hp networking tech day: intelligent management center demo
Post on 18-Dec-2014
3.704 Views
Preview:
DESCRIPTION
TRANSCRIPT
©2009 HP Confidential template rev. 12.10.091©2009 HP Confidential template rev. 12.10.09
Rob HavilandTechnical Marketing EngineerAugust 2010
The Next Giant Leap in Operational Efficiency: Intelligent Management Center
©2009 HP Confidential template rev. 12.10.0922
HP MANAGEMENT PORTFOLIO
Consolidated Operations BridgeEvent Consolidation | Service Health | Analytics | SLM | Reporting | Dashboards
OMi | SH | PI | SLM | BSMR | myBSM
Application Management
EUM / BTMPackaged Apps
System Management
OMSiteScope
Storage Management
Storage Essentials
BSM FoundationCommon Data Model | Actual State DB | PMDB | Shared Services
Network Management
NNMNA
Infrastructure Element Management
Intelligent Management Center, IMC Service ModulesProcurve Manager, PCM modules
Business Services, Operations and Automation
Simple, Advanced Element Management
©2009 HP Confidential template rev. 12.10.0933
Intelligent Management
Managing to achieve Efficiency, Productivity and Availability
©2009 HP Confidential template rev. 12.10.094
Vendor Management Tools
CiscoWorks
AlcatelNortel EMS
Epicenter
IronView
Junoscope
RingMaster
Force 10 - FTMS
Enterasys -EMS
General Management Tools
ManageEngine
MRTG
CLI
Syslog
NAC
Open NMS
Nagios
nTop
The State of Management Today … Obstacles !!
The Future of Infrastructure Management
A Single Pane of Management
©2009 HP Confidential template rev. 12.10.095
Critical Elements of an Integrated Management Solution
Unified resourcemanagement
IMC helps enterprises meet the stringent demands of today’s business-critical IT applications
Unified traffic analysis and change management providing full visibility into business-critical networks
Improving endpoint defense, control and visibility through integrated management and enforcement
Integrated access &user management
Single pane visibility
The Silver Bullets
©2009 HP Confidential template rev. 12.10.0966
Intelligent Management Center (IMC)– What ?: IMC is a Fully integrated management platform that not
only delivers full FCAPS functionality, but through its Service Orientated Architecture (SOA) & modular design enables highly integrated modules to deliver new functionality to control resources, services and users
– Why?: The IMC provides a single common platform for which HP can rapidly introduce new technologies and products
– Positioning: The various platform offerings and modules allow IMC to be sold to ANY and ALL customers from the SMB to the Service Provider
– Benefits:• Lower TCO • Business Continuity • Defense in Depth management and enforcement
©2009 HP Confidential template rev. 12.10.097
Resources
Users
S
Services
Homepage
Overview of network, user and service information
ResourceIntegrated management of network
resources, faults and performance information
UserIntegrated management of user access and security
ServiceProcess management of service flows
IMC– Resource, Service and User integration
©2009 HP Confidential template rev. 12.10.098
The IMC Product SuitePl
atfo
rms
Mod
ules
8
Voice Services Manager
Network Traffic Analyzer
Wireless Services Manager
IMC Standard
IMC Enterprise
MPLS/VPLS/VPN
Endpoint Admission Defense
User Access Management
Qos/SLA
Tool
s
Integration Kit
And More to come …
©2009 HP Confidential template rev. 12.10.099 ©2009 HP Confidential9
Solving the Visibility Problem
©2009 HP Confidential template rev. 12.10.0910
After any enterprise network is constructed, every administrator will face the following problems:
› What applications are running in the network?
› What traffic affects the running of the network?
› What applications are unrelated to services? How to ensure important services?
› How to deploy the resources in the network? How to change the deployment
with the change of services?
› Who or what is consuming bandwidth?
› Whether more bandwidths are needed?
› Which users need to be controlled, and how?
The Problem …
©2009 HP Confidential template rev. 12.10.0911
The Solution … NTA
NTA serverNetwork device
Resolves packets sent from the network device
Collects statisticsto the databaseAnalyzes the data
and generates traffic reports
Packet
NetStream/sFlow
Port mirroring traffic
DIG probeObtains device mirroreddata, and generatesNetStream logs
Analyzes network packets
Picks up statistics information of the traffic that matches the conditions
Outputs the statistics information
Cooperation with multiple models of HP A Series routers, switches and all the network devices supporting port mirroring
Support for multiple log formats such as NetStream and sFlow
Automatic generation of four types of reports based on traffic, application, node, and session
Intelligent traffic baseline and abnormal traffic detection
P2P application traffic monitoring and analysis
MAC address and host name based traffic monitoring
Cooperate with UAM component to provide access details query
©2009 HP Confidential template rev. 12.10.0912
Traffic Reporting
› A traffic report allows you to analyze and observe the inbound and outbound traffic trends, max/min/average rate, traffic summary, and traffic details in a given period.
Traffic informationis taken at a glance
Short-term data is used as a referenceof abnormal trafficdetection
Long-term traffic trendprovides a basis fornetwork optimization
©2009 HP Confidential template rev. 12.10.0913
Application ReportingAn application report allows you to analyze how the usage of an application on an interface varies with time and the change details within a given period.
Who’s consuming bandwidth and what destinations are they going to access?
©2009 HP Confidential template rev. 12.10.0914
Top 10 Traffic Report by Source Host
View the hosts with top ranking and traffic statistics information, including source hosts and destination hosts What protocols are they using ? and whom are they communicating with?
What ports are being frequently used?
©2009 HP Confidential template rev. 12.10.0915 ©2009 HP Confidential15
Solving the Security Problem
Subtitle Placeholder
©2009 HP Confidential template rev. 12.10.0916
– Internal networks are facing various threats:
› External users access the internal network illegally
› Internal users bypass firewalls to access external networks
› Internal users access confidential data without permission
› Not all users have their operating systems patched properly in time
› Not all users‘ virus definitions are up-to-date.
……
The Problem
网络终端的安全威胁
› Current security devices can’t protect internal networks effectively, they …
› Can’t check the security status of hosts on an internal network.
› Can’t control access of legal hosts to the internal network.
› Can’t protect hosts against attacks, such as ARP attacks.
› Internal networks contain large amounts of hosts and are hard to mange, there is …
› No effective solution for centralized management of network assets.
› No monitoring of peripherals such as USB devices.› No monitoring of user network access behaviors.› No way to track software and hardware changes on
hosts in time.……
©2009 HP Confidential template rev. 12.10.0917
Policies and Regulations – SOX Act
From June of 2004 on, all public companies in America must
submit annual reports that include the following contents:
1- A statement of management's responsibility for
establishing and maintaining effective internal control
framework and procedures for financial reporting of the
company.
2- Management's assessment of the effectiveness of the
internal control framework and procedures as of the end
of the company's most recent fiscal year.
How does a company comply with the above internal control policies and regulations for enterprises effectively?
©2009 HP Confidential template rev. 12.10.0918
Network Access Management
Identify
Access
Enforcement• User or Device
•Quarantine, Block, Alert
Device / UserIdentification
User / DeviceAccess Rights
UAM
©2009 HP Confidential template rev. 12.10.0919
Support for Various Access Control Methods
› Support 802.1x and VPN, multiform binding based authentication, domain integrated authentication, and LDAP authentication
©2009 HP Confidential template rev. 12.10.0920
Centralized, Easy Access Management
› Provide “service”-based user classification and management.› Provide centralized display of access user management actions.
©2009 HP Confidential template rev. 12.10.0921
Network Access Management with Health Check
Identify
PrePosture
Access
Enforcement• User, Device, Flow
•Quarantine, Block, Alert
Device / UserIdentification
DeviceHealth Check
User / DeviceAccess Rights
UAM/EAD
©2009 HP Confidential template rev. 12.10.0922
The Endpoint Admission Defense (EAD) solution focuses on the security control at network access points. Through the cooperation between secure clients, security policy servers, network access devices, and third-party software, the EAD solution can force users trying to access a network to comply with the security policies of the network, improving the active defense ability of all user terminals and helping control network resource usage of users.
EAD solutionUser authentication management
Security policy management Cooperative
network devices
Secure client
System patches management
Anti-virus management
......Network access rights management
Endpoint Admission Defense
©2009 HP Confidential template rev. 12.10.0923
Unqualified users are quarantined and forced toImprove their terminals’ security
Quarantined area
Security authentication
Legal users
Illegal users are rejected
Identity authentication
Access requests
Who are you?
Corporate network
Dynamic authorization
Qualified users
Different users enjoy different access rights
Are you secure?
What can you do?
What are you
doing?
Behavior audit
The Four Steps for Secure Access
©2009 HP Confidential template rev. 12.10.0924 ©2009 HP Confidential24
Under the Covers of IMC
©2009 HP Confidential template rev. 12.10.0925
The Framework for Intelligent Management
Communications Bus
Deployed as needed
Modularized
Platform-based
Value Added Solutions
SLA Desktop Asset NAC solutions User Behavior
Value Added Services
MPLS VPN ETTH Provisioning Voice Service MgmtGuest Services
Wireless Services Traffic Analysis EPONAuthentication &
Authorization
Unified Resource ManagementPerformance Monitoring VLAN Management Network Warning
ACL/QoS Management
Configuration ManagementTopology Management Attack Control
Device/Terminal
Device/File/DB Access Adaptation Layer
File System Database
Device ResourceManagement
User ResourceManagement
©2009 HP Confidential template rev. 12.10.0926
IMC Deployment Models
To meet the requirements of scale, performance and high availability. IMC supports Distributed as well as Hierarchical deployment models.
–Distribution allows components of IMC to be deployed as Master or Slave to different servers to implement load balancing and improve the performance and availability,.
–Hierarchical deployment provides scale by utilizing a Parent /Child model with each child IMC managing its own domain, This model provides infinite scalability 1
Distributed
Slave 1 Slave 2 Slave 3
Child IMC
Child IMC
Child IMC
Hierarchical Parent
Master
Using the various deployment models, IMC is managing some of the largest enterprises in the world• SNCF - 15,000+ nodes• China Bank – 63,000 users• Israeli Govt – 11,000 nodes• Taser – 240,000 nodes 1 Based on 5k nodes with 300k
monitoring units per IMC server
©2009 HP Confidential template rev. 12.10.0927 ©2009 HP Confidential27
Summary
©2009 HP Confidential template rev. 12.10.0928
HP IMC is not just a hardware configuration tool - but a single pane of glass for fault,
configuration, accounting, performance and security with visibility not just into the networking infrastructure, but users, endpoints, and services used on the
network
HP IMC is not exclusive to HP products. HP IMC provides over 3000
templates for 3rd party products to provide single-pane FCAPS management
for the entire network
HP IMC is modular, allowing customers to build a solution set appropriate for their
organization with the ability to grow in the future without learning new management
tools
©2009 HP Confidential template rev. 12.10.0929
HP IMC is highly scalable, with distributive and hierarchical modes and customizable administration to work for any topology
regardless of size or geography
Next Generation of HP IMC will offer deep visibility into virtual networks unlike any other tool of its kind. NG HP IMC
supports visibility into VMware resources and will be able to build out that virtual
topology
©2009 HP Confidential template rev. 12.10.093030 ©2009 HP Confidential
Thank You
top related