OmniAccess WAN OA700 Hauke Heinecke

Präsentation zum Thema: "OmniAccess WAN OA700 Hauke Heinecke"—  Präsentation transkript:

1 OmniAccess WAN OA700 Hauke Heinecke
Alcatel-Lucent PowerPoint Design Guidelines When necessary Portfolio/Program Name can wrap to a second or third line to maintain consistent typographic spec For title slide only, a 5% gray background has been added General specifications Page Setup set to “On Screen” format Update footer to include appropriate “Portfolio/Program Name” Ensure that only one font “Trebuchet” is used throughout. Following pages provide font sizes for text and graphic pages. Ensure all text boxes sit in proper location. Sometimes the automatic PowerPoint settings are not exact Titles on slides, Agenda and Division pages use “Title Case” Text is set predominantly with regular weight. Bold Trebuchet is used to highlight key words or phases When a slide has more text than comfortable fits on the page using standard font sizes, treat this instance as an exemption and reduce the font size of the entire block until it fits For graphic only slides, use as much of the object area as possible to enhance legibility and emphasis Slides with multiple logos should be adjusted so all logos appear visually equal in size and weight Please remove any tinted or light color backgrounds from slides other than Agenda and Division slides Hauke Heinecke

2 Was ist falsch?

3 OmniAccess 700 Unified Services Gateway Value Propositions
Reduces cost and complexity of managing enterprise and branch office networks Unified services gateway for enterprise and branch offices Simple deployment - both network, voice & security services on one platform Modular addition of new services on an as-needed basis Modular system design for fast recovery Unparalleled high availability to support mission-critical applications Non-disruptive service upgrades & configuration changes Insulation of system from failure of any one service Comprehensive management, always accessible platform Easy addition of new services via remote upgrades Easy expansion into new branch sites – ship chassis, remotely configure & provision services Highly secure infrastructure with ability to respond rapidly to new security threats Easy addition of new security containment measures & other services via remote upgrades Open platform to enable integration of customer and partner applications as needed Separate management plane, dedicated management processors, and multiple access mechanisms to reach the system, Alcatel-Lucents’ Lifeline™ management framework allows highly resilient remote system administration, independent of the state of the System eliminating the need for on-site intervention Alcatel-Lucents’ ModuLive™ operating system provides a fully modular, always live software base that maximizes system availability by enabling in-service upgrades and configuration changes, and by ensuring that a fault in one service module has minimal or no impact on other services. It also allows for online insertion and removal of line cards, obviating the need for network outages during hardware upgrades Alcatel-Lucents’ OmniAccess 700 integrate firewall, denial of service (DoS) protection, Application Level Gateways, intrusion detection and prevention (IDP), IPSec VPN, QoS, Ethernet switching, IP routing and other services onto one unified, highly available platform. As multiple services are added, scalability and performance are maintained through Alcatel-Lucents’ ’ unique OnePass™ approach that performs common packet classification across multiple services. Higher layer applications may be ported into the system that may benefit from close coupling with network services, such as network monitoring applications or server maintenance utilities. Depending on system requirements, these services and applications may be hosted in logically separate processes on a single processor or physically separate hardware.

4 OmniAccess 700 Unified Services Gateway Services Gateway Family
OA780 OA740 OA720 Purpose-built to simplify enterprise operations Unified services Security services (firewall, IDS/IPS, VPN) Voice services (SIP ALG, QoS) Network services (switching, routing, QoS) Branch office services (DNS, DHCP, etc) 100% remote accessibility Maximum availability

5 OmniAccess 700 Service Gateway Powerful Software Architecture
Storage Networking: DNS RADIUS SSL VPN WAN Opt.: Web Cache Compression New Apps: 3rd Party Custom Open Source Applications Lifeline™ Management Application Interface Router Firewall VPN QoS IDS/IPS AV Services ModuLive OS HW IFs T1/E1 V.35/X.21 ADSL ISDN Gig E

6 Monolithic Operating System
OmniAccess 700 Unified Services Gateway Purpose-Built Architecture --> ModuLive™ Operating System Traditional Router Firewall VPN IDS / IPS VoIP Router Switching Monolithic Operating System Monolithic OS is high risk for multiple services down One failure or upgrade = all services down OmniAccess 700 Router Switching ModuLive™ OS Firewall IDS / IPS VPN IDS / IPS VoIP The second design element is ModuLive™, NetDevices’ modular, always live operating system. Most current software architectures (like traditional routers) are monolithic, meaning if any one of the services (routing, switching, firewall, IDS) fails, the entire system fails. Likewise, if a service is being upgraded or reconfigured, a full system re-boot is necessary. Because of ModuLive, this is not the case with the SG-8. Animation shows a service going down as well as a service being added to both traditional architectures and to NetDevices’ ModuLive. NetDevices’ ModuLive operating system features a modular design enables each service module to be selectively configured and upgraded while the rest of the system is still up. This design is similar to those found on the largest carrier networking devices like the Cisco CRS-1 and Juniper T640 core routers, which cost nearly $1 million or more. In addition, extensive statistics on a per-module or per-service basis can be collected. Modular, always-live operating system Start / stop individual software modules Real-time service addition w/o disruption Insulate system from failure of any service Modularity = major advantage in managing services

7 OmniAccess 700 Unified Services Gateway Purpose-Built Architecture --> Lifeline™ Management Framework 1st Generation Early 90s 2nd Generation Late 90s Data performance improved, mgmt still tied to data paths Control Plane Data Mgmt Plane Control Data 3rd Generation OmniAccess today Full separation of data & mgmt traffic, accessible even if main processing unavailable Data Plane Data plane limits performance & mgmt access The third design element is Lifeline™. This diagram highlights the evolution of system backplane designs from the early 1990s (ie original routers and other devices) to the mid 1990s when a few vendors (like Juniper) divided system backplane designs to include a separate control plane and data plane to improve system performance and resiliency. NetDevices is again setting a new standard with its three backplane design, adding a new component called a management plane, or officially the “Lifeline management framework”. A key aspect of the Lifeline management framework is a dedicated management plane that is separate from the data and control planes. Lifeline enables complete isolation of system management functions from packet processing and control plane functions. As a result, local and remote management access to the system is unaffected under conditions such as failure of a data plane function (like routing or firewall), or high main processor utilization caused by high load or a denial of service (DoS) attack. In contrast, traditional solutions provide no guarantee of being able to access the device when the main processing resource is unavailable.

8 High Performance Multi-Service Support with: OnePass™ Packet Processing
Firewall Security Routing 1 2 3 Packet Egress 4 Packet Ingress OmniAccess 700 USG Single Packet Inspection Routing Firewall Security 1 2 3 4 (again) Packet Ingress Packet Egress 5 Traditional Branch Office Routers Multiple Packet Inspections We’ll look at each of the design elements in more detail, starting with OnePass packet processing. With OnePass, the NetDevices Services Gateway provides global classification of packets for all services, down to an application's payload level, in a single pass. Once a packet is classified, it is processed only through the appropriate services. As well, the classification data is stored as a “tag”, and thus additional services don’t need to re-classify the packet additional times. OnePass also enables all services to be performed in the correct order: Security first, forwarding last, only after a packet is verified to be harmless. In contrast, a router with security will route packets internally first, and then do follow-on security. This makes them prone to attack and denial of service By inspecting packets only once, processor efficiency increases and latency remains virtually the same no matter how many services are active

9 OmniAccess 780 System - Release 2.2 (Hardware)
Features High-speed PCI-Express switching backplane ~900Kpps forwarding engine High-redundancy management plane with Lifeline remote manageability Built-in 2 GE ports Redundant power option System Modules SE - Services Engine SF – Switching Fabric Interface Modules 8 port 10/100/1000 Ethernet switch card 4 port T1/E1 (channelized & unchannelized) 4 ports USP (X.21/V.35)

10 OA780-CB-A – Chassis Bundle System Overview - Release 2.2 (Hardware)
$9,995 List OA780 Chassis 3 RU high 10-slots 6-slots for interface modules 2 power supply slots (Rear) Mid-plane architecture 19” rack mountable Fan tray Hot swappable Console port Modem port USB port OS780-PS400-A 400 watt (90-240v auto detection) BTUs Supports two Hot Swappable OA780-SF (Switch Fabric) Internal interconnect for all modules OA700-SE (Services Engine) Main CPU module

11 OmniAccess 740 System - Release 2.2 (Hardware)
Features PCI-Express based high-speed switching backplane ~900Kpps forwarding engine Switching fabric integrated into backplane Built-in 2 GE ports System Modules SE - Services Engine Interface Modules 8 port 10/100/1000 Ethernet switch card 4 port T1/E1 (channelized & unchannelized) 4 port USP (X.21/V.35)

12 OA740-CB-A – Chassis Bundle System Overview - Release 2.2 (Hardware)
$4,995 List OA740 Chassis 1 RU high 4-sots 2-slots for interface modules Single internal AC power supply 19” rack mountable OA700-SE (Services Engine) Main CPU module

13 Common System and Interface Modules - Release 2.2 (Hardware)
OA7-T1E1-4 (4-Port T1/E1) Channelized T1 and E1 Unchannelized T1 and E1 Fractional T1 and E1 RJ-45 connections HDLC, PPP and Frame Relay Encapsulations: MLFR, MLPPP, HDLC OA7-GE-8 (L2 Ethernet Switch) 8 ports of 10/100/1000 Layer 2 switching RJ-45 connections OA700-SE (Service Engine) 2 GHz Opteron CPU Memory 512MB expandable to 1GB On board 2 port 10/100/1000 Copper Ethernet interfaces Local Mgmt CPU controls/monitors Opteron Requires a minimum of one in an OA780 or OA740 Consumes 2 slots in the chassis OA7-USP-4 (Universal Serial Port) 4 ports on 2 connectors V.35, X.21 interfaces Protocol selection via interface cable

14 OmniAccess 700 USG: Release 2.2 (Software)
OnePass packet processing – Guaranteed performance ModuLive - Modular software platform for in-service upgrades Lifeline management framework – Maximum availability Network services Routing: RIP, OSPF, BGP, GRE for IP, VRRP, PIM LAN switching: 802.1Q VLANs, STP, PVST+, Integrated Routing & Bridging (IRB) WAN: PPP, MLPPP, Frame Relay, MLFR, HDLC, and Ethernet System: DHCP Relay/Client, DNS client, TFTP/FTP, Telnet QOS: Hierarchical Queuing, Rate limiting, Shaping, RED, WRED, DSCP/TOS marking Security Stateful FW: Stateful packet inspection, Attack detection, NAT, DDOS, ALGs, ACLs, 128K sessions IPSec VPN: Site-to-Site, 3DES, AES, PKI, NAT traversal, 2.5K VPN tunnels IDS/IPS: Detection, Prevention modes, Automatic Signature updates, Group-based IDS/IPS VoIP ALGs: SIP, NOEv3 – Dynamic pinhole mgmt QoS: Strict priority queuing, DSCP (EF) classification & marking Here are more details on the full range of services.

15 Die Gesamtlösung Alcatel-Lucent PowerPoint Design Guidelines
When necessary Portfolio/Program Name can wrap to a second or third line to maintain consistent typographic spec For title slide only, a 5% gray background has been added General specifications Page Setup set to “On Screen” format Update footer to include appropriate “Portfolio/Program Name” Ensure that only one font “Trebuchet” is used throughout. Following pages provide font sizes for text and graphic pages. Ensure all text boxes sit in proper location. Sometimes the automatic PowerPoint settings are not exact Titles on slides, Agenda and Division pages use “Title Case” Text is set predominantly with regular weight. Bold Trebuchet is used to highlight key words or phases When a slide has more text than comfortable fits on the page using standard font sizes, treat this instance as an exemption and reduce the font size of the entire block until it fits For graphic only slides, use as much of the object area as possible to enhance legibility and emphasis Slides with multiple logos should be adjusted so all logos appear visually equal in size and weight Please remove any tinted or light color backgrounds from slides other than Agenda and Division slides

16 Secure Network Transformation LAN/WAN Networking Solutions
WLAN LAN Edge LAN Aggregation LAN Core WAN/MAN Brick Firewall OmniAccess 3500 Laptop Guardian 7450/7750 OmniAccess SafeGuard OmniAccess 700 OmniStack LS 6200 OmniSwitch 6850 / L OmniSwitch 7000/9000 OmniAccess WLAN Durchgängige Netzwerk Services Durchgängiges Netzwerkmanagement – OmniVista / Vital Suite Das Alcatel-Lucent Produktportfolio erfüllt alle Anforderungen an moderne Kommunikation mit höchsten Sicherheitsansprüchen. Vom WLAN AccessPoint bis zum 10G Core-Switch unterstützen alle Systeme eine Vielzahl von Sicherheitsmechanismen, die zum grössten Teil unter dem Begriff “Access Guardian” zusammengefasst sind. Alles Systeme zeichnen sich durch hohe Verfügbarkeit und Zuverlässigkeit aus und werden von einer gemeinsamen Managementplattform verwaltet. Im folgenden wird kurz auf die wichtigsten Sicherheitsfeatures und Systeme im Wireless Umfeld eingegangen. Endgeräte WLAN LAN TDM Omni PCX Enterprise OTUC Genesis Omni PCX Office

17 Niedriger CAPEX und OPEX
Konvergente Wired & Wireless Lösung Kosteneinsparung Niedriger CAPEX und OPEX Geringer Platzverbrauch Hohe Skalierbarkeit OmniSwitches verfügen über sehr hohe Portdichten + 10 Gigabit Ethernet Uplinks. Damit reduzieren sie die Komplexität im Netzwerk OmniPCX Enterprise: 15K Benutzer, 100K Benutzer bei Vernetzung Blade Center Unterstützung für Sprache und alle relevante Anwendungen Weniger Stromverbrauch und Klimatisierungsaufwand POE: Automatische Erkennung von IP-Telefonen, WLAN Access Points OmniSwitch 9000 entsprechen US “Green” Standarts durch bis zu 60% weniger Energieverbauch Einfachste Administration Geringer Stromverbauch Geringe Installationsdauer The deployment of a single converged IP network for voice, data and mobility simplifies the network architecture and drives network CAPEX and OPEX down. To ease building such a converged network and reduce costs, Alcatel-Lucent now proposes: OmniSwitch 9000 a modular terabit capable platform with high port density & scalability in combination with OS G uplinks reduce network complexity in some cases by avoiding the need of an aggregation layer. OmniPCX Enterprise supporting up to 15 K IP users and up to 100 K users in a single homogeneous network. Support of blade center to implement in a single rack all the key building blocks of an entire fully converged IP Communication network. Power Over Ethernet (POE): Automatic allocation of the power according the class of the device connected on the port (IP Touch phone, WLAN access point..) and managed adaptation of the power consumption per port; meaning costs saving on power consumption, room space and size of power supply and batteries. In addition the OS 9000 is meeting the European Green standards and compared to some other switches consumes 60% less power. Key Points Am besten skalierbare IPT-Lösung am Markt Sehr hohe Portdichte Einzigartiges POE Management

18 Erweiterte Sicherheit und Verfügbarkeit
Wired & Wireless Convergence Solutions Always On Erweiterte Sicherheit und Verfügbarkeit MPLS Services “Always On” Verfügbarkeit 5x9 Verfügbarkeit für Realtime Dienste wie IPT, Video Kompromisslose Redundanz LAN/WAN: Ausgefeiltes Backup Konzept: Media Gateway Backup, PCS, Hotswap, MPLS Protection Selbstheilende Komponenten, z.B. WLAN Sicherheit 802.1X Authentifzierung: Telefon mit Multi-Session Unterstützung im OmniSwitch “Dynamic Pinholing” Unterstützung der FW, Voice/data VLAN Unterstützung, Partition Management, Softphone mit VLAN Support ITU X.805 framework, Common Criteria certification 100% Sicher On fully converged and centralized IP Communication networks, security and availability are key. Alcatel-Lucent proposes superior functions such as: 5x9 availability for IP telephony, and LAN/WAN switches with superior resiliency, back up and redundant functions. 802.1 x multiple authentication supported on OmniSwitch and IP Touch phones. Voice/Data VLAN partitioning management. Softphone supporting VLAN partitioning. Dynamic firewall pin-holling on Alcatel-Lucent Brick VPN Firewall and OmniAccess WLAN. Security framework ITU X.805 Key Points Bell Labs Expertise in Sicherheitsthemen Sicherste IP Telephony Lösung (Miercom 06) Einziges Softphone mit VLAN partitioning

19 Einfachste Verwaltung und geringere TCO
Wired & Wireless Convergence Solutions Easy to Manage Einfachste Verwaltung und geringere TCO Vereinfachung OmniVista Einfachstes Management, z.B. QoS und Access Listen Zentraler Kommunikationsserver Gemeinsame Verwaltung des Netzwerks für alle Dienste End-to-End Management Lösung Zentralisierte IP Adress Verwaltung – VitalQIP Zentralisierte Performance Überwachung – VitalSuite Zentralisierte Verwaltung von verteilten VPN und Firewall Lösungen - Brick Zentralisierung End to end solutions to ease the management of fully converged Alcatel-Lucent IP Communication networks and reduce the TCO: Centralized management platforms with a single network topology. Simplified QOS management with OmniVista OneTouch QOS. OmniVista platforms running on a single physical server for medium size networks. Centralized IP inventory of all devices, servers and equipments of a converged network. Centralized DHCP/DNS – Vital QIP. Centralized performance management software to manage the whole converged network, applications and service quality. Built-in VoIP network tests – Vital Suite. Centralized management of a distributed VPN/Firewall equipments - Brick Key Points Führende IP-Address Management Lösung Multivendor Unterstützung/VitalQIP & VitalSuite Einfache QOS & Security Verwaltung

20 Konvergente Mobility Lösung
Wired & Wireless Convergence Solutions Converged Services Konvergente Mobility Lösung Komplett Services WLAN Netzwerk mit Unterstützung für Sprache Zentralisierte und skalierbare Voice & Data WLAN Lösung Integrierte Firewall und Authentifizierungsserver (AAA) “Voice aware” WLAN Infrastruktur: Schnelles hand over, e QOS, ARP proxy, zentralisiertes CAC, Powersaving Modi Fixed/Mobile Lösung Kompletter Telefonieservice für jedes Endgerät: WiFi, DECT, GSM “Dual mode” GSM/SIP WiFi, Partnerschaft mit Nokia Benutzer- und Geräte Lokalisierung Benutzer erkennung A fully converged WLAN solution with the following key differentiators Centralized and scalable data and voice WLAN infrastructure, with thin access point for deployment and management simplification. Voice aware WLAN infrastructure: Fast hand over, Over the air QOS, Voice-aware RF scanning, ARP proxy for battery saving of voice devices, centralized CAC ARP = Address Resolution Protocol. Proxy ARP is the technique in which one host, usually a router, answers ARP requests intended for another machine. This is supported in the WLAN switches. The WLAN switch answers on behalf the WiFi device, and thus save battery time of the device. A real Fixed/Mobile solution: Full telephony service on any mobile device (DECT, WiFi, Cellular Extension) provided by the OmniPCX Enterprise. Notification and location services. Key Points FMC voll in OmniPCX Enterprise integriert Erste SIP “dual mode” Mobilitätslösung Zentralisierte WLAN Lösung mit Ultra-Thin AP

21 Alles aus einer Hand Höchste Skalierbarkeit Höchste Verfügbarkeit
Alcatel-Lucent Wired und Wireless konvergente Lösungen als ONE STOP SHOPPING Kosten Optimierung Alles aus einer Hand Höchste Skalierbarkeit Höchste Verfügbarkeit Geringer Energieverbrauch Durchgehende Möbilitätslösung Sicherste Lösung End-to-End Management Internet Standards Einfach zu managen Always On Combining together the Alcatel-Lucent network infrastructure and security solutions with IP telephony and mobility solutions brings to industries unique advantages for building cost effective, highly scalable and fully secure wired and wireless converged IP Communication networks. Konvergente Dienste

22