Problems Facing
Business Today
* Increase Productivity
* Control and Understand costs
* Provide more services to my
end-users
* Utilize technology to enhance the
business
* How is technology being used to
solve this dilemma?
- WWW
- Internet
- Video Conferencing
- Client/Server
- Advanced Whiteboarding …
Here Comes the Intranet
Why are Intranets
Gaining in Popularity
* They are simple to use
* Servers are relatively simple to add and maintain
* Vendor and Device Independence
* Delivers Flexibility and Mobility
* Allows for rapid access to information resources
Okay Fine …
But What is the Risk?
* Security
- Any-to-Any connectivity allows almost unlimited "surfing" INSIDE the firewall
* Control
- How can you GUARANTEE that all intranet resources are secure … can you trust application security? NO
Okay Fine …
But What is the Risk?
* Management
- More distributed servers, more information, more bottlenecks, more users … WILL IT STAY IN CONTROL?
How Can These Intranet and
Business Problems be Controlled?
* By building the infrastructure that is based on:
- User-to-User Security NOT Segment-to-Segment Security
- Control and Management of:
* Users
* Systems
* Network Resources
- Ease of use, ease of installation, ease of support
- Ability to leverge existing infrastructure while providing migration to emerging technology
- A building block methodology
* Software Services
* Hardware Migration
What Kind of Intranets/Nets
Exist Today??
* Highly Routed with Hubs
* Switched just for Bandwidth interconnect via Routers
* Flat/Bridged Only with little to no routing
* Based on every technology
- Ethernet, Token Ring, FDDI, ATM, Fast Ethernet, etc …
* Management may or may not exist
* All methods have advantages and disadvantages …
Goals of Most Information Technology Organizations
* Choose any network design methodology
- Routed or Switched/Flat
* Choose any technology required
- Packet or cell-based
* Leverage existing infrastructure investment
* Leverage existing talent pool
* Have a long life span and migration path
* Standards-based
* SAFE and PROVEN
End Result Once Next Generation Technology Deployed
* Highly Reliable, Highly Predictable, Utility-like Service
* High Bandwidth Availability
- Enough bandwidth for all user demands
* Highly Secure
* Highly Manageable
- Proactive and quick problem resolution
* Easy mobility of users
* Easily upgradeable as new needs are defined
How is the Industry
Solving These Dilemmas?
* "Cell" ATM Switching
* "Frame" LAN Switching
* RMON and Network Management platforms
* Virtual Something
* WHAT IS THE WAY TO GET THERE??
Let's Look at the Largest,
Most Reliable Network
Cabletron's
Virtual Network Services
Business Goals
* Reduce the cost of Ownership
* Allow the business to run based on business requirements … NOT the requirements of technology
* Regain control of spiraling user demands
What is SecureFast
Virtual Network Services?
" A suite of software and hardware
building blocks that when
added to the network infrastructure perform
value added services to manage
the Information Infrastructure."
What is a Virtual LAN
for the Market ?
* Similar to Port Assignment in HUBs
* Use Switching Technology to place users on logical LANs
* Still may require Routing for Interconnects
* Movement of users between VLANs may require Layer 3 End System reconfiguration
* VLAN = Logical Layer 2 Broadcast Domain
Virtual LAN Model
Building Blocks of
SecureFast Virtual LANs
* Automated VLAN membership
- Port-based
- MAC-based
- Protocol-based
- Application-based
* Distributed Virtual Routing Services
* Multiple VLAN Membership
* Drag and Drop Control
* Automatic Topology Discovery
* Connection-oriented SVCs and PVCs
* Protocol and Topology independence within highly routed or
switched
infrastructures
* Perform the following services in
the network:
- Automated
Topology Discovery and
Load-Balancing delivers a
Self-Healing
Network fabric
- Intelligent Broadcast Containment
ensures network
stability and scalability
- Distributed Layer 3 Services embed the
functions of the Router in the Switch
- Automatic VLAN Registration
reduces configuration set-up time
Network Topology Discovery
* Automatic Topological Mapping Between Switches
* Switch to Switch neighbor notification through
Switch "Hello's"
* Continuous "Switch Hello" communication for dynamic network configuration without user intervention
* Address Resolution
* Local End System Tables of each Switch provides user access information
* Dynamic User to Switch mappings
Connection Setup
* Sw 1 computes the best path to Switch 3
* Sw 1 sends a connection setup message to the next switch listing all switch hops in the path to be setup
* Sw 5 and 3 receive connection setup messages and program their connection table SADA mapping
* SW 1 now sends the original ARP as a unicast to B over the newly programmed connection
Virtual Routing
* Router Reachability
* Protocol Based VLANs allow for interaction with existing routers
* Open Membership
* Allows for other VLANs to communicate with other VLANs
* Secure Membership
* Any member of a secure VLAN cannot communicate with other VLANs [including open VLANs] without intervention of a router
* Provides VLAN Security
* "Routing" is distributed to every switch on the network
* If a traditional router providing VLAN to VLAN access fails- all Inter-VLAN communication stops
* Virtual routing provides automatic VLAN to VLAN rerouting in
event of a
failure...selfhealing reliability
* NO SINGLE POINT of FAILURE!!
Virtual Routing
Broadcast Control
* Switches implement SecureFast Call Processing for well known layer 3 connection requests
* Current Requests Include:
IP ARP, IPX GNS, IPX RIP, IP YPBIND
* These Broadcasts are intercepted by the Switch, examined for layer 3 addressing, resolved to MAC addresses and forwarded as unicasts to the true destination
Broadcast Interception
Automatic VLAN Registration
* Dynamic VLAN Membership
* Wizard allows for creation of VLANs by 802.1d, protocols, or service advertisements
* VLAN membership can be Administrator defined, or Automatic; while Base VLAN includes "Everyone"
* VLAN Design flexibility
* Drag and drop users, ports or switches into VLANs
* Ease of adds, moves, changes
* User Mobility without Administrative Intervention
Plug & Play ~ Plug & Play ~ Plug & Play
Topology View
Parent View
"Wizard" Point & Click
What is Required to Use
BASIC SecureFast Services
* Packet or ATM "Cell" based
* Over 1 Million ports are ready to take advantage of SecureFast Services
* Simple firmware
upgrade required
Need Advanced
Features...
* No problem
* Add services for:
- Policy Management
- Network Usage Accounting
-
Advanced Connection
Management
What is Required for
Advanced Services?
* SecureFast Virtual Network Server
- Has embedded servers:
* Policy Server
* Accounting Server
* Connection Management Server
* SecureFast VNET Manager
- Graphical Management Application
which includes:
* Policy Tools, Accounting Tools,
Connection Tools
- Based on SPMA architecture
* Initially supported on SPECTRUM
* Future releases run on all other
Management Platforms
Call Management Services
* SecureFast Virtual Network Call Services
- Dynamically Created Calls
* Switched Virtual Services (SVCs)
* Point-to-Point
* Point-to-Multipoint
* Multipoint-to-Multipoint
- Administratively Created Calls
* Permanent Virtual Circuits (PVCs)
* Point-to-Point
* Point-to-Multipoint
* Multipoint-to-Multipoint
- "Scoped" , Virtual Broadcast Service Groups
* i.e. IPX SAP Service Group, IP RIP Service Group, etc...
- "Last Resort", Destination Resolution Service
* Virtual Broadcast Services (VBS)
* Automatically redirects traffic in the event of a failure in original path
Call Management Services
* Managing a SecureFast Virtual Network Call
- View the Active Calls
* Provides the Administrator with a View of Every End System to End System Conversation in the SecureFast Virtual Network
- View the Path of an Active Call
* Shows the Administrator the Actual Switch Path a Call is Taking Through the SecureFast Virtual Network
- Tap into an Active Cell
* Allows Administrator to Tap into Active Calls for Protocol Decode and Analysis with a standard Network Analyzer
- Release an Active Call
* Allows Administrator to Terminate Active Calls
Policy Management Services
* Access Security to Network Resources
- Checked Once at Call Setup
* Unlike Routers and Bridges which Check Access Lists or Filters on Every Packet
* Administered and Enforced from a Central Point
- Created Via Graphical User Interface and Downloaded to the Real-time Enforcement Engine
* Versus Programming Cryptic MAC Address Oriented Filters or Protocol Specific Access Lists into Each Bridge or Router
Policy Management Services
* Location and Protocol Independent Workgroups
- To Fit Your Business Model Not the Technical Aspects of the Network Infrastructure
* Network Resource Access Rules
- Administrator May Allow or Prohibit Workgroup Communication with Network Resources
- Provides Network Resource Access Scheduling
* Time of Day
* Day of Week
* Policies Stay with Users even if they move to another Workgroup or Office (IPs don't have to be reconfigured)
- Ease of Adds, Moves, and Changes
Call Accounting Services
* Information can be used for:
- Network Capacity Planning or Analysis
* When Exported to a Spreadsheet or Network Modeling Application
- Network Operations Cost Recovery via Customer Billing
* When Exported to a Third Party Billing Application
- List of Information Stored For Each Call:
* Call Start Time and End Time
* Call Duration
* Calling Party and Called Party
* Bytes In and Bytes Out