By Dean Snyder, Global Product Strategy, HP Networking
In my previous blog, I introduced the three major FlexCampus virtual service network (VSN) building blocks: VSNA, FlexCampus Unified Controller and OpenFlow. You can read the full blog here: Virtual service networks in a campus network: Why FlexCampus VSN?
Let’s take a closer look at how these innovative technologies can be applied in the real world. I purposely chose the two uses cases below because these trends are already in play and are ascending quickly in many businesses and higher education institutions.
Use Case 1 – dealing with the wireless invasion
How do I deal with the invasion of wireless devices such as iPhones, Droids and iPads onto our corporate network? Some of the devices are corporate owned devices, but increasingly we are experiencing a significant increase in the use of personal devices on our network. If network access is granted unchecked I risk not knowing who is accessing our network resources and we place ourselves in a position of high risk for a major security breach. We are currently assigning unknown device types/users to a VLAN for remediation with no network access privileges, but this is not a sustainable solution.
As an administrator ,you could be utilizing HP’s Virtual Service Network Administrator (VSNA) along with its implicit access control features. Here is a 50K foot look at how VSNA would shield you from the complexities and operational costs of a traditional Network Access Control (NAC) solution. In addition, new features such as Virtual Network Services are introduced. These new services definitions and policies significantly enhance your ability to specify what corporate services/resources are granted access for user, user groups and device types vs. traditional NAC, which today only exposes a few policies.
1. VSNA’s fingerprinting feature would provide the administrator with a list of users and devices types. The users and/or devices types would be grouped into one or more Access Policy Groups. In this example an Access Policy Group named “iPAD” has been created. It’s populated with iPAD devices, which were detected with the Organization Unique Identifier (OUI) fingerprinting feature.
2. The administrator creates one or more VSNs (network services). Access Policy Groups are then associated with one or more VSNs. The VSNs themselves can contain additional attributes such as location, time, routing and a security policy. So in this example, the “iPAD” Access Policy Group has been associated with a VSN named “Guest”. The “Guest” VSN was defined to grant network access only to the Public Internet and network administration services. Once a guest user/device has been fully authenticated and authorized, they are placed in the appropriate Corporate Intranet Access Policy Group[s] and associated with a number of predefined VSNs. Users requesting access to the network would be presented a self-registration portal which would authenticate and authorize via the embedded RADIUS server for network access.
All of this was performed without having to configure supplicants on a client, configure your switches, configure RADIUS and manage users in Directory. Figure 1 below illustrates VSNA’s authentication architecture. For reference SNAC is HP’s Simple Network Access Control solution. It is currently available as a standalone access control offering. In the future SNAC features will be tightly integrated into VSNA. AD in the illustration is an abbreviation for Active Directory.
Figure 1: VSNA authentication
Use Case 2 – increasing wireless at the campus LAN network edge
Your company has decided to dramatically increase its adoption of wireless technologies at the edge of the campus LAN network. Primary drivers cited were low deployment costs and ease of administration experienced with their current controlled wireless environment. Wired switches will continue to play a role in the campus LAN edge, but it is expected to be about 50% of the mix by the end of the calendar year vs. 90% today. As an administrator you’re very concerned about having to manage this mixed wired/wireless environment with his current set of device specific tools. It feels like you’re being setup to fail.
1. HP FlexCampus VSN solution introduces a “Hands-off Configuration” administration model. It eliminates hours of tedious network infrastructure configuration tasks such as: VLANs, ACLs, spanning tree, QoS. Wired and wireless device adoption into the network is automated. At the center of the VSN FlexCampus architecture is the HP FlexCampus Unified Controller. Its ability to automate the adoption of both wired and wireless infrastructure and present a common management plane up to VSNA frees up repetitive device specific administration and allows you to shift focus on optimizing and delivering reliable services to your customers.
2. Prior to FlexCampus VSN architecture, the thought of deploying and maintaining wired and wireless network infrastructure advanced features such as QoS and rate limiting were considered far too complex and costly to implement. Today’s model is more of a wireless overlay model, where you must configure features such as QoS and rate limiting once for your wireless infrastructure and again for the wired infrastructure .
And one last question: Does HP VSN architecture support heterogeneous networks?
My hope is that you are now armed with a little more background information on how HP FlexCampus VSN architecture is capable of addressing some of your top-of-mind business needs—while delivering on our commitment to provide you with innovative solutions that help keep your CAPEX and OPEX in check.
I’ll leave you with the answer to common VSN question. Does HP’s VSN Architecture support heterogeneous networks? Answer: Yes. Heterogeneity is inclusive.
Let’s continue the conversation. Do you have more questions? Or any use cases to share?
>> Read more: HP FlexCampus Network Solutions