W&M 2009 – HP ProCurve Unified Wireless and Wired Networks


Published on

Published in: Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • As organizations deal with threats they are also struggle with an increased push for efficiency and a demand by CEO’s to lower their cost of IT per employee. Managing this trade-off can be a very difficult task as the objectives seem to go in orthogonal directions. Security professionals must be able to provide security for their business within the context of these declining budgets. The complex system approaches of the past lead to both an increased number of devices and service contract requirements that drive costs up.
  • As network connections increase between customers and suppliers, businesses continue to deliver solutions as services over the network with perimeters which protect the organization from threats that are no longer secure. Organized crime has found ways to skirt perimeter defenses and leverage insiders knowingly and unknowingly to gain access to your critical information. As a result, organizations muct protect against internal and external threats.
  • Each user has been placed in an access policy group (APG) by the administrator. When a user is authenticated IDM looks at the rules for the user’s access policy group. The rules are based on time, location, Device ID, and client integrity status.When a rule match is found then an associated ‘Access Profile’ is invoked that sets a policy on the user’s port that can include ACL’s, VLANs, QoS and Bandwidth limitations.Access Control Lists (ACL’s) and client integrity checking are the new features.Access Controls Lists are filters on users enforced at the port or AP that allows or denies access to protocols, destination IP addresses, or destination TCP/UDP ports. The addresses (TCP/UDP or IP) may also be specified in ranges as well as individual addresses.Client integrity is an indicator sent to IDM from a 3rd party client integrity agent like Sygate, Zonelabs, etc. When IDM sees the client status indicator IDM can send a ‘dirty’ client to a remediation VLAN or server.
  • Microsoft® Network Access Protection is a policy enforcement technology built into the Windows Vista® and Windows® Server 2008 operating systems that allows customers to better protect network assets from unhealthy computers by enforcing compliance with network health policies. Microsoft’s Network Access Protection technology is available with Windows Vista and Windows Server 2008 and will be available with Windows XP SP3.ProCurve IDM provides network administrators with the ability to centrally define and apply policy-based network access rights that allow the network to automatically adapt to the needs of users and devices as they connect, thereby enforcing network security while providing appropriate access to network users and devices.
  • W&M 2009 – HP ProCurve Unified Wireless and Wired Networks

    1. 1.
    2. 2. HP ProCurve NetworkingHow to Integrate Wired and Wireless LANs<br />Lars Koelendorf<br />Category Manager, Wireless<br />HP Networking, EMEA<br />Email: lars@hp.com<br />
    3. 3. 3<br />21 May 2009<br />Agenda<br />Mobility Market Highlights<br />The challenges<br />WLAN Evolution<br />Unified wired and wireless<br />Integration options<br />Improved user experience<br />Advanced security<br />Simplified management<br /><ul><li>Conclusion</li></li></ul><li>4<br />21 May 2009<br />Mobility Market Highlights <br />Increasing number and diversity of clients<br />Persistent wireless coverage<br />Reduced cost<br />Dramatic improvements in technology<br />Business critical applications via wired or wireless<br />
    4. 4. Business Needs Driving everywhere Wireless Access<br />Collaboration of <br />mobile workforce<br />Access from Anywhere<br />Secure guest access<br />IMPROVED PRODUCTIVITY<br />Wireless<br />Asset tracking<br />Physical security<br />Converged voice and data over WiFi<br />5<br />
    5. 5. The business challenge <br />6<br />21 May 2009<br />With access to the network coming from any device you need a centralized <br />approach to wired and wireless management to streamline device configuration and enable network monitoring and response to wired and wireless network threats. <br />Build an agile security aware network that support all types of users and devices – not barriers to entry<br />IT <br /><ul><li>Ensure compliance
    6. 6. Limit disruptions
    7. 7. Protect existing investments
    8. 8. Monitor network
    9. 9. Do more with less staff </li></ul>Business <br /><ul><li>Reduce costs
    10. 10. Improve productivity
    11. 11. Manage risk intelligently
    12. 12. Flexible access</li></li></ul><li>The Network Administrator Challenge<br />Need a wireless solution that can be managed easily, and integrated with wired infrastructure and existing user policies – not another administrative burden<br />Single management solution<br />Wireless network management<br />Policy coordination<br />Wired network management<br />
    13. 13. The Security challenge<br />What is the activity inside the network ? <br />How to protect against internal threats ?<br />How to deal with an increasingly mobile and fragmented workforce ?<br />How to meet new regulatory compliance requirements ?<br />…….Within the (declining?) IT budget ?<br />
    14. 14. WLAN Evolution and unification<br />
    15. 15. WLAN Evolution<br />10<br />21 May 2009<br />Next<br />Generation<br />Converged WLAN<br />Architecture<br />
    16. 16. 11<br />Wired & Wireless Integration Options<br />
    17. 17. Key Components Development over time<br />12<br />21 May 2009<br />Time<br />
    18. 18. Commandfrom the Center<br />Unified network:Wired and wireless is just two was of accessing it<br />Increased productivity: Consistent user experience Seamless access to business applications<br />Servers<br />WirelessClients<br />IntelligentEDGE<br />Interconnect<br />Fabric<br />Ease of management: Single management platform with common tools, optimization<br />Intelligent<br />Switches<br />Clients<br />Intelligent<br />Switches<br />Clients<br />Security: <br />One user identity, and system for access control<br />One system for network threat management<br />EdgePortal<br />WirelessAccess Points<br />EdgeNetwork<br />Internet<br />WirelessClients<br />
    19. 19. Security policies<br />
    20. 20. External and internal threats <br />15<br />21 May 2009<br />98% uses Firewall <br />to protect the perimeter<br />Internal represents <br />80% of the threat<br />
    21. 21. Importance of factors when adding wireless to the network<br />Need to meet increased mobility<br />3,5<br />requirements <br />Ability to define single user<br />3,9<br />based network security policy<br />Management of security across<br />4,4<br />network<br />Desire to use new technology to<br />3,4<br />the full<br />Ave score out of 5<br />3,4<br />Time required to deploy<br />Ongoing mantenance/ support<br />3,7<br />costs <br />3,7<br />Cost of initial purchase<br />0<br />0,5<br />1<br />1,5<br />2<br />2,5<br />3<br />3,5<br />4<br />4,5<br />5<br />2008<br />
    22. 22. Security is a process <br />17<br />21 May 2009<br />Validation and Monitoring<br />Policies <br />Trusted Network<br />Infrastructure<br />
    23. 23. Users rights policy<br />Unified strategy<br />Overlay strategy<br />What’s my policy?<br />Wired<br />Unified wired and wireless<br />Different security solutions<br />Same security at any entry point:<br /><ul><li>Same policies
    24. 24. Same password
    25. 25. Same rights
    26. 26. Same security solutions</li></ul>Wireless<br />What are the user’s rights?<br />
    27. 27. Policy management – wired and wireless<br />19<br />21 May 2009<br /><ul><li>Use a tool that allows network administrators to efficiently manage the users and devices connecting to their network
    28. 28. A way to virtualize the network versus the user</li></ul>Easy creation and management of user policy groups<br /><ul><li> Dynamically apply security, access and performance settings at port level based on policies
    29. 29. Network Reports and Logs based on Users for Audit</li></ul>Authenticating and Provisioning<br />Client<br />Integrity Status<br />Location<br />Based on =><br />Time<br />Device ID<br />User/Group<br />ACLs per user /<br />Packet filtering FW<br />Set =><br />Bandwidth<br />Limit<br />I/O port<br />VLAN<br />QoS<br />
    30. 30. How it works<br />Access only to Internetat 2 Mbps<br />Guest<br />Access to Internet and corp. servers <br />Employee<br />Access to financial information <br />Employee<br />finance<br />Networkadministrator<br />Conference room<br />Internet<br />1. Sets up role based access policy groups & assigns rules and access profiles:<br /><ul><li>Set rules
    31. 31. Time
    32. 32. Location
    33. 33. Device ID
    34. 34. To trigger each policy profile
    35. 35. ACL
    36. 36. VLAN
    37. 37. QoS
    38. 38. Bandwith limit</li></ul>2. Put users in appropriate access policy group<br />Access<br />policy<br />server<br />Enterprise WLAN/LAN<br />Corporate<br />server<br />Finance server<br />20<br />
    39. 39. Client integrity check - The joint solution <br />21<br />21 May 2009<br />Boundary Zone<br />Internet<br />Network Access Protection and HP ProCurve<br />Policy-based solution that:<br /><ul><li>Validates whether computers meet health policies
    40. 40. Limits access for noncompliant computers
    41. 41. Automatically remediates noncompliant computers
    42. 42. Continuously updates compliant computers to maintain health state
    43. 43. Dynamically allocates network resources</li></ul>Solution Highlights<br /><ul><li>Standards-based
    44. 44. Plug-and-play
    45. 45. Works with most devices
    46. 46. Supports multiple antivirus solutions
    47. 47. based on policies you define</li></ul>Employees , Partners, Vendors<br />Customers<br />Partners<br />Remote Employees<br />
    48. 48. Regulatory Compliance Assistance <br /><ul><li>Central management and monitoring of security policies provides immediate visibility and assistance with regulatory compliance on the unified network</li></ul>22<br /><ul><li>Current credentials report
    49. 49. Security policy action report
    50. 50. Security events history report
    51. 51. Security heat map report
    52. 52. Offenders tracking report
    53. 53. User unsuccessful login report
    54. 54. User session history
    55. 55. User MAC address report
    56. 56. Reports for HIPAA, PCI, Sarbanes-Oxley, Gramm-Leach-Bliley, and DoD Directive 1800.2
    57. 57. Ability to custom define report content
    58. 58. Device security history report
    59. 59. Device access security report
    60. 60. Port access security report
    61. 61. Password policy compliance</li></li></ul><li>Conclusion<br />
    62. 62. One Network Wired & Wireless Unified and Secure<br />Real OPEX Savings<br />Reduced network management <br /> administration costs<br />Improved Security<br />Consistent policies, applied once, removes error<br />Improved End-User Experience<br />Network follows the user from work site to work site<br />
    63. 63. Conclusion<br />25<br />21 May 2009<br />Unified Networking Equals<br />10/<br />11/<br />Mbps<br />54/<br />100/<br />300/<br />600/<br />450/<br />10000<br />1000/<br />With<br />Single management and consistent policy<br />