Tb2053 vukson ballarat_grammar_final

© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.


Ballarat GrammarChanging the way we learnJoe Vukson (HP) and Greg Bell (Ballarat Grammar) , 2012

© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.3

Bring Your Own Device Cannot Be Ignored

90%net-new growth in device adoption in the coming four years represented by smartphones and tablets1

Impact on IT staff

Over

4.5 billionpersonal client devices will be on the network in 20152

Pervasive mobility

34%of CIOs think employees are accessing the network with personal devices3

Employee-owned IT personalization

OnlyApproximately

1 Gartner: Gartner’s Top Predictions for IT Organizations and Users, 2012 and Beyond: Control Slips Away (23 November 2011)2 IDC: The Empowered IT User: How Individuals Are Using Technology and Redefining IT (March 2012)3 IDC White paper sponsored by Unisys, 2011 Consumerization of IT Study: Closing the “Consumerization Gap” July 2011


Top Three Most Wanted BYOD Capabilities

SANS Mobility/BYOD Security Survey March 2012

Centralized functionality

Logging monitoring and reporting

Ease of deployment


Implementation strategies for BYOD

• There is a need to treat the traffic differently depending on who/what/when/where

• Determine if the device is company issued or employee owned

• Identify solutions that work support both client access control software and clientless devices

• Implement posture checking, remediation and remote wiping

• Define and deploy security policies at the network access layer

Implementation strategies for BYOD embrace or contain?

High

Low

Value to business

Security “pressure”Low High

Source: Gartner: NAC Strategies for Supporting BYOD Environments (22 December 2011)


Access Control Technologies

User Authentication

Device Authentication

Device Health


Endpoint dependent

Insecure

CLI-based management

Designed for IT-managed endpoints with one user and location type and prohibit employee personalization

Architected for a well-defined network perimeter, elevating network IT risk from mobile devices

Multiple, disaggregated consoles and a dependency on CLI and scripting slow service provisioning, increase errors, and introduce security risk

Legacy Networks Limit BYOD Adoption

Designed for wired

Designed for 3-tier networks where wireless was optional


Monitor and controlUnified network support

Ensuring Wired & Wireless Networks are Ready for BYODPrimary building blocks for an effective BYOD solution

Identity-aware access• User credential and

device based identity

• Simple and secure on-boarding process

• AAA support for compliance

• Seamless wired and wireless policy

• Increased wireless client range and density support

• Higher wired aggregation bandwidth

• Device level application visibility and reporting

• Ability to quarantine and blacklist malware infected client

• Enhanced security for sensitive applications

A BYOD solution must be easy to deploy with centralized management, visibility and control


Device agnostic

Secure

Unified orchestration

Identification and control of any device, wired or wireless, IT-issued or personal

Assured security for network and application access for users regardless of their location

Simplified orchestration for unified wired and wireless networks with single pane-of-glass management

HP BYOD Delivers

Optimized for wireless

Simpler network designs for assured scalability of wireless LANs


“We want all of our students online, all of the time…providing the best access we can, while enforcing school policy! ”Ballarat GrammarBallarat, Australia


Ballarat GrammarBallarat, Australia

• 1300 students K-12• 250 boarders• 20 staff live on campus• 500 desktops, 120 tables, 800

netbooks• BYOD – student/staff owned

devices (iOS, Android, webOS, Wintel, Mac)


Achievements as a school

Ballarat Grammar

• 2011 Academic Achievement Honors• Achieved 82.75 Median ATAR

score• 55% of all Ballarat Grammar

students achieving ATAR’s over 80 (in Australia’s top 20% scores)• 13 students achieving ATAR’s

over 97


Highest achievement of an individual student

Ballarat Grammar

Ashray Rajagopalans ATAR of 98.8 was the highest score across all schools in region. At 16 he has: • Completed his VCE studies in Chemistry,

Physics, Specialist Mathematics, Mathematical Methods, and French. • Completed Mathematics Extension at

Monash University with High Distinctions.• He plays violin and piano• Co-convenor of Grammar’s Round

Square Environment Committee and Amnesty International Focus Group.


Guest devicesStudent devices

Changing the Way We LearnEnabling access for all devices

Staff devices

• 120 managed mobile devices wired and wireless

• 70+ managed desktop devices

• 100+ unmanaged wireless devices

• 120+ Mittel IP phones

• 800+ managed mobile devices

• 400+ managed desktop devices

• 1000+ unmanaged devices

• Any device

• Wireless only

• Access to internet & print



The resultSolution: SNAC

Changing the Way We LearnEnabling access for all devices

Management: IDM

• 802.1X (EAPTLS and PEAP) AD groups for

• Staff User accounts

• Student desktop computers

• Student netbooks

• Student BYOD

• Mittel IP phones

• Xerox MDF’s

• Other network devices

• NAC on every edge switch port

• One wireless network

• Flexibility

• Full reporting



“We worked with Fotios, our HPN Solution Architect, who gave us a superb production solution, that made IDM work harder to give us exactly what we need to manage every device on the network”Greg Bell, Ballarat Grammar


Unified BYOD SolutionUser, network, security and application policy management

• Secure network access for user-owned devices• Highly secure client control• Self registration for client-owned

• Unified wired and wireless management• Consistent device policy management• Network policy mapped to user profiles

• Unified monitoring and application access• User and traffic analysis• Integrated compliance management

Monitoring

Provisioning

On-boarding


Orchestrating user-to-network-to-application

BYOD Solution Architecture

Authentication

Device agnostic

Network agnostic

User security check

Employee Guest

Time aware

Locationaware

Authorization Audit

Traffic monitoring

Userbehavior

UserSelf-service

Monitoring Provisioning

Policy enforcement based on level of trust

Traffic and User behavior Analysis

User registrationDevice profiling

On-boarding


Simplicity is What the Students See


BYOD Administrative Process

I’d like access.

Who are you?

Identity authentication1 Authorized user

Device authentication2

Is your device compliant?

Authorization

3Clean

Unclean

Quarantine area

Assigned to VAN

Corporate network

Behavior monitoring

4

Ongoing compliance management


Single Pane-of-glass Management

• Seamless wired and wireless network management

• BYOD user and device management

• Security policy provisioning and enforcement

• Network traffic monitoring

• User behavior analysis by user and device type

• Posture check and agent control

Combined infrastructure and access management for BYOD, wired and wireless


Delivering BYOD with Intelligent Management Center Access control and security management without compromise

IMC security control center

IMC

Pla

tform

User

Access

Manager

Endpoint

Access

Defense

Threat mgmt.

Provisioning

Authentication

Secu

rity

mgm

t.

Add-on Modules


IMC – integrated endpoint security

• Combines access control modules with network management capabilities

• Provides single tool for setting security policies and viewing user behavior

• Transparent monitoring

• Provides value-add modules for setting and enforcing endpoint security

• Tailor solutions with value-add modules

Combined infrastructure and access management

User Access Manager (UAM)Endpoint Admission Defense (EAD)User Behavior Analysis (UBA)Desktop Asset Management (DAM)Optional: Inode persistent or dissolvable client


HP IMC Security Suite – Unified Access Manager

User

Access

Manager

• Integrated and collaborative• Unified network and user policy management, from the device to the data center

•Pervasive security• Heterogeneous device support • Client-based and clientless device authentication

•Greater visibility and control• Stricter access control through policy options• Blacklist, resource and bandwidth monitoring and logging

•Scalable services• Native interoperability between modules (e.g., ACL mgr, user behavior analysis module)•Works with 3rd party “push” software


HP IMC Security Suite – Intelligent Threat Defense

Endpoint

Access

Defense

•Control of who and what’s on your network• Heterogeneous support for both user and network devices• Granular controls of both users and groups• Client-based and clientless device authentication

•Simple and granular management• Multiple configurable policy options• Blacklist, resource and bandwidth monitoring, logging

• Easy to use interface with robust access• Complete module interoperability• Works with 3rd party “push” software

•Management of users, policy, devices in one place• Role and group configurable provisioning• Flexible deployment and management options


Enabling Guest Access

•Allows authorized employees to enable guest user access

•Frees IT staff to concentrate on strategic tasks

•Designed to be operated by non-technical staff

•Temporary credentials self destruct on expiration

•Can be used to create printable vouchers

• Included with controller purchase


HP Converged Wired and Wireless Infrastructure

• Leading wireless solution

• Deliver near gigabit-speed connect rates to Wi-Fi client

• Optimized architecture eliminating bottlenecks

• 3 spatial stream dual-radio APs offer greater density

• Advanced spectrum management with band steering

•Next generation core for campus

• Up to 6336 Wireless-N APs at line-rate vs 1012 on Cisco

• Stream the entire Netflix library - simultaneously

• Over 240K simultaneous 1080p video-conferences

• HP IRF for simpler, flatter, more agile networks


HP Mobility Leadership and InnovationKey Milestones Details#2 Worldwide vendor in Wireless LAN shipments

• 773,000+ units shipped globally in CY2011

Optimized architecture – part of FlexNetwork -

FlexCampus, FlexBranch – IMC (Intelligent Management Center with IDM (Identity Driven Manager) plug in.

• Maximum flexibility in supporting mobile business applications today and in the future at the lowest TCO

• Intelligence is pushed from the mobility controller to the AP. Centralized or Distributed traffic capability – fault protection

MSM460/466/466-R• First in the industry to offer near Gigabit Ethernet (Dual

450Mb/s radios) WLAN client access

MSM317

• First in the industry to offer a multi function communication access device – wireless & wired port connectivity, Telco connection, PoE pass through port

• In-room solution delivering advanced IP services

Multi-media application support • Multicast patent, Application based QoS

Industry leading Wireless Security (IDS/IPS)

• Maximum threat detection with the lowest number of false positives (RF Manager + MSM415 dedicated sensors)


Optimized WLAN Architecture

Centralized access control Distributed forwarding

Accesspoints

MSMcontroller

Access switch

Distributed forwarding with centralized authentication

Accesspoints

MSMcontroller

Access switch

Accesspoints

MSMcontroller

Access switch

Authentication TrafficUser Traffic

Corporatenetwork

Corporatenetwork

Corporatenetwork


Wireless Management

Delivers unified wired and wireless management with Wireless Services Manager (WSM) from one platformDiscover wireless access points (AP) and connected clientsEnsure consistency with AP configuration backupMap your wireless network• How the wireless access points is

connected?• Where wireless devices are physically

located?

Develop a more effective wireless network with heat map capabilities

MaryMAC: 00:24:d6:94:d7:52

Where are your APs?

How strong

are the APs?

Who’s connected?


Mobility Portfolio

MSM100 Series

Single Radio, Indoor, PoE

MSM300 Series

Single, Dual & Triple Radio 11a/b/g, PoE

MSM400 Series

Single & Dual Radio 11n 3x3, PoE

MSM 710 Controller

10 AP’s and 100 Guests

MSM 760 Controller

40-200 AP’s and 2000 Guests

MSM 765zl Controller

40-200 AP’s and 2000 Guests

Mobility Manager 3.0

Device Management Tool

RF Planner 5.0

Frequency coverage planning tool

RF Manager 6.0

Wireless IDS/IPS for A & series

Infrastructure ControlControllers Access points

Management, WLAN Bridges Security

Client Bridge

Client Bridge a/b/g

Outdoor Bridge

Dual Radio Outdoor Bridge a/b/g/n

MSM 317

Single Radio 11b/g, Wall Jack, PoE

Guest Management Software

Guest Access and Control

MSM 415 RF Sensor

RF Security Sensor a/b/g/n, PoE

IDM Identity Driven Manager

Access Control Policy Management

MSM720 Controller

10-40 APs and 250 Guests

http://www.google.com/products?hl=en&q=hp+procurve+msm410+access+point&um=1&ie=UTF-8&ei=IJ1tTOW9D4O0lQfxmLWlDQ&sa=X&oi=product_result_group&ct=image&resnum=3&ved=0CDQQzAMwAg

http://www.google.com/products/catalog?hl=en&q=msm710+mobility+controller&um=1&ie=UTF-8&cid=3061965931434748310&ei=LHptTMH4M8WqlAe-memmDw&sa=X&oi=product_catalog_result&ct=image&resnum=3&ved=0CCUQ8gIwAg

http://www.google.com/products?hl=en&q=msm760+access+controller&um=1&ie=UTF-8&ei=tXxtTMTyNoOClAeF2eCoDQ&sa=X&oi=product_result_group&ct=image&resnum=3&ved=0CDQQzAMwAg

http://h10144.www1.hp.com/products/wireless/HP_ProCurve_Client_Bridge_Series/overview.htm

http://www.google.com/products?hl=en&q=hp+procurve+msm410+access+point&um=1&ie=UTF-8&ei=IJ1tTOW9D4O0lQfxmLWlDQ&sa=X&oi=product_result_group&ct=image&resnum=3&ved=0CDQQzAMwAg


Unified BYOD solution with HP and F5

Creating Device & Access-agnostic Networks

Single pane-of-glass management with IMC

• HP Intelligent Management Center• Integrated network and user policy management

• Unified wired and wireless network management

• Unified Access Manager (UAM)

• Endpoint Admission Defense (EAD)

• Secure client for Windows, Linux, MacOS (iNode)

• Post-admission network behavior monitoring (UBA)

• F5 BigIP• Integrated application access control

• End-point inspection and compliance management

• Context aware ACLs

• Full proxy services (Exchange, VDI, etc)

• SSL VPN client for Android, iOS, BB, Win, MacOS, Linux

Monitoring

Provisioning

On-boarding

BYOD

Coming Soon


Device and network agnostic access for any user

Enable BYOD with Virtual Application Networks

Unified user policy, network and application access control

Seamless on-boarding for any device

Simplified provisioning minimizes disruption in user productivity

Single pane-of-glass management for wired and wireless

Ensure choice with open, standards-based approach


Thank you