WIXLIB

Novinky v HPE/Aruba portfolio,výhody společného nasazeníswitchů s WiFiDaniel Fertšák - Systems Engineer05.04.2018

Wired and Wireless LAN Access InfrastructureGartner Magic Quadrant 2017Market Leader 12 Years Running1Airhead Community 65KStrong & Growing!Aruba’s 12 years of placement includes HPE (Aruba) in the Magic Quadrant for the Wired & Wireless LAN Access Infrastructure from 2015-2017 (3 years),Aruba Networks in the same Magic Quadrant from 2012-2014 (3 years) and in the Magic Quadrant for Wireless LAN Access Infrastructure from 2006-2011(6 years).1This graphic was published by Gartner, Inc. as part of a larger research document and should be evaluated in the context of the entire document. The Gartner document is available upon request fromAruba, a Hewlett Packard Enterprise company. Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select onlythose vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact.Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties or merchantability or fitness for a particular purpose.Source: Gartner Magic Quadrant for the Wired and Wireless LAN Access InfrastructureOctober 2017. Tim Zimmerman, Christian Canales, Bill MenezesID Number: G00316060

Aruba Mobile First Architektura360 Secure FabricIT SERVICESBUSINESS AND USER FACING NTLOCATIONSOFTWAREPLATFORMAruba OSAirWaveCentralNetInsightVIA CLIENTWi-Fi BLE TAGSREMOTE INFRASTRUCTUREWIREDCORE/AGGWANMobile First Secure Open Insightful and Autonomous

Wired Network Infrastructure

Aruba síťová strategie – synergie mezi dráty a bezdrátySjednocené politiky Authentication and setting policy using ClearPass Policy ManagerUser onboarding and guest access with ClearPass Policy ManagerSimplify policy management and configuration with User RoleKonzistentní uživatelská zkušenost Per port tunneling of all wired traffic to Mobility ControllerCentralized policy management and enforcementAll users have access to applications on the ControllerDrátový i bezdrátový managementMobilityController End-to-end management of wired and wireless networks with AirWaveZero Touch Provisioning for rapid deployment with AirWaveCloud-based management with Aruba CentralWireless optimalizaceArubaActivate Automatic configuration of switch port when Aruba AP is detectedWorking with IAP to contain rogue AP, add VLANSet appropriate QoS of traffic from the AP

Aruba mobile-first switch portfolio84005400R38102930M– Advanced Layer 3– OSPF & BGP2930F25402530– Layer 2– Basic Layer 3Static routing & RIP– 8, 24 or 48 ports w/ – 24 or 48 ports with10/100/1000BaseTX10/100 or Gig– sFlow, ACLs, IPv6– sFlow, ACLs, IPv6– Fanless &compact models– Models with 10GbEuplinks– Models with10GbE uplinks– PoE models– PoE models– Basic Layer 3Static Routing, RIP& Access OSPF– Layer 3Static routing, RIP& Access OSFP– 24 or 48 port Gig– 8, 24, 48 ports Gig– Smart Rate multigigabit Ethernet– PoE models– Wire speed 40GbE– Models with1GbE or 10GbEUplinks– Internal Powersupply– VSF stacking(4x Units) frontplane stacking– OpenFlow– Modular uplinks– Redundant power– 10 unit stacking– 480x 1GbE PoE ports in a stack– 40x SmartRateports in a stack– OpenFlow– Advanced Layer 3– OSPF & BGP– 24 or 48 port Gig– 6- and 12- slotcompact chassis– Smart Rate multigigabit Ethernet– VSF support(2x Units)– Wire speed 40GbE – SmartRate multigigabit Ethernet– PoE models– Wire speed 40GbE– Modular uplinks– Redundant power– 10 unit stacking– 480x 1GbE PoE ports in a stack– 80x SmartRateports in a stack– OpenFlow– Redundant mgmt. &power– Advanced Layer 3– 8-slot chassis– 19.2Tbps– High SpeedModules– Redundant mgmt.and power– VSF support(2x Units) 256x 10GbE ports,192x 25GbE ports,64x 40GbE ports or48x 100GbE ports 288x 1GbE ports,96x 10GbE ports,– Next-Gen OS96x SmartRate portsor 24x 40GbE ports– 288 ports full PoE capable– OpenFlow

ARUBA 2930M SWITCH SERIES Aruba Layer 3 switch series with powerful ProVision ASIC andenterprise feature set with static, RIP and Access OSPF routing, ACLs,sFlow, IPv6 with no software licensing required AirWave and ClearPass Policy Manager integration Scalable and resilient with 10 chassis stacking Modular 10GbE SFP , HPE Smart Rate and 40GbE QSFP uplinks Smart Rate multi-gig Ethernet models with 8 or 24 built-in ports Up to 1440 W PoE for powering APs, cameras and IoT devices Ready for the software defined network with REST APIs and OpenFlowsupport Simple deployment with ZTP and cloud-based Central supportCloud manageable withAruba Central10GbE and 40GbE uplinksUpbetterto 1440WPoE capacitypower10GbE uplinks forbackhaulfor better backhaul capacityPerformance and power for the mobile-first campus

Sjednocení přístupových politik do LAN a WiFiDownloadable User Roles1. Wired or wirelessuser providescredentialsSingle point of policy management2. CPPM returns Role& Policy– Dynamically assigned by ClearPass at the timeof authenticationBuilds on top of the existing local User Roles– Every user/device is assigned a User RoleBYODAP– User Role policies include QoS, VLAN, ACL,Rate LimitsMobilityControllerClearPassPolicy Manager(CPPM)Consistent wired/wireless policy management– Same as WLAN AP, simplify policy configurationand managementArubaOS-SwitchPC/Laptop3. Role & Policy push tothe Mobility Controller orAruba Switches8

INTEGRATION WITH ARUBA CONTROLLERS AND APsProvide secured tunnel to transport network traffic on a perport basis to Aruba Controller. Authentication and networkpolicies will be applied and enforced at the ControllerConsistent wired/wireless networkarchitectureTunneled Node*Centralized role-based policyenforcementAccess Controller’s features (Firewall,packet inspection, finger printing)Enhanced security with port-basedtunnelsSupport redundant ControllersTrust QoSSet QoS policy when Aruba AP is connected

Aruba přináší inovace i do drátových sítímoderní Kampus Core-agregační prvek pro náročnéAruba 8400 and ArubaOS-CXArubaOS-CX: next-gen OS with opensource leverage and API-centricNetwork Analytics EngineProgrammability forsimple automation and integration19.2 Tbps system with high speed,high density interfaces, carrier-class HA

Aruba 8320 Switch SeriesAruba 8320 - Campus Aggregation Switch2.5Tbps switchingcapacity and1.9BPPSOn premisemanagement withAirWave, IMC, andNNMi/NA support1U form factor forconvenientdeploymentMulti-Chassis LAGfor High AvailabilityAdvanced Layer 3including OSPF andBGPSupports IPv4 andIPv6, future-proofingany IP installationHigh speed, linerate 10GbE and40GbEN 1 redundant fansand power suppliesHot swappableremovable fans andpower suppliesREST for distributedor centralizedorchestrationDatabase-drivenArubsOS-CX for HAandfault tolerance48 ports of 10GbE forSFP/SFP and6 ports of 40GbE forQSFP

Wireless Network Infrastructure

Pružná architektura garantuje ochranu investicWi-Fi která se vyvíjí s potřebami businessuINSTANT PŘÍSTUPOVÉ BODYARUBA CENTRALON-PREMISE KONTROLER AP se zabudovaným kontrolerem Multi-site Cloud management Startup bez nutnosti kontroleru Ideálni pro pobočky bez IT Centralizované řízení a šifrovánípro maximální bezpečnost a škáluJedna architektura pro všechny způsoby nasazeníAP se umí přepnout do všech režimů13

Aruba Instant Wi-FiEASY DEPLOYMENT SIMPLE POWERFUL COST EFFECTIVELess hardware, faster set-upENTERPRISE-GRADE &ALL INCLUSIVEBUILT-IN RF MANAGEMENTBUILT-IN SECURITYAdaptive Radio Management Firewall/Role-based AccessClientMatch Intrusion Prevention/DetectionBUILT-IN RESILIENCYSite SurvivabilityUplink RedundancyApp Visibility, ComplianceCost effective, simple, secure and scalable architecture suitable for distributed locations14

Inteligentní řízení podle aplikací s AppRF High priority real-timeMedium priorityLower priorityPovolte, zakažte nebo omezte podle aplikaceNastavujte aplikační pravidla podle uživatele, místa i časuCONFIDENTIAL Copyright 2016. Aruba, a Hewlett Packard Enterprise Company. All rights reserved

Bezpečný přístup do sítě podle roleRole-BasedAccess ControlPoSDataAccess RightsSSID-BasedAccess ControlPoSVirtual-AP 2SSID: nageVirtual-AP 1SSID: GUESTSignageClearPassGuestCaptive PortalSecure TunnelTo DMZGuestDMZ16

ClientMatch Více kapacity a větší kvality sítě přes celoukancelářINTELIGENTNÍ ANALÝZA CO SE DĚJE V REÁLNÉM ČASEDEVICE TYPELOCATIONCONGESTIONINTERFERENCE‘MU-MIMO Aware’CONFIDENTIAL Copyright 2016. Aruba, a Hewlett Packard Enterprise Company. All rights reserved

Airtime Fairness – rychlejší nemusí čekat na pomalejší Prevent throughput reduction for faster clients in thepresence of slower clients Air time Allocation Policies– Default Access – Disable Air Time allocation– Fair Access – Allocate same air time to all clients– Preferred Access – Allocate air time based on client capabilities–Gives higher priority to faster clients (802.11ac 802.11n 802.11a/g 802.11b) while ensuring no clients are starved– Works with mixed-mode clients in both 2.4 and 5GHz spectrums, across11b/g/n and 11a/n client18

Aruba WLAN Access Point PortfolioIndoor Access PointsOutdoor Access PointsHospitality Access Points Remote Access PointsHardened Access Points 19

Outdoor AP testujeme i v extrémních podmínkáchAruba outdoorAP-365 & 36720

Aruba enables deployment flexibility with Unified APsAll new APs from January 2017360303H203H203R340Controller-based (CAP)Centralized encryption/switchingLarger mobility domainsAdvanced services at scale318370Controllerless (IAP)Unified AP(UAP)Many individual remote sitesSimplified managementMinimal onsite HW and IT*All APs can also be deployed as Remote Access Points21

Controllers scale from branch to campus72807240Large Campus7220High performance, redundant power/fan512 – 2048 APs, up to 80Gbps throughput7210Midsize Campus7030High performance, fixed form factorUp to 256 APs, 12 Gbps throughputLarge branchUp to 64 APs and up to 8Gbps throughput7024 (24 PoE )Midsize branch with integrated switch7010 (12 PoE )12 or 24 ports of PoE for unified branchesUp to 32 APsVMC-TACT (8/16 AP)Small branch7005/7008 (16 AP)Virtualized or PoE-powered controllersBranchCampus720522

Wired & WirelessSecurity

Cesta k souladu s GDPRKroky na ochranu, která slouží pro přístup osobním údajům– Určete, co a kde jsou uloženy všechny osobní údaje, klasifikujte je.– Nastavte konzistentní politiky pro přístupu ke konkrétním údajům – přístupová kontrola– Identifikujte a včas ohlaste narušení bezpečnosti osobních dat.Jaké informace spadají pod GDPR?– Osobní údaje: jméno, pohlaví, věk, datum narození, osobní stav, IP adresa, fotografickýzáznam– Organizační údaje: e-mailová adresa, telefonní číslo, identifikační údaje vydané státem

IoT?BYOD?Orange color paneOptional subtitle25

GDPR mýty26

Bezpečnostní realita dnešních sítíTradiční bezpečnost na báziperimetru sítě je minulostMobilita znamená, žehrozby přicházejí zevnitř27

Problém sdíleného hesla?28

Zamezte možným útokům a mějte kontrolu nad přístupem dosítěIdentifikaceIdentifikujte/ Profilujte anásledně autentifikujteuživatelé a zařízenípřipojující se do sítě.Nastavení politikZaveďte vhodné přístupovépolitiky (autorizace) vzávislosti na typ uživatele azařízení a.i. .ZabezpečeníZaveďte detekci pomocídynamické kontroly a řeštenápravu také ve spolupráci sproduktama 3.stran29

Vynucení bezpečnostní politiky pro každé zařízení v sítidevice type / healthuser/roleContractorInfrastructureServersData & OCHRANAClearPassInternal/Cloud ApplicationsAdministratorNetwork InfrastructureEmployeetime / daylocation30