ridgeline network and service management software · solution with existing summit® and...
TRANSCRIPT
Extreme Networks Data Sheet
Make Your Network Mobile
Ridgeline Network and Service Management SoftwareSecurity Feature Pack 1
Technical Specifications
Increase Network AvailabilityIdentity Manager role-based access control helps reduce network noise by enabling
switches at the network edge to enforce the right policies at the right time and consistently
across the network.
Leverage Existing Network InfrastructureIdentity Manager can be used in Ridgeline to deliver a robust network access control
solution with existing Summit® and BlackDiamond® 8800 series switches in the network.
This increases ROI and can reduce the total cost of ownership.
Reduce Training and Other OverheadThe intuitive user interface and end-to-end workflows help administrators and operators
quickly set up, provision, and manage role-based access control policies across the network.
Reduce IT Support Costs Identity Manager reduces time needed to locate users or devices in the network. Ridgeline
network and service management software and the ExtremeXOS network operating system
provide extensive information about identities and their locations, which can reduce IT
support and troubleshooting time.
Reduce Compliance and Audit CostsIdentity Manager helps to meet compliance requirements for enterprises, and those
mandated for agencies and organizations in the federal framework.
The IT and network organizations within
enterprises are challenged more than ever to
serve users with a diverse set of application
and network access requirements based on
user or device profiles, location, and presence.
The need for the network to understand user
and device “presence,” as well as location
“awareness” from an identity-oriented
approach has become critical as organizational
changes rapidly occur and as the workforce
becomes more agile.
Network and IT functions are now faced with
the challenge of managing network-wide
access rights for users in a consistent manner,
and ensuring that users have access to the
right applications and resources at the right
time, and at the right location.
Extreme Networks® Ridgeline Security Feature
Pack 1 includes the Identity Manager feature.
The Ridgeline Identity Manager working in
conjunction with the ExtremeXOS® modular
operating system brings user, device, location
and presence awareness in networks, and
helps in enforcing corporate policies at every
network point of entry.
Identity Manager provides network-wide
reporting of identities and also helps
administrators manage network-wide
role-based policies for both users and devices
and apply them consistently across the
network to enable seamless mobility and
on-demand access to applications to maintain
business continuity.
2
Extreme Networks Data Sheet: Ridgeline Security Feature Pack 1 Technical Specifications
• The Ridgeline policy manager can be used to create granular policy
constructs that can be associated with roles.
• Ridgeline deploys roles along with the match criteria and policies to
ExtremeXOS switches in the network.
• The Identity Manager feature in ExtremeXOS discovers identities in
the network and places the identities into roles based on the
configured match criteria. The policies associated with these roles are
also enforced in the switches.
• The identities discovered in the network are reported by ExtremeXOS
switches to Ridgeline in real-time along with details such as the role,
NetBIOS host name, MAC address, IP ARP binding, etc.
• The Identity Manager feature in Ridgeline provides a real-time view
of all identities across the network.
Identity Management – Solution Overview The need for the network to understand user and device presence, as well
as location awareness from an identity-oriented approach has become
critical as organization changes occur rapidly and as the workforce
becomes more mobile. Network and IT functions are now faced with the
challenge of managing network-wide access rights for users in a consistent
manner, ensuring that users have access to the right applications and
resources at the right time, and at the right location.
Extreme Networks Identity Manager solution offers a comprehensive set of
features and tools to help IT managers effectively manage and enforce
network-wide role-based access control.
• The Ridgeline Identity Manager provides the management and
provisioning functions to create and manage roles that can be
used to classify or categorize various users including employees,
contractors, guests and others that connect to the organization
network.
5490A-02
User Community& Devices
NetworkInfrastructure
Protected Applications/Data Center
Ridgeline withSecurity Feature Pack 1 Internet
EmployeesERP Applications
& Data
ContractorsCustomer Data
Guests
InventoryApplicationsEdge
11 22 33 44 55 66 77 88 99 1010 1313 1414 1515 1616 1717 1818 1919 2020 2121 2222 2323 2424
MGMT =MGMT =
FAN =FAN =
PSU =PSU =
PSU-E =PSU-E =
STACK NO
1111 1212
11 22 33 44 55 66 77 88 99 1010 1313 1414 1515 1616 1717 1818 1919 2020 2121 2222 2323 2424
MGMT =MGMT =
FAN =FAN =
PSU =PSU =
PSU-E =PSU-E =
STACK NO
1111 1212
11 22 33 44 55 66 77 88 99 1010 1313 1414 1515 1616 1717 1818 1919 2020 2121 2222 2323 2424
MGMT =MGMT =
FAN =FAN =
PSU =PSU =
PSU-E =PSU-E =
STACK NO
1111 1212
`
3
Extreme Networks Data Sheet: Ridgeline Security Feature Pack 1 Technical Specifications
Increase Network AvailabilityThe Identity Manager role-based access control helps reduce network noise
by enabling switches at the network edge to enforce the right policies at
the right time and consistently across the network.
Roles are logical containers into which identities can be placed when they
match certain criteria (a set of attributes). The complete set of match
criteria that can be used for role definitions is listed below.
Ridgeline provides an easy-to-use and intuitive interface to create, manage
and deploy roles to the network.
Complete RoleHierarchy VisualizationID Management Roles
Match Criteria
Policies
RoleConfiguration
Details
Microsoft Active Directory/LDAP Attributes
Attribute Name LDAP Attribute Name Format
City Locality-Name String
Company Company String
Country Country-Name String
Department Department String
Emp-Id Employee-ID String
State State-Or-Province Name String
Title Title String
Email-Id Email-Addresses String
Link Layer Discovery Protocol (LLDP) Attributes
Device Capability
Device Manufacturer
Device Model
Client/Device Attributes
MAC Address
MAC OUI
IP Address
4
Extreme Networks Data Sheet: Ridgeline Security Feature Pack 1 Technical Specifications
Roles can also be nested to create a role hierarchy to match or customize
an organization’s security policy. Policies created using the integrated
policy manager in Ridgeline can be attached to the configured roles.
The integrated policy manager features an easy-to-use GUI and workflows
to define granular policies such as Access Control Lists (ACLs), Quality of
Service (QoS) parameters, rate limiting and other capabilities. These
policies can be used to associate with roles. The roles and the associated
policies are distributed and synchronized with ExtremeXOS-based
switches running Identity Manager. The policies are enforced by the
switches when identities are discovered and placed into roles based on the
match criteria.
5650-01
Policy Manager Workflows
Define Policies
Craft Policy Rules
Deploy forIdentity Managerand Gain Visibility
5
Extreme Networks Data Sheet: Ridgeline Security Feature Pack 1 Technical Specifications
Network Security and Threat Management
Ridgeline’s Network Security Manager provides a simple yet effective
integration with McAfee Network Security Manager (NSM). Ridgeline
provides visibility and correlation between malicious users and threats to
identities that are managed using the Identity Manager. Ridgeline provides
capabilities to collect and parse security violations or threats reported by
McAfee NSMs in the network, correlate these threats with identities
managed using the Identity Manager, and can apply policies dynamically in
the network to mitigate the threat.
Reduce IT Support Costs for OrganizationsIdentity Manager helps shorten the time taken to locate and troubleshoot
the users or devices in the network. In addition, Ridgeline provides
extensive information about identities:
• Location by edge switch and port
• Authentication method used
• Authentication status
• Authorizations (for example, VLAN memberships, currently
identified role for the user, etc.)
This can significantly reduce the time taken for IT support personnel to
help and troubleshoot problems reported by users.
Meet Compliance and Audit Requirements
Identity Manager can help meet compliance requirements for enterprises,
and requirements mandated for agencies and organizations in the federal
framework.
• Support for strong EAP types in IEEE 802.1X coupled with role-based
policies can prevent threats from propagating past the edge layer
• The detailed network reports in Ridgeline help to meet compliance
requirements, and can serve as reports for auditing
Leverage Existing Network Infrastructure
The Extreme Networks Identity Management solution does not require
organizations to replace switches or add other hardware or software
products in order to get the role-based access control feature. Ridgeline
can work with existing Summit X series and BlackDiamond 8K series
switches in the network to deliver a robust network access control. This
increases ROI and reduces the TCO.
Reduce Training and Other OverheadRidgeline provides detailed workflows and wizards to effectively provision
roles and policies, thus preventing configuration mistakes from getting into
the network. Further, as a result the users can be assured of network
availability for applications and services they demand.
Extreme Networks Data Sheet: Ridgeline Security Feature Pack 1
Make Your Network Mobile
© 2011 Extreme Networks, Inc. All rights reserved. Extreme Networks, the Extreme Networks logo, BlackDiamond, ExtremeXOS, Ridgeline and Summit are either registered trademarks or trademarks of Extreme Networks, Inc. in the United States and/or other countries. All other trademarks are the trademarks of their respective owners. Specifications are subject to change without notice. 1771_02 10/11
extremenetworks.com
Corporateand North AmericaExtreme Networks, Inc.3585 Monroe Street Santa Clara, CA 95051 USAPhone +1 408 579 2800
Europe, Middle East, Africaand South AmericaPhone +31 30 800 5100
Asia PacificPhone +65 6836 5437
JapanPhone +81 3 5842 4011
Technical Specifications
Technical SpecificationsThe Security Feature Pack 1 is an add-on feature pack that can be enabled
on Ridgeline-based software release 3.1 or higher with appropriate
licensing. Please refer to the “Ordering Information” section for a complete
list of part numbers and descriptions.
The Security Feature Pack 1 contains the following features as of
Ridgeline 3.1-based software release.
• Identity Management
The following network security platforms can be integrated with the
Ridgeline Network Security Manager included in Security Feature Pack 1.
• McAfee Network Security Manager (Version 5.1.17.5)
Identity Management Technical SpecificationsThe following table provides the list of ExtremeXOS-based switches that
support the Identity Management feature.
ProductsExtreme Networks OS Requirements
Summit X150 seriesSummit X250 seriesSummit X350 seriesSummit X450e seriesSummit X450a seriesSummit X460 seriesSummit X480 seriesSummit X650 series
ExtremeXOS 12.5.2 or later
BlackDiamond 8500 series modules ExtremeXOS 12.5.2 or later
BlackDiamond 8800 c-Series modules ExtremeXOS 12.5.2 or later
BlackDiamond 8900 series modules ExtremeXOS 12.5.2 or later
BlackDiamond 8900-xl series modules ExtremeXOS 12.5.2 or later
Ordering Information
Part Number Name Description83505 Security FP1 Base-50 Security FP 1 includes the Identity Management feature which provides Role-Based Access Control
management capabilities. Provides management capability for 50 network devices. Requires
Ridgeline 3.1 Base-50. Key only.
83506 Security FP1 Add 50 Devices Security FP1 Add 50 Devices is a scalability upgrade to provide management capability to an
additional 50 network devices. Requires Security FP 1 Base-50. Key only.
83507 Security FP1 Add 250 Devices Security FP1 Add 250 Devices is a scalability upgrade to provide management capability to an
additional 250 network devices. Requires Security FP 1 Base-50. Key only.
83508 Security FP1 Up To 2000 Devices Security FP1 Up To 2000 Devices is a scalability upgrade to provide management capability to a
maximum of 2000 network devices. Requires Security FP 1 Base-50. Key only.
For the latest Ridgeline-based software product specifications, Security Feature Pack 1 specifications, service packs and evaluation software/licenses, please
visit the Ridgeline page on our Website: http://www.extremenetworks.com/go/ridgeline.
For more information about Security Feature Pack1 and other feature packs contact your local Extreme Networks Account Manager or send an e-mail to