • Our view of the main building blocks based on what we hear from the customers and analysts.Reemphasize the three most wanted at the bottom.
  • Our view of the main building blocks based on what we hear from the customers and analysts.Reemphasize the three most wanted at the bottom.
  • HP offers a comprehensive BYOD solution that includes:Secure user authentication AND advanced device profilingEnable seamless policy enforcement based on user and/or deviceCustomizable analysis and reporting of BYOD trafficSolution Availability:Fall 2012 (October 2012)HP Advantages:Universal policy for all devices on both wired and wireless network;Comprehensive BYOD traffic and user behavior analysis and reporting;Single Pane-of-Glass Future enhancements:Time and location aware onboarding;Live BYOD traffic quarantine to keep malware infected nodes off the network; (Tippingpoint integration)Device level application control for enhanced resource access security. (F5 integration)
  • Emphasize One Network, BYOD capable
  • Centralized Access ControlThe optimized WLAN architecture allows control over how the wireless traffic is controlled and distributed onto the wired network. For example, the MSM APs can send wireless traffic to the controller for handling, or the APs can forward traffic directly onto the wired network. This decision must be made for each VSC (or WLAN) that will be configured. For some VSCs, the MSM Controller can handle the traffic. For other VSCs, the MSM APs can forward the traffic directly onto the wired network.This configuration is often referred to as centralized access control because all decisions regarding each user’s access are handled by the MSM Controller. The MSM AP forwards the users’ traffic to the Controller, and the Controller sends it onto its final destination. Distributed ForwardingIt allows performance to be easily scaled by combining the benefits of centralized management with the benefits of intelligent APs at the edge.It is ideal for 802.11n deployments, in which high-speed wireless connectivity generates a great deal of traffic. Because each AP forwards traffic independently, the traffic is distributed across multiple points. The wired network more easily handles the additional traffic, and users experience the full benefit of 802.11n. This is a great advantage that HP WLAN has over competitors. In this model, traffic is not required to pass through the controller. The benfefits include: the controller is not a single point of failure; there is less traffic on your network backbone.Distributed forwarding with centralized authentication. APs forward all traffic related to the authentication process to the controller for handling. In other words, the controller acts as the authenticator in the 802.1X process.
  • The HP WLAN solution is a full feature solution that includes controllers, access points that can run in both autonomous (FAT) and Controlled modes, management and security.We’ll take a look at each of these in a little more detail.
  • Virtual application networks enable the cloud. They allow us to deliver new applications in minutes, rather than weeks. They allow us to tune the network to the delivery requirements of the application, virtualize the network end to end, make it programmable, allow it to be multi-tenant, allow it to move the applications from the data center to the users. It allows IT to manage network with policy rather than with CLIN scripts. This is beginning of the end of the CLI. We defined a new operating model for the network administrator and we’ve done that on top of a single pane of glass network management for both the physical and the virtual network – the Intelligent Management Center. We continue to ensure choice and flexibility using open standards approaches in the FlexNetwork architecture, the blue print for delivering virtual application networks.

Tb2053 vukson ballarat_grammar_final Tb2053 vukson ballarat_grammar_final Presentation Transcript

  • © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
  • Ballarat GrammarChanging the way we learnJoe Vukson (HP) and Greg Bell (Ballarat Grammar) , 2012© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
  • Bring Your Own Device Cannot Be IgnoredOver Approximately Only90% 4.5 billion 34% net-new growth in device personal client devices of CIOs think employees are adoption in the coming four will be on the network in accessing the network with years represented by 20152 personal devices3 smartphones and tablets1Impact on IT staff Pervasive mobility Employee-owned IT personalization1 Gartner: Gartner’s Top Predictions for IT Organizations and Users, 2012 and Beyond: Control Slips Away (23 November 2011)2 IDC: The Empowered IT User: How Individuals Are Using Technology and Redefining IT (March 2012)3 IDC White paper sponsored by Unisys, 2011 Consumerization of IT Study: Closing the “Consumerization Gap” July 20113 © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
  • Top Three Most Wanted BYOD Capabilities SANS Mobility/BYOD Security Survey March 20124 © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
  • Implementation strategies for BYOD Implementation strategies for BYOD embrace or contain? High • There is a need to treat the traffic differently depending on who/what/when/where • Determine if the device is company issued or employee owned • Identify solutions that work support both client Value to access control software and clientless devices business • Implement posture checking, remediation and remote wiping • Define and deploy security policies at the network Low access layer Low High Security “pressure”Source: Gartner: NAC Strategies for Supporting BYOD Environments (22 December 2011) 5 © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
  • Access Control Technologies User Authentication Device Authentication Device Health6 © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
  • Legacy Networks Limit BYOD Adoption Designed for IT-managed endpoints with one user and location Endpoint dependent type and prohibit employee personalization Architected for a well-defined network perimeter, elevating Insecure network IT risk from mobile devices Multiple, disaggregated consoles and a dependency on CLI and CLI-based management scripting slow service provisioning, increase errors, and introduce security risk Designed for wired Designed for 3-tier networks where wireless was optional8 © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
  • Ensuring Wired & Wireless Networks are Ready for BYODPrimary building blocks for an effective BYOD solution Identity-aware access Unified network support Monitor and control • User credential and device • Seamless wired and wireless • Device level application visibility based identity policy and reporting • Simple and secure on-boarding • Increased wireless client range • Ability to quarantine and process and density support blacklist malware infected client • AAA support for compliance • Higher wired aggregation • Enhanced security for sensitive bandwidth applications A BYOD solution must be easy to deploy with centralized management, visibility and control9 © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
  • HP BYOD Delivers Identification and control of any device, wired or wireless, IT- Device agnostic issued or personal Assured security for network and application access for users Secure regardless of their location Simplified orchestration for unified wired and wireless networks Unified orchestration with single pane-of-glass management Optimized for wireless Simpler network designs for assured scalability of wireless LANs10 © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
  • “We want all of our studentsonline, all of the time…providingthe best access we can, whileenforcing school policy! ”Ballarat GrammarBallarat, Australia© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
  • Ballarat GrammarBallarat, Australia • 1300 students K-12 • 250 boarders • 20 staff live on campus • 500 desktops, 120 tables, 800 netbooks • BYOD – student/staff owned devices (iOS, Android, webOS, Wintel, Mac)12 © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
  • Ballarat GrammarAchievements as a school • 2011 Academic Achievement Honors • Achieved 82.75 Median ATAR score • 55% of all Ballarat Grammar students achieving ATAR’s over 80 (in Australia’s top 20% scores) • 13 students achieving ATAR’s over 9713 © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
  • Ballarat GrammarHighest achievement of an individual student Ashray Rajagopalans ATAR of 98.8 was the highest score across all schools in region. At 16 he has: • Completed his VCE studies in Chemistry, Physics, Specialist Mathematics, Mathematical Methods, and French. • Completed Mathematics Extension at Monash University with High Distinctions. • He plays violin and piano • Co-convenor of Grammar’s Round Square Environment Committee and Amnesty International Focus Group.14 © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
  • Changing the Way We LearnEnabling access for all devices Staff devices Student devices Guest devices • 120 managed mobile devices • 800+ managed mobile devices • Any device wired and wireless • 400+ managed desktop devices • Wireless only • 70+ managed desktop devices • 1000+ unmanaged devices • Access to internet & print • 100+ unmanaged wireless devices • 120+ Mittel IP phonesA BYOD solution must be easy to deploy with centralized management, visibility and control15 © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
  • Changing the Way We LearnEnabling access for all devices Management: IDM Solution: SNAC The result • 802.1X (EAPTLS and PEAP) AD • Student BYOD • NAC on every edge switch port groups for • Mittel IP phones • One wireless network • Staff User accounts • Xerox MDF’s • Flexibility • Student desktop computers • Other network devices • Full reporting • Student netbooksA BYOD solution must be easy to deploy with centralized management, visibility and control16 © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
  • “We worked with Fotios, our HPNSolution Architect, who gave us asuperb production solution, thatmade IDM work harder to give usexactly what we need to manageevery device on the network”Greg Bell, Ballarat Grammar© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
  • Unified BYOD SolutionUser, network, security and application policy management • Secure network access for user-owned devices On-boarding • Highly secure client control • Self registration for client-owned • Unified wired and wireless management Provisioning • Consistent device policy management • Network policy mapped to user profiles Monitoring • Unified monitoring and application access • User and traffic analysis • Integrated compliance management18 © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
  • BYOD Solution ArchitectureOrchestrating user-to-network-to-application On-boarding Provisioning Monitoring User registration Policy enforcement Traffic and User Device profiling based on level of trust behavior Analysis Authentication Authorization Audit Network Device agnostic agnostic Employee Guest Location Time aware aware User security Traffic User User check monitoring behavior Self-service19 © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
  • Simplicity is What the Students See20 © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
  • BYOD Administrative Process Is your device Who are you? compliant? Assigned to VAN Identity Device Authorization Corporate authentication authentication Clean Authorized user network 1 2 3 Behavior monitoring I’d like Unclean 4 access. Quarantine area Ongoing compliance management21 © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
  • Single Pane-of-glass ManagementCombined infrastructure and access management for BYOD, wired and wireless • Seamless wired and wireless network management • BYOD user and device management • Security policy provisioning and enforcement • Network traffic monitoring • User behavior analysis by user and device type • Posture check and agent control22 © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
  • Delivering BYOD with Intelligent Management CenterAccess control and security management without compromise Add-on Modules User Endpoint Security mgmt. Access Access Authentication Manager Defense Provisioning IMC Platform IMC security control center Threat mgmt.23 © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
  • IMC – integrated endpoint securityCombined infrastructure and access management • Combines access control modules with network management capabilities User Access • Provides single tool for setting security Manager (UAM) Endpoint policies and viewing user behavior Admission Defense (EAD) • Transparent monitoring User Behavior Analysis (UBA) • Provides value-add modules for setting Desktop Asset Management and enforcing endpoint security (DAM) Optional: Inode • Tailor solutions with value-add modules persistent or dissolvable client24 © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
  • HP IMC Security Suite – Unified Access Manager • Integrated and collaborative User • Unified network and user policy management, from the device to the data center Access • Pervasive security • Heterogeneous device support Manager • Client-based and clientless device authentication • Greater visibility and control • Stricter access control through policy options • Blacklist, resource and bandwidth monitoring and logging • Scalable services • Native interoperability between modules (e.g., ACL mgr, user behavior analysis module) • Works with 3rd party “push” software25 © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
  • HP IMC Security Suite – Intelligent Threat Defense • Control of who and what’s on your network Endpoint • Heterogeneous support for both user and network devices • Granular controls of both users and groups Access • Client-based and clientless device authentication Defense • Simple and granular management • Multiple configurable policy options • Blacklist, resource and bandwidth monitoring, logging • Easy to use interface with robust access • Complete module interoperability • Works with 3rd party “push” software • Management of users, policy, devices in one place • Role and group configurable provisioning • Flexible deployment and management options26 © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
  • Enabling Guest Access • Allows authorized employees to enable guest user access • Frees IT staff to concentrate on strategic tasks • Designed to be operated by non- technical staff • Temporary credentials self destruct on expiration • Can be used to create printable vouchers • Included with controller purchase27 © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
  • HP Converged Wired and Wireless Infrastructure • Leading wireless solution • Deliver near gigabit-speed connect rates to Wi-Fi client • Optimized architecture eliminating bottlenecks • 3 spatial stream dual-radio APs offer greater density • Advanced spectrum management with band steering • Next generation core for campus • Up to 6336 Wireless-N APs at line-rate vs 1012 on Cisco • Stream the entire Netflix library - simultaneously • Over 240K simultaneous 1080p video-conferences • HP IRF for simpler, flatter, more agile networks28 © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
  • HP Mobility Leadership and Innovation Key Milestones Details #2 Worldwide vendor in Wireless LAN shipments • 773,000+ units shipped globally in CY2011 Optimized architecture – part of FlexNetwork - • Maximum flexibility in supporting mobile business applications today and in the future at the lowest TCO FlexCampus, FlexBranch – IMC (Intelligent • Intelligence is pushed from the mobility controller to the AP. Centralized or Management Center with IDM (Identity Driven Distributed traffic capability – fault protection Manager) plug in. • First in the industry to offer near Gigabit Ethernet (Dual 450Mb/s radios) MSM460/466/466-R WLAN client access • First in the industry to offer a multi function communication access device – MSM317 wireless & wired port connectivity, Telco connection, PoE pass through port • In-room solution delivering advanced IP services Multi-media application support • Multicast patent, Application based QoS • Maximum threat detection with the lowest number of false positives (RF Industry leading Wireless Security (IDS/IPS) Manager + MSM415 dedicated sensors)29 © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
  • Optimized WLAN Architecture Distributed forwarding Centralized access control Distributed forwarding with centralized authentication MSM MSM MSM controller controller controller Corporate Corporate Corporate network network network Access Access Access switch switch switch Access Access Access points points points Authentication Traffic User Traffic30 © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
  • Wireless Management Delivers unified wired and wireless management with Wireless Services Manager (WSM) from one platform Mary Discover wireless access points (AP) and MAC: 00:24:d6:94:d7:52 connected clients Who’s connected? Ensure consistency with AP configuration backup Map your wireless network • How the wireless access points is connected? • Where wireless devices are physically located? Develop a more effective wireless network with heat map capabilities Where are How strong your APs? are the APs?31 © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
  • Mobility Portfolio Infrastructure Control Controllers Access points Management, WLAN Bridges Security MSM 765zl Controller MSM400 Series Mobility Manager 3.0 RF Manager 6.0 40-200 AP’s and 2000 Guests Single & Dual Radio 11n 3x3, PoE Device Management Tool Wireless IDS/IPS for A & series MSM 760 Controller MSM 317 RF Planner 5.0 MSM 415 RF Sensor 40-200 AP’s and 2000 Guests Single Radio 11b/g, Wall Jack, PoE Frequency coverage planning tool RF Security Sensor a/b/g/n, PoE MSM720 Controller MSM300 Series Client Bridge Guest Management Software 10-40 APs and 250 Guests Single, Dual & Triple Radio 11a/b/g, PoE Client Bridge a/b/g Guest Access and Control MSM 710 Controller MSM100 Series Outdoor Bridge IDM Identity Driven Manager 10 AP’s and 100 Guests Single Radio, Indoor, PoE Dual Radio Outdoor Bridge a/b/g/n Access Control Policy Management32 © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
  • Creating Device & Access-agnostic NetworksUnified BYOD solution with HP and F5 Coming Soon • HP Intelligent Management Center • Integrated network and user policy management On-boarding • Unified wired and wireless network management • Unified Access Manager (UAM) • Endpoint Admission Defense (EAD) • Secure client for Windows, Linux, MacOS (iNode) Provisioning • Post-admission network behavior monitoring (UBA) • F5 BigIP • Integrated application access control • End-point inspection and compliance management Monitoring • Context aware ACLs BYOD • Full proxy services (Exchange, VDI, etc) • SSL VPN client for Android, iOS, BB, Win, MacOS, Linux Single pane-of-glass management with IMC33 © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
  • Enable BYOD with Virtual Application NetworksDevice and network agnostic access for any user Unified user policy, network and application access control Seamless on-boarding for any device Simplified provisioning minimizes disruption in user productivity Single pane-of-glass management for wired and wireless Ensure choice with open, standards-based approach34 © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
  • Thank you© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.