Download pdf - Network automation seminar

© 2013 Infoblox Inc. All Rights Reserved.

Matt Gowarty, Senior Product Marketing Manager

Control Your Network with the

Power of Automation

1


($MM)

$35.0

$56.0 $61.7

$102.2

$132.8

$169.2

$0

$20

$40

$60

$80

$100

$120

$140

$160

$180

FY2007 FY2008 FY2009 FY2010 FY2011 FY2012

Total Revenue (Fiscal Year Ending July 31)

Infoblox Overview & Business Update

2

Founded in 1999

Headquartered in Santa Clara, CA

with global operations in 25 countries

Market leadership

• Gartner “Strong Positive” rating

• 40%+ Market Share (DDI)

6,100+ customers, 45,000+

systems shipped

20 patents, 27 pending

IPO April 2012: NYSE BLOX

Leader in technology

for network control


THREAT LANDSCAPE

MOBILE DEVICE

EXPLOSION

CLOUD /

VIRTUALIZATION CONSOLIDATION

SOFTWARE DEFINED

NETWORKS IPv6 TRANSITION

Triggers that are Redefining the Network

3


AP

PS

&

EN

D-P

OIN

TS

END POINTS VIRTUAL MACHINES PRIVATE CLOUD APPLICATIONS

What We Do:

Innovative Technology for Network Control

4

NE

TW

OR

K

INF

RA

ST

RU

CT

UR

E

FIREWALLS SWITCHES ROUTERS WEB PROXY LOAD BALANCERS

CO

NT

RO

L P

LA

NE

Infoblox GridTM

w/ Real-time

Network Database

Historical /Real-time

Reporting & Control


CO

NT

RO

L P

LA

NE

What is the Alternative? A

PP

S &

EN

D-P

OIN

TS

END POINTS VIRTUAL MACHINES PRIVATE CLOUD APPLICATIONS

NE

TW

OR

K

INF

RA

ST

RU

CT

UR

E

FIREWALLS SWITCHES ROUTERS WEB PROXY LOAD BALANCERS

Complexity

Risk & Cost

Agility

Flexibility

QIP MICROSOFT DHCP MICROSOFT DNS VMWARE DNS UNIX BIND

5

SCRIPTS COMMAND LINE


Infoblox Network Automation

6


“Time-to-Value” Inhibited by

Complexity Outpacing Resources

Tasks

Make the infrastructure

more dynamic

Reduce risk

Increase productivity &

network availability

Increasing

Risks, Costs,

Delays

7

Time

Qu

an

tity

/Siz

e

Network Management

Resources

Network Infrastructure

Demands

Network Scale & Complexity


Infoblox Network Automation

8

Discover

Automated Network Discovery Change & Configuration Management

Automate

Compliance & Policy Standardization Maintain

Firewall ACL & Rule Automation Control


Infoblox Network Automation Overview

• Network discovery

• Built-in analysis

• Check against best practices

• Detect issues

• Monitor and manage change

• Automate change

• Maintain compliance

• Provision ACL & rules

Collected Via:

SNMP

CLI/configuration

Syslog

Fingerprinting

Real-time & Historical

Analysis


What’s On and Connected to My Network?

Manual, spreadsheets and/or

scanning tools

– Often out of date

Tight budgets and stretched teams

– Multi-vendor network devices

– Proliferation of IP devices

Ever-changing questions

– What’s on my network?

– Which ports are active?

– Do I need more capacity?

– What device is using which IP?

– When & where did they connect?

10


Automated Network Discovery

Continuous network discovery

– Layer 2 and 3 characteristics

– IP, MAC, port, VLAN mapping

– Track used/free/available switch

ports

End device tracking

– What MAC/end-device connected

– Where and when did they connect

– Find rouge devices and track

blacklist

Automatic IPAM sync

– Single GUI view of end-points with

IPAM

– Up-to-date extensible attributes

11


Keeping Up with Daily Change and Configuration

Extensive manual processes

– CLI

– Scripting

Limited functionality

– Configuration scrapes

– Basic change automation

– Vendor-specific tools

Minimal control & documentation

– Limited work-flow

– Admin or nothing access rights

– Massive files require extensive

manual digging and compiling

12


Change & Change Management

Ongoing management

– Change detection/logging

– Configuration archives

– Simplified searching and side-by-

side comparison

Change automation

– Embedded jobs

– Intuitive templates

– Variable-based jobs

Change control

– User-based access rights

– User-initiated and triggered jobs

– Work flow integration

13


Is My Network Still Compliant?

Different drivers

– External mandates

– Internal security policies

– Networking best practices

Typically reactive

– When something breaks

– When audit is required

Manually intensive

– Massive log files

– CLI access

– Manually collect, aggregate,

tabulate and present findings

14


Compliance & Policy Standardization

Embedded expertise

– Common standards and best

practices

– Easily customizable

– Deployment flexibility

Continuous monitoring

– 24x7 issue detection and notification

– Remediation options

– Network scorecard

Simplified reports

– On-demand reports

– Standard and custom options


So Many Firewalls, So Many Changes, So Little Time

Spike in number of security policy changes

IT headcount not keeping pace

Multiple point products add confusion

Network SLAs impacted negatively

Expensive and diminishes security effectiveness

Manual

Firewall

Change

Needed

Hours/Days Network Provisioning Time

Search For

Devices

1

Figure Out Impacted Devices

2

Determine Correct Config

3

Compare Change to Standards/ Compliance

4

Request Change/

Implement Manually

5

Reconfirm Correctness

and Compliance

6

LEGACY APPROACH TO FIREWALL POLICY CHANGE IMPLEMENTATION


Firewall Rule & ACL Analysis and Automation

Leverage automated discovery

Rule and ACL analysis

– Built-in expertise

– Alert on common firewall issues

– Leverage “simple English” interface

Search and alerting

– Powerful search finds vendor-

specific syntax and commands

– Blacklisting and whitelisting options

Integrated provisioning

– Provision actual changes with

rollback options

– Access-based controls


Automated Task Board &

IPAM Sync

18


Dealing with Common Challenges

Growth in number of common changes

– Add network, turn port up/down, VLAN

assignment, new device install

Multiple people/teams needed for many

tasks – inefficient

– Manual processes and scripts add to

problem

Different team goals and priorities

– “Just because it’s important to you, doesn’t

mean it’s important to me”

Lack of empowerment

– Sit and wait for others

19

DNS – DHCP- IPAM Admins

Network Engineers


Empowering Staff

IPAM sync

– Combine end-point and network

data

– Continuously updated

– Single interface

Automated Task Board

– Simplify common changes

– IPAM and/or network changes

– Add records, hosts, addresses,

etc.

– Create subnets, activate a port,

assign a VLAN

– Delegate down but maintain

control

20


Secure

• Secure hardware form-factor & hardened OS

• Designed to minimize vulnerabilities and

attack surfaces

• Common Criteria certified

Infoblox Value To Our Customer

21

• GridTM technology for fault tolerance,

easy updates and one-click DR

• Optimized for enterprise demand & performance

• Authoritative source for network data Available

• Powerful automation of manual processes

• Reduce change errors & assure compliance

• Save time, money and effort Automated

Automated

Secure Available

Infoblox makes networks more available, secure and automated


Thank You

22