Top Banner
Feeling Agile Network
21

Agile Network Agile Management

Dec 10, 2014

Download

Technology

By Ms. Ci Ci Zhong, Research and Development, Huawei Enterprise Business Group
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Page 1: Agile Network Agile Management

Feeling Agile Network

Page 2: Agile Network Agile Management

Your Needs…Web/ProxyApp Server-Group

Remote officeEmployee CustomerBYOD GuestDumb terminal

ICP App Server

EDC DMZ

BY

OD

Visit E

DC

BYOD visits dumb terminal

BYOD visits IC

P

Guest visits

ICP

Employee remote office

Customer visits

Campus DMZ

Employee visits dumb terminal

Em

plo

yee

visi

ts E

DC

Employee visits ICP

Employee communication

Simple, Secure, Controlled

Page 3: Agile Network Agile Management

Agility Features Create an Agile NetworkWeb/ProxyApp Server-Group

员工 BYOD

ICP App Server

EDC DMZService layer

Network layer

User layer

Intranet

eSightController Agile Switch

InternetInternet

Service OrchestrationSpecified data traffic forwarding path

Free MobilityOn-demand access control

SVF1.1 Plug-and-play network devices1.2 Centralized configuration of service templates1.3 Uniform wired and wireless network monitoring

iPCAQuick E2E fault location

502

1

3

5 4 Unified Security

Remote office Customer

Page 4: Agile Network Agile Management

Lifecycle Agility Features

Network Design

Fault Location

1 SVF1.1 Plug-and-Play

1 SVF1.2 Centralized Configuration

502 Free Mobility

3 Service Orchestration

4 Unified Security

iPCA5

Service Deployment

Routine Monitoring

Page 5: Agile Network Agile Management

1.1 SVF-> Plug-and-Play

SVF-Parent

SVF-Client

3. Automatically create management channels AS and AP are virtualized.

Shield differences of wired and

wireless networks and transmit traffic of

ASs and APs over same management

channels (CAPWAP)

2. Power on

SVF-Client

1. Pre-deployment• Configure management channel• Add port to virtual group

eSight

CA

PW

AP

CAPWAP

Network Design

ServiceDeployment

Routine Monitoring

Fault Location

Page 6: Agile Network Agile Management

1.1 SVF-> Plug-and-Play Experience

1. Display topology after pre-deployment

2. Power on the new device, plug-and-play

3. Clients are vertically virtualized and displayed under Parent

4. Parent panel shows vertically virtualized topology

Network Design

ServiceDeployment

Routine Monitoring

Fault Location

Page 7: Agile Network Agile Management

Lifecycle Agility Features

Network Design

Fault Location

1 SVF1.1 Plug-and-Play

1 SVF1.2 Centralized Configuration

502 Free Mobility

3 Service Orchestration

4 Unified Security

iPCA5

Service Deployment

Routine Monitoring

Page 8: Agile Network Agile Management

1.2 SVF-> Centralized ConfigurationSVF-Parent

SVF-ClientSVF-Client

CA

PW

AP

CAPWAP

Ethernet WiFi

Service Profile

User Group

Parent: uses same service profiles for

wired and wireless users

Client: automatically delivers

parameters based on type of access

devices

User: adapts to the authentication

method based on access interface type

Network Design

ServiceDeployment

Routine Monitoring

Fault Location

Page 9: Agile Network Agile Management

Lifecycle Agility Features

Network Design

Fault Location

1 SVF1.1 Plug-and-Play

1 SVF1.2 Centralized Configuration

502 Free Mobility

3 Service Orchestration

4 Unified Security

iPCA5

Service Deployment

Routine Monitoring

Page 10: Agile Network Agile Management

2 Free Mobility

Phase1

2

Administrator configures user and resource access rights on Agile Controller.Agile Controller translates the configuration into machine language and delivers it to devices on the entire network.

When a user logs in, the policy enforcement point obtains user rights configured based on 5W1H conditions, and enforces the access policy.

Deploy policies

Enforce policies

Deliver policies

Service flow

Policy enforcement pointWAN/Internet

Agile Controller

WAN/Internet

Email, ERP, code…

HQ access:R&D/sales/guests…

Branch access:R&D/sales/guests…

Internet: R&D/sales…

NGFW

SW

SW

SW

SW

NGFW

SVN

Centralized policy control allows network resources to migrate with mobile users

Network Design

ServiceDeployment

Routine Monitoring

Fault Location

Data Center

Phase

Page 11: Agile Network Agile Management

2 Free Mobility Experience

1. Pre-Configure policies 2. Obtain Access policies based on 5W1H

Network Design

ServiceDeployment

Routine Monitoring

Fault Location

Page 12: Agile Network Agile Management

Lifecycle Agility Features

Network Design

Fault Location

1 SVF1.1 Plug-and-Play

1 SVF1.2 Centralized Configuration

502 Free Mobility

3 Service Orchestration

4 Unified Security

iPCA5

Service Deployment

Routine Monitoring

Page 13: Agile Network Agile Management

3 Service Orchestration

Functions:

Security resources are concentrated in

a resource center to allow flexible

allocation of security capabilities

based on attributes such as resources,

users, and zones, improving security

protection capabilities of the entire

network.

Typical applications:

Guest online behavior management

Virus cleaning

Security resource center

User Group Resource Group

Internet

Tunnel

TunnelAgile Switch

Security policy ASGOnline behavior

management

NGFWFirewall

AgileController

Security policy

Tunnel

Service flow

Network Design

ServiceDeployment

Routine Monitoring

Fault Location

Page 14: Agile Network Agile Management

3 Service Orchestration Experience

1. Agile switch GRE Security resource center 2. Flexible service orchestration based on service scenarios

Simply drag the mouse

Network Design

ServiceDeployment

Routine Monitoring

Fault Location

Page 15: Agile Network Agile Management

Lifecycle Agility Features

Network Design

Fault Location

1 SVF1.1 Plug-and-Play

1 SVF1.2 Centralized Configuration1

SVF1.3 Unified Management

502 Free Mobility

3 Service Orchestration

4 Unified Security

iPCA5

Service Deployment

Routine Monitoring

Page 16: Agile Network Agile Management

4 Unified Security

① Security event collectionCollect event logs from network devices, security

devices, servers, and terminals.

② Big Data analyticsAnalyze a huge amount of correlated log information to

show security condition of the entire network and

detect security risks.

③ Network security evaluationEvaluate security threat severity on the entire network,

show the attack topology, and identify top-risky

assets and zones to provide information for network

security protection.

④ Security correlation and active defenseAgile Controller delivers adjusted security policies to

related devices in response to security events. For

example, the devices can log out users or block

traffic from these users.

Log collection

Security policies take effect

②Big Data analytics

①Security event

collection

④ Security correlation and active

defense

③ Network security evaluation

Network Design

ServiceDeployment

Routine Monitoring

Fault Location

Page 17: Agile Network Agile Management

4 Unified Security Experience

1. Network-wide or

domain-wide

security threat

evaluation

2. Focus on TOPN

risky assets

3. Drill-down domain-wide threat

status, view security detail

information and handling

suggestions

Network Design

ServiceDeployment

Routine Monitoring

Fault Location

Page 18: Agile Network Agile Management

Lifecycle Agility Features

Network Design

Fault Location

1 SVF1.1 Plug-and-Play

1 SVF1.2 Centralized Configuration

502 Free Mobility

3 Service Orchestration

4 Unified Security

iPCA5

Service Deployment

Routine Monitoring

Page 19: Agile Network Agile Management

5 iPCA

Network Management

eSightAgile Switch

Operators leased

network

Shenzhen Headquarters

Beijing Branch

Mark

1. Device/Link3. WAN Egress

2. End to End

Stat.

Network Design

ServiceDeployment

Routine Monitoring

Fault Location

Page 20: Agile Network Agile Management

5 iPCA Experience

1.Device/Link-level measurement

2. End-to-end quick measurement

Network Design

ServiceDeployment

Routine Monitoring

Fault Location

3-1. Create a conservation domain

3-2. Conservation domain measurement

Page 21: Agile Network Agile Management