Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Computer Networks

D-Link's Integrated Security Architecture

advertisement 
D-Link Business Solutions
Scop Dealer’s Meeting
Andrei Partenie – D-Link Romania
Corporate Solutions Manager
September 2008
Agenda
• Company Introduction
• D-Link’s approach to the Business Market
• D-Link’s Business Technologies & Solutions
• Architecture
• Security Technologies
• LAN Technologies
• Business Wireless Technologies
• Summary
Who we are & what we do
True Designer and Manufacturer for Over 20 Years
•
•
•
•
•
Company revenues in excess of $1 Billion
127 sales offices and 10 distribution centres covering 100+ countries
D-Link has over 2000 employees worldwide
True designer, developer and manufacturer of network products
Focused on Expanding to New and Emerging Markets
The D-Link Advantage
•
•
•
•
•
•
•
Product portfolio with over 1000 products for Enterprise, SMB and SOHO
Channel friendly distribution model
Evolving channel programs to match changing markets
Lower total cost of ownership and higher return on investment for products
Worldwide #1 market share in SME connectivity*
Worldwide #1 market share in Unmanaged Gigabit ports shipped
Worldwide #1 market share in Unmanaged 10/100 ports shipped
Real-World Networking approach
1. Fusing global vision with local insights
• Our strength is utilising our global technology platforms in a framework where we leverage fast,
local development capabilities & local support infrastructure
• We offer differentiation from large US networking vendors in that we offer differentiation & support
at a local level, yet still being able to captialise on the efficiencies of a global manufacturing base
2. Intuitive Technology
• Strong technology & featureset, well engineered products that meet market needs
• For the SME, products are easy to set up, use, and maintain but with strong, class-leading feature
depth if required
3. Obvious Business Sense
• Price/Performance ratio of D-Link’s product is second to none
4. Green
• First to market with “green” products in networking space at no price premium
• Real value : translates to savings in heat/power & space as well as helping the environment
Our Business Solutions
E2ES Secure Network Architecture
Switching
•
•
•
•
•
Security
Chassis Switching
Xstack Switching
L2/3 Managed switches
Smart switches
Unmanaged switches
•NetDefend firewalls
• UTM firewalls
• IP VPN portfolio
• IP Surveillance
• Networked Storage
Wireless
•Wireless-N, -G, -B, -A
• Business Wireless Solutions
• Unified Switching
• Access points & Antennae
Technology Growth Areas
IP Communications, IP Surveillance, Storage
D-View Network Management Platform
Real-World Networking
Business Solutions
Security
Gateway Security
NetDefend IPS/UTM Firewall Family
• ICSA Labs Enhanced Certified “Firewall Corporate” Security Products
• Integrated Firewall/VPN Appliance
• Multiple User-Configurable Ethernet/Gigabit Interfaces
• Outstanding Performance
• Unified Threat Management:
• Intrusion Prevention Service (IPS)
• Anti-Virus (AV) Protection
• Anti-SPAM
• Web Content Filtering (WCF)
• Bandwidth Management
• Fault Tolerance
• ZoneDefense
• Unrestricted User Support
D-Link’s Integrated Security Architecture
 Joint Security
Enterprise Network
 Gateway Security
 Endpoint Security
ZoneDefense: an Integrated Approach to Security
If Malicious Attack
occurs !
Guest
Wireless
Client
Worms
802.1x Enforcement
System Health
Server
Microsoft
Network Policy Server
Guest Access
Scenario
:
Remediation
Scenario:
Compliant
Scenario:
Non-Compliant
Scenario:
DHCP Enforcer
Server
On-Demand
Policy Manager
Router
xStack Switch
Before
connection,
you should
Guests
are
assigned
The
client
gets
patch/virus
If
client’s
patch
is not
have
username/password
restrictive
to or
pattern
etc,
To correct
updated,
it access
just
canright
go its
to
token.
After
login,
the
system
the network
health
statusserver, health
remediation
will check the compliance
server
and
network you
policy
policy.
If
compliant,
are
Firewall
informs
Server
allowed
connectto
to the
xStacktoswitch
network
block malicious
attacker’s IP traffic
NetDefend
Radius
Remediation
DHCP
NetDefend
Kiosk
Applications
Mobile User
Host Integrity Rule
Status
EAP
Status
Telecommuter
Anti-Virus On
User Name
Anti-Virus
Updated
Partner
Personal Firewall On
Password
Thieves
Integrated Client-to-Gateway Protection that Ensures Secure Network
Service Pack Updated
Token
Patch Updated
Hackers
D-Link’s Integrated Security Architecture
Joint Security
Microsoft NAP
• Evaluation security compliance before connection permitted
• Quarantine and remediation for non-compliant user
• Identity-based Network Admission Control (NAC)
ZoneDefense
• Any malicious traffic detected by firewall can trigger xStack
switches to block the threat & its dissemination in real time.
• ZoneDefense technology enables firewalls and xStack switches
to work together as a single network security system. (Firewalls
control traffic inspection, whilst xStack switch performs wirespeed
filtering at port level).
UTM Services
Firewall
VPN
IPS
Anti-Virus
Web
Content
Filtering
Application
Control
Integrated with industry leaders to deliver UTM services
• Intrusion Prevention Service (IPS) in conjunction with Endeavor
• Anti-Virus (AV) Protection in conjunction with Kaspersky
• Web Content Filtering (WCF) in conjunction with ContentKeeper
• Available as a software update
service/package from D-Link
UTM Key Benefits





High throughput, high performance with true Hardware Acceleration and
stream-based scanning
Industry-leading IPS signature database (8000+) capability.
No file size and connection limitation for Anti-Virus scanning, allowing
files over 10MB to be scanned for hidden viruses & dramatically increasing
throughput/reducing delays
Best of breed approach to Antivirus, WCF and IPS using industry-leading
vendors;
Triggering ZoneDefense by IPS and Anti-Virus* protect against virus or
network worm threats in real-time.
* Support in future release
Switching
D-Link key value proposition
• Strong range of Small, Medium & Enterprise Products
•
•
•
•
Unmanaged Switches: market leader worldwide
SMART (Web-managed) Switches
Stackable Switching (Virtual stacking through SIM or physical stack technologies)
Enterprise/Metro-grade Chassis Switches
• PoE, non-PoE and Hybrid variants to suit all business needs
• FE, GigE & 10GigE variants provide wide range of technologies & options across market
• Impressive Price/Performance Ratio
• Market leader in unmanaged Ethernet switch ports worldwide
• Deep featureset capability comparable to any leading market vendor
• Inbuilt security architecture
• Used in combination with D-Link Firewalls to offer seamless integrated security
• Green Technology : first to market
• Green Ethernet provides real cost saving benefits to LAN infrastructures
Business Switching Product Categories
Unmanaged Switches:
• Provide layer 2 plug-and-play connectivity for home and small businesses.
• Ideal for small networks that require no management, configuration or
maintenance
DES-1016D
Managed Switches:
• Allow administrators to monitor traffic across the network, introduce
redundancy and control access with deep feature-sets.
• Found in networks with numerous users and applications, where performance,
security and reliability must be maximized
• Stackable technologies allows smaller-configuration units to be “stacked”,
operating as if they were a single, larger unit
DES-3526
Smart (Web-managed) Switches:
• Offering a mid-way alternative, a smart switch offers many of the benefits of a
managed switch but without the complexity
• Configuration is simplified via a web browser, combining ease of use of
unmanaged switches whilst introducing advanced management features.
• Ideal for users who need basic management features
DES-1228
The “Green” Approach & Commitment
> Our “Green” approach is first to market and can save on
average over 44% of power costs
• Power Supplies Energy-Star compliant, switches move to fanless design
• If there is no cable link or link partners turn idle, Green Ethernet will put
port in a “sleep mode”, reducing power used for that port
• Green Ethernet detects Ethernet cable length and adjusts power usage to
save power. (Switches typically configured for 100m cable length)
“Green Ethernet is a new technology that is receiving significant interest from those
companies that are consciously looking at ways to reduce energy consumption and ultimately
their carbon footprint.
D-Link has stolen a lead on its core competitors, by being the first to market with this
technology and importantly offering it to market with no price premium.”
Lloyd Everard, Director of Infrastructure, the SAS Group
D-Link Web-Smart Switches
Versatile switches with intuitive management features
• Strong featureset
comparable to Enterprise
Switches
• Enhanced and intuitive
web interface for
management
• Ideal for small/medium
business
xStack: Premium Business Products
Reduced network management
resources:
Enabled by SIM technology that allows 32 switches to be managed
by one single IP address.*
Reduced network infrastructure
costs:
Enabled by reduction in modules & expensive interconnect cables as well as
flexible stacking switches.
Pro-active network security:
By integrating with D-Link’s firewalls, the managed switches can effectively
block any malicious host when detected, enabling network uptime whilst
avoiding the spread of viruses.
Increased network reliability &
redundancy:
Enabled by fail proof ring and star stacking topology and redundancy
protocols.
Future-proof scalability:
By implementing Layer3 Gigabit switches that can support Ethernet to the
desktop but can be upgraded to Gigabit if required.
Increased bandwidth & speed:
By avoiding bottle necks within the network and ensuring cost effective 10
Gigabit connections.
Flexibility :
Enabled by PoE** technology and flexible uplinks.
Life-time support
All xStack products come with life-time warranty. Optional business support
and service offerings are offered by your local D-Link office.
* SIM- Single IP Management allowing up to 32 devices to be managed via one IP address,
Moving up the enterprise chain
2008 Product Introduction: – DES-8000 series
• Strong chassis switching architecture targetted at
high-end Enterprise and Metro Ethernet player
•
•
•
•
•
•
•
•
•
4/6/10 slots
Single/Dual CPU Engine
Max: 384 GE or 128 10GE ports
3Tbps Switching capacity
Inherit all DES-6500 L2/L3 features
BGPv4*, IPv6 dynamic routing*
Advanced Service Engines for MPLS*, WLAN*, Firewall/NAT*
AC/DC PWR, PoE support
Availability H2/2008
Product Portfolio Highlights
Managed
Smart
Unmanaged
> 20 employees
DES-3028/P
DES-1228/DES-1228P
DES-1024D/1024R+
20-100 employees
DES-3526
DGS-3100P series
100-250 employees
DES-3500 series
DES-3800 series
DGS-3600 series
DGS-3400 series
DES-1228/DES-1228P
DGS-1248T
DES-1024D/1024R+
DGS-1024D
250+ employees
DGS-3600 series
DGS-3400 series
DGS-6500 series
DGS-1248T
DGS-1024D
DGS-1248T
DGS-1024D
Summary
D-Link has one of the industry’s most comprehensive portfolio
offerings for SME and Enterprise LAN
• Currently we ship over 65M Ethernet ports worldwide, second to only Cisco
• We are worldwide market leaders in non-managed LAN switching (Instat)
• Strong portfolio covering today & tomorrow’s switching needs
• Gigabit Ethernet and 10GE solutions, PoE, integrated security
• From Metro/Enterprise chassis switches down to Unmanaged products
• Innovation coupled with performance: Real-World Networking
• Leadership & first to market in Green Ethernet technology
• Integrated security features and architecture
• Strong featureset comparable to any other switch vendor in today’s market
• Convincing price/performance ratio
Business Wireless
Business Wireless – Market Overview
• WLAN spending is forecast to more than double by 2010 as businesses
invest heavily in wireless infrastructure (Gartner)
• Key drivers are user & application mobility, user consolidation
(improving the user:network ratio), improved awareness at consumer
level and enhancing security of the network
• In some key verticals, additional technology applications are driving the
need for wireless technologies
e.g. Retail/Warehousing: RFID & wireless tracking technologies
Voice-over–WLAN technologies at Enterprise & SME
• Wireless-N standard ratification will improve productivity and
throughput of current wireless networking infrastructures: Gartner
forecasts around half of all business wireless will be Wireless-N standard
by 2011.
D-Link Key Value Proposition
Unified Switching in the business
• One single device can manage both wired & wireless access traffic –
Unified Switch = Wireless controller + LAN switch
• Centralized management for wireless AP & client, including security
policy & RF parameters
• Enable seamless wireless roaming without the need of changing IP &
user re-authentication: necessary in particular for voice applications
• Compared to previous generation wireless solutions (mobile controller),
Unified Switching platforms offer a strong depth of features to
complete wired switching functions & enough physical connections to be
in the edge position
Deploying into existing networks
• In large WLAN deployments with many
Access Points, it makes sense to
centralize AP management in order to
gain efficiency. This has traditionally
been achieved by integrating a
dedicated appliance into the core of the
network.
• In this “overlay” deployment, traffic is
tunnelled to the switch for centralized
data forwarding “decisions”.
• This has the advantage of not
disturbing any existing LAN switching
infrastructure.
Optimising with Unified Switching
• A more recent approach is to fully
integrate and control the wireless
elements at the edge of the
network, creating a unified wired
and wireless access system.
• The solution consists of one
traditional layer 2+ switch
enhanced with the capabilities of a
Wireless Appliance and “thin”
Access Points entirely controlled
from the switch.
• This has the advantage of
scalability and with “peer” switches
distributing the WLAN Switching
capability, roaming areas can be
significantly extended.
Unified Switching Value Proposition
Flexible Deployment
• Support Tunnelled and Non-Tunnelled mode
• Wireless traffic can be tunnelled back to the switch or be forwarded locally at the
AP.
• Additional costs savings can be established by reducing necessity for additional
ethernet LAN switches at the edge
Strong Feature & Administration Support
•
•
•
•
•
•
•
Single point of administration & policy management
Rogue Access Point Prevention & Access Point Load Balancing
Fast L2/L3 roaming across subnets (ideal for VoWLAN support)
Wireless-11N support
Automatic Power/Channel adjustment (to minimise interference)
Centralized Access Point profile dispatch
Access Point Self-Healing & Fail-over
DWS-3024 & DWS-3024L
Layer2+ Gigabit Wireless Switch with PoE support
24 10/100/1000Mbps ports with PoE
4 combo SFP slots
Supports up to 48 wireless Access Points (24
APs supported on DWS-3024L)
Optional external redundant power supply
Switch fabric: 48Gbps
Wireless Security
WPA/WPA2 Personal/Enterprise
Encryption: TKIP, AES-CCMP, EAP-TLS,
TTLS, PEAP-GTC, PEAP-MS-CHAPv2,
EAP-FAST
Full Layer2+ feature set
Link Aggregation / Port mirroring / Broadcast
storm control
802.1Q VLAN tagging
ACL Based on: Switch Port, MAC/IP Address,
802.1p Priority Queues, VLAN, Ethertype, DSCP,
TCP/UDP port
Quality of Service
802.1p Priority Queues (up to 8 queues per port)
CoS Based on: Switch Port, VLAN, DSCP, TCP/UDP
Port, ToS, Destination/Source MAC address & IP
address
D-Link Access Point Benefits
D-Link Access Points are ideal for hotspot deployment or for
connecting existing networks between buildings.
Security
Mobility and Flexibility
Fully-featured security with support for WPA2
(802.11i), WPA, WEP, AES, TKIP, 802.1X, Wireless
Partition, rogue AP detection, HTTPS, SSH.
With support for multiple operation modes (Access
Point, Access Point with WDS, WDS), the APs can
adapt to your environment.
AP manager
Roaming
Central management features with bundled software.
Built-in SNMP support (v3).
Allows you to seamlessly move between access
points without losing the connection.
Power over Ethernet
Multiple SSID and VLAN
Allows you to segment your wireless network.
All D-Link's wireless APs have PoE support for
flexible and cost-effective installations (PoE base
unit included).
Access Points Offerings
Range of products for all sizes of business
• “Fat” AP – Traditional standalone AP
• Each AP is independently managed
• Limited ability to handle roaming
• “Thin” AP – Managed AP
• Only works in conjunction with a wireless controller
• Centrally managed so it can provide scalable roaming capability & low
management overhead
• Unified AP – Dual mode solution
• Can work in both standalone and managed mode
• Provides upgrade /deployment flexibility
Unified AP support: DWL-8500AP R2.0, DWL-3500AP R2.1
DWL-3500AP /DWL- 8500AP – ‘Thin’ Indoor APs
Common features




DWL-3500AP
802.11g Wireless
Switch Access Point
DWL-8500AP
802.11a/g Dual-Band
Wireless Switch Access Point




802.11g operation
Detachable 5dBi 2.4Ghz
antennas
Exclusive use with DWS-3024
One 10/100Mbps Ethernet port with
802.3af PoE
Plenum-rated metal chassis
Possibility to secure the device with the
included locking bracket and a padlock
or wire locking system
•
•
•
•
802.11a/g operation
Detachable dualband
5Ghz/2.4Ghz antennas
No local data store: settings are applied from the
wireless switch
RF Auto-tuning and scanning
Virtualised APs / Multiple SSID / BSSID support
Wireless QoS
•
•
Wireless Multi Media (WMM)
SpectraLink SVP
Unified AP
Placeholder slide
Slide will be inserted once new unified AP delivery times are
confirmed
Summary
• D-Link's wireless solutions are purely designed to meet the B2B needs for a
powerful, secure and scalable wireless environment
• D-Link's wireless solutions enable mobility, security and application
availability whilst running at a high-efficiency rate and low operational costs
• The D-Link's range offers both pure AP solutions and WLAN switch solutions
• D-Link’s Power over Ethernet switch & AP portfolio enables flexible and costeffective installations
• D-Link’s broad range of external antennas to maximise the potential of the
solution
Summary
Conclusion
Reasons to think D-Link for your Business Solution
• 20 years of successful development and marketing of
networking solutions
• Excellent end-to-end knowledge of networking, offering
the widest portfolio in the market
• In-house R&D and manufacturing guarantee the latest
technologies and functionalities are incorporated into
our products
• D-Link’s way of doing business mirrors our solutions:
flexible, straightforward and accessible
• D-Link’s focus on satisfaction combined with our high
service and support offering delivers high-performance
business solutions
• D-Link has made building networks its business and
has grown to a $1billion company
Thank You
Andrei Partenie
apartenie@dlink.co.uk
Related documents
Ch1 Study Guide NET 2 Name
Ch1 Study Guide NET 2 Name
WAEA
WAEA
ZigBee Based Intelligent Helmet for Coal Miners
ZigBee Based Intelligent Helmet for Coal Miners
Dr. Luk R. Arnaut
Dr. Luk R. Arnaut
Allowing others to connect to my DLINK wireless network
Allowing others to connect to my DLINK wireless network
Wireless structural health monitoring system(Literature review
Wireless structural health monitoring system(Literature review
wireless - Home and Learn
wireless - Home and Learn
Chapter 10
Chapter 10
Download
advertisement