SlideShare ist ein Scribd-Unternehmen logo

Winhon Network Solution

J
Jinzdm

Winhon Network Solution

Business
1 von 74
Downloaden Sie, um offline zu lesen
HPE Aruba 網路解決方案 (有線/無線)
2 About HPE Aruba
3 HPE Aruba • HP 2015 分成兩家 Fortune 50的公司,Hewlett-Packard Enterprise 簡稱 HPE • HPE Networking 在Gartner 2016年9月的市場調查與Cisco連續6年同為僅有的2家 領導品牌 • HPE Networking 在 2015 年併購 Aruba Networks
4 HPE Aruba 始終居於市場領導定位 2016年 8月 Gartner 報告肯定 HPE Aruba 的領導地位 This graphic was published by Gartner, Inc. as part of a larger research document and should be evaluated in the context of the entire document. The Gartner document is available upon request from Aruba, a Hewlett Packard Enterprise company. Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties or merchantability or fitness for a particular purpose. Source: Gartner Magic Quadrant for the Wired and Wireless LAN Access Infrastructure August 2016. Tim Zimmerman, Christian Canales, Bill Menezes, Danilo Ciscato ID Number: G00291908 • HPE Aruba與思科為僅有的兩家領導品牌 • HPE Aruba 提供單一智慧網路,網路安全,網路管 理輕鬆掌握 市 場 佔 有 率 產品技術 HPE Aruba is Here
5 台灣無線網路市場占有率冠軍
6 Products Overview
7 Components HPE Aruba 單一廠商提供完整有線及無線解決方案 Unified Multi-vendor 存取控管政策 End-to-end Multi-vendor 管理 Best of breed 無線網路 Optimized for wireless aggregation 有線網路無線網路 802.11ac APs Mobility Controllers BLE Beacons 有線網路 Switches 存取控管政策 ClearPass 管理 AirWave IMC For IT For LOB 分析分析 Mobile engagement & business analytics
8 HPE Aruba Wireless
9 Pioneered WLAN Switch Architecture Centralized Architecture Solves Security and TCO for WLANs “Thin” Access Points 集中式的 Aruba Mobility Controller 802.11a/b/g Antennas Policy Mobility Forwarding Encryption Authentication Management “Fat” Access Points ▪ WiFi 無線網路訊號點 • 無線網路存取 • 無線網路 IDS/IPS • RF 自動掃描偵測 • 無線定位服務 • 封包擷取 (Packet Capture) • AP 沒有認證加密金鑰及憑證 ▪ Controller 可以看到所有 RF 訊號 • 自動設定功率及頻道,自動優化 ▪ 深度網路安全機制 • 集中式的認證 (設定, 執行) • 集中式的加密 • 認證加密金鑰及憑證 • 監看整理安全威脅 • 內建的 Per-User Stateful Firewall ▪ 業界領先的 QoS 功能 ▪ 廣泛的網路連通功能 ▪ 單一的管理控制介面
10 Aruba Controller Master-Local
11 HPE Aruba Controller 系列 7030 Large branch Up to 64 APs and up to 8Gbps throughput Midsize branch with integrated switch 12 or 24 ports of PoE+ for unified branches Up to 32 APs Small branch Virtualized or PoE-powered controllers Midsize Campus High performance, fixed form factor Up to 256 APs, 12 Gbps throughput Large Campus High performance, redundant power/fan 512 – 2048 APs, up to 40Gbps throughput 7240 7220 7210 7205 7024 (24 PoE+) 7010 (12 PoE+) 7005/7008 (16 AP) Branch Campus http://www.arubanetworks.com/products/networking/controllers/
12 Broad Portfolio of WLAN Connectivity 飯店專用 103H/203H 2 ports 11n dual 205H/303H 3 ports 11ac dual PSE 室內型 330 Series 11 ac WAVE 2 4x4 MU-MIMO Smart Rate (2.5GBASE-T) 戶外型(全向/指向) 270/360 Series Outdoor 3x3 11ac 惡劣環劣使用 228 Series Industrial grade 3x3 11ac HPE Aruba 無線 AP系列紅字:目前熱銷機種, 藍字:未來替代機種 310 Series 11ac WAVE 2 Carpeted space 3x3 MU-MIMO 2.1 Gbps 300 Series 11ac WAVE 2 320 Series 11ac WAVE 2 4x4 MU-MIMO 2.5 Gbps, Dual uplink 200 Series Wave 1 2x2 11ac MIMO 1.2 Gbps 103 /207 Series Lower cost 2x2 11n /2x2 11ac 600 Mbps Remote Access Points RAP-3WN(攜帶型)/203R 2 ports, 2.4GHz, PSE RAP-108/109(吊掛) 1 port, 11n dual radio RAP-155(桌機) 4 ports, 11n dual radio, PSE 210 Series 11ac WAVE 1 3x3 MIMO 1.9 Gbps 220 Series 11ac WAVE 1 3x3 MIMO 1.9 Gbps, Dual uplink http://www.arubanetworks.com/products/networking/access-points/ 最常選用規劃的AP型號,另有IAP 版本可選用 飯店旅宿in-wall選用型號 分公司、外點辦公室選用型號, 內建VPN功能 定位系統
13 Controller 集中控管 Thin AP 或 分散式無 Controller (Instant AP, IAP) Small, temporary & home office Wi-Fi Remote APs, VIA Mobile/Laptop Client Distributed, controllerless WLAN with Aruba Instant Controller-based WLAN with ArubaOS Simplified branch deployment with clusters Centralized encryption with advanced services at scale 相同的 AP 硬體
14 Aruba Instant Virtual Controller AP setup -SSID -Security -Guest Access Adaptive Virtual Controller
15 Aruba IAP Multi-Site Deployment - Configuration changes - Network reporting - Device tracking - Troubleshooting KaohsiungTaipei Taichung AirWave
16 HPE Wired Switches
17 HPE Networking Product Segment OfficeConnect Wired & wireless networks for small businesses • 1900, 1800, 1600, 1400 switch series • Small business APs • R100 wireless VPN router series Small BusinessCampus & Branch HPE Aruba Mobile-first enterprise networks for campus, branch & remote • APs & Beacons • Controllers, SDN Apps • 5400R, 3810, 2920, 2530, • ClearPass, Meridian, ALE AirWave, Central, IMC FlexNetwork Traditional enterprise routing / switching at the campus & branch • 10500, 7500 • 5510, 5130, 5120 • MSR 900, 1/2/3/4K • HSR 66/6800 • VSR 1000 IMC Web GUI Data Center FlexFabric Traditional enterprise data center networks • 12900,7900 • 5950 • 5930, 5940 • 5900, 5900CP, 5700 • DCN, VCN, 5900v, SDN IMC Altoline Data center networks for cloud-scale • 6900 • 6920, 6921 • 6940, 6941 • 6960 IMC
18 HP FlexCampus – Modular Switches • 4, 8 and 12-slot chassis • 13Tbps Switch Capacity • 40 GbE capable (up to 96 ports) • 100 GbE • 576 10 GbE or 1 GbE ports • Full L3 features & IPv6/MPLS • IRF stacking • MDC • SDN OpenFlow 1.3 • 2, 3, 6 and 10-slot chassis • 4.8Tbps Switch Capacity • 40 GbE capable , 40 ports • 160 10 GbE ports, 480 1 GbE ports • High-density PoE+ • Full L3 features & IPv6/MPLS • IRF stacking • MDC • SDN OpenFlow 1.3 10504 10508 10508V 10512 7502 7503 7506 7506V 7510 SMB & Branch Core Enterprise access Campus Core • 6 and 12- slot compact chassis • Redundant management and power for modules • 760Gbps Switch Capacity • 96 10 GbE ports, 288 1 GbE ports • 288 ports full PoE+ capable • Full L3 features • SDN OpenFlow 1.3 5406R 5412R
19 HPE FlexNetwork fixed port switch portfolio IMC single-pane-of- glass management Traditional enterprise switching for the campus & branch 9 3600 v2 EI/SI − Layer 3 Advanced with multicast routing − 24 or 48 ports − 10/100 − PoE+ models − 9 chassis IRF − Comware 5 − Basic Layer 3 with static & RIP routing − 24 or 48 port models − PoE+ models − 4 fixed 10 GbE uplinks − Redundant power − EEE − 9 chassis IRF − OpenFlow − Comware 7 5120 SI − Layer 2+ with static routing − 8, 16, 24 or 48 ports − PoE+ models − Up to 4 fixed Gig uplinks − Redundant power − ACLs − 4 chassis IRF − Comware 5 − Basic Layer 3 with Static & RIP Routing − 24 or 48 port models − Full 48 Port PoE+ − Dual Redundant PS − Fixed and modular 10GbE uplinks − 9 chassis IRF − MACsec support − EEE − OpenFlow − Comware 7 3100 v2 EI/SI − Layer 2+ − 8, 16, 24 or 48 ports − 10/100 − ACLs − PoE models − Comware 5 − Advanced Layer 3 − 24 or 48 port models − Enhanced MPLS/VPLS support − Full 48 Port PoE+ − Dual Redundant PS − 9 chassis IRF − Fixed and modular 10GbE uplinks − MACsec support − EEE − OpenFlow − Comware 7 Fast Ethernet Switches Gigabit Ethernet Switches 5130 HI 5130 EI 5510 HI 40 Gigabit Uplink EOS
20 Aruba campus switch portfolio Enterprise, branch and SMB networks − Layer 2 − 8, 24 or 48 ports 10/100 − sFlow, ACLs, IPv6 − Fanless − 10GbE uplinks − PoE+ models Fast Ethernet Switches • Layer 3 with static & RIP routing • 8, 24 ,or 48 ports • 10/100 • PoE+ models • Redundant power • GbE uplinks 2620 2530 − Layer 2 − 8, 24 or 48 ports Gig − sFlow, ACLs, IPv6 − Fanless & compact models − Models with 10GbE uplinks − PoE+ models 2530 2540 − Basic Layer 3 with static & RIP routing − 24, 48 ports Gig − PoE+ models − Fixed 1GbE and 10GbE Uplinks − sFlow, ACLs, IPv6 2920 2930F − Basic Layer 3 with static & RIP routing − 8, 24, 48 ports Gig − PoE+ models − Fixed 1GbE and 10GbE Uplinks − Internal Power supply − OpenFlow − Basic Layer 3 with static & RIP routing − 24, 48 ports Gig − PoE+ models − Stacking − Modular 10GbE uplinks − OpenFlow 3810 − Advanced Layer 3 − 24 or 48 port Gig − Smart Rate multi-gigabit Ethernet − Wire speed 40GbE − PoE+ models − Modular uplinks − Redundant power − 10 unit stacking − OpenFlow Gigabit Ethernet Switches 10G /w 40 Gigabit Uplink
21 HPE OfficeConnect 1 &10 Gigabit Smart Managed Switch 21 Entry – 1G copper only, VLANs, link aggregation, loop protection 1620 Switch Series Basic – 1G copper and 1G fiber, VLANs, link aggregation, STP, RSTP 1820 Switch Series Basic – 1G and 10G copper, VLANs, link aggregation, STP, RSTP 1850 Switch Series Advanced – 1G and 10G copper, 10G fiber, VLANs, link aggregation, ACLs. STP, RSTP, MSTP. Static routing, stacking 1950 Switch Series Advanced – 1G copper and 1G fiber, VLANs, link aggregation, ACLs. STP, RSTP, MSTP. Static routing 1920 Switch Series Functionality Features
22 HPE Cloud-First ToR access switches Top-of Rack, Access Converged Infrastructure FlexFabric 5950 FlexFabric 5940 FlexFabric 5930 FlexFabric 5900/CP FlexFabric 5700 6125/6127XLG Moonshot-45XGc 10/25/40/100GbE ToR Native L2 VXLAN Support 10/40/100GbE ToR Native L2/L3 VXLAN Support EVPN support 10/40GbE ToR Native L2 VXLAN Support 1/10GbE ToR Full Layer 3 with Data Center Features (DCB, FCoE, TRILL, SPB) Converged ToR Ethernet/FCoE/FC (4&8 Gb/s- 5900CP) 1/10GbE ToR Layer 2/Light Layer 3 with Data Center features (DCB, FCoE, TRILL) HPE BladeSystem Interconnect Comware v7 based High Performance / Overlay Competes against Cisco Nexus 92xx High Performance / Overlay Competes against Cisco Nexus 92xx High Performance / Overlay Competes against Cisco Nexus 93xxx High Performance Competes against Cisco Nexus 55xx/5600 Best in class TCO Competes Against Cisco Nexus 2K Feature Rich Competes against Cisco 3120x Blade Switch No licensing, including MPLS edge Convergence every port VXLAN GW No licensing, including MPLS edge Convergence every port VXLAN GW Integration with NSX and Helion as L2 VXLAN GW Entire stack without licensing, including MPLS edge (SP/Telcos) Convergence on every port with IRF Switching at the cost of a multiplexer Power of Comware v7 within Moonshot
23 Switching for the Mobile-First Campus Gigabit Access Multi-Gig Access Aruba 2920 Aruba 5400R POE+ SDN Optimized Smart Rate Multi-Gig Ports Aruba 2530 AirWave & ClearPass Stacking Aruba 2930F Central Aruba 2540 VSF VSF Aruba 3810
24 HPE Aruba Wired & Wireless解決方案示意圖 • 外地出差 • SMALL OFFICE/HOME OFFICE ClearPass Airwave HPE Aruba (Wireless) Mobility Controller 員工 HPE Aruba PoE Switch HPE Aruba Core Switch Aruba Remote AP AD/LDAP Other user DB Internet AP HPE Aruba Access Switch FortiGate NGFW HPE Aruba 802.11ac AP Desktop User Laptop Wired User Soft Phone Wireless Users IMC HPE Aruba Edge Switch
網路服務的需求 網路擴充性 網路穩定性 網路維運成本 Unified Communication 利用網路提高生產力 BYOD 及 IoT 勢不可擋 考慮到安全性嗎? 遠端使用者快速 存取應用程式 Mobile Engagement 網路不只是基礎架構 而是生財工具
26 網路擴充性 網路穩定性 網路維運成本 wireless and wired infrastructure
減少無線網路抱怨 with Aruba 802.11ac and ClientMatch 事先知道無線網路問題,而非事後被抱怨 with Aruba Clarity and AirWave 無線網路除了效能,應力求穩定與可視化管理 不是單用 AP、Controller 的技術規格來比較 應用程式可視化,重要的應用優先 with Aruba AppRF
HPE Aruba 無線網路:不只是集中控管 Aruba 領先的Thin AP技術帶來管理、維護與系統穩定優勢! 1 2 3 COREDISTRIBUTIONACCESS DATA CENTER 3 3 2 2 1 1 4 4 5 5 101 102 101 102 101 102 101 102 EMPLOYEE EMPLOYEE EMPLOYEE 201 202 201 202 201 202 GUEST GUEST GUEST 202 201 1 1 2 2 3 3 GRE/IPSec TUNNELS STANDBY ACCESS BLOCK 1 ACCESS BLOCK 2 ACCESS BLOCK 3 ARUBA Mobility Controller Wireless VLAN Pooling: VLAN 不再依樓層或建物設定而是自動 Load Balance • 有線網路只須於Core及Aruba Controller 設定無線網路 VLAN • 只須要維護控制器,不需要維護AP Wireless VLAN 使用者會移動,再也不是依樓層來分配VLAN • Aruba 輕易區分 Broadcast Domain • 動態分配使用者 VLAN • 使用者被分配VLAN後,VLAN跟者使用者走 • 不會因使用者位置造成分配不均 ACTIVE
Adaptive Radio Management 解決無線網路訊號及負載問題 • 自動調整最佳 Channel / Power 避免干擾,減少漏洞 (Self-Healing) • 可識別無線Wi-Fi及非Wi-Fi的訊號干擾 • Controller 集中式的決策控管,避免 AP channel hopping 產生 微波爐
Match to another AP DEVICE TYPE INTERFERENCELOCATION CONGESTION REAL-TIME RF CORRELATION Enables use of 802.11ac Wi-Fi rates ✓ 98% of mobile devices with higher SNR ✓ 94% better performance for “sticky” clients ✓ No client-side software required Aruba ClientMatch™ •協助用戶端漫遊,避免沾黏於訊號差的AP:Say Goodbye to Sticky Clients •AP自動負載平衡: 依照頻譜、AP負載量、用戶訊號等分配無線使用者連線 •Band Steering/Band Balancing:協助支援2.4及5GHz雙頻用戶端連線到5GHz頻段,充分利用 5GHz頻段較多,干擾較少的優勢。
With Enhanced ClientMatch (3 clients)Without Enhanced ClientMatch (3 clients) 進階 ClientMatch™ 感知 MU-MIMO用戶端,提升整體效能 W1 AP1 W2 AP2 W1 C1 W2 C2 W2 C4 Aggregate Downstream Throughput Efficiency of MU-MIMO • 1SS clients deliver ~75% • 2SS clients deliver ~65% Without ClientMatch With ClientMatch AP1 300 Mbps AP2 300 Mbps Network 600 Mbps ClientMatch Without ClientMatch With ClientMatch AP1 300 Mbps 300 Mbps AP2 300 Mbps 450 Mbps Network 600 Mbps 750 Mbps ClientMatch 提升達  42%
Aruba AirWave • 訊號圖、Wired(ArubaOS)/Wireless設備管理、無線用戶端除錯 • 客製化告警政策,超過30多種事件、流量、訊號等告警 • 提供使用者效能及應用程式使用狀況,以提供管理者網路使用率的最佳化規劃 • 超過20多種內建報表,可客製化各種使用趨勢、安全合規報表
使用者抱怨前,事先知道問題:方便管理者及時處理解決 不只訊號圖、設備管理、用戶端除錯等被動管理機制 LIVE real-time user experience SYNTHETIC* proactive testing APs/Sensors** as clients (Now BETA) *8.3, **post 8.3 AirWave 除了訊號,還可看到使用者連線網路的 其他問題
34 Aruba AirWave Clarity Live 監視用戶端資料流 統計網路不通的原因, 協助網管人員辦別無線 連線問題 – Radio Association – Authentication – DHCP – DNS Customizable thresholds & timelines Drilldown widgets View failure rates & response times Holistic network view
35 Aruba AirWave Clarity SYNTHETIC 依需求或排程模擬用戶端連線AP,主動事先發現網路可能存在的問題 識別下列網路問題 ✓ Radio Association ✓ Authentication ✓ DHCP ✓ DNS DHCP DNS RADIUS Aruba Clarity Aruba Clarity
系統效能、擴充性、功能性是否可以應付 Wired is aggregation for WLAN and IoT 不用再為你的網路埠貼標籤了 with Aruba ClearPass 遠端辦公室免 IT 人員自動設定Switch with Aruba AirWave Aruba Campus Switches
高擴充及系統穩定性 (FlexNetwork) HPE Intelligent ResilientFramework (IRF)  IRF虛擬化技術將多台實體交換器虛擬成單 一邏輯運作交換器  所有交換器除了單一IP管理之外,內部資 料皆會同步,如 MAC/ARP/Routing表… 等  IRF架構可以改善效能、提供完整Active- Active備援機制更能真正簡化你的網路架 構 傳統網路 Network withIRF IRF IRF整合多個交換器並達到多重轉發能力 “DistributedSingleFabric” − 超高效能,Layer 2/3平衡負載 − 高穩定度,Layer 2/3備援 − 高擴充性、控制與安全 •不需STP機制,也不需要VRRP
39 高擴充及系統穩定性 (ArubaOS) Virtual Switching Framework (VSF) 2930F with VSF 5400R with VSF Simplify network operations Scalable performance Increases resiliency Available on Aruba 5400R and 2930F • 5400R – 2 chassis • 2930F – 4 chassis
40 ArubaOS Switch 免設定自動安裝 (配合 AirWave 及 DHCP server) DHCP Server INTERNET 1. Switch boots up and sends a DHCP Discovery with Option 60: ARUBA 2930F 2. DHCP Server respond with DHCP offer and populate options 46 with Airwave information : Airwave Configuration details Airwave IP : 10.32.202.103 Airwave Group : sko Airwave Folder : demo Airwave Secret : aruba123 3. Switch sends registration request to Airwave 4. Airwave Identify the switch and “push“ the configuration template 5. Switch load the new configuration template reboots and is now commissioned using ZTP New Switch
41 Unified Communication 利用網路提高生產力 (VoIP 應用)
行動式用戶端設備… VOICE, VIDEO 及 DATA 在相同的設備執行時…..
43 Aruba AppRF 第七層應用程式可視化及控管
44 AppRF 流量可視化 自動識別 VoIP Calling, 及其他應用程式 • Custom AppRF definitions beyond the 2500 that’s automatically identified by AOS • Update signatures without an AOS upgrade • Automatic classification, health metrics for Wi-Fi calling, Skype for Business, Apple Facetime, Cisco/Avaya/ALE Voice, and more
45 ✓Session Initiation Protocol (SIP) ✓Spectralink Voice Priority (SVP) ✓H323 ✓Cisco SCCP ✓Vocera ✓Alcatel NOE phones ✓Microsoft® Lync/Skype ✓Apple Facetime application Application Aware Networks ▪語音及視訊應用容易受延遲及Jitter 影響,網路架構需要有優化處理的能力。 ▪Aruba 可支援下列多媒體應用 QoS / QoE (Experience)
46 Application Aware: 提升 VoIP 實際用戶體驗 Advanced Call Admission Control (CAC) 功能 Controlled Access Points Mobility Controller 1 2 3 IP PBX A Voice Initial CAC Threshold A. 監視每一顆AP上已連線的通話, AP 2 已經到達起始允許通話連線臨界值 (initial CAC threshold), 因此閒置的VoWLAN phones 將被負載平衡至鄰近的AP,直到AP2 的通話數 量小於 CAC 臨界值。 B Roaming Voice Handover Threshold B. 無線網路電話由AP1 移動至AP2,因為頻寬已經被保留給漫遊的語音通話(也就是 handover threshold), 語音通話因此可以無縫隙的由另一顆AP接受,不會產生通話品質下降。 C Data Reserved for data C. 可保留服務給Data 的使用者,使其仍保有可用性及效能,即使在高流量的VoWLAN之下,Data 使用者並不會受到語音允許通話臨界值的影響。 漫遊 不延遲 不斷話 自動 負載平衡 語音通話 Controlled Access Points
4747 Toll Quality Voice Full Visibility • 狀態防火牆監視語音流量 • 產生通語音通話相關報表 Protocol Independent • 識別各種通訊協定 • 包括加密的多媒體流量 (DPI) Highly Scalable • 用戶端語音通話負載平衡 Call Protection • 偵測到語音通話,則停止 AP scan (如果有啟動), 直到通話結束。 7000 handsets 30 buildings 1000 Vocera 6 hospitals 2000 handsets 40 schools Customer Examples
48 Aruba Solution: 單一 SSID:支援所有的企業應用程式:讓重要的應用優先 – Application awareness ensures QoS and availability – Single SSID – multiple traffic classes – Bi-directional QoS on wired and wireless network – Admission control for voice and other apps ensures QoS in the air – Supports devices with or without WMM Wireless Wired Converged Voice & Data Packet stream with WMM Tags 802.1p or DSCP Prioritized Voice Packets Data Packets Protocol aware Voice Flow Classification and Security RF Management stops channel and power optimization when voice clients are present Call admission control distributes call volume between Access Points Single ESSID for Voice & Data Smart Phone Voice Software 1 2 3 4 5 Deploying Wi-Fi Voice
49 GRE encapsulated packet Network Aruba End-to-End QoS 運作機制 - Tagging Voice Data L3 TOS L2 COS L3 TOS bits from the packet is copied onto the GRE header Downstream Traffic Upstream Traffic Network Voice Data L3 TOS L2 COS Upstream ACLs: ACL on the switch can overwrite the L2 COS and L3 TOS 802.11 packet Downstream ACLs: ACLd on the switch can overwrite the L2 COS and L3 TOS Data TOS COS
50 BYOD 及 IoT 勢不可擋 網路安全問題
51 Aruba 自動分類並自動阻絕非法 AP BACKBONE Rogue AP • 使用者私接入內部網路 • 通常沒有提供足夠安全認證 機制 • 任何可以搜尋到這顆AP並 且連線的人都能輕易繞過防 火牆進入內部網路 Neighboring Company or Public Hotspot Parking Lot Valid Interfering Known Interfering Rogue Mobility Controller Suspected Rogue
5252 資安稽核單位對無線網路安全的稽核重點:資料加密 Aruba 無線網路 End-to-end 加密,即使流量經過網路交換器 更加提昇的安全性 – 比有線網路還安全 一般網路封包 加密的 802.11 封包 已無加密 有加密 WLAN 控制器 Fat/Fit AP 傳統AP的運作: 加密的 802.11 封包加密的 802.11 封包標頭封裝 全程加密 Secure Tunnel Aruba的邏輯 : 與生俱來的 End-to-End 加密機制 802.1x: Access Accept 802.1x: Access Accept
53 網路設備必須具有Role-based安全政策: 不同角色應給予不同權限 - Aruba 內建 Role-based 防火牆,不需用 VLAN來區分存取權限 - 僅在 Aruba控制器即可達成下列需求,不須碰觸其他機器 企業內部網路 Internet訪客 – 僅上 Internet Bill –約聘人員 限制主機 違反使用規則 阻擋 Jeff –語音流量 高優先權 Jeff –RD員工 存取伺服器 Virtual AP 1 SSID: Secure 802.1x Virtual AP 2 SSID: GUEST Web Portal Captive Portal Role-Based Firewall Access Rights Role-Based Access Control Sales 約聘人員 視訊語音 設備 訪客 X AD/LDAP/ RADIUS Aruba AP Aruba Controller RD Aruba Switch
54 Aruba ClearPass Policy Manager (CPPM) 進階認證授權/BYOD/訪客應用/NAC Solution CLEARPASS POLICY MGR Onboard Guest 內建: : (H/W, VA平台: 500/5000/2500 Unique Endpoints) • Policy Engine • RADIUS/CoA/TACACS • Profiling • Accounting/reports • Identity store Expandable Applications REMOTE LOCATION 選項應用 License: • BYOD onboarding • Simple guest access • Health assessments OnGuard
55 ClearPass Policy Manager (CPPM) 整合有線、無線及遠端存取 (VPN/Remote AP) 存取方式 政策決策點 (CPPM) Remote User Wired User Wireless User 政策執行點 (網路設備) VPN Concentrator WLAN Concentrator Switch Switch Active Directory or LDAP Server SQL Store HPE Aruba Controller HPE Aruba Switch Aruba VIA
56 CPPM - 強大的使用者角色及權限控制 認證 Authentication – 支援 802.1X, MAC 及 Web (HTTPS) 認證 – 支援各種網路設備 (不只Aruba): ➢ 經由 RADIUS, RADIUS CoA, TACACS+ 及 SNMP。 – 可以讀取多種認證來源: ➢包括 AD, LDAP, SQL, Kerberos, Token Server 等等。  授權 Authorization –依據各種實際使用者及環境參數執行不同的政策: ➢Allow/Deny, VLAN, ACL, SNMP strings…… ➢時間 、位置、角色、設備………  計量 (Accounting) – 用量、統計分析
57 NEW WAY: Create your own Fingerprints! OLD WAY: Wait for new Fingerprints to be made and/or manually override devices 1:1 ClearPass 進階 Profiling 及 Policy – 解決 IoT 安全問題
58 ClearPass Onboard BYOD 使用者設備自助式註冊:無線/有線網路 1. 整合 AD (或其他)帳號驗證,只有員工可以註冊 2. 可設定每位員工允許註冊的設備數量,未註冊的設備拒絕存取 3. 使用憑證及AD使用者帳號雙重認證 a. CPPM 自動設定用戶端 802.1x SSID Profile (EAP-TLS) , 提供該設備專用的識別 憑證 (包含使用者帳號) b. 安裝 OnGuard Agent (NAC) (選項) 1. 設備第一次連線 : 使用 Web Portal,輸入 AD 帳號密碼登入,開始註冊程序連線 SSID/有線網路 2. AD/LDAP (User Database)CPPM (Certificate) 3. 使用者使用 802.1x SSID (EAP-TLS) 安全的連線
59 ClearPass – Profiling 自動分類設備 DHCP SNMP SSH TCP WMI CDP, LLDP OnGuard Accurate Policy Decision NMAP • We’re adding NMAP Port-based Scanner • On-demand or pre-scheduled scans • Granular visibility for like devices • Enhances our competitive advantage Mac OUI NMAP Scan Two IoT Endpoints AfterBefore Temperature Sensor Lighting Sensor
60 Aruba Mobile First 有線無線網路整合Role-Based存取政策 不需再替有線網路埠貼標籤了 提供不只帳號認證,更提供設備自動識別認證 Aruba ClearPass SNMP Enforcement Printer Vlan Infusion Pump Vlan 現有有線無線 802.1X 認證 識別使用者角色權限 No 802.1X • Web Portal/802.1x/MAC 認證:Role-based Access Control • 沒有認證的設備,自動識別 ✓ ClearPass profiling:wired/wireless - IoT, laptops, mobile phones.
61 ClearPass + 有線/無線網路政策一體化: 使用者角色+設備特徵權限分派示意圖 Corporate Services Guest Jeff – 自帶Samsung Jeff – 自帶 iPhone HR Jeff – 公司 Notebook Virtual AP 1 SSID: Corp Virtual AP 2 SSID: GUEST DMZ ClearPass CPPM Onboard/Profile Captive Portal Role-Based Firewall Access Rights Secure Tunnel To DMZ SSID-Based Access Control 員工 合約廠商 語音設備 視訊影像 Guest X AD/LDAP Aruba AP Aruba Controller Aruba MAS Wired AP Guest 員工
62 網路聯防安全防護 (內部網路安全) Adaptive Trust Defense based on real-time threat detection ** Firewall / IPS LAN/WLAN User connects and uploads threat NGFW/IPS sends event to ClearPass ClearPass isolates client • Offers enhanced user experience as ClearPass can initiate user notifications, help-desk tickets, and update third-party security solutions • ** Device in step 2 can be MDM/EMM, SIEM, etc. 1 2 3
63 BYOD 使用憑證管理傳統與ClearPass方案比較 • Domain • Key & Certificate 傳統: Enterprise PKI and CA ClearPass :Built-in CA Certificate Authority Validation Authority Registration Authority Active Directory IT-Managed Devices • Domain • User • Device • Key & Unique Certificate Personal Devices ClearPass AAA/CA Certificate Authority ADRAVA CA Active Directory AD NPS/ACS AAA
64 Aruba Guest: 訪客自我註冊連線 1. 3. 連線網路 2.申請表單自動 email 給受訪者,受訪 者確認訪客申請 ClearPass Policy Manager Guest 訪客帳號啟用,訪客透過 Portal 畫面告知已經可以登入使用該 帳號訪客連線網路,透過Web Portal 填寫申請表單 (可客製化欄位) 訪客 Sponsor
65 遠端辦公室/使用者 遠端使用者如何快速存取資料中心應用程式
66 Aruba Remote AP 將辦公室網路帶著走 Guest Employee Voice Barcode scanner Locally Bridged SSID (guest) Local Server/Printer Split Tunneled SSID (corporate) Internet Traffic 中心端網路 備援中心端網路 IPSec/NAT-T Tunnel ▪Tunneled (支援各種認證) ▪Bridged (支援各種認證) ▪Split Tunneled (支援各種認證) ▪集中設定AP ▪放置防火牆政策 ▪Local 加解密 Local Traffic 如 server, 印表機等等 HQ Traffic 辦公室分機
67 有線網路也可以這樣延伸 Aruba Switch Tunneled Node – per-port / per-user LoCtrl2 CSw1 CSw1 LoCtrl1 Acc2/2Acc1/2 Acc2/1Acc1/1 Aruba Mobility Controller Aruba Mobility Controller
68 Secure VPN with Aruba VIA™ Aruba Mobility Controller 可做為 VPN Gateway – Seamless corporate access on-the-go – IPsec/SSL VPN – Centrally managed and configured – Supports Suite B military-grade encryption
69 Mobile Engagement 網路不只是基礎架構,而是生財工具
行動感知應用:Mobile Engagement低功率藍牙室內定位技術 Meridian SDK Indoor maps with content, push notification campaigns and centralized beacon management Partners: App Development Agencies and Software Vendors Smartphone with the Meridian powered app (iOS, Android) Beacon management with Aruba Sensors on Wi-Fi AP Beacon management with Aruba 802.11ac access points
71 Mobile Engagement 應用實例 Increase retail sales Enable shoppers to locate individual products in-store Improve fan engagement Bring indoor venue services to where the fans are Increase visitor satisfaction Personal tour guides with turn-by-turn directions
72 Location Hardware Beacons + Sensors + APs Aruba Beacons Blue dot directions and notifications based on real-time position Aruba AP w/ integrated Beacon Communicates with Aruba Beacons and Meridian Platform 802.11ac AP (310/300/207) USB Beacons Used for location + notifications + Management Aruba Sensor Used for location + notifications + Management on ANY network
Thank you 力麗科技 weber@llt.com.tw
74 HPE SDN Infrastructure
75 Run Both Worlds with Hybrid SDN https://www.hpe.com/us/en/networking/infrastructure.html ArubaOS OpenFlow FlexNetwork OpenFlow FlexFabric OpenFlow VXLAN HPE Network Optimizer HPE Virtual Application Networks (VAN)SDN Controller HPE Network Protector HPE Network Visualizer HPE Virtual Cloud Networking HPE-VMware Solution SDN App Store

Empfohlen

Understanding Cisco’s Next Generation SD-WAN Solution with Viptela
Understanding Cisco’s Next Generation SD-WAN Solution with ViptelaUnderstanding Cisco’s Next Generation SD-WAN Solution with Viptela
Understanding Cisco’s Next Generation SD-WAN Solution with ViptelaCisco Canada
 
CCNAv5 - S2: Chapter 9 Access Control Lists
CCNAv5 - S2: Chapter 9 Access Control ListsCCNAv5 - S2: Chapter 9 Access Control Lists
CCNAv5 - S2: Chapter 9 Access Control ListsVuz Dở Hơi
 
Aruba Netwrok(1).pptx
Aruba Netwrok(1).pptxAruba Netwrok(1).pptx
Aruba Netwrok(1).pptxEmanHashem6
 
Fortinet Fortigate 60D 中文安裝手冊 ( Ver 5.2.3)
Fortinet Fortigate 60D 中文安裝手冊 ( Ver 5.2.3)Fortinet Fortigate 60D 中文安裝手冊 ( Ver 5.2.3)
Fortinet Fortigate 60D 中文安裝手冊 ( Ver 5.2.3)志弘 李
 
20 palo alto site to site
20 palo alto site to site20 palo alto site to site
20 palo alto site to siteMostafa El Lathy
 
Understanding and Troubleshooting ASA NAT
Understanding and Troubleshooting ASA NATUnderstanding and Troubleshooting ASA NAT
Understanding and Troubleshooting ASA NATCisco Russia
 
Cisco Connect Halifax 2018 Understanding Cisco's next generation sd-wan sol...
Cisco Connect Halifax 2018 Understanding Cisco's next generation sd-wan sol...Cisco Connect Halifax 2018 Understanding Cisco's next generation sd-wan sol...
Cisco Connect Halifax 2018 Understanding Cisco's next generation sd-wan sol...Cisco Canada
 
8 palo alto security policy concepts
8 palo alto security policy concepts8 palo alto security policy concepts
8 palo alto security policy conceptsMostafa El Lathy
 

Empfohlen

Understanding Cisco’s Next Generation SD-WAN Solution with Viptela
Understanding Cisco’s Next Generation SD-WAN Solution with ViptelaUnderstanding Cisco’s Next Generation SD-WAN Solution with Viptela
Understanding Cisco’s Next Generation SD-WAN Solution with ViptelaCisco Canada
 
CCNAv5 - S2: Chapter 9 Access Control Lists
CCNAv5 - S2: Chapter 9 Access Control ListsCCNAv5 - S2: Chapter 9 Access Control Lists
CCNAv5 - S2: Chapter 9 Access Control ListsVuz Dở Hơi
 
Aruba Netwrok(1).pptx
Aruba Netwrok(1).pptxAruba Netwrok(1).pptx
Aruba Netwrok(1).pptxEmanHashem6
 
Fortinet Fortigate 60D 中文安裝手冊 ( Ver 5.2.3)
Fortinet Fortigate 60D 中文安裝手冊 ( Ver 5.2.3)Fortinet Fortigate 60D 中文安裝手冊 ( Ver 5.2.3)
Fortinet Fortigate 60D 中文安裝手冊 ( Ver 5.2.3)志弘 李
 
20 palo alto site to site
20 palo alto site to site20 palo alto site to site
20 palo alto site to siteMostafa El Lathy
 
Understanding and Troubleshooting ASA NAT
Understanding and Troubleshooting ASA NATUnderstanding and Troubleshooting ASA NAT
Understanding and Troubleshooting ASA NATCisco Russia
 
Cisco Connect Halifax 2018 Understanding Cisco's next generation sd-wan sol...
Cisco Connect Halifax 2018 Understanding Cisco's next generation sd-wan sol...Cisco Connect Halifax 2018 Understanding Cisco's next generation sd-wan sol...
Cisco Connect Halifax 2018 Understanding Cisco's next generation sd-wan sol...Cisco Canada
 
8 palo alto security policy concepts
8 palo alto security policy concepts8 palo alto security policy concepts
8 palo alto security policy conceptsMostafa El Lathy
 
Cisco Digital Network Architecture - Introducing the Network Intuitive
Cisco Digital Network Architecture - Introducing the Network IntuitiveCisco Digital Network Architecture - Introducing the Network Intuitive
Cisco Digital Network Architecture - Introducing the Network IntuitiveCisco Canada
 
CCNAv5 - S2: Chapter10 DHCP
CCNAv5 - S2: Chapter10 DHCPCCNAv5 - S2: Chapter10 DHCP
CCNAv5 - S2: Chapter10 DHCPVuz Dở Hơi
 
Chapter 17 : static routing
Chapter 17 : static routingChapter 17 : static routing
Chapter 17 : static routingteknetir
 
CCNAv5 - S2: Chapter1 Introsuction to switched networks
CCNAv5 - S2: Chapter1 Introsuction to switched networksCCNAv5 - S2: Chapter1 Introsuction to switched networks
CCNAv5 - S2: Chapter1 Introsuction to switched networksVuz Dở Hơi
 
ACI_Forwarding_Basic_rev2.pptx
ACI_Forwarding_Basic_rev2.pptxACI_Forwarding_Basic_rev2.pptx
ACI_Forwarding_Basic_rev2.pptxShravanKorthiwada1
 
2 what is the best firewall (sizing)
2 what is the best firewall (sizing)2 what is the best firewall (sizing)
2 what is the best firewall (sizing)Mostafa El Lathy
 
Cisco DNA
Cisco DNACisco DNA
Cisco DNAMohammad ali Safvati
 
Howto createOpenFlow Switchusing FPGA (at FPGAX#6)
Howto createOpenFlow Switchusing FPGA (at FPGAX#6)Howto createOpenFlow Switchusing FPGA (at FPGAX#6)
Howto createOpenFlow Switchusing FPGA (at FPGAX#6)Kentaro Ebisawa
 
Aci presentation
Aci presentationAci presentation
Aci presentationJoe Ryan
 
10 palo alto nat policy concepts
10 palo alto nat policy concepts10 palo alto nat policy concepts
10 palo alto nat policy conceptsMostafa El Lathy
 
EtherChannel PAgP and LACP modes
EtherChannel PAgP and LACP modesEtherChannel PAgP and LACP modes
EtherChannel PAgP and LACP modesNetProtocol Xpert
 
Arista Networks - Building the Next Generation Workplace and Data Center Usin...
Arista Networks - Building the Next Generation Workplace and Data Center Usin...Arista Networks - Building the Next Generation Workplace and Data Center Usin...
Arista Networks - Building the Next Generation Workplace and Data Center Usin...Aruba, a Hewlett Packard Enterprise company
 
Особенности архитектуры и траблшутинга маршрутизаторов серии ASR1000
Особенности архитектуры и траблшутинга маршрутизаторов серии ASR1000Особенности архитектуры и траблшутинга маршрутизаторов серии ASR1000
Особенности архитектуры и траблшутинга маршрутизаторов серии ASR1000Cisco Russia
 
Cisco ASA Firewall Lab WorkBook
Cisco ASA Firewall Lab WorkBookCisco ASA Firewall Lab WorkBook
Cisco ASA Firewall Lab WorkBookRHC Technologies
 
Meraki Cloud Networking Workshop
Meraki Cloud Networking WorkshopMeraki Cloud Networking Workshop
Meraki Cloud Networking WorkshopCisco Canada
 
Ccnp presentation [Day 1-3] Class
Ccnp presentation [Day 1-3] ClassCcnp presentation [Day 1-3] Class
Ccnp presentation [Day 1-3] ClassSagarR24
 
9 palo alto virtual routers concept (routing on palo alto)
9 palo alto virtual routers concept (routing on palo alto)9 palo alto virtual routers concept (routing on palo alto)
9 palo alto virtual routers concept (routing on palo alto)Mostafa El Lathy
 
Deploying Carrier Ethernet features on ASR 9000
Deploying Carrier Ethernet features on ASR 9000Deploying Carrier Ethernet features on ASR 9000
Deploying Carrier Ethernet features on ASR 9000Vinod Kumar Balasubramanyam
 
Ccna Commands In 10 Minutes
Ccna Commands In 10 MinutesCcna Commands In 10 Minutes
Ccna Commands In 10 MinutesCCNAResources
 
CCNAv5 - S2: Chapter2 Basic Switching Concepts and Configuration
CCNAv5 - S2: Chapter2 Basic Switching Concepts and ConfigurationCCNAv5 - S2: Chapter2 Basic Switching Concepts and Configuration
CCNAv5 - S2: Chapter2 Basic Switching Concepts and ConfigurationVuz Dở Hơi
 
Overview of Major Aruba Switching Features incl. Smart Rate for Multi-Gig Ports
Overview of Major Aruba Switching Features incl. Smart Rate for Multi-Gig PortsOverview of Major Aruba Switching Features incl. Smart Rate for Multi-Gig Ports
Overview of Major Aruba Switching Features incl. Smart Rate for Multi-Gig PortsAruba, a Hewlett Packard Enterprise company
 
Aruba 3810M 24SFP+ 250W Switch-PSN1009647820SEEN_2.pdf
Aruba 3810M 24SFP+ 250W Switch-PSN1009647820SEEN_2.pdfAruba 3810M 24SFP+ 250W Switch-PSN1009647820SEEN_2.pdf
Aruba 3810M 24SFP+ 250W Switch-PSN1009647820SEEN_2.pdfprasadiariyadasa
 

Weitere ähnliche Inhalte

Was ist angesagt?

Cisco Digital Network Architecture - Introducing the Network Intuitive
Cisco Digital Network Architecture - Introducing the Network IntuitiveCisco Digital Network Architecture - Introducing the Network Intuitive
Cisco Digital Network Architecture - Introducing the Network IntuitiveCisco Canada
 
CCNAv5 - S2: Chapter10 DHCP
CCNAv5 - S2: Chapter10 DHCPCCNAv5 - S2: Chapter10 DHCP
CCNAv5 - S2: Chapter10 DHCPVuz Dở Hơi
 
Chapter 17 : static routing
Chapter 17 : static routingChapter 17 : static routing
Chapter 17 : static routingteknetir
 
CCNAv5 - S2: Chapter1 Introsuction to switched networks
CCNAv5 - S2: Chapter1 Introsuction to switched networksCCNAv5 - S2: Chapter1 Introsuction to switched networks
CCNAv5 - S2: Chapter1 Introsuction to switched networksVuz Dở Hơi
 
ACI_Forwarding_Basic_rev2.pptx
ACI_Forwarding_Basic_rev2.pptxACI_Forwarding_Basic_rev2.pptx
ACI_Forwarding_Basic_rev2.pptxShravanKorthiwada1
 
2 what is the best firewall (sizing)
2 what is the best firewall (sizing)2 what is the best firewall (sizing)
2 what is the best firewall (sizing)Mostafa El Lathy
 
Howto createOpenFlow Switchusing FPGA (at FPGAX#6)
Howto createOpenFlow Switchusing FPGA (at FPGAX#6)Howto createOpenFlow Switchusing FPGA (at FPGAX#6)
Howto createOpenFlow Switchusing FPGA (at FPGAX#6)Kentaro Ebisawa
 
Aci presentation
Aci presentationAci presentation
Aci presentationJoe Ryan
 
10 palo alto nat policy concepts
10 palo alto nat policy concepts10 palo alto nat policy concepts
10 palo alto nat policy conceptsMostafa El Lathy
 
EtherChannel PAgP and LACP modes
EtherChannel PAgP and LACP modesEtherChannel PAgP and LACP modes
EtherChannel PAgP and LACP modesNetProtocol Xpert
 
Arista Networks - Building the Next Generation Workplace and Data Center Usin...
Arista Networks - Building the Next Generation Workplace and Data Center Usin...Arista Networks - Building the Next Generation Workplace and Data Center Usin...
Arista Networks - Building the Next Generation Workplace and Data Center Usin...Aruba, a Hewlett Packard Enterprise company
 
Особенности архитектуры и траблшутинга маршрутизаторов серии ASR1000
Особенности архитектуры и траблшутинга маршрутизаторов серии ASR1000Особенности архитектуры и траблшутинга маршрутизаторов серии ASR1000
Особенности архитектуры и траблшутинга маршрутизаторов серии ASR1000Cisco Russia
 
Cisco ASA Firewall Lab WorkBook
Cisco ASA Firewall Lab WorkBookCisco ASA Firewall Lab WorkBook
Cisco ASA Firewall Lab WorkBookRHC Technologies
 
Meraki Cloud Networking Workshop
Meraki Cloud Networking WorkshopMeraki Cloud Networking Workshop
Meraki Cloud Networking WorkshopCisco Canada
 
Ccnp presentation [Day 1-3] Class
Ccnp presentation [Day 1-3] ClassCcnp presentation [Day 1-3] Class
Ccnp presentation [Day 1-3] ClassSagarR24
 
9 palo alto virtual routers concept (routing on palo alto)
9 palo alto virtual routers concept (routing on palo alto)9 palo alto virtual routers concept (routing on palo alto)
9 palo alto virtual routers concept (routing on palo alto)Mostafa El Lathy
 
Ccna Commands In 10 Minutes
Ccna Commands In 10 MinutesCcna Commands In 10 Minutes
Ccna Commands In 10 MinutesCCNAResources
 
CCNAv5 - S2: Chapter2 Basic Switching Concepts and Configuration
CCNAv5 - S2: Chapter2 Basic Switching Concepts and ConfigurationCCNAv5 - S2: Chapter2 Basic Switching Concepts and Configuration
CCNAv5 - S2: Chapter2 Basic Switching Concepts and ConfigurationVuz Dở Hơi
 

Was ist angesagt? (20)

Cisco Digital Network Architecture - Introducing the Network Intuitive
Cisco Digital Network Architecture - Introducing the Network IntuitiveCisco Digital Network Architecture - Introducing the Network Intuitive
Cisco Digital Network Architecture - Introducing the Network Intuitive
 
CCNAv5 - S2: Chapter10 DHCP
CCNAv5 - S2: Chapter10 DHCPCCNAv5 - S2: Chapter10 DHCP
CCNAv5 - S2: Chapter10 DHCP
 
Chapter 17 : static routing
Chapter 17 : static routingChapter 17 : static routing
Chapter 17 : static routing
 
CCNAv5 - S2: Chapter1 Introsuction to switched networks
CCNAv5 - S2: Chapter1 Introsuction to switched networksCCNAv5 - S2: Chapter1 Introsuction to switched networks
CCNAv5 - S2: Chapter1 Introsuction to switched networks
 
ACI_Forwarding_Basic_rev2.pptx
ACI_Forwarding_Basic_rev2.pptxACI_Forwarding_Basic_rev2.pptx
ACI_Forwarding_Basic_rev2.pptx
 
2 what is the best firewall (sizing)
2 what is the best firewall (sizing)2 what is the best firewall (sizing)
2 what is the best firewall (sizing)
 
Cisco DNA
Cisco DNACisco DNA
Cisco DNA
 
Howto createOpenFlow Switchusing FPGA (at FPGAX#6)
Howto createOpenFlow Switchusing FPGA (at FPGAX#6)Howto createOpenFlow Switchusing FPGA (at FPGAX#6)
Howto createOpenFlow Switchusing FPGA (at FPGAX#6)
 
Aci presentation
Aci presentationAci presentation
Aci presentation
 
10 palo alto nat policy concepts
10 palo alto nat policy concepts10 palo alto nat policy concepts
10 palo alto nat policy concepts
 
EtherChannel PAgP and LACP modes
EtherChannel PAgP and LACP modesEtherChannel PAgP and LACP modes
EtherChannel PAgP and LACP modes
 
Arista Networks - Building the Next Generation Workplace and Data Center Usin...
Arista Networks - Building the Next Generation Workplace and Data Center Usin...Arista Networks - Building the Next Generation Workplace and Data Center Usin...
Arista Networks - Building the Next Generation Workplace and Data Center Usin...
 
Особенности архитектуры и траблшутинга маршрутизаторов серии ASR1000
Особенности архитектуры и траблшутинга маршрутизаторов серии ASR1000Особенности архитектуры и траблшутинга маршрутизаторов серии ASR1000
Особенности архитектуры и траблшутинга маршрутизаторов серии ASR1000
 
Cisco ASA Firewall Lab WorkBook
Cisco ASA Firewall Lab WorkBookCisco ASA Firewall Lab WorkBook
Cisco ASA Firewall Lab WorkBook
 
Meraki Cloud Networking Workshop
Meraki Cloud Networking WorkshopMeraki Cloud Networking Workshop
Meraki Cloud Networking Workshop
 
Ccnp presentation [Day 1-3] Class
Ccnp presentation [Day 1-3] ClassCcnp presentation [Day 1-3] Class
Ccnp presentation [Day 1-3] Class
 
9 palo alto virtual routers concept (routing on palo alto)
9 palo alto virtual routers concept (routing on palo alto)9 palo alto virtual routers concept (routing on palo alto)
9 palo alto virtual routers concept (routing on palo alto)
 
Deploying Carrier Ethernet features on ASR 9000
Deploying Carrier Ethernet features on ASR 9000Deploying Carrier Ethernet features on ASR 9000
Deploying Carrier Ethernet features on ASR 9000
 
Ccna Commands In 10 Minutes
Ccna Commands In 10 MinutesCcna Commands In 10 Minutes
Ccna Commands In 10 Minutes
 
CCNAv5 - S2: Chapter2 Basic Switching Concepts and Configuration
CCNAv5 - S2: Chapter2 Basic Switching Concepts and ConfigurationCCNAv5 - S2: Chapter2 Basic Switching Concepts and Configuration
CCNAv5 - S2: Chapter2 Basic Switching Concepts and Configuration
 

Ähnlich wie Winhon Network Solution

Aruba 3810M 24SFP+ 250W Switch-PSN1009647820SEEN_2.pdf
Aruba 3810M 24SFP+ 250W Switch-PSN1009647820SEEN_2.pdfAruba 3810M 24SFP+ 250W Switch-PSN1009647820SEEN_2.pdf
Aruba 3810M 24SFP+ 250W Switch-PSN1009647820SEEN_2.pdfprasadiariyadasa
 
Huawei s5720 li series switches product brochure
Huawei s5720 li series switches product brochureHuawei s5720 li series switches product brochure
Huawei s5720 li series switches product brochureLarry Linares Barreto
 
Решения конвергентного доступа Cisco. Обновление продуктовой линейки коммутат...
Решения конвергентного доступа Cisco. Обновление продуктовой линейки коммутат...Решения конвергентного доступа Cisco. Обновление продуктовой линейки коммутат...
Решения конвергентного доступа Cisco. Обновление продуктовой линейки коммутат...Cisco Russia
 
Webinar NETGEAR - Soluzioni Switch Smart 10 gigabit & how to eliminate bottle...
Webinar NETGEAR - Soluzioni Switch Smart 10 gigabit & how to eliminate bottle...Webinar NETGEAR - Soluzioni Switch Smart 10 gigabit & how to eliminate bottle...
Webinar NETGEAR - Soluzioni Switch Smart 10 gigabit & how to eliminate bottle...Netgear Italia
 
cisco-vs-s720-10g-3cxl-datasheet.pdf
cisco-vs-s720-10g-3cxl-datasheet.pdfcisco-vs-s720-10g-3cxl-datasheet.pdf
cisco-vs-s720-10g-3cxl-datasheet.pdfHi-Network.com
 
A Switch based complete solution
A Switch based complete solutionA Switch based complete solution
A Switch based complete solutionPrime Infoserv
 
aruba-_and_-techdata-overview.pptx
aruba-_and_-techdata-overview.pptxaruba-_and_-techdata-overview.pptx
aruba-_and_-techdata-overview.pptxchrishan42
 
Aruba 2930 f switch campus switching
Aruba 2930 f switch campus switching Aruba 2930 f switch campus switching
Aruba 2930 f switch campus switching Eketerina Dyakova
 
Ethernet routing switch 4000 series
Ethernet routing switch 4000 seriesEthernet routing switch 4000 series
Ethernet routing switch 4000 serieslogenatech
 
Future Proofing Your Network with the New Cisco Catalyst 3850 10G Aggregation...
Future Proofing Your Network with the New Cisco Catalyst 3850 10G Aggregation...Future Proofing Your Network with the New Cisco Catalyst 3850 10G Aggregation...
Future Proofing Your Network with the New Cisco Catalyst 3850 10G Aggregation...Cisco Enterprise Networks
 
cisco-vs-s720-10g-3c-datasheet.pdf
cisco-vs-s720-10g-3c-datasheet.pdfcisco-vs-s720-10g-3c-datasheet.pdf
cisco-vs-s720-10g-3c-datasheet.pdfHi-Network.com
 
Alcatel lucent Enterprise LAN Portfolio Overview
Alcatel lucent Enterprise LAN Portfolio OverviewAlcatel lucent Enterprise LAN Portfolio Overview
Alcatel lucent Enterprise LAN Portfolio OverviewAlcatel-Lucent Enterprise
 
cisco-cbs350-48fp-4g-datasheet.pdf
cisco-cbs350-48fp-4g-datasheet.pdfcisco-cbs350-48fp-4g-datasheet.pdf
cisco-cbs350-48fp-4g-datasheet.pdfHi-Network.com
 

Ähnlich wie Winhon Network Solution (20)

Overview of Major Aruba Switching Features incl. Smart Rate for Multi-Gig Ports
Overview of Major Aruba Switching Features incl. Smart Rate for Multi-Gig PortsOverview of Major Aruba Switching Features incl. Smart Rate for Multi-Gig Ports
Overview of Major Aruba Switching Features incl. Smart Rate for Multi-Gig Ports
 
Aruba 3810M 24SFP+ 250W Switch-PSN1009647820SEEN_2.pdf
Aruba 3810M 24SFP+ 250W Switch-PSN1009647820SEEN_2.pdfAruba 3810M 24SFP+ 250W Switch-PSN1009647820SEEN_2.pdf
Aruba 3810M 24SFP+ 250W Switch-PSN1009647820SEEN_2.pdf
 
Huawei s5720 li series switches product brochure
Huawei s5720 li series switches product brochureHuawei s5720 li series switches product brochure
Huawei s5720 li series switches product brochure
 
Решения конвергентного доступа Cisco. Обновление продуктовой линейки коммутат...
Решения конвергентного доступа Cisco. Обновление продуктовой линейки коммутат...Решения конвергентного доступа Cisco. Обновление продуктовой линейки коммутат...
Решения конвергентного доступа Cisco. Обновление продуктовой линейки коммутат...
 
Airheads Meetups: 8400 Presentation
Airheads Meetups: 8400 PresentationAirheads Meetups: 8400 Presentation
Airheads Meetups: 8400 Presentation
 
Webinar NETGEAR - Soluzioni Switch Smart 10 gigabit & how to eliminate bottle...
Webinar NETGEAR - Soluzioni Switch Smart 10 gigabit & how to eliminate bottle...Webinar NETGEAR - Soluzioni Switch Smart 10 gigabit & how to eliminate bottle...
Webinar NETGEAR - Soluzioni Switch Smart 10 gigabit & how to eliminate bottle...
 
cisco-vs-s720-10g-3cxl-datasheet.pdf
cisco-vs-s720-10g-3cxl-datasheet.pdfcisco-vs-s720-10g-3cxl-datasheet.pdf
cisco-vs-s720-10g-3cxl-datasheet.pdf
 
A Switch based complete solution
A Switch based complete solutionA Switch based complete solution
A Switch based complete solution
 
aruba-_and_-techdata-overview.pptx
aruba-_and_-techdata-overview.pptxaruba-_and_-techdata-overview.pptx
aruba-_and_-techdata-overview.pptx
 
Ready
ReadyReady
Ready
 
Aruba 2930 f switch campus switching
Aruba 2930 f switch campus switching Aruba 2930 f switch campus switching
Aruba 2930 f switch campus switching
 
Ethernet routing switch 4000 series
Ethernet routing switch 4000 seriesEthernet routing switch 4000 series
Ethernet routing switch 4000 series
 
Guía de referencia Switches Avaya
Guía de referencia Switches Avaya Guía de referencia Switches Avaya
Guía de referencia Switches Avaya
 
SGS-5240-48T4X Stackable Managed Switch
SGS-5240-48T4X Stackable Managed SwitchSGS-5240-48T4X Stackable Managed Switch
SGS-5240-48T4X Stackable Managed Switch
 
SGS-5240-20S4C4XR Stackable Managed Switch
SGS-5240-20S4C4XR Stackable Managed Switch SGS-5240-20S4C4XR Stackable Managed Switch
SGS-5240-20S4C4XR Stackable Managed Switch
 
Future Proofing Your Network with the New Cisco Catalyst 3850 10G Aggregation...
Future Proofing Your Network with the New Cisco Catalyst 3850 10G Aggregation...Future Proofing Your Network with the New Cisco Catalyst 3850 10G Aggregation...
Future Proofing Your Network with the New Cisco Catalyst 3850 10G Aggregation...
 
cisco-vs-s720-10g-3c-datasheet.pdf
cisco-vs-s720-10g-3c-datasheet.pdfcisco-vs-s720-10g-3c-datasheet.pdf
cisco-vs-s720-10g-3c-datasheet.pdf
 
DellEMC Networking Product Portfolio Guide
DellEMC Networking Product Portfolio GuideDellEMC Networking Product Portfolio Guide
DellEMC Networking Product Portfolio Guide
 
Alcatel lucent Enterprise LAN Portfolio Overview
Alcatel lucent Enterprise LAN Portfolio OverviewAlcatel lucent Enterprise LAN Portfolio Overview
Alcatel lucent Enterprise LAN Portfolio Overview
 
cisco-cbs350-48fp-4g-datasheet.pdf
cisco-cbs350-48fp-4g-datasheet.pdfcisco-cbs350-48fp-4g-datasheet.pdf
cisco-cbs350-48fp-4g-datasheet.pdf
 

Kürzlich hochgeladen

Challenges and Opportunities: A Qualitative Study on Tax Compliance in Pakistan
Challenges and Opportunities: A Qualitative Study on Tax Compliance in PakistanChallenges and Opportunities: A Qualitative Study on Tax Compliance in Pakistan
Challenges and Opportunities: A Qualitative Study on Tax Compliance in Pakistanvineshkumarsajnani12
 
Katrina Personal Brand Project and portfolio 1
Katrina Personal Brand Project and portfolio 1Katrina Personal Brand Project and portfolio 1
Katrina Personal Brand Project and portfolio 1kcpayne
 
QSM Chap 10 Service Culture in Tourism and Hospitality Industry.pptx
QSM Chap 10 Service Culture in Tourism and Hospitality Industry.pptxQSM Chap 10 Service Culture in Tourism and Hospitality Industry.pptx
QSM Chap 10 Service Culture in Tourism and Hospitality Industry.pptxDitasDelaCruz
 
JAJPUR CALL GIRL ❤ 82729*64427❤ CALL GIRLS IN JAJPUR ESCORTS
JAJPUR CALL GIRL ❤ 82729*64427❤ CALL GIRLS IN JAJPUR ESCORTSJAJPUR CALL GIRL ❤ 82729*64427❤ CALL GIRLS IN JAJPUR ESCORTS
JAJPUR CALL GIRL ❤ 82729*64427❤ CALL GIRLS IN JAJPUR ESCORTSkajalroy875762
 
Call 7737669865 Vadodara Call Girls Service at your Door Step Available All Time
Call 7737669865 Vadodara Call Girls Service at your Door Step Available All TimeCall 7737669865 Vadodara Call Girls Service at your Door Step Available All Time
Call 7737669865 Vadodara Call Girls Service at your Door Step Available All Timegargpaaro
 
Arti Languages Pre Seed Teaser Deck 2024.pdf
Arti Languages Pre Seed Teaser Deck 2024.pdfArti Languages Pre Seed Teaser Deck 2024.pdf
Arti Languages Pre Seed Teaser Deck 2024.pdfwill854175
 
Dr. Admir Softic_ presentation_Green Club_ENG.pdf
Dr. Admir Softic_ presentation_Green Club_ENG.pdfDr. Admir Softic_ presentation_Green Club_ENG.pdf
Dr. Admir Softic_ presentation_Green Club_ENG.pdfAdmir Softic
 
Kalyan Call Girl 98350*37198 Call Girls in Escort service book now
Kalyan Call Girl 98350*37198 Call Girls in Escort service book nowKalyan Call Girl 98350*37198 Call Girls in Escort service book now
Kalyan Call Girl 98350*37198 Call Girls in Escort service book nowranineha57744
 
Marel Q1 2024 Investor Presentation from May 8, 2024
Marel Q1 2024 Investor Presentation from May 8, 2024Marel Q1 2024 Investor Presentation from May 8, 2024
Marel Q1 2024 Investor Presentation from May 8, 2024Marel
 
Nashik Call Girl Just Call 7091819311 Top Class Call Girl Service Available
Nashik Call Girl Just Call 7091819311 Top Class Call Girl Service AvailableNashik Call Girl Just Call 7091819311 Top Class Call Girl Service Available
Nashik Call Girl Just Call 7091819311 Top Class Call Girl Service Availablepr788182
 
SEO Case Study: How I Increased SEO Traffic & Ranking by 50-60% in 6 Months
SEO Case Study: How I Increased SEO Traffic & Ranking by 50-60% in 6 MonthsSEO Case Study: How I Increased SEO Traffic & Ranking by 50-60% in 6 Months
SEO Case Study: How I Increased SEO Traffic & Ranking by 50-60% in 6 MonthsIndeedSEO
 
Organizational Transformation Lead with Culture
Organizational Transformation Lead with CultureOrganizational Transformation Lead with Culture
Organizational Transformation Lead with CultureSeta Wicaksana
 
Berhampur CALL GIRL❤7091819311❤CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDING
Berhampur CALL GIRL❤7091819311❤CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDINGBerhampur CALL GIRL❤7091819311❤CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDING
Berhampur CALL GIRL❤7091819311❤CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDINGpr788182
 
Pre Engineered Building Manufacturers Hyderabad.pptx
Pre Engineered Building Manufacturers Hyderabad.pptxPre Engineered Building Manufacturers Hyderabad.pptx
Pre Engineered Building Manufacturers Hyderabad.pptxRoofing Contractor
 
UAE Bur Dubai Call Girls ☏ 0564401582 Call Girl in Bur Dubai
UAE Bur Dubai Call Girls ☏ 0564401582 Call Girl in Bur DubaiUAE Bur Dubai Call Girls ☏ 0564401582 Call Girl in Bur Dubai
UAE Bur Dubai Call Girls ☏ 0564401582 Call Girl in Bur Dubaijaehdlyzca
 
New 2024 Cannabis Edibles Investor Pitch Deck Template
New 2024 Cannabis Edibles Investor Pitch Deck TemplateNew 2024 Cannabis Edibles Investor Pitch Deck Template
New 2024 Cannabis Edibles Investor Pitch Deck TemplateCannaBusinessPlans
 
Putting the SPARK into Virtual Training.pptx
Putting the SPARK into Virtual Training.pptxPutting the SPARK into Virtual Training.pptx
Putting the SPARK into Virtual Training.pptxCynthia Clay
 
How to Get Started in Social Media for Art League City
How to Get Started in Social Media for Art League CityHow to Get Started in Social Media for Art League City
How to Get Started in Social Media for Art League CityEric T. Tung
 

Kürzlich hochgeladen (20)

Challenges and Opportunities: A Qualitative Study on Tax Compliance in Pakistan
Challenges and Opportunities: A Qualitative Study on Tax Compliance in PakistanChallenges and Opportunities: A Qualitative Study on Tax Compliance in Pakistan
Challenges and Opportunities: A Qualitative Study on Tax Compliance in Pakistan
 
Katrina Personal Brand Project and portfolio 1
Katrina Personal Brand Project and portfolio 1Katrina Personal Brand Project and portfolio 1
Katrina Personal Brand Project and portfolio 1
 
QSM Chap 10 Service Culture in Tourism and Hospitality Industry.pptx
QSM Chap 10 Service Culture in Tourism and Hospitality Industry.pptxQSM Chap 10 Service Culture in Tourism and Hospitality Industry.pptx
QSM Chap 10 Service Culture in Tourism and Hospitality Industry.pptx
 
JAJPUR CALL GIRL ❤ 82729*64427❤ CALL GIRLS IN JAJPUR ESCORTS
JAJPUR CALL GIRL ❤ 82729*64427❤ CALL GIRLS IN JAJPUR ESCORTSJAJPUR CALL GIRL ❤ 82729*64427❤ CALL GIRLS IN JAJPUR ESCORTS
JAJPUR CALL GIRL ❤ 82729*64427❤ CALL GIRLS IN JAJPUR ESCORTS
 
Call 7737669865 Vadodara Call Girls Service at your Door Step Available All Time
Call 7737669865 Vadodara Call Girls Service at your Door Step Available All TimeCall 7737669865 Vadodara Call Girls Service at your Door Step Available All Time
Call 7737669865 Vadodara Call Girls Service at your Door Step Available All Time
 
Arti Languages Pre Seed Teaser Deck 2024.pdf
Arti Languages Pre Seed Teaser Deck 2024.pdfArti Languages Pre Seed Teaser Deck 2024.pdf
Arti Languages Pre Seed Teaser Deck 2024.pdf
 
Dr. Admir Softic_ presentation_Green Club_ENG.pdf
Dr. Admir Softic_ presentation_Green Club_ENG.pdfDr. Admir Softic_ presentation_Green Club_ENG.pdf
Dr. Admir Softic_ presentation_Green Club_ENG.pdf
 
Kalyan Call Girl 98350*37198 Call Girls in Escort service book now
Kalyan Call Girl 98350*37198 Call Girls in Escort service book nowKalyan Call Girl 98350*37198 Call Girls in Escort service book now
Kalyan Call Girl 98350*37198 Call Girls in Escort service book now
 
Buy gmail accounts.pdf buy Old Gmail Accounts
Buy gmail accounts.pdf buy Old Gmail AccountsBuy gmail accounts.pdf buy Old Gmail Accounts
Buy gmail accounts.pdf buy Old Gmail Accounts
 
Marel Q1 2024 Investor Presentation from May 8, 2024
Marel Q1 2024 Investor Presentation from May 8, 2024Marel Q1 2024 Investor Presentation from May 8, 2024
Marel Q1 2024 Investor Presentation from May 8, 2024
 
Nashik Call Girl Just Call 7091819311 Top Class Call Girl Service Available
Nashik Call Girl Just Call 7091819311 Top Class Call Girl Service AvailableNashik Call Girl Just Call 7091819311 Top Class Call Girl Service Available
Nashik Call Girl Just Call 7091819311 Top Class Call Girl Service Available
 
SEO Case Study: How I Increased SEO Traffic & Ranking by 50-60% in 6 Months
SEO Case Study: How I Increased SEO Traffic & Ranking by 50-60% in 6 MonthsSEO Case Study: How I Increased SEO Traffic & Ranking by 50-60% in 6 Months
SEO Case Study: How I Increased SEO Traffic & Ranking by 50-60% in 6 Months
 
Organizational Transformation Lead with Culture
Organizational Transformation Lead with CultureOrganizational Transformation Lead with Culture
Organizational Transformation Lead with Culture
 
Berhampur CALL GIRL❤7091819311❤CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDING
Berhampur CALL GIRL❤7091819311❤CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDINGBerhampur CALL GIRL❤7091819311❤CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDING
Berhampur CALL GIRL❤7091819311❤CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDING
 
Pre Engineered Building Manufacturers Hyderabad.pptx
Pre Engineered Building Manufacturers Hyderabad.pptxPre Engineered Building Manufacturers Hyderabad.pptx
Pre Engineered Building Manufacturers Hyderabad.pptx
 
HomeRoots Pitch Deck | Investor Insights | April 2024
HomeRoots Pitch Deck | Investor Insights | April 2024HomeRoots Pitch Deck | Investor Insights | April 2024
HomeRoots Pitch Deck | Investor Insights | April 2024
 
UAE Bur Dubai Call Girls ☏ 0564401582 Call Girl in Bur Dubai
UAE Bur Dubai Call Girls ☏ 0564401582 Call Girl in Bur DubaiUAE Bur Dubai Call Girls ☏ 0564401582 Call Girl in Bur Dubai
UAE Bur Dubai Call Girls ☏ 0564401582 Call Girl in Bur Dubai
 
New 2024 Cannabis Edibles Investor Pitch Deck Template
New 2024 Cannabis Edibles Investor Pitch Deck TemplateNew 2024 Cannabis Edibles Investor Pitch Deck Template
New 2024 Cannabis Edibles Investor Pitch Deck Template
 
Putting the SPARK into Virtual Training.pptx
Putting the SPARK into Virtual Training.pptxPutting the SPARK into Virtual Training.pptx
Putting the SPARK into Virtual Training.pptx
 
How to Get Started in Social Media for Art League City
How to Get Started in Social Media for Art League CityHow to Get Started in Social Media for Art League City
How to Get Started in Social Media for Art League City
 

Winhon Network Solution

  • 3. 3 HPE Aruba • HP 2015 分成兩家 Fortune 50的公司,Hewlett-Packard Enterprise 簡稱 HPE • HPE Networking 在Gartner 2016年9月的市場調查與Cisco連續6年同為僅有的2家 領導品牌 • HPE Networking 在 2015 年併購 Aruba Networks
  • 4. 4 HPE Aruba 始終居於市場領導定位 2016年 8月 Gartner 報告肯定 HPE Aruba 的領導地位 This graphic was published by Gartner, Inc. as part of a larger research document and should be evaluated in the context of the entire document. The Gartner document is available upon request from Aruba, a Hewlett Packard Enterprise company. Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties or merchantability or fitness for a particular purpose. Source: Gartner Magic Quadrant for the Wired and Wireless LAN Access Infrastructure August 2016. Tim Zimmerman, Christian Canales, Bill Menezes, Danilo Ciscato ID Number: G00291908 • HPE Aruba與思科為僅有的兩家領導品牌 • HPE Aruba 提供單一智慧網路,網路安全,網路管 理輕鬆掌握 市 場 佔 有 率 產品技術 HPE Aruba is Here
  • 7. 7 Components HPE Aruba 單一廠商提供完整有線及無線解決方案 Unified Multi-vendor 存取控管政策 End-to-end Multi-vendor 管理 Best of breed 無線網路 Optimized for wireless aggregation 有線網路無線網路 802.11ac APs Mobility Controllers BLE Beacons 有線網路 Switches 存取控管政策 ClearPass 管理 AirWave IMC For IT For LOB 分析分析 Mobile engagement & business analytics
  • 9. 9 Pioneered WLAN Switch Architecture Centralized Architecture Solves Security and TCO for WLANs “Thin” Access Points 集中式的 Aruba Mobility Controller 802.11a/b/g Antennas Policy Mobility Forwarding Encryption Authentication Management “Fat” Access Points ▪ WiFi 無線網路訊號點 • 無線網路存取 • 無線網路 IDS/IPS • RF 自動掃描偵測 • 無線定位服務 • 封包擷取 (Packet Capture) • AP 沒有認證加密金鑰及憑證 ▪ Controller 可以看到所有 RF 訊號 • 自動設定功率及頻道,自動優化 ▪ 深度網路安全機制 • 集中式的認證 (設定, 執行) • 集中式的加密 • 認證加密金鑰及憑證 • 監看整理安全威脅 • 內建的 Per-User Stateful Firewall ▪ 業界領先的 QoS 功能 ▪ 廣泛的網路連通功能 ▪ 單一的管理控制介面
  • 11. 11 HPE Aruba Controller 系列 7030 Large branch Up to 64 APs and up to 8Gbps throughput Midsize branch with integrated switch 12 or 24 ports of PoE+ for unified branches Up to 32 APs Small branch Virtualized or PoE-powered controllers Midsize Campus High performance, fixed form factor Up to 256 APs, 12 Gbps throughput Large Campus High performance, redundant power/fan 512 – 2048 APs, up to 40Gbps throughput 7240 7220 7210 7205 7024 (24 PoE+) 7010 (12 PoE+) 7005/7008 (16 AP) Branch Campus http://www.arubanetworks.com/products/networking/controllers/
  • 12. 12 Broad Portfolio of WLAN Connectivity 飯店專用 103H/203H 2 ports 11n dual 205H/303H 3 ports 11ac dual PSE 室內型 330 Series 11 ac WAVE 2 4x4 MU-MIMO Smart Rate (2.5GBASE-T) 戶外型(全向/指向) 270/360 Series Outdoor 3x3 11ac 惡劣環劣使用 228 Series Industrial grade 3x3 11ac HPE Aruba 無線 AP系列紅字:目前熱銷機種, 藍字:未來替代機種 310 Series 11ac WAVE 2 Carpeted space 3x3 MU-MIMO 2.1 Gbps 300 Series 11ac WAVE 2 320 Series 11ac WAVE 2 4x4 MU-MIMO 2.5 Gbps, Dual uplink 200 Series Wave 1 2x2 11ac MIMO 1.2 Gbps 103 /207 Series Lower cost 2x2 11n /2x2 11ac 600 Mbps Remote Access Points RAP-3WN(攜帶型)/203R 2 ports, 2.4GHz, PSE RAP-108/109(吊掛) 1 port, 11n dual radio RAP-155(桌機) 4 ports, 11n dual radio, PSE 210 Series 11ac WAVE 1 3x3 MIMO 1.9 Gbps 220 Series 11ac WAVE 1 3x3 MIMO 1.9 Gbps, Dual uplink http://www.arubanetworks.com/products/networking/access-points/ 最常選用規劃的AP型號,另有IAP 版本可選用 飯店旅宿in-wall選用型號 分公司、外點辦公室選用型號, 內建VPN功能 定位系統
  • 13. 13 Controller 集中控管 Thin AP 或 分散式無 Controller (Instant AP, IAP) Small, temporary & home office Wi-Fi Remote APs, VIA Mobile/Laptop Client Distributed, controllerless WLAN with Aruba Instant Controller-based WLAN with ArubaOS Simplified branch deployment with clusters Centralized encryption with advanced services at scale 相同的 AP 硬體
  • 14. 14 Aruba Instant Virtual Controller AP setup -SSID -Security -Guest Access Adaptive Virtual Controller
  • 15. 15 Aruba IAP Multi-Site Deployment - Configuration changes - Network reporting - Device tracking - Troubleshooting KaohsiungTaipei Taichung AirWave
  • 17. 17 HPE Networking Product Segment OfficeConnect Wired & wireless networks for small businesses • 1900, 1800, 1600, 1400 switch series • Small business APs • R100 wireless VPN router series Small BusinessCampus & Branch HPE Aruba Mobile-first enterprise networks for campus, branch & remote • APs & Beacons • Controllers, SDN Apps • 5400R, 3810, 2920, 2530, • ClearPass, Meridian, ALE AirWave, Central, IMC FlexNetwork Traditional enterprise routing / switching at the campus & branch • 10500, 7500 • 5510, 5130, 5120 • MSR 900, 1/2/3/4K • HSR 66/6800 • VSR 1000 IMC Web GUI Data Center FlexFabric Traditional enterprise data center networks • 12900,7900 • 5950 • 5930, 5940 • 5900, 5900CP, 5700 • DCN, VCN, 5900v, SDN IMC Altoline Data center networks for cloud-scale • 6900 • 6920, 6921 • 6940, 6941 • 6960 IMC
  • 18. 18 HP FlexCampus – Modular Switches • 4, 8 and 12-slot chassis • 13Tbps Switch Capacity • 40 GbE capable (up to 96 ports) • 100 GbE • 576 10 GbE or 1 GbE ports • Full L3 features & IPv6/MPLS • IRF stacking • MDC • SDN OpenFlow 1.3 • 2, 3, 6 and 10-slot chassis • 4.8Tbps Switch Capacity • 40 GbE capable , 40 ports • 160 10 GbE ports, 480 1 GbE ports • High-density PoE+ • Full L3 features & IPv6/MPLS • IRF stacking • MDC • SDN OpenFlow 1.3 10504 10508 10508V 10512 7502 7503 7506 7506V 7510 SMB & Branch Core Enterprise access Campus Core • 6 and 12- slot compact chassis • Redundant management and power for modules • 760Gbps Switch Capacity • 96 10 GbE ports, 288 1 GbE ports • 288 ports full PoE+ capable • Full L3 features • SDN OpenFlow 1.3 5406R 5412R
  • 19. 19 HPE FlexNetwork fixed port switch portfolio IMC single-pane-of- glass management Traditional enterprise switching for the campus & branch 9 3600 v2 EI/SI − Layer 3 Advanced with multicast routing − 24 or 48 ports − 10/100 − PoE+ models − 9 chassis IRF − Comware 5 − Basic Layer 3 with static & RIP routing − 24 or 48 port models − PoE+ models − 4 fixed 10 GbE uplinks − Redundant power − EEE − 9 chassis IRF − OpenFlow − Comware 7 5120 SI − Layer 2+ with static routing − 8, 16, 24 or 48 ports − PoE+ models − Up to 4 fixed Gig uplinks − Redundant power − ACLs − 4 chassis IRF − Comware 5 − Basic Layer 3 with Static & RIP Routing − 24 or 48 port models − Full 48 Port PoE+ − Dual Redundant PS − Fixed and modular 10GbE uplinks − 9 chassis IRF − MACsec support − EEE − OpenFlow − Comware 7 3100 v2 EI/SI − Layer 2+ − 8, 16, 24 or 48 ports − 10/100 − ACLs − PoE models − Comware 5 − Advanced Layer 3 − 24 or 48 port models − Enhanced MPLS/VPLS support − Full 48 Port PoE+ − Dual Redundant PS − 9 chassis IRF − Fixed and modular 10GbE uplinks − MACsec support − EEE − OpenFlow − Comware 7 Fast Ethernet Switches Gigabit Ethernet Switches 5130 HI 5130 EI 5510 HI 40 Gigabit Uplink EOS
  • 20. 20 Aruba campus switch portfolio Enterprise, branch and SMB networks − Layer 2 − 8, 24 or 48 ports 10/100 − sFlow, ACLs, IPv6 − Fanless − 10GbE uplinks − PoE+ models Fast Ethernet Switches • Layer 3 with static & RIP routing • 8, 24 ,or 48 ports • 10/100 • PoE+ models • Redundant power • GbE uplinks 2620 2530 − Layer 2 − 8, 24 or 48 ports Gig − sFlow, ACLs, IPv6 − Fanless & compact models − Models with 10GbE uplinks − PoE+ models 2530 2540 − Basic Layer 3 with static & RIP routing − 24, 48 ports Gig − PoE+ models − Fixed 1GbE and 10GbE Uplinks − sFlow, ACLs, IPv6 2920 2930F − Basic Layer 3 with static & RIP routing − 8, 24, 48 ports Gig − PoE+ models − Fixed 1GbE and 10GbE Uplinks − Internal Power supply − OpenFlow − Basic Layer 3 with static & RIP routing − 24, 48 ports Gig − PoE+ models − Stacking − Modular 10GbE uplinks − OpenFlow 3810 − Advanced Layer 3 − 24 or 48 port Gig − Smart Rate multi-gigabit Ethernet − Wire speed 40GbE − PoE+ models − Modular uplinks − Redundant power − 10 unit stacking − OpenFlow Gigabit Ethernet Switches 10G /w 40 Gigabit Uplink
  • 21. 21 HPE OfficeConnect 1 &10 Gigabit Smart Managed Switch 21 Entry – 1G copper only, VLANs, link aggregation, loop protection 1620 Switch Series Basic – 1G copper and 1G fiber, VLANs, link aggregation, STP, RSTP 1820 Switch Series Basic – 1G and 10G copper, VLANs, link aggregation, STP, RSTP 1850 Switch Series Advanced – 1G and 10G copper, 10G fiber, VLANs, link aggregation, ACLs. STP, RSTP, MSTP. Static routing, stacking 1950 Switch Series Advanced – 1G copper and 1G fiber, VLANs, link aggregation, ACLs. STP, RSTP, MSTP. Static routing 1920 Switch Series Functionality Features
  • 22. 22 HPE Cloud-First ToR access switches Top-of Rack, Access Converged Infrastructure FlexFabric 5950 FlexFabric 5940 FlexFabric 5930 FlexFabric 5900/CP FlexFabric 5700 6125/6127XLG Moonshot-45XGc 10/25/40/100GbE ToR Native L2 VXLAN Support 10/40/100GbE ToR Native L2/L3 VXLAN Support EVPN support 10/40GbE ToR Native L2 VXLAN Support 1/10GbE ToR Full Layer 3 with Data Center Features (DCB, FCoE, TRILL, SPB) Converged ToR Ethernet/FCoE/FC (4&8 Gb/s- 5900CP) 1/10GbE ToR Layer 2/Light Layer 3 with Data Center features (DCB, FCoE, TRILL) HPE BladeSystem Interconnect Comware v7 based High Performance / Overlay Competes against Cisco Nexus 92xx High Performance / Overlay Competes against Cisco Nexus 92xx High Performance / Overlay Competes against Cisco Nexus 93xxx High Performance Competes against Cisco Nexus 55xx/5600 Best in class TCO Competes Against Cisco Nexus 2K Feature Rich Competes against Cisco 3120x Blade Switch No licensing, including MPLS edge Convergence every port VXLAN GW No licensing, including MPLS edge Convergence every port VXLAN GW Integration with NSX and Helion as L2 VXLAN GW Entire stack without licensing, including MPLS edge (SP/Telcos) Convergence on every port with IRF Switching at the cost of a multiplexer Power of Comware v7 within Moonshot
  • 23. 23 Switching for the Mobile-First Campus Gigabit Access Multi-Gig Access Aruba 2920 Aruba 5400R POE+ SDN Optimized Smart Rate Multi-Gig Ports Aruba 2530 AirWave & ClearPass Stacking Aruba 2930F Central Aruba 2540 VSF VSF Aruba 3810
  • 24. 24 HPE Aruba Wired & Wireless解決方案示意圖 • 外地出差 • SMALL OFFICE/HOME OFFICE ClearPass Airwave HPE Aruba (Wireless) Mobility Controller 員工 HPE Aruba PoE Switch HPE Aruba Core Switch Aruba Remote AP AD/LDAP Other user DB Internet AP HPE Aruba Access Switch FortiGate NGFW HPE Aruba 802.11ac AP Desktop User Laptop Wired User Soft Phone Wireless Users IMC HPE Aruba Edge Switch
  • 27. 減少無線網路抱怨 with Aruba 802.11ac and ClientMatch 事先知道無線網路問題,而非事後被抱怨 with Aruba Clarity and AirWave 無線網路除了效能,應力求穩定與可視化管理 不是單用 AP、Controller 的技術規格來比較 應用程式可視化,重要的應用優先 with Aruba AppRF
  • 28. HPE Aruba 無線網路:不只是集中控管 Aruba 領先的Thin AP技術帶來管理、維護與系統穩定優勢! 1 2 3 COREDISTRIBUTIONACCESS DATA CENTER 3 3 2 2 1 1 4 4 5 5 101 102 101 102 101 102 101 102 EMPLOYEE EMPLOYEE EMPLOYEE 201 202 201 202 201 202 GUEST GUEST GUEST 202 201 1 1 2 2 3 3 GRE/IPSec TUNNELS STANDBY ACCESS BLOCK 1 ACCESS BLOCK 2 ACCESS BLOCK 3 ARUBA Mobility Controller Wireless VLAN Pooling: VLAN 不再依樓層或建物設定而是自動 Load Balance • 有線網路只須於Core及Aruba Controller 設定無線網路 VLAN • 只須要維護控制器,不需要維護AP Wireless VLAN 使用者會移動,再也不是依樓層來分配VLAN • Aruba 輕易區分 Broadcast Domain • 動態分配使用者 VLAN • 使用者被分配VLAN後,VLAN跟者使用者走 • 不會因使用者位置造成分配不均 ACTIVE
  • 29. Adaptive Radio Management 解決無線網路訊號及負載問題 • 自動調整最佳 Channel / Power 避免干擾,減少漏洞 (Self-Healing) • 可識別無線Wi-Fi及非Wi-Fi的訊號干擾 • Controller 集中式的決策控管,避免 AP channel hopping 產生 微波爐
  • 30. Match to another AP DEVICE TYPE INTERFERENCELOCATION CONGESTION REAL-TIME RF CORRELATION Enables use of 802.11ac Wi-Fi rates ✓ 98% of mobile devices with higher SNR ✓ 94% better performance for “sticky” clients ✓ No client-side software required Aruba ClientMatch™ •協助用戶端漫遊,避免沾黏於訊號差的AP:Say Goodbye to Sticky Clients •AP自動負載平衡: 依照頻譜、AP負載量、用戶訊號等分配無線使用者連線 •Band Steering/Band Balancing:協助支援2.4及5GHz雙頻用戶端連線到5GHz頻段,充分利用 5GHz頻段較多,干擾較少的優勢。
  • 31. With Enhanced ClientMatch (3 clients)Without Enhanced ClientMatch (3 clients) 進階 ClientMatch™ 感知 MU-MIMO用戶端,提升整體效能 W1 AP1 W2 AP2 W1 C1 W2 C2 W2 C4 Aggregate Downstream Throughput Efficiency of MU-MIMO • 1SS clients deliver ~75% • 2SS clients deliver ~65% Without ClientMatch With ClientMatch AP1 300 Mbps AP2 300 Mbps Network 600 Mbps ClientMatch Without ClientMatch With ClientMatch AP1 300 Mbps 300 Mbps AP2 300 Mbps 450 Mbps Network 600 Mbps 750 Mbps ClientMatch 提升達  42%
  • 32. Aruba AirWave • 訊號圖、Wired(ArubaOS)/Wireless設備管理、無線用戶端除錯 • 客製化告警政策,超過30多種事件、流量、訊號等告警 • 提供使用者效能及應用程式使用狀況,以提供管理者網路使用率的最佳化規劃 • 超過20多種內建報表,可客製化各種使用趨勢、安全合規報表
  • 34. 34 Aruba AirWave Clarity Live 監視用戶端資料流 統計網路不通的原因, 協助網管人員辦別無線 連線問題 – Radio Association – Authentication – DHCP – DNS Customizable thresholds & timelines Drilldown widgets View failure rates & response times Holistic network view
  • 35. 35 Aruba AirWave Clarity SYNTHETIC 依需求或排程模擬用戶端連線AP,主動事先發現網路可能存在的問題 識別下列網路問題 ✓ Radio Association ✓ Authentication ✓ DHCP ✓ DNS DHCP DNS RADIUS Aruba Clarity Aruba Clarity
  • 36. 系統效能、擴充性、功能性是否可以應付 Wired is aggregation for WLAN and IoT 不用再為你的網路埠貼標籤了 with Aruba ClearPass 遠端辦公室免 IT 人員自動設定Switch with Aruba AirWave Aruba Campus Switches
  • 37. 高擴充及系統穩定性 (FlexNetwork) HPE Intelligent ResilientFramework (IRF)  IRF虛擬化技術將多台實體交換器虛擬成單 一邏輯運作交換器  所有交換器除了單一IP管理之外,內部資 料皆會同步,如 MAC/ARP/Routing表… 等  IRF架構可以改善效能、提供完整Active- Active備援機制更能真正簡化你的網路架 構 傳統網路 Network withIRF IRF IRF整合多個交換器並達到多重轉發能力 “DistributedSingleFabric” − 超高效能,Layer 2/3平衡負載 − 高穩定度,Layer 2/3備援 − 高擴充性、控制與安全 •不需STP機制,也不需要VRRP
  • 38. 39 高擴充及系統穩定性 (ArubaOS) Virtual Switching Framework (VSF) 2930F with VSF 5400R with VSF Simplify network operations Scalable performance Increases resiliency Available on Aruba 5400R and 2930F • 5400R – 2 chassis • 2930F – 4 chassis
  • 39. 40 ArubaOS Switch 免設定自動安裝 (配合 AirWave 及 DHCP server) DHCP Server INTERNET 1. Switch boots up and sends a DHCP Discovery with Option 60: ARUBA 2930F 2. DHCP Server respond with DHCP offer and populate options 46 with Airwave information : Airwave Configuration details Airwave IP : 10.32.202.103 Airwave Group : sko Airwave Folder : demo Airwave Secret : aruba123 3. Switch sends registration request to Airwave 4. Airwave Identify the switch and “push“ the configuration template 5. Switch load the new configuration template reboots and is now commissioned using ZTP New Switch
  • 41. 行動式用戶端設備… VOICE, VIDEO 及 DATA 在相同的設備執行時…..
  • 43. 44 AppRF 流量可視化 自動識別 VoIP Calling, 及其他應用程式 • Custom AppRF definitions beyond the 2500 that’s automatically identified by AOS • Update signatures without an AOS upgrade • Automatic classification, health metrics for Wi-Fi calling, Skype for Business, Apple Facetime, Cisco/Avaya/ALE Voice, and more
  • 44. 45 ✓Session Initiation Protocol (SIP) ✓Spectralink Voice Priority (SVP) ✓H323 ✓Cisco SCCP ✓Vocera ✓Alcatel NOE phones ✓Microsoft® Lync/Skype ✓Apple Facetime application Application Aware Networks ▪語音及視訊應用容易受延遲及Jitter 影響,網路架構需要有優化處理的能力。 ▪Aruba 可支援下列多媒體應用 QoS / QoE (Experience)
  • 45. 46 Application Aware: 提升 VoIP 實際用戶體驗 Advanced Call Admission Control (CAC) 功能 Controlled Access Points Mobility Controller 1 2 3 IP PBX A Voice Initial CAC Threshold A. 監視每一顆AP上已連線的通話, AP 2 已經到達起始允許通話連線臨界值 (initial CAC threshold), 因此閒置的VoWLAN phones 將被負載平衡至鄰近的AP,直到AP2 的通話數 量小於 CAC 臨界值。 B Roaming Voice Handover Threshold B. 無線網路電話由AP1 移動至AP2,因為頻寬已經被保留給漫遊的語音通話(也就是 handover threshold), 語音通話因此可以無縫隙的由另一顆AP接受,不會產生通話品質下降。 C Data Reserved for data C. 可保留服務給Data 的使用者,使其仍保有可用性及效能,即使在高流量的VoWLAN之下,Data 使用者並不會受到語音允許通話臨界值的影響。 漫遊 不延遲 不斷話 自動 負載平衡 語音通話 Controlled Access Points
  • 46. 4747 Toll Quality Voice Full Visibility • 狀態防火牆監視語音流量 • 產生通語音通話相關報表 Protocol Independent • 識別各種通訊協定 • 包括加密的多媒體流量 (DPI) Highly Scalable • 用戶端語音通話負載平衡 Call Protection • 偵測到語音通話,則停止 AP scan (如果有啟動), 直到通話結束。 7000 handsets 30 buildings 1000 Vocera 6 hospitals 2000 handsets 40 schools Customer Examples
  • 47. 48 Aruba Solution: 單一 SSID:支援所有的企業應用程式:讓重要的應用優先 – Application awareness ensures QoS and availability – Single SSID – multiple traffic classes – Bi-directional QoS on wired and wireless network – Admission control for voice and other apps ensures QoS in the air – Supports devices with or without WMM Wireless Wired Converged Voice & Data Packet stream with WMM Tags 802.1p or DSCP Prioritized Voice Packets Data Packets Protocol aware Voice Flow Classification and Security RF Management stops channel and power optimization when voice clients are present Call admission control distributes call volume between Access Points Single ESSID for Voice & Data Smart Phone Voice Software 1 2 3 4 5 Deploying Wi-Fi Voice
  • 48. 49 GRE encapsulated packet Network Aruba End-to-End QoS 運作機制 - Tagging Voice Data L3 TOS L2 COS L3 TOS bits from the packet is copied onto the GRE header Downstream Traffic Upstream Traffic Network Voice Data L3 TOS L2 COS Upstream ACLs: ACL on the switch can overwrite the L2 COS and L3 TOS 802.11 packet Downstream ACLs: ACLd on the switch can overwrite the L2 COS and L3 TOS Data TOS COS
  • 49. 50 BYOD 及 IoT 勢不可擋 網路安全問題
  • 50. 51 Aruba 自動分類並自動阻絕非法 AP BACKBONE Rogue AP • 使用者私接入內部網路 • 通常沒有提供足夠安全認證 機制 • 任何可以搜尋到這顆AP並 且連線的人都能輕易繞過防 火牆進入內部網路 Neighboring Company or Public Hotspot Parking Lot Valid Interfering Known Interfering Rogue Mobility Controller Suspected Rogue
  • 51. 5252 資安稽核單位對無線網路安全的稽核重點:資料加密 Aruba 無線網路 End-to-end 加密,即使流量經過網路交換器 更加提昇的安全性 – 比有線網路還安全 一般網路封包 加密的 802.11 封包 已無加密 有加密 WLAN 控制器 Fat/Fit AP 傳統AP的運作: 加密的 802.11 封包加密的 802.11 封包標頭封裝 全程加密 Secure Tunnel Aruba的邏輯 : 與生俱來的 End-to-End 加密機制 802.1x: Access Accept 802.1x: Access Accept
  • 52. 53 網路設備必須具有Role-based安全政策: 不同角色應給予不同權限 - Aruba 內建 Role-based 防火牆,不需用 VLAN來區分存取權限 - 僅在 Aruba控制器即可達成下列需求,不須碰觸其他機器 企業內部網路 Internet訪客 – 僅上 Internet Bill –約聘人員 限制主機 違反使用規則 阻擋 Jeff –語音流量 高優先權 Jeff –RD員工 存取伺服器 Virtual AP 1 SSID: Secure 802.1x Virtual AP 2 SSID: GUEST Web Portal Captive Portal Role-Based Firewall Access Rights Role-Based Access Control Sales 約聘人員 視訊語音 設備 訪客 X AD/LDAP/ RADIUS Aruba AP Aruba Controller RD Aruba Switch
  • 53. 54 Aruba ClearPass Policy Manager (CPPM) 進階認證授權/BYOD/訪客應用/NAC Solution CLEARPASS POLICY MGR Onboard Guest 內建: : (H/W, VA平台: 500/5000/2500 Unique Endpoints) • Policy Engine • RADIUS/CoA/TACACS • Profiling • Accounting/reports • Identity store Expandable Applications REMOTE LOCATION 選項應用 License: • BYOD onboarding • Simple guest access • Health assessments OnGuard
  • 54. 55 ClearPass Policy Manager (CPPM) 整合有線、無線及遠端存取 (VPN/Remote AP) 存取方式 政策決策點 (CPPM) Remote User Wired User Wireless User 政策執行點 (網路設備) VPN Concentrator WLAN Concentrator Switch Switch Active Directory or LDAP Server SQL Store HPE Aruba Controller HPE Aruba Switch Aruba VIA
  • 55. 56 CPPM - 強大的使用者角色及權限控制 認證 Authentication – 支援 802.1X, MAC 及 Web (HTTPS) 認證 – 支援各種網路設備 (不只Aruba): ➢ 經由 RADIUS, RADIUS CoA, TACACS+ 及 SNMP。 – 可以讀取多種認證來源: ➢包括 AD, LDAP, SQL, Kerberos, Token Server 等等。  授權 Authorization –依據各種實際使用者及環境參數執行不同的政策: ➢Allow/Deny, VLAN, ACL, SNMP strings…… ➢時間 、位置、角色、設備………  計量 (Accounting) – 用量、統計分析
  • 56. 57 NEW WAY: Create your own Fingerprints! OLD WAY: Wait for new Fingerprints to be made and/or manually override devices 1:1 ClearPass 進階 Profiling 及 Policy – 解決 IoT 安全問題
  • 57. 58 ClearPass Onboard BYOD 使用者設備自助式註冊:無線/有線網路 1. 整合 AD (或其他)帳號驗證,只有員工可以註冊 2. 可設定每位員工允許註冊的設備數量,未註冊的設備拒絕存取 3. 使用憑證及AD使用者帳號雙重認證 a. CPPM 自動設定用戶端 802.1x SSID Profile (EAP-TLS) , 提供該設備專用的識別 憑證 (包含使用者帳號) b. 安裝 OnGuard Agent (NAC) (選項) 1. 設備第一次連線 : 使用 Web Portal,輸入 AD 帳號密碼登入,開始註冊程序連線 SSID/有線網路 2. AD/LDAP (User Database)CPPM (Certificate) 3. 使用者使用 802.1x SSID (EAP-TLS) 安全的連線
  • 58. 59 ClearPass – Profiling 自動分類設備 DHCP SNMP SSH TCP WMI CDP, LLDP OnGuard Accurate Policy Decision NMAP • We’re adding NMAP Port-based Scanner • On-demand or pre-scheduled scans • Granular visibility for like devices • Enhances our competitive advantage Mac OUI NMAP Scan Two IoT Endpoints AfterBefore Temperature Sensor Lighting Sensor
  • 59. 60 Aruba Mobile First 有線無線網路整合Role-Based存取政策 不需再替有線網路埠貼標籤了 提供不只帳號認證,更提供設備自動識別認證 Aruba ClearPass SNMP Enforcement Printer Vlan Infusion Pump Vlan 現有有線無線 802.1X 認證 識別使用者角色權限 No 802.1X • Web Portal/802.1x/MAC 認證:Role-based Access Control • 沒有認證的設備,自動識別 ✓ ClearPass profiling:wired/wireless - IoT, laptops, mobile phones.
  • 60. 61 ClearPass + 有線/無線網路政策一體化: 使用者角色+設備特徵權限分派示意圖 Corporate Services Guest Jeff – 自帶Samsung Jeff – 自帶 iPhone HR Jeff – 公司 Notebook Virtual AP 1 SSID: Corp Virtual AP 2 SSID: GUEST DMZ ClearPass CPPM Onboard/Profile Captive Portal Role-Based Firewall Access Rights Secure Tunnel To DMZ SSID-Based Access Control 員工 合約廠商 語音設備 視訊影像 Guest X AD/LDAP Aruba AP Aruba Controller Aruba MAS Wired AP Guest 員工
  • 61. 62 網路聯防安全防護 (內部網路安全) Adaptive Trust Defense based on real-time threat detection ** Firewall / IPS LAN/WLAN User connects and uploads threat NGFW/IPS sends event to ClearPass ClearPass isolates client • Offers enhanced user experience as ClearPass can initiate user notifications, help-desk tickets, and update third-party security solutions • ** Device in step 2 can be MDM/EMM, SIEM, etc. 1 2 3
  • 62. 63 BYOD 使用憑證管理傳統與ClearPass方案比較 • Domain • Key & Certificate 傳統: Enterprise PKI and CA ClearPass :Built-in CA Certificate Authority Validation Authority Registration Authority Active Directory IT-Managed Devices • Domain • User • Device • Key & Unique Certificate Personal Devices ClearPass AAA/CA Certificate Authority ADRAVA CA Active Directory AD NPS/ACS AAA
  • 63. 64 Aruba Guest: 訪客自我註冊連線 1. 3. 連線網路 2.申請表單自動 email 給受訪者,受訪 者確認訪客申請 ClearPass Policy Manager Guest 訪客帳號啟用,訪客透過 Portal 畫面告知已經可以登入使用該 帳號訪客連線網路,透過Web Portal 填寫申請表單 (可客製化欄位) 訪客 Sponsor
  • 65. 66 Aruba Remote AP 將辦公室網路帶著走 Guest Employee Voice Barcode scanner Locally Bridged SSID (guest) Local Server/Printer Split Tunneled SSID (corporate) Internet Traffic 中心端網路 備援中心端網路 IPSec/NAT-T Tunnel ▪Tunneled (支援各種認證) ▪Bridged (支援各種認證) ▪Split Tunneled (支援各種認證) ▪集中設定AP ▪放置防火牆政策 ▪Local 加解密 Local Traffic 如 server, 印表機等等 HQ Traffic 辦公室分機
  • 66. 67 有線網路也可以這樣延伸 Aruba Switch Tunneled Node – per-port / per-user LoCtrl2 CSw1 CSw1 LoCtrl1 Acc2/2Acc1/2 Acc2/1Acc1/1 Aruba Mobility Controller Aruba Mobility Controller
  • 67. 68 Secure VPN with Aruba VIA™ Aruba Mobility Controller 可做為 VPN Gateway – Seamless corporate access on-the-go – IPsec/SSL VPN – Centrally managed and configured – Supports Suite B military-grade encryption
  • 69. 行動感知應用:Mobile Engagement低功率藍牙室內定位技術 Meridian SDK Indoor maps with content, push notification campaigns and centralized beacon management Partners: App Development Agencies and Software Vendors Smartphone with the Meridian powered app (iOS, Android) Beacon management with Aruba Sensors on Wi-Fi AP Beacon management with Aruba 802.11ac access points
  • 70. 71 Mobile Engagement 應用實例 Increase retail sales Enable shoppers to locate individual products in-store Improve fan engagement Bring indoor venue services to where the fans are Increase visitor satisfaction Personal tour guides with turn-by-turn directions
  • 71. 72 Location Hardware Beacons + Sensors + APs Aruba Beacons Blue dot directions and notifications based on real-time position Aruba AP w/ integrated Beacon Communicates with Aruba Beacons and Meridian Platform 802.11ac AP (310/300/207) USB Beacons Used for location + notifications + Management Aruba Sensor Used for location + notifications + Management on ANY network
  • 74. 75 Run Both Worlds with Hybrid SDN https://www.hpe.com/us/en/networking/infrastructure.html ArubaOS OpenFlow FlexNetwork OpenFlow FlexFabric OpenFlow VXLAN HPE Network Optimizer HPE Virtual Application Networks (VAN)SDN Controller HPE Network Protector HPE Network Visualizer HPE Virtual Cloud Networking HPE-VMware Solution SDN App Store