PPT Presentation - Dorado Software
Download
Report
Transcript PPT Presentation - Dorado Software
Management Solution for Cisco
NG Advanced Security Services
IPSec & virtual Firewall
Management solution
October 2007
Dorado Software: Redcell Management SW
• A certified Cisco Technology development Partner
• Develop specialized product packages that address Ciscospecific IT infrastructure features as part of the Redcell Security
Services Management Solution
Redcell Security Services Management Overview
- Cisco Edition • Enhance Cisco’s network based security and managed security solutions
by providing a scalable and easy to use GUI based provisioning and
monitoring system.
• Provide an easy to use, graphical based, heterogeneous network and
service management system
• Perform centralized configuration management
• Flow-through automated provisioning, decrease service activation time
and decrease errors associated with manual tasks
12x16
12x10
12x06
12x04
Cisco XR 12000 SPA-IPSEC
Redcell Security Services Management
– Cisco Edition • Manage XR-12K based vFW services on
MSB and IPsec services on VPN SPA
• Provides scalable and easy to use GUI
based provisioning and monitoring system
• Overall management of the MSB
• Overall management of the VPN SPA
• Management of VRF-Aware Service
Interface (VASI)
• Management of vFW
• Management of IPsec and GRE
• Management of Service Policies
vFW Services Management Solution - Detailed
• Detailed Discovery and Asset Management of
Cisco XR 12000 device
–
–
–
–
Topology (logical & geographical) of all discovered devices
Device level configuration (FW, VASI, Blade HA)
Fault Management
Performance Management (vFW MIB support)
• Advanced configuration of Cisco XR-12K MultiService Blade (MSB)
–
–
Discovery of the MSB (Context, Resource classes, Interfaces,
ACLs, HA)
Inventory (Physical & Logical) of the MSB
• Centralized Service Allocation and Provisioning
for Service / Security policies
–
–
–
ACLs
NAT / PAT
Inspections
• Upgrade & Patch
–
–
Firmware / Software
Security Patches
• Change Management
–
Firewall context and ACL changes
12x16
12x04
12x10
12x06
vFW Services Management Solution - Workflow
1. Discovery – Bring all the target devices under management by Redcell
2. (Optional) – Create network objects for use in Redcell Service Policies
3. (Optional) – Create VASI for use within the vFW
4. Create the vFW service, which creates the context. This includes fault
tolerance configuration, FMI assignment, Resource Class configuration,
and interface configuration
5. Create (multiple) Service Policies for use with the context. This includes
ACLs, NAT/PAT (via multimatch), management policies, and inspection
(FTP/HTTP) policies
Typical Deployment at the PoP
Access
network
PoP
Transit / Distribution
XB
Core
Peering
P
P
PE
XB
I
PE
CE
XB
PE
PE
P
XB
CRS-12000
PE
XR-12000
vFW
NAT
P
CRS-1
SP CORE
FW Services are provided at the customer facing interface
Stateful FW Intra-chassis HA support
Dorado Software
Service Configuration & Network Management by Dorado
Software – Redcell solution
IPSec Services Management Solution - Detailed
• Detailed Discovery and Asset Management of
Cisco XR 12000 device
–
–
–
–
Topology (logical & geographical) of all discovered devices
Device level configuration
Fault Management
Performance Management (IPSec MIB support)
• Advanced configuration of Cisco XR 12000
IPSec VPN SPA
–
–
Discovery of the IPSec VPN SPA (ISAKMP, IPSec, PKI,
Failover, ACL, Service Tunnel)
Inventory (Physical & Logical) of the IPSec VPN SPA
12x16
12x04
12x10
12x06
• Service Allocation and Provisioning for IPSec /
ISAKMP VPNs
–
–
Including IPSec + GRE tunnels
Remote Access / EZ-VPN
• Upgrade & Patch
–
–
Firmware / Software
Security Patches
• Change Management
–
–
IPSec + GRE service interfaces
ISAKMP configuration
Cisco XR 12000 SPA-IPSEC
IPSec Services Management Solution - Workflow
1. Discovery – Bring all the target devices under management by Redcell
2. (Optional) Create Service templates for use in the service
3. Configure (multiple) IPSec customer sites as the service endpoints
4. Provision the IPSec (or IPSec / GRE) service
Cisco XR 12000 SPA-IPSEC
Redcell Lifecycle Management Features
– Cisco Edition Redcell offers complete
lifecycle management
Visibility;
Configuration file back-up and
restoration;
Software (OS) release management;
Comprehensive logging & auditing;
Service & device health monitoring;
Change detection & remediation;
Event management & automation;
Graphical service, network, and
device topology;
Service provisioning; and
Comprehensive reporting on
everything!
Redcell Lifecycle Management Features
– Cisco Edition Deep Discovery and
Resynchronization
Discover entire environment many different ways including via
subnet, IP range, IP address or host name. Deep discovery all
H/W, S/W, physical, and logical subcomponents.
Inventory View
Single database and Graphical User Interface (GUI) of complete
device assets for consistent IPsec and Firewall service
configuration and activation
Equipment Group
Management
Create static, dynamic, nested, and mixed groups for applying oneto-many changes to disparate network devices and group reporting
Discrete Configuration
Real-time discrete configuration of devices via GUI
Active Configuration
Graphical scripting / command-based configuration
Configuration File
Management
Device configuration file backup, restore, view, edit, delete and
compare. Template-based creation and management of full or
partial, configlet, configuration files.
Redcell Lifecycle Management Features
– Cisco Edition Device Asset Topology
Hierarchical visual mapping with alarm propagation. Visualize
interrelationships of managed systems and underlying
infrastructure down to the interconnect level.
Task/ Job Scheduler
Perform functions and tasks at scheduled times and intervals
Audit Trail
Record all actions – system, user, device
Monitoring
Performance monitoring (SNMP data collection & graphing,
primarily used for thresholding), event/alarm monitoring
(syslog/SNMP traps), and service monitoring (correlates SNP
and Syslog events to defined services for service monitoring , as
service-affecting alarms)
Reporting
Flexible template-based inventory reporting by device,
subcomponent, and service. Exportable to .csv, html, .pdf
formats
User Security Management
Multi-level security for individual user and group administration
OSS interface
Web services/SOAP (XML) and SNMP trap forwarding
Hardware Requirements
– Cisco Edition • Application Server
– Solaris SunFire V240 with Dual 1.34 GHz CPU
– Windows Pentium 4, 3.2 GHz CPU
– 2 GB RAM / 20 GB available disk space
•
Mediation Server
– Solaris SunFire V240 with Dual 1.34 GHz CPU
– Windows Pentium 4, 3.2 GHz CPU
– 2 GB RAM / 10 GB available disk space
•
Database Server (Oracle)
– Solaris SunFire V440 with Quad 1.593 GHz CPU
– 4 GB RAM / 20 GB available disk space
Deployment Options
– Cisco Edition Clustered Server
High Availability
Contacts
• Redcell Security Services Management – Cisco Edition - link
www.doradosoftware.com/ciscoSecurity
• For additional information please contact
[email protected]