Post on 29-Nov-2014
description
Le soluzioni tecnologiche per il nuovo ecosistema Mobile:Aerohive Networks e ZScaler
Martedì, 28 Maggio 2013
Miriade Spa, società di consulenza informatica con sede a Thiene
(VI), pone al centro della propria attività il patrimonio informativo
delle imprese, fornendo soluzioni per la protezione, l'integrazione e
l'analisi dei dati aziendali. L'azienda fondata nel 2000 ha un organico
di 35 dipendenti.
La geometria aziendale è articolata in 6 aree tecniche:
Architecture, Intelligence +, Database, Development, Cloud,
Mobility. Tra le diverse realtà con le quali collaboriamo segnaliamo:
Diesel, Benetton, Calzedonia, Tecnica, Lotto.
© 2012 Aerohive Networks CONFIDENTIAL
Introduction to Aerohive:
4
• Visionary Network Infrastructure Company› Cloud-enabled, Controller-less Wi-Fi,
Routing, VPN, Switching› 5000+ Customers› 350+ Employees› Most Visionary Vendor - Gartner MQ
for Wired & Wireless LAN 2012
Branch & Teleworker Routers
Enterprise Wi-Fi
Cloud Services Platform
Public Partner Private (on-premise)
EducationEnterpriseHealthcare Retail Logistics
Switches
© 2012 Aerohive Networks CONFIDENTIAL
New Requirements of the Network Edge
5
Users want to work anywhere, on any device
You need to enable them, without drowning in complexity
$XYesterday Today
• Corp deployed enterprise devices
• WLAN overlay
• Network centric
• Monolithic
• Corp / BYOD enterprise / consumer devices
• Ubiquitous Wi-Fi Access
• User Centric
• Elastic
Cloud-enabled, self organizing, service aware, identity-based infrastructure
Aerohive Networks - Simpli-fi Enterprise Networking
© 2012 Aerohive Networks CONFIDENTIAL
Enterprise Deployments
6
HQ Retail
Edu
iPad1:1
Faculty, Guests
Apple TVs
Branch
Unified Wired, Wi-Fi, VPN, FW
Virtualized Mgmt & VPN
TerminationWi-Fi Primary AccessGuest, Corp, BYOD Guest,
Corp, BYOD
Teleworker
Work, Home, 4G, Cloud Security
Credit Cards. PCI, Inventory, Voice, Kiosks
Logistics
Coverage, Reliability, Voice Picking,
Outdoor
Healthcare
EMR, eMAR, Asset Tracking, Voice
MessagingHigh Density, AD integration, Bonjour, Ease of Use
Cloud-enabled
Data Center
Performance, Receive Sensitivity, MDM enrollment
© 2012 Aerohive Networks CONFIDENTIAL
No data bottlenecks
Service Level Agreements
QoS & Spectrum analysis included
Distributed (Controller-less) Wi-Fi Architecture Delivering simplicity, reliability and affordability
7
Management
Redundancy
Scalability and future proofing
Performance
Centralized cloud-based or
Local management
Management within the network only
No single point of failure
Self healing mesh architecture
No controller tax
Requires multiple controllers
Local data forwarding..what do you lose?
No feature licensing
Start small and grow
Distributed intelligence
Controller capacity?
Feature licenses?
Data bottlenecks
QoS, Spectrum analysis..$$$
(FW, RADIUS, CWP, BYOD, Bonjour GW)
How does it work? Architectural Alternatives Central Vs. Distrib. Control
© 2012 Aerohive Networks CONFIDENTIAL
How does it work?
8
A single HiveAP by itself acts as a full-featured enterprise
class access pointIdentity-based security, including stateful
inspection FW, rogue detection & mitigation
Airtime Scheduling, SLA compliance and local forwarding implemented at the edge
HiveAPs are discovered, policy is pushed and the
WLAN is operationalHiveManager is a single mgmt interface
for configuration, OS updates & monitoring of thousands of devices
With a second HiveAP, fast stateful roaming,
cooperative RF, station load balancing and
seamless resiliency are enabled
Mesh networking and best path forwarding can
be used for extra resiliency and
reachability Dynamically reroutes around
failures
As more HiveAPs are added, coverage,
reliability and backhaul bandwidth increases
Cooperative RF power levels minimize
co-channel interference
With Cooperative Control, clients can securely
and seamlessly roam across the WLAN
Dynamic best path forwarding and stateful
roaming provides resiliency without a
single point of failure
With Cooperative Control, clients can securely
and seamlessly roam across the WLAN
Wireless Network
Wired Network
HiveManager NMS
Reporting Heat Maps
SLA Compliance
Policy Configuration
© 2012 Aerohive Networks CONFIDENTIAL
Load Balancing
Layer 3 Roaming
5 GHz
Resilient Mesh
Layer 2 Roaming
BandSteering
2.4 GHz
54Mbps
450Mbps
11Mbps
SLA, QoS & Dynamic Airtime Scheduling
High Powered Radios, Receive Sensitivity &
RRM
Enterprise Wi-Fi Features
Optimization Mobility
9
Distribution
Receive SensitivityLayer 2/3 Roaming
© 2012 Aerohive Networks CONFIDENTIAL
BYO and Corp Deployed Devices
Access defined by ID & Device
RADIUS
PPSKCWP
L2-4 Firewall
Corp userCorp user - BYODGuest user
CORP Policy
Corp VLAN
LAN & Web FW
10Mbps per user
24HR Access
BYOD Policy
Restricted VLAN
Email & Web FW
5Mbps per user
M-F 8am-9pm
GUEST Policy
DMZ
Web Only FW
1Mbps per user
M-F 9am-5pm
User Profiles
10
OS Detection
MDM Enrollment
Bonjour Gateway
www Corp
Guest, BYOD
AppleTV(AirPlay)
Printer(AirPrint)
Bonjour
wwwCorp
MDM
QuarantineEnroll
BYOD & MDM Bonjour GW
© 2012 Aerohive Networks CONFIDENTIAL
Security and Authentication Features
Captive Web Portal
11
Wireless Intrusion Prevention
Remote Site Content Security
WIPS
Directory Integration
Private PSK
Multiple CWPs able to serve scalably
from every AP
Multiple users, same SSID - easy but
unique revocable keys
• Authentication support for common directory servers
• Eliminates standalone RADIUS server
• Credential caching for remote/branch survivability
Stateful Inspection FW• MAC (L2) based firewall
• Stateful TCP/IP firewall (L3/L4)
• ALGs for DNS/FTP/SIP
• Policy Based Client Isolation
© 2012 Aerohive Networks CONFIDENTIAL
Cloud-enabled Networking
Routing, VPN and Wired features
12
PoE PoE
• SIP/SCCP/Spectralnk support
• Auto-sensing of IP phones
• 802.1X/Access control
• Dynamic QoS for voice traffic
3G/4G
Unified Wired & Wireless Mgmt
Wi-Fi
Wired
Routing / FW
VPN
Same Policy and Network
Address/L3 Service PoE-PSE, 3G/4G USB
L3 IPSec VPN Robust Voice Support
Branch on Demand
© 2012 Aerohive Networks CONFIDENTIAL
Support
Manage
Monitoring and Reporting Features
13
Cloud Management
Spectrum Analysis
Client Monitor & Packet Capture
Simple GUI
Topology & Location Tracking
PCI Compliance
Monitor
Management Views
© 2012 Aerohive Networks CONFIDENTIAL
Less Operational Costs
Less Infrastructure Costs
Reduced Capex and Opex
14
Client Health Score
Good connection
High data rates & high successful transmission rates
Marginal connection
Lower data rates / lower successful transmission rates
Poor connection
Low data rates / low successful transmission rates
Cloud Management
Zero Touch Provisioning Self Healing
Client Health Score
© 2012 Aerohive Networks CONFIDENTIAL
MANAGEMENT PLAN
• ON PREMISE
• L’azienda cliente acquista gli apparati Aerohive (siano essi Ap e/o branch router) e contestualmente l’Hive Manager Appliance per la gestione degli apparati, che può essere fisica o virtuale.
• Gli apparati sono forniti con un supporto erogato da Aerohive (obbligatorio il primo anno) che garantisce assistenza 8x5 telefonica e tramite mail e sostituzione dell’hardware return to factory.
• Gli apparati sono di proprietà del cliente.
• CO-SOURCING (Gestito Miriade)
• L’azienda cliente acquista il servizio wi-fi Aerohive da Miriade per tre anni, che fornisce al cliente gli apparati e gestisce quest’ultimi tramite la propria Hivemanager Appliance sulla base delle indicazioni, regole e policy fornite dal cliente.
• Mensilmente Miriade fornirà al cliente una accurata reportistica delle attività intervenute tramite la rete wifi Aerohive.
• Miriade fornirà il supporto al cliente in modalità 8x5 e la sostituzione dell’hardware return to factory. Gli apparati rimangono di proprietà di Miriade.
15
Per maggiori info: commerciale@miriade.it
© 2012 Aerohive Networks CONFIDENTIAL
Q & A
16
Domande ?
Enabling Business Beyond the Corporate Network.Secure solutions for mobility, cloud and social media.
The Cloud Security Company
3 Trends Transforming IT
90% - Users work from home or on-the-go50% - Users who BYOD
Smartphones are now the world's dominant computing device.
74% of companies are using cloud apps1 in 5 execs have purchased cloud apps without IT’s knowledge
SaaS applications growing 5x faster than software
75% employees use Facebook at work178: average # of social accounts in the enterprise 30 billion pieces of content shared each month on Facebook.
New IT world requires cloud-based protection
Mobility Cloud Apps Social Media & streaming
IT transformation has turned traditional security (appliances) upside down.Mobile users bypasses appliances to access cloud apps and create policy issues.
The Cloud Security Company
Current Approaches: Lots of Appliances or Backhaul Traffic
©2012 Zscaler, Inc. All rights reserved.
Anti-spamEncryption Directory
HQMobile devices and
users are usually unprotected
To save cost of appliances, customers backhaul traffic to HQ BW cost on MPLS; Latency
• Lots of point products at DMZ• Cost, IT overhead
To get same protection, need to replicate same
appliances at each office gateway
Cost & Complexity
Regional Office
On-the-goHome or Hotel
URL
AV
Zero-day Web 2.0
ReportingData Loss
Too Costly: Acquiring, deploying, managing appliances
Regional Office
Internet
The Cloud Security Company
Zscaler: Secure Internet Gateway
©2012 Zscaler, Inc. All rights reserved.
One Gateway to protect all of your users - on any device, anywhere
Regional Office
Home or Hotspot
World’s largest cloud. Integrated security for Web, Mobile & Email
Business enabler of mobility, cloud and social media safely
HardwareSoftware
HQ
On-the-go
Global Security Check PostEnforce business policy
Nothing good leaks out, nothing bad comes inWeb
SaaS Services
Email Services
Mobile Apps
Internet ServicesMobile & Distributed Workforce
The Cloud Security Company
How it works
©2012 Zscaler, Inc. All rights reserved.
Regional Office
HQ
Internet
Easy to deploy and manage. Enables IT to focus on strategic/architectural issues
MOBILE EMAIL
WEB
Define Policy at a central portal Admin
Forward traffic(Configure FW or router)
Enforce policy bi-directionally
Home or Hotel
Same policy for mobile users
Real-time Visibility
Admin
We provide global infrastructure. You retain full control
The Cloud Security Company
Global Protection by World’s Largest Security CloudPurpose-Built Architecture - Multi-tenant, Distributed
Brain/Nervous system, Policy, Real-time threat updates 1
Onramp to Internet, Executes policy2
Logs consolidated & correlated in real-time4
Policy follows the user to the nearest ZEN3
NanoLog Clusters
ZEN (N)ZEN2Zscaler
Enforcement NodeZEN1
Central Authority
Same policy & protection, near-zero latency for a user anywhere
Multi-tenantUse any Data Center
ShadowPolicyTM
Policy follows the userUltra-fast
Little processing latencyHigh Availability
Failover across DCs
The Cloud Security Company
No HW, no SW, no client-side agent Traffic forwarding
– from the infrastructure – GRE Tunnels, PBR, Proxy chaining– from the workstations – explicit proxy or PAC file (hosted in cloud)– Various ways to enforce Cloud usage
Authentication– Users & groups have to be known by Zscaler for policies & reporting– Hosted User Database or Sync. With AD / LDAP– Registration phase usually requires username & password – only once
» Authentication then is transparent
– SAML / ADFS as an elegant SSO solution for transparent auth.
Deployment considerations
The Cloud Security Company
Why Global 2000 Trust Zscaler Security Cloud
Unparalleled Privacy Guaranteed regional log storage
to meet country or region’s privacy requirements
Data Obfuscation SAS 70 II certified DCs
Secure By Design 100% secure and encrypted
communication cloud-wide 55+ Patents Governing Zscaler’s
Developed Cloud Architecture
Data Privacy & Security
Complete Visibility into Cloud Operations Public dashboard of real-time status
– trust.zscaler.com 300+ Monitors, Every Node, Every
Second
Service Excellence Commitments Real-time Logging, Latency,
Availability Service Level Agreements
Visibility & Transparency
Redundancy at Every Layer Within Datacenter: Clustered
Between Datacenters: 90+ Datacenters Globally with Automatic Traffic Re-Routing
Cloud Wide: Multiple World Class Datacenter and Internet Service Providers
Massive Scale: 150 billion transactions per month
Availability & Scale
Purpose-built architecture for 100% Availability, backed by strong SLAs
The Cloud Security Company
Most Visionary & Market Leader
©2012 Zscaler, Inc. All rights reserved.
…the fastest-growing vendor…
…earned the strongest score in Completeness of Vision…
…cloud has the largest global footprint…
…Zscaler is a very good candidate for most enterprises…
“Zscaler exhibits the qualities of a market penetration leader.”
The Cloud Security Company
Pricing Overview: Web Suites
Zscaler Platform
DLP
BWWeb 2.0URL Filtering
Browser Policy
Adv Threats
AV/AS
Zscaler Platform
URL Filtering
AV/ASPolicy and Reporting
Anti-Virus and Anti-Spyware• Inline ultra-low latency Virus/Spyware
protection• Any file size including multilevel archivesURL Filtering• User, Group or Location level granularity for
Policy• 6 Classes, 30 Super Categories and 90
Categories• Dynamic Content Classification of Unknown
Sites• Ability to modify categories or add new
categories
Package Features
Advanced
Premium
Benefits Cost
Standard Benefits• Complete Inbound/Outbound protection • Enforce Acceptable Usage Policy • Minimize Productivity and Bandwidth
Loss• Real-Time Reporting of Internet Usage by Users, Departments or Locations• Protect all users in office or on the road
Standard Bundle +:Advanced Threats• Zero Day Attacks, Browser Vulnerabilities and
Bots• Web 2.0 threats: XSS, Cookie Stealing, Phishing• Block Anonymizers, P2P, Skype, BitTorrents Web 2.0 Control• Granular control of 100 popular Web2.0 apps:
• Facebook, Gmail, YouTube, etc
Benefits• Protect against latest Web 2.0 threats • Protect employees’ personal information• Detect and block proxy-avoidance tools• Minimize Risk by blocking uncontrolled
apps• Minimize Risk of Infection by enforcing safe browsers and plugins.• Limit risk without affecting productivity:
• Allow only HR to post on LinkedIn• Allow Gmail, but block attachment
Advanced Bundle +:Data Leakage Prevention• Scan all web traffic leaving the organization • Log or Block transactions with confidential data• Scan Microsoft documents, PDFs and Zipped
files• Predefined dictionaries for: Credit Cards, SSN, Source Code, Financial or Medical Statements, Salesforce docs etc.• Predefined Engines for HIPPA, PCI, etc.Bandwidth optimization for specific web appsWeb Access Control• Warn against use of vulnerable browsers/
plugins
Benefits• Minimize risk due to new Web 2.0 apps• Scan all webmails, IM attachments, blog
posts• Add another layer towards compliance to industry or government regulation• DLP policy at user, department, location
level• Real-Time transaction level reports• Ensure Webex is not affected by Youtube
Policy and Reporting
Policy and Reporting
Zscaler Platform
Web 2.0URL Filtering
Adv Threats
AV/AS
The Cloud Security Company
Q&A
Domande ?
Vi ringraziamo per l’attenzione!
Per domande o informazioni:
commerciale@miriade.it
www.miriade.it