SlideShare a Scribd company logo
“There is nothing more important
than our customers”
Identity Management and Network Access Control
An open communication solution for location and identity assurance OCS LIA formerly known as
SALERNO
Markus Nispel
VP Solutions Architecture
markus.nispel@enterasys.com
Inderpreet Singh
Director, Solution Architecture
inderpreet.singh@siemens-enterprise.com
© 2008 Enterasys Networks, Inc. All rights reserved.
Why should you care ?
• OCS LIA is the first technical integration that
provides a true unique selling proposition when
combining a Enterasys (NAC) solution with a
SIEMENS Enterprise Communications UC solution
­ even using standard protocols and API´s noone in the
market is able to provide a similar solution
­ a unique value in projects and RFP´s
­ and still open to other vendor´s infrastructure as
Enterasys NAC does support this inherently
• It provides a tangible value to the customer that
results in a lower TCO (through lower OPEX) and a
higher security along with visibility into the IT
infrastructure
• The solution is not limited to VOIP only. A
professional services based integration into any
asset/inventory database at the customer site is
always possible: the result is IT workflow
integration, reduced operational costs and a
loyal customer
© 2008 Enterasys Networks, Inc. All rights reserved.
What does it for you ?
• Automatic inventory and location service reduces risk of operation
of non­compliant end­devices with invalid configuration or software
release.
• Automatic adaptation and location-based configuration of end­
devices and usage of special functionalities (e.g. configuration of
speed dial button)
• IP phone monitoring Detecting non­compliant and compromised
end­devices
• Automatic authentication and authorization Warranty of secure,
reliable and high­quality operation of real­time applications through
automatically assigned QoS-parameter and security profiles
(ACL and VLAN)
• Finally the use of this solution provides the following value
add:
• Reduces administrative effort and costs
• Increases protection and reliability of real­time applications
• Minimizes the risk of attacks and the probability of outage
• Increases compliance to enterprise’s security policies
• http://www.enterasys.com/company/literature/auto-voip-deploy.pdf
© 2008 Enterasys Networks, Inc. All rights reserved. 4
What is NAC ?
• A User focused technology that:
­ Authorizes a user or device (PC, Phone, Printer) and
­ Permits access to resources based on identity authentication of
the user (and/or device) as well as based on the security
posture of the device along with location and time
­ The parameters are set in the so called Pre-Connect Assessment
(aka Health Check), i.e. before connecting to the infrastructure
­ However, during normal operation, regular checks should be
conducted as part of the Post-Connect Assessment
© 2008 Enterasys Networks, Inc. All rights reserved.
What do you need to deploy OCS LIA ?
• Enterasys Network Access Control NAC
Version 3.1.2 or above
­ at least implemented in discovery mode (with
MAC authentication (802.1x can be used too)
enabled on the access sitches and access points)
using a default autorization for all endpoints
­ along with professional services from Enterasys
to implement the solution and the OCS LIA
middleware
• Siemens HiPath Deployment Service DLS
V2R4
­ supporting OpenStage and Optipoint VOIP
endpoints in both SIP and HFA mode
­ Additional location service licenses for each
device that should be supported for this feature
­ Along with professional services from SEN to
properly setup up the DLS (also for web
services usage) and optionally configure the
infrastructure policies
5
© 2008 Enterasys Networks, Inc. All rights reserved.
Enterasys NAC - in Any Environment
•Hybrid deployment
­ Best of both models for mixed environments
­ Single, integrated solution – seamless management from single system
.
Enterprise
Network
Enterasys Policy
capable switch
RFC3580 capable
switch
RFC3580 capable
Wireless Access PointNAC Gateway
Core EdgeDistribution
Non-intelligent
Wireless
VPN
Non-intelligent edge
switches
Shared Access LAN
NAC Controller
NAC Manager
© 2008 Enterasys Networks, Inc. All rights reserved. 7
• Enterasys Matrix™
and SecureStack™
Switches, HiPath
WLAN, Roamabout
• and/or
• Third Party Switch or
WLAN Access Point
(RFC 3580-compliant)
• and/or
• NAC Controller (includes
all Gateways functions and
Assessment Service)
• Enterasys NAC
Manager
­ Software plugin to NetSight
Console
­ Centralized administration of
NAC Gateways and
Controllers
Management
Enterasys NAC - Components
Detection, Authentication,
Remediation, Assessment
• Enterasys NAC Gateway
­ (Proxy) RADIUS
­ Remediation and Registration
­ Optional Assessment Service
integrated
• Assessment Service
­ optional
­ Nessus, Retina Eye, Enterasys
­ Interface to integrate other
servers
Authorization
© 2008 Enterasys Networks, Inc. All rights reserved.
NAC Gateway – with „any“ access device
• Policy Mapping table in NAC 3.2 - create independency of device
type and topology
- More flexible VLAN name based approaches
- Globally configured
- Location based = Switch IP and Switch Port (and AP´s, SSID´s etc. ..)
• Will also support authorization methods like Cisco ACL, Login-LAT
Group or a combination of these along with fully customizeable radius
attributes to map Policy to an appropriate authorization
alternative
© 2008 Enterasys Networks, Inc. All rights reserved.
wired
LAN
Siemens
HiPath DLS
Event-based
synchronization of
data-bases via API: IP
phone, phone
number, switch,
switch-port, building,
room
NAC
Manager
HiPath/OpenSc
ape
Platform
Enterasys NAC
Appliance
Database with physical
infrastructure / cabling
- wall-socket
- Building
- Room
Open Communication Solution for Location
and Identity Assurance: Enterasys NAC / Siemens HiPath
DLS
12345 10.1.1.10 xx-xy-yy-yz-zz-az Access 1 10.9.9.8 fe.0.15 B. A 130 3 4.2.4
34567 10.1.1.18 aa-bb-cc-dd-ee-ff Access 2 10.9.9.9 fe.1.8 B. B 241 1 4.2.4
56789 10.1.1.25 ab-cd-ef-gh-ij-kl Access 3 10.9.9.10 fe.2.21 B. A 412 2 4.2.2
Phone
number
Phone IP
Address
Phone MAC
Address
Switch-
name
Switch IP
Address
Switch-
port
Building Room Wall jacket
Phone
Software
pro services
© 2008 Enterasys Networks, Inc. All rights reserved. 10
Agile enterprises use service-
oriented architectures (SOAs) and
extend SOA with events where
appropriate. Service and event
architectures make enterprise
computing more effective and
flexible than traditional,
monolithic "stovepipe" systems.
Success requires a knowledge of
common deployment patterns and
fundamental success factors.
Source: Gartner, 4. April 2007 Applied SOA:
Transforming Fundamental Principles Into Best
Practices
OCS LIA Integrator/Middleware –
SOA based
© 2008 Enterasys Networks, Inc. All rights reserved. 11
•WSDL (Web Services Description
Language) is the proposed standard
that is used for the service interface
definition in most new development
tools
•XML (eXtended Markup Language)
is used to transport the messages in
a machine to machine
communication scenario over IP
based networks
•OCS LIA is based on these widely
accepted and deployed standards
OCS LIA Integrator/Middleware –
SOA and Web Services
© 2008 Enterasys Networks, Inc. All rights reserved.
OCS LIA Integrator/Middleware –
General Features
• Synchronize endsystem data from NetSight (NAC) database to HiPath
DLS
• Synchronize VoIP phone number, type and SW version to NetSight
endsystem database
• Detect HiPath DLS restarts (for full re-sync)
• Detect new phones on DLS side (for individual sync)
• Periodic cache cleanup to eliminate old outdated cache entries
• Retry mechanism in case of unreachable external systems
• Detection of IP mismatch due to VLAN configuration with delayed DLS
update (to prevent DLS jobs sent to old device IP)
• Flexible logging configuration
• Very flexible component configuration
• Support of multiple switches
• Support of multiple DLS servers
© 2008 Enterasys Networks, Inc. All rights reserved.
All device relevant data from NetSight, HiPath DLS servers and switches are
collected and cached within the Integrator using an internal cache. The IP
Infrastructure data record used here contains the following information:
Open Communication Solution for Location
and Identity Assurance: IP Infrastructure Cache
© 2008 Enterasys Networks, Inc. All rights reserved.
• The exchanged data is presented as additional endsystem data in the NAC
Manager but also on the HiPath DLS
Device phone number
(e.g. 43254)
Device Type and SW version
(e.g. OpenStage 80:V1
R4.14.0)
DLS IP Infrastructure
Enterasys NMS NAC Manager: Endsystem View
Open Communication Solution for
Location and Identity Assurance: data
exchange
© 2008 Enterasys Networks, Inc. All rights reserved.
Siemens OpenStage VOIP Phone
Open Communication Solution for
Location and Identity Assurance: location
based configuration
© 2008 Enterasys Networks, Inc. All rights reserved. 16
MUA&PLogic 802.1X
PWA
MAC
RADIUSauthority
Dynamic
admin rule
DFE
802.1X credentials
PWA credentials
802.1X login
Filter ID  policy sales
SMAC = Anita
SMAC = Bob
PWA login
SMAC = Phone
MAC traffic
MAC credentials
Filter ID  policy phone
Dynamic
admin rule
Dynamic
Admin rule
Port X
Filter ID  credit
Policy sales
Policy credit
Policy Phone
• Inherent advantage, from 2 (3) up to 2048 devices per port and system
• Supported by B/C/G/D and N/NGN/S Series (partially dependant on licenses)
• Different authentication methods (in random (depends on the product)
combination per port/user)
­ 802.1x, PWA (Web), MAC authentication, RADIUS, Kerberos, Default role ....
• Single physical interface but multiple roles (and VLAN´s)
The value of using Enterasys switch hardware
Multi-user authentication AND policy
Enterasys Switch
© 2008 Enterasys Networks, Inc. All rights reserved.
Roles, Services , Rules
Network
Administrator
VOIPOffice Non-OfficeDenyRIP
DenyOSPF
DenyApple
DenyIPX
DenyDHCPReply
DenyIPRange
AllowARP,DNS
AllowRTP128kbit/s
AllowSNMP
AllowSIP2Mbit/s
DenySNMP
DenyTelnet
DenyTFTP
DropApple
DropIPX
DropDecNet
Deny Faculty
Server Farm
Administrative
Protocols
Acceptable Use
Legacy
Protocols SIP Only
The value of using Enterasys switch hardware
Authorization/Policy – roles & rules
© 2008 Enterasys Networks, Inc. All rights reserved. 18
Corporate &
Regulatory
Compliance
Can I enforce these regulations prior to granting network
access?
Do I have reporting and auditing tools to verify compliance?
NAC – other application scenarios
Network
Usage
Who is using the network infrastructure?
Are these users authorized?
Does access correspond to organizational role?
Workstation
Security
Does system have up-to-date OS patches?
Does every system conform to corporate security standards?
Guest
Users
Does a guest system contain threats?
Can I limit access for guest users?
Non-Workstation
End Systems
Is this device what it claims to be?
Can I assess its security posture?
Can I locate rogue Access Points, hijacked print servers etc?
© 2008 Enterasys Networks, Inc. All rights reserved.
IAM - principles
• Network technology, distributed
computing and the Internet have made
it possible to dramatically extend
application and information access to
users well beyond the typical
organizational boundaries. The related
security risks, management issues and
compliance requirements mus be
adressed.
o Who is accessing my applications or
data?
o What are they authorized to do?
o Should they have those authorizations?
• The tools that allow to answer these
questions and maintain control over
users and their access make up an
identity and access management (IAM)
solution
© 2008 Enterasys Networks, Inc. All rights reserved.
NAC & IAM integration - Why
• NAC is a very useful tool in reducing and controlling the risks to
your network infrastructure. However, although it relies on user
authentication, on its own this is really no more than a means to
identify a device.
• The problems of providing each individual user with only the
access they are authorised for, and no more, remain. The solution
is to tie the authentication process with a robust identity management
(IDM) solution, applying network controls to an individual or a well­
defined group. This process is sometimes referred to as Identity Driven
Networking (IDN).
© 2008 Enterasys Networks, Inc. All rights reserved.
NAC & IAM – Positioning
Enterasys
NAC
Gateway
Enterasys
NAC
Controller
Directory
MS-NPS
RADIUS
SIEM
802.1X
MS
AGENT
1X,MAC,WEB LDAP
EAP-PEAP [TNCCS-SOH]
PAP, CHAP, EAP-M
D5
HEALTH CHECK
XM
L_API
802.1X
IF-MAP
PEP and PDP
Policy Enforcement Point
Policy Decision Point
Kerberos
Location
Asset Management
Policy provisioning
and
assignm
ent
Enterasys
AGENT
XM
L API
© 2008 Enterasys Networks, Inc. All rights reserved.
NAC & IAM integration - Advantages
• Users are managed
centrally in the IDM system
for all connected applications
(including the network).
• The process of managing
joiners, movers and
leavers can be automated
and linked to other key
processes (e.g. HR).
• Users are automatically
added or deleted when
they join and leave the
organisation. This not only
eases the administrative
burden for IT support, but
also enhances security
because users have their
access revoked or suspended
the moment they leave.
© 2008 Enterasys Networks, Inc. All rights reserved.
NAC & IAM - Status
• Integration of Enterasys NAC and the SEN TISA – Totally Integrated
Security Architecture
­ proof of Concept shown at Open Minds event in april 2009
­ plans to show at Interop 2009
­ Joint Whitepaper available on BeFirst
• Currently based on NAC 3.2 with LDAP integration (role/policy
assigment based on LDAP attributes) and Kerberos based
authentication
­ Offical integration and documentation underway
­ Possible Web­ and 802.1x­based Integration
23
© 2008 Enterasys Networks, Inc. All rights reserved.
First Win – Higher Education Vertical
European School of Management and Technology (ESMT)
Berlin, Germany
Business Drivers ESMT Solution
Case Results…
 Segregated data and telecom networks
 IP phone inventory and config
management was cumbersome
 No single view of IP comms
infrastructure and devices for admin and
management
 Enterasys NMS and NAC solution
 HiPath DLS
 Full policy enabled networking
infrastructure with N-Series switches
 Voice/Telephony HiPath 3000
 Low cost, low effort to integrate ETS and SEN components (within one week)
 Total view (location, state, posture) of IP devices throughout network under one
management domain
 Rules based policy enforcement, error flagging and notification in real time
“The open architecture and integration of
SEN and Enterasys’ systems required
minimal effort from our team. Their
professional services experts succeeded in
implementing an overarching management
system in just one week, saving us a huge
amount of work while at the same time
making communication more secure.”
Thomas Giese, IT Network Services for
ESMT.
© 2008 Enterasys Networks, Inc. All rights reserved.
More questions
• Just contact
Markus Nispel
VP Solutions Architecture
Enterasys Networks
Solmsstrasse 83
60486 Frankfurt
Phone: +49 69 47860 253
Fax: +49 69 47860 364
Cell: +49 172 8638003
Email:
markus.nispel@enterasys.com
www: http://www.enterasys.com
25
Inderpreet Singh
Director, Solutions Architecture
Converged Networks and Security
Siemens Enterprise Communications
271 Mill Road
Chelmsford, MA 01824
USA
Phone: +1 978 367 7604
Cell: +1 978 764 6855
Email:
inderpreet.singh@siemens­enterprise.c
Please contact us if you have additional input on potential joint solutions of Enterasys and SEN
“There is nothing more important
than our customers”
Thank You

More Related Content

What's hot

Enterprise Architecture, Deployment and Positioning
Enterprise Architecture, Deployment and Positioning Enterprise Architecture, Deployment and Positioning
Enterprise Architecture, Deployment and Positioning
Cisco Russia
 
F5 Scale n and BIG-IP v11 3 for Scalar Partner Event June 4 2013 Toronto
F5 Scale n and BIG-IP v11 3 for Scalar Partner Event June 4 2013 TorontoF5 Scale n and BIG-IP v11 3 for Scalar Partner Event June 4 2013 Toronto
F5 Scale n and BIG-IP v11 3 for Scalar Partner Event June 4 2013 Toronto
patmisasi
 
NSA Capstone Presentation
NSA Capstone PresentationNSA Capstone Presentation
NSA Capstone Presentation
Minh Vu
 
F5 iHealth Presentation 10 22-10
F5 iHealth Presentation 10 22-10F5 iHealth Presentation 10 22-10
F5 iHealth Presentation 10 22-10
F5 Networks
 
CompTIA Security Plus Overview
CompTIA Security Plus OverviewCompTIA Security Plus Overview
CompTIA Security Plus Overview
Joseph Holbrook, Chief Learning Officer (CLO)
 
Document case study-Systweak - Go4Hosting
Document case study-Systweak - Go4HostingDocument case study-Systweak - Go4Hosting
Document case study-Systweak - Go4Hosting
Go4hosting Web Hosting Provider
 
Is the Network Tap Mightier Than the Sword
Is the Network Tap Mightier Than the SwordIs the Network Tap Mightier Than the Sword
Is the Network Tap Mightier Than the Sword
LiveAction Next Generation Network Management Software
 
Cisco Spark Hybrid Services & Cloud Collaboration
Cisco Spark Hybrid Services & Cloud CollaborationCisco Spark Hybrid Services & Cloud Collaboration
Cisco Spark Hybrid Services & Cloud Collaboration
Cisco Canada
 
[Cisco Connect 2018 - Vietnam] Rajinder singh cisco sd-wan-next generation ...
[Cisco Connect 2018 - Vietnam] Rajinder singh   cisco sd-wan-next generation ...[Cisco Connect 2018 - Vietnam] Rajinder singh   cisco sd-wan-next generation ...
[Cisco Connect 2018 - Vietnam] Rajinder singh cisco sd-wan-next generation ...
Nur Shiqim Chok
 
G3sixty Overview
G3sixty OverviewG3sixty Overview
G3sixty Overview
toharendi123
 
Benefits of disaggregation and open source networking in data centers
Benefits of disaggregation and open source networking in data centersBenefits of disaggregation and open source networking in data centers
Benefits of disaggregation and open source networking in data centers
Aruba, a Hewlett Packard Enterprise company
 
Technology Overview - Symantec IT Management Suite (ITMS)
Technology Overview - Symantec IT Management Suite (ITMS)Technology Overview - Symantec IT Management Suite (ITMS)
Technology Overview - Symantec IT Management Suite (ITMS)
Iftikhar Ali Iqbal
 
VMworld 2013: VMware Compliance Reference Architecture Framework Overview
VMworld 2013: VMware Compliance Reference Architecture Framework Overview VMworld 2013: VMware Compliance Reference Architecture Framework Overview
VMworld 2013: VMware Compliance Reference Architecture Framework Overview
VMworld
 
Wi-Fi Security Fundamentals
Wi-Fi Security FundamentalsWi-Fi Security Fundamentals
Wi-Fi Security Fundamentals
Aruba, a Hewlett Packard Enterprise company
 
Aruba ClearPass Exchange Deep Dive
Aruba ClearPass Exchange Deep DiveAruba ClearPass Exchange Deep Dive
Aruba ClearPass Exchange Deep Dive
Aruba, a Hewlett Packard Enterprise company
 
S series presentation
S series presentationS series presentation
S series presentation
Sergey Marunich
 
Meraki powered services bell
Meraki powered services   bellMeraki powered services   bell
Meraki powered services bell
Cisco Canada
 
Secure collab on prem hikmat
Secure collab on prem   hikmatSecure collab on prem   hikmat
Secure collab on prem hikmat
Cisco Canada
 
Cisco Identity Services Engine (ISE)
Cisco Identity Services Engine (ISE)Cisco Identity Services Engine (ISE)
Cisco Identity Services Engine (ISE)
Anwesh Dixit
 
TechWiseTV Workshop: SD-WAN Security
TechWiseTV Workshop: SD-WAN SecurityTechWiseTV Workshop: SD-WAN Security
TechWiseTV Workshop: SD-WAN Security
Robb Boyd
 

What's hot (20)

Enterprise Architecture, Deployment and Positioning
Enterprise Architecture, Deployment and Positioning Enterprise Architecture, Deployment and Positioning
Enterprise Architecture, Deployment and Positioning
 
F5 Scale n and BIG-IP v11 3 for Scalar Partner Event June 4 2013 Toronto
F5 Scale n and BIG-IP v11 3 for Scalar Partner Event June 4 2013 TorontoF5 Scale n and BIG-IP v11 3 for Scalar Partner Event June 4 2013 Toronto
F5 Scale n and BIG-IP v11 3 for Scalar Partner Event June 4 2013 Toronto
 
NSA Capstone Presentation
NSA Capstone PresentationNSA Capstone Presentation
NSA Capstone Presentation
 
F5 iHealth Presentation 10 22-10
F5 iHealth Presentation 10 22-10F5 iHealth Presentation 10 22-10
F5 iHealth Presentation 10 22-10
 
CompTIA Security Plus Overview
CompTIA Security Plus OverviewCompTIA Security Plus Overview
CompTIA Security Plus Overview
 
Document case study-Systweak - Go4Hosting
Document case study-Systweak - Go4HostingDocument case study-Systweak - Go4Hosting
Document case study-Systweak - Go4Hosting
 
Is the Network Tap Mightier Than the Sword
Is the Network Tap Mightier Than the SwordIs the Network Tap Mightier Than the Sword
Is the Network Tap Mightier Than the Sword
 
Cisco Spark Hybrid Services & Cloud Collaboration
Cisco Spark Hybrid Services & Cloud CollaborationCisco Spark Hybrid Services & Cloud Collaboration
Cisco Spark Hybrid Services & Cloud Collaboration
 
[Cisco Connect 2018 - Vietnam] Rajinder singh cisco sd-wan-next generation ...
[Cisco Connect 2018 - Vietnam] Rajinder singh   cisco sd-wan-next generation ...[Cisco Connect 2018 - Vietnam] Rajinder singh   cisco sd-wan-next generation ...
[Cisco Connect 2018 - Vietnam] Rajinder singh cisco sd-wan-next generation ...
 
G3sixty Overview
G3sixty OverviewG3sixty Overview
G3sixty Overview
 
Benefits of disaggregation and open source networking in data centers
Benefits of disaggregation and open source networking in data centersBenefits of disaggregation and open source networking in data centers
Benefits of disaggregation and open source networking in data centers
 
Technology Overview - Symantec IT Management Suite (ITMS)
Technology Overview - Symantec IT Management Suite (ITMS)Technology Overview - Symantec IT Management Suite (ITMS)
Technology Overview - Symantec IT Management Suite (ITMS)
 
VMworld 2013: VMware Compliance Reference Architecture Framework Overview
VMworld 2013: VMware Compliance Reference Architecture Framework Overview VMworld 2013: VMware Compliance Reference Architecture Framework Overview
VMworld 2013: VMware Compliance Reference Architecture Framework Overview
 
Wi-Fi Security Fundamentals
Wi-Fi Security FundamentalsWi-Fi Security Fundamentals
Wi-Fi Security Fundamentals
 
Aruba ClearPass Exchange Deep Dive
Aruba ClearPass Exchange Deep DiveAruba ClearPass Exchange Deep Dive
Aruba ClearPass Exchange Deep Dive
 
S series presentation
S series presentationS series presentation
S series presentation
 
Meraki powered services bell
Meraki powered services   bellMeraki powered services   bell
Meraki powered services bell
 
Secure collab on prem hikmat
Secure collab on prem   hikmatSecure collab on prem   hikmat
Secure collab on prem hikmat
 
Cisco Identity Services Engine (ISE)
Cisco Identity Services Engine (ISE)Cisco Identity Services Engine (ISE)
Cisco Identity Services Engine (ISE)
 
TechWiseTV Workshop: SD-WAN Security
TechWiseTV Workshop: SD-WAN SecurityTechWiseTV Workshop: SD-WAN Security
TechWiseTV Workshop: SD-WAN Security
 

Viewers also liked

Introduction to InTouch Machine Edition (ITME)
Introduction to InTouch Machine Edition (ITME)Introduction to InTouch Machine Edition (ITME)
Introduction to InTouch Machine Edition (ITME)
Wonderware InTouch Machine Edition
 
I know what your packet did last hop using packet histories to troubleshoot...
I know what your packet did last hop  using  packet histories to troubleshoot...I know what your packet did last hop  using  packet histories to troubleshoot...
I know what your packet did last hop using packet histories to troubleshoot...
承達 蔡
 
Каталог Adder
Каталог AdderКаталог Adder
Каталог Adder
KVM Tech
 
Tn548 installing microsoft sql server 2012 for wonderware products
Tn548 installing microsoft sql server 2012 for wonderware productsTn548 installing microsoft sql server 2012 for wonderware products
Tn548 installing microsoft sql server 2012 for wonderware products
Gustavo Alvarez
 
Extreme_Networks_Loyola_High_School
Extreme_Networks_Loyola_High_SchoolExtreme_Networks_Loyola_High_School
Extreme_Networks_Loyola_High_School
Kevin Behnke
 
Enterasys Networks Corporate Presentation
Enterasys Networks Corporate PresentationEnterasys Networks Corporate Presentation
Enterasys Networks Corporate Presentation
Robert Nilsson
 
Zero Day Response: Strategies for Cyber Security Defense
Zero Day Response: Strategies for Cyber Security DefenseZero Day Response: Strategies for Cyber Security Defense
Zero Day Response: Strategies for Cyber Security Defense
Tripwire
 
Dcs capabilities
Dcs capabilitiesDcs capabilities
Dcs capabilities
Generic Logical
 
SOFTWARE DEFINED NETWORKING: FROM CAMPUS TO CARRIER, TO CLOUD
SOFTWARE DEFINED NETWORKING: FROM CAMPUS TO CARRIER, TO CLOUDSOFTWARE DEFINED NETWORKING: FROM CAMPUS TO CARRIER, TO CLOUD
SOFTWARE DEFINED NETWORKING: FROM CAMPUS TO CARRIER, TO CLOUD
Open Networking Summits
 
Upcoming Event: Wonderware Next Generation Conference
Upcoming Event: Wonderware Next Generation ConferenceUpcoming Event: Wonderware Next Generation Conference
Upcoming Event: Wonderware Next Generation Conference
shannon fisk
 
Best practices in dcs migration webcast
Best practices in dcs migration webcastBest practices in dcs migration webcast
Best practices in dcs migration webcast
Invensys Operations Management
 
5915
59155915
Web Based Reporting
Web Based ReportingWeb Based Reporting
Web Based Reporting
Wonderware United Kingdom
 
Technical Note - ITME: Running StADOSvr.exe as a Service
Technical Note - ITME: Running StADOSvr.exe as a ServiceTechnical Note - ITME: Running StADOSvr.exe as a Service
Technical Note - ITME: Running StADOSvr.exe as a Service
Wonderware InTouch Machine Edition
 
Extreme networks-pbt2034
Extreme networks-pbt2034Extreme networks-pbt2034
Extreme networks-pbt2034
He Hariyadi
 
Vala Afshar - The Power of Collaboration
Vala Afshar - The Power of CollaborationVala Afshar - The Power of Collaboration
Vala Afshar - The Power of Collaboration
Core Networks, LLC
 
Enterasys Networks for Retail Industry presentation
Enterasys Networks for Retail Industry presentationEnterasys Networks for Retail Industry presentation
Enterasys Networks for Retail Industry presentation
Robert Nilsson
 
Wonderware InTouch
Wonderware InTouchWonderware InTouch
Wonderware InTouch
Omair Tariq
 
White paper - Actionable Alarming - Wonderware-Schneider Electric
White paper - Actionable Alarming - Wonderware-Schneider ElectricWhite paper - Actionable Alarming - Wonderware-Schneider Electric
White paper - Actionable Alarming - Wonderware-Schneider Electric
Suman Singh
 
SEN Company Overview
SEN Company OverviewSEN Company Overview
SEN Company Overview
dgeorgiou79
 

Viewers also liked (20)

Introduction to InTouch Machine Edition (ITME)
Introduction to InTouch Machine Edition (ITME)Introduction to InTouch Machine Edition (ITME)
Introduction to InTouch Machine Edition (ITME)
 
I know what your packet did last hop using packet histories to troubleshoot...
I know what your packet did last hop  using  packet histories to troubleshoot...I know what your packet did last hop  using  packet histories to troubleshoot...
I know what your packet did last hop using packet histories to troubleshoot...
 
Каталог Adder
Каталог AdderКаталог Adder
Каталог Adder
 
Tn548 installing microsoft sql server 2012 for wonderware products
Tn548 installing microsoft sql server 2012 for wonderware productsTn548 installing microsoft sql server 2012 for wonderware products
Tn548 installing microsoft sql server 2012 for wonderware products
 
Extreme_Networks_Loyola_High_School
Extreme_Networks_Loyola_High_SchoolExtreme_Networks_Loyola_High_School
Extreme_Networks_Loyola_High_School
 
Enterasys Networks Corporate Presentation
Enterasys Networks Corporate PresentationEnterasys Networks Corporate Presentation
Enterasys Networks Corporate Presentation
 
Zero Day Response: Strategies for Cyber Security Defense
Zero Day Response: Strategies for Cyber Security DefenseZero Day Response: Strategies for Cyber Security Defense
Zero Day Response: Strategies for Cyber Security Defense
 
Dcs capabilities
Dcs capabilitiesDcs capabilities
Dcs capabilities
 
SOFTWARE DEFINED NETWORKING: FROM CAMPUS TO CARRIER, TO CLOUD
SOFTWARE DEFINED NETWORKING: FROM CAMPUS TO CARRIER, TO CLOUDSOFTWARE DEFINED NETWORKING: FROM CAMPUS TO CARRIER, TO CLOUD
SOFTWARE DEFINED NETWORKING: FROM CAMPUS TO CARRIER, TO CLOUD
 
Upcoming Event: Wonderware Next Generation Conference
Upcoming Event: Wonderware Next Generation ConferenceUpcoming Event: Wonderware Next Generation Conference
Upcoming Event: Wonderware Next Generation Conference
 
Best practices in dcs migration webcast
Best practices in dcs migration webcastBest practices in dcs migration webcast
Best practices in dcs migration webcast
 
5915
59155915
5915
 
Web Based Reporting
Web Based ReportingWeb Based Reporting
Web Based Reporting
 
Technical Note - ITME: Running StADOSvr.exe as a Service
Technical Note - ITME: Running StADOSvr.exe as a ServiceTechnical Note - ITME: Running StADOSvr.exe as a Service
Technical Note - ITME: Running StADOSvr.exe as a Service
 
Extreme networks-pbt2034
Extreme networks-pbt2034Extreme networks-pbt2034
Extreme networks-pbt2034
 
Vala Afshar - The Power of Collaboration
Vala Afshar - The Power of CollaborationVala Afshar - The Power of Collaboration
Vala Afshar - The Power of Collaboration
 
Enterasys Networks for Retail Industry presentation
Enterasys Networks for Retail Industry presentationEnterasys Networks for Retail Industry presentation
Enterasys Networks for Retail Industry presentation
 
Wonderware InTouch
Wonderware InTouchWonderware InTouch
Wonderware InTouch
 
White paper - Actionable Alarming - Wonderware-Schneider Electric
White paper - Actionable Alarming - Wonderware-Schneider ElectricWhite paper - Actionable Alarming - Wonderware-Schneider Electric
White paper - Actionable Alarming - Wonderware-Schneider Electric
 
SEN Company Overview
SEN Company OverviewSEN Company Overview
SEN Company Overview
 

Similar to OCS LIA

F5 TMOS v13.0
F5 TMOS v13.0F5 TMOS v13.0
F5 TMOS v13.0
MarketingArrowECS_CZ
 
Nakina NOS Overview
Nakina NOS OverviewNakina NOS Overview
Nakina NOS Overview
hal2005
 
Esc who we are 2016 rev2
Esc who we are 2016 rev2Esc who we are 2016 rev2
Esc who we are 2016 rev2
thidisbogus
 
2017 02-17 rsac 2017 tech-f02
2017 02-17 rsac 2017 tech-f022017 02-17 rsac 2017 tech-f02
2017 02-17 rsac 2017 tech-f02
Shawn Wells
 
Partner Keynote: Intel - The New Frontier of Cloud Computing
Partner Keynote: Intel - The New Frontier of Cloud ComputingPartner Keynote: Intel - The New Frontier of Cloud Computing
Partner Keynote: Intel - The New Frontier of Cloud Computing
Amazon Web Services
 
JAMES ABSHIRE-Resume (2)
JAMES ABSHIRE-Resume (2)JAMES ABSHIRE-Resume (2)
JAMES ABSHIRE-Resume (2)
Jim Abshire
 
An introduction and overview to Software as a Service
An introduction and overview to Software as a Service An introduction and overview to Software as a Service
An introduction and overview to Software as a Service
InTechnology Managed Services (part of Redcentric)
 
Banv meetup-contrail
Banv meetup-contrailBanv meetup-contrail
Banv meetup-contrail
nvirters
 
RapidScale Company Presentation
RapidScale Company PresentationRapidScale Company Presentation
RapidScale Company Presentation
RapidScale
 
World Wide Technology Introduces Cisco ONE
World Wide Technology Introduces Cisco ONEWorld Wide Technology Introduces Cisco ONE
World Wide Technology Introduces Cisco ONE
World Wide Technology
 
Tail f Systems Whitepaper - Top Ten Management Issues for ATCA
Tail f Systems Whitepaper - Top Ten Management Issues for ATCATail f Systems Whitepaper - Top Ten Management Issues for ATCA
Tail f Systems Whitepaper - Top Ten Management Issues for ATCA
Tail-f Systems
 
AUSTINGSMITH-v7a-logo
AUSTINGSMITH-v7a-logoAUSTINGSMITH-v7a-logo
AUSTINGSMITH-v7a-logo
Austin Smith
 
Managed Hosting
Managed HostingManaged Hosting
Managed Hosting
webhostingguy
 
Compose hardware resources on the fly with openstack valence
Compose hardware resources on the fly with openstack valenceCompose hardware resources on the fly with openstack valence
Compose hardware resources on the fly with openstack valence
Shuquan Huang
 
The Intel Xeon Scalable Processor and IoT
The Intel Xeon Scalable Processor and IoTThe Intel Xeon Scalable Processor and IoT
The Intel Xeon Scalable Processor and IoT
Advantech Industrial Automation Group
 
The Evolving Data Center Network: Open and Software-Defined
The Evolving Data Center Network: Open and Software-DefinedThe Evolving Data Center Network: Open and Software-Defined
The Evolving Data Center Network: Open and Software-Defined
Dell World
 
Windows 7 For Itpro
Windows 7 For ItproWindows 7 For Itpro
Windows 7 For Itpro
Eduardo Castro
 
Blockchain solution architecture deliverable
Blockchain solution architecture deliverableBlockchain solution architecture deliverable
Blockchain solution architecture deliverable
Sarmad Ibrahim
 
Cisco connect montreal 2018 sd wan - delivering intent-based networking to th...
Cisco connect montreal 2018 sd wan - delivering intent-based networking to th...Cisco connect montreal 2018 sd wan - delivering intent-based networking to th...
Cisco connect montreal 2018 sd wan - delivering intent-based networking to th...
Cisco Canada
 
F5 9.x to 10.x Upgrade Customer Presentation
F5 9.x to 10.x Upgrade Customer PresentationF5 9.x to 10.x Upgrade Customer Presentation
F5 9.x to 10.x Upgrade Customer Presentation
F5 Networks
 

Similar to OCS LIA (20)

F5 TMOS v13.0
F5 TMOS v13.0F5 TMOS v13.0
F5 TMOS v13.0
 
Nakina NOS Overview
Nakina NOS OverviewNakina NOS Overview
Nakina NOS Overview
 
Esc who we are 2016 rev2
Esc who we are 2016 rev2Esc who we are 2016 rev2
Esc who we are 2016 rev2
 
2017 02-17 rsac 2017 tech-f02
2017 02-17 rsac 2017 tech-f022017 02-17 rsac 2017 tech-f02
2017 02-17 rsac 2017 tech-f02
 
Partner Keynote: Intel - The New Frontier of Cloud Computing
Partner Keynote: Intel - The New Frontier of Cloud ComputingPartner Keynote: Intel - The New Frontier of Cloud Computing
Partner Keynote: Intel - The New Frontier of Cloud Computing
 
JAMES ABSHIRE-Resume (2)
JAMES ABSHIRE-Resume (2)JAMES ABSHIRE-Resume (2)
JAMES ABSHIRE-Resume (2)
 
An introduction and overview to Software as a Service
An introduction and overview to Software as a Service An introduction and overview to Software as a Service
An introduction and overview to Software as a Service
 
Banv meetup-contrail
Banv meetup-contrailBanv meetup-contrail
Banv meetup-contrail
 
RapidScale Company Presentation
RapidScale Company PresentationRapidScale Company Presentation
RapidScale Company Presentation
 
World Wide Technology Introduces Cisco ONE
World Wide Technology Introduces Cisco ONEWorld Wide Technology Introduces Cisco ONE
World Wide Technology Introduces Cisco ONE
 
Tail f Systems Whitepaper - Top Ten Management Issues for ATCA
Tail f Systems Whitepaper - Top Ten Management Issues for ATCATail f Systems Whitepaper - Top Ten Management Issues for ATCA
Tail f Systems Whitepaper - Top Ten Management Issues for ATCA
 
AUSTINGSMITH-v7a-logo
AUSTINGSMITH-v7a-logoAUSTINGSMITH-v7a-logo
AUSTINGSMITH-v7a-logo
 
Managed Hosting
Managed HostingManaged Hosting
Managed Hosting
 
Compose hardware resources on the fly with openstack valence
Compose hardware resources on the fly with openstack valenceCompose hardware resources on the fly with openstack valence
Compose hardware resources on the fly with openstack valence
 
The Intel Xeon Scalable Processor and IoT
The Intel Xeon Scalable Processor and IoTThe Intel Xeon Scalable Processor and IoT
The Intel Xeon Scalable Processor and IoT
 
The Evolving Data Center Network: Open and Software-Defined
The Evolving Data Center Network: Open and Software-DefinedThe Evolving Data Center Network: Open and Software-Defined
The Evolving Data Center Network: Open and Software-Defined
 
Windows 7 For Itpro
Windows 7 For ItproWindows 7 For Itpro
Windows 7 For Itpro
 
Blockchain solution architecture deliverable
Blockchain solution architecture deliverableBlockchain solution architecture deliverable
Blockchain solution architecture deliverable
 
Cisco connect montreal 2018 sd wan - delivering intent-based networking to th...
Cisco connect montreal 2018 sd wan - delivering intent-based networking to th...Cisco connect montreal 2018 sd wan - delivering intent-based networking to th...
Cisco connect montreal 2018 sd wan - delivering intent-based networking to th...
 
F5 9.x to 10.x Upgrade Customer Presentation
F5 9.x to 10.x Upgrade Customer PresentationF5 9.x to 10.x Upgrade Customer Presentation
F5 9.x to 10.x Upgrade Customer Presentation
 

Recently uploaded

Leveraging the Graph for Clinical Trials and Standards
Leveraging the Graph for Clinical Trials and StandardsLeveraging the Graph for Clinical Trials and Standards
Leveraging the Graph for Clinical Trials and Standards
Neo4j
 
Main news related to the CCS TSI 2023 (2023/1695)
Main news related to the CCS TSI 2023 (2023/1695)Main news related to the CCS TSI 2023 (2023/1695)
Main news related to the CCS TSI 2023 (2023/1695)
Jakub Marek
 
Nordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptxNordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptx
MichaelKnudsen27
 
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
saastr
 
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
Jason Yip
 
HCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAUHCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAU
panagenda
 
Biomedical Knowledge Graphs for Data Scientists and Bioinformaticians
Biomedical Knowledge Graphs for Data Scientists and BioinformaticiansBiomedical Knowledge Graphs for Data Scientists and Bioinformaticians
Biomedical Knowledge Graphs for Data Scientists and Bioinformaticians
Neo4j
 
FREE A4 Cyber Security Awareness Posters-Social Engineering part 3
FREE A4 Cyber Security Awareness  Posters-Social Engineering part 3FREE A4 Cyber Security Awareness  Posters-Social Engineering part 3
FREE A4 Cyber Security Awareness Posters-Social Engineering part 3
Data Hops
 
Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024
Jason Packer
 
Serial Arm Control in Real Time Presentation
Serial Arm Control in Real Time PresentationSerial Arm Control in Real Time Presentation
Serial Arm Control in Real Time Presentation
tolgahangng
 
The Microsoft 365 Migration Tutorial For Beginner.pptx
The Microsoft 365 Migration Tutorial For Beginner.pptxThe Microsoft 365 Migration Tutorial For Beginner.pptx
The Microsoft 365 Migration Tutorial For Beginner.pptx
operationspcvita
 
“How Axelera AI Uses Digital Compute-in-memory to Deliver Fast and Energy-eff...
“How Axelera AI Uses Digital Compute-in-memory to Deliver Fast and Energy-eff...“How Axelera AI Uses Digital Compute-in-memory to Deliver Fast and Energy-eff...
“How Axelera AI Uses Digital Compute-in-memory to Deliver Fast and Energy-eff...
Edge AI and Vision Alliance
 
GraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracyGraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracy
Tomaz Bratanic
 
Astute Business Solutions | Oracle Cloud Partner |
Astute Business Solutions | Oracle Cloud Partner |Astute Business Solutions | Oracle Cloud Partner |
Astute Business Solutions | Oracle Cloud Partner |
AstuteBusiness
 
Dandelion Hashtable: beyond billion requests per second on a commodity server
Dandelion Hashtable: beyond billion requests per second on a commodity serverDandelion Hashtable: beyond billion requests per second on a commodity server
Dandelion Hashtable: beyond billion requests per second on a commodity server
Antonios Katsarakis
 
What is an RPA CoE? Session 1 – CoE Vision
What is an RPA CoE?  Session 1 – CoE VisionWhat is an RPA CoE?  Session 1 – CoE Vision
What is an RPA CoE? Session 1 – CoE Vision
DianaGray10
 
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
Edge AI and Vision Alliance
 
TrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy SurveyTrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy Survey
TrustArc
 
Skybuffer SAM4U tool for SAP license adoption
Skybuffer SAM4U tool for SAP license adoptionSkybuffer SAM4U tool for SAP license adoption
Skybuffer SAM4U tool for SAP license adoption
Tatiana Kojar
 
5th LF Energy Power Grid Model Meet-up Slides
5th LF Energy Power Grid Model Meet-up Slides5th LF Energy Power Grid Model Meet-up Slides
5th LF Energy Power Grid Model Meet-up Slides
DanBrown980551
 

Recently uploaded (20)

Leveraging the Graph for Clinical Trials and Standards
Leveraging the Graph for Clinical Trials and StandardsLeveraging the Graph for Clinical Trials and Standards
Leveraging the Graph for Clinical Trials and Standards
 
Main news related to the CCS TSI 2023 (2023/1695)
Main news related to the CCS TSI 2023 (2023/1695)Main news related to the CCS TSI 2023 (2023/1695)
Main news related to the CCS TSI 2023 (2023/1695)
 
Nordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptxNordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptx
 
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
 
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
 
HCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAUHCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAU
 
Biomedical Knowledge Graphs for Data Scientists and Bioinformaticians
Biomedical Knowledge Graphs for Data Scientists and BioinformaticiansBiomedical Knowledge Graphs for Data Scientists and Bioinformaticians
Biomedical Knowledge Graphs for Data Scientists and Bioinformaticians
 
FREE A4 Cyber Security Awareness Posters-Social Engineering part 3
FREE A4 Cyber Security Awareness  Posters-Social Engineering part 3FREE A4 Cyber Security Awareness  Posters-Social Engineering part 3
FREE A4 Cyber Security Awareness Posters-Social Engineering part 3
 
Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024
 
Serial Arm Control in Real Time Presentation
Serial Arm Control in Real Time PresentationSerial Arm Control in Real Time Presentation
Serial Arm Control in Real Time Presentation
 
The Microsoft 365 Migration Tutorial For Beginner.pptx
The Microsoft 365 Migration Tutorial For Beginner.pptxThe Microsoft 365 Migration Tutorial For Beginner.pptx
The Microsoft 365 Migration Tutorial For Beginner.pptx
 
“How Axelera AI Uses Digital Compute-in-memory to Deliver Fast and Energy-eff...
“How Axelera AI Uses Digital Compute-in-memory to Deliver Fast and Energy-eff...“How Axelera AI Uses Digital Compute-in-memory to Deliver Fast and Energy-eff...
“How Axelera AI Uses Digital Compute-in-memory to Deliver Fast and Energy-eff...
 
GraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracyGraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracy
 
Astute Business Solutions | Oracle Cloud Partner |
Astute Business Solutions | Oracle Cloud Partner |Astute Business Solutions | Oracle Cloud Partner |
Astute Business Solutions | Oracle Cloud Partner |
 
Dandelion Hashtable: beyond billion requests per second on a commodity server
Dandelion Hashtable: beyond billion requests per second on a commodity serverDandelion Hashtable: beyond billion requests per second on a commodity server
Dandelion Hashtable: beyond billion requests per second on a commodity server
 
What is an RPA CoE? Session 1 – CoE Vision
What is an RPA CoE?  Session 1 – CoE VisionWhat is an RPA CoE?  Session 1 – CoE Vision
What is an RPA CoE? Session 1 – CoE Vision
 
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
 
TrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy SurveyTrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy Survey
 
Skybuffer SAM4U tool for SAP license adoption
Skybuffer SAM4U tool for SAP license adoptionSkybuffer SAM4U tool for SAP license adoption
Skybuffer SAM4U tool for SAP license adoption
 
5th LF Energy Power Grid Model Meet-up Slides
5th LF Energy Power Grid Model Meet-up Slides5th LF Energy Power Grid Model Meet-up Slides
5th LF Energy Power Grid Model Meet-up Slides
 

OCS LIA

  • 1. “There is nothing more important than our customers” Identity Management and Network Access Control An open communication solution for location and identity assurance OCS LIA formerly known as SALERNO Markus Nispel VP Solutions Architecture markus.nispel@enterasys.com Inderpreet Singh Director, Solution Architecture inderpreet.singh@siemens-enterprise.com
  • 2. © 2008 Enterasys Networks, Inc. All rights reserved. Why should you care ? • OCS LIA is the first technical integration that provides a true unique selling proposition when combining a Enterasys (NAC) solution with a SIEMENS Enterprise Communications UC solution ­ even using standard protocols and API´s noone in the market is able to provide a similar solution ­ a unique value in projects and RFP´s ­ and still open to other vendor´s infrastructure as Enterasys NAC does support this inherently • It provides a tangible value to the customer that results in a lower TCO (through lower OPEX) and a higher security along with visibility into the IT infrastructure • The solution is not limited to VOIP only. A professional services based integration into any asset/inventory database at the customer site is always possible: the result is IT workflow integration, reduced operational costs and a loyal customer
  • 3. © 2008 Enterasys Networks, Inc. All rights reserved. What does it for you ? • Automatic inventory and location service reduces risk of operation of non­compliant end­devices with invalid configuration or software release. • Automatic adaptation and location-based configuration of end­ devices and usage of special functionalities (e.g. configuration of speed dial button) • IP phone monitoring Detecting non­compliant and compromised end­devices • Automatic authentication and authorization Warranty of secure, reliable and high­quality operation of real­time applications through automatically assigned QoS-parameter and security profiles (ACL and VLAN) • Finally the use of this solution provides the following value add: • Reduces administrative effort and costs • Increases protection and reliability of real­time applications • Minimizes the risk of attacks and the probability of outage • Increases compliance to enterprise’s security policies • http://www.enterasys.com/company/literature/auto-voip-deploy.pdf
  • 4. © 2008 Enterasys Networks, Inc. All rights reserved. 4 What is NAC ? • A User focused technology that: ­ Authorizes a user or device (PC, Phone, Printer) and ­ Permits access to resources based on identity authentication of the user (and/or device) as well as based on the security posture of the device along with location and time ­ The parameters are set in the so called Pre-Connect Assessment (aka Health Check), i.e. before connecting to the infrastructure ­ However, during normal operation, regular checks should be conducted as part of the Post-Connect Assessment
  • 5. © 2008 Enterasys Networks, Inc. All rights reserved. What do you need to deploy OCS LIA ? • Enterasys Network Access Control NAC Version 3.1.2 or above ­ at least implemented in discovery mode (with MAC authentication (802.1x can be used too) enabled on the access sitches and access points) using a default autorization for all endpoints ­ along with professional services from Enterasys to implement the solution and the OCS LIA middleware • Siemens HiPath Deployment Service DLS V2R4 ­ supporting OpenStage and Optipoint VOIP endpoints in both SIP and HFA mode ­ Additional location service licenses for each device that should be supported for this feature ­ Along with professional services from SEN to properly setup up the DLS (also for web services usage) and optionally configure the infrastructure policies 5
  • 6. © 2008 Enterasys Networks, Inc. All rights reserved. Enterasys NAC - in Any Environment •Hybrid deployment ­ Best of both models for mixed environments ­ Single, integrated solution – seamless management from single system . Enterprise Network Enterasys Policy capable switch RFC3580 capable switch RFC3580 capable Wireless Access PointNAC Gateway Core EdgeDistribution Non-intelligent Wireless VPN Non-intelligent edge switches Shared Access LAN NAC Controller NAC Manager
  • 7. © 2008 Enterasys Networks, Inc. All rights reserved. 7 • Enterasys Matrix™ and SecureStack™ Switches, HiPath WLAN, Roamabout • and/or • Third Party Switch or WLAN Access Point (RFC 3580-compliant) • and/or • NAC Controller (includes all Gateways functions and Assessment Service) • Enterasys NAC Manager ­ Software plugin to NetSight Console ­ Centralized administration of NAC Gateways and Controllers Management Enterasys NAC - Components Detection, Authentication, Remediation, Assessment • Enterasys NAC Gateway ­ (Proxy) RADIUS ­ Remediation and Registration ­ Optional Assessment Service integrated • Assessment Service ­ optional ­ Nessus, Retina Eye, Enterasys ­ Interface to integrate other servers Authorization
  • 8. © 2008 Enterasys Networks, Inc. All rights reserved. NAC Gateway – with „any“ access device • Policy Mapping table in NAC 3.2 - create independency of device type and topology - More flexible VLAN name based approaches - Globally configured - Location based = Switch IP and Switch Port (and AP´s, SSID´s etc. ..) • Will also support authorization methods like Cisco ACL, Login-LAT Group or a combination of these along with fully customizeable radius attributes to map Policy to an appropriate authorization alternative
  • 9. © 2008 Enterasys Networks, Inc. All rights reserved. wired LAN Siemens HiPath DLS Event-based synchronization of data-bases via API: IP phone, phone number, switch, switch-port, building, room NAC Manager HiPath/OpenSc ape Platform Enterasys NAC Appliance Database with physical infrastructure / cabling - wall-socket - Building - Room Open Communication Solution for Location and Identity Assurance: Enterasys NAC / Siemens HiPath DLS 12345 10.1.1.10 xx-xy-yy-yz-zz-az Access 1 10.9.9.8 fe.0.15 B. A 130 3 4.2.4 34567 10.1.1.18 aa-bb-cc-dd-ee-ff Access 2 10.9.9.9 fe.1.8 B. B 241 1 4.2.4 56789 10.1.1.25 ab-cd-ef-gh-ij-kl Access 3 10.9.9.10 fe.2.21 B. A 412 2 4.2.2 Phone number Phone IP Address Phone MAC Address Switch- name Switch IP Address Switch- port Building Room Wall jacket Phone Software pro services
  • 10. © 2008 Enterasys Networks, Inc. All rights reserved. 10 Agile enterprises use service- oriented architectures (SOAs) and extend SOA with events where appropriate. Service and event architectures make enterprise computing more effective and flexible than traditional, monolithic "stovepipe" systems. Success requires a knowledge of common deployment patterns and fundamental success factors. Source: Gartner, 4. April 2007 Applied SOA: Transforming Fundamental Principles Into Best Practices OCS LIA Integrator/Middleware – SOA based
  • 11. © 2008 Enterasys Networks, Inc. All rights reserved. 11 •WSDL (Web Services Description Language) is the proposed standard that is used for the service interface definition in most new development tools •XML (eXtended Markup Language) is used to transport the messages in a machine to machine communication scenario over IP based networks •OCS LIA is based on these widely accepted and deployed standards OCS LIA Integrator/Middleware – SOA and Web Services
  • 12. © 2008 Enterasys Networks, Inc. All rights reserved. OCS LIA Integrator/Middleware – General Features • Synchronize endsystem data from NetSight (NAC) database to HiPath DLS • Synchronize VoIP phone number, type and SW version to NetSight endsystem database • Detect HiPath DLS restarts (for full re-sync) • Detect new phones on DLS side (for individual sync) • Periodic cache cleanup to eliminate old outdated cache entries • Retry mechanism in case of unreachable external systems • Detection of IP mismatch due to VLAN configuration with delayed DLS update (to prevent DLS jobs sent to old device IP) • Flexible logging configuration • Very flexible component configuration • Support of multiple switches • Support of multiple DLS servers
  • 13. © 2008 Enterasys Networks, Inc. All rights reserved. All device relevant data from NetSight, HiPath DLS servers and switches are collected and cached within the Integrator using an internal cache. The IP Infrastructure data record used here contains the following information: Open Communication Solution for Location and Identity Assurance: IP Infrastructure Cache
  • 14. © 2008 Enterasys Networks, Inc. All rights reserved. • The exchanged data is presented as additional endsystem data in the NAC Manager but also on the HiPath DLS Device phone number (e.g. 43254) Device Type and SW version (e.g. OpenStage 80:V1 R4.14.0) DLS IP Infrastructure Enterasys NMS NAC Manager: Endsystem View Open Communication Solution for Location and Identity Assurance: data exchange
  • 15. © 2008 Enterasys Networks, Inc. All rights reserved. Siemens OpenStage VOIP Phone Open Communication Solution for Location and Identity Assurance: location based configuration
  • 16. © 2008 Enterasys Networks, Inc. All rights reserved. 16 MUA&PLogic 802.1X PWA MAC RADIUSauthority Dynamic admin rule DFE 802.1X credentials PWA credentials 802.1X login Filter ID  policy sales SMAC = Anita SMAC = Bob PWA login SMAC = Phone MAC traffic MAC credentials Filter ID  policy phone Dynamic admin rule Dynamic Admin rule Port X Filter ID  credit Policy sales Policy credit Policy Phone • Inherent advantage, from 2 (3) up to 2048 devices per port and system • Supported by B/C/G/D and N/NGN/S Series (partially dependant on licenses) • Different authentication methods (in random (depends on the product) combination per port/user) ­ 802.1x, PWA (Web), MAC authentication, RADIUS, Kerberos, Default role .... • Single physical interface but multiple roles (and VLAN´s) The value of using Enterasys switch hardware Multi-user authentication AND policy Enterasys Switch
  • 17. © 2008 Enterasys Networks, Inc. All rights reserved. Roles, Services , Rules Network Administrator VOIPOffice Non-OfficeDenyRIP DenyOSPF DenyApple DenyIPX DenyDHCPReply DenyIPRange AllowARP,DNS AllowRTP128kbit/s AllowSNMP AllowSIP2Mbit/s DenySNMP DenyTelnet DenyTFTP DropApple DropIPX DropDecNet Deny Faculty Server Farm Administrative Protocols Acceptable Use Legacy Protocols SIP Only The value of using Enterasys switch hardware Authorization/Policy – roles & rules
  • 18. © 2008 Enterasys Networks, Inc. All rights reserved. 18 Corporate & Regulatory Compliance Can I enforce these regulations prior to granting network access? Do I have reporting and auditing tools to verify compliance? NAC – other application scenarios Network Usage Who is using the network infrastructure? Are these users authorized? Does access correspond to organizational role? Workstation Security Does system have up-to-date OS patches? Does every system conform to corporate security standards? Guest Users Does a guest system contain threats? Can I limit access for guest users? Non-Workstation End Systems Is this device what it claims to be? Can I assess its security posture? Can I locate rogue Access Points, hijacked print servers etc?
  • 19. © 2008 Enterasys Networks, Inc. All rights reserved. IAM - principles • Network technology, distributed computing and the Internet have made it possible to dramatically extend application and information access to users well beyond the typical organizational boundaries. The related security risks, management issues and compliance requirements mus be adressed. o Who is accessing my applications or data? o What are they authorized to do? o Should they have those authorizations? • The tools that allow to answer these questions and maintain control over users and their access make up an identity and access management (IAM) solution
  • 20. © 2008 Enterasys Networks, Inc. All rights reserved. NAC & IAM integration - Why • NAC is a very useful tool in reducing and controlling the risks to your network infrastructure. However, although it relies on user authentication, on its own this is really no more than a means to identify a device. • The problems of providing each individual user with only the access they are authorised for, and no more, remain. The solution is to tie the authentication process with a robust identity management (IDM) solution, applying network controls to an individual or a well­ defined group. This process is sometimes referred to as Identity Driven Networking (IDN).
  • 21. © 2008 Enterasys Networks, Inc. All rights reserved. NAC & IAM – Positioning Enterasys NAC Gateway Enterasys NAC Controller Directory MS-NPS RADIUS SIEM 802.1X MS AGENT 1X,MAC,WEB LDAP EAP-PEAP [TNCCS-SOH] PAP, CHAP, EAP-M D5 HEALTH CHECK XM L_API 802.1X IF-MAP PEP and PDP Policy Enforcement Point Policy Decision Point Kerberos Location Asset Management Policy provisioning and assignm ent Enterasys AGENT XM L API
  • 22. © 2008 Enterasys Networks, Inc. All rights reserved. NAC & IAM integration - Advantages • Users are managed centrally in the IDM system for all connected applications (including the network). • The process of managing joiners, movers and leavers can be automated and linked to other key processes (e.g. HR). • Users are automatically added or deleted when they join and leave the organisation. This not only eases the administrative burden for IT support, but also enhances security because users have their access revoked or suspended the moment they leave.
  • 23. © 2008 Enterasys Networks, Inc. All rights reserved. NAC & IAM - Status • Integration of Enterasys NAC and the SEN TISA – Totally Integrated Security Architecture ­ proof of Concept shown at Open Minds event in april 2009 ­ plans to show at Interop 2009 ­ Joint Whitepaper available on BeFirst • Currently based on NAC 3.2 with LDAP integration (role/policy assigment based on LDAP attributes) and Kerberos based authentication ­ Offical integration and documentation underway ­ Possible Web­ and 802.1x­based Integration 23
  • 24. © 2008 Enterasys Networks, Inc. All rights reserved. First Win – Higher Education Vertical European School of Management and Technology (ESMT) Berlin, Germany Business Drivers ESMT Solution Case Results…  Segregated data and telecom networks  IP phone inventory and config management was cumbersome  No single view of IP comms infrastructure and devices for admin and management  Enterasys NMS and NAC solution  HiPath DLS  Full policy enabled networking infrastructure with N-Series switches  Voice/Telephony HiPath 3000  Low cost, low effort to integrate ETS and SEN components (within one week)  Total view (location, state, posture) of IP devices throughout network under one management domain  Rules based policy enforcement, error flagging and notification in real time “The open architecture and integration of SEN and Enterasys’ systems required minimal effort from our team. Their professional services experts succeeded in implementing an overarching management system in just one week, saving us a huge amount of work while at the same time making communication more secure.” Thomas Giese, IT Network Services for ESMT.
  • 25. © 2008 Enterasys Networks, Inc. All rights reserved. More questions • Just contact Markus Nispel VP Solutions Architecture Enterasys Networks Solmsstrasse 83 60486 Frankfurt Phone: +49 69 47860 253 Fax: +49 69 47860 364 Cell: +49 172 8638003 Email: markus.nispel@enterasys.com www: http://www.enterasys.com 25 Inderpreet Singh Director, Solutions Architecture Converged Networks and Security Siemens Enterprise Communications 271 Mill Road Chelmsford, MA 01824 USA Phone: +1 978 367 7604 Cell: +1 978 764 6855 Email: inderpreet.singh@siemens­enterprise.c Please contact us if you have additional input on potential joint solutions of Enterasys and SEN
  • 26. “There is nothing more important than our customers” Thank You

Editor's Notes

  1. Enterasys was originally founded as Cabletron Systems in March of 1983. Today Enterasys has thousands of active customers in more than 70 countries around the world – including over 20% of the Fortune Global 500. The company holds hundreds of patents and has invested over US$1 Billion in research and development. The joint venture with SIEMENS is unique in our ability to deliver secure, anywhere, anytime access to information by reading, listening or watching from desktop, laptop, handset, Blackberry, iPhone and Windows Mobile endpoints across wired and wireless infrastructures. The joint venture is a global provider of voice, data and services to deliver unified communications that are open, mobile and secure. We’re the perfect sized company in that we are big enough to meet your needs now and in the future, yet small enough to have a personal relationship with you. We encourage direct access to our talented developers and experienced executives. How we measure our success is through your satisfaction. By delivering on our promises on-time and on-budget, we earn the right to your business by putting the words “There is nothing more important than our customers” into action every day.