Bring Your Own Device InfoTRAMS „Fusion Tematyczny, Bazy Danych, Kariera I Prywatny Sprzęt W Pracy" 1 Wiesław Stawiski, CISSP.

1 Bring Your Own Device InfoTRAMS „Fusion Tematyczny, Baz...
Author: Angelika Mazurkiewicz
0 downloads 0 Views

1 Bring Your Own Device InfoTRAMS „Fusion Tematyczny, Bazy Danych, Kariera I Prywatny Sprzęt W Pracy" 1 Wiesław Stawiski, CISSP

2 InfoTRAMS „Fusion Tematyczny, Bazy Danych, Kariera I Prywatny Sprzęt W Pracy" Onslaught of Apple Devices Use Cases Employee owned Apple devices at work –Bring Your Own Device (BYOD) Enterprise sponsored roll out of Apple devices –eg. SAP, Ottawa Hospital No Ethernet ports on the MacAir and the iPad >17M iPads to date (1,2) >80% of Fortune 100 is deploying/piloting iPad (2) 88 of Fortune 100 now deploying iPhone (2) 40M iPhone sales in 2010, and >45M iPod Touch sales to date (2) iPad, MacBook iPhone, iPod Touch (1)Businessweek, July 2010 (2)Apple Financial Results 2

3 InfoTRAMS „Fusion Tematyczny, Bazy Danych, Kariera I Prywatny Sprzęt W Pracy" iPad in the News “More and more iPads will find there way into the workplace in 2011, but the vast majority won’t (60 to 70%) be purchased by IT departments.” “Financial Services will lead the way in iPad adoption.” “iPad poised to revolutionize retail industry.” “Math that moves: Schools embrace the iPad.” “Restaurants uploading menus to iPad for diners.” “With the iPad, Apple may just revolutionize medicine.” 3

4 InfoTRAMS „Fusion Tematyczny, Bazy Danych, Kariera I Prywatny Sprzęt W Pracy" Moving to a New Type of On-Ramp Network Cost per User Over- Engineered Network Rightsizing Mobility- Centric 200120092011+ 4 Ports per User Desktop, IP Phone 2 Ports per User Overlay Wi-Fi Laptop, IP Phone 1 Port per User Pervasive Wi-Fi Tablet, Smartphone 4

5 InfoTRAMS „Fusion Tematyczny, Bazy Danych, Kariera I Prywatny Sprzęt W Pracy" Can I roam freely? No! Frustrated Users! Can I use an iPad? No! End Users IT Managers Can I run video on WLAN? No! Can I collaborate with Skype No! 5

6 InfoTRAMS „Fusion Tematyczny, Bazy Danych, Kariera I Prywatny Sprzęt W Pracy" The IT Challenge Balancing Risk and Cost while Keeping Users Happy ⊗ High Opex  Reduced Risk  Improved Visibility  Low Opex ⊗ High Security Risk ⊗ No Visibility Not IT Supported Managed by IT Authorized, Secure Network Access Minimized Cost for Network Planning Reliable Multimedia Connectivity Option 1 Option 2 6

7 InfoTRAMS „Fusion Tematyczny, Bazy Danych, Kariera I Prywatny Sprzęt W Pracy" Authorize and Secure 7

8 InfoTRAMS „Fusion Tematyczny, Bazy Danych, Kariera I Prywatny Sprzęt W Pracy" Key Requirements for Mobility: Port and VLAN Aware ⊗ Limited policy enforcement ⊗ Hard to scale at large sites ⊗ Too costly to manage Legacy Access User Aware  Role based access  Per user visibility  Easy to scale Next-Gen Access App Aware  Per application QoS  Stateful QoS for UC  Supports high density Device Aware  Device enrollment  Per device policies  Device inventory Device Aware 8

9 InfoTRAMS „Fusion Tematyczny, Bazy Danych, Kariera I Prywatny Sprzęt W Pracy" Mobile Device Access Control - Solution Components Understand what is on your network Device Fingerprinting Secure the device, specify & control access Device Enrollment Inventory, Report, Helpdesk Device Inventory Security & Bandwidth policies by Device Zero Touch Device Authorization Troubleshooting & Capacity Planning 9

10 InfoTRAMS „Fusion Tematyczny, Bazy Danych, Kariera I Prywatny Sprzęt W Pracy" Device Fingerprinting DHCP and HTTP signature matching within OS identifies device type and model Enables per user and per device access control, enrollment, authentication and management vs. × All devices and users assigned to same network access policy, increasing risk × Network operations costs increase due to manual troubleshooting and monitoring User, Device Aware Port, VLAN Aware 10

11 InfoTRAMS „Fusion Tematyczny, Bazy Danych, Kariera I Prywatny Sprzęt W Pracy" Step 1 - Authorized, Secure Network Access Corporate Servers Mobility Controller CSS in the Cloud Apple Devices 2. Device Enrolment 1. Device Fingerprinting 4. Content Security Self-registration for secure corporate access eg. Apple iPad Centralized, automated with no IT touch Network access policies per user and device eg. Filter web traffic for the iPad 3. Role Based Access AP Amigopod 11

12 InfoTRAMS „Fusion Tematyczny, Bazy Danych, Kariera I Prywatny Sprzęt W Pracy" Role & Device Based Access Continuous Compliance Monitoring for Sensitive Data Zero-Day Attack Detection and Protection User Quarantine vs. User Blacklisting Single Infrastructure Differentiated Access By User, Device, App By Time, Location Corporate Services Guest iPad user Blackberry HR Windows user Virtual AP 1 SSID: Corp Virtual AP 2 SSID: GUEST DMZ AAA FastConnect RADIUS LDAP AD Captive Portal Role-Based Access Control Access Rights Secure Tunnel To DMZ SSID-Based Access Control Staff Contractors Voice Video Guest 12

13 InfoTRAMS „Fusion Tematyczny, Bazy Danych, Kariera I Prywatny Sprzęt W Pracy" Reliable Multimedia Connectivity 13

14 InfoTRAMS „Fusion Tematyczny, Bazy Danych, Kariera I Prywatny Sprzęt W Pracy" Key Requirements for Mobility: Adaptive Radio Management 2.4 GHz Ch 1 2.4 GHz Ch 1 2.4 GHz Ch 11 5 GHz Ch 36 5 GHz Ch 149 5 GHz Ch 52 5 GHz Ch 161 1.Adaptive RF – Automate RF setup and optimization 2.Band Steering – Load balance clients to higher capacity 5GHz band 3.Spectrum Load Balancing – Load balance clients across channels 4.Co-Channel Interference – Coordinated access to APs that share a single channel 5.Airtime Fairness – Scheduled access for dense deployment of mixed clients 6.Self-Healing – Adjust power to address coverage holes X X 2.4 GHz Ch 6 X 14

15 InfoTRAMS „Fusion Tematyczny, Bazy Danych, Kariera I Prywatny Sprzęt W Pracy" Key Requirements for Mobility: Always-On Spectrum Analysis Cost Effective Integrated to Wi-Fi chipset in all Aruba 802.11n APs Does not require specialized AP or external laptop for monitoring Cost Effective Integrated to Wi-Fi chipset in all Aruba 802.11n APs Does not require specialized AP or external laptop for monitoring Always On No specialized chip in AP No need to spare scanning time Record and Playback on Demand Always On No specialized chip in AP No need to spare scanning time Record and Playback on Demand Detailed Charts 14 simultaneous views within the Aruba Mobility Controller No need for external laptop Detailed Charts 14 simultaneous views within the Aruba Mobility Controller No need for external laptop 15

16 InfoTRAMS „Fusion Tematyczny, Bazy Danych, Kariera I Prywatny Sprzęt W Pracy" 16 Step 2 - Reliable Multimedia Connectivity Voice PBX Mobility Controller Apple Devices 3. Facetime QoS 4. SIP QoS Video Server 2. Multicast Optimization Highest density of devices with ARM Predictable performance for custom and video apps eg. Hospital EMR and video app Stateful protection and QoS for UC tools eg. Apple Facetime 1. QoS per app AP

17 InfoTRAMS „Fusion Tematyczny, Bazy Danych, Kariera I Prywatny Sprzęt W Pracy" Network Planning 17

18 InfoTRAMS „Fusion Tematyczny, Bazy Danych, Kariera I Prywatny Sprzęt W Pracy" Step 3 – Minimized Cost for Network Planning Mobility Controller Apple Devices 3. Bandwidth contracts 5. EAPTLS Offload 1. Device inventory AAA Servers 4. VLAN Pooling 2.Per device troubleshooting Centralized device inventory management eg. Apple iPhone inventory report Monitor, troubleshoot per device type Integrated traffic and network management eg. Reduce WAN bandwidth usage AP Air Mgmt 18

19 InfoTRAMS „Fusion Tematyczny, Bazy Danych, Kariera I Prywatny Sprzęt W Pracy" Mobile Device Access Control Mobile Device Management Managing Access and Devices Device Inventory Management Network Access Enrollment Network Access Policy Enforcement Device and Mobile App Configuration Service Management and Compliance Hardware/Firmware Monitor and Control 19

20 Bring your own device 20 QUESTIONS? All rights reserved. iPhone, FaceTime and iPad are trademarks of Apple Inc., registered in the U.S. and other countries. All other trademarks are the property of their respective owners. [email protected]