Management Solution for Cisco NG Advanced Security Services

IPSec & virtual FirewallManagement solution

October 2007

Dorado Software: Redcell Management SW

• A certified Cisco Technology development Partner

• Develop specialized product packages that address Cisco-specific IT infrastructure features as part of the Redcell Security Services Management Solution

Redcell Security Services Management Overview - Cisco Edition -

• Enhance Cisco’s network based security and managed security solutions by providing a scalable and easy to use GUI based provisioning and monitoring system.

• Provide an easy to use, graphical based, heterogeneous network and service management system

• Perform centralized configuration management• Flow-through automated provisioning, decrease service activation

time and decrease errors associated with manual tasks

Cisco XR 12000 SPA-IPSEC12x0612x0612x1612x16 12x1012x1012x0412x04

Redcell Security Services Management – Cisco Edition -

• Manage XR-12K based vFW services on MSB and IPsec services on VPN SPA

• Provides scalable and easy to use GUI based provisioning and monitoring system• Overall management of the MSB • Overall management of the VPN SPA• Management of VRF-Aware Service

Interface (VASI)• Management of vFW• Management of IPsec and GRE• Management of Service Policies

vFW Services Management Solution - Detailed

• Detailed Discovery and Asset Management of Cisco XR 12000 device

– Topology (logical & geographical) of all discovered devices– Device level configuration (FW, VASI, Blade HA)– Fault Management – Performance Management (vFW MIB support)

• Advanced configuration of Cisco XR-12K Multi-Service Blade (MSB)

– Discovery of the MSB (Context, Resource classes, Interfaces, ACLs, HA)

– Inventory (Physical & Logical) of the MSB

• Centralized Service Allocation and Provisioning for Service / Security policies

– ACLs– NAT / PAT– Inspections

• Upgrade & Patch– Firmware / Software– Security Patches

• Change Management– Firewall context and ACL changes

12x0612x0612x1612x1612x1012x10

12x0412x04

vFW Services Management Solution - Workflow

1. Discovery – Bring all the target devices under management by Redcell

2. (Optional) – Create network objects for use in Redcell Service Policies

3. (Optional) – Create VASI for use within the vFW

4. Create the vFW service, which creates the context. This includes fault tolerance configuration, FMI assignment, Resource Class configuration, and interface configuration

5. Create (multiple) Service Policies for use with the context. This includes ACLs, NAT/PAT (via multimatch), management policies, and inspection (FTP/HTTP) policies

Access Access networknetwork

Transit / DistributionTransit / Distribution CoreCore PeeringPeeringPoPPoP

Typical Deployment at the PoP

P

CRS-12000 CRS-1XBXB

XBXB

PE

PE

PE

PE

XBXB

XBXB

I

P

PP

SP CORE

PE

XR-12000

FW Services are provided at the customer facing interface

Stateful FW Intra-chassis HA support

Service Configuration & Network Management by Dorado Software – Redcell solution

CE

vFW NAT

Dorado Software

IPSec Services Management Solution - Detailed• Detailed Discovery and Asset Management of Cisco XR

12000 device– Topology (logical & geographical) of all discovered devices– Device level configuration – Fault Management – Performance Management (IPSec MIB support)

• Advanced configuration of Cisco XR 12000 IPSec VPN SPA

– Discovery of the IPSec VPN SPA (ISAKMP, IPSec, PKI, Failover, ACL, Service Tunnel)

– Inventory (Physical & Logical) of the IPSec VPN SPA

• Service Allocation and Provisioning for IPSec / ISAKMP VPNs

– Including IPSec + GRE tunnels– Remote Access / EZ-VPN

• Upgrade & Patch– Firmware / Software– Security Patches

• Change Management– IPSec + GRE service interfaces– ISAKMP configuration

Cisco XR 12000 SPA-IPSEC

12x0612x0612x1612x1612x1012x10

12x0412x04

IPSec Services Management Solution - Workflow

1. Discovery – Bring all the target devices under management by Redcell

2. (Optional) Create Service templates for use in the service

3. Configure (multiple) IPSec customer sites as the service endpoints

4. Provision the IPSec (or IPSec / GRE) service

Cisco XR 12000 SPA-IPSEC

Redcell Lifecycle Management Features – Cisco Edition -

Visibility; Configuration file back-up and restoration; Software (OS) release management; Comprehensive logging & auditing;Service & device health monitoring;Change detection & remediation;Event management & automation;Graphical service, network, and device topology; Service provisioning; andComprehensive reporting on everything!

Redcell offers complete lifecycle management

Redcell Lifecycle Management Features – Cisco Edition -

Deep Discovery and Resynchronization

Discover entire environment many different ways including via subnet, IP range, IP address or host name. Deep discovery all H/W, S/W, physical, and logical subcomponents.

Inventory View Single database and Graphical User Interface (GUI) of complete device assets for consistent IPsec and Firewall service configuration and activation

Equipment Group Management

Create static, dynamic, nested, and mixed groups for applying one-to-many changes to disparate network devices and group reporting

Discrete Configuration Real-time discrete configuration of devices via GUI

Active Configuration Graphical scripting / command-based configuration

Configuration File Management

Device configuration file backup, restore, view, edit, delete and compare. Template-based creation and management of full or partial, configlet, configuration files.

Redcell Lifecycle Management Features – Cisco Edition -

Device Asset Topology Hierarchical visual mapping with alarm propagation. Visualize interrelationships of managed systems and underlying infrastructure down to the interconnect level.

Task/ Job Scheduler Perform functions and tasks at scheduled times and intervals

Audit Trail Record all actions – system, user, device

Monitoring Performance monitoring (SNMP data collection & graphing, primarily used for thresholding), event/alarm monitoring (syslog/SNMP traps), and service monitoring (correlates SNP and Syslog events to defined services for service monitoring , as service-affecting alarms)

Reporting Flexible template-based inventory reporting by device, subcomponent, and service. Exportable to .csv, html, .pdf formats

User Security Management Multi-level security for individual user and group administration

OSS interface Web services/SOAP (XML) and SNMP trap forwarding

• Application Server– Solaris SunFire V240 with Dual 1.34 GHz CPU– Windows Pentium 4, 3.2 GHz CPU– 2 GB RAM / 20 GB available disk space

• Mediation Server– Solaris SunFire V240 with Dual 1.34 GHz CPU– Windows Pentium 4, 3.2 GHz CPU– 2 GB RAM / 10 GB available disk space

• Database Server (Oracle)– Solaris SunFire V440 with Quad 1.593 GHz CPU– 4 GB RAM / 20 GB available disk space

Hardware Requirements – Cisco Edition -

Clustered Server High Availability

Deployment Options – Cisco Edition -

Contacts

• Redcell Security Services Management – Cisco Edition - link

www.doradosoftware.com/ciscoSecurity

• For additional information please contact

sales-aswan@doradosoftware.com