Extreme Secure Automated Smart Factory

Editor's Notes

• #10: Customer Study Information Source: Fabric Connect Customer Experience Research, Dynamic Markets, January 2015 We have been touting the benefits of a fabric-based network for some time now, and we felt that we wanted to quantify the benefits of the technology. So, we engaged a research company called, Dynamic Markets, to reach out to our current customer base of Fabric Connect users to measure and quantify the benefits of Fabric Connect. Each customer was interviewed and asked to report performance of their network before Fabric Connect and the performance afterward. The bottom line is that we were thrilled with the results. Customers reported that implementing the network was 11 times faster and that configuring and troubleshooting was 7 times faster. Let’s put this into perspective. If every time that you needed to configure a service, it took you nearly 5 days, but now you could do it in less than 1 day, could you think of something cool that you could do with an extra 4 days for every service that you roll out? If it takes you on average nearly 40 hours to troubleshoot issues, but you were able to drop that down to 6 hours, do you think you could find something productive do with the 34 hours of savings for every issue? Now, the next stat was particularly interesting to us. The average failover time for Fabric Connect was 320 milliseconds. Honestly, that number wasn’t surprising to us, but the “before” number was. Before implementing Fabric Connect, customers reported an average failover time of nearly 14 minutes. At first we questioned the results, then after validating with the research company we started understand what was happening. If a network is taking 30, to 60 or more seconds to recover, applications start to fail. Not only do the likely 4-6 legacy protocols have to converge together, but the applications now have to recover in order too. To keep applications up, network recoveries need to be undetectable. Now, since with Fabric Connect, you don’t have to configure the network core, we also asked about outages due to human errors. The average came out at 100% improvement with a prior average of 3 outages per year. So, full disclosure, the average time since implementation was approximately one year, so things could still happen, but nonetheless, we like the direction of the results. We have made this report public on Avaya.com; so please take a deeper read.
• #12: Campus Automation Rollout 1) Fabric attach proxy / client support on EXOS switches – EXOS 22.4 (November) 2) Fabric attach client support on ExtremeWireless 3900 APs – ExtremeWireless 10.41 (October?)
• #17: As a backdrop to our first capability, the NSA has an organization whose role is to infiltrate systems. In a recent conference, Rob Joyce, Chief of Tailored Access Operations, gave four fundamental tips to organizations to better protect their network and IT assets. Number two on the list was to segment networks and data. His reason for stating this is two fold. First, network traffic that is segmented is isolated from other traffic and unseen from outside the segment. Second, a well segmented network means that if a breach occurs, it can be contained… the difference between a contained and uncontained breach is the difference between an incident and a catastrophe. So, let’s look at hyper-segmentation… Full Quote: “If you really want to make the NSA’s life hard…limit access privileges for important systems to those who need them; segment important data to make it harder for hackers to reach your jewels; patch systems and implement application whitelisting; remove hardcoded passwords and legacy protocol that transmit passwords in the clear.” Source: — Rob Joyce, Chief of Tailored Access Operations US National Security Agency: “Disrupting Nation State Hackers”, USENIX Enigma, January 2016. https://www.usenix.org/conference/enigma2016/conference-program/presentation/joyce
• #18: Here is a depiction of how network segmentation is generally done today. VLAN’s came about to form broadcast domains at the edge of the network. Access Control Lists simply map user permissions to systems. Micro segmentation secures connections mainly between servers in a data center. Attempts to create an end-to-end segment either involves a costly and complex MPLS LAN implementation or using VLAN chaining when IT organizations configure switch-by-switch a VLAN path across the network – including configuring the network core which becomes very risky. With hyper-segmentation, only the network end-points are configured and the end-to-end control plane takes care of everything else. In fact, by just plugging a device into the network a segment can be automatically configured on the network end-point – but more on that later. Because of the ease of configuration, creating hundreds or thousands of unique virtual networks becomes practical. The limit is 16 million. Once Hyper-segments are created, organizations experience a reduction in the attack surface, a quarantine function if a segment is breached, improvement of anomaly scanning, and greater firewall efficiency. Imagine being able to have secure isolated zones for financial transactions, customer records, video surveillance, physical security, R&D groups, executives, IoT devices, kiosks, etc… And one of the best parts is yet to come.
• #19: Here is a depiction of how network segmentation is generally done today. VLAN’s came about to form broadcast domains at the edge of the network. Access Control Lists simply map user permissions to systems. Micro segmentation secures connections mainly between servers in a data center. Attempts to create an end-to-end segment either involves a costly and complex MPLS LAN implementation or using VLAN chaining when IT organizations configure switch-by-switch a VLAN path across the network – including configuring the network core which becomes very risky. With hyper-segmentation, only the network end-points are configured and the end-to-end control plane takes care of everything else. In fact, by just plugging a device into the network a segment can be automatically configured on the network end-point – but more on that later. Because of the ease of configuration, creating hundreds or thousands of unique virtual networks becomes practical. The limit is 16 million. Once Hyper-segments are created, organizations experience a reduction in the attack surface, a quarantine function if a segment is breached, improvement of anomaly scanning, and greater firewall efficiency. Imagine being able to have secure isolated zones for financial transactions, customer records, video surveillance, physical security, R&D groups, executives, IoT devices, kiosks, etc… And one of the best parts is yet to come.
• #21: Here is a depiction of how network segmentation is generally done today. VLAN’s came about to form broadcast domains at the edge of the network. Access Control Lists simply map user permissions to systems. Micro segmentation secures connections mainly between servers in a data center. Attempts to create an end-to-end segment either involves a costly and complex MPLS LAN implementation or using VLAN chaining when IT organizations configure switch-by-switch a VLAN path across the network – including configuring the network core which becomes very risky. With hyper-segmentation, only the network end-points are configured and the end-to-end control plane takes care of everything else. In fact, by just plugging a device into the network a segment can be automatically configured on the network end-point – but more on that later. Because of the ease of configuration, creating hundreds or thousands of unique virtual networks becomes practical. The limit is 16 million. Once Hyper-segments are created, organizations experience a reduction in the attack surface, a quarantine function if a segment is breached, improvement of anomaly scanning, and greater firewall efficiency. Imagine being able to have secure isolated zones for financial transactions, customer records, video surveillance, physical security, R&D groups, executives, IoT devices, kiosks, etc… And one of the best parts is yet to come.
• #22: Here is what you see without hyper-segmentation. Since IP (internet protocol) is a flood and learn technology, IP scanning tools can be used to figure out the topology of a network. Unlike traditional technology, Fabric Connect delivers hyper-segments that are not exposed to the vulnerabilities of Internet Protocol (IP). This means is that in the event the organization is breached outside of a hyper-segment, the hacker only sees darkness. If the breach is within a segment the hacker is unable to see anything outside that segment – this is important – this is difference between a simple breach and a catastrophe. Containment is key. Now, here is the big difference between our solution and others… This is where the native part becomes important. Where most companies are using firewalls to block access to data, with Fabric Connect, segment traffic is inherently invisible as it traverses the entire network. It is difficult to hack what you cannot see. So, the last capability ties it all together…