Making IoT Easy

Download PDF
22 downloads 403 Views 550KB Size Report
Comment
Exposes north and southbound API's. • Offers a Software Development Kit (SDK). The IoT Controller performs these funct
Solution Brief

Making IoT Easy In the age of the “Internet of Things” (IoT), technology can now assume effective omnipresence — from heart machines to heating and air-conditioning systems. Managing and securing omnipresence in organizations is a formidable challenge; Extreme Networks’s SDNbased IoT solution can help make the benefits of IoT a practical reality.

The Challenges of IoT More than ever organizations understand that technology can improve customer and patient care, increase staff efficiencies, and reduce costs. As a result, organizations have implemented thousands (in some cases tens of thousands) of connected devices to take advantage of these opportunities. In the name of efficiency, organizations are also moving what were once standalone networks on to the central network. At the same time, organizations are also well aware that devices are under significant attack from hackers seeking to tamper with controls and gain access to more sensitive areas of the network like customer and patient databases. Compounding the problem is the sheer number and mobility of devices. Today, securing and managing thousands of IoT and other devices, seems practically impossible.

WWW.EXTREMENETWORKS.COM

Introducing the Extreme Networks Surge IoT Solution TM

The purpose of the Surge IoT solution is to make it easy to securely deploy IoT-type devices and deliver efficiency to your business. With an open SDN architecture, the solution is capable of helping secure and manage up to 168,000 devices and can run on any vendor’s network. The Surge IoT solution capabilities include:

HyperSec Zoning that: • Isolates traffic into encrypted zones using Extreme Networks’s HyperSec technology set that reduces the attack surface and mitigates ill-intended lateral movement toward sensitive areas of the network. • Helps protect IoT devices from being seen and from harmful traffic such as viruses and malware. • Filters traffic flows on a white-list basis that limits what the device receives and transmits as well as who or what the device communicates with – even preventing the device from sending malicious traffic.

1

Elasticity that: • Uses Follow Me profiles that are set centrally and applied on a by-device basis. When disconnected from the network, profiles disappear. When re-connected, profiles are automatically re-assigned. • Offers elastic Layer 2 zones that easily and seamlessly extend across a network providing flexibility for enterprise-wide L2 applications. • Utilizes onboarding utilities that reduce the work for IT staffs by using QR codes and uploading capabilities to register devices.

IoT Intelligence that: • Learns and updates from traffic flows. Profiles are updated on a white-list basis as conditions change continually improving security postures. • Reports asset utilization detailing the operational activity of devices prompting decisions such as asset additions or redeployment. • Offers programmable API’s to customize services and applications.

End-to-end network segmentation was cited by 400 IT professionals in the U.S. as an essential security measure. Yet: • Only 23% currently deploy • And (22%) didn’t even know it was possible. The top reasons for not having a network segmentation: • Too complex (35%) • Too resource intensive (29%) • Too risky to deploy (22%). Source: Veraquest End-to-End Network Segmentation Research Independent Market Research Commissioned by Extreme Networks, August 2016

WWW.EXTREMENETWORKS.COM

Components and functions of the SDN IoT Solution

What it Is SDN-Based IoT Controller At the heart of the Surge solution, the IoT Controller provides the management of the integrated IoT environment. Delivered as software to any standards-based server, the controller performs the following functions: • Assigns service profiles to ONA’s • Manages interfaces into SDN program environments • Presents inventory lists of devices • Exposes north and southbound API’s • Offers a Software Development Kit (SDK) The IoT Controller performs these functions by utilizing an OpenDaylight multi-protocol controller that manages all the services modules within the framework. Using open protocols of NETCONF and OpenFlow for network configuration, manager/services modules can be accessed via a programmable northbound or southbound API layer.

Open Networking Adapter The following two elements comprise the Extreme Networks Surge solution and run on any vendor’s network. Featuring a pocket-sized fan-less form factor, the Open Networking Adapter (ONA) is a software based appliance containing a Linux operating system with Open vSwitch. When programmed, the ONA provides many intelligent functions to support a broad range of IoT-type devices (with an Ethernet port) that have traditionally been difficult to control on the edge of the network.

2

Open vSwitch is a feature-rich open-source virtual switch that provides automated network service provisioning using Auto-Attach (IEEE draft 802.1Qcj) including a flexible range of traffic flow programming for forwarding, filtering, isolation, monitoring, queuing, shaping, and logging.

HyperSec Gateway The HyperSec gateway is the applicance that houses the HyperSec technology set which is the encryption-based forwarding plane of the Surge IoT solution. Comprised of IPsec and OpenFlow protocols and Layer 2 extensions, this technology set maps authorized traffic directly into secure encrypted tunnels at Layer 2 or via encrypted tunnels across an IP network. Protection is provided end-to-end for both Ethernet switched flows and IP-routed flows.

The Extreme Networks SDN IoT solution delivers the simplicity needed to help connect, secure and manage the growing number of devices and technologies to reduce breaches, implement new innovation rapidly, and improve IT staff efficiency.

What it Does To better understand how the Surge solution helps secure and simplify IoT-type device deployments, the following describes how the solution is implemented from shipping dock to full production.

On-boards • Isolated network segments are configured on the network and identified in the IoT Controller. • Profiles are created in the IoT Controller consisting of isolated network segments and flow rules. • New devices arrive at the organization. • Either through manual entry or by using a smartphone to scan the device’s bar code, the device’s serial number and MAC address is added to the IoT Controller.

Deploys • The device and ONA are delivered to their field location. • The device Ethernet cable is plugged into the ONA device port and the ONA is plugged into a switch port. • The ONA then signals the IoT Controller which sends the profile to the ONA and traffic begins to flow.

Helps Secure • Once paired with the ONA, all traffic flow associated with the device is filtered according to the profile established from the IoT Controller. • Traffic passing through HyperSec segments is encrypted. • If a hacker unplugs the IoT device from an ONA and attempts to gain network access, the profile rules in the ONA will block the new device (a laptop for example) from communicating and the user will not have any network visibility. • In the event an ONA is lost or stolen, the ONA does not store or contain any information about the profile it was running and therefore cannot be used to gain unauthorized access to a network.

Follows • When a device/ONA pair is moved to a new location, the pair is simply plugged into a wall-jack and will signal the IoT controller to obtain its profile. • The IoT controller then sends the profile information to the ONA for the IoT device to communicate on the network.

Tracks • All registered devices are presented as an inventory list on the management application. With by-device traffic logging, tracking a variety of metrics is possible such as asset activity levels of each device.

Learns Data logs can be analyzed in a variety of ways to learn from traffic flows and update security profiles accordingly. Programmable API’s can be created to customize services and applications.

• Next, ONA’s are entered into the IoT Controller by scanning the ONA’s QR code. Device and ONA are then paired and assigned a profile.

WWW.EXTREMENETWORKS.COM

3

Deliver New Innovation Fast

Forty-eight percent of incidents involved a malicious or criminal attack, 25 percent were caused by negligent employees or contractors (human factor) and 27 percent involve system glitches that includes both IT and business process failures. 2016 Cost of Data Breach Study: Global Analysis Benchmark Research sponsored by IBM Independently conducted by Ponemon Institute LLC.

Deploying thousands of innovative devices faster and more securely can seem nearly impossible. The Extreme Networks Surge solution provides the simplicity you need to help automatically connect, secure, and manage the ever-growing number of technologies available.

Achieve Greater Efficiency and Lower Costs The concept of IoT for organizations promises greater efficiency for professionals and supporting staff. Make it a reality with Extreme Networks Surge, which provides affordable, cost-effective infrastructure that reduces complexity and increases security.

Focus Your IT Resources Strategically

Realize the Vision of IoT with Extreme Networks As the business environment continues to change and innovation accelerates, the Extreme Networks Surge solution can help your organization:

IT organizations typically spend too much time performing manual tasks—known as “just keeping the lights on.” Extreme Networks Surge lets IT organizations cut time spent on repetitive tasks and troubleshooting. Notice: While reasonable efforts were made to provide information that is complete and accurate at the time of printing, Extreme Networks can assume no liability for any errors. Changes and corrections to the information in this document may be incorporated in future releases.

http://www.extremenetworks.com/contact

Phone +1-408-579-2800

©2017 Extreme Networks, Inc. All rights reserved. Extreme Networks and the Extreme Networks logo are trademarks or registered trademarks of Extreme Networks, Inc. in the United States and/or other countries. All other names are the property of their respective owners. For additional information on Extreme Networks Trademarks please see http://www.extremenetworks.com/company/legal/trademarks. Specifications and product availability are subject to change without notice. 11911-0617-26 WWW.EXTREMENETWORKS.COM

4