avaya networking - br.westcon.combr.westcon.com/documents/43093/webex07 - mgm nac...
TRANSCRIPT
![Page 1: Avaya Networking - br.westcon.combr.westcon.com/documents/43093/Webex07 - MGM NAC (09-dezembro-2011... · Número de presenças nos Treinamentos Online (quantidade de sessões assistidas);](https://reader031.vdocuments.site/reader031/viewer/2022021721/5c014aa109d3f2fa038c6de4/html5/thumbnails/1.jpg)
Avaya
Networking Rafael Rocha, Sales Engineer | Westcon Convergence
![Page 2: Avaya Networking - br.westcon.combr.westcon.com/documents/43093/Webex07 - MGM NAC (09-dezembro-2011... · Número de presenças nos Treinamentos Online (quantidade de sessões assistidas);](https://reader031.vdocuments.site/reader031/viewer/2022021721/5c014aa109d3f2fa038c6de4/html5/thumbnails/2.jpg)
Programação
1. Introdução (02/set - 10:00)
2. Conceitos básicos I (16/set - 10:00)
3. Conceitos básicos II (07/out - 10:00)
4. Conhecimento aplicado (21/out - 10:00)
5. Switches empilháveis (11/nov - 10:00)
6. Switches modulares (25/nov - 10:00)
7. Gerenciamento e NAC (09/nov - 10:00)
8. Roteadores, VPN e WLAN (20/dez -10:00)
![Page 3: Avaya Networking - br.westcon.combr.westcon.com/documents/43093/Webex07 - MGM NAC (09-dezembro-2011... · Número de presenças nos Treinamentos Online (quantidade de sessões assistidas);](https://reader031.vdocuments.site/reader031/viewer/2022021721/5c014aa109d3f2fa038c6de4/html5/thumbnails/3.jpg)
Premiação
Participe de todas as sessões de Dados (8 sessões) e responda aos
quizzes no final de cada sessão.
Acumule pontos e concorra a um Web Prêmio de R$ 500,00.
Quem acumular maior pontuação nos quizzes, será o vencedor!!!
Para participar da premiação é necessário:
- Preencher os quizzes a serem realizados ao término de cada sessão (Aprox. 15 minutos);
- Pontuação máxima por evento: 100 Pontos;
- Para concorrer ao prêmio é necessário ter atingido o mínimo de 85% de participação na série
de Webinars Westcon & Avaya.
Regras para Desempate:
1º. Número de presenças nos Treinamentos Online (quantidade de sessões assistidas);
2º. Pontuações máximas obtidas nos quizzes;
3º. Número de vendas (Avaya) em pedidos colocados na Westcon.
![Page 4: Avaya Networking - br.westcon.combr.westcon.com/documents/43093/Webex07 - MGM NAC (09-dezembro-2011... · Número de presenças nos Treinamentos Online (quantidade de sessões assistidas);](https://reader031.vdocuments.site/reader031/viewer/2022021721/5c014aa109d3f2fa038c6de4/html5/thumbnails/4.jpg)
Link para Apresentações da Série
http://br.westcon.com/content/vendors/avaya-
nes/apresentacoes-e-documentos-treinamentos-
online-westcon-avaya
![Page 5: Avaya Networking - br.westcon.combr.westcon.com/documents/43093/Webex07 - MGM NAC (09-dezembro-2011... · Número de presenças nos Treinamentos Online (quantidade de sessões assistidas);](https://reader031.vdocuments.site/reader031/viewer/2022021721/5c014aa109d3f2fa038c6de4/html5/thumbnails/5.jpg)
5
Soluções de Dados
Ethernet
Switching
Wireless
Networking
Unified
Branch
Access
Control
Unified
Management
Branch & Remote Enterprise
Campus
Data Center
Investimento agressivo no portifólio
![Page 6: Avaya Networking - br.westcon.combr.westcon.com/documents/43093/Webex07 - MGM NAC (09-dezembro-2011... · Número de presenças nos Treinamentos Online (quantidade de sessões assistidas);](https://reader031.vdocuments.site/reader031/viewer/2022021721/5c014aa109d3f2fa038c6de4/html5/thumbnails/6.jpg)
6
Comprehensive, not Complex, Security
Improve security with fully granular control
– Role-based control & network compartmentalization
Enhanced Regulatory compliance
– Partitioning of access & comprehensive reporting
Simplicity
– Centralized policy decision, defined in plain language
Reduced costs
– Supporting existing infrastructure & identity stores, virtual appliance option
Integrated NAC
Simplifies multiple Directories & Databases
User Access
Wired / Wireless / VPN Consistent &
granular control
Consolidates administration
Enhances security & compliance
Centralised & integrated NAC
Corporate or Guest
![Page 7: Avaya Networking - br.westcon.combr.westcon.com/documents/43093/Webex07 - MGM NAC (09-dezembro-2011... · Número de presenças nos Treinamentos Online (quantidade de sessões assistidas);](https://reader031.vdocuments.site/reader031/viewer/2022021721/5c014aa109d3f2fa038c6de4/html5/thumbnails/7.jpg)
7
Why NAC Is Needed
• Enforce corporate compliance policies
• Enforce regulatory compliance policies
• Protect network assets
• Mitigate zero-day attacks
![Page 8: Avaya Networking - br.westcon.combr.westcon.com/documents/43093/Webex07 - MGM NAC (09-dezembro-2011... · Número de presenças nos Treinamentos Online (quantidade de sessões assistidas);](https://reader031.vdocuments.site/reader031/viewer/2022021721/5c014aa109d3f2fa038c6de4/html5/thumbnails/8.jpg)
8
Value Proposition
• Corporate Governance
• Do world class companies do the bare minimum to meet customer expectations or do
they try to surpass customer expectations?
• Corporate governance defines how you want to run your business and includes many
facets over and above regulatory obligations such as overall information protection,
business continuity, guest access policies, employee access policies … Identity
Engines allows you to enforce the corporate governance policies you define.
Regulation or not, no company wants to be in the paper for not protecting their
Intellectual Property or customer information.
• Regulatory Compliance
• Do you have a legal/regulatory obligation to withhold (ex. HIPAA, SOX, PCI)?
• Identity Engines allows you to enforce regulatory policies as part of compliance.
• Operations Cost Reduction
• Do you have to choose between leaving your network wide open or investing
excessively in network operations to deal with all the change requests? Damned if
you do, damned if you don‘t.
• Identity Engines can help you provide the safeguards needed AND reduce operational
expenditures to manage the network.
![Page 9: Avaya Networking - br.westcon.combr.westcon.com/documents/43093/Webex07 - MGM NAC (09-dezembro-2011... · Número de presenças nos Treinamentos Online (quantidade de sessões assistidas);](https://reader031.vdocuments.site/reader031/viewer/2022021721/5c014aa109d3f2fa038c6de4/html5/thumbnails/9.jpg)
9
Evolution of a Problem
Wireless Wired Remote/VPN
Multiple
Identity
Stores
Multiple
Access
Methods
MSFT AD Sun, Novell, Oracle RSA Token
Across multiple locations,
buildings, for multiple users
Science
Business Engineering
Housing
Library
Health Center Student Records
Distance
Learning
Auxiliary Bookstore
Food services
Music
Hosted Events Concerts
Athletics
Summer programs
Community Access Library
Fitness Center
Guest Users?
![Page 10: Avaya Networking - br.westcon.combr.westcon.com/documents/43093/Webex07 - MGM NAC (09-dezembro-2011... · Número de presenças nos Treinamentos Online (quantidade de sessões assistidas);](https://reader031.vdocuments.site/reader031/viewer/2022021721/5c014aa109d3f2fa038c6de4/html5/thumbnails/10.jpg)
10
Consolidation & Access Policy
Consistency
Disparate Silos Common ID & Policy
![Page 11: Avaya Networking - br.westcon.combr.westcon.com/documents/43093/Webex07 - MGM NAC (09-dezembro-2011... · Número de presenças nos Treinamentos Online (quantidade de sessões assistidas);](https://reader031.vdocuments.site/reader031/viewer/2022021721/5c014aa109d3f2fa038c6de4/html5/thumbnails/11.jpg)
11
Guest Access Use Case Scenario
• Secure the network while allowing authorized guests limited access to resources for specified durations
• Allow non-technical staff (e.g., security, reception) to create guest accounts in real-time or in advance of arrival
• Let security/reception create accounts but have IT pre-define restrictions
Guest arrives
Security/reception checks identification and creates a guest access account in real-time
Guest is given temporary and restricted access to the network
Guest account is automatically deleted after authorized duration
![Page 12: Avaya Networking - br.westcon.combr.westcon.com/documents/43093/Webex07 - MGM NAC (09-dezembro-2011... · Número de presenças nos Treinamentos Online (quantidade de sessões assistidas);](https://reader031.vdocuments.site/reader031/viewer/2022021721/5c014aa109d3f2fa038c6de4/html5/thumbnails/12.jpg)
12
Conference Room Access Use Case
Scenario
• Grant varying levels of network authorization to different user types
using the same resources
• Give employees unrestricted network access within a conference
room while giving restricted access to guests in the same room
Public areas are locked down by default
While in the conference room
– Employees are given unrestricted network access (Wired or Wireless)
– Guests are given restricted network access (Wired or Wireless)
No need for the Enterprise to define & manage some ports as open/some as restricted
Since all ports are policy enabled, the real-time policy engine automatically grants appropriate access
![Page 13: Avaya Networking - br.westcon.combr.westcon.com/documents/43093/Webex07 - MGM NAC (09-dezembro-2011... · Número de presenças nos Treinamentos Online (quantidade de sessões assistidas);](https://reader031.vdocuments.site/reader031/viewer/2022021721/5c014aa109d3f2fa038c6de4/html5/thumbnails/13.jpg)
13
Validated Remote Access Use Case
Scenario
• Validate end users‘ non corporate assets (e.g., home PC) prior to
allowing them remote access to the network
• Prevent high-risk or infected assets from accessing the network
and risking greater infection
Completes posture assessment of end user‘s device to ensure that PC is compliant
Checks for valid anti-virus software, updates, personal firewall, etc. as part of authorization
Compliance can be done via clientless captive portal for unmanaged devices
Enterprise can provide different level of access if Employee is at home during off hours versus in the office
![Page 14: Avaya Networking - br.westcon.combr.westcon.com/documents/43093/Webex07 - MGM NAC (09-dezembro-2011... · Número de presenças nos Treinamentos Online (quantidade de sessões assistidas);](https://reader031.vdocuments.site/reader031/viewer/2022021721/5c014aa109d3f2fa038c6de4/html5/thumbnails/14.jpg)
14
Authorized Fixed Assets Use Case
Scenario
• Conduct MAC level authentication to ensure that only authorized
fixed assets (e.g., IP phones, printers, fax machines) connect to the
network and behave how they‘re expected to behave
Allows enterprises to define authorized non-interactive devices (e.g., IP phones, printers, fax machines) that can access the network
Prevents intruders from simply unplugging a printer and accessing the network.
Prevents employees from bringing in their own wireless access points and sharing network services thereby compromising network security
![Page 15: Avaya Networking - br.westcon.combr.westcon.com/documents/43093/Webex07 - MGM NAC (09-dezembro-2011... · Número de presenças nos Treinamentos Online (quantidade de sessões assistidas);](https://reader031.vdocuments.site/reader031/viewer/2022021721/5c014aa109d3f2fa038c6de4/html5/thumbnails/15.jpg)
15
Making Authenticated Networks a Reality
Controle de Rede Decisão de Políticas Armazemanento
de Identidades
Pro
vis
ion
am
en
to d
e G
ere
ncia
men
to e
Se
ss
ão
Vir
tua
liza
çã
o e
Ro
tea
me
nto
de
Id
en
tid
ad
es
LDAP
Wireless
Remote
Inline NAC
Wired
Kerberos
Identity Engines
Ignition Server
Integração por APIs
Active Directory
Multi-factor
Authentication
Guest Access
Posture Assessment
Reporting and Analytics
Network
Access
Control
Administrative
Access
Control
RA
DIU
S
RA
DIU
S/T
AC
AC
S+
![Page 16: Avaya Networking - br.westcon.combr.westcon.com/documents/43093/Webex07 - MGM NAC (09-dezembro-2011... · Número de presenças nos Treinamentos Online (quantidade de sessões assistidas);](https://reader031.vdocuments.site/reader031/viewer/2022021721/5c014aa109d3f2fa038c6de4/html5/thumbnails/16.jpg)
16
Identity Engines Portfolio
Highlights
Adhere to regulatory compliance needs
Secure guest, visitor and contractor access
Collapse existing AAA servers into a single deployment
Centralize policy management to improve and eliminate policy distribution costs
Compartmentalize network to improve resource utilization and reduce attack surfaces
Implement a standards-based NAC solution
Ad
dit
ion
al A
pp
licat
ion
s
Co
re A
pp
lication
Ignition Server
Ignition Guest Manager
Ignition Analytics
![Page 17: Avaya Networking - br.westcon.combr.westcon.com/documents/43093/Webex07 - MGM NAC (09-dezembro-2011... · Número de presenças nos Treinamentos Online (quantidade de sessões assistidas);](https://reader031.vdocuments.site/reader031/viewer/2022021721/5c014aa109d3f2fa038c6de4/html5/thumbnails/17.jpg)
17
Identity Engines Ignition Server
• Centralized, standards-based
policy engine
• Highly-available AAA
appliance for identity-based
network access control
• RADIUS integration with all
enterprise network
equipment
• Quick and deep integration
with major directories
• Detailed logging and
troubleshooting capabilities
• VMware virtual appliance
Provides the underlying logic that defines who can get access to what, when and for how long
Provides the ability to create authorization policies specifically for RADIUS with or without Posture Assessment, MAC Authentication or TACACS+
![Page 18: Avaya Networking - br.westcon.combr.westcon.com/documents/43093/Webex07 - MGM NAC (09-dezembro-2011... · Número de presenças nos Treinamentos Online (quantidade de sessões assistidas);](https://reader031.vdocuments.site/reader031/viewer/2022021721/5c014aa109d3f2fa038c6de4/html5/thumbnails/18.jpg)
18
Identity Engines Ignition Guest Manager
• Front Desk Console
• Automated provisioning/de-
provisioning in 30 seconds
• Choose any access method to
implement
• Wireless, Wired, VPN, SSL
VPN, Dial-up
• Track users
• Guests, Consultants,
Contractors
• Save precious IT staff time
Web application that lets front desk staff create and manage temporary network accounts for visitors
![Page 19: Avaya Networking - br.westcon.combr.westcon.com/documents/43093/Webex07 - MGM NAC (09-dezembro-2011... · Número de presenças nos Treinamentos Online (quantidade de sessões assistidas);](https://reader031.vdocuments.site/reader031/viewer/2022021721/5c014aa109d3f2fa038c6de4/html5/thumbnails/19.jpg)
19
Identity Engines Ignition Analytics
• Identify device usage - who are
your top users?
• Create audit trails – look for trends
of usage, users, and devices
• Increase visibility into activity level
over time, identifying peak usage/
lowest usage
• Deliver flexible reporting formats
including PDF, HTML, RTF and
XLS
Presents your Ignition Server‘s network authorization and authentication information in a variety of summary and detail formats
![Page 20: Avaya Networking - br.westcon.combr.westcon.com/documents/43093/Webex07 - MGM NAC (09-dezembro-2011... · Número de presenças nos Treinamentos Online (quantidade de sessões assistidas);](https://reader031.vdocuments.site/reader031/viewer/2022021721/5c014aa109d3f2fa038c6de4/html5/thumbnails/20.jpg)
20
Módulos de Integração M
ód
ulo
s d
e In
tegr
ação
C
ore
Ap
plicatio
n
Ignition Server
MS NAP Module
TACACS+
![Page 21: Avaya Networking - br.westcon.combr.westcon.com/documents/43093/Webex07 - MGM NAC (09-dezembro-2011... · Número de presenças nos Treinamentos Online (quantidade de sessões assistidas);](https://reader031.vdocuments.site/reader031/viewer/2022021721/5c014aa109d3f2fa038c6de4/html5/thumbnails/21.jpg)
21
Release 7.0 MS-NAP Integration
• Utilize existing applications on
the desktop to conduct posture
(compliance) check.
• Windows XP SP3 and higher all
support MS-NAP within the base
operating system.
• Additional vendors developing
NAP System Health Agents for
non Windows Operating
Systems.
• Single license on Ignition Server
to enable MS-NAP integration
(no additional licensing
needed for the end point).
![Page 22: Avaya Networking - br.westcon.combr.westcon.com/documents/43093/Webex07 - MGM NAC (09-dezembro-2011... · Número de presenças nos Treinamentos Online (quantidade de sessões assistidas);](https://reader031.vdocuments.site/reader031/viewer/2022021721/5c014aa109d3f2fa038c6de4/html5/thumbnails/22.jpg)
22
Release 7.0 MS-NAP Integration (continued)
• Clear notification to end-user on
access status.
• Auto-remediation capabilities.
• ‗More Information‘ to provide end-
user with explicit details on what to
do next (step-by-step instructions,
host s/w etc…)
• Full details in Audit Logs.
![Page 23: Avaya Networking - br.westcon.combr.westcon.com/documents/43093/Webex07 - MGM NAC (09-dezembro-2011... · Número de presenças nos Treinamentos Online (quantidade de sessões assistidas);](https://reader031.vdocuments.site/reader031/viewer/2022021721/5c014aa109d3f2fa038c6de4/html5/thumbnails/23.jpg)
23
Soluções de Dados
Ethernet
Switching
Wireless
Networking
Unified
Branch
Access
Control
Unified
Management
Branch & Remote Enterprise
Campus
Data Center
Investimento agressivo no portifólio
![Page 24: Avaya Networking - br.westcon.combr.westcon.com/documents/43093/Webex07 - MGM NAC (09-dezembro-2011... · Número de presenças nos Treinamentos Online (quantidade de sessões assistidas);](https://reader031.vdocuments.site/reader031/viewer/2022021721/5c014aa109d3f2fa038c6de4/html5/thumbnails/24.jpg)
24
Spanning Voice, Data & Applications
Offers a common look & feel across applications based on SOA architecture
Enables navigation to all management applications with single sign-on & centralized authentication
Provides integrated workflows for managing unified communications networks
Decreases the learning curve for IT personnel
Delivers simplified deployment and system administration configuration
Offers deployment flexibility
Customers can buy the applications they need.
The Unified Management Solution
VOICE & DATA Network Infrastructure
![Page 25: Avaya Networking - br.westcon.combr.westcon.com/documents/43093/Webex07 - MGM NAC (09-dezembro-2011... · Número de presenças nos Treinamentos Online (quantidade de sessões assistidas);](https://reader031.vdocuments.site/reader031/viewer/2022021721/5c014aa109d3f2fa038c6de4/html5/thumbnails/25.jpg)
25
Why is Unified Management Needed?
• Converged network infrastructures are complex to manage
• Resolution time for network related issues must be decreased
• Support costs are high
• Global system and network operations must be available 24x7
• Too many servers—one for every management activity
• Too many management applications to learn
• Re-entering enterprise data over and over leads to potential errors
• Need to automate administration access levels for different user
types
![Page 26: Avaya Networking - br.westcon.combr.westcon.com/documents/43093/Webex07 - MGM NAC (09-dezembro-2011... · Número de presenças nos Treinamentos Online (quantidade de sessões assistidas);](https://reader031.vdocuments.site/reader031/viewer/2022021721/5c014aa109d3f2fa038c6de4/html5/thumbnails/26.jpg)
26
Unified Communications Management Portfolio
Po
rtfolio
Ap
plicatio
ns
Visualization Performance & Fault Manager
IP Flow Manager
Network Resource Manager
Enterprise Policy Manager
Applications
Visualization Performance & Fault
Manager
Multi-vendor network discovery, root cause analysis, network topology maps
Configuration and Orchestration Manager
Configuration and element management
IP Flow Manager
IPFIX collection, analysis & reporting
Enterprise Policy Manager
Network access control policies, bandwidth management, QoS
Network Resource Manager
– Bulk backup and restore management
Configuration & Orchestration Manager
![Page 27: Avaya Networking - br.westcon.combr.westcon.com/documents/43093/Webex07 - MGM NAC (09-dezembro-2011... · Número de presenças nos Treinamentos Online (quantidade de sessões assistidas);](https://reader031.vdocuments.site/reader031/viewer/2022021721/5c014aa109d3f2fa038c6de4/html5/thumbnails/27.jpg)
27
Unified Management Product Positioning
Ideal as:
Discovery, troubleshooting & performance management of all IP/SNMP devices in multi-vendor networks
Detailed topology maps of the IT infrastructure including network devices, IP Phones, Servers & Applications
Virtualization Performance
& Fault Manager
Ideal as:
Network usage monitoring, abuse investigation & growth planning
Analyzing applications, protocols and user activity based on IP Flow data IP Flow Manager
Configuration and
Orchestration Manager
Ideal as:
Centralizing the configuration and provisioning of devices and technologies throughout the network
Simplifying element management with role-based access privileges and audit trails
![Page 28: Avaya Networking - br.westcon.combr.westcon.com/documents/43093/Webex07 - MGM NAC (09-dezembro-2011... · Número de presenças nos Treinamentos Online (quantidade de sessões assistidas);](https://reader031.vdocuments.site/reader031/viewer/2022021721/5c014aa109d3f2fa038c6de4/html5/thumbnails/28.jpg)
28
Unified Management Product Positioning
Enterprise Policy Manager
Ideal as:
Managing network bandwidth, prioritizing traffic streams, & setting network access policies
Enabling critical applications to receive the right QoS
Providing a rapid response to resolving new network threats
Energy Saver
Ideal as:
Centralized console for bulk configuration backup & restore and bulk management of software updates
Pode ser utilizado como um módulo BCM (Bulk Configuration Manager) no COM 2.2 Network Resource Manager
![Page 29: Avaya Networking - br.westcon.combr.westcon.com/documents/43093/Webex07 - MGM NAC (09-dezembro-2011... · Número de presenças nos Treinamentos Online (quantidade de sessões assistidas);](https://reader031.vdocuments.site/reader031/viewer/2022021721/5c014aa109d3f2fa038c6de4/html5/thumbnails/29.jpg)
29
Unified Management Key Features
• Application co-residency – lower CAPEX/OPEX
• Single unified management domain – decreased complexity
• Integrated workflow – reduced errors
• Centralized authentication & navigation – improved user
experience
• Simplified system admin configuration – simple to use
• Flexible XML Architecture – investment protection
![Page 30: Avaya Networking - br.westcon.combr.westcon.com/documents/43093/Webex07 - MGM NAC (09-dezembro-2011... · Número de presenças nos Treinamentos Online (quantidade de sessões assistidas);](https://reader031.vdocuments.site/reader031/viewer/2022021721/5c014aa109d3f2fa038c6de4/html5/thumbnails/30.jpg)
30
UCM Authentication
UCM login with
Single Sign-On
![Page 31: Avaya Networking - br.westcon.combr.westcon.com/documents/43093/Webex07 - MGM NAC (09-dezembro-2011... · Número de presenças nos Treinamentos Online (quantidade de sessões assistidas);](https://reader031.vdocuments.site/reader031/viewer/2022021721/5c014aa109d3f2fa038c6de4/html5/thumbnails/31.jpg)
31
UCM Navigator
Network Management
Application Launch
Todas aplicações do UCM podem ser lançadas do portal!
![Page 32: Avaya Networking - br.westcon.combr.westcon.com/documents/43093/Webex07 - MGM NAC (09-dezembro-2011... · Número de presenças nos Treinamentos Online (quantidade de sessões assistidas);](https://reader031.vdocuments.site/reader031/viewer/2022021721/5c014aa109d3f2fa038c6de4/html5/thumbnails/32.jpg)
32
Configuration and Orchestration
Manager (COM)
• Supports Avaya Ethernet Routing Switch products • ERS 8600, ERS 8300, ERS 5600, ERS 5500, ERS 4500,
ERS 2500, ERS 1600 and WLAN.
![Page 33: Avaya Networking - br.westcon.combr.westcon.com/documents/43093/Webex07 - MGM NAC (09-dezembro-2011... · Número de presenças nos Treinamentos Online (quantidade de sessões assistidas);](https://reader031.vdocuments.site/reader031/viewer/2022021721/5c014aa109d3f2fa038c6de4/html5/thumbnails/33.jpg)
33
Configuration and Orchestration
Manager (COM) • Features:
• Security Manager – change and synchronize passwords
and security features for CLI access, web access, SNMP access, RADIUS properties and access policies.
• SSH Bulk Password configuration: – configure CLI passwords through SSH
(Secure Shell) on multiple devices
• VLAN Manager – View, create, delete or modify VLANs.
View Spanning Tree Protocol information
– Export VLAN configuration to flat files
• Multi-Link Trunking Manager – allows creation, deletion and editing of
Multi-Link or Split Multi-Link (MLT or SMLT)
– Trunk membership information across multiples devices in a network
![Page 34: Avaya Networking - br.westcon.combr.westcon.com/documents/43093/Webex07 - MGM NAC (09-dezembro-2011... · Número de presenças nos Treinamentos Online (quantidade de sessões assistidas);](https://reader031.vdocuments.site/reader031/viewer/2022021721/5c014aa109d3f2fa038c6de4/html5/thumbnails/34.jpg)
34
Novidades COM 2.2 • NRM agora é um módulo BCM no COM • Versões de melhor custo benefício (antes 1000
devices apenas,agora versões de 50, 250, 1200) • Permite instalação conjunta com VPFM para até
200 nós • Antes não era possível
• Suporte aos novos produtos WLAN 8100 e VSP 9000
Novidades COM 2.3 • Módulo VSN para configuração de SPBm
(VENA)
![Page 35: Avaya Networking - br.westcon.combr.westcon.com/documents/43093/Webex07 - MGM NAC (09-dezembro-2011... · Número de presenças nos Treinamentos Online (quantidade de sessões assistidas);](https://reader031.vdocuments.site/reader031/viewer/2022021721/5c014aa109d3f2fa038c6de4/html5/thumbnails/35.jpg)
35
Visualization Performance & Fault
Manager (VPFM) • What is it?
• Delivers discovery, troubleshooting and performance management of all IP/SNMP devices in multi-vendor networks
• Gives detailed topology maps of the IT infrastructure including network devices, IP phones, servers and applications
• Why is it needed? • Administrators need to know what is on
their networks and determine the root cause of problems
• Value Proposition • Reduces complexity • Decreases MTTR • Proactive solution • Lowers TCO thru fault management
![Page 36: Avaya Networking - br.westcon.combr.westcon.com/documents/43093/Webex07 - MGM NAC (09-dezembro-2011... · Número de presenças nos Treinamentos Online (quantidade de sessões assistidas);](https://reader031.vdocuments.site/reader031/viewer/2022021721/5c014aa109d3f2fa038c6de4/html5/thumbnails/36.jpg)
36
Visualization Performance & Fault
Manager (VPFM) • VPFM (as a whole) has two (2) order options:
• VPFM – full-featured and enabled package • VPFM-Lite – subset of VPFM features enabled
• License • Base License (up to 500 MO) • Incremental License (2000 incremental) • Enterprise License (up to 20500 MO)
• Supported devices • Any SNMP capable device • ERS family, SR family, CS1000, WLAN 2300, VPN
Router family
![Page 37: Avaya Networking - br.westcon.combr.westcon.com/documents/43093/Webex07 - MGM NAC (09-dezembro-2011... · Número de presenças nos Treinamentos Online (quantidade de sessões assistidas);](https://reader031.vdocuments.site/reader031/viewer/2022021721/5c014aa109d3f2fa038c6de4/html5/thumbnails/37.jpg)
37
VPFM vs VPFM-Lite Comparison
Features and Function VPFM-L VPFM Features and Function VPFM-L VPFM
Heterogeneous Device Discovery: Standard (IP / SNMP) √ √ Device Knowledge Packs (DKP) for Device Support √ √
Discovery Boundary Constraints Options x √ MIB Compiler and Browser √ √
Device [Status] View √ √ Nortel Icons for NT Devices √ √
L2 and L2 Topology Discovery: Standard (AB, ad, etc.) √ √ Device Performance Monitoring √ √
L2 and L2 Topology Discovery: Proprietary (SONMP) √ √ LAG Performance Monitoring x √
L2 and L3 Topology Visualization √ √ Performance Trending and Graphing x √
Campus Visualization x √ Performance Thresholding (Arm / Re-Arm thresholds) x √
Application (L7) and Server Discovery x √ Performance Data Exporting (HTML, CSV, XML) x √
Application (L7) Visualization x √ Node Licensing (Managed Objects) √ √
VoIP Device Discovery √ √ Default Scopes √ √
VoIP Topology Manager Visualization x √ Custom Scope Definitions x √
Device Availability Monitoring (Scopes etc.) x √ Ping Diagnostics Management √ √
Inventory Viewer √ √ L2 Diagnostics Management x √
Inventory Reporter x √ L3 Diagnostics Management x √
Inventory Exporting x √ SCOM Integration x √
Trap Receiver √ √ Custom HTTP / HTTPS / App Launch x √
Trap (Fault) Viewer / Acknowledgement √ √ Web UI port definitions √ √
Trap Forwarder x √ HTTPS web client √ √
Trap Exporter x √ Client Inactivity Timer √ √
Syslog Viewer √ √ NT RBAC Integration √ √
Syslog Exporter x √ NT SSO Integration √ √
Link Status Propagation √ √ Device Credential Management √ √
Trap Historical Reporting, Retention, and Export x √ NT LSM Integration √ √
Event Correlation and Analysis x √ NT NMS App integration √ √
Event Forwarder x √ MySQL DB Support √ √
Fault Scripting / Event Handling x √ DB Backup / Restore √ √
![Page 38: Avaya Networking - br.westcon.combr.westcon.com/documents/43093/Webex07 - MGM NAC (09-dezembro-2011... · Número de presenças nos Treinamentos Online (quantidade de sessões assistidas);](https://reader031.vdocuments.site/reader031/viewer/2022021721/5c014aa109d3f2fa038c6de4/html5/thumbnails/38.jpg)
Avaya Virtualization Provisioning Service
• Network Visibility & Manageability
• Properly configures switches with
server virtualization aware network
• Reports of network usage and access
• Automation & Control
• Dynamic configuration of the vSwitch
and physical infrastructure
• Historical reporting & tracking on VM
moves & network provisioning
• Server Virtualization Integration
• VMWare support initially
• Future ready for Microsoft, Xen, etc.
Ensures consistent performance
Helps enforce network provisioning
VMWare support
Highlights
Avaya VPS is Network virtualization management solution that delivers visibility,
validation provisioning automation & reporting across the data center, including
network infrastructure, servers, and applications, for both physical and virtual environments
NOVO !!
![Page 39: Avaya Networking - br.westcon.combr.westcon.com/documents/43093/Webex07 - MGM NAC (09-dezembro-2011... · Número de presenças nos Treinamentos Online (quantidade de sessões assistidas);](https://reader031.vdocuments.site/reader031/viewer/2022021721/5c014aa109d3f2fa038c6de4/html5/thumbnails/39.jpg)
Avaya VPS – Architecture
• Offered as a plug-in to Avaya
Configuration and Orchestration
Manager (COM)
• Integrates via a bi-directional data
exchange (based on XML/SOAP and
WMI) between Avaya COM and
VMware Vcenter
• Delivers a relay for end-to-end
management of servers and network
in the virtualized datacenter
environment
• Full support for Avaya stackable and
modular Ethernet switches in both
SPB and non-SPB environments
39
Op
en
AP
I
VMWare
VCenter
COM
VPS
Rules Templates
NOVO !!
![Page 40: Avaya Networking - br.westcon.combr.westcon.com/documents/43093/Webex07 - MGM NAC (09-dezembro-2011... · Número de presenças nos Treinamentos Online (quantidade de sessões assistidas);](https://reader031.vdocuments.site/reader031/viewer/2022021721/5c014aa109d3f2fa038c6de4/html5/thumbnails/40.jpg)
Muito Obrigado!
Rafael Rocha, Sales Engineer | Westcon Convergence
(+55 21) 3535-9314
(+55 21) 9640-3054
![Page 41: Avaya Networking - br.westcon.combr.westcon.com/documents/43093/Webex07 - MGM NAC (09-dezembro-2011... · Número de presenças nos Treinamentos Online (quantidade de sessões assistidas);](https://reader031.vdocuments.site/reader031/viewer/2022021721/5c014aa109d3f2fa038c6de4/html5/thumbnails/41.jpg)
41
IP Flow Manager (IPFM)
• What is it? • Manages network usage monitoring,
abuse investigation and growth planning • Analyzes applications, protocols and
user activity based on IP Flow data captured from Ethernet Routing Switches
• Why is it Needed • Lack of visibility into who and which
applications are consuming network resources and bandwidth
• Value Proposition • More informed/accelerated
resolution/planning decisions • Ability to resolve issues before they
impact productivity • Reduce TCO associated with
planning/diagnosing performance and abuse investigation
![Page 42: Avaya Networking - br.westcon.combr.westcon.com/documents/43093/Webex07 - MGM NAC (09-dezembro-2011... · Número de presenças nos Treinamentos Online (quantidade de sessões assistidas);](https://reader031.vdocuments.site/reader031/viewer/2022021721/5c014aa109d3f2fa038c6de4/html5/thumbnails/42.jpg)
42
IP Flow Manager (IPFM)
• Features • IP Flow (NetFlow v5/v9) Collector • Ethernet Routing Switch 8600 Captured Packets
Collector • Analysis software for real-time and trending of
IP traffic • Unified Communications Management -
Common Services (standalone) • Single Sign On • Top 10 consumers of the network • Standards-based and support IPFIX, NetFlow
V5 and V9 Installer enabling multi-vendor network environment
• Top 10 consumers of the network – Applications (network) – Protocols – Conversations – Hosts – Subnets
![Page 43: Avaya Networking - br.westcon.combr.westcon.com/documents/43093/Webex07 - MGM NAC (09-dezembro-2011... · Número de presenças nos Treinamentos Online (quantidade de sessões assistidas);](https://reader031.vdocuments.site/reader031/viewer/2022021721/5c014aa109d3f2fa038c6de4/html5/thumbnails/43.jpg)
43
IP Flow Manager (IPFM)
• Supported Devices • Ethernet Routing Switch 8600 release 4.1 and
newer (R-modules) • Ethernet Routing Switch 8300 release 4.2 and
newer • Ethernet Routing Switch 5600 release 6.0 and
newer • Ethernet Routing Switch 5500 release 5.0 and
newer • Ethernet Routing Switch 4500 release 5.4 and
newer
• Standards-based and support IPFIX, NetFlow V5 and V9 Installer enabling multi-vendor network environment
• Features • Unified Communications Management -
Common Services (standalone) • Single Sign On
![Page 44: Avaya Networking - br.westcon.combr.westcon.com/documents/43093/Webex07 - MGM NAC (09-dezembro-2011... · Número de presenças nos Treinamentos Online (quantidade de sessões assistidas);](https://reader031.vdocuments.site/reader031/viewer/2022021721/5c014aa109d3f2fa038c6de4/html5/thumbnails/44.jpg)
44
Enterprise Policy Manager (EPM)
• What is it? • Allows network administrators to manage
network bandwidth, prioritize traffic streams, and set network access policies
• Enables critical applications to receive the right QoS and users to be granted access to the appropriate applications
• Provides a rapid response to resolving new network threats
• Why is it needed? • Sensitive Applications such as voice need
prioritizing • Network/application access by users must be
controlled
• Value Proposition • Increases overall security and application
performance • Reduces complexity and simplifies
provisioning or consistent polices • Protects network resources
![Page 45: Avaya Networking - br.westcon.combr.westcon.com/documents/43093/Webex07 - MGM NAC (09-dezembro-2011... · Número de presenças nos Treinamentos Online (quantidade de sessões assistidas);](https://reader031.vdocuments.site/reader031/viewer/2022021721/5c014aa109d3f2fa038c6de4/html5/thumbnails/45.jpg)
45
Enterprise Policy Manager (EPM)
• Supported Devices • Business Communications Manager Releases 3.5, 3.6
and 3.7 • Business Policy Switch Releases 3.0, 3.1 and 3.2 • Ethernet Switch 460/470 Releases 3.5, 3.6 and 3.7 • Ethernet Routing Switch 1600 Release 2.1 • Ethernet Routing Switch 3510 Releases 4.0 • Ethernet Routing Switch 4500 Release 5.0 • Ethernet Routing Switch 5500 Releases 4.3, 5.0 and 5.1 • Ethernet Routing Switch 8300 Releases 2.2, 2.3, 3.0 and
4.0 • Ethernet Routing Switch 8600 Releases 3.7, 4.0 and 4.1 • Multiprotocol Router Releases 15.4, 15.6 and 15.7 • VPN Router Releases 5.0, 6.0 and 7.0 • Secure Router 1001 8.3, 9.2, and 9.3 • Secure Router 1002/1004 8.4, 9.2, and 9.3 • Secure Router 3120 9.1, 9.2, and 9.3
*Due to potential high interface count, one ERS8600 / ERS8300 device counts as 5 devices; each module in a stackable device counts as 1 device. All other devices count as 1.
![Page 46: Avaya Networking - br.westcon.combr.westcon.com/documents/43093/Webex07 - MGM NAC (09-dezembro-2011... · Número de presenças nos Treinamentos Online (quantidade de sessões assistidas);](https://reader031.vdocuments.site/reader031/viewer/2022021721/5c014aa109d3f2fa038c6de4/html5/thumbnails/46.jpg)
46
Network Resource Manager (NRM)
• What is it?
• Centralized console for bulk configuration
and software updates, configuration
backup and restore and centralized
password management
• Why is it Needed
• Network configuration and software
updates must be centralized and
controlled in order to eliminate outages
due to manual configuration errors
• Value Proposition
• Reduces change management and
software update execution times
• Lowers costs, improves security and
eliminates errors
![Page 47: Avaya Networking - br.westcon.combr.westcon.com/documents/43093/Webex07 - MGM NAC (09-dezembro-2011... · Número de presenças nos Treinamentos Online (quantidade de sessões assistidas);](https://reader031.vdocuments.site/reader031/viewer/2022021721/5c014aa109d3f2fa038c6de4/html5/thumbnails/47.jpg)
47
Network Resource Manager (NRM)
• Supported Devices: • Business Secure Router 222 and 252 • Ethernet Switches 460 and 470 • Ethernet Routing Switch 2500 • Ethernet Routing Switch 4500 • Ethernet Routing Switch 5500 • Ethernet Routing Switch 8300 • Ethernet Routing Switch 8600 • Secure Router 1001, 1001S • Secure Router 1002, 1004 • Secure Router 3120 • Secure Router 4134 • Secure Network Access Switches 4050 and 4070 • VPN Gateway 3050/3070 • VPN Router 600, 1000-5000
![Page 48: Avaya Networking - br.westcon.combr.westcon.com/documents/43093/Webex07 - MGM NAC (09-dezembro-2011... · Número de presenças nos Treinamentos Online (quantidade de sessões assistidas);](https://reader031.vdocuments.site/reader031/viewer/2022021721/5c014aa109d3f2fa038c6de4/html5/thumbnails/48.jpg)
The Authenticated Network Architecture
Control who can use the network to access which
resources & when & where they may do so
Centralized, Enterprise-wide network access policies
Consistent & predictable network access
Enhanced security
Facilitates regulatory compliance
48
![Page 49: Avaya Networking - br.westcon.combr.westcon.com/documents/43093/Webex07 - MGM NAC (09-dezembro-2011... · Número de presenças nos Treinamentos Online (quantidade de sessões assistidas);](https://reader031.vdocuments.site/reader031/viewer/2022021721/5c014aa109d3f2fa038c6de4/html5/thumbnails/49.jpg)
Configuration and Orchestration
Manager (COM) Versions
49
Table: Configuration and Orchestration Manager
Complete vs. Base
Features Complete Base
Centralized element management plug-in management – plug-in based – Downloadable install/un-install, upgrade, patch and inventory view
- Centralized off-box multi-user element management
- Access control
Yes Yes
Network discovery and topology Yes No
Audit logs – user based Yes Yes
Centralized syslog and trap viewer Yes Yes
Troubleshooting and diagnostic tools – ping, telnet, path-trace Yes Yes
Topology based configuration management topology and inventory, Split Multi-Link Trunking/Multi-Link Trunking, routing, VLAN, security
Yes No
Wizards and templates based management of complex technologies - Split Multi-Link Trunking/Multi-Link Trunking, VLAN
Yes No
Device configuration file management – backup, restore, diff, etc. Yes No
Device security management – passwords, SNMP community Yes No
![Page 50: Avaya Networking - br.westcon.combr.westcon.com/documents/43093/Webex07 - MGM NAC (09-dezembro-2011... · Número de presenças nos Treinamentos Online (quantidade de sessões assistidas);](https://reader031.vdocuments.site/reader031/viewer/2022021721/5c014aa109d3f2fa038c6de4/html5/thumbnails/50.jpg)
Configuration and Orchestration
Manager (COM)
50
Features & customer Needs Off-box
EDM
On-box
EDM
Comments
Basic device configuration - Device view, device specific configuration
Both EDM flavors offers basic element
management feature for configuration
management based on JDM like features
Complex & Multi select port configuration Complex multiport and multi-select configuration is
available through off-box due to high-performance
needs
HTTPS access & Radius support HTTPs access on modular (8xxx) and Radius
based authentication support for all ERS devices
is available through COM - off-box EDM
VRF context based configuration
VRF context based user assignment and views
are available through off-box EDM only
High performance monitoring - High frequency monitoring
- Multi-select port monitoring
High frequency monitoring <5Sec and multi-select
port monitoring is offered through off-box EDM
Role based Access Control & Audit Logs •Delivers access Control - RBAC
•Audit Logs
•Read-only and Read/write access
COM (off-box EDM) offers,
-Configuration Audit logs for all off-box EDM
changes
-User based device access control for EDM
Centralized Syslog & Trap Viewer
COM offers syslog & trap viewer for centralized
viewing
Troubleshooting & Diagnostic Tools • Ping, CLI*Manager, path-trace
COM Offer troubleshooting & diagnostics tools
Mib Browser COM offers MIB browsers
![Page 51: Avaya Networking - br.westcon.combr.westcon.com/documents/43093/Webex07 - MGM NAC (09-dezembro-2011... · Número de presenças nos Treinamentos Online (quantidade de sessões assistidas);](https://reader031.vdocuments.site/reader031/viewer/2022021721/5c014aa109d3f2fa038c6de4/html5/thumbnails/51.jpg)
56
Vancouver 2010 Case Study • About
• 1st all-IP games with 192K scoring events and 10K hours of television coverage
• Network Management Challenges • Managing network topologies that include 40K
Ethernet ports, 4.5K IP phones and 50 WLAN APs
• Supporting all equipment types including L2/L3 switches and VoIP equipment while understanding physical and logical characteristics
• Proactively monitoring the network to ensure availability and performance
• Solution • UCM via VPFM
• Benefits • Proactive monitoring of network health
indicators • Simplified management of complex networks • Reduced mean time to resolution • Multi-vendor device support with enhanced
resiliency • Easy-to-understand visualization of network
topologies
"Given the critical nature of running the 2010 Vancouver Olympic and Paralympic Games, Bell must be able to
effectively manage and proactively respond to issues before they impact network performance. Avaya's Visualization
Performance and Fault Manager, with its configurable polling, trap reporting and notification features, allows us
to do so.” – Kevin Harshaw
Senior Director Olympic Operations
![Page 52: Avaya Networking - br.westcon.combr.westcon.com/documents/43093/Webex07 - MGM NAC (09-dezembro-2011... · Número de presenças nos Treinamentos Online (quantidade de sessões assistidas);](https://reader031.vdocuments.site/reader031/viewer/2022021721/5c014aa109d3f2fa038c6de4/html5/thumbnails/52.jpg)
57
Avaya’s Unified Management
Applications
![Page 53: Avaya Networking - br.westcon.combr.westcon.com/documents/43093/Webex07 - MGM NAC (09-dezembro-2011... · Número de presenças nos Treinamentos Online (quantidade de sessões assistidas);](https://reader031.vdocuments.site/reader031/viewer/2022021721/5c014aa109d3f2fa038c6de4/html5/thumbnails/53.jpg)
58
MYTH: Cost of Getting into NAC Is Prohibitive
Myth • A NAC rollout is extremely costly, with starting price tags in the
hundreds of thousands
Reality
With Avaya, you can get into the NAC game for less than $24k USD MSRP
While this type of deployment does not deliver full functionality, it provides more than a basic implementation
Includes two ―small‖ Ignition Servers, which in theory can support almost 10,000 users if everything is deployed in full ERS stacks
![Page 54: Avaya Networking - br.westcon.combr.westcon.com/documents/43093/Webex07 - MGM NAC (09-dezembro-2011... · Número de presenças nos Treinamentos Online (quantidade de sessões assistidas);](https://reader031.vdocuments.site/reader031/viewer/2022021721/5c014aa109d3f2fa038c6de4/html5/thumbnails/54.jpg)
59
MYTH: NAC Disrupts the Network Architecture
Myth • Introducing NAC requires careful planning with prominent
architecture changes
Reality
The Identity Engines solution is truly OPEN and will work with ANY existing network device that supports 802.1X or any other port-based authentication mechanism over RADIUS (or TACACS+)
Other vendors‘ solutions do require special protocols, special clients, switch upgrades & in-line devices
![Page 55: Avaya Networking - br.westcon.combr.westcon.com/documents/43093/Webex07 - MGM NAC (09-dezembro-2011... · Número de presenças nos Treinamentos Online (quantidade de sessões assistidas);](https://reader031.vdocuments.site/reader031/viewer/2022021721/5c014aa109d3f2fa038c6de4/html5/thumbnails/55.jpg)
60
What is Unified Communications Management?
• Integrated and centralized set
of enterprise network
management tools that:
• Provides comprehensive
unified management
capabilities across voice,
data and multimedia
applications
• Utilizes a set of built-in
Common Services that
serve as a foundation for
unifying management
applications
• Is an essential component
of an Avaya Enterprise
Solution
Highlights
Decreased Complexity
– Voice & Data management is delivered through a single portal
Reduced Capital & Operational Expenses
– Use of fewer servers
– Quicker time-to-resolution
– Built-in communications enablement across apps (click-to-call, presence, IM)
Flexibility
– Management applications deployable in standalone or integrated modes
Highly Scalable
– Features & applications can be easily added-on over time
Improved workflows
– Information shared between applications
Reduced errors
– Eliminating the need for multiple data entries