Feeling Agile Network
Dec 10, 2014
Feeling Agile Network
Your Needs…Web/ProxyApp Server-Group
Remote officeEmployee CustomerBYOD GuestDumb terminal
ICP App Server
EDC DMZ
BY
OD
Visit E
DC
BYOD visits dumb terminal
BYOD visits IC
P
Guest visits
ICP
Employee remote office
Customer visits
Campus DMZ
Employee visits dumb terminal
Em
plo
yee
visi
ts E
DC
Employee visits ICP
Employee communication
Simple, Secure, Controlled
Agility Features Create an Agile NetworkWeb/ProxyApp Server-Group
员工 BYOD
ICP App Server
EDC DMZService layer
Network layer
User layer
Intranet
eSightController Agile Switch
InternetInternet
Service OrchestrationSpecified data traffic forwarding path
Free MobilityOn-demand access control
SVF1.1 Plug-and-play network devices1.2 Centralized configuration of service templates1.3 Uniform wired and wireless network monitoring
iPCAQuick E2E fault location
502
1
3
5 4 Unified Security
Remote office Customer
Lifecycle Agility Features
Network Design
Fault Location
1 SVF1.1 Plug-and-Play
1 SVF1.2 Centralized Configuration
502 Free Mobility
3 Service Orchestration
4 Unified Security
iPCA5
Service Deployment
Routine Monitoring
1.1 SVF-> Plug-and-Play
SVF-Parent
SVF-Client
3. Automatically create management channels AS and AP are virtualized.
Shield differences of wired and
wireless networks and transmit traffic of
ASs and APs over same management
channels (CAPWAP)
2. Power on
SVF-Client
1. Pre-deployment• Configure management channel• Add port to virtual group
eSight
CA
PW
AP
CAPWAP
Network Design
ServiceDeployment
Routine Monitoring
Fault Location
1.1 SVF-> Plug-and-Play Experience
1. Display topology after pre-deployment
2. Power on the new device, plug-and-play
3. Clients are vertically virtualized and displayed under Parent
4. Parent panel shows vertically virtualized topology
Network Design
ServiceDeployment
Routine Monitoring
Fault Location
Lifecycle Agility Features
Network Design
Fault Location
1 SVF1.1 Plug-and-Play
1 SVF1.2 Centralized Configuration
502 Free Mobility
3 Service Orchestration
4 Unified Security
iPCA5
Service Deployment
Routine Monitoring
1.2 SVF-> Centralized ConfigurationSVF-Parent
SVF-ClientSVF-Client
CA
PW
AP
CAPWAP
Ethernet WiFi
Service Profile
User Group
Parent: uses same service profiles for
wired and wireless users
Client: automatically delivers
parameters based on type of access
devices
User: adapts to the authentication
method based on access interface type
Network Design
ServiceDeployment
Routine Monitoring
Fault Location
Lifecycle Agility Features
Network Design
Fault Location
1 SVF1.1 Plug-and-Play
1 SVF1.2 Centralized Configuration
502 Free Mobility
3 Service Orchestration
4 Unified Security
iPCA5
Service Deployment
Routine Monitoring
2 Free Mobility
Phase1
2
Administrator configures user and resource access rights on Agile Controller.Agile Controller translates the configuration into machine language and delivers it to devices on the entire network.
When a user logs in, the policy enforcement point obtains user rights configured based on 5W1H conditions, and enforces the access policy.
Deploy policies
Enforce policies
Deliver policies
Service flow
Policy enforcement pointWAN/Internet
Agile Controller
WAN/Internet
Email, ERP, code…
HQ access:R&D/sales/guests…
Branch access:R&D/sales/guests…
Internet: R&D/sales…
NGFW
SW
SW
SW
SW
NGFW
SVN
Centralized policy control allows network resources to migrate with mobile users
Network Design
ServiceDeployment
Routine Monitoring
Fault Location
Data Center
Phase
2 Free Mobility Experience
1. Pre-Configure policies 2. Obtain Access policies based on 5W1H
Network Design
ServiceDeployment
Routine Monitoring
Fault Location
Lifecycle Agility Features
Network Design
Fault Location
1 SVF1.1 Plug-and-Play
1 SVF1.2 Centralized Configuration
502 Free Mobility
3 Service Orchestration
4 Unified Security
iPCA5
Service Deployment
Routine Monitoring
3 Service Orchestration
Functions:
Security resources are concentrated in
a resource center to allow flexible
allocation of security capabilities
based on attributes such as resources,
users, and zones, improving security
protection capabilities of the entire
network.
Typical applications:
Guest online behavior management
Virus cleaning
Security resource center
User Group Resource Group
Internet
Tunnel
TunnelAgile Switch
Security policy ASGOnline behavior
management
NGFWFirewall
AgileController
Security policy
Tunnel
Service flow
Network Design
ServiceDeployment
Routine Monitoring
Fault Location
3 Service Orchestration Experience
1. Agile switch GRE Security resource center 2. Flexible service orchestration based on service scenarios
Simply drag the mouse
Network Design
ServiceDeployment
Routine Monitoring
Fault Location
Lifecycle Agility Features
Network Design
Fault Location
1 SVF1.1 Plug-and-Play
1 SVF1.2 Centralized Configuration1
SVF1.3 Unified Management
502 Free Mobility
3 Service Orchestration
4 Unified Security
iPCA5
Service Deployment
Routine Monitoring
4 Unified Security
① Security event collectionCollect event logs from network devices, security
devices, servers, and terminals.
② Big Data analyticsAnalyze a huge amount of correlated log information to
show security condition of the entire network and
detect security risks.
③ Network security evaluationEvaluate security threat severity on the entire network,
show the attack topology, and identify top-risky
assets and zones to provide information for network
security protection.
④ Security correlation and active defenseAgile Controller delivers adjusted security policies to
related devices in response to security events. For
example, the devices can log out users or block
traffic from these users.
Log collection
Security policies take effect
②Big Data analytics
①Security event
collection
④ Security correlation and active
defense
③ Network security evaluation
Network Design
ServiceDeployment
Routine Monitoring
Fault Location
4 Unified Security Experience
1. Network-wide or
domain-wide
security threat
evaluation
2. Focus on TOPN
risky assets
3. Drill-down domain-wide threat
status, view security detail
information and handling
suggestions
Network Design
ServiceDeployment
Routine Monitoring
Fault Location
Lifecycle Agility Features
Network Design
Fault Location
1 SVF1.1 Plug-and-Play
1 SVF1.2 Centralized Configuration
502 Free Mobility
3 Service Orchestration
4 Unified Security
iPCA5
Service Deployment
Routine Monitoring
5 iPCA
Network Management
eSightAgile Switch
Operators leased
network
Shenzhen Headquarters
Beijing Branch
Mark
1. Device/Link3. WAN Egress
2. End to End
Stat.
Network Design
ServiceDeployment
Routine Monitoring
Fault Location
5 iPCA Experience
1.Device/Link-level measurement
2. End-to-end quick measurement
Network Design
ServiceDeployment
Routine Monitoring
Fault Location
3-1. Create a conservation domain
3-2. Conservation domain measurement