Embed Size (px)
Citation preview
Avaya
Networking Rafael Rocha, Sales Engineer | Westcon Convergence
Programação
1. Introdução (02/set - 10:00)
2. Conceitos básicos I (16/set - 10:00)
3. Conceitos básicos II (07/out - 10:00)
4. Conhecimento aplicado (21/out - 10:00)
5. Switches empilháveis (11/nov - 10:00)
6. Switches modulares (25/nov - 10:00)
7. Gerenciamento e NAC (09/nov - 10:00)
8. Roteadores, VPN e WLAN (20/dez -10:00)
Premiação
Participe de todas as sessões de Dados (8 sessões) e responda aos
quizzes no final de cada sessão.
Acumule pontos e concorra a um Web Prêmio de R$ 500,00.
Quem acumular maior pontuação nos quizzes, será o vencedor!!!
Para participar da premiação é necessário:
- Preencher os quizzes a serem realizados ao término de cada sessão (Aprox. 15 minutos);
- Pontuação máxima por evento: 100 Pontos;
- Para concorrer ao prêmio é necessário ter atingido o mínimo de 85% de participação na série
de Webinars Westcon & Avaya.
Regras para Desempate:
1º. Número de presenças nos Treinamentos Online (quantidade de sessões assistidas);
2º. Pontuações máximas obtidas nos quizzes;
3º. Número de vendas (Avaya) em pedidos colocados na Westcon.
Link para Apresentações da Série
http://br.westcon.com/content/vendors/avaya-
nes/apresentacoes-e-documentos-treinamentos-
online-westcon-avaya
5
Soluções de Dados
Ethernet
Switching
Wireless
Networking
Unified
Branch
Access
Control
Unified
Management
Branch & Remote Enterprise
Campus
Data Center
Investimento agressivo no portifólio
6
Comprehensive, not Complex, Security
Improve security with fully granular control
– Role-based control & network compartmentalization
Enhanced Regulatory compliance
– Partitioning of access & comprehensive reporting
Simplicity
– Centralized policy decision, defined in plain language
Reduced costs
– Supporting existing infrastructure & identity stores, virtual appliance option
Integrated NAC
Simplifies multiple Directories & Databases
User Access
Wired / Wireless / VPN Consistent &
granular control
Consolidates administration
Enhances security & compliance
Centralised & integrated NAC
Corporate or Guest
7
Why NAC Is Needed
• Enforce corporate compliance policies
• Enforce regulatory compliance policies
• Protect network assets
• Mitigate zero-day attacks
8
Value Proposition
• Corporate Governance
• Do world class companies do the bare minimum to meet customer expectations or do
they try to surpass customer expectations?
• Corporate governance defines how you want to run your business and includes many
facets over and above regulatory obligations such as overall information protection,
business continuity, guest access policies, employee access policies … Identity
Engines allows you to enforce the corporate governance policies you define.
Regulation or not, no company wants to be in the paper for not protecting their
Intellectual Property or customer information.
• Regulatory Compliance
• Do you have a legal/regulatory obligation to withhold (ex. HIPAA, SOX, PCI)?
• Identity Engines allows you to enforce regulatory policies as part of compliance.
• Operations Cost Reduction
• Do you have to choose between leaving your network wide open or investing
excessively in network operations to deal with all the change requests? Damned if
you do, damned if you don‘t.
• Identity Engines can help you provide the safeguards needed AND reduce operational
expenditures to manage the network.
9
Evolution of a Problem
Wireless Wired Remote/VPN
Multiple
Identity
Stores
Multiple
Access
Methods
MSFT AD Sun, Novell, Oracle RSA Token
Across multiple locations,
buildings, for multiple users
Science
Business Engineering
Housing
Library
Health Center Student Records
Distance
Learning
Auxiliary Bookstore
Food services
Music
Hosted Events Concerts
Athletics
Summer programs
Community Access Library
Fitness Center
Guest Users?
10
Consolidation & Access Policy
Consistency
Disparate Silos Common ID & Policy
11
Guest Access Use Case Scenario
• Secure the network while allowing authorized guests limited access to resources for specified durations
• Allow non-technical staff (e.g., security, reception) to create guest accounts in real-time or in advance of arrival
• Let security/reception create accounts but have IT pre-define restrictions
Guest arrives
Security/reception checks identification and creates a guest access account in real-time
Guest is given temporary and restricted access to the network
Guest account is automatically deleted after authorized duration
12
Conference Room Access Use Case
Scenario
• Grant varying levels of network authorization to different user types
using the same resources
• Give employees unrestricted network access within a conference
room while giving restricted access to guests in the same room
Public areas are locked down by default
While in the conference room
– Employees are given unrestricted network access (Wired or Wireless)
– Guests are given restricted network access (Wired or Wireless)
No need for the Enterprise to define & manage some ports as open/some as restricted
Since all ports are policy enabled, the real-time policy engine automatically grants appropriate access
13
Validated Remote Access Use Case
Scenario
• Validate end users‘ non corporate assets (e.g., home PC) prior to
allowing them remote access to the network
• Prevent high-risk or infected assets from accessing the network
and risking greater infection
Completes posture assessment of end user‘s device to ensure that PC is compliant
Checks for valid anti-virus software, updates, personal firewall, etc. as part of authorization
Compliance can be done via clientless captive portal for unmanaged devices
Enterprise can provide different level of access if Employee is at home during off hours versus in the office
14
Authorized Fixed Assets Use Case
Scenario
• Conduct MAC level authentication to ensure that only authorized
fixed assets (e.g., IP phones, printers, fax machines) connect to the
network and behave how they‘re expected to behave
Allows enterprises to define authorized non-interactive devices (e.g., IP phones, printers, fax machines) that can access the network
Prevents intruders from simply unplugging a printer and accessing the network.
Prevents employees from bringing in their own wireless access points and sharing network services thereby compromising network security
15
Making Authenticated Networks a Reality
Controle de Rede Decisão de Políticas Armazemanento
de Identidades
Pro
vis
ion
am
en
to d
e G
ere
ncia
men
to e
Se
ss
ão
Vir
tua
liza
çã
o e
Ro
tea
me
nto
de
Id
en
tid
ad
es
LDAP
Wireless
Remote
Inline NAC
Wired
Kerberos
Identity Engines
Ignition Server
Integração por APIs
Active Directory
Multi-factor
Authentication
Guest Access
Posture Assessment
Reporting and Analytics
Network
Access
Control
Administrative
Access
Control
RA
DIU
S
RA
DIU
S/T
AC
AC
S+
16
Identity Engines Portfolio
Highlights
Adhere to regulatory compliance needs
Secure guest, visitor and contractor access
Collapse existing AAA servers into a single deployment
Centralize policy management to improve and eliminate policy distribution costs
Compartmentalize network to improve resource utilization and reduce attack surfaces
Implement a standards-based NAC solution
Ad
dit
ion
al A
pp
licat
ion
s
Co
re A
pp
lication
Ignition Server
Ignition Guest Manager
Ignition Analytics
17
Identity Engines Ignition Server
• Centralized, standards-based
policy engine
• Highly-available AAA
appliance for identity-based
network access control
• RADIUS integration with all
enterprise network
equipment
• Quick and deep integration
with major directories
• Detailed logging and
troubleshooting capabilities
• VMware virtual appliance
Provides the underlying logic that defines who can get access to what, when and for how long
Provides the ability to create authorization policies specifically for RADIUS with or without Posture Assessment, MAC Authentication or TACACS+
18
Identity Engines Ignition Guest Manager
• Front Desk Console
• Automated provisioning/de-
provisioning in 30 seconds
• Choose any access method to
implement
• Wireless, Wired, VPN, SSL
VPN, Dial-up
• Track users
• Guests, Consultants,
Contractors
• Save precious IT staff time
Web application that lets front desk staff create and manage temporary network accounts for visitors
19
Identity Engines Ignition Analytics
• Identify device usage - who are
your top users?
• Create audit trails – look for trends
of usage, users, and devices
• Increase visibility into activity level
over time, identifying peak usage/
lowest usage
• Deliver flexible reporting formats
including PDF, HTML, RTF and
XLS
Presents your Ignition Server‘s network authorization and authentication information in a variety of summary and detail formats
20
Módulos de Integração M
ód
ulo
s d
e In
tegr
ação
C
ore
Ap
plicatio
n
Ignition Server
MS NAP Module
TACACS+
21
Release 7.0 MS-NAP Integration
• Utilize existing applications on
the desktop to conduct posture
(compliance) check.
• Windows XP SP3 and higher all
support MS-NAP within the base
operating system.
• Additional vendors developing
NAP System Health Agents for
non Windows Operating
Systems.
• Single license on Ignition Server
to enable MS-NAP integration
(no additional licensing
needed for the end point).
22
Release 7.0 MS-NAP Integration (continued)
• Clear notification to end-user on
access status.
• Auto-remediation capabilities.
• ‗More Information‘ to provide end-
user with explicit details on what to
do next (step-by-step instructions,
host s/w etc…)
• Full details in Audit Logs.
23
Soluções de Dados
Ethernet
Switching
Wireless
Networking
Unified
Branch
Access
Control
Unified
Management
Branch & Remote Enterprise
Campus
Data Center
Investimento agressivo no portifólio
24
Spanning Voice, Data & Applications
Offers a common look & feel across applications based on SOA architecture
Enables navigation to all management applications with single sign-on & centralized authentication
Provides integrated workflows for managing unified communications networks
Decreases the learning curve for IT personnel
Delivers simplified deployment and system administration configuration
Offers deployment flexibility
Customers can buy the applications they need.
The Unified Management Solution
VOICE & DATA Network Infrastructure
25
Why is Unified Management Needed?
• Converged network infrastructures are complex to manage
• Resolution time for network related issues must be decreased
• Support costs are high
• Global system and network operations must be available 24x7
• Too many servers—one for every management activity
• Too many management applications to learn
• Re-entering enterprise data over and over leads to potential errors
• Need to automate administration access levels for different user
types
26
Unified Communications Management Portfolio
Po
rtfolio
Ap
plicatio
ns
Visualization Performance & Fault Manager
IP Flow Manager
Network Resource Manager
Enterprise Policy Manager
Applications
Visualization Performance & Fault
Manager
Multi-vendor network discovery, root cause analysis, network topology maps
Configuration and Orchestration Manager
Configuration and element management
IP Flow Manager
IPFIX collection, analysis & reporting
Enterprise Policy Manager
Network access control policies, bandwidth management, QoS
Network Resource Manager
– Bulk backup and restore management
Configuration & Orchestration Manager
27
Unified Management Product Positioning
Ideal as:
Discovery, troubleshooting & performance management of all IP/SNMP devices in multi-vendor networks
Detailed topology maps of the IT infrastructure including network devices, IP Phones, Servers & Applications
Virtualization Performance
& Fault Manager
Ideal as:
Network usage monitoring, abuse investigation & growth planning
Analyzing applications, protocols and user activity based on IP Flow data IP Flow Manager
Configuration and
Orchestration Manager
Ideal as:
Centralizing the configuration and provisioning of devices and technologies throughout the network
Simplifying element management with role-based access privileges and audit trails
28
Unified Management Product Positioning
Enterprise Policy Manager
Ideal as:
Managing network bandwidth, prioritizing traffic streams, & setting network access policies
Enabling critical applications to receive the right QoS
Providing a rapid response to resolving new network threats
Energy Saver
Ideal as:
Centralized console for bulk configuration backup & restore and bulk management of software updates
Pode ser utilizado como um módulo BCM (Bulk Configuration Manager) no COM 2.2 Network Resource Manager
29
Unified Management Key Features
• Application co-residency – lower CAPEX/OPEX
• Single unified management domain – decreased complexity
• Integrated workflow – reduced errors
• Centralized authentication & navigation – improved user
experience
• Simplified system admin configuration – simple to use
• Flexible XML Architecture – investment protection
30
UCM Authentication
UCM login with
Single Sign-On
31
UCM Navigator
Network Management
Application Launch
Todas aplicações do UCM podem ser lançadas do portal!
32
Configuration and Orchestration
Manager (COM)
• Supports Avaya Ethernet Routing Switch products • ERS 8600, ERS 8300, ERS 5600, ERS 5500, ERS 4500,
ERS 2500, ERS 1600 and WLAN.
33
Configuration and Orchestration
Manager (COM) • Features:
• Security Manager – change and synchronize passwords
and security features for CLI access, web access, SNMP access, RADIUS properties and access policies.
• SSH Bulk Password configuration: – configure CLI passwords through SSH
(Secure Shell) on multiple devices
• VLAN Manager – View, create, delete or modify VLANs.
View Spanning Tree Protocol information
– Export VLAN configuration to flat files
• Multi-Link Trunking Manager – allows creation, deletion and editing of
Multi-Link or Split Multi-Link (MLT or SMLT)
– Trunk membership information across multiples devices in a network
34
Novidades COM 2.2 • NRM agora é um módulo BCM no COM • Versões de melhor custo benefício (antes 1000
devices apenas,agora versões de 50, 250, 1200) • Permite instalação conjunta com VPFM para até
200 nós • Antes não era possível
• Suporte aos novos produtos WLAN 8100 e VSP 9000
Novidades COM 2.3 • Módulo VSN para configuração de SPBm
(VENA)
35
Visualization Performance & Fault
Manager (VPFM) • What is it?
• Delivers discovery, troubleshooting and performance management of all IP/SNMP devices in multi-vendor networks
• Gives detailed topology maps of the IT infrastructure including network devices, IP phones, servers and applications
• Why is it needed? • Administrators need to know what is on
their networks and determine the root cause of problems
• Value Proposition • Reduces complexity • Decreases MTTR • Proactive solution • Lowers TCO thru fault management
36
Visualization Performance & Fault
Manager (VPFM) • VPFM (as a whole) has two (2) order options:
• VPFM – full-featured and enabled package • VPFM-Lite – subset of VPFM features enabled
• License • Base License (up to 500 MO) • Incremental License (2000 incremental) • Enterprise License (up to 20500 MO)
• Supported devices • Any SNMP capable device • ERS family, SR family, CS1000, WLAN 2300, VPN
Router family
37
VPFM vs VPFM-Lite Comparison
Features and Function VPFM-L VPFM Features and Function VPFM-L VPFM
Heterogeneous Device Discovery: Standard (IP / SNMP) √ √ Device Knowledge Packs (DKP) for Device Support √ √
Discovery Boundary Constraints Options x √ MIB Compiler and Browser √ √
Device [Status] View √ √ Nortel Icons for NT Devices √ √
L2 and L2 Topology Discovery: Standard (AB, ad, etc.) √ √ Device Performance Monitoring √ √
L2 and L2 Topology Discovery: Proprietary (SONMP) √ √ LAG Performance Monitoring x √
L2 and L3 Topology Visualization √ √ Performance Trending and Graphing x √
Campus Visualization x √ Performance Thresholding (Arm / Re-Arm thresholds) x √
Application (L7) and Server Discovery x √ Performance Data Exporting (HTML, CSV, XML) x √
Application (L7) Visualization x √ Node Licensing (Managed Objects) √ √
VoIP Device Discovery √ √ Default Scopes √ √
VoIP Topology Manager Visualization x √ Custom Scope Definitions x √
Device Availability Monitoring (Scopes etc.) x √ Ping Diagnostics Management √ √
Inventory Viewer √ √ L2 Diagnostics Management x √
Inventory Reporter x √ L3 Diagnostics Management x √
Inventory Exporting x √ SCOM Integration x √
Trap Receiver √ √ Custom HTTP / HTTPS / App Launch x √
Trap (Fault) Viewer / Acknowledgement √ √ Web UI port definitions √ √
Trap Forwarder x √ HTTPS web client √ √
Trap Exporter x √ Client Inactivity Timer √ √
Syslog Viewer √ √ NT RBAC Integration √ √
Syslog Exporter x √ NT SSO Integration √ √
Link Status Propagation √ √ Device Credential Management √ √
Trap Historical Reporting, Retention, and Export x √ NT LSM Integration √ √
Event Correlation and Analysis x √ NT NMS App integration √ √
Event Forwarder x √ MySQL DB Support √ √
Fault Scripting / Event Handling x √ DB Backup / Restore √ √
Avaya Virtualization Provisioning Service
• Network Visibility & Manageability
• Properly configures switches with
server virtualization aware network
• Reports of network usage and access
• Automation & Control
• Dynamic configuration of the vSwitch
and physical infrastructure
• Historical reporting & tracking on VM
moves & network provisioning
• Server Virtualization Integration
• VMWare support initially
• Future ready for Microsoft, Xen, etc.
Ensures consistent performance
Helps enforce network provisioning
VMWare support
Highlights
Avaya VPS is Network virtualization management solution that delivers visibility,
validation provisioning automation & reporting across the data center, including
network infrastructure, servers, and applications, for both physical and virtual environments
NOVO !!
Avaya VPS – Architecture
• Offered as a plug-in to Avaya
Configuration and Orchestration
Manager (COM)
• Integrates via a bi-directional data
exchange (based on XML/SOAP and
WMI) between Avaya COM and
VMware Vcenter
• Delivers a relay for end-to-end
management of servers and network
in the virtualized datacenter
environment
• Full support for Avaya stackable and
modular Ethernet switches in both
SPB and non-SPB environments
39
Op
en
AP
I
VMWare
VCenter
COM
VPS
Rules Templates
NOVO !!
Muito Obrigado!
Rafael Rocha, Sales Engineer | Westcon Convergence
(+55 21) 3535-9314
(+55 21) 9640-3054
41
IP Flow Manager (IPFM)
• What is it? • Manages network usage monitoring,
abuse investigation and growth planning • Analyzes applications, protocols and
user activity based on IP Flow data captured from Ethernet Routing Switches
• Why is it Needed • Lack of visibility into who and which
applications are consuming network resources and bandwidth
• Value Proposition • More informed/accelerated
resolution/planning decisions • Ability to resolve issues before they
impact productivity • Reduce TCO associated with
planning/diagnosing performance and abuse investigation
42
IP Flow Manager (IPFM)
• Features • IP Flow (NetFlow v5/v9) Collector • Ethernet Routing Switch 8600 Captured Packets
Collector • Analysis software for real-time and trending of
IP traffic • Unified Communications Management -
Common Services (standalone) • Single Sign On • Top 10 consumers of the network • Standards-based and support IPFIX, NetFlow
V5 and V9 Installer enabling multi-vendor network environment
• Top 10 consumers of the network – Applications (network) – Protocols – Conversations – Hosts – Subnets
43
IP Flow Manager (IPFM)
• Supported Devices • Ethernet Routing Switch 8600 release 4.1 and
newer (R-modules) • Ethernet Routing Switch 8300 release 4.2 and
newer • Ethernet Routing Switch 5600 release 6.0 and
newer • Ethernet Routing Switch 5500 release 5.0 and
newer • Ethernet Routing Switch 4500 release 5.4 and
newer
• Standards-based and support IPFIX, NetFlow V5 and V9 Installer enabling multi-vendor network environment
• Features • Unified Communications Management -
Common Services (standalone) • Single Sign On
44
Enterprise Policy Manager (EPM)
• What is it? • Allows network administrators to manage
network bandwidth, prioritize traffic streams, and set network access policies
• Enables critical applications to receive the right QoS and users to be granted access to the appropriate applications
• Provides a rapid response to resolving new network threats
• Why is it needed? • Sensitive Applications such as voice need
prioritizing • Network/application access by users must be
controlled
• Value Proposition • Increases overall security and application
performance • Reduces complexity and simplifies
provisioning or consistent polices • Protects network resources
45
Enterprise Policy Manager (EPM)
• Supported Devices • Business Communications Manager Releases 3.5, 3.6
and 3.7 • Business Policy Switch Releases 3.0, 3.1 and 3.2 • Ethernet Switch 460/470 Releases 3.5, 3.6 and 3.7 • Ethernet Routing Switch 1600 Release 2.1 • Ethernet Routing Switch 3510 Releases 4.0 • Ethernet Routing Switch 4500 Release 5.0 • Ethernet Routing Switch 5500 Releases 4.3, 5.0 and 5.1 • Ethernet Routing Switch 8300 Releases 2.2, 2.3, 3.0 and
4.0 • Ethernet Routing Switch 8600 Releases 3.7, 4.0 and 4.1 • Multiprotocol Router Releases 15.4, 15.6 and 15.7 • VPN Router Releases 5.0, 6.0 and 7.0 • Secure Router 1001 8.3, 9.2, and 9.3 • Secure Router 1002/1004 8.4, 9.2, and 9.3 • Secure Router 3120 9.1, 9.2, and 9.3
*Due to potential high interface count, one ERS8600 / ERS8300 device counts as 5 devices; each module in a stackable device counts as 1 device. All other devices count as 1.
46
Network Resource Manager (NRM)
• What is it?
• Centralized console for bulk configuration
and software updates, configuration
backup and restore and centralized
password management
• Why is it Needed
• Network configuration and software
updates must be centralized and
controlled in order to eliminate outages
due to manual configuration errors
• Value Proposition
• Reduces change management and
software update execution times
• Lowers costs, improves security and
eliminates errors
47
Network Resource Manager (NRM)
• Supported Devices: • Business Secure Router 222 and 252 • Ethernet Switches 460 and 470 • Ethernet Routing Switch 2500 • Ethernet Routing Switch 4500 • Ethernet Routing Switch 5500 • Ethernet Routing Switch 8300 • Ethernet Routing Switch 8600 • Secure Router 1001, 1001S • Secure Router 1002, 1004 • Secure Router 3120 • Secure Router 4134 • Secure Network Access Switches 4050 and 4070 • VPN Gateway 3050/3070 • VPN Router 600, 1000-5000
The Authenticated Network Architecture
Control who can use the network to access which
resources & when & where they may do so
Centralized, Enterprise-wide network access policies
Consistent & predictable network access
Enhanced security
Facilitates regulatory compliance
48
Configuration and Orchestration
Manager (COM) Versions
49
Table: Configuration and Orchestration Manager
Complete vs. Base
Features Complete Base
Centralized element management plug-in management – plug-in based – Downloadable install/un-install, upgrade, patch and inventory view
- Centralized off-box multi-user element management
- Access control
Yes Yes
Network discovery and topology Yes No
Audit logs – user based Yes Yes
Centralized syslog and trap viewer Yes Yes
Troubleshooting and diagnostic tools – ping, telnet, path-trace Yes Yes
Topology based configuration management topology and inventory, Split Multi-Link Trunking/Multi-Link Trunking, routing, VLAN, security
Yes No
Wizards and templates based management of complex technologies - Split Multi-Link Trunking/Multi-Link Trunking, VLAN
Yes No
Device configuration file management – backup, restore, diff, etc. Yes No
Device security management – passwords, SNMP community Yes No
Configuration and Orchestration
Manager (COM)
50
Features & customer Needs Off-box
EDM
On-box
EDM
Comments
Basic device configuration - Device view, device specific configuration
Both EDM flavors offers basic element
management feature for configuration
management based on JDM like features
Complex & Multi select port configuration Complex multiport and multi-select configuration is
available through off-box due to high-performance
needs
HTTPS access & Radius support HTTPs access on modular (8xxx) and Radius
based authentication support for all ERS devices
is available through COM - off-box EDM
VRF context based configuration
VRF context based user assignment and views
are available through off-box EDM only
High performance monitoring - High frequency monitoring
- Multi-select port monitoring
High frequency monitoring <5Sec and multi-select
port monitoring is offered through off-box EDM
Role based Access Control & Audit Logs •Delivers access Control - RBAC
•Audit Logs
•Read-only and Read/write access
COM (off-box EDM) offers,
-Configuration Audit logs for all off-box EDM
changes
-User based device access control for EDM
Centralized Syslog & Trap Viewer
COM offers syslog & trap viewer for centralized
viewing
Troubleshooting & Diagnostic Tools • Ping, CLI*Manager, path-trace
COM Offer troubleshooting & diagnostics tools
Mib Browser COM offers MIB browsers
56
Vancouver 2010 Case Study • About
• 1st all-IP games with 192K scoring events and 10K hours of television coverage
• Network Management Challenges • Managing network topologies that include 40K
Ethernet ports, 4.5K IP phones and 50 WLAN APs
• Supporting all equipment types including L2/L3 switches and VoIP equipment while understanding physical and logical characteristics
• Proactively monitoring the network to ensure availability and performance
• Solution • UCM via VPFM
• Benefits • Proactive monitoring of network health
indicators • Simplified management of complex networks • Reduced mean time to resolution • Multi-vendor device support with enhanced
resiliency • Easy-to-understand visualization of network
topologies
"Given the critical nature of running the 2010 Vancouver Olympic and Paralympic Games, Bell must be able to
effectively manage and proactively respond to issues before they impact network performance. Avaya's Visualization
Performance and Fault Manager, with its configurable polling, trap reporting and notification features, allows us
to do so.” – Kevin Harshaw
Senior Director Olympic Operations
57
Avaya’s Unified Management
Applications
58
MYTH: Cost of Getting into NAC Is Prohibitive
Myth • A NAC rollout is extremely costly, with starting price tags in the
hundreds of thousands
Reality
With Avaya, you can get into the NAC game for less than $24k USD MSRP
While this type of deployment does not deliver full functionality, it provides more than a basic implementation
Includes two ―small‖ Ignition Servers, which in theory can support almost 10,000 users if everything is deployed in full ERS stacks
59
MYTH: NAC Disrupts the Network Architecture
Myth • Introducing NAC requires careful planning with prominent
architecture changes
Reality
The Identity Engines solution is truly OPEN and will work with ANY existing network device that supports 802.1X or any other port-based authentication mechanism over RADIUS (or TACACS+)
Other vendors‘ solutions do require special protocols, special clients, switch upgrades & in-line devices
60
What is Unified Communications Management?
• Integrated and centralized set
of enterprise network
management tools that:
• Provides comprehensive
unified management
capabilities across voice,
data and multimedia
applications
• Utilizes a set of built-in
Common Services that
serve as a foundation for
unifying management
applications
• Is an essential component
of an Avaya Enterprise
Solution
Highlights
Decreased Complexity
– Voice & Data management is delivered through a single portal
Reduced Capital & Operational Expenses
– Use of fewer servers
– Quicker time-to-resolution
– Built-in communications enablement across apps (click-to-call, presence, IM)
Flexibility
– Management applications deployable in standalone or integrated modes
Highly Scalable
– Features & applications can be easily added-on over time
Improved workflows
– Information shared between applications
Reduced errors
– Eliminating the need for multiple data entries
