With the continuous integration of Ethernet technology, IP technology and virtualization technology, the campus network is constantly developed, and its network environment, user model and business model have changed greatly. Users have higher requirements for the mobility, security and service quality of the campus network.
l In addition to traditional cable access, the applications of WLAN, IoT and other technologies are becoming more and more widely, the types of access terminals are more and more, and the access scenarios such as office, wireless and SOHO are not fixed. How to manage different campus networks, so as to provide users with consistent IT services?
l The internal staff, partners, and foreign visitors of the enterprise are numerous and complex, and there are some behaviors and potential threats, such as virus spreading, hacker attack, information disclosure, illegal access, and illegal Internet access. How to prevent and resolve?
l Different business departments have different access rights and business systems. How to separate the user and the business from each other and deliver the right authority to make the right person access the right resources?
l With the continuous expansion of the campus network scale, the number and type of network devices have increased greatly. How to realize more simplified operation and maintenance management?
In order to meet the needs of the campus network in the mobility, security, and easy to operate and maintain,Maipu campus solution has the following characteristics:
Wired and wireless integrated management
The integration of wired and wireless networks makes the boundary between the two networks more and more blurred. At this time, the special businesses brought by the wireless network, the information leakage when the illegal wireless device is connected, the user-based security protection and other problems, have brought new management challenges to the network management.
The integrated management of wired and wireless requires the integration of the two on the same management platform. At the bottom, the wired and wireless devices use the same MIB and command line; on the function, the wired and wireless devices are compatible with each other in the topology, alarm, performance, and so on; on the technology, it is necessary to apply ACL, QoS and so on to the wireless network, realizing the integrated management of the devices. In this way, users can view the status of the wired and wireless devices on the same set of software and the same topology. While using mature wired management technology, they can also configure the wireless devices and wireless services individually to realize the unified management of AC, Fat AP, Fit AP, and mobile terminals; in addition, the wireless network have many APs, and there may be the problem of the invalid AP device access. The management software should also provide Rouge AP protection, hot coverage, wireless locating and other business functions, and provide the batch configuration and upgrade of the policy template and other functions for the massive devices, improving the management efficiency and reducing maintenance costs.
Controllable and auditable security access
As for the type diversification of the terminal devices in the new-generation campus network and the development trend of unbounded access, Maipu proposed the BYOD terminal mobile solution. The solution supports a variety of authentication modes, such as 802.1X, Web Portal, MAC and VPN; supports unique visitor access mode and role-based resource access control capability; supports peripheral control, black-and-white software management, anti-virus management, client ACL and other security control strategies for terminal devices; supports detailed network access behavior audit ability. With the detailed reports, we can master the access path of the user network easily.
First of all, from the perspective of controlling the user's security access network, it integrates the functions of terminal security check, user identity authentication, dynamic access authorization, user behavior audit and so on. Through the linkage of intelligent client, security policy server, intelligent linkage equipment and third-party software, it enforces the security check for the user terminals accessing the campus network, and strictly controls the network usage behavior of the end user, so as to enhance the initiative defense ability of the user terminal.
The management of campus network should also ensure that the users accessing the network correctly get the authority of accessing the related resources, dynamically deliver VPN, VLAN, ACL and other security control policies to authenticated users, divide access rights and business flows according to business and application, carry out lateral security isolation, and provide flexible exchange visit control according to needs. The management software should also consider linking with the behavior audit system deployed in the Internet export, auto associating the IP address in the audit information with the user identity information, realizing the user-based behavior audit, and further strengthening the stability and security of the whole network.
Virtualized campus network architecture
Through the H-VST technology of Maipu, virtualize the devices at the access layer, the aggregation layer and the core layer of the campus network horizontally, virtualizing a number of redundant devices to a single logical device to form a network management and forwarding node. So the network structure of the new-generation campus network is simple, the routing table is simple, and the management is simple.
With the M-VST technology, multiple devices in one LAN share on management interface and IP address, realizing the IP-based network management method, so as to simplify the network management and reduce or eliminate the L3 capability requirement for the managed device IP. The devices of the M-VST management domain form one unified management platform through M-VST protocol. The multiple devices sharing one management IP are called a M-VST management domain. After the M-VST management domain is set up, all devices in the domain can be managed on the Master device, thus greatly reducing the workload of device management.
Maipu mere one campus network has the characteristics of more flexible, safer and easy to operate, laying the foundation for the integrated, trustworthy, business-isolated, and refined perceptive campus network management.