1 / 76

ProCurve Network Access Controller: Secure Your Network with IDM 2.2

Learn about the ProCurve Network Access Controller 800 and IDM 2.2 solution, its features, benefits, and target customers. Understand how it fits into the ProCurve family and its key differentiators. Discover the market potential and the importance of securing your network in today's environment.

smithsam
Télécharger la présentation

ProCurve Network Access Controller: Secure Your Network with IDM 2.2

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Featuring IDM 2.2 and ProCurve Network Access Controller 800 Presenter April 2007

  2. Table of contents • Objectives for this training Slide 3 • Overview Slide 4-13 • Market landscape and/or potential Slide 14-17 • Product/Solution components Slide 18-39 • Services Slide 39-45 • Target customers Slide 46-51 • Business benefits (Customer/IT/Reseller) Slide 52-55 • Competition Slide 56-61 • Key differentiators Slide 62-63 • Addressing customer questions/objections Slide 64-66 • Summary: ProCurve Value proposition & Edge Architecture fit Slide 67-71 • Additional resources Slide 72-74

  3. Objectives • After completing this training, you should be able to: • Identify the market potential for the Access Control solution • Describe the Access Control solution and the products that comprise it • Position this solution within the ProCurve family • Describe the key features and benefits of the Access Control solution • Target potential customers by work environments and needs • Articulate • Customer business benefits • IT benefits • Reseller business benefits • Review the competition • Identify the ProCurve Access Control solution’s key differentiators • Address customer objections/concerns • Emphasize the ProCurve EDGE ArchitectureTM and value propositions fit

  4. Overview

  5. Security overview • The challenges to secure today's enterprise networks are everywhere: • Hackers • Internet intruders • Eavesdroppers • Forgers • “Traditional” security techniques no longer enough • Threats no longer just from the outside – internal • Network administrators need to take a more “proactive” approach to controlling access to their networks • Simply controlling access to the network based solely on the identity of the user is no longer “enough”

  6. What organizations need to do today • Apply access rights and take control over network usage • Eliminate viruses and unwanted network traffic • Turn security intelligence into actionable network operations • Understand and demonstrate regulatory compliance • Deploy easy-to-use security solutions that are standards- based, interoperable and reliable

  7. What the others are doingFragmented approaches Network Vendors • Bolt-on security at the WAN perimeter • Firewalls • IDS/IPS • Bolt-on security enforcement in the core • Upgrade to get separate Wired and Wireless NAC Servers Clients Traditional Core Firewall VPN WirelessAccess Points Security Vendors • Overlay the network with dedicated security appliances • Update host-based software with intrusive agents WirelessClients

  8. ProCurve overview • The ProCurve Network Access Control solution is an integral part of the ProActive Defense strategy, encompassing a holistic approach to network security. It allows for the continuous protection, detection and response to security threats at the network edge. • This comprehensive vision delivers a trusted network infrastructure, which is controllable for appropriate use, immune to threats, and is able to protect data integrity for all users.

  9. ProCurve’s security architectureIn practice Policies Validation Trusted Network Infrastructure

  10. ProCurve Security solutions ProActive Defense Access Control Network Immunity Secure Infrastructure

  11. Procurve Animation

  12. Defense Animation

  13. The edge is the first point of attachment to the network The edge is the enforcement point • Support applications at their point of entry • Deliver “command from the center” and “control to the edge” through an Adaptive EDGE Architecture™ Servers Internet Clients Wireless Clients Clients WLAN WAN LAN Command From The Center

  14. MarketLandscape or Potential

  15. Market trends In addition to the obvious and known need to contain the ever-growing and self-propagating security threats such as worms, viruses and spyware, according to the Security website “Secure Access Central”* and other sources, a number of key trends account for the growing importance of endpoint security and NAC for enterprises and non-commercial organizations alike: • More and different types of users are being granted privileges to access data and applications on private networks • Computing devices - regardless of ownership - are now commonly used for BOTH business and personal purposes • Portable and wireless digital devices have become common in the workplace (e.g., memory sticks, MP3 players, smartphones) • Wireless access points have exposed networks to new paths for attacks • Regulatory compliance * http://sslvpn.breakawaymg.com/eps/technology_overview.php

  16. What is the market potential? • According to a report published by Synergy Research Group, based in Reno, NV, the worldwide network security market increased 6% sequentially and grew 10% in 2006 compared to 2005, approaching $5 billion dollars • According to Infonetics Research, manufacturer revenue for NAC enforcement was $323M in 2005 and is expected to grow (by 1,101%) to $3.9B by 2008

  17. NAC market expectations Implementation Status By Company Size • Reasons Cited: • Cost • Manageability • Difficulty of Deployment Source: Forrester, May 2006

  18. Products(Solution components)

  19. ProCurve’s Access Control Solution • Access Control is a comprehensive way of managing access to the network and uniquely handling all types of users while preventing untrusted network use • Deployable and manageable network access control (ease of use) • Appropriate network access (IDM) • Endpoint integrity validation (ProCurve NAC 800) • Built in RADIUS server (cost savings) • Network access reporting (regulatory compliance, forensics) • Resilient and scalable • Comprehensive network access control (wired, wireless, remote, 802.1X/VPN)

  20. Access Control Solution 2.0Components and implementation options Identity Driven Manager (IDM) 2.2(Requires ProCurve Manager Plus 2.2) + 802.1X - capable switches and wireless APs + ProCurve Network Access Controller (NAC) 800 + ProCurve NAC Endpoint Integrity (EI)Agent License + ProCurve NAC EI Implementation Start-up Service

  21. Authentication Directory Active Directory LDAP Access Control Solution 1.0Before launching IDM 2.2 and ProCurve NAC 800 Authentication Server Authentication Server HTTP Request Web-Auth MAC Address MAC-Auth 802.1X Supplicant RADIUS Server 802.1X Supplicant IDM Agent 802.1X Authenticator Policy Enforcement Point (PEP) Supported in ProCurve edge devices 5300 / 5400 / 3400 / 3500 4100 / 4200 2600 / 2600-PWR / 2800 2500 420 / 530 / WESM Network Mgmt Server PCM / IDM Server ProCurve owned 3rd Party Software

  22. Authentication Directory Active Directory eDirectory LDAP Access Control Solution 2.0Identity Driven Manager 2.2 (IDM) & ProCurve NAC 800 • Endpoint tests for: • Operating systems versions & updates • Anti-Virus & anti-spyware software • Required or prohibited software Network Access Controller 800 EI Policy Definitions Endpoint Integrity Agent On-demand Endpoint Integrity Agent 802.1X Supplicant Any 802.1X Client RADIUS Server IDM Agent 802.1X Authenticator TNC Policy Enforcement Point (PEP) Network Mgmt Server PCM / IDM 2.2 Server ProCurve owned

  23. ProCurve NAC EI Implementation Start-up Service Pre-requisite for Agents ProCurve Identity Driven Manager (IDM) • ProCurve Network Access Controller 800 • (ProCurve NAC 800) • RADIUS Server • IDM Agent • EI Software (license req’d) • ProCurve NAC EI Agents • 100 clients • 250 clients • 1000 clients • 5000 clients Solution set IDM & ProCurve NAC Adaptive Access Control With 3rd party RADIUS Adaptive Access Control Access Control with Endpoint Integrity Adaptive Access Control with Endpoint Integrity

  24. What is ProCurve IDM 2.2? ProCurve Identity Driven Manager (IDM) provides adaptive access control for secure, customized access to network resources Secure network access: IDM works with standard RADIUS authentication to secure the network, allowing only approved users, when and where they are authorized to access the network Custom network access: IDM dynamically assigns access rights to identities (users) who are authorized to use the network

  25. Identity Driven Manager 2.2 cont. • Allows easy creation and management of user policy groups for optimizing network performance and increasing user productivity • Dynamically apply security, access and performance settings at port level based on policies • Automatic Authentication Database Sync • Access control configuration wizard • IDM adds network reportsand logs based on users for audit Client Integrity Status Based on => Device ID User/Group, Time, Location, Set => Bandwidth Limit VLAN ACLs QoS

  26. Identity Driven Manager v2.2What’s new • IDM 2.2 is a NO COST upgrade to IDM 2.0 and offers:Manageable access control • Secure Access Wizard • Dynamic Active Directory synchronization • Management and monitoring of the ProCurve NAC appliance • Comprehensive access control • Adaptive access control

  27. New ProCurve Network Access Controller 800 Simplifies deployment by integrating many components of an access control solution into a single network appliance • Network rack-mountable: 1U and shallow-depth • Manageable by the PCM+ / IDM management server • On-board RADIUS server • Convenient front console and LCD menu • USB drive helps simplify many maintenance tasks • Local authentication database for smaller environments w/o back-end servers

  28. Console, LCD, USB and Ethernet ports USB Port Console Port Port 1 • In-band Management Port2 • Varies by implementation mode LCD Panel • Interface for mode selection • IP Address configuration

  29. ProCurve Network Access Controller 800 Roles • Management Server • Configuration • Endpoint policies • Monitor device activity • Reports • License management • Test updates • Enforcement Server • Endpoint testing based on enforcement method • Access control status • Combination Server • Performs the combined roles of Management Server and Enforcement Server

  30. Multiple deployment options: 802.1X w/IDM as RADIUS only DHCP DHCP w/multiple VLANs Inline Server installation options: Combination Server Multiple Server Testing method options: NAC Agent ActiveX Agentless ProCurve Network Access Controller 800 Implementation options

  31. Centralized management of ProCurve NAC • Discovered by PCM • Integrated into IDM GUI • Launched with context • Complete EI navigation within PCM/IDM

  32. Antivirus, spyware, firewalls, peer-to-peer, allowed and prohibited programs and services OS versions, services packs, hot-fixes Security settings for browsers and applications New tests developed and delivered regularly Endpoint integrity checks

  33. ProCurve NAC EI Agent • ProCurve NAC EI Agents • 100 clients • 250 clients • 1000 clients • 5000 clients • ProCurve NAC EI Agent • 1-yr maintenance • 100 clients • 250 clients • 1000 clients • 5000 clients • Initial Purchase includes • Software license-to-use • 1-yr updates for EI Agent tests • Maintenance subscription • 1-yr updates for EI Agent tests • Maintenance subscription provides: • Live-content updates to endpoint integrity checks (OS patches, virus signatures, AV software versions, AV virus definitions, …)

  34. Access Control Solution 2.0Product structure New New New New

  35. ProActive Defense Access Control Network Immunity Secure Infrastructure Positioning the Access Control Solution within the ProCurve family • The new Access Control solution – with updated IDM and the brand new ProCurve Network Access Controller 800 – is a new additionto the ProCurve family of products and solutions. • This new solution fits within the ProCurve Adaptive Network vision and is one of the main components to the ProActive Defense security strategy, allowing for the continuous protection, detection and response to security threats at the network edge. • This comprehensive new vision delivers a trusted network infrastructure, which is controllable for appropriate use, immune to threats, and is able to protect data integrity for all users.

  36. Warranty and support * Software updates are done on a best-effort basis without commitment for future functional enhancements. Endpoint integrity test definitions are NOT part of the base platform and require a maintenance license for updates.

  37. Identity Driven Management (IDM) 2.2: Features overview

  38. ProCurve Network Access Controller 800: Features Overview (continued)

  39. Services

  40. New Network Access Controller 800Services Strategy NEW to ProCurve! – the sale of start-up/implementation services is REQUIRED with the sale of the Network Access Controller 800 complete solution • ProCurve’s intent is to enable our channel partners to sell and deliver the appropriate services for the solution • As a secondary service provider, ProCurve will offer an implementation startup service which will be delivered by ProCurve certified specialists • Channel partners required to complete a qualification process before they can deliver implementation services • Once ‘qualified’ each partner will receive a block of ‘Service Registration ID’ numbers which are used during the ‘registration’ process of the solution implementation • Service Registration ID#’s will be entered through the customer’s “My ProCurve” account during the implementation process and are required to provide initial* access to the Endpoint Integrity licenses * If a customer chooses to purchase additional Endpoint Integrity licenses in the future, no additional ProCurve NAC start-up/implementation services will be required. My ProCurve will retain the record of the initial start up service purchase and entitle the customer to download the additional licenses.

  41. Network Access Controller Services Offering

  42. Network Access Controller ServicesSales scenarios • Scenario #1: • Engage a value-added reseller to sell their own branded NAC Services • Scenario #2: • Reseller sells new ProCurve delivered service • J9083A - HP ProCurve Network Access Controller EndPoint Integrity Startup Service (inline and DHCP) • J9084A - HP ProCurve Network Access Controller EndPoint Integrity Startup Service (802.1X)

  43. Network Access Controller ServicesCorporate Price List Implementation services are sold/purchased just like any other ProCurve product and use “J” product numbers.

  44. 3 4 1 2 Network Access Controller ServicesProcess Flow Install Purchase Download Register • Channel Partner • Implementation • Service • Qualified reseller • Partner branded service • Service reg. ID # provided by PNB • PNB Channel Partner • Implementation • Service • Partner schedule • Partner on-site install • Service completed licenses • Customer purchase: • ProCurve NAC Implementation StartupService • Provided by either: • PNB Channel Partner (Partner branded service) • ProCurve (PNB branded service) Channel • My ProCurve Portal • (customer’s portal) • Hardware reg. ID # • Service reg. ID # • Installer Name • End Point Integrity Licenses • (customer’s portal) • Registration • Entitlement ProCurve • (#2) ProCurve NAC • Implementation • Start-up Service • Product • Service reg. ID # • Instruction card • During the purchasing of the following products: • ProCurve NAC hardware product and • End Point Integrity products • ProCurve • Implementation • Start-up Service • Service deployment • Email notification • Service scheduled • On-site install • Service completed 44

  45. More information on required services • For more details on the required services including specific partner requirements, qualification process, training and services toolkit information, please see the Powerpoint presentation, “ProCurve Network Access Controller Start-up Service Sales Training” located at the ProCurve Sales Resource Center: • http://internal.procurve.com/Sales/Training/Training.aspx

  46. Target Customers

  47. Target customers • This solution applies to all customers needing to address network security issues involving user authentication for wired and wireless networks.

  48. Vertical markets • Education • K-12 • Higher Education • Public Sector • Government • Corporate (campus) • Retail (branch offices) • Healthcare • Financial

  49. Target customer business needs • Protection of valuable network resources and intellectual property from internal and external security threats • Comprehensive yet affordable solution that answers critical network security issues • A solution that is easy to implement and maintain • Appropriate access to network resources based on time, location, and role -- allowing for increased productivity and higher efficiency in network resource utilization • Provide network access to only approved “clean” devices to ensure network security

  50. Target customer scenarioSingle campus network environment Corporate VLAN Remediation VLAN PCM/IDM Server ProCurve NAC 800 w/ProCurve NAC Agent Licenses ProCurve Adaptive Edge Devices • Solution includes: IDM, ProCurve NAC 800, and ProCurve NAC EI Agent Licenses • Remediation VLAN configured to all secured edge ports, in addition to all other company VLANs used • Clients authenticate via 802.1x, and are placed on VLAN based on EI status: • Corporate VLAN if the have recently passed EI testing • Remediation VLAN if they are Unknown … will be tested now and re-authenticated if they pass the EI test • Remediation VLAN if they fail EI testing • IDM also sets ACLs, QoS, and Bandwidth limits based on access policy • Works for both wired and wireless ProCurve edge devices Passed Connected to Corporate VLAN Unknown On Remediation VLAN to be tested Failed On Remediation VLAN, will be retested at next authentication

More Related