Best Practices for Combining Dell Networking with
Dell SonicWALL Security Solutions
Mark Stuart Greg Fraser SE, Dell SonicWALL SE, Dell Networks
These features are representative of feature areas under development. Nothing in this presentation constitutes a commitment that these features will be available in future products. Feature commitments must not be included in contracts, purchase orders, sales agreements of any kind. Technical feasibility and market demand will affect final delivery. THIS PRESENTATION REQUIRES A DELL NDA AND MAY NOT BE PROVIDED ELECTRONICALLY OR AS HARDCOPY TO CUSTOMERS OR PARTNERS.
Notices & Disclaimers
2
• Introducing Dell Networking and Dell SonicWALL
• 10Gbe and beyond
• Building a Network for BYOD
Agenda
3
Introducing Dell Networking •Dell Networking is the #3 Ethernet supplier worldwide*
•Dell ranks #2 in 40 GbE switch revenue
•Dell #3 in 10GbE switch revenue
Source: Q12013 Dell’Oro, Revenue market share
2001 2002 2003 2004 2005 2006 2007 2008 2009 2010 2011 2012
2001Dell enters the switching market
2002Dell first 1 gigabit ethernet switch
2004Dell launches first stackable family of switches
2006Dell launches layer 3 routingswitches
2007Dell launches 1st L3 stackable switchSonicWALL SSL VPN Visioniary, 1m units
2009Dell launches10 GbE data center switch
2008Dell adds PoEethernet and fiber stackable switches
2010Dell (F10) launches open automation frameworkSNWL Gartner UTM Ldr, SSL VPN Visionary
2011Dell launches 40 GbE distributed core fabricSonicWALLSuperMassive E10000 Series announced
2012Dell delivers first 40Gb blade for server chassisSMWL joins Dell; 2 million appliances
2013
2013first 1RU Modular LAN/SAN switchBest of InterOp Finalist
Active Fabric
2005SonicWALLUTM leader in FW unit share
SecurityNetworking
• Founded in 1991, acquired in March 2012 by Dell for US$1.2 billion • Rated as leader by Gartner in UTM firewall solutions • Over 130 IP patents, including Re-assembly Free Deep Packet Inspection • Released their first “Next Generation”/UTM Firewall in 2004 (Gen 4) • Released their second generation based on Cavium technology in 2007
(Gen 5) • Released their SuperMassive platform in 2010 with up to 96 CPU Cores per
appliance, with the ability to cluster up to 384 CPU cores • In 2013 started rolling out their Gen 6 platform
Introducing Dell SonicWALL
5
Reference Architectures: Dell SonicWALL & Force10 Interoperability for High Availability Deployments
S55
S60
S4810
Why do I need 10Gbe on my firewall? • 10Gbe solutions are dropping rapidly in price, as are optics • 10Gbe allows us to consolidate cabling (10:1 ratio) • The firewall is consolidating into the network to provide far more internal
visibility and functionality
10Gbe and beyond for the Firewall
7
CONSOLEUSB
100Mbps
10/100 ETHERNET 0
ACT LINK 100Mbps ACT LINK
10/100 ETHERNET 1
100-2
40V
~ 1
.5/0
.75a
IDS
42
15
50/6
0 H
z
WS-X4624-SFP-E
STATUS
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24
POWER STATUS ACTIVE VPN FLASH
CISCO ASA 5540 series
Adaptive Security Appliance
CONSOLEUSB
100Mbps
10/100 ETHERNET 0
ACT LINK 100Mbps ACT LINK
10/100 ETHERNET 1
100-2
40V
~ 1
.5/0
.75a
IDS
42
15
50/6
0 H
z
SPI Firewall
Web Filter
Core Switch
IDS Appliances
VPN 3005
SYSTEM
VPN Aggregator
Catalyst 3850 48
25X 36X37X 48X01X 12X13X 24X
CONSOLE
MODESYST ACTV XPS S-PWR
STAT DUPLX SPEED STACK
Catalyst 3850 48
25X 36X37X 48X01X 12X13X 24X
CONSOLE
MODESYST ACTV XPS S-PWR
STAT DUPLX SPEED STACK
1GbE
1GbE
1GbE
Speed 1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
Speed LNK/ACT 45
46
47
48
S50N-01-GE-48T-V
Console
STACK ID
ALARM
AC2
XFP27
XFP28
OK
AC1
XFP25
XFP26
LNK LNK
ACT ACT
LNK
ACT
LNK
ACT
Speed 1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
Speed LNK/ACT 45
46
47
48
S50N-01-GE-48T-V
Console
STACK ID
ALARM
AC2
XFP27
XFP28
OK
AC1
XFP25
XFP26
LNK LNK
ACT ACT
LNK
ACT
LNK
ACT
Deep Packet Inspection Firewall
Intrusion PreventionWeb FilteringAntiMalwareVPN AggregationApplication ManagementBandwidth managementUser Identity
10GbE
10GbE
Take advantage of the Power of Ten Increase bandwidth 10x for your applications
MXL blades
Reduce capital expenses by up to 30% in chassis deployments simplifying cabling & management in a blade infrastructure
FTOS-powered 10Gb top of rack switches deliver integrated support for SDN, virtualization, automation & storage networks
S4810/20T
Dell’s first fully modular 1RU switch for LAN/SAN convergence delivering 10Gb Ethernet and 8Gb Fibre Channel in a flexible pay-as-you-grow design
S5000
High performance & high density 10/40Gb switch to support today’s virtualized & cloud data centers
S6000
Take advantage of the Power of Ten Increase bandwidth 10x for your applications
NSA 2600
8 x 1GbE Copper Expansion slot for additional ports* Up to 700Mbps IPS throughput
2 or 4 x 10GbE SFP+ 4 or 8 x 1GbE SFP 4 or 8 x 1Gbe Copper Up to 4.5Gbps IPS throughput
4 x 10GbE SFP+, 8 x 1GbE SFP, and 8 x 1GbE copper Up to 9.7Gbps IPS throughput
6 x 10GbE SFP+ and 16 x 1 GbE SFP Up to 30Gbps IPS throughput
SuperMassive 10000 Series
SuperMassive 9000 Series
NSA 3600, 4600 & 5600, 6600
Reduction of points in failure, and easier to build redundancy Lowers CAPEX costs Lowest OPEX costs in training, support and maintenance Extension of features within the network (e.g. user identity)
Consolidated reporting Cabling simplification Less devices across the wire, lower latency better performance
Benefits of Consolidation and 10Gbe
10
80+ Gbps full mesh active/active DPI cluster (IPS, Malware/Threat Prevention, Application Management)
40Gbe and beyond
11
40Gbe and beyond
12
Dell Force10 Z9000
• 2.5Tbps in 2RU footprint
• High-density networking
– 32 line rate 40GbE or
– 128 line rate 10GbE
• Low power consumption
– 800 Watts Max (6.25W per 10GbE)
– 600 Watts Typical (4.68W per 10GbE)
Dell Force10 S4810
• Fully-featured FTOS-powered top-of-rack switch
• 48 x 1/10G
• 4 x 40G fabric uplinks (or 16 x 10G)
Spine & Leaf Architecture
• 40 GbE Interconnect
• All paths Active
• VLT
Segregate corporate data from BYOD devices Inspect traffic from BYOD networks for threats (Intrusions, Virus’s, Malware) Identify users Classify application traffic and apply corporate policy (e.g. DropBox) Restrict access by user identity Provide full visibility and reporting of network use
Building a Network for BYOD : Goals
13
Building a Network for BYOD : Components
14
Directory ServicesRADIUS Authentication
Server
Clients Authenticate via RADIUS Authentication with network
username and password(802.1x / WPA2-EAP)
User Group MembershipQuery to Directory Services
Internet Access Granted By UserWeb Filters Applied By UserApplication Policies Appled By UserTraffic Allocated By User
Internal Resources
Internal Access Granted By UserIntrusion and Threat PreventionApplied to all traffic
Dell Wireless ControllerForwards User ID/IP to Dell SonicWALL
Network Security Appliance
Building a Network for BYOD : Outcomes
15
Internal Resources
Building a Network for BYOD : Take it too the next level
16
• ClearPass v6.0 integrated solution – scales across business feature need and size
• Solution for BYOD and associated policy management along with WLAN
• Transition installed base to new ClearPass after v6.1 is available (Plan in development)
POLICY MANAGER, BYOD, GUEST and NAC solution combining ease of use with vertical integration
Policy Manager Includes Profile for
Device identification,
categorization
16
Confidential
Q & A
17
17
Copyright © 2013 by Dell, Inc.
No part of this document may be reproduced or transmitted in any form without the written permission from Dell, Inc.
This document could include technical inaccuracies or typographical errors. Dell may make improvements or changes in the product(s) or program(s) described herein at any time without notice. Any statements regarding Dell’s future direction and intent are subject to change or withdrawal without notice, and represent goals and objectives only.
References in this document to Dell products, programs, or services does not imply that Dell intends to make such products, programs or services available in all countries in which Dell operates or does business. Any reference to an Dell Program Product in this document is not intended to state or imply that only that program product may be used. Any functionality equivalent program, that does not infringe Dell’s intellectual property rights, may be used.
The information provided in this document is distributed “AS IS” without any warranty, either expressed or implied. Dell EXPRESSLY DISCLAIMS any warranties of merchantability, fitness for a particular purpose OR INFRINGEMENT. Dell shall have no responsibility to update this information.
The provision of the information contained herein is not intended to, and does not, grant any right or license under any Dell patents or copyrights.
Dell, Inc. 300 Innovative Way Nashua, NH 03063 USA
Notices & Disclaimers
18