Mais conteúdo relacionado Semelhante a Bo d customer_presentation-q2-2012 (20) Bo d customer_presentation-q2-20121. Aerohive
Branch on Demand
Customer Presentation
© 2012 Aerohive Networks CONFIDENTIAL
2. Aerohive: Simpli-Fi
Redefining Enterprise Access
Unified policy and Service and resource Contextual, identity-
security mgmt from aware, self organizing enforced, secure
the cloud networks access
Wi-Fi
Same
Policy and
Network
Wired
Routing / FW
VPN
Easy, Operationally Inexpensive Scalable, Reliable Secure, Flexible
Simpli-Fi Complex Enterprise Networking
Innovative implementations - solving real customer issues
© 2012 Aerohive Networks CONFIDENTIAL
3. Branch Office Options
How does an IT organization scale to meet the needs of
today’s evolving “Branch”?
SSL VPN Consumer Traditional
Off-the-Shelf Enterprise
Pros: Pros:
Pros:
• Inexpensive • Centralized
• Works great for a single
• Wired/Wireless Support Management with
client
consistent policy
Cons:
Cons:
• No centralized Cons:
• Per-connection licensing
management • Start around $1000
• Client for VoIP phones?
• Requires expensive head- • Requires expensive
• No consistent policy
end solution head-end solution
• No consistent policy • Pre-staging required
© 2012 Aerohive Networks CONFIDENTIAL 3
4. Branch Office Solutions
Traditional Approach Branch on Demand
1-Page!
30 Pages !!!!
Connect.
User
Discover.
End User
Guide
Provision.
Guide
Go!
"Our challenge is enterprise
routing at the low end“
- John Chambers, Nov 10th,
2011
~$1000 ~$700
© 2012 Aerohive Networks CONFIDENTIAL 4
5. Introducing the BR200
Single Radio 3x3:3 11abgn 5X 10/100/1000 2X PoE PSE
BR200 adds full Aerohive Wi-Fi
• Spectrum Analysis
• WIPS
BR-200 WiFi PoE
BR-200-WP 3x3 WiFi 2x PoE PSE
BR-200 None None
© 2012 Aerohive Networks CONFIDENTIAL
6. Branch On Demand
• Delivers “Headquarters-like” secure wired/wireless network
to every user regardless of location.
› Delivered to site – no pre-staging required
› Automated, cloud-enable provisioning
› Automated IP Address Management
• Simplifies branch office deployments by redefining the
economics, control, and performance of branch office and
teleworker access
› Easy cloud-enabled management, configuration, and visibility
› Integrated VPN, RADIUS, Spectrum Analysis, and WIPs in a low-
cost device (BR200-WP)
› Unified wired and wireless policy and visibility
› No truck rolls or technicians required to install
© 2012 Aerohive Networks CONFIDENTIAL
7. Expanding Branch on Demand – BR200
• Aerohive expands enterprise networking portfolio
› BR200 and BR200-WP extend branch office deployments with
compact, cloud- enabled routers that are engineered for
enterprises that are big on security and performance.
• Simplifies branch office deployments
› Integrated VPN, RADIUS, Spectrum Analysis, and WIPs in a low-
cost device
› Easy cloud-enabled management, configuration, and visibility
© 2012 Aerohive Networks CONFIDENTIAL 7
8. Components of Branch on Demand
1 Cloud Services Platform 3 Cloud VPN Gateway
2 Aerohive Branch Routers 4 Cloud Web Security
1
HiveManager
Online
BR200
2 BR100
3
IPsec VPN
AP350 Cloud VPN
AP330 Gateway
4
© 2012 Aerohive Networks CONFIDENTIAL
9. Consistent Policy, Security, and Permissions
Corp Internet
@ Corporate @ Branch @ Home
Personal
iPhone
Work
Laptop
Work Home
Guest Guest Laptop Printer
Work Personal
Laptop Laptop Corp VoIP Laptop Personal
iPhone
Phone iPhone
© 2012 Aerohive Networks CONFIDENTIAL 9
10. Deployment Scenarios - Enterprise Branch
HQ
Cloud VPN
Gateway
3G/4G
(VPN Primary/Backup
Concentration)
BR200
Cloud Service Platform Internet
Printing available
HiveManager Online to all VLANs using
Bonjour Gateway
with the APs
Guest
Access
HQ Access via VPN
& HTTP via Cloud
© 2012 Aerohive Networks CONFIDENTIAL Security 10
11. Deployment Scenarios - Retail Branch
HQ
Cloud VPN
Gateway
3G/4G
(VPN Primary/Backup
Concentration)
BR200-WP
Cloud Service Platform Internet
HiveManager Online
Guest
Access HQ Access via
VPN & Internet
via Cloud
Security
PCI
© 2012 Aerohive Networks CONFIDENTIAL 11
12. Deployment Scenarios - Healthcare
HQ
Cloud VPN
Gateway
3G/4G
(VPN Primary/Backup
Concentration)
BR200
Cloud Service Platform Internet
Printing available
HiveManager Online to all VLANs using
Bonjour Gateway
with the APs
Guest
Access
Clinical and
© 2012 Aerohive Networks CONFIDENTIAL Admin Access 12
13. Branch Connectivity with HQ Experience
DEVICE
• Mobility/Wireless control and • Identity-based Policy
intelligent Enforcement
› Wi-Fi, Survivability, Resiliency › Mobile Device access controls
• Routing and Networking › Quality of service
› VPN, Ethernet, WAN Backup • Management and Visibility
• Address/L3 Service › Client stats and connection
health reports
› IP Address Management, DNS, › Wi-Fi information, client health,
DHCP spectrum info, Rogue AP
• Security and Authentication › VPN stats
Services › Compliance reporting
› Stateful Firewall, › Topology detail
Authentication, Radius, 802.1x
› Problem remediation: Remote
› L4-7 protection (per corporate packet capture, SLA
policy) compliance
CLOUD
© 2012 Aerohive Networks CONFIDENTIAL 13
14. Aerohive Routing Product Line
*
Cloud VPN
BR 100 BR 200 HiveAP 330 HiveAP 350 Gateway
Single Radio Dual Radio L3 IPSec
VPN
Gateway
1x1 11bgn 3x3:3 450 Mbps 11abgn (VMware)
5-10 Mbps ~500 Mbps
30-50Mbps FW/VPN
FW/VPN VPN
5X 1000
5X 10/100 2X 10/100/1000 Ethernet
10/100/1000 Tunnels
2 Virtual
0 PoE PSE 2X PoE PSE 0 PoE PSE
Interfaces
© 2012 Aerohive Networks CONFIDENTIAL * Also available as a non-Wi-Fi/non-PoE device 14
15. BR100 vs BR200
BR100 BR200/BR200WP
5x FastEthernet 5x Gigabit Ethernet
1x1 11bgn (2.4Ghz) single radio 3x3:3 11abgn dual-band single radio (WP model)
No integrated PoE 2x PoE PSE 30W (in WP model)
5-10Mbps FW/VPN Throughput 30-50Mbps FW/VPN Throughput
No Spectrum Analysis Integrated Spectrum Analysis (in WP model)
Basic Rogue Detection Full Aerohive WIPS (in WP model)
External RADIUS/AD Support only Integrated Aerohive RADIUS, proxy, and AD
Monitoring via HiveManager only Monitoring via HM or external log servers
© 2012 Aerohive Networks CONFIDENTIAL 15
16. Deliver High Quality VoIP to Remote Users
• Deploy high-quality, hassle-free voice to
remote users.
• Control VPN costs with no SSL VPN
license per device.
• SIP/SCCP/Spectralnk support
• Auto-sensing of IP phones
• 802.1X/Access control
• Dynamic QoS for voice traffic
© 2012 Aerohive Networks CONFIDENTIAL
18. Simpli-Fi Configuration
How Many Sites do I need? What config should they get
when they phone home?
© 2012 Aerohive Networks CONFIDENTIAL 18
19. Simpli-Fi Unified Wired and Wireless Policy
Add Wireless SSIDs
and apply the User
Profile
Object-based
management
allows same
network and
permissions for
Employees
regardless of
connection type!
Add Wired access
permissions with the
User Profile
© 2012 Aerohive Networks CONFIDENTIAL 19
20. Websense Cloud Security Partnership
Protecting your business requires security for all users no matter
where they are or how they access the Internet
The Challenge
• Stopping modern malware requires more than AV and
firewall
• Leaving remote users unprotected is downright
dangerous
Branch
• Tunneling Web traffic through headquarters is slow and
expensive
The Solution
Cloud-based Web Security
for all Remote Users
Branch Routers Hosted Web Security Gateway
© 2012 Aerohive Networks CONFIDENTIAL 20
21. Cloud Proxy – How does it work?
Expanding our Cloud Services Platform to Enhance Security
Traffic is forwarded with
client identity to the cloud
4 security partner and
processed based on
identity
Aerohive BR confirms traffic Aerohive BR checks if
is not destined for resources 3 2 client network is
across the tunnel and not configured to use
whitelisted as trusted web security
1 Client makes a
HTTP/HTTP request
© 2012 Aerohive Networks CONFIDENTIAL
23. Simpli-Fi Management of Remote Locations
Centralized Whole Network Visibility
© 2012 Aerohive Networks CONFIDENTIAL 23
24. Branch on Demand Competitive
Cisco Virtual Office VBN Branch Solution Branch On Demand
Branch
Router/ +
Wi-Fi
Cisco 8xx RAP 2 & 5 AP and SRX 100 HiveAPs & BRs
VPN
Gateway
Cisco ASA MMC 6000 SRX 3400 Cloud VPN GW
Management
Configuration Engine Airwave &
and WLAN Mgmt Amigopod NSM + STRM HiveManager
Policy Policy Enforcement
FW License
Server
Access Control
UAC
and Security Mgr
Security Suite
Remote AP
Licenses Content Security
WIPS/Spectrum
License Manager
Controller
Wireless LAN
Controller Branch Controller
© 2012 Aerohive Networks CONFIDENTIAL 24
25. Summary
• Consistent Policy everywhere wired or wireless
• Zero-touch provisioning; Automatic Configuration
• Remote visibility reduces Operational Expenses
Cloud-enabled Networking
Using cloud services to unlock efficiencies never before
possible with traditional network architectures
© 2012 Aerohive Networks CONFIDENTIAL 25
Notas do Editor Aerohive's control plane is user-state and policy oriented and is designed to run across multiple types of devices so that routing, firewall, wireless and switching are in sync. Value slideIndustry’s only Network Infrastructure-as-a-Service (IaaS) for branch offices and teleworkers Connected clients – hostname, IP, permissions, and length of time connectedBasic WiFi info – such as channel, power, interference, CRC errors, etcVPN Tunnel latency, throughput, and uptimeCompliance Reporting (PCI, HIPAA)Topology Maps with coverage detailClient Monitoring with Client Health and SLARemote Packet CaptureRemote RADIUS authentication testing (you can actually test the RADIUS auth across the tunnel)VLAN Probing to confirm subnets are working from remote locationSpectrum analysis (in a future release)Rogue APs (in a future release)Aerohive SLA with automated problem remediation (BR200 CPE required) ADD CLOUD VPN GATEWAY (CVG) Cloud Proxy is one of the important mechanisms that make out cloud system a platform. It allows us to seamlessly provision with HMOL and integrate with other cloud services Ongoing operational and visibility summary on here