Download Purview

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
page
17
page
18
page
19
page
20
page
21
page
22
page
23
page
24
page
25
page
26
page
27
page
28
Document related concepts
no text concepts found
Transcript 
Purview
TechTalks
©2014 Extreme Networks, Inc. All rights reserved.
Applications Everywhere – Public and Private Cloud
Here is the dilemma
How users see applications:
How traditional switches see applications:
Port 80
Port 443
©2014 Extreme Networks, Inc. All rights reserved.
Given how traditional switches see applications...
How does your business effectively
 Analyze application investments and RoI?
 Analyze network and application usage and their trends?
 Turn network knowledge into revenue or competitive advantages?
 Plan capacity and budgets?
 Reduce unnecessary application churn?
 Monitor application use to determine best practice?
©2014 Extreme Networks, Inc. All rights reserved.
Given how traditional switches see applications...
How does your IT team effectively
 Determine where to start troubleshooting (network, application, or server)?
 Proactively improve application performance to enhance user productivity?
 Optimize network & server architecture to support BW intensive applications?
 Identify shadow IT or unapproved applications on the network?
 Plan appropriate maintenance windows in 24 X 7 operations?
©2014 Extreme Networks, Inc. All rights reserved.
Introducing…
PURVIEW
Network-powered application analytics and optimization
captures and analyzes context-based application traffic to deliver meaningful
intelligence
©2014 Extreme Networks, Inc. All rights reserved.
Purview Architecture
DPI
NetFlow
Application
Flow and
Context
data
©2014 Extreme Networks, Inc. All rights reserved.
The Purview Difference
Application Visibility & Control at Layer 7
 Contextual information beyond the application
– user, role, location, time, device & more
 Application and network performance tracking
 Open & customizable fingerprints
– Over 13,000 fingerprints for over 7,000 applications




Pervasive across the entire network infrastructure
Port independent application decoding – true DPI at scale
Single architecture for edge, distribution, core, data center, perimeter
Tbit/s speeds with no switch performance impact with scalability to
millions of flows
©2014 Extreme Networks, Inc. All rights reserved.
Good, Better, Best Deployment
Good
 Overlay solution to existing networking gear (Extreme or 3rd party)
– Out of band (visibility only)
– Inline (optional, to be prepared for control)
– Contextual information with NAC or data import
Better
 Inline solution at the distribution, core or inside of the data center
– Including NAC for more contextual information
Best
 Pervasive deployment at the network access
–
–
–
–
K-Series at the access layer also supporting bridged@AP deployments, upsell from stackables
S-Series at the data center access
Including NAC to provide contextual information
Enforcement right at the entry point to the infrastructure
©2014 Extreme Networks, Inc. All rights reserved.
Purview Delivers
 Intuitive dashboards and reporting – easily drill-in
for additional details
– Overall applications, bandwidth usage, clients,
flows, and network & application performance
– Business specific dashboards
 Pervasive application monitoring through the entire
network
– Edge to datacenter to core to internet
 Open & customizable application fingerprints
– Accurate with signatures & heuristics
– Over 13,000 fingerprints for over 7,000
applications out of the box
– Ability to fingerprint custom applications
 Detailed application usage and performance
information
– Per application, user, device type, location, etc.
9
©2014 Extreme Networks, Inc. All rights reserved.
Welcome to Purview
Application Dashboard
10
©2014 Extreme Networks, Inc. All rights reserved.
Shadow IT/Possible Data Exfiltration/Malicious Apps
11
©2014 Extreme Networks, Inc. All rights reserved.
Top Microsoft SkyDrive User
12
©2014 Extreme Networks, Inc. All rights reserved.
Unapproved Applications
13
©2014 Extreme Networks, Inc. All rights reserved.
Vulnerable Applications
14
©2014 Extreme Networks, Inc. All rights reserved.
Start Troubleshooting in the Right Place
15
©2014 Extreme Networks, Inc. All rights reserved.
Top Applications by Flows and Bandwidth
16
©2014 Extreme Networks, Inc. All rights reserved.
Average Bandwidth Usage for NAC Profiles
17
©2014 Extreme Networks, Inc. All rights reserved.
Average Client Counts for NAC Profiles
18
©2014 Extreme Networks, Inc. All rights reserved.
Dashboards for Important Verticals
19
©2014 Extreme Networks, Inc. All rights reserved.
Mapping Applications to Geolocations
20
©2014 Extreme Networks, Inc. All rights reserved.
Multiple Fingerprints for Important Applications
21
©2014 Extreme Networks, Inc. All rights reserved.
Open and Customizable Fingerprints
22
©2014 Extreme Networks, Inc. All rights reserved.
OneFabric Connect API – Integration options
 Real time application notification using LEEF (SIEM) format
– To augment the type of data that gets exported by the Purview process,
there is an option to send the same data that would normally be sent via
IPFIX using the LEEF format via SYSLOG.
– The data logged is similar in form to the IPFIX records.
– The IP address fields could be either IPv4 or IPv6 addresses.
 TopN reports from the database and active flows from the engines
active flow cache (in memory) via XML
– More than 10 new function calls in the OneFabric Connect API to
retrieve data from those sources
 Current integrations with Extreme SIEM and Splunk
©2014 Extreme Networks, Inc. All rights reserved.
Purview in VM world
DPI
Ixia – TAP-VM
©2014 Extreme Networks, Inc. All rights reserved.
NetFl
ow
Applica
tion
Flow
and
Context
data
Deployment Models
 Access
–
 Distribution
–
Internet
Application visiblity on access communications
(typically covers most user traffic)
Achieve application visibility for all communications
except those that are resident only in the core
Core
 Core
–
–
Application visibility for all communicaitons that
involve the core
Include high-bandwidth applications such as storage
backup runs
 Data Center
–
DMZ
Distribution
Multi-sensor + Multi-NetSight deployment to scale
with massive data communications
 Pervasive
–
–
–
Multiple traffic domains with Purview coverage for all
domains
Multi-sensor + Multi-NetSight deployment
Avoids duplication of flows across traffic domain
selections
©2014 Extreme Networks, Inc. All rights reserved.
Edge
Purview Mirror Ports
Purview Engine
Server Farm
Common Flow Collection Issues





Unidirectional flows
Duplicate flow
Network load balancing
Asymetrical routing
Network address translation
©2014 Extreme Networks, Inc. All rights reserved.
PoC – technical hints
 Purview Mirror:
– RAW or GRE
 RAW:
– Enable the promisc mode on the virtual portgroup
 GRE:
– Source of GRE must be UP
– Routing must be enabled
– The source and destination ports must be the same speed
 Do not forget to configure locations
 Special settings to enable the IAM (NAC) integration
©2014 Extreme Networks, Inc. All rights reserved.
28
©2014 Extreme Networks, Inc. All rights reserved.
Related documents
MSRF Experience in Urologic Oncology Neil Pugashetti, MS4 U.C. Davis School of Medicine
MSRF Experience in Urologic Oncology Neil Pugashetti, MS4 U.C. Davis School of Medicine
Welcome to the Science Department!
Welcome to the Science Department!
The Purview™ Solution – Technical Overview
The Purview™ Solution – Technical Overview
Locard Exchange Principle
Locard Exchange Principle
Legend
Legend
Slide ()
Slide ()
Learning Fingerprints for a Database Intrusion Detection System
Learning Fingerprints for a Database Intrusion Detection System
crime scene chemistry: fingerprint detection
crime scene chemistry: fingerprint detection
Chemical Composition of Stars II
Chemical Composition of Stars II
fingerprints - Liberty Union High School District
fingerprints - Liberty Union High School District
to Intro Forensic Science
to Intro Forensic Science
A selection of the main decisions by the Italian
A selection of the main decisions by the Italian
Solgar N-Acetyl-L-Cysteine NAC 600mg (60`s)
Solgar N-Acetyl-L-Cysteine NAC 600mg (60`s)