Upload
davesurreal
View
251
Download
0
Tags:
Embed Size (px)
DESCRIPTION
Citation preview
© 2012 Aerohive Networks CONFIDENTIAL
Aerohive Branch on Demand
Customer Presentation
© 2012 Aerohive Networks CONFIDENTIAL
Aerohive: Simpli-Fi
Unified policy and security mgmt from the cloud
Service and resource aware, self organizing
networks
Contextual, identity-enforced,
secure access
Wi-Fi
Wired
Routing / FW
VPN
Same Policy and Network
Redefining Enterprise Access
Innovative implementations - solving real customer issues
Easy, Operationally Inexpensive
Scalable, Reliable Secure, FlexibleSimpli-Fi Complex Enterprise Networking
© 2012 Aerohive Networks CONFIDENTIAL
Branch Office Options
How does an IT organization scale to meet the needs of today’s evolving “Branch”?
3
Pros: • Works great for a
single client
Cons: • Per-connection
licensing• Client for VoIP phones?• No consistent policy
Pros: • Inexpensive• Wired/Wireless
Support
Cons: • No centralized
management• Requires expensive
head-end solution• No consistent policy
Pros: • Centralized
Management with consistent policy
Cons: • Start around $1000• Requires expensive
head-end solution• Pre-staging
required
SSL VPN Consumer Off-the-
Shelf
Traditional Enterprise
© 2012 Aerohive Networks CONFIDENTIAL
Branch Office Solutions
4
"Our challenge is enterprise routing at the low end“
- John Chambers, Nov 10th, 2011
~$1000
1-Page!
Connect.
Discover.
Provision.
Go!
~$700
User GuideEnd User Guide
30 Pages !!!!
Traditional Approach Branch on Demand
© 2012 Aerohive Networks CONFIDENTIAL
Introducing the BR200
Single Radio 5X 10/100/1000 2X PoE PSE3x3:3
11abgn
BR200 adds full Aerohive Wi-Fi• Spectrum Analysis• WIPS
BR-200 WiFi PoE
BR-200-WP 3x3 WiFi 2x PoE PSE
BR-200 None None
© 2012 Aerohive Networks CONFIDENTIAL
Branch On Demand
• Delivers “Headquarters-like” secure wired/wireless network to every user regardless of location. › Delivered to site – no pre-staging required› Automated, cloud-enable provisioning› Automated IP Address Management
• Simplifies branch office deployments by redefining the economics, control, and performance of branch office and teleworker access› Easy cloud-enabled management, configuration, and visibility› Integrated VPN, RADIUS, Spectrum Analysis, and WIPs in a low-
cost device (BR200-WP)› Unified wired and wireless policy and visibility› No truck rolls or technicians required to install
© 2012 Aerohive Networks CONFIDENTIAL
Expanding Branch on Demand – BR200
• Aerohive expands enterprise networking portfolio› BR200 and BR200-WP extend branch office deployments
with compact, cloud- enabled routers that are engineered for enterprises that are big on security and performance.
• Simplifies branch office deployments› Integrated VPN, RADIUS, Spectrum Analysis, and WIPs in a
low-cost device› Easy cloud-enabled management, configuration, and
visibility
7
© 2012 Aerohive Networks CONFIDENTIAL
Components of Branch on Demand
Cloud Services Platform1
IPsec VPN
HiveManager Online
1
Aerohive Branch Routers2
Cloud VPN Gateway3
Cloud Web Security4
BR200BR100
AP330AP350
2
Cloud VPN Gateway
3
4
© 2012 Aerohive Networks CONFIDENTIAL
Internet
Consistent Policy, Security, and Permissions
9
Corp
@ Home
Home Printer
Work Laptop
Personal iPhone
@ Corporate
Personal iPhone
Work Laptop
Guest Laptop
@ Branch
Corp VoIP Phone
Work Laptop
Personal iPhone
Guest Laptop
© 2012 Aerohive Networks CONFIDENTIAL
Internet
HiveManager Online
HQ
BR200
Cloud VPN Gateway(VPN
Concentration)
Cloud Service Platform
Deployment Scenarios - Enterprise Branch
10
HQ Access via VPN & HTTP via Cloud
Security
3G/4G Primary/Backup
GuestAccess
Printing available to all VLANs using Bonjour Gateway with the APs
© 2012 Aerohive Networks CONFIDENTIAL
Internet
HiveManager Online
HQ
BR200-WP
Cloud VPN Gateway(VPN
Concentration)
Cloud Service Platform
Deployment Scenarios - Retail Branch
11
HQ Access via VPN & Internet
via Cloud Security
3G/4G Primary/Backup
PCI
GuestAccess
PoE
PoE
© 2012 Aerohive Networks CONFIDENTIAL
Internet
HiveManager Online
HQ
BR200
Cloud VPN Gateway(VPN
Concentration)
Cloud Service Platform
Deployment Scenarios - Healthcare
12Clinical and
Admin Access
3G/4G Primary/Backup
GuestAccess
Printing available to all VLANs using Bonjour Gateway with the APs
© 2012 Aerohive Networks CONFIDENTIAL
Branch Connectivity with HQ Experience
• Mobility/Wireless control and intelligent› Wi-Fi, Survivability, Resiliency
• Routing and Networking› VPN, Ethernet, WAN Backup
• Address/L3 Service› IP Address Management, DNS,
DHCP• Security and
Authentication Services› Stateful Firewall,
Authentication, Radius, 802.1x› L4-7 protection (per corporate
policy)
• Identity-based Policy Enforcement› Mobile Device access controls› Quality of service
• Management and Visibility› Client stats and connection
health reports› Wi-Fi information, client health,
spectrum info, Rogue AP› VPN stats› Compliance reporting › Topology detail› Problem remediation: Remote
packet capture, SLA compliance
13
DEVICE
CLOUD
© 2012 Aerohive Networks CONFIDENTIAL
Aerohive Routing Product Line
14
BR 100 BR 200 HiveAP 330 HiveAP 350
Single Radio Dual Radio
2X 10/100/1000 Ethernet
5-10 Mbps FW/VPN 30-50Mbps FW/VPN
1x1 11bgn 3x3:3 450 Mbps 11abgn
5X 10/100 5X 10/100/1000
0 PoE PSE0 PoE PSE 2X PoE PSE
*
* Also available as a non-Wi-Fi/non-PoE device
L3 IPSec VPN
Gateway (VMware)
~500 MbpsVPN1000
Tunnels2 Virtual
Interfaces
Cloud VPN Gateway
© 2012 Aerohive Networks CONFIDENTIAL
BR100 vs BR200
15
BR100 BR200/BR200WP
5x FastEthernet 5x Gigabit Ethernet
1x1 11bgn (2.4Ghz) single radio 3x3:3 11abgn dual-band single radio (WP model)
No integrated PoE 2x PoE PSE 30W (in WP model)
5-10Mbps FW/VPN Throughput 30-50Mbps FW/VPN Throughput
No Spectrum Analysis Integrated Spectrum Analysis (in WP model)
Basic Rogue Detection Full Aerohive WIPS (in WP model)
External RADIUS/AD Support only Integrated Aerohive RADIUS, proxy, and AD
Monitoring via HiveManager only Monitoring via HM or external log servers
© 2012 Aerohive Networks CONFIDENTIAL
Deliver High Quality VoIP to Remote Users
• Deploy high-quality, hassle-free voice to remote users.
• Control VPN costs with no SSL VPN license per device.
• SIP/SCCP/Spectralnk support• Auto-sensing of IP phones • 802.1X/Access control• Dynamic QoS for voice traffic
© 2012 Aerohive Networks CONFIDENTIAL
Network management for your whole network
17
© 2012 Aerohive Networks CONFIDENTIAL
Simpli-Fi Configuration
18
How Many Sites do I need?
What config should they get when they phone home?
© 2012 Aerohive Networks CONFIDENTIAL
Simpli-Fi Unified Wired and Wireless Policy
19
Add Wireless SSIDs and apply the User Profile
Add Wired access permissions with the User Profile
Object-based management allows same network and permissions for Employees regardless of connection type!
© 2012 Aerohive Networks CONFIDENTIAL
Branch
Websense Cloud Security Partnership
The Challenge• Stopping modern malware requires more than
AV and firewall• Leaving remote users unprotected is downright
dangerous• Tunneling Web traffic through headquarters is
slow and expensive
The Solution
Branch Routers Hosted Web Security Gateway
Cloud-based Web Security for all Remote Users
20
Protecting your business requires security for all users no matter where they are or how they access the Internet
© 2012 Aerohive Networks CONFIDENTIAL
Cloud Proxy – How does it work?
1 Client makes a HTTP/HTTP request
2 Aerohive BR checks if client network is configured to use web security
3Aerohive BR confirms traffic is not destined for resources across the tunnel and not whitelisted as trusted
4Traffic is forwarded with client identity to the cloud security partner and processed based on identity
Expanding our Cloud Services Platform to Enhance Security
© 2012 Aerohive Networks CONFIDENTIAL
Simpli-Fi Deployment
22
Connect
Discover
Provision
GO!
© 2012 Aerohive Networks CONFIDENTIAL
Simpli-Fi Management of Remote LocationsCentralized Whole Network Visibility
23
© 2012 Aerohive Networks CONFIDENTIAL
Branch on Demand Competitive
24
Branch Router/Wi-Fi
VPN Gatewa
y
Management
Policy Server
Licenses
Controller
HiveAPs & BRs
Cloud VPN GW
HiveManager
Branch On Demand
+AP and SRX
100
SRX 3400
NSM + STRM
UAC
Branch Solution
License Manager
Cisco 8xx
Cisco ASA
Configuration Engine and WLAN
Mgmt
Access Control and Security Mgr
Wireless LAN
Controller
Cisco Virtual Office
VBN
Policy Enforcement FW License
Remote AP Content SecurityWIPS/Spectrum
Security Suite
RAP 2 & 5
MMC 6000
Airwave &Amigopod
Branch Controller
© 2012 Aerohive Networks CONFIDENTIAL
Summary
25
• Consistent Policy everywhere wired or wireless• Zero-touch provisioning; Automatic Configuration• Remote visibility reduces Operational Expenses
Cloud-enabled NetworkingUsing cloud services to unlock efficiencies never before possible with traditional network architectures
© 2012 Aerohive Networks CONFIDENTIAL
THANK YOU!