Martti Saramies, tuotemarkkinointipäällikkö, HP

Esitys aiheesta: "Martti Saramies, tuotemarkkinointipäällikkö, HP"— Esityksen transkriptio:

1 Martti Saramies, tuotemarkkinointipäällikkö, HP
ProCurve Networking - Tehoverkon komponentit - Secure Router 7000dl - HP NetSolutions 2005 Martti Saramies, tuotemarkkinointipäällikkö, HP

2

3 Aiheet Lyhyt oppimäärä: HP yrityksenä ja ProCurve Networking
Tehoverkon komponentit Secure Router 7000dl –tuoteperhe – lisäturvaa verkon reunalle NetSolutions kutsu

4 HP-yhtymä henkilöstö toimintaa 178 maassa liikevaihto 73,1 miljardia dollaria toimintavuonna 2003 tutkimus- ja tuotekehitysinvestoinnit $4.0 miljardia vuodessa yritysfuusio Compaq Computerin kanssa v. 2002 We draw strength from our global reach. For us, that means greater overall stability in our business, with 60 percent of our revenues generated outside the United States. For you, it means a partner who can meet your needs on a global scale with a culturally balanced and diverse workforce 140,000-strong, with capabilities in 160 countries. To put that in some perspective, the new HP powers more than 100 stock and commodity exchanges, including 14 of the world’s largest. We support 95 percent of the world’s securities transactions, and we help process two out of every three credit card transactions worldwide and three out of every four electronic funds transfers. We also handle 80 percent of the mobile billing and customer care traffic in Europe and Africa, and we help control 65 percent of the world’s energy infrastructure. All told, tens of millions of people around the world use HP technology every day. You want to do business with a company that will be able to support you for the long haul – a company with the financial strength and stability you expect from a strategic partner. With fiscal 2002 revenues exceeding $72 billion and nearly $12 billion in gross cash at the end of fiscal 2002, HP is one of the strongest IT companies in the world. In addition, we have significant market strength, with top three share in all of the major market segments where we do business, and it’s all supported by one of the world’s best-known and most trusted brands.

5 HP:n markkina-asema Suomessa
Tuotekategoria HP:n asema Suomi Markkina-osuus %, Q4/CY03 Markkina- kasvu % Q4, Y/Y HP kasvu, %, Q4, Y/Y Intel 32 -palvelimet (IDC, kpl) # 1 50.7 46.6 ´82.6 Tehotyöasemat (IDC, kaikki, kpl) 47.0 46.7 65.8 Pöytäkoneet (IDC, kpl) 26.7 30.8 40.7 Kannettavat (IDC, kpl) 35.9 78.8 86.5 Kämmentietokoneet (Canalys) 28.6 0.5 Mustesuihkukirjoittimet (IDC, kpl)) 45 -20 -5 Laserkirjoittimet (IDC, kpl) 76 34 103 Digikamerat (kpl, Purucom Oy) # 3 11 130 50 HP-palvelut (IDC, $) 9 3.5 23* *vuotuinen kasvuprosentti

6 HP:n markkina-asema Suomessa
Tuotekategoria HP:n asema Suomi Markkinaosuus %, Q3/CY03 Markkinakasvu Q3, %,Y/Y HP kasvu, Q3,%, Y/Y Kaikki palvelimet (IDC, $) Q3 # 1 58 33 39 RISC/UNIX –palv. (IDC, $) Q3 68.2 42 Linux-järjestelmät (IDC, kpl) Q3 37.4 54.6 60.6 Tallennusjärjestelmät (toimitetut SAN-järjestelmät, Q3, IDC) 71 18 29 Verkot (IDC) Q4 41 28

7 HP:n pitkä historia ETHERNET tuotteissa ja niiden innovaatioissa!
a bridge to the future chassis for the price of stackables switch on a chip fast path technology Layer 3 at a Layer 2 price Adaptive EDGE Architecture for secure, mobile multi-service networks HP ProCurve HP ProCurve Switch 4108gl HP AdvanceStack HP ProCurve HP ProCurve Switch 2000 Switch 4000m Switch 2524 Switch 5300xl HP invents 10Base-T Over 25 years of continuous investment in networking products and technology Aggressively expanding investments to cover more advanced aspects of networking year over year HP ProCurve is a complete networking group within HP Comprehensive portfolio of hardware, software, services and support Innovator in delivering breakthroughs in edge switches at a price point comparable to competitor’s conventional stacking switches Delivering switch meshing technology since 1998 1970’s 1985 1998 1999 2000 2001 2002 2003 Network leadership with HP EtherTwist #11 #5 #4 #3 #2 HP ProCurve Networking markkinaosuus, kytkimet Tasaista jatkuvaa kasvua…

8 ProCurve markkinaosuudet Suomessa
Kaikki portit L3 eli reititetyt portit IDC Q porttitoimitukset

9 ProCurve markkinajohtaja Suomessa
IDC Q Ethernet porttitoimitukset

10 RiverStone Networks yrityskauppa
ProCurve Networking on julkistanut RiverStone Networks yritykseen kohdistuneen hankinnan. HP:lle siirtyi RiverStone Networks keskuskytkin –teknologiaa, henkilöosaamista ja ohjelmistoja Kauppaan liittyviä uusia tuotteita nähdään markkinoilla vuoden 2005 loppupuolella. EDGE Fabric

11 Wireless Access Points
EDGE Network Servers Wireless Clients Tärkeät päätökset verkon reunalla Intelligent Switches Clients Intelligent Switches Clients In a ProCurve Adaptive EDGE Architecture Network, intelligent edge devices enforce decisions at the EDGE of the network, where users connect. Every EDGE device adds “decision making” capacity linear scalability enforce security and priority at point of access meet emerging application needs EDGE devices are standardized volume components affordable scalability uniform policy management Intelligence at the edge of the network reduces the need for centralized intelligence in the core. As a result, a need emerges for a high bandwidth interconnection between intelligence EDGE devices. A simple high-bandwidth core becomes sufficient. ProCurve will use the acquired technologies to develop a new class of products to meet this need. The ProCurve EDGE Fabric provides a cost-effective, high performance, highly available, scalable connection between intelligent EDGE devices. The ProCurve EDGE Fabric will provide a new alternative for building networks based on the Adaptive EDGE Architecture. The new ProCurve EDGE Fabric will enable customers to deploy cost-effective, highly available, high performance networks that meet the demands of current and emerging applications, such as security, mobility and convergence. The benefits and value of moving intelligence to the Edge with ProCurve EDGE Fabric Save costs Add to the network with high-volume edge solutions versus rip/replace expensive core solutions (cost-effective scalability) Preserve/extend investment of current solutions Offloading decision-making tasks from the existing core routing switch extends its lifespan and usability Less complexity, less intelligence, fewer decisions at the core = more power Increase network performance No decision-making bottleneck More direct, efficient routing of traffic High availability and resiliency with capabilities built into the infrastructure to prevent network downtime (hardware redundancy, software resiliency) Increase security Control network access, protect network resources and prevent unauthorized traffic from harming the network at the point of access Increase choice/flexibility Easy, flexible, affordable migration path Scale network over time Utilize new intelligent Edge solutions, existing core solutions or a combination of both EDGE Fabric Switch WAN Edge Wireless Access Points EDGE Network Internet Wireless Clients

12 Aiheet Lyhyt oppimäärä: HP yrityksenä ja ProCurve Networking
Tehoverkon komponentit Secure Router 7000dl –tuoteperhe – lisäturvaa verkon reunalle NetSolutions kutsu

13 Laajentunut ProCurve tuoteperhe
Content embargoed until Feb 21, 2005 Laajentunut ProCurve tuoteperhe Interconnect Fabric Switches Traditional Core Switches EDGE Portal Routers Edge Switches Intelligent EDGE Switches Edge Devices New 6400 Series 10 GbE Stackable 6 CX4 + 2 Flex 6 X2 + 2 Flex 6400 Series 10 GbE Stackable 6 CX4 + 2 Flex 6 X2 + 2 Flex 4100 Series 10/100/1000 Chassis 4 Slot & 8 Slot 5300 Series Chassis 10/100/ Slot & 8 Slot PoE Available 7000dl Series Secure Router Platform with Stateful Firewall and add-on VPN support Shipping 2800 Series Gig Stackable 3400 Series Stackable 24/48 Gig with optional 2 10 GbE Uplinks 9300 Series 10/100/1000 & 10GbE Chassis 4, 8 & 16 Slot 2600 Series 10/100 Stackable Gig Uplinks PoE Available Interconnect Fabric Chassis Gig/10GbE 8 & 16 Slot In plan for late-2005 700 Series Secure Wireless Access Control Wi-Fi Access Points

14 Ohjelmistopäivitykset
Maksuttomat ohjelmistopäivitykset koko kytkimen käyttöajan Kytkimen tuotekoodi sisältää aina tarvittavan ohjelmiston ja muistit

15 Reunakytkimien luokkajako!
Perinteiset työryhmäkytkimet - Hallittava - Etähallittava (SSL, SSH) - Virtuaali LAN, VLAN - Non-Blocking nopeus - Investointiturva - Pinottava - Joustavat liitännät Älykkäämmät reunakytkimet x sisäänkirjautuminen - WWW –autentikointi - Reititys, Access Listat - IGMP Multicasteille - 10 Gigabit optio! - IDM, Identity Driven Manager tuki!

16 HP ProCurve Switch 2600 Sarja Edullinen, hallittava, ja pinottava
24 tai 48 kpl 10/100Mbps portteja 2+2 kpl Gigabit –uplinkkejä (2 sisäänrakennettua 1000Base-T porttia 2 valinnaista Gigabit-valokuitu –laajennuspaikkaa ProCurve Access Control (mm x + WWW -autentikointi) QoS ja VLAN –ominaisuudet (802.1p ja 802.1q) Staattinen IP –reititys PWR-malleissa 802.3af –standardin mukainen PoE -virran anto Ikuinen takuu ja maksuttomat ohjelmistopäivitykset HP ProCurve Switch 2650 (J4899A) HP ProCurve Switch 2626 (J4900A) A redundant and external power supply is also available as an accessory. HP ProCurve Switch 2650-PWR (J8165A) HP ProCurve Switch 2626-PWR (J8164A) Hinnat: Alkaen 450,- € Alv 0%

17 HP ProCurve Switch 2800 Sarja Edullinen Giga-kytkin
24 tai 48 kpl 10/100/Gigabit portteja 4+4 kpl Gigabit –uplinkkejä (4 sisäänrakennettua 1000Base-T porttia) 4 valinnaista Gigabit-valokuitu –laajennuspaikkaa ProCurve Access Control (mm x + WWW -autentikointi) QoS ja VLAN –ominaisuudet (802.1p ja 802.1q) Staattinen IP –reititys Ikuinen takuu ja maksuttomat ohjelmistopäivitykset HP ProCurve Switch 2824 (J4903A) HP ProCurve Switch 2848 (J4904A) A redundant and external power supply is also available as an accessory. Hinnat: Alkaen 1590,- € Alv 0%

18 HP ProCurve Switch 3400cl Älykäs, reitittävä Gigakytkin
24 tai 48 kpl Gigaportteja (10/100/1000Mbps) 10 Gigabit uplink –mahdollisuus IP reititys, Access Listat (ACL), OSPF, RIP IGMP ProCurve Access Control (mm x ja WWW autentikointi) Hinnat alkaen: 2390,- € Alv 0% Hinnat Alk: ,- alv 0%, malli 24G The 3400cl Series Stackables are 1U Stackables that come in two densities in a 1U form factor: 24-port : 20-ports 10/100/1000 RJ-45 and 4 dual-personality ports with 10/100/1000 RJ-45 or optional gigabit miniGBIC slots for SX, LX, LH 48-port : 44-ports 10/100/1000 RJ-45 and 4 dual-personality ports with 10/100/1000 RJ-45 or optional gigabit miniGBIC slots for SX, LX, LH They are 1U Stackables with full layer 3 routing features and HP procurve’s EDGE features. They each come with one module slot for optional 10G 2-port modules of which there are two They both support RPS (RPS 600) and have resiliency features for high availability applications Layer 3 for Layer 2 pricing Near Wirespeed performance HP ProCurve Switch 3400cl-24G HP ProCurve Switch 3400cl-48G

19 Switch 3400cl ominaisuuksia
Routing Protocols Static Routing RIPv1, RIPv2 OSPFv1, OSPFv2 10,000 routes IP Multicast routing Jumbo Frame Support STP, RSTP, MSTP 802.1D, 802.1W, 802.1s 256 VLANs, 4096 VLAN Ids 8-port trunks, 25 trunk groups LACP, HP, FEC trunking Protocol VLANs (802.1v) XRRP Meshing PIM Dense* Rate Limiting GVRP IGMPv3 IGMP Snooping “Data Driven IGMP” Trunking LACP, FEC, HP HP Auto-MDIX Automatic or manual Routing Protocols: Static Routing:A network with a limited number of gateways to other TCP/IP networks should be configured with static routing. When a network has only one gateway, a static route is the best choice. A static routing table is constructed manually by the system administrator using the route command. Static routing tables do not adjust to network changes, so they work best where routes do not change. RIPv1, RIPv2:widely used it uses a distance-vector method of routing. The distance vector means the hop counts that every router contains and sent to the other routers. IP Routing Information Protocol (RIP), is designed for simple networks that have only a few routers and little redundancy. Such protocols are inefficient in larger networks where routing messages take up significant amounts of bandwidth. OSPFv1/OSPFv2: produces a more stable network by getting the routers to act on network changes predictably and simultaneously. An OSPF router collects and advertises information about its neighboring routers via a data structure called a router links advertisement. The router calculates and sorts its neighbors, finding all the reachable routers and the most optimal path 10,000 routes: IP Multicast routing Customer Benefit: Jumbo Frame Support: supports 9016 untagged frame size and 9020 tagged frame size Customer benefit: in applications where long file transfers are needed like backup and database storage, jumbo file transfers require up to 10 times less CPU processing time thus freeing up servers to process more job transactions. Spanning Tree Protocols: 802.1D: Spanning Tree Protocol Customer Benefit: Spanning tree was designed to solve the fundamental problem of traffic loops created by the interconnection of LANs with redundant transparent bridges 802.1W: Rapid Spanning Tree Protocol Customer Benefit:provides significant improvements in the speed of convergence for bridged networks. Those improvements come from the ability of switches to distinguish point-to-point vs. shared links. Point-to-point links are those that connect exactly two switch ports, while shared links are ones that have more than two devices attached to them. 802.1s: Multi-instance Spanning Tree protocol Customer Benefit: the standard defines the interactions between areas of a network that are capable of supporting multiple STP instances and others that only support an STP instance. Mostly it can be used to balance traffic by allowing alternate STP paths for different VLANs IGMPv3:. IGMP Snooping(Multicast Snooping) provides the ability to “prune” multicast traffic so that it travels only those end destinations that require that traffic. In effect, it yields the best of both Unicast and multicast addressing, and reduces the amount of traffic on the Ethernet LAN. HP's data driven or smart IGMP prunes extraneous switch traffic and is an improvement over IGMP snooping. This improves performance in stream intensive applications such as video-on-demand which is used by many customers for distance learning and training. Customer Benefit: More efficient multicast networking (I.E. multicast traffic only goes where it is directed and no extraneous multicast traffic is allowed

20 HP ProCurve Switch 5300xl series
Verkon keskipiste tai älykäs reunakytkin

21 ProCurve Switch 5300xl Series
Modules Switches NEW xl Access Controller Module (J8162A) 5304xl-32G (J8166A) 5308xl-48G (J8167A) xl 10/100-TX Module (J4820A) xl 100-FX MTRJ Module (J4852A) 5348xl (J4849A) 5372xl (J4848A) xl 100/1000-T Module (J4821A) xl 10/100-TX PoE Module (J8161A) 5308xl (J4819A) 5372xl (J4850A) xl Mini-GBIC Module (J4878A) xl 16-Port 10/100/1000 Module (J4907A) Additional accessories: Gigabit-SX, LX, LH Mini-GBIC Redundant power supply 610 and 600 external power supply (for xl PoE module)

22 ProCurve 5300xl Modulaariset L2/L3/L4 -kytkimet
Starttipaketit 10/100- tai Gigaporteilla Hot-Swap modulit IP Reititys Access Listat, RIP, OSPF Router Redundancy PoE, 802.3af HP ProCurve Switch 5372xl (J4848A) 72 10/100 ports 5 open module slots IEEE 802.3af PoE ready HP ProCurve Switch 5308xl (J4819A) Same chassis as 5372xl 8 open module slots Vaativiin verkko-ympäristöihin HP ProCurve Switch 5348xl (J4849A) 48 10/100 ports 2 open module slots IEEE 802.3af PoE ready HP ProCurve Switch 5304xl (J4850A) Same chassis as 5348xl 4 open module slots

23 HP ProCurve Switch 5300xl Ominaisuuksia
76,8 Gbps Switch fabric Layer 3 IP routing, RIP1, RIP2 and OSPF Hot-swappable modules Router redundancy (XRRP) IP Multicast Routing (PIM Dense) IP Multicast (data driven IGMP) Optional redundant power supply 802.1X and RADIUS network WWW autentication Access control lists ACL, Layer 3 filtering Rapid Spanning Tree Protocol (802.1w) Multi-Instance Spanning Tree (802.1s) 802.3ad LACP and HP trunking Cisco Fast EtherChannel (FEC) TACACS+ SSHv2 and SSL 256 x 802.1Q VLANs, GVRP 802.1v Protocol VLANs Class of Service, (CoS) sets 802.1p priority tags Layer 4 prioritization, realtime traffic classification Secure FTP Rate Limiting guaranteed minimums, enforced maximums Static NAT, hides 32 nodes per switch Non-blocking architecture: 76.8 Gbps non-blocking crossbar switching fabric provides wire-speed intra- and inter-module switching with up to 48 million pps throughput built on HP custom-designed ASIC technology IP layer 3 routing: provides routing of IP at media speed; supports basic routes, RIP, RIPv2, and OSPF Router redundancy (XRRP): allows groups of 2 routers to dynamically back each other up to create highly available routed environments IP multicast routing (PIM Dense): routes IP multicast using the PIM Dense routing protocol IP multicast (data-driven IGMP): automatically prevents flooding of IP multicast traffic HP switch meshing: dynamically load-balances across multiple active redundant links to increase available aggregate bandwidth 802.1s Multi-Instance Spanning Tree: high link availability in multiple VLAN environments by allowing multiple spanning trees 802.1w Rapid Convergence Spanning Tree Protocol: increases network uptime through faster recovery from failed links 802.3ad Link Aggregation Control Protocol (LACP) and HP trunking: support up to 36 trunks, each with up to 8 links (ports) per trunk; trunking across modules is supported Cisco Fast EtherChannel® (FEC): supports Cisco’s proprietary FEC trunking protocol Web-based authentication: similar to 802.1X, provides a browser-based environment to authenticate clients that do not support the 802.1X supplicant Access control lists (ACLs): provide IP layer 3 filtering based on source/destination IP address/subnet and source/destination TCP/UDP port number VLAN support and tagging: support complete 802.1Q (4,096 VLAN IDs) and 256 VLANs simultaneously 802.1v Protocol VLANs: isolate select non-IPv4 protocols automatically into their own VLANs Group VLAN Registration Protocol (GVRP): allows automatic learning and dynamic assignment of VLANs Port security: prevents unauthorized access using MAC address lockdown MAC address lockout: prevents configured particular MAC addresses from connecting to the network Source port filtering: allows only specified ports to communicate with each other TACACS+: eases switch management security administration by using a password authentication server Secure Shell (SSHv1/SSHv2): encrypts all transmitted data for secure CLI remote access over IP networks Secure Sockets Layer (SSL): encrypts all HTTP traffic, allowing secure access to the browser-based management GUI in the switch Secure FTP: allows secure file transfer to/from the switch—protects against unwanted file downloads or unauthorized copying of switch configuration file Secure access to manage the 5300xl series: all access methods—CLI, GUI, or MIB—are securely encrypted through SSHv2, SSL, and/or SNMPv3 Static NAT: hide up to 32 nodes per switch from the rest of the network through static IP address translation Layer 4 prioritization: enables prioritization based on TCP/UDP port numbers Traffic prioritization (802.1p): allows real-time traffic classification into 8 priority levels Rate Limiting: per port, per queue: ingress and egress guaranteed minimums, ingress enforced maximums Class of Service (CoS): sets 802.1p priority tag based on IP address, IP Type of Service (ToS), L3 protocol, TCP/UDP port number, source port, and DiffServ RMON, XRMON, sFlow, and SMON: provide advanced monitoring and reporting capabilities for statistics, history, alarms, and events Cisco Discovery Protocol (CDPv2): enables real-time mapping of nodes to switch ports, discovery of Cisco IP phones Friendly port names: allow assignment of descriptive names to ports Find-Fix-and-Inform: finds and fixes common network problems automatically, then informs administrator HP Auto-MDIX: automatically adjusts for straight-through or crossover cables on all 10/100/1000 ports Hot-swappable modules: permit modules and mini-GBICs to be added or swapped without interrupting the network Dual flash images: provide independent primary and secondary OS files for backup while upgrading Optional redundant power supply: provides uninterrupted power iSCSI support: enables the deployment of Ethernet storage area network solutions using the iSCSI standard Lifetime warranty: for as long as you own the product, with next-business-day advance replacement (available in most countries) Dual flash images

24 Switch 5300xl Series Use Model
ProCurve 7000 Series Edge Portal (firewall, proxy, VPN) ProCurve Switch 5300xl Series ProCurve 9400 or 9300 Series Internet Servers for Network Services ProCurve Manager Plus/Identity Driven Manager ProCurve Access Control Server 740wl ProCurve Switch 5300xl Series xl GbE, 10/100, PoE Modules xl Access Controller Module ProCurve 610 EPS (PoE) Secured Connectivity ProCurve Switch 2800, 2500, 2600 Series trusted ports We first show the positioning of the 5300 among other ProCurve offerings. The primary use of the 5300 is at the network edge where the switch is connected directly to networked host (e.g., PC, laptop, etc). The traffic is then aggregated and transported to the core switch in the network. Features in the 5300 excel in supporting secured, convergence-ready, and mobile applications. The intelligence in these features support our Adaptive EDGE Architecture where traffic decisions are made at the very edge of the network. You can use the 5300 as a distribution switch and connect to Traditional edge stackable switches downstream but you will not be able to take full advantage of all the advanced control and security features in the 5300. Convergence Secured Mobility PoE PoE ProCurve Wireless Access Point 420 guest network ports IP Telephony

25 HP Virus Throttling – uusi lääke viruksiin
HP ProCurve Switch 5300xl series

26 Virusongelma… 05:29 Jan 25 – 0 infected 06:00 Jan 25 – 74855 infected
Useimmat antivirus-ohjelmistot pyrkivät estämään tartunnan. Toimii hyvin, mutta epäonnistuu joskus. Kun se epäonnistuu, virus leviää uskomattomalla vauhdilla ja tekee tuhojaan. Saastuneita tietokoneita Jumittavia verkkoja Esimerkkejä SQLSlammer Sasser 06:00 Jan 25 – infected In one minute a virus (the sapphire worm) was able to infect large parts of the world’s networks. This timeframe is much shorter than human intervention can handle.

27 Tietoturvan perusosat: Suojaus, Tunnistaminen ja Korjaustoimenpiteet
Hyökkäykset tapahtuvat laite- nopeudella, vaste tapahtuu ihmis- nopeudella. Sillä aikaa tietoverkkomme on haavoitettavissa… … koska hyökkäys laajenee nopeaan tahtiin ennen kuin siihen reagoidaan. Isommissa ja monimutkaisemmissa järjestelmissä myös ongelmat ovat monimutkaisempia. For the diagram – virus detection and prevention (the green area) is a good way to stop virus proliferation. But this only works for virus’ that are known. For viruses that are new, they can be contained in a reasonable fashion only if they are slowly spreading. The problem area is for those virus’s that are new and particularly quick in their ability to spread. This is the virus activity that virus throttling is intending to prevent through a resilient infrastructure. Fast Ongelma-alue Resilient Infrastructure preventing problems occurring speed of attack/response responding Slow known type of problems unknown

28 Ratkaisu: Vastustuskykyinen Ympäristö
Automaattisesti tarkkailee liikennettä ja estää hyökkäykset – ennen kuin ihminen ehtii reagoida Ostaa aikaa! Lisäturva! Ihminen tekee hyviä päätöksiä, mutta on hidas Tietokoneet ovat nopeita, mutta eivät osaa tehdä päätöksiä A resilient infrastructure doesn’t prevent a virus, it just makes sure that the network doesn’t go down in the presence of a quick spreading virus. It buys time for the network staff to come up with a solution for containment or quarantine. Fast Vastustus-kykyinen Ympäristö Resilient Infrastructure preventing problems occurring speed of attack/response responding Slow known type of problems unknown

29 Viruksille… Suojaus: Vaste: Vastustuskykyinen ympäristö:
Virustorjunta ohjelmistot, käyttäen viruspäivityksiä Vaste: Kriisitoimenpiteet, eskalaatiot Vastustuskykyinen ympäristö: Virus Throttling Estää viruksen leviämisen saastuneelta koneelta Tietokone on kyllä saastunut, mutta Viruksen leviäminen kuristetaan siitä eteenpäin Fast Vastustus-kykyinen Ympäristö Resilient Infrastructure preventing problems occurring speed of attack/response responding Slow known type of problems unknown

30 Virus Throttling – tunnistaa häiriökäyttäytymisen
Jotta mato-virus voisi levitä saastuneesta koneesta, sen pitää ottaa yhteys useisiin muihin koneisiin Yhteydenotot tapahtuvat erittäin nopeassa tahdissa Esim. SQLSlammer voi saastuttaa >800 laitetta sekunnissa Normaalikäytössä puhtaat koneet eivät tee niin Yhteydet muodostuvat samoihin koneisiin Yhteydet muodostuvat hitaasti Tyypillisesti 1 uusi yhteys sekunnissa Niinpä voimme asettaa yhteydenottorajoja ja saada häiriköt sitä kautta kiinni!

31 Ratkaisu: Virus Throttling ProCurve 5300xl kytkimissä
Kun mato-virus pyrkii leviämään: 5300xl tunnistaa häiriökäyttäytymisen ja automaattisesti: kuristaa liikenteen saastuneista laitteista reititettyjen Virtuaali LAN:ien rajoilla Huomattavasti hidastaa viruksen leviämistä Antaa aikaa reagoida, rasittamatta edes verkkoliikennettä tai – estää kaiken liikenteen saastuneelta koneelta toisiin Virtuaali LAN:eihin Pysäyttää viruksen leviämisen Mutta myös estää muun liikenteen reitittämisen kyseisestä koneesta muihin verkon osiin.

32 Virus Throttling - Edut
Toimii tietämättä yhtään mitään viruksesta Toimii tuntemattomienkin virusten uhatessa Ei tarvitse viruskantojen päivityksiä Suojaa verkkoa Lähiverkko ja kytkimet pysyvät pystyssä – jopa hyökkäyksen aikana Ilmoitus Kun laitteen liikenne kuristetaan, muodostuu myös SNMP -ilmoitus ja logitiedot. IT henkilöstöllä on aikaa reagoida ennen kuin ongelma laajenee katastrofiksi

33 Virus Throttling - Faktoja
Virus Throttling on ainutlaatuinen ProCurve 5300xl –kytkinten ominaisuus Tarkkailee kaikkia portteja yhtäaikaa Yksinkertainen käyttöönotto Ei vaadi päivityksiä Joidenkin muiden valmistajien järjestelmät pyrkivät myös tunnistamaan häiriökäyttäytymistä – mutta Vaatii erillisen laitteen tai modulin Lisäkustannus Verkon suorituskyvyn hidastuminen Kyky käsitellä vain murto-osa kytkinten liikeenekapasiteetista Virus Throttling is unique: Some competitors are attacking the problem through behavioral detection which requires a separate appliance, or a special use module installed in the switch. These technologies are similar to the ProCurve virus detection in that they look for the effects on the network, rather than for specific viruses. Bandwidth of these specialized devices is usually very limited which forces the user to set up a mechanism that will only send a small part of the overall switch traffic to these appliances.

34 Virus Throttling - Ehdot
Kuristaminen tapahtuu automaattisesti vain Reititettyjen VLAN:ien yli tapahtuvassa liikenteessä Reititys pitää olla aktivoituna Muut laitteet saastuneessa VLAN:issa ovat edelleen uhan alla, MUTTA: Verkon ylläpitäjä saa ilmoituksen viruksesta ja voi manuaalisesti sulkea portteja. Suojaa vain Mato-tyyppisiltä viruksilta Matovirukset ovat “viheliäisimpiä” There are two caveats with the 5300 virus throttling functionality The automatic throttling only occurs as a packet is routed in the The virus traffic continues to flow within the Layer 2 environment of the infected client. The virus throttling functionality still prevents rapid virus spread to the rest of the routed network and can be the difference that prevents an entire network from being choked with traffic or going down. As shown earlier, the L2 environment can be manually protected as the network manager has been informed of the virus activity and can find the switch port the activity is entering and shut it down through PCM+ (version 1.6 or later). Only operates on worm type viruses. Worm viruses are potentially the most damaging, however, as they can spread so fast as to bring a network down before net managers can act to protect the network.

35 ProCurve Switch: - 6400cl 10-Giga agregaattori - 340ocl 10/100/1000 kytkin 10G uplinkeillä
+ Nov 04 HP ProCurve Switch 3400cl-24G (J4905A) HP ProCurve Switch 3400cl-48G (J4906A) March 05 HP ProCurve Switch 6400cl-6XG (J8433A) HP ProCurve Switch 6410cl-6XG (J8474A) Lyömätön yhdistelmä!

36 Wiring closet 3400’s with dual-homed up-links
Käyttömalleja Simple High Performance Core Switch 3400’s 6400 .... Server Farm with 3400 2 CX4 Ports to Local 3400 6 Media Flexible Ports Distributed Building Campus 3400 Stack Distributed 6400’s Core Wiring Closets Low-Cost Small HA Backbone Wiring closet 3400’s with dual-homed up-links Meshed Cluster of 6400’s .... HA Server Farm A Top of Stack Aggregator for High-Density Closets 6400 ToS Aggregator 10G Uplinked 3400’s 6 CX4 Down Links to 3400’s 2 Media Flexible Ports for Uplinks Key takeaway **************

37 Mobility products Wireless access points Secure access
Supports up to 250 users using b** Supports up to 50 users using a** 64- and 128-bit RC4 WEP encryption Roaming Automatic channel selection Web-based management Supports up to 250 users using g or b 64-, 128-, and 152-bit WEP encryption Roaming Automatic channel selection Web-based management HP ProCurve Wireless Access Point 520wl (J8133A) HP ProCurve Wireless Access Point 420 (J8130A/J8131A)† Secure access HP ProCurve Access Controller 720wl (J8153A) Secure, scalable connectivity between wireless clients and wired network Enforces authentication, access rights, and data encryption Supports up to 12 wireless access points Used with either the 740wl or 760wl HP ProCurve Access Control Server 740wl (J8154A) Centralized security configuration and user policy management Secure uninterrupted subnet roaming Supports thousands of wireless users within a domain Used with the 720wl HP ProCurve Integrated Access Manager 760wl (J8155A) For smaller networks or remote offices Combines functionality of 720wl and 740wl † Check Web site for availability ** Requires an HP ProCurve 150wl or 160wl card (ordered separately)

38 ProCurve Switch 5300xl – verkon ydin tai älykäs reunakytkin
Tarjoaa tietoturvallisia yhteyksiä korkealla käytettävyydellä ja auttaa verkkoa vastaamaan muuttuviin haasteisiin.

39 Aiheet Lyhyt oppimäärä: HP yrityksenä ja ProCurve Networking
Tehoverkon komponentit Secure Router 7000dl –tuoteperhe – lisäturvaa verkon reunalle NetSolutions kutsu

40 Lisäturvaa – koko ympäristöön
WAN LAN WLAN

41 The ProCurve Adaptive EDGE Architecture Edge to Edge -määritelmä
secure wireless connections (WLAN) public streams Adaptive EDGE Architecture Edge-to-Edge secure VPN tunnels (WAN) secure remote connections (WAN) wireless edge private links other site LANs intranet EDGE portal (WAN) interconnect fabric Internet wired edge secure wired connections (LAN) public streams enterprise LAN

42 Edge-to-Edge –laajennus UUSI ProCurve Secure Router 7000dl
Content embargoed until Feb 21, 2005 Edge-to-Edge –laajennus UUSI ProCurve Secure Router 7000dl PARAS VAHTOEHTO todellinen haastaja markkinajohtajalle. Toimipisteet yhdistävä reititinsarja. Alan paras sisäänrakennettu tietoturva Nopea reititys Alan paras RoIT Wire-speed suorituskyky puoleen hintaan verrattuna vastaaviin Cisco -tuotteisiin

43 ProCurve Secure Router 7102dl
2-slot branch office router High performance router supporting up to 4xT1/E1 lines ProCurve Secure Router 7203dl The first two products to be introduced as part of ProCurve’s WAN portfolio include the 7102dl and 7203dl routers. These particular routers are geared toward SMB and Enterprise sites to allow WAN or Internet connectivity. These routers are optimized for customers looking for a a high performance, high density, and low cost of ownership solution. The 7102dl router includes 2 slots to support modular WAN interface cards. The router is designed to support up to 4xT1/E1 connections. The 7203dl router includes 2 slots and 1 wide slot support modular WAN interface cards. This midrange router is designed to support up to 12xT1/E1 connections. 3-slot (1 wide) branch office router High performance router supporting up to 12xT1/E1 lines

44 Modulit All small modules include optional backup port (ISDN or analog modem)
2xE1 1xE1 1xE1 + G.703 Serial (V.35/X.21) 1xADSL2+ (Annex B) 1xADSL2+ (Annex A) 8xT1/E1

45 Optio - “takaportti” -moduli
Daughter cards for 7000dl WAN modules Provide backup access in the case of E1/DSL/Serial outage Modules include: ProCurve SR dl Analog Modem Backup module ProCurve SR dl 1-port ISDN BRI S/T backup module While each of the dl modules is sold with the backup port, in order to get the backup functionality you must purchase and install one of the 3 available ProCurve SR dl backup modules, or “daughter cards”. ProCurve SR dl Analog Modem Backup module 1-port V.90 Analog Modem backup module attaches as a daughter card to dl modules Connector: RJ-45 ProCurve Secure Router dl 1-port ISDN BRI S/T backup module 1-port ISDN BRI S/T backup module attaches as a daughtercard to dl modules ProCurve Secure Router dl 1-port ISDN BRI U backup module 1-port ISDN BRI U backup module attaches as a daughtercard to dl modules U interface support Support for 1B channel (64 kbps) or 2B channels (128 kbps)

46 ProCurve Secure Router 7203dl details…
Ethernet dl Wide Module Slot dl Module Slots Console VPN Accelerator Card Slot This is a photo of the 7203dl router to give you a better idea as to the hardware features. The top picture is the front of the router showing the console port, 2x10/100 Ethernet ports, 2 dl module slots, and 1 dl Wide module slot. The backside of the router includes an externally accessible VPN encryption accelerator slot. An optional VPN accelerator card can be purchased to enable site-to-site or client VPN access. Next to the VPN accelerator card slot is an externally accessible compact flash port. To facilitate deployments and setup, a user can load the desired configuration and image file on a standard compact flash card, place into the router, and boot. Next to the compact flash port is an Redundant Power Source (RPS) port that can interface to a ProCurve RPS device. In case of an internal power supply failure, the RPS will automatically failover without the router losing link. Compact Flash RPS Port

47 ProCurve Secure Routers 7000dl series Cover the need from 10 to 1000 users site
Build upon ProCurve values: ►Lifetime warranty products, easy to order and configure, support features at wire speed ►Provide an EDGE-to-EDGE solution to our customers, across a variety of connectivity options Medium Site ( users) Large Site ( users) Small Site ( users) Interoperability: ►QoS, VoIP, WAN… ProCurve 7300dl Secure Router ProCurve 7203dl Secure Router CSU/DSU ProCurve 7102dl Secure Router w/ Integrated FW/VPN ISDN BRI backup 4xT1/E1 PPP 1xT1/E1 PPP 1xT3/E3 PPP/FR PPP/FR Network Small Branch Office (<50 users) Internet ADSL NxT1/E1 PPP/FR ProCurve 7102dl Secure Router w/ Integrated FW/VPN ProCurve 7300dl Secure Router w/Integrated FW/VPN NxT1/E1 ADSL DSL Modem HQ Site Remote Office (1 user) VPN ProCurve VPN Client Security: ►Firewall security ►Complete IPSec VPN solution Management: ►Unified interface & access (PCM)

48 Aiheet Lyhyt oppimäärä: HP yrityksenä ja ProCurve Networking
Tehoverkon komponentit Secure Router 7000dl –tuoteperhe – lisäturvaa verkon reunalle NetSolutions kutsu

49 Kutsu: HP NetSolutions 2005
Ajankohtaiset tietoturvahaasteet Asiantuntijoille, päättäjille ja HP:n jälleenmyyjille Paluulento la 14.5. Hinta € 149,- (2 hh hytti) Ilmoittautuminen: Kirsi Salo testaa iltapäivän päätteeksi osaamistamme Verkon Heikoin Lenkki -kisassa.

50 NetSolutions 2005 - Ohjelma
Perjantai 13.5. 09: :00  Aamiainen Alustus ja maihinnousukorttien jako 10: :30  Siirtyminen laivaan 10:30  Lähiverkon kehittäminen - tehot ja tietoturva  ProCurve Networking - tehoverkon komponentit tuotemarkkinointipäällikkö Martti Saramies, HP 10:55  Sisäverkon tietoturva senior technical consultant Patrick Hänel, Check Point 11:25  ProCurve Secure Access -toimintaesittely  - käyttäjien tunnistaminen, valtuutukset ja salaukset  - Lan ja WLAN tietoliikenneasiantuntija Timo Lindfors, HP 13:15  Check Point sisäverkon tietoturvakomponentit   - InterSpect - verkon aktiivinen turvaaja  - Integrity - päätelaitteen suojaaja senior technical consultant Patrick Hänel, Check Point  14:00  Virus Throttling - uusi lääke viruksiin  - ominaisuudet  - Virus Throttling ja ProCurve Manager+ -toimintaesittely tietoliikenneasiantuntija Timo Lindfors, HP 14:15  Hyökkäyssimulaatio - InterSpect vs. VirusThrottling  tietoliikenneasiantuntija Timo Lindfors, HP 14:45  Kahvitauko 15:00  10-gigaiset ethernet-verkot  - kustannusvertailu lähiverkkokäytössä: Gigainen-  vs.   10-gigainen ethernet  - kustannukset alueverkkokäytössä tuotemarkkinointipäällikkö Martti Saramies, HP  15:45  Esimerkkiympäristön suunnittelu tietoliikenneasiantuntija Timo Lindfors, HP 16:30  Yhteenveto ja WorkShop Light 17:00  Laiva lähtee 17:00  Verkon Heikoin Lenkki -kisa Kirsi Salo testaa kenen verkko tökkii, kenen kytkin luistaa ja kenen asema ei pysy kohdallaan 20:30  Buffet-illallinen Lauantai 14.5. 07: :30 Meriaamiainen 09:30  Laiva saapuu Tukholmaan 10.00 Bussikuljetus Värtanin terminaalin edestä Arlandan lentokentälle Convergence Features: The routers offer convergence ready capabilities including priority queuing (PQ), weighted fare queuing (WFQ), and Differtiated Services (DiffServ) code point markers to shape and prioritize delay sensitive traffic from EDGE-to-EDGE across the WAN link. Mobility Features: Today’s workforce has become increasingly more mobile and must adapt to the changing needs of the business. The ProCurve Secure Router 7000dl series allows mobile users to securely connect back to their corporate offices over the internet. Thus, users can stay connected longer while traveling or working at home to allow them to respond to important s and support the needs of the business as their time allows. Security Features: The Internet has migrated from a stage of being invasive to outright hostile, so today’s networks need adequate protection to stop external attacks while providing secure access at the EDGE. The Secure Router 7000dl series integrates a stateful firewall and optional IPSec VPN capabilities to provide a secure EDGE-to-EDGE connection from a branch office to a headquarter site while preventing unauthorized access. Ilmoittautuminen:

51 Lisätietoja Tuotetietoa, manuaalit, ohjelmistopäivitykset ym:
Tekninen keskustelupalsta Vaihtolaitetarjouksemme ProCurve DemoCenter, HP Espoo

52 HP ProCurve DemoCenter HP:lla Espoossa
Loistava paikka tutustua tarkemmin ProCurve verkkojen virittelyyn. Demomahdollisuuksia Peruskonfiguraatiot Vikasietoiset verkkoratkaisut Verkonhallinta-ohjelmistojen käyttö ja mallikytkennät Vikatilanteiden simulointi Käyttäjien hallinta IDM Virus Throttling

53 HP ProCurve DemoCenter
Laitteisto Kytkimet Reitittävät kytkimet Langattomat tukiasemat WLAN autentikointipalvelin ProCurve Manager PLUS -hallinta ohjelmisto RADIUS/DHCP – palvelin 7000dl Reitittimet

54 Hyödyllisiä ProCurve -henkisiä kavereita
Martti Saramies, tuotemarkkinointipäällikkö GSM Jari Hämäläinen, Partner Account Manager GSM Lasse Kajas, Suurasiakasmyynti GSM Otto Kaipio, Presales GSM Timo Lindfors, IronNet Oy Tekninen asiantuntija GSM Aaro Lehtomäki, Myyntipäällikkö GSM

55 Kiitos