With Infoblox - Westcon Security Solutions Netherlands
Download
Report
Transcript With Infoblox - Westcon Security Solutions Netherlands
Control Your Network! Infoblox Overview
Paul de Haan – Systems Engineer
February 10 2014
1 | © 2013
2014 Infoblox
InfobloxInc.
Inc.All
AllRights
RightsReserved.
Reserved.
Infoblox Overview & Business Update
Total Revenue
Founded in 1999
(Fiscal Year Ending July 31)
Headquartered in Santa Clara, CA
with global operations in 25 countries
$250
Leader in technology
for network control
$200
($MM)
$225.0
$169.2
Market leadership
$150
$132.8
• Gartner “Strong Positive” rating
• 40%+ Market Share (DDI)
$102.2
$100
6,900+ customers, 64,000+
systems shipped
$56.0
$50
$61.7
$35.0
38 patents, 25 pending
IPO April 2012: NYSE BLOX
2 | © 2013
2014 Infoblox
InfobloxInc.
Inc.All
AllRights
RightsReserved.
Reserved.
$0
FY2007
FY2008
FY2009
FY2010
FY2011
FY2012
FY2013
With Infoblox
VIRTUAL MACHINES
PRIVATE CLOUD
APPLICATIONS
NETWORK
INFRASTRUCTURE
CONTROL PLANE
APPS &
END-POINTS
END POINTS
Infrastructure
Security
Historical / Real-time
Reporting & Control
Infoblox GridTM w/ Real-time
Network Database
FIREWALLS
3 | © 2013
2014 Infoblox
InfobloxInc.
Inc.All
AllRights
RightsReserved.
Reserved.
SWITCHES
ROUTERS
WEB PROXY
LOAD BALANCERS
Infoblox Value To Our Customers
• GridTM technology for fault tolerance, easy updates
and one-click DR
• Optimized for enterprise demand & performance
Available
• Authoritative source for network data
• Secure hardware form-factor & hardened OS
Available
Secure
• Designed to minimize vulnerabilities and
attack surfaces
Secure
• Common Criteria certified
• Powerful automation of manual processes
• Reduce change errors & assure compliance
Automated
• Save time, money and effort
4 | © 2013
2014 Infoblox
InfobloxInc.
Inc.All
AllRights
RightsReserved.
Reserved.
Automated
The Infoblox Solution Portfolio
IP Address
Management (IPAM)
Network Services
Network
Automation
IPAM
Infoblox DDI:
(DNS, DHCP, IPAM)
NetMRI
Advanced DNS
Protection
Network Insight
Load Balancer Manager
Switch Port Manager
DNS Firewall
IPAM for Microsoft (Windows
Server)
3rd Party Adapters
Automation Change
Manager
DNS
Firewall-FireEye
Adapter
IPAM for Microsoft System
Center Orchestrator
Security Device Controller
IPAM for VMware vCenter
Orchestrator
Infoblox Advanced Reporting
Infoblox Grid™
Real-time Network Database
Physical & Virtual Appliances
5 | © 2013
2014 Infoblox
InfobloxInc.
Inc.All
AllRights
RightsReserved.
Reserved.
Subscriptions
Security
New Products in Last 12 Months
IP Address
Management (IPAM)
Network Services
Network
Automation
IPAM
Infoblox DDI:
(DNS, DHCP, IPAM)
NetMRI
Advanced DNS
Protection
Network Insight
Load Balancer Manager
Switch Port Manager
DNS Firewall
IPAM for Microsoft (Windows
Server)
3rd Party Adapters
Automation Change
Manager
DNS
Firewall-FireEye
Adapter
IPAM for Microsoft System
Center Orchestrator
Security Device Controller
IPAM for VMware vCenter
Orchestrator
Infoblox Advanced Reporting
Infoblox Grid™
Real-time Network Database
Physical & Virtual Appliances
6 | © 2013
2014 Infoblox
InfobloxInc.
Inc.All
AllRights
RightsReserved.
Reserved.
Subscriptions
Security
Infoblox Appliances Families
PT-4000
PT-2200
ND-4000
Trinzic Reporting
PT-1400
ND-2200
Trinzic 4030
ND-1400
Trinzic 4010
Trinzic 2220
ND-800
Trinzic 100
Network
Automation
4000
Trinzic 2210
Trinzic 1420
Network
Automation
2200
Trinzic 1410
Trinzic 820
Trinzic 810
7 | © 2013
2014 Infoblox
InfobloxInc.
Inc.All
AllRights
RightsReserved.
Reserved.
Network
Automation
1400
Infoblox and Juniper – Network Insight
8 | © 2013
2014 Infoblox
InfobloxInc.
Inc.All
AllRights
RightsReserved.
Reserved.
ND Appliances are Grid Ready
Cloud Orchestration
Integration
(VMware, BMC)
Virtualization
VMware
Integration
Patented Grid Technology:
Central Management, Authoritative DB
Grid Master
at Recovery Site
Virtualization &
Cloud Integration
HQ Grid
Master
Network Insight
ND Appliance
Reporting
Server
Integrated
Advanced Reporting
Engine
ND Consolidator
Branch Office
New
All Centrally Managed as ONE System
Branch Office
New
Branch Office
Branch Office
ND Probe
Edge Network/
Remote Offices
Network Insight
ND Appliance
Microsoft
DNS, DHCP
Agentless Management of Microsoft
DNS/DHCP & Full AD Integration
9 | © 2013 Infoblox Inc. All Rights Reserved.
Visibility into all configured networks
IPAM view automatically
indicates managed and
unmanaged networks
(highlighted in yellow)
From the IPAM view select
a network and view the
infrastructure devices
located on that network
10 | © 2013 Infoblox Inc. All Rights Reserved.
You can’t fix what you don’t see
Unknown devices identified in
the network that are not in
IPAM are flagged as
Unmanaged enabling easy
identification and fast action.
(highlighted in yellow)
Select an IP address to view
more information about the
switch port the device is
connected too.
A complete view of all
interfaces, port speed, port
type and VLANS on the port,
admin status, and operation
status
11 | © 2013 Infoblox Inc. All Rights Reserved.
Infoblox and Juniper – BMP
12 | © 2013
2014 Infoblox
InfobloxInc.
Inc.All
AllRights
RightsReserved.
Reserved.
Infoblox Network Automation Overview
Real-time & Historical Analysis
• Network discovery
• Built-in analysis
• Check against best practices
• Detect issues
• Monitor and manage change
• Automate change
• Maintain compliance
• Provision ACL & rules
13
© 2013 Infoblox Inc. All Rights Reserved.
Collected Via:
SNMP
CLI/configuration
Syslog
Fingerprinting
Change Management
Automatic change
detection
Accurate job flow
and control
Every change at
fingertips
Saved historical
configurations
Simple side by side
comparisons
Powerful
configuration search
14
© 2013 Infoblox Inc. All Rights Reserved.
Change Automation
Embedded jobs and
scripts
Templates for easy
customization
Easily import
existing Perl scripts
Powerful variablebased jobs
User-based, role
access controls
Scheduled and
triggered jobs
15
© 2013 Infoblox Inc. All Rights Reserved.
Bare Metal Provisioning Templates
Easily provision new network
devices without truck rolls or
on-site engineer requirements
© 2011 Infoblox Inc. All Rights Reserved.
16
Bare Metal Provisioning Templates
Create and lists customizable
templates and define user
device configuration options
© 2011 Infoblox Inc. All Rights Reserved.
17
Infoblox and Juniper – IF-MAP
18 | © 2013
2014 Infoblox
InfobloxInc.
Inc.All
AllRights
RightsReserved.
Reserved.
IF-MAP: A Powerful Standard
IF-MAP = Interface to Metadata Access Points
An open protocol standard published (free) by the Trusted
Computing Group
– Available since April, 2008
– Version 2.0 released August, 2010
– Now shipping in products supplied by a growing list of vendors
Pub/sub database - Like Facebook for IP devices and systems
Supports a wide array of applications:
–
–
–
–
–
Multi-Vendor Network Security (NAC)
Network Infrastructure systems
Asset Management
Smart Grid
Network Automation / Cloud Computing
Could do for data sharing what IP did for connectivity
© 2011 Infoblox Inc. All Rights Reserved.
© 2009 Infoblox Inc. All Rights Reserved.
The Pain: Sharing Data Across Disparate Systems
ERP
SIEM
Smart
Grid
Supply
Chain
Mgmt
AAA
Switches
Routers
Network
Location
CMDB
Building
Controls
Factory
Controls
Network
Security
DNS,
DHCP
Asset
Mgmt
CRM
IPAM
Infrastructure
Management
HR
Applications
SNMP, Syslog, Netflow
• Complex
• Costly
Custom Integration – API’s, Scripts
• Brittle
• High Maintenance
© 2011 Infoblox Inc. All Rights Reserved.
© 2009 Infoblox Inc. All Rights Reserved.
IF-MAP Provides an Elegant, Open
Approach for Data Sharing
SIEM
Smart
Grid
Supply
Chain
Mgmt
AAA
Switches
Routers
Network
Location
CMDB
ERP
Building
Controls
Factory
Controls
Network
Security
DNS,
DHCP
Infrastructure
Management
Asset
Mgmt
CRM
IPAM
HR
Applications
IF-MAP
Protocol
(Publish,
Subscribe,
Search)
IF-MAP Server
Automatically aggregates, correlates, and distributes data
to and from different systems, in real time
© 2011 Infoblox Inc. All Rights Reserved.
© 2009 Infoblox Inc. All Rights Reserved.
Infoblox NIOS Appliances Support IF-MAP
Dynamically updates IF-MAP
server when IPs are allocated,
renewed, or released by NIOS
DHCP server
Other systems can subscribe to
updates and take action in realtime (e.g. discovery, configuration,
scanning, open/close ports, etc.)
Unique to the Infoblox DHCP
server (today)
Infoblox
NIOS Appliance
DHCP Lease
Information
(IP, MAC, Start,
Duration, etc.)
IF-MAP Server
© 2011 Infoblox Inc. All Rights Reserved.
© 2009 Infoblox Inc. All Rights Reserved.
Use case – Access Control
Problem Statement
Problem:
A global company needs to prevent unauthorized devices from
connecting at remote sites
Requirements
Need to determine the right policy for different endpoints
– Company-owned PCs, non-company PCs, non-PC devices (e.g. barcode
scanners)
Access control system must not be complicated technically or for
the end user
– Cannot install software on these endpoints
– Cannot require human interaction for network connectivity
© 2011 Infoblox Inc. All Rights Reserved.
© 2009 Infoblox Inc. All Rights Reserved.
Use Case – Solution for Policy-Based Remote Access
192.0.2.7
User= John
Windows 802.1X Client
00:11:22:33:44:55
MAP Database
10- Endpoint requests DHCP
1- Endpoint plugs-in
2- SW sends EAP Start
3- Supplicant sends
credentials
identity
=
John
14- Endpoint
generates traffic
Accessrequestmac
11-DHCP sends
MAC-IP metadata
Infobox HA Pair
DHCP/DNS Appliance to MAP
9- SW opens port
MAC =
00:11:22:
33:44:55
IP-MAC
Switch
8- UAC sends RADIUS
accept to SW
4- SW sends RADIUS
Credential to UAC
Juniper SSG
Firewall 13- UAC activates
L3 access on FW.
MAP server
Authenticated
-as
6- UAC publishes
To MAP
IP=
192.0.2.7
7- UAC subscribes
to MAP
12-MAP sends IPMAC to UAC
CHANGE?
CHANGE!
Juniper IC Series
UAC
5- UAC does Auth.
Lookup
Private Applications
IF-MAP
© 2011 Infoblox Inc. All Rights Reserved.
AAA
Accessrequest
= 113:3
Capability =
access-privateapplications
© 2009 Infoblox Inc. All Rights Reserved.
Thank you!
25 | © 2013
2014 Infoblox
InfobloxInc.
Inc.All
AllRights
RightsReserved.
Reserved.