Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

LAN v podání Brocade

1,901 views

Published on

Společnost Brocade je známa zejména ze světa SAN (Storage Area Network), ale mimo to vyrábí špičková zařízení (switche, routery, load balancery,…) pro LAN/WAN/WIFI a doručování aplikací, které vynikají oproti konkurenci zejména vysokým výkonem a propustností. Seznámíme vás s produkty pro lokální a konvergované sítě vašich datových center určených pro virtuální serverovou i desktopovou virtualizaci. Łukasz Kozłowski (Brocade) / Jaroslav Prodělal (OldanyGroup)

Published in: Technology, Business
  • DOWNLOAD THIS BOOKS INTO AVAILABLE FORMAT (2019 Update) ......................................................................................................................... ......................................................................................................................... Download Full PDF EBOOK here { https://soo.gd/irt2 } ......................................................................................................................... Download Full EPUB Ebook here { https://soo.gd/irt2 } ......................................................................................................................... Download Full doc Ebook here { https://soo.gd/irt2 } ......................................................................................................................... Download PDF EBOOK here { https://soo.gd/irt2 } ......................................................................................................................... Download EPUB Ebook here { https://soo.gd/irt2 } ......................................................................................................................... Download doc Ebook here { https://soo.gd/irt2 } ......................................................................................................................... ......................................................................................................................... ................................................................................................................................... eBook is an electronic version of a traditional print book THIS can be read by using a personal computer or by using an eBook reader. (An eBook reader can be a software application for use on a computer such as Microsoft's free Reader application, or a book-sized computer THIS is used solely as a reading device such as Nuvomedia's Rocket eBook.) Users can purchase an eBook on diskette or CD, but the most popular method of getting an eBook is to purchase a downloadable file of the eBook (or other reading material) from a Web site (such as Barnes and Noble) to be read from the user's computer or reading device. Generally, an eBook can be downloaded in five minutes or less ......................................................................................................................... .............. Browse by Genre Available eBooks .............................................................................................................................. Art, Biography, Business, Chick Lit, Children's, Christian, Classics, Comics, Contemporary, Cookbooks, Manga, Memoir, Music, Mystery, Non Fiction, Paranormal, Philosophy, Poetry, Psychology, Religion, Romance, Science, Science Fiction, Self Help, Suspense, Spirituality, Sports, Thriller, Travel, Young Adult, Crime, Ebooks, Fantasy, Fiction, Graphic Novels, Historical Fiction, History, Horror, Humor And Comedy, ......................................................................................................................... ......................................................................................................................... .....BEST SELLER FOR EBOOK RECOMMEND............................................................. ......................................................................................................................... Blowout: Corrupted Democracy, Rogue State Russia, and the Richest, Most Destructive Industry on Earth,-- The Ride of a Lifetime: Lessons Learned from 15 Years as CEO of the Walt Disney Company,-- Call Sign Chaos: Learning to Lead,-- StrengthsFinder 2.0,-- Stillness Is the Key,-- She Said: Breaking the Sexual Harassment Story THIS Helped Ignite a Movement,-- Atomic Habits: An Easy & Proven Way to Build Good Habits & Break Bad Ones,-- Everything Is Figureoutable,-- What It Takes: Lessons in the Pursuit of Excellence,-- Rich Dad Poor Dad: What the Rich Teach Their Kids About Money THIS the Poor and Middle Class Do Not!,-- The Total Money Makeover: Classic Edition: A Proven Plan for Financial Fitness,-- Shut Up and Listen!: Hard Business Truths THIS Will Help You Succeed, ......................................................................................................................... .........................................................................................................................
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here

LAN v podání Brocade

  1. 1. BROCADE IP PRODUCTŁukasz KozłowskiSolutions Consultant Eastern EuropeMay, 2012© 2011 Brocade Communications Systems, Inc. Company Proprietary Information 1
  2. 2. Brocade IP - Product Portfolio NEWEnterprise Campus LAN ICX 6430/50 Mobility Series ServerIron Classic/ADX Series FastIron CX Series Brocade NetIron MLX / MLXe Routers XMR Series NetIron CER Metro / SP FastIron SX Series NEW ICX 6610 BigIron RX SeriesData Center (LAN) FastIron CX Series VCS NetIron CES NetIron CES Brocade VDX 6710/20/30 Switch NEW Brocade 6910 Ethernet Access Switch ServerIron Classic/ADX Series Data Center IronVieNetwork Brocade Network Manager Fabric Manager Advisor © 2011 Brocade Communications Systems, Inc. Company Proprietary Information 2
  3. 3. Data Center TransformationNetwork Evolution • Business Agility • Cost EfficiencyVirtualization LAN • Historically 1 app:1 server; N-S traffic SAN • Virtualization  limited scalability • Traffic load strain • Increasing E-W traffic • STP: one path, narrow VM mobility • Complex, underutilized, rigid Hierarchical Services on Demand © 2011 Brocade Communications Systems, Inc. Company Proprietary Information 3
  4. 4. Data Center TransformationNetwork Evolution • Business Agility • Cost EfficiencyVirtualization LAN SAN • More powerful, flatter network • Higher traffic, E-W, avoid congestion • Collapse layers reducing complexity • High density, high bandwidth, wire-speed LAN SAN • Layer 2 challenges remain… Flat Hierarchical Services on Demand © 2011 Brocade Communications Systems, Inc. Company Proprietary Information 4
  5. 5. Data Center TransformationNetwork Evolution • Business Agility • Cost Efficiency Today Private CloudVirtualization • Large, flat L2, high speed, HA LAN Converged SAN • All paths active–no STP • Flexible topology • Ability to converge IP/storage LAN • Wide, intelligent VM mobility • Manage as a single entity SAN Ethernet Fabric • Virtualize for the Cloud LAN Flat SAN Hierarchical Services on Demand © 2011 Brocade Communications Systems, Inc. Company Proprietary Information 5
  6. 6. Next Generation Data CentreNetwork vs Fabric Architecture Ethernet Network Architecture Ethernet Fabric Architecture LAN Layer 2 Scalability SAN Flat •More powerful, flatter network • VCS is a Ethernet fabric • Higher traffic, E-W, avoid congestion • Scalable single layer 2 domain • Collapse layers reducing complexity • Optimized for East to West traffic • High density, high bandwidth, wire-speed • Layer 2 challenges remain… • Logical Chassis Nodes working together© 2011 Brocade Communications Systems, Inc. Company Proprietary Information 6
  7. 7. Brocade VCS – new design and technologyfor Data Center and Enterprise Networks© 2011 Brocade Communications Systems, Inc. Company Proprietary Information 7
  8. 8. Virtual Cluster Switching (VCS) VCS Ethernet Distributed Logical Fabric Intelligence Chassis No Spanning Tree Protocol Logically flattens and Self-forming collapses network layers Multi-path, deterministic Arbitrary topology Scale edge and manage Auto-healing, non- as if single switch disruptive Fabric is aware of all members, devices, VMs Auto-configuration Lossless, low latency Masterless control, no Centralized or distributed Convergence-ready reconfiguration mgmt Connectivity over Distance, Native Fibre Dynamic Services Channel, Security Services, Layer 4-7, etc.© 2011 Brocade Communications Systems, Inc. Company Proprietary Information 8
  9. 9. Distributed Intelligence Details Ethernet Fabric Distributed Intelligence Logical Chassis Dynamic Services • Distributed Fabric Services • Shared Port Profiles • Fabric is self-forming information • Information shared across all • Automatic Migration of Port fabric members Profiles (AMPP) • Fabric is aware of all devices • Enables seamless VM migration connected without compromise • Masterless Control • Optimized Virtual Access • Switch or link failure does not Layer require full fabric • VEPA; frees host resources from reconvergence switching and policy enforcement© 2011 Brocade Communications Systems, Inc. Company Proprietary Information 9
  10. 10. Sharing Port ProfilesAutomatic Sharing to simplify management Port Profile WebServer: Enable QoS Enable VLAN Enable Security Enable FCOE© 2011 Brocade Communications Systems, Inc. Company Proprietary Information 10
  11. 11. Brocade VM-Aware Network Automation NEW!MigrationDynamic configuration and secure communication  No need for manual configuration of MAC vCenter Brocade Network addresses and port Advisor profiles; less error-prone  Minimizes procedural delays between server and network IT teams  Eases configuration of multiple VCS fabrics  Protection against VM/MAC spoofing via secure vCenter NAS iSCSI FCoE FC communication© 2011 Brocade Communications Systems, Inc. Company Proprietary Information 11
  12. 12. Logical Chassis Details Ethernet Fabric Distributed Intelligence Logical Chassis Dynamic Services• Fabric auto-configures • Logically flattens and • Once VCS is enabled, no collapses network layers configuration necessary • Fabric is self-aggregating• Fabric behaves/managed • Flexible fabric topologies as a single logical chassis • Will scale to greater than • Aggregation (or Core) layer 2000 device ports without sees one switch added management • Fabric members act like a blade in a chassis© 2011 Brocade Communications Systems, Inc. Company Proprietary Information 12
  13. 13. Brocade VDX – devices to create a fabric© 2011 Brocade Communications Systems, Inc. Company Proprietary Information 13
  14. 14. Brocade VDX product family The Flexible Choice for the Evolving Data CenterNEW! Brocade VDX 6710  Ideal for every stage of network Switch evolution Brocade  Ultra-low latency for unmatched VDX 6720 performance Switch  Superior size and powerNEW! efficiency critical for today’s data center Brocade VDX 6730  Flexible storage connectivity for Switch FCoE, iSCSI, and NAS © 2011 Brocade Communications Systems, Inc. Company Proprietary Information 14
  15. 15. Brocade VDX 6730 Data Center SwitchesProduct details• Leading Performance and Density • 32- and 76-port models with Ports on Demand (PoD) • Brocade VDX 6730-32 • Compact 1U form factor; 24 1/10 Gbps SFP+ ports; 8x 2/4/8 Gbps Fibre Channel ports • Brocade VDX 6730-76 • 2U form factor; 60 1/10 Gbps SFP+ ports; 16x 2/4/8 Gbps Fibre Channel ports • Non-blocking, cut-through architecture, wire-speed • 600 ns port-to-port latency; 1.8 μs across port groups Brocade VDX 6730-• Unified Storage Connectivity 32 • Ethernet storage connectivity for FCoE, iSCSI, and NAS storage • Multihop FCoE and iSCSI Data Center Bridging (DCB) support• Environmental Flexibility • 10 Gbps and 1 Gbps supported on every LAN port; 2,4, and Brocade VDX 6730-76 8 Gbps on SAN port • Direct-attached copper and SFP optical connectivity options • Switch depth less than 17 inches; reversible front-to-back airflow• Highly Resilient and Efficient Design • Brocade Fabric Watch provides proactive monitoring and notification of critical switch component failure • Simplistic design Systems, Inc. Company Proprietary Information © 2011 Brocade Communications for better MTBF and optimal power 15
  16. 16. Brocade VDX 6720 Data Center SwitchesProduct details• Built for the Virtualized Data Center • Uses Brocade fabric switching ASICs • First switches to run new Brocade Network Operating System • Virtual Cluster Switching (VCS) fabric technology • Automatic Migration of Port Profiles (AMPP) Brocade VDX 6720-• Best-In-Class Performance and Density 24 • 24 and 60 port models with Ports On Demand • Non-blocking, cut-through architecture, wire-speed • 600 ns port-to-port latency; 1.8 us across port groups• Environmental Flexibility • 10 Gb and 1 Gb supported on every port • Direct-attached copper, active optical, and SFP optical connectivity Brocade VDX 6720-60 options • Less than 17‖ switch depth and reversible front-to-back airflow• Enables Network Convergence Data Center Access • Complete FCoE support, multi-hop • iSCSI DCB support• Highly Resilient and Efficient Design • Hot code load and activation • Remote Lights Out Management • Simplistic design, optimal power efficiency© 2011 Brocade Communications Systems, Inc. Company Proprietary Information 16
  17. 17. Brocade VDX 6710 Data Center SwitchesProduct details• Leading Performance and Density • Brocade VDX 6710-54 • Compact 1U form factor; 6 1/10 Gbps SFP+ ports; 48 1 Gbps RJ45 copper ports • Non-blocking, cut-through architecture, wire- speed • 600 ns port-to-port latency; 1.8 μs across port groups• Environmental Flexibility • Switch depth less than 17 inches; reversible front-to-back airflow Brocade VDX 6710- • Two internal, redundant, field-replaceable, load- 54 sharing AC power supplies• Highly Resilient and Efficient Design Data Center Access • Brocade Fabric Watch provides proactive monitoring and notification of critical switch component failure • Simplistic design for better MTBF and optimal power efficiency© 2011 Brocade Communications Systems, Inc. Company Proprietary Information 17
  18. 18. CAMPUS LAN SOLUTION© 2011 Brocade Communications Systems, Inc. Company Proprietary Information 18
  19. 19. Brocade InternetCampus Architecture Data Center Mobility Controller Call ManagerReference architecture NAC FW/IPS NetIron MLX sFlow FastIron NetIron BNA Backbone SX MLX FastIron NetIron MLX SX Access sFlow FastIron CX sFlow sFlow Core FastIron FastIron Branch SX SX sFlow Real-time traffic management Aggregation sFlow FastIron using sFlow, CX network visibility sFlow FastIron CX High availability with hitless Access failover at FWS/FCX Campus HQ edge/aggregation/core sFlow Campus Building 1 Plug-and-Play deployment Access Highly available wired Dynamic Resource Allocation and wireless access© 2011 Brocade Communications Systems, Inc. Company Proprietary Information 19
  20. 20. Market Leading Campus Edge Stackable Portfolio Brocade ICX 6610 High-Performance Brocade FCX-S Mission-Critical NEW! GA in Q2 • 8x 10 GbE uplinks Brocade ICX 6450 Price/performance • 320 GB stacking Midmarket • Full PoE/PoE+ (up to 48 ports) Brocade ICX 6430 • 2x 10 GbE uplinks • Copper and fiber models • 64 GB stacking • Dual power supply, fans Entry-level • IPv4 and IPv6 routing • Copper and fiber • PoE/PoE+ • BGP, Multicast • 4x 10 GbE • Dual power supply, fans • MACSec, EEE-ready uplinks/stacking • IPv4 and IPv6 routing • Virtual Routing and Forwarding • 40 GB stacking • BGP, Multicast, GRE (VRF)-roadmap • 4x 1 GbE • Full PoE • ACL, VLAN scalability uplinks/stacking • PoE+ • Stackable • Basic Layer 3 • PoE/PoE+ • MACSec, EEE-ready • One fanless model • Energy Efficient Ethernet (EEE) ready Function and scalability© 2011 Brocade Communications Systems, Inc. Company Proprietary Information 20
  21. 21. ICX6610: Most Powerful Campus StackableHighest-stacking bandwidth in the Highest-density uplinks—with 40 GbE– industry ready HW • 160 GB of stacking BW per switch • 40 GbE–ready • Hitless stacking for data and control • In addition, up to 8x10 GbE uplink ports per switchAdvanced features Optimum flexibility• Encryption via MACSEC • Redundant, removable, power supplies and fans• Energy-Efficient Ethernet (EEE) • Footprint—1RU and 16 inches deep • PoE+ with high-density power supplies (1000 W)© 2011 Brocade Communications Systems, Inc. Company Proprietary Information 21
  22. 22. ICX6610 - Next Gen StackableProduct highlightsLeading performance and port density • 24 or 48 RJ-45 10/100/1000 Mbps port models • 24 or 48 RJ-45 10/100/1000 Mbps PoE+ port models • 24 100/1000 Mbps SFP port models • Eight dual-mode 1 GbE/10 GbE software upgradable ports • Four 40 Gbps standards-based QSFP stacking ports • Non-blocking, wire-speed architecture Brocade ICX 6610-24 Brocade ICX 6610-24PAdvanced scalability and features • Full Layer 3 feature capability (IPv4, IPv6, multicast, GRE) • Hardware-ready for encryption via MACsec • sFlow for granular network traffic accounting • 12K ACL, 16K routes, 32K MAC, 8K multicast groups Brocade ICX 6610-48High availability Brocade ICX 6610-48P • Hitless stacking failover, redundant stacking links. • Redundant, removable, load-sharing power supplies and fans • High-density power supplies (1000 W)Deployment flexibility Brocade ICX 6610-24F • Reversible front-to-back or back-to-front airflow • Hardware-ready for Energy Efficient Ethernet (EEE) • Footprint—1RU and 16 inches deep • Noise level <40 db© 2011 Brocade Communications Systems, Inc. Company Proprietary Information 22
  23. 23. ICX6610-48P: Front and Back View Uplinks 24/48 RJ45 8x1/10 GbE Ports Redundant Power Stacking Ports Supplies 4x40 GB Redundant Fans© 2011 Brocade Communications Systems, Inc. Company Proprietary Information 23
  24. 24. ICX 6430 & 6450 Product Overview Enterprise-Class Stackable Switching at an Entry Level Price • Cost-effective Ethernet Stacking • 40G of stacking bandwidth with 10G ports (full duplex) • Hitless stacking controller failover 24/48 x 10/100/1G with PoE+ • 384 ports per stack (ICX 6450) 2xRJ45 Console, OOB • Flexible Model Configurations • Dual-purpose uplink/stacking ports • 24/48 x 10/100/1G + 4x1G SFP uplinks/stacking • 24/48 x 10/100/1G + 4x1G/10G SFP+ uplinks/stacking • PoE/PoE+ and non-PoE models • Includes fanless model: ICX6430-24 • Advanced Features • RPS/EPS – redundant power and extended PoE power • Encryption via MACSEC 802.1ae (HW ready) ICX 6430 ICX 6450 • Energy Efficient Ethernet (EEE) (HW ready) 4 x 1G SFP 4 x 10G SFP+ • sFlow for granular traffic accounting (ICX 6450)Uplink/Stacking Uplink/Stacking (4 unit stack) (8 unit stack) • L2 and Basic L3 Features • Common CLI and feature parity with FWS • Base software includes IPv4 static routing (ICX6450) • Premium license for L3 – OSPF, RIP, VRRP 24
  25. 25. ICX 6430 and 6450 ComparisonKey Differences ICX 6430 ICX 6450 4 x 1G SFP 4 x 1/10G SFP+ 4G Stacking BW (full duplex) 40G Stacking BW (full duplex) 4 units per stack 8 units per stack 192 ports per stack 384 ports per stack Max 24 PoE+ Ports (w/ EPS1500) Max 48 PoE+ Ports (w/ EPS1500) L2 only L2 and Basic L3 via license No sFlow sFlow network monitoring No MACsec MACsec HW-ready EEE HW-ready EEE HW-ready 8K MAC addresses 16K MAC address 4 QoS queues 8 QoS queues 25
  26. 26. Entry-Level Cost-Effective Stacking• Stacking using 1G / 10G uplink/stacking ports• ICX6450: 8 units/stack; ICX6430: 4 units/stack• Stack with low-cost Direct-Attached Copper (Twinax) cables (not included with the switch)• Stacking cable length: 1 m, 3 m and 5 m• Mix stacking not supported between 6430 and 6450; 6610 and 6430/6450 (HyperEdge roadmap)• Stacking between ICX6430 24- and 48-port models is not supported• Horizontal stacking supported with fiber optics for longer distance stacking 10G 10G 26
  27. 27. ICX 6450 Switch 10G Port LicenseICX6450-2X10G-POD-LIC• Default uplink/stacking port configuration (out of the box) • 2 x 10G SFP+ ports enabled • 2 x 1G SFP ports enabled• Optional license required to upgrade 2 x 1G ports to 2 x 10G speed • ICX6450-2X10G-POD-LIC: List Price $1000• Buy only what you need, don’t need POD license for all switches within the stack 27
  28. 28. External Power SupplyICX6400-EPS1500• Provides redundant system power and PoE/PoE+ power extension • External RPS and can add to the PoE/PoE+ power budget of the switch • 19 inch rack mountable and 1U high • 3 DC cables and rackmount kit are included • EPS1500 requires 20 Amp AC power cord (included)• Connects up to 3 switches• ICX6450-48P has 2 EPS connectors to get full PoE+ on all 48-ports• No RPS support for ICX6430 -24 fanless model (for classrooms, open offices) ICX6450-48P ICX6400-EPS1500 ICX6400-EPS1500 28
  29. 29. Brocade Assurance Limited Lifetime Warranty and Phone Support Brocade Juniper Cisco HP ProcurveHW Warranty NBD Adv HW Replacement NBD Adv HW (30 days) NBD Adv HW NBD Adv HW Excludes: Optics 5 yrs Fan & PS 5 yrs: Fan & PSSW Policy SW maintenance Updates - NEW! SW Updates SW Updates SW Updates 8x5, 90 days - FCX, ICX 6610 NEW! 24x7, 90 days 8x5, 90 days 8x5 Basic Support,Remote Support 8x5, 90 days - SX from 1 yr, 24x7 Lifetime 8x5, 3 years ICX 6400 NEW! • HW Lifetime Warranty – No Change, all hardware covered except pluggable optics • SW Lifetime Updates – Includes patch releases and maintenance updates (except for ADV images) • Phone Support – Included with campus products, duration varied by product • FSX, FCX, ICX6610 - 90 days 8x5 support • ICX 6430/6450 - 3 years 8x5 support • Optional remote support available for 24 x 7 TAC support and on-site support • Warranty and support applicable for campus products sold worldwide 29
  30. 30. APPLICATION DELIVERY CONTROLLERS© 2011 Brocade Communications Systems, Inc. Company Proprietary Information 30
  31. 31. Defining ADC• Basic features • Advanced features • Load balancing • Web application firewall • Failover • Content transformation • NAT • Application protocol optimization • Caching • Programming interface • SSL server offload • XML transformation • TCP connection multiplexing • Compression © 2011 Brocade Communications Systems, Inc. Company Proprietary Information 31
  32. 32. MOBILITY PRODUCTS© 2011 Brocade Communications Systems, Inc. Company Proprietary Information 32
  33. 33. 802.11n: The Need For A New ArchitectureAnd why the old models won’t work Independent Dependent SMART (Standalone) (Thin AP) Adaptive (Distributed) • 125 Mbps = Typical max real world TCP throughput Challenge For 802.11n: Challenge Best of both worlds and • Per 802.11n radio. Individual results may vary. •Difficult to manage 1. Spend more on • Scalability for 11n more… scalability • Performance/Scalability for • 250 Mbps for dual radio access point controllers 11n • Reliability/High Availability • Four dual radio access points =Oversubscribe 2. 1 Gbps • Distributed Security Wireless Controller your network Managing Scalability • 40 dual radio access points = 10 Gbps, and so on Services and Application Provider with Policy Management Standalone APs Distributed Computing and Security Enforcement at the Thin APs – Split MACs Edge© 2011 Brocade Communications Systems, Inc.
  34. 34. Brocade Mobility For High AvailabilityAll-Wireless or Wired+Wireless, Down Time Is Not Tolerated. Period. 3  1 ACCESS POINT FAILURE Neighboring mesh node backhauls the trafficData Center 1 Data Center 2 4 BACKBONE/ WAN 2 LOCAL WIRED SWITCH FAILURECampus Office Branch Office Adaptive AP(s) Dynamically Forms Mesh Connection to Neighboring AP’s and backhaul through redundant switch 2 3 WIRELESS SWITCH FAILURE Distributed cluster allows for 1 seamless transition Mesh 4 WAN LINK FAILURE Adaptive AP survivability. All Local Services Continue, Including Security© 2010 Brocade Communications Systems, Inc.
  35. 35. Securing The Network From Threat Inside &Out 1 1 INTEGRATED Wireless (L2)Data Center 1 Data Center 2 1 Firewall on WLAN Switch – Stateful Inspection of WAN Traffic BACKBONE/ INTEGRATED Firewall onBranch Office 1 4 WAN Branch Office 2 2 Adaptive AP – Stateful Inspection of Local Traffic ADAPTIVE AP is Simultaneously 2 Mesh 3 3 a WIPS Sensor for 24*7 Monitoring 4 SECURE INTEGRATED VPN Tunnel Between WLAN Switch & AP’s Central Security Policy and Control, Rogue AP Multiple Points of Enforcement© 2010 Brocade Communications Systems, Inc.
  36. 36. Security Features PREMIUM To meet regulatory and industrial compliance • AirDefense Enterprise-class ADVANCED scalability For security-conscious • Rogue detection and enterprise networks elimination • Role-based firewall • Intrusion detection (requires advanced security • Automated termination STANDARD license upgrade) • Policy compliance Baseline for most • Advanced wireless IPS and enterprise networks • Wireless troubleshooting rogue AP protection • Forensic analysis• 802.11i/WPA2 (requires advanced wireless • Location tracking• Stateful wireless firewall IPS license upgrade) • Requires license upgrade ADVANCED• Standard wireless Intrusion only; no additional hardware For security-conscious Prevention System (IPS) required enterprise networks• Rogue AP detection STANDARD STANDARD• Included without extra cost Baseline for most Baseline for most enterprise networks enterprise networks© 2011 Brocade Communications Systems, Inc. Company Proprietary Information
  37. 37. SecurityAction Threat Feature BenefitPeer-to-Peer (P2P) file Brings network to a standstill; • Blocks well-known Prevents illicit P2P filesharing of large music organization liable for legal costs network ports in the sharing; offers better controland video files wireless firewall of Internet bandwidth • Rate limitingDeployment of Creates a large security gap by • Dedicated monitoring and Shuts down rogue APs, butunauthorized AP, soft AP allowing unauthorized users to control of rogue APs not ―friendly‖ APs, on theon laptop or smartphone use the WLAN • Wireless IPS for rogue AP perimeter of the network suppressionMalicious guest behavior Guest ―insider‖ has access to • Deploys guest portal Enables safe and secure sensitive information • Intrusion detection system Internet guest and visitor for wired networks access© 2011 Brocade Communications Systems, Inc. Company Proprietary Information
  38. 38. Security Authentication and Wireless Firewall Wireless IPS Encryption • Layer 2, 3, and 4 Access Control • 802.1x EAP Lists (ACLs) • WPA/WPA2-TKIP, WPA2- • Layer 2 and 3 stateful packet CCMP, WEP 64, WEP 128 inspection • Captive portal guest access • 24 Denial of Service (DoS) • 37 wireless IPS signatures and registrationSTANDARD signatures • Customizable wireless IPS • Integrated RADIUS serverIncluded at no • Storm control signatures • Local user databaseextra cost • Address Resolution Protocol • Rogue AP detection • Network Access Control (ARP) spoofing protection (NAC) support • Dynamic Host Configuration • Internet Protocol Security Protocol (DHCP) offers (IPSec) Virtual Private conversion Network (VPN) • Application-layer gatewaysADVANCED • 35 additional wireless IPSRequires advanced signatures • Dynamic firewall rulewireless • Additional IPSec VPNs • Device characterization assignmentsIPS/security • Rogue AP terminationlicense • Wired rogue AP detectionPREMIUM AirDefense Enterprise for Brocade Mobility© 2011 Brocade Communications Systems, Inc. Company Proprietary Information
  39. 39. Advanced Security• Role-based Layer 2-7 wired/wireless firewall Brocade Brocade Brocade VPN tunnels Mobility Mobility Mobility RFS4000 RFS6000 RFS7000 Without 256 300 512 ADSEC With ADSEC 256 512 1024© 2011 Brocade Communications Systems, Inc. Company Proprietary Information
  40. 40. Brocade Mobility—Advanced Wireless IPSExcessive AP Anomaly Wireless Client802.11 replay check failure Ad hoc advertising authorized SSID Crackable WEP IV key usedAggressive scanning Ad hoc network violation DoS broadcast deauthenticationFailures reported by authentication servers Events AirJack attack Mitigation Thresholds Events Frames with bad ESSIDs Thresholds MitigationDecryption failures MU association Accidental AP default configuration Y Detect all multicast routers Fuzzing: All zero MAC address observed in the subnetDoS association orWEP IV used Crackable authentication flood AP SSID broadcast in beacon Detect all multicast systems on the subnet frame type detected Fuzzing: invalidDoS EAPOL-start flood DoS CTS storm ASLEAP attack Y Multicast DHCP server relay agent detection management frame Fuzzing: invalid DoS deauthentication detectionDoS association or authentication flood Fake AP flood Multicast HSRP agent detection Fuzzing: invalid sequence number DoS dissociation detectionEAP flood Impersonation attack detected Multicast IGMP detection Identical source and destination addressesEAP-NAK flood failure spoof DoS EAP Null probe response Multicast IGMP routers detection Fuzzing: invalid 802.1x frames detected DoS EAPoL logoff storm Y Multicast OSPF all routers detectionFrames from unassociated stations Suspicious AP—high RSSI Netstumbler (v3.2.0, 3.2.3, 3.3.0) DoS RTS flood Multicast OSPF designated routers detectionReplay injection attack Transmitting device using invalid MAC Non-changing WEP IV Essid Jack Attack detection Multicast RIP2 routers detection Unauthorized AP using authorized SSID TKIP MIC countermeasures caused by station Fake DHCP server detection Multicast VRRP agent detection Unencrypted wired leakage detected Wellenreiter Fata-Jack Attack detection NetBIOS detection ID theft—EAPOL success spoof detection Null probe response detection ID theft—out of sequence Probe response flood detection Y Invalid channel advertised Rogue AP detection Invalid management frame STP detection IPX detection Unauthorized bridge detection Y Monkey-Jack Attack detection Windows zero config memory leak WLAN Jack Attack detection © 2011 Brocade Communications Systems, Inc. Company Proprietary Information
  41. 41. Brocade Mobility Enterprise Wireless LAN Access Points Mobility Controllers Wireless IDS Mobility 7131/7131N Mobility RFS4000 AirDefense Enterprise Mobility RFS6000 Mobility 650 Advanced Forensics LiveRF Mobility 6511 Advanced Mobility RFS7000 Troubleshooting Spectrum Analysis© 2011 Brocade Communications Systems, Inc. Company Proprietary Information 41
  42. 42. Brocade Mobility 7131Product highlights  Scalable resilient wireless infrastructure – 802.11a/b/g/n – Adaptive Switch assisted Mesh – Mesh networking for data backhaul  Advanced features – Best solution for 802.11n with PoE+ support – 802.11h WW operation dynamic freq selection – Virtual AP: wireless VLANs, separate broadcast domains – Wireless mobility at Layer 2 or Layer 3 – WiFi Multimedia extensions for QoS  Ease of management – Zero-configuration setup using plug-and-play architecture – WLAN Manager: deploy, configure, and monitor all controllers and APs from single console  Robust security – Integrated Wireless IPS, rogue AP protection, wireless firewall, and guest access – WIPS sensor for Air Defense – 802.1x supplicant: auth to Radius server November 2009 © 2011 Brocade Communications Systems, Inc. Company Proprietary Information 42
  43. 43. Brocade Mobility 650 APKey Specifications 802.11n performance that is priced for value • Full performance on 802.3af power • 2x3 MIMO for improved RF performance • Rated for operation from 0 – 50 degrees C • Fully DFS2 compliant for full use of 5GHz channels Flexibility of installation • Dual or Single radio SKUs available • Metal Plenum rated version with external antennas • Attractive non-plenum plastic enclosure with integrated antennas© 2011 Brocade Communications Systems, Inc. Company Proprietary Information 43
  44. 44. Brocade Mobility 6511 Wallplate Access PointConverged Wired/Wireless 802.11n connectivity 70 mm • 300 Mbps 802.11n radio • Sleek low-profile design • Optional Ethernet module 115 mm • Controller-less operation • Value pricing© 2011 Brocade Communications Systems, Inc. Company Proprietary Information 44
  45. 45. Brocade WLAN Controller Portfolio Small campus Mission-critical campus High-performance campus • Brocade Mobility RFS4000 • Brocade Mobility RFS6000 • Brocade Mobility RFS7000 • 36 Adaptive APs • 256 Adaptive APs • 1024 Adaptive APs • 500 WLAN devices • 2000 WLAN devices • 8000 WLAN devices • For: • For: • For: • Healthcare clinics • K-12 • Higher Ed • Small businesses • Midsized campuses • Healthcare • Branch/remote offices • Large campuses© 2011 Brocade Communications Systems, Inc. Company Proprietary Information 45
  46. 46. CONFIGURATION/ ADMINISTRATION© 2011 Brocade Communications Systems, Inc. Company Proprietary Information 49
  47. 47. Ease of MigrationIndustry-Standard CLI Familiar CLI = Smooth transition Cisco Configuration Example: Brocade Configuration Example: interface ethernet 1 interface ethernet 1 ip address 10.1.1.1 255.255.255.0 ip address 10.1.1.1 255.255.255.0 ! ip ospf area 0.0.0.0 interface ethernet 2 ! ip address 20.1.1.1 255.255.255.0 interface ethernet 2 ! ip address 20.1.1.1 255.255.255.0 router rip ip rip v2-only version 2 ! network 20.0.0.0 router rip no-summary ! ! router ospf router ospf 10 area 0.0.0.0 network 10.1.1.0 0.0.0.255 area 0 redistribution rip redistribution rip ! ! router bgp router bgp 100 local-as 100 neighbor 209.157.23.99 remote-as 200 neighbor 209.157.23.99 remote-as 200© 2011 Brocade Communications Systems, Inc. Company Proprietary Information 50
  48. 48. sFlow Technology Switch/Route sFlow Datagram (UDP6343) r forward sFlow packet src/dst sampling forwardi user URL i/f header i/f parms ng ID counters ing agent eg 128B rate src src/dst tables interface MAC poo 802.1p/Q Radius IPv4 l dst TACACS counters IPv6 802.1p/Q IPX next hop Foundry 1 in N AppleTalk src/dst samplin ASIC g mask AS path communitie s localPref Network sFlow Collector & Analyzer© 2011 Brocade Communications Systems, Inc. Company Proprietary Information 51
  49. 49. Closed Embedded sFlow Reporting and Analysis Loop Security Issues – Traffic monitoring requires multiple devices – Difficult to deploy and maintain Solution Brocade sFlow report and analysis:IronView – All switches act as traffic sFlow monitors – Unified security and traffic analysis – Identify top talkers App and – Traffic, protocol, trend analysisWeb Servers – 802.1x user ID detection Benefits • Monitor traffic flows network-wide • Simplify network analysis • Reduce overall operational costs 802.1X and/orCall Manager MAC Authentication (IP Phones) © 2011 Brocade Communications Systems, Inc. Company Proprietary Information 52
  50. 50. Brocade Network AdvisorSingle-Pane-of-Glass Management for Data Center Networks• Data center-wide platform for all network types: Ethernet, Fibre Channel, and DCB• Predictive event notification• Open northbound APIs NORTHBOUND APIs Brocade• Integration with leading Network Advisor orchestration tools• VMware and Microsoft ELEMENT MANAGEMENT hypervisor plug-ins LAN Converged SAN© 2011 Brocade Communications Systems, Inc. Company Proprietary Information 53
  51. 51. Brocade Network AdvisorSimplified Management for SAN, IP and Converged Networks• Unified Network Management product for SAN, IP, Application Delivery, and Converged Networks 1 2 3 • One management GUI across FC, IP, FCoE protocols • Custom views based on Operator specialization • Flexible user management 5 6 4 with Role Based Access Control• Standards-based architecture• Provides seamless integration with leading partner Orchestration frameworks 1 SAN Operational Status 4 IP Reachability Status 2 SAN Inventory 5 IP Inventory 3 Events Summary 6 Status Summary © 2011 Brocade Communications Systems, Inc. Company Proprietary Information 54
  52. 52. Brocade Network AdvisorEnd-to-End Service Orchestration with Leading Partner Products• Open architecture with industry- standard APIs (SMI-S, Web Services, NETCONF, SNMP) NORTHBOUND APIs• Seamless integration with leading Orchestration Frameworks and Service Delivery platforms• VMware and Microsoft hypervisor NETWORK MANAGEMENT plug-ins LAN Converged SAN © 2011 Brocade Communications Systems, Inc. Company Proprietary Information 55
  53. 53. WHEN YOU THINKNETWORKS, THINKBROCADEDěkuji za pozornost!© 2011 Brocade Communications Systems, Inc. Company Proprietary Information 56

×