Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Purview TechTalks ©2014 Extreme Networks, Inc. All rights reserved. Applications Everywhere – Public and Private Cloud Here is the dilemma How users see applications: How traditional switches see applications: Port 80 Port 443 ©2014 Extreme Networks, Inc. All rights reserved. Given how traditional switches see applications... How does your business effectively Analyze application investments and RoI? Analyze network and application usage and their trends? Turn network knowledge into revenue or competitive advantages? Plan capacity and budgets? Reduce unnecessary application churn? Monitor application use to determine best practice? ©2014 Extreme Networks, Inc. All rights reserved. Given how traditional switches see applications... How does your IT team effectively Determine where to start troubleshooting (network, application, or server)? Proactively improve application performance to enhance user productivity? Optimize network & server architecture to support BW intensive applications? Identify shadow IT or unapproved applications on the network? Plan appropriate maintenance windows in 24 X 7 operations? ©2014 Extreme Networks, Inc. All rights reserved. Introducing… PURVIEW Network-powered application analytics and optimization captures and analyzes context-based application traffic to deliver meaningful intelligence ©2014 Extreme Networks, Inc. All rights reserved. Purview Architecture DPI NetFlow Application Flow and Context data ©2014 Extreme Networks, Inc. All rights reserved. The Purview Difference Application Visibility & Control at Layer 7 Contextual information beyond the application – user, role, location, time, device & more Application and network performance tracking Open & customizable fingerprints – Over 13,000 fingerprints for over 7,000 applications Pervasive across the entire network infrastructure Port independent application decoding – true DPI at scale Single architecture for edge, distribution, core, data center, perimeter Tbit/s speeds with no switch performance impact with scalability to millions of flows ©2014 Extreme Networks, Inc. All rights reserved. Good, Better, Best Deployment Good Overlay solution to existing networking gear (Extreme or 3rd party) – Out of band (visibility only) – Inline (optional, to be prepared for control) – Contextual information with NAC or data import Better Inline solution at the distribution, core or inside of the data center – Including NAC for more contextual information Best Pervasive deployment at the network access – – – – K-Series at the access layer also supporting bridged@AP deployments, upsell from stackables S-Series at the data center access Including NAC to provide contextual information Enforcement right at the entry point to the infrastructure ©2014 Extreme Networks, Inc. All rights reserved. Purview Delivers Intuitive dashboards and reporting – easily drill-in for additional details – Overall applications, bandwidth usage, clients, flows, and network & application performance – Business specific dashboards Pervasive application monitoring through the entire network – Edge to datacenter to core to internet Open & customizable application fingerprints – Accurate with signatures & heuristics – Over 13,000 fingerprints for over 7,000 applications out of the box – Ability to fingerprint custom applications Detailed application usage and performance information – Per application, user, device type, location, etc. 9 ©2014 Extreme Networks, Inc. All rights reserved. Welcome to Purview Application Dashboard 10 ©2014 Extreme Networks, Inc. All rights reserved. Shadow IT/Possible Data Exfiltration/Malicious Apps 11 ©2014 Extreme Networks, Inc. All rights reserved. Top Microsoft SkyDrive User 12 ©2014 Extreme Networks, Inc. All rights reserved. Unapproved Applications 13 ©2014 Extreme Networks, Inc. All rights reserved. Vulnerable Applications 14 ©2014 Extreme Networks, Inc. All rights reserved. Start Troubleshooting in the Right Place 15 ©2014 Extreme Networks, Inc. All rights reserved. Top Applications by Flows and Bandwidth 16 ©2014 Extreme Networks, Inc. All rights reserved. Average Bandwidth Usage for NAC Profiles 17 ©2014 Extreme Networks, Inc. All rights reserved. Average Client Counts for NAC Profiles 18 ©2014 Extreme Networks, Inc. All rights reserved. Dashboards for Important Verticals 19 ©2014 Extreme Networks, Inc. All rights reserved. Mapping Applications to Geolocations 20 ©2014 Extreme Networks, Inc. All rights reserved. Multiple Fingerprints for Important Applications 21 ©2014 Extreme Networks, Inc. All rights reserved. Open and Customizable Fingerprints 22 ©2014 Extreme Networks, Inc. All rights reserved. OneFabric Connect API – Integration options Real time application notification using LEEF (SIEM) format – To augment the type of data that gets exported by the Purview process, there is an option to send the same data that would normally be sent via IPFIX using the LEEF format via SYSLOG. – The data logged is similar in form to the IPFIX records. – The IP address fields could be either IPv4 or IPv6 addresses. TopN reports from the database and active flows from the engines active flow cache (in memory) via XML – More than 10 new function calls in the OneFabric Connect API to retrieve data from those sources Current integrations with Extreme SIEM and Splunk ©2014 Extreme Networks, Inc. All rights reserved. Purview in VM world DPI Ixia – TAP-VM ©2014 Extreme Networks, Inc. All rights reserved. NetFl ow Applica tion Flow and Context data Deployment Models Access – Distribution – Internet Application visiblity on access communications (typically covers most user traffic) Achieve application visibility for all communications except those that are resident only in the core Core Core – – Application visibility for all communicaitons that involve the core Include high-bandwidth applications such as storage backup runs Data Center – DMZ Distribution Multi-sensor + Multi-NetSight deployment to scale with massive data communications Pervasive – – – Multiple traffic domains with Purview coverage for all domains Multi-sensor + Multi-NetSight deployment Avoids duplication of flows across traffic domain selections ©2014 Extreme Networks, Inc. All rights reserved. Edge Purview Mirror Ports Purview Engine Server Farm Common Flow Collection Issues Unidirectional flows Duplicate flow Network load balancing Asymetrical routing Network address translation ©2014 Extreme Networks, Inc. All rights reserved. PoC – technical hints Purview Mirror: – RAW or GRE RAW: – Enable the promisc mode on the virtual portgroup GRE: – Source of GRE must be UP – Routing must be enabled – The source and destination ports must be the same speed Do not forget to configure locations Special settings to enable the IAM (NAC) integration ©2014 Extreme Networks, Inc. All rights reserved. 28 ©2014 Extreme Networks, Inc. All rights reserved.