© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Ballarat GrammarChanging the way we learnJoe Vukson (HP) and Greg Bell (Ballarat Grammar) , 2012
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.3
Bring Your Own Device Cannot Be Ignored
90%net-new growth in device adoption in the coming four years represented by smartphones and tablets1
Impact on IT staff
Over
4.5 billionpersonal client devices will be on the network in 20152
Pervasive mobility
34%of CIOs think employees are accessing the network with personal devices3
Employee-owned IT personalization
OnlyApproximately
1 Gartner: Gartner’s Top Predictions for IT Organizations and Users, 2012 and Beyond: Control Slips Away (23 November 2011)2 IDC: The Empowered IT User: How Individuals Are Using Technology and Redefining IT (March 2012)3 IDC White paper sponsored by Unisys, 2011 Consumerization of IT Study: Closing the “Consumerization Gap” July 2011
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.4
Top Three Most Wanted BYOD Capabilities
SANS Mobility/BYOD Security Survey March 2012
Centralized functionality
Logging monitoring and reporting
Ease of deployment
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.5
Implementation strategies for BYOD
• There is a need to treat the traffic differently depending on who/what/when/where
• Determine if the device is company issued or employee owned
• Identify solutions that work support both client access control software and clientless devices
• Implement posture checking, remediation and remote wiping
• Define and deploy security policies at the network access layer
Implementation strategies for BYOD embrace or contain?
High
Low
Value to business
Security “pressure”Low High
Source: Gartner: NAC Strategies for Supporting BYOD Environments (22 December 2011)
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.6
Access Control Technologies
User Authentication
Device Authentication
Device Health
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.8
Endpoint dependent
Insecure
CLI-based management
Designed for IT-managed endpoints with one user and location type and prohibit employee personalization
Architected for a well-defined network perimeter, elevating network IT risk from mobile devices
Multiple, disaggregated consoles and a dependency on CLI and scripting slow service provisioning, increase errors, and introduce security risk
Legacy Networks Limit BYOD Adoption
Designed for wired
Designed for 3-tier networks where wireless was optional
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.9
Monitor and controlUnified network support
Ensuring Wired & Wireless Networks are Ready for BYODPrimary building blocks for an effective BYOD solution
Identity-aware access• User credential and
device based identity
• Simple and secure on-boarding process
• AAA support for compliance
• Seamless wired and wireless policy
• Increased wireless client range and density support
• Higher wired aggregation bandwidth
• Device level application visibility and reporting
• Ability to quarantine and blacklist malware infected client
• Enhanced security for sensitive applications
A BYOD solution must be easy to deploy with centralized management, visibility and control
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.10
Device agnostic
Secure
Unified orchestration
Identification and control of any device, wired or wireless, IT-issued or personal
Assured security for network and application access for users regardless of their location
Simplified orchestration for unified wired and wireless networks with single pane-of-glass management
HP BYOD Delivers
Optimized for wireless
Simpler network designs for assured scalability of wireless LANs
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
“We want all of our students online, all of the time…providing the best access we can, while enforcing school policy! ”Ballarat GrammarBallarat, Australia
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.12
Ballarat GrammarBallarat, Australia
• 1300 students K-12• 250 boarders• 20 staff live on campus• 500 desktops, 120 tables, 800
netbooks• BYOD – student/staff owned
devices (iOS, Android, webOS, Wintel, Mac)
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.13
Achievements as a school
Ballarat Grammar
• 2011 Academic Achievement Honors• Achieved 82.75 Median ATAR
score• 55% of all Ballarat Grammar
students achieving ATAR’s over 80 (in Australia’s top 20% scores)• 13 students achieving ATAR’s
over 97
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.14
Highest achievement of an individual student
Ballarat Grammar
Ashray Rajagopalans ATAR of 98.8 was the highest score across all schools in region. At 16 he has: • Completed his VCE studies in Chemistry,
Physics, Specialist Mathematics, Mathematical Methods, and French. • Completed Mathematics Extension at
Monash University with High Distinctions.• He plays violin and piano• Co-convenor of Grammar’s Round
Square Environment Committee and Amnesty International Focus Group.
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.15
Guest devicesStudent devices
Changing the Way We LearnEnabling access for all devices
Staff devices
• 120 managed mobile devices wired and wireless
• 70+ managed desktop devices
• 100+ unmanaged wireless devices
• 120+ Mittel IP phones
• 800+ managed mobile devices
• 400+ managed desktop devices
• 1000+ unmanaged devices
• Any device
• Wireless only
• Access to internet & print
A BYOD solution must be easy to deploy with centralized management, visibility and control
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.16
The resultSolution: SNAC
Changing the Way We LearnEnabling access for all devices
Management: IDM
• 802.1X (EAPTLS and PEAP) AD groups for
• Staff User accounts
• Student desktop computers
• Student netbooks
• Student BYOD
• Mittel IP phones
• Xerox MDF’s
• Other network devices
• NAC on every edge switch port
• One wireless network
• Flexibility
• Full reporting
A BYOD solution must be easy to deploy with centralized management, visibility and control
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
“We worked with Fotios, our HPN Solution Architect, who gave us a superb production solution, that made IDM work harder to give us exactly what we need to manage every device on the network”Greg Bell, Ballarat Grammar
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.18
Unified BYOD SolutionUser, network, security and application policy management
• Secure network access for user-owned devices• Highly secure client control• Self registration for client-owned
• Unified wired and wireless management• Consistent device policy management• Network policy mapped to user profiles
• Unified monitoring and application access• User and traffic analysis• Integrated compliance management
Monitoring
Provisioning
On-boarding
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.19
Orchestrating user-to-network-to-application
BYOD Solution Architecture
Authentication
Device agnostic
Network agnostic
User security check
Employee Guest
Time aware
Locationaware
Authorization Audit
Traffic monitoring
Userbehavior
UserSelf-service
Monitoring Provisioning
Policy enforcement based on level of trust
Traffic and User behavior Analysis
User registrationDevice profiling
On-boarding
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.20
Simplicity is What the Students See
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.21
BYOD Administrative Process
I’d like access.
Who are you?
Identity authentication1 Authorized user
Device authentication2
Is your device compliant?
Authorization
3Clean
Unclean
Quarantine area
Assigned to VAN
Corporate network
Behavior monitoring
4
Ongoing compliance management
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.22
Single Pane-of-glass Management
• Seamless wired and wireless network management
• BYOD user and device management
• Security policy provisioning and enforcement
• Network traffic monitoring
• User behavior analysis by user and device type
• Posture check and agent control
Combined infrastructure and access management for BYOD, wired and wireless
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.23
Delivering BYOD with Intelligent Management Center Access control and security management without compromise
IMC security control center
IMC
Pla
tform
User
Access
Manager
Endpoint
Access
Defense
Threat mgmt.
Provisioning
Authentication
Secu
rity
mgm
t.
Add-on Modules
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.24
IMC – integrated endpoint security
• Combines access control modules with network management capabilities
• Provides single tool for setting security policies and viewing user behavior
• Transparent monitoring
• Provides value-add modules for setting and enforcing endpoint security
• Tailor solutions with value-add modules
Combined infrastructure and access management
User Access Manager (UAM)Endpoint Admission Defense (EAD)User Behavior Analysis (UBA)Desktop Asset Management (DAM)Optional: Inode persistent or dissolvable client
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.25
HP IMC Security Suite – Unified Access Manager
User
Access
Manager
• Integrated and collaborative• Unified network and user policy management, from the device to the data center
•Pervasive security• Heterogeneous device support • Client-based and clientless device authentication
•Greater visibility and control• Stricter access control through policy options• Blacklist, resource and bandwidth monitoring and logging
•Scalable services• Native interoperability between modules (e.g., ACL mgr, user behavior analysis module)•Works with 3rd party “push” software
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.26
HP IMC Security Suite – Intelligent Threat Defense
Endpoint
Access
Defense
•Control of who and what’s on your network• Heterogeneous support for both user and network devices• Granular controls of both users and groups• Client-based and clientless device authentication
•Simple and granular management• Multiple configurable policy options• Blacklist, resource and bandwidth monitoring, logging
• Easy to use interface with robust access• Complete module interoperability• Works with 3rd party “push” software
•Management of users, policy, devices in one place• Role and group configurable provisioning• Flexible deployment and management options
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.27
Enabling Guest Access
•Allows authorized employees to enable guest user access
•Frees IT staff to concentrate on strategic tasks
•Designed to be operated by non-technical staff
•Temporary credentials self destruct on expiration
•Can be used to create printable vouchers
• Included with controller purchase
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.28
HP Converged Wired and Wireless Infrastructure
• Leading wireless solution
• Deliver near gigabit-speed connect rates to Wi-Fi client
• Optimized architecture eliminating bottlenecks
• 3 spatial stream dual-radio APs offer greater density
• Advanced spectrum management with band steering
•Next generation core for campus
• Up to 6336 Wireless-N APs at line-rate vs 1012 on Cisco
• Stream the entire Netflix library - simultaneously
• Over 240K simultaneous 1080p video-conferences
• HP IRF for simpler, flatter, more agile networks
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.29
HP Mobility Leadership and InnovationKey Milestones Details#2 Worldwide vendor in Wireless LAN shipments
• 773,000+ units shipped globally in CY2011
Optimized architecture – part of FlexNetwork -
FlexCampus, FlexBranch – IMC (Intelligent Management Center with IDM (Identity Driven Manager) plug in.
• Maximum flexibility in supporting mobile business applications today and in the future at the lowest TCO
• Intelligence is pushed from the mobility controller to the AP. Centralized or Distributed traffic capability – fault protection
MSM460/466/466-R• First in the industry to offer near Gigabit Ethernet (Dual
450Mb/s radios) WLAN client access
MSM317
• First in the industry to offer a multi function communication access device – wireless & wired port connectivity, Telco connection, PoE pass through port
• In-room solution delivering advanced IP services
Multi-media application support • Multicast patent, Application based QoS
Industry leading Wireless Security (IDS/IPS)
• Maximum threat detection with the lowest number of false positives (RF Manager + MSM415 dedicated sensors)
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.30
Optimized WLAN Architecture
Centralized access control Distributed forwarding
Accesspoints
MSMcontroller
Access switch
Distributed forwarding with centralized authentication
Accesspoints
MSMcontroller
Access switch
Accesspoints
MSMcontroller
Access switch
Authentication TrafficUser Traffic
Corporatenetwork
Corporatenetwork
Corporatenetwork
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.31
Wireless Management
Delivers unified wired and wireless management with Wireless Services Manager (WSM) from one platformDiscover wireless access points (AP) and connected clientsEnsure consistency with AP configuration backupMap your wireless network• How the wireless access points is
connected?• Where wireless devices are physically
located?
Develop a more effective wireless network with heat map capabilities
MaryMAC: 00:24:d6:94:d7:52
Where are your APs?
How strong
are the APs?
Who’s connected?
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.32
Mobility Portfolio
MSM100 Series
Single Radio, Indoor, PoE
MSM300 Series
Single, Dual & Triple Radio 11a/b/g, PoE
MSM400 Series
Single & Dual Radio 11n 3x3, PoE
MSM 710 Controller
10 AP’s and 100 Guests
MSM 760 Controller
40-200 AP’s and 2000 Guests
MSM 765zl Controller
40-200 AP’s and 2000 Guests
Mobility Manager 3.0
Device Management Tool
RF Planner 5.0
Frequency coverage planning tool
RF Manager 6.0
Wireless IDS/IPS for A & series
Infrastructure ControlControllers Access points
Management, WLAN Bridges Security
Client Bridge
Client Bridge a/b/g
Outdoor Bridge
Dual Radio Outdoor Bridge a/b/g/n
MSM 317
Single Radio 11b/g, Wall Jack, PoE
Guest Management Software
Guest Access and Control
MSM 415 RF Sensor
RF Security Sensor a/b/g/n, PoE
IDM Identity Driven Manager
Access Control Policy Management
MSM720 Controller
10-40 APs and 250 Guests
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.33
Unified BYOD solution with HP and F5
Creating Device & Access-agnostic Networks
Single pane-of-glass management with IMC
• HP Intelligent Management Center• Integrated network and user policy management
• Unified wired and wireless network management
• Unified Access Manager (UAM)
• Endpoint Admission Defense (EAD)
• Secure client for Windows, Linux, MacOS (iNode)
• Post-admission network behavior monitoring (UBA)
• F5 BigIP• Integrated application access control
• End-point inspection and compliance management
• Context aware ACLs
• Full proxy services (Exchange, VDI, etc)
• SSL VPN client for Android, iOS, BB, Win, MacOS, Linux
Monitoring
Provisioning
On-boarding
BYOD
Coming Soon
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.34
Device and network agnostic access for any user
Enable BYOD with Virtual Application Networks
Unified user policy, network and application access control
Seamless on-boarding for any device
Simplified provisioning minimizes disruption in user productivity
Single pane-of-glass management for wired and wireless
Ensure choice with open, standards-based approach
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Thank you