Aerohive Networks e ZScaler, le soluzioni tecnologiche per il nuovo ecosistema mobile


Published on

Published in: Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • Users want to WORK anywhere on any device You want to let them without drowning in complexity or compromising security, reliability and affordability. YesterdayCorp deployed enterprise devices desktop, laptop, handsets, scannersWLAN overlay coverage, convenience, HQ orientatedNetwork centric policy based on rigid, port/VLAN & SSIDMonolithic “Build it and they will come” scalabilityTodayCorp / BYOD enterprise / consumer devices laptop, smart phone, tablet, Apple TVs, “AirPrint” PrintersUbiquitous Wi-Fi Access capacity, performance, mission-critical, extended enterpriseUser Centric Consistent policy based on identity, role, contextElasticPay for what you need - leverage the cloudAerohive gives you the ability to achieve this simpli-fi-ing enterprise networking by delivering a self organizing, service aware, identity based infrastructure.
  • Aerohive Networks e ZScaler, le soluzioni tecnologiche per il nuovo ecosistema mobile

    1. 1. Le soluzioni tecnologiche per il nuovoecosistema Mobile:Aerohive Networks e ZScalerMartedì, 28 Maggio 2013
    2. 2. Miriade Spa, società di consulenza informatica con sede a Thiene (VI),pone al centro della propria attività il patrimonio informativo delleimprese, fornendo soluzioni per la protezione, lintegrazione e lanalisi deidati aziendali. Lazienda fondata nel 2000 ha un organico di 35dipendenti.La geometria aziendale è articolata in 6 aree tecniche: Architecture,Intelligence +, Database, Development, Cloud, Mobility. Tra le diverserealtà con le quali collaboriamo segnaliamo: Diesel, Benetton,Calzedonia, Tecnica, Lotto.
    3. 3. Simpli-Fi Enterprise Networking
    4. 4. © 2012 Aerohive Networks CONFIDENTIALIntroduction to Aerohive:4• Visionary Network Infrastructure Company› Cloud-enabled, Controller-less Wi-Fi,Routing, VPN, Switching› 5000+ Customers› 350+ Employees› Most Visionary Vendor - Gartner MQfor Wired & Wireless LAN 2012Branch & TeleworkerRoutersEnterprise Wi-FiCloud Services PlatformPublic Partner Private(on-premise)EducationEnterpriseHealthcare Retail LogisticsSwitches
    5. 5. © 2012 Aerohive Networks CONFIDENTIALNew Requirements of the Network Edge5Users want to work anywhere, on any deviceYou need to enable them, without drowning in complexity$XYesterday Today• Corp deployed enterprise devices• WLAN overlay• Network centric• Monolithic• Corp / BYOD enterprise / consumer devices• Ubiquitous Wi-Fi Access• User Centric• ElasticCloud-enabled, self organizing, service aware, identity-based infrastructureAerohive Networks - Simpli-fi Enterprise Networking
    6. 6. © 2012 Aerohive Networks CONFIDENTIALEnterprise Deployments6HQ RetailEduiPad1:1Faculty,GuestsApple TVsBranchUnified Wired, Wi-Fi, VPN, FWVirtualized Mgmt &VPN TerminationWi-Fi Primary AccessGuest, Corp, BYOD Guest, Corp,BYODTeleworkerWork, Home, 4G,Cloud SecurityCredit Cards. PCI,Inventory, Voice, KiosksLogisticsCoverage, Reliability,Voice Picking, OutdoorHealthcareEMR, eMAR, AssetTracking, Voice MessagingHigh Density, AD integration, Bonjour, Ease of UseCloud-enabledData CenterPerformance, Receive Sensitivity, MDM enrollment
    7. 7. © 2012 Aerohive Networks CONFIDENTIALNo data bottlenecksService Level AgreementsQoS & Spectrum analysis includedDistributed (Controller-less) Wi-Fi ArchitectureDelivering simplicity, reliability and affordability7ManagementRedundancyScalability and future proofingPerformanceCentralized cloud-based orLocal managementManagement within thenetwork onlyNo single point of failureSelf healing mesh architectureNo controller taxRequires multiple controllersLocal data forwarding..whatdo you lose?No feature licensingStart small and growDistributed intelligenceController capacity?Feature licenses?Data bottlenecksQoS, Spectrum analysis..$$$(FW, RADIUS, CWP, BYOD, Bonjour GW)How does it work? Architectural Alternatives Central Vs. Distrib. Control
    8. 8. © 2012 Aerohive Networks CONFIDENTIALHow does it work?8A single HiveAP by itself acts asa full-featured enterprise classaccess pointIdentity-based security, including statefulinspection FW, rogue detection & mitigationAirtime Scheduling, SLA compliance and localforwarding implemented at the edgeHiveAPs are discovered,policy is pushed and theWLAN is operationalHiveManager is a single mgmt interfacefor configuration, OS updates &monitoring of thousands of devicesWith a second HiveAP, faststateful roaming,cooperative RF, stationload balancing andseamless resiliency areenabledMesh networking and bestpath forwarding can beused for extra resiliencyand reachabilityDynamically reroutes aroundfailuresAs more HiveAPs areadded, coverage,reliability and backhaulbandwidth increasesCooperative RF powerlevels minimizeco-channel interferenceWith Cooperative Control,clients can securelyand seamlessly roamacross the WLANDynamic best pathforwarding and statefulroaming providesresiliency without a singlepoint of failureWith Cooperative Control,clients can securelyand seamlessly roamacross the WLANWirelessNetworkWiredNetworkHiveManager NMSReporting HeatMapsSLACompliancePolicyConfiguration
    9. 9. © 2012 Aerohive Networks CONFIDENTIALLoadBalancingLayer 3Roaming5 GHzResilientMeshLayer 2RoamingBandSteering2.4 GHz54Mbps450Mbps11MbpsSLA, QoS & DynamicAirtime SchedulingHigh Powered Radios,Receive Sensitivity & RRMEnterprise Wi-Fi FeaturesOptimization Mobility9DistributionReceive SensitivityLayer 2/3 Roaming
    10. 10. © 2012 Aerohive Networks CONFIDENTIALBYO and Corp Deployed DevicesAccess defined by ID & DeviceRADIUSPPSKCWPL2-4 FirewallCorp userCorp user - BYODGuest userCORP PolicyCorp VLANLAN & Web FW10Mbps per user24HR AccessBYOD PolicyRestricted VLANEmail & Web FW5Mbps per userM-F 8am-9pmGUEST PolicyDMZWeb Only FW1Mbps per userM-F 9am-5pmUser Profiles10OS DetectionMDM EnrollmentBonjour Gatewaywww CorpGuest,BYODAppleTV(AirPlay)Printer(AirPrint)BonjourwwwCorpMDMQuarantineEnrollBYOD & MDM Bonjour GW
    11. 11. © 2012 Aerohive Networks CONFIDENTIALSecurity and Authentication FeaturesCaptive Web Portal11Wireless Intrusion PreventionRemote Site Content SecurityWIPSDirectory IntegrationPrivate PSKMultiple CWPs ableto serve scalablyfrom every APMultiple users, sameSSID - easy but uniquerevocable keys• Authentication support forcommon directory servers• Eliminates standaloneRADIUS server• Credential caching forremote/branch survivabilityStateful Inspection FW• MAC (L2) based firewall• Stateful TCP/IP firewall (L3/L4)• ALGs for DNS/FTP/SIP• Policy Based Client Isolation
    12. 12. © 2012 Aerohive Networks CONFIDENTIALCloud-enabled NetworkingRouting, VPN and Wired features12PoE• SIP/SCCP/Spectralnk support• Auto-sensing of IP phones• 802.1X/Access control• Dynamic QoS for voice trafficUnified Wired & Wireless MgmtWi-FiWiredRouting / FWVPNSamePolicy andNetworkAddress/L3 Service PoE-PSE, 3G/4G USBL3 IPSec VPN Robust Voice SupportBranch on Demand
    13. 13. © 2012 Aerohive Networks CONFIDENTIALSupportManageMonitoring and Reporting Features13CloudManagementSpectrumAnalysisClient Monitor &Packet CaptureSimpleGUITopology &Location TrackingPCIComplianceMonitorManagement Views
    14. 14. © 2012 Aerohive Networks CONFIDENTIALLess Operational CostsLess Infrastructure CostsReduced Capex and Opex14Client Health ScoreGood connectionHighdata rates & highsuccessfultransmissionratesMarginal connectionLowerdata rates / lowersuccessfultransmissionratesPoor connectionLow data rates / low successfultransmissionratesCloud ManagementZero Touch Provisioning Self HealingClient Health Score
    15. 15. © 2012 Aerohive Networks CONFIDENTIALMANAGEMENT PLAN• ON PREMISE• L’azienda cliente acquista gliapparati Aerohive (siano essi Ape/o branch router) econtestualmente l’Hive ManagerAppliance per la gestione degliapparati, che può essere fisica ovirtuale.• Gli apparati sono forniti con unsupporto erogato da Aerohive(obbligatorio il primo anno) chegarantisce assistenza 8x5telefonica e tramite mail esostituzione dell’hardware return tofactory.• Gli apparati sono di proprietà delcliente.• CO-SOURCING (Gestito Miriade)• L’azienda cliente acquista ilservizio wi-fi Aerohive da Miriadeper tre anni, che fornisce al clientegli apparati e gestisce quest’ultimitramite la propria HivemanagerAppliance sulla base delleindicazioni, regole e policy fornitedal cliente.• Mensilmente Miriade fornirà alcliente una accurata reportisticadelle attività intervenute tramite larete wifi Aerohive.• Miriade fornirà il supporto alcliente in modalità 8x5 e lasostituzione dell’hardware return tofactory. Gli apparati rimangono diproprietà di Miriade.15Per maggiori info:
    16. 16. © 2012 Aerohive Networks CONFIDENTIALQ & A16Domande ?
    17. 17. Enabling Business Beyond the Corporate Network.Secure solutions for mobility, cloud and social media.
    18. 18. The Cloud Security Company3 Trends Transforming IT90% - Users work fromhome or on-the-go50% - Users who BYODSmartphones are nowthe worlds dominantcomputing device.74% of companies areusing cloud apps1 in 5 execs havepurchased cloud appswithout IT’s knowledgeSaaS applicationsgrowing 5x fasterthan software75% employees useFacebook at work178: average # of socialaccounts in theenterprise30 billion pieces ofcontent shared eachmonth on Facebook.New IT world requires cloud-based protectionMobility Cloud Apps Social Media &streamingIT transformation has turned traditional security (appliances) upside down.Mobile users bypasses appliances to access cloud apps and create policy issues.
    19. 19. The Cloud Security CompanyCurrent Approaches: Lots of Appliances or Backhaul Traffic©2012Zscaler, Inc. All rights reserved.Anti-spamEncryption DirectoryHQMobile devices andusers are usuallyunprotectedTo save cost of appliances,customers backhaul trafficto HQ BW cost on MPLS;Latency• Lots of point products at DMZ• Cost, IT overheadTo get same protection,need to replicate sameappliances at eachoffice gatewayCost & ComplexityRegional OfficeOn-the-goHome or HotelURLAVZero-day Web 2.0ReportingData LossToo Costly: Acquiring, deploying, managing appliancesRegional OfficeInternet
    20. 20. The Cloud Security CompanyZscaler: Secure Internet Gateway©2012Zscaler, Inc. All rights reserved.One Gateway to protect all of your users - on any device, anywhereRegionalOfficeHomeor HotspotWorld’s largest cloud. Integrated security for Web, Mobile & EmailBusiness enabler of mobility, cloud and social media safelyHardwareSoftwareHQOn-the-goGlobal Security Check PostEnforce business policyNothing good leaks out, nothing bad comes inWebSaaSServicesEmailServicesMobileAppsInternet ServicesMobile & DistributedWorkforce
    21. 21. The Cloud Security CompanyHow it works©2012Zscaler, Inc. All rights reserved.RegionalOfficeHQInternetEasy to deploy and manage. Enables IT to focus on strategic/architectural issuesMOBILE EMAILWEBDefine Policy ata central portalAdminForward traffic(Configure FW or router)Enforce policy bi-directionallyHomeor HotelSame policy formobile usersReal-time VisibilityAdminWe provide global infrastructure. You retain full control
    22. 22. The Cloud Security CompanyGlobal Protection by World’s Largest Security CloudPurpose-Built Architecture - Multi-tenant, DistributedBrain/Nervous system, Policy, Real-time threat updates1Onramp to Internet,Executes policy2Logs consolidated & correlated in real-time4Policy follows the user tothe nearest ZEN3NanoLog ClustersZEN (N)ZEN2ZscalerEnforcement NodeZEN1Central AuthoritySame policy & protection, near-zero latency for a user anywhereMulti-tenantUse any Data CenterShadowPolicyTMPolicy follows the userUltra-fastLittle processing latencyHigh AvailabilityFailover across DCs
    23. 23. The Cloud Security Company No HW, no SW, no client-side agent Traffic forwarding– from the infrastructure – GRE Tunnels, PBR, Proxy chaining– from the workstations – explicit proxy or PAC file (hosted in cloud)– Various ways to enforce Cloud usage Authentication– Users & groups have to be known by Zscaler for policies & reporting– Hosted User Database or Sync. With AD / LDAP– Registration phase usually requires username & password – only once» Authentication then is transparent– SAML / ADFS as an elegant SSO solution for transparent auth.Deployment considerations
    24. 24. The Cloud Security CompanyWhy Global 2000 Trust Zscaler Security CloudUnparalleled Privacy Guaranteed regional log storageto meet country or region’sprivacy requirements Data Obfuscation SAS 70 II certified DCsSecure By Design 100% secure and encryptedcommunication cloud-wide 55+ Patents Governing Zscaler’sDeveloped Cloud ArchitectureData Privacy & SecurityComplete Visibility into CloudOperations Public dashboard of real-time status– 300+ Monitors, Every Node, EverySecondService ExcellenceCommitments Real-time Logging, Latency,Availability Service Level AgreementsVisibility & TransparencyRedundancy at Every Layer Within Datacenter: Clustered Between Datacenters: 90+Datacenters Globally withAutomatic Traffic Re-Routing Cloud Wide: Multiple WorldClass Datacenter and InternetService Providers Massive Scale: 150 billiontransactions per monthAvailability & ScalePurpose-built architecture for 100% Availability, backed by strong SLAs
    25. 25. The Cloud Security CompanyMost Visionary & Market Leader©2012Zscaler, Inc. All rights reserved.…the fastest-growing vendor……earned the strongest score inCompleteness of Vision……cloud has the largest globalfootprint……Zscaler is a very good candidate formost enterprises…“Zscaler exhibits the qualities of a market penetration leader.”
    26. 26. The Cloud Security CompanyPricing Overview: Web SuitesZscaler PlatformDLPBWWeb 2.0URL FilteringBrowserPolicyAdvThreatsAV/ASZscaler PlatformURL FilteringAV/ASPolicy andReportingAnti-Virus and Anti-Spyware• Inline ultra-low latency Virus/Spyware protection• Any file size including multilevel archivesURL Filtering• User, Group or Location level granularity for Policy• 6 Classes, 30 Super Categories and 90 Categories• Dynamic Content Classification of Unknown Sites• Ability to modify categories or add new categoriesPackage FeaturesAdvancedPremiumBenefits CostStandard Benefits• Complete Inbound/Outbound protection• Enforce Acceptable Usage Policy• Minimize Productivity and Bandwidth Loss• Real-Time Reporting of Internet Usage byUsers, Departments or Locations• Protect all users in office or on the roadStandard Bundle +:Advanced Threats• Zero Day Attacks, Browser Vulnerabilities and Bots• Web 2.0 threats: XSS, Cookie Stealing, Phishing• Block Anonymizers, P2P, Skype, BitTorrentsWeb 2.0 Control• Granular control of 100 popular Web2.0 apps:• Facebook, Gmail, YouTube, etcBenefits• Protect against latest Web 2.0 threats• Protect employees’ personal information• Detect and block proxy-avoidance tools• Minimize Risk by blocking uncontrolled apps• Minimize Risk of Infection by enforcing safebrowsers and plugins.• Limit risk without affecting productivity:•Allow only HR to post on LinkedIn•Allow Gmail, but block attachmentAdvanced Bundle +:Data Leakage Prevention• Scan all web traffic leaving the organization• Log or Block transactions with confidential data• Scan Microsoft documents, PDFs and Zipped files• Predefined dictionaries for:Credit Cards, SSN, Source Code, Financial orMedical Statements, Salesforce docs etc.• Predefined Engines for HIPPA, PCI, etc.Bandwidth optimization for specific web appsWeb Access Control• Warn against use of vulnerable browsers/ pluginsBenefits• Minimize risk due to new Web 2.0 apps• Scan all webmails, IM attachments, blog posts• Add another layer towards compliance toindustry or government regulation• DLP policy at user, department, location level• Real-Time transaction level reports•Ensure Webex is not affected by YoutubePolicy andReportingPolicy andReportingZscaler PlatformWeb 2.0URL FilteringAdvThreatsAV/AS
    27. 27. The Cloud Security CompanyQ&ADomande ?
    28. 28. Vi ringraziamo per l’attenzione!Per domande o