Control Your Network! Infoblox Overview Paul de Haan – Systems Engineer February 10 2014 1 | © 2013 2014 Infoblox InfobloxInc. Inc.All AllRights RightsReserved. Reserved. Infoblox Overview & Business Update Total Revenue Founded in 1999 (Fiscal Year Ending July 31) Headquartered in Santa Clara, CA with global operations in 25 countries $250 Leader in technology for network control $200 ($MM) $225.0 $169.2 Market leadership $150 $132.8 • Gartner “Strong Positive” rating • 40%+ Market Share (DDI) $102.2 $100 6,900+ customers, 64,000+ systems shipped $56.0 $50 $61.7 $35.0 38 patents, 25 pending IPO April 2012: NYSE BLOX 2 | © 2013 2014 Infoblox InfobloxInc. Inc.All AllRights RightsReserved. Reserved. $0 FY2007 FY2008 FY2009 FY2010 FY2011 FY2012 FY2013 With Infoblox VIRTUAL MACHINES PRIVATE CLOUD APPLICATIONS NETWORK INFRASTRUCTURE CONTROL PLANE APPS & END-POINTS END POINTS Infrastructure Security Historical / Real-time Reporting & Control Infoblox GridTM w/ Real-time Network Database FIREWALLS 3 | © 2013 2014 Infoblox InfobloxInc. Inc.All AllRights RightsReserved. Reserved. SWITCHES ROUTERS WEB PROXY LOAD BALANCERS Infoblox Value To Our Customers • GridTM technology for fault tolerance, easy updates and one-click DR • Optimized for enterprise demand & performance Available • Authoritative source for network data • Secure hardware form-factor & hardened OS Available Secure • Designed to minimize vulnerabilities and attack surfaces Secure • Common Criteria certified • Powerful automation of manual processes • Reduce change errors & assure compliance Automated • Save time, money and effort 4 | © 2013 2014 Infoblox InfobloxInc. Inc.All AllRights RightsReserved. Reserved. Automated The Infoblox Solution Portfolio IP Address Management (IPAM) Network Services Network Automation IPAM Infoblox DDI: (DNS, DHCP, IPAM) NetMRI Advanced DNS Protection Network Insight Load Balancer Manager Switch Port Manager DNS Firewall IPAM for Microsoft (Windows Server) 3rd Party Adapters Automation Change Manager DNS Firewall-FireEye Adapter IPAM for Microsoft System Center Orchestrator Security Device Controller IPAM for VMware vCenter Orchestrator Infoblox Advanced Reporting Infoblox Grid™ Real-time Network Database Physical & Virtual Appliances 5 | © 2013 2014 Infoblox InfobloxInc. Inc.All AllRights RightsReserved. Reserved. Subscriptions Security New Products in Last 12 Months IP Address Management (IPAM) Network Services Network Automation IPAM Infoblox DDI: (DNS, DHCP, IPAM) NetMRI Advanced DNS Protection Network Insight Load Balancer Manager Switch Port Manager DNS Firewall IPAM for Microsoft (Windows Server) 3rd Party Adapters Automation Change Manager DNS Firewall-FireEye Adapter IPAM for Microsoft System Center Orchestrator Security Device Controller IPAM for VMware vCenter Orchestrator Infoblox Advanced Reporting Infoblox Grid™ Real-time Network Database Physical & Virtual Appliances 6 | © 2013 2014 Infoblox InfobloxInc. Inc.All AllRights RightsReserved. Reserved. Subscriptions Security Infoblox Appliances Families PT-4000 PT-2200 ND-4000 Trinzic Reporting PT-1400 ND-2200 Trinzic 4030 ND-1400 Trinzic 4010 Trinzic 2220 ND-800 Trinzic 100 Network Automation 4000 Trinzic 2210 Trinzic 1420 Network Automation 2200 Trinzic 1410 Trinzic 820 Trinzic 810 7 | © 2013 2014 Infoblox InfobloxInc. Inc.All AllRights RightsReserved. Reserved. Network Automation 1400 Infoblox and Juniper – Network Insight 8 | © 2013 2014 Infoblox InfobloxInc. Inc.All AllRights RightsReserved. Reserved. ND Appliances are Grid Ready Cloud Orchestration Integration (VMware, BMC) Virtualization VMware Integration Patented Grid Technology: Central Management, Authoritative DB Grid Master at Recovery Site Virtualization & Cloud Integration HQ Grid Master Network Insight ND Appliance Reporting Server Integrated Advanced Reporting Engine ND Consolidator Branch Office New All Centrally Managed as ONE System Branch Office New Branch Office Branch Office ND Probe Edge Network/ Remote Offices Network Insight ND Appliance Microsoft DNS, DHCP Agentless Management of Microsoft DNS/DHCP & Full AD Integration 9 | © 2013 Infoblox Inc. All Rights Reserved. Visibility into all configured networks IPAM view automatically indicates managed and unmanaged networks (highlighted in yellow) From the IPAM view select a network and view the infrastructure devices located on that network 10 | © 2013 Infoblox Inc. All Rights Reserved. You can’t fix what you don’t see Unknown devices identified in the network that are not in IPAM are flagged as Unmanaged enabling easy identification and fast action. (highlighted in yellow) Select an IP address to view more information about the switch port the device is connected too. A complete view of all interfaces, port speed, port type and VLANS on the port, admin status, and operation status 11 | © 2013 Infoblox Inc. All Rights Reserved. Infoblox and Juniper – BMP 12 | © 2013 2014 Infoblox InfobloxInc. Inc.All AllRights RightsReserved. Reserved. Infoblox Network Automation Overview Real-time & Historical Analysis • Network discovery • Built-in analysis • Check against best practices • Detect issues • Monitor and manage change • Automate change • Maintain compliance • Provision ACL & rules 13 © 2013 Infoblox Inc. All Rights Reserved. Collected Via: SNMP CLI/configuration Syslog Fingerprinting Change Management Automatic change detection Accurate job flow and control Every change at fingertips Saved historical configurations Simple side by side comparisons Powerful configuration search 14 © 2013 Infoblox Inc. All Rights Reserved. Change Automation Embedded jobs and scripts Templates for easy customization Easily import existing Perl scripts Powerful variablebased jobs User-based, role access controls Scheduled and triggered jobs 15 © 2013 Infoblox Inc. All Rights Reserved. Bare Metal Provisioning Templates Easily provision new network devices without truck rolls or on-site engineer requirements © 2011 Infoblox Inc. All Rights Reserved. 16 Bare Metal Provisioning Templates Create and lists customizable templates and define user device configuration options © 2011 Infoblox Inc. All Rights Reserved. 17 Infoblox and Juniper – IF-MAP 18 | © 2013 2014 Infoblox InfobloxInc. Inc.All AllRights RightsReserved. Reserved. IF-MAP: A Powerful Standard IF-MAP = Interface to Metadata Access Points An open protocol standard published (free) by the Trusted Computing Group – Available since April, 2008 – Version 2.0 released August, 2010 – Now shipping in products supplied by a growing list of vendors Pub/sub database - Like Facebook for IP devices and systems Supports a wide array of applications: – – – – – Multi-Vendor Network Security (NAC) Network Infrastructure systems Asset Management Smart Grid Network Automation / Cloud Computing Could do for data sharing what IP did for connectivity © 2011 Infoblox Inc. All Rights Reserved. © 2009 Infoblox Inc. All Rights Reserved. The Pain: Sharing Data Across Disparate Systems ERP SIEM Smart Grid Supply Chain Mgmt AAA Switches Routers Network Location CMDB Building Controls Factory Controls Network Security DNS, DHCP Asset Mgmt CRM IPAM Infrastructure Management HR Applications SNMP, Syslog, Netflow • Complex • Costly Custom Integration – API’s, Scripts • Brittle • High Maintenance © 2011 Infoblox Inc. All Rights Reserved. © 2009 Infoblox Inc. All Rights Reserved. IF-MAP Provides an Elegant, Open Approach for Data Sharing SIEM Smart Grid Supply Chain Mgmt AAA Switches Routers Network Location CMDB ERP Building Controls Factory Controls Network Security DNS, DHCP Infrastructure Management Asset Mgmt CRM IPAM HR Applications IF-MAP Protocol (Publish, Subscribe, Search) IF-MAP Server Automatically aggregates, correlates, and distributes data to and from different systems, in real time © 2011 Infoblox Inc. All Rights Reserved. © 2009 Infoblox Inc. All Rights Reserved. Infoblox NIOS Appliances Support IF-MAP Dynamically updates IF-MAP server when IPs are allocated, renewed, or released by NIOS DHCP server Other systems can subscribe to updates and take action in realtime (e.g. discovery, configuration, scanning, open/close ports, etc.) Unique to the Infoblox DHCP server (today) Infoblox NIOS Appliance DHCP Lease Information (IP, MAC, Start, Duration, etc.) IF-MAP Server © 2011 Infoblox Inc. All Rights Reserved. © 2009 Infoblox Inc. All Rights Reserved. Use case – Access Control Problem Statement Problem: A global company needs to prevent unauthorized devices from connecting at remote sites Requirements Need to determine the right policy for different endpoints – Company-owned PCs, non-company PCs, non-PC devices (e.g. barcode scanners) Access control system must not be complicated technically or for the end user – Cannot install software on these endpoints – Cannot require human interaction for network connectivity © 2011 Infoblox Inc. All Rights Reserved. © 2009 Infoblox Inc. All Rights Reserved. Use Case – Solution for Policy-Based Remote Access 192.0.2.7 User= John Windows 802.1X Client 00:11:22:33:44:55 MAP Database 10- Endpoint requests DHCP 1- Endpoint plugs-in 2- SW sends EAP Start 3- Supplicant sends credentials identity = John 14- Endpoint generates traffic Accessrequestmac 11-DHCP sends MAC-IP metadata Infobox HA Pair DHCP/DNS Appliance to MAP 9- SW opens port MAC = 00:11:22: 33:44:55 IP-MAC Switch 8- UAC sends RADIUS accept to SW 4- SW sends RADIUS Credential to UAC Juniper SSG Firewall 13- UAC activates L3 access on FW. MAP server Authenticated -as 6- UAC publishes To MAP IP= 192.0.2.7 7- UAC subscribes to MAP 12-MAP sends IPMAC to UAC CHANGE? CHANGE! Juniper IC Series UAC 5- UAC does Auth. Lookup Private Applications IF-MAP © 2011 Infoblox Inc. All Rights Reserved. AAA Accessrequest = 113:3 Capability = access-privateapplications © 2009 Infoblox Inc. All Rights Reserved. Thank you! 25 | © 2013 2014 Infoblox InfobloxInc. Inc.All AllRights RightsReserved. Reserved.