Perfigo Design Comparison Overview

Similar documents
Cisco CleanAccess (a.k.a. Perfigo) Design Recommendation Overview

Campus Network Design

Campus Network Design. 2003, Cisco Systems, Inc. All rights reserved. 2-1

University Lowers Barriers, Fortifies Security with Virtualization

Information Technology Procedure IT 3.4 IT Configuration Management

Campus Network Design

Assessing performance in HP LeftHand SANs

Network Service Description

Chapter 3 Virtualization Model for Cloud Computing Environment

Campus Network Best Practices: Core and Edge Networks

Configuring High Availability (HA)

Introduction and Datacenter Topology For Your System

Campus network: Looking at the big picture

Cisco ASR 1000 Series Aggregation Services Routers: ISSU Deployment Guide and Case Study

CCNP Switch Questions/Answers Cisco Enterprise Campus Architecture

Exam Code: Exam Code: Exam Name: Advanced Borderless Network Architecture Systems Engineer test.

Navigating the Pros and Cons of Structured Cabling vs. Top of Rack in the Data Center

Deployments and Network Topologies

India Operator BNG and IP Router

VXLAN Overview: Cisco Nexus 9000 Series Switches

University of British Columbia

Politecnico di Torino Network architecture and management. Outline 11/01/2016. Marcello Maggiora, Antonio Lantieri, Marco Ricca

Network Virtualization

Deploy Microsoft SQL Server 2014 on a Cisco Application Centric Infrastructure Policy Framework

ROYAL INSTITUTE OF INFORMATION & MANAGEMENT

SAN Design Best Practices for the Dell PowerEdge M1000e Blade Enclosure and EqualLogic PS Series Storage (1GbE) A Dell Technical Whitepaper

Independent DeltaV Domain Controller

IT Discovery / Assessment Report Conducted on: DATE (MM/DD/YYY) HERE On-site Discovery By: AOS ENGINEER NAME Assessment Document By: AOS ENGINEER NAME

WHITE PAPER: BEST PRACTICES. Sizing and Scalability Recommendations for Symantec Endpoint Protection. Symantec Enterprise Security Solutions Group

How Cisco IT Deployed Cisco Firewall Services Modules at Scientific Atlanta

Networks with Cisco NAC Appliance primarily benefit from:

Kaltura Platform: Ultimate Deployment Flexibility

VCAP5-DCD. Vmware. VMware Certified Advanced Professional 5 - Data Center Design

QuickSpecs HP ProCurve Manager Plus 3.1

Logical Network Design (Part II)

TECHNICAL BRIEF. 3Com. XRN Technology Brief

Xceedium Xio Framework: Securing Remote Out-of-band Access

Frequently Asked Questions for HP EVI and MDC

PLANEAMENTO E GESTÃO DE REDES INFORMÁTICAS COMPUTER NETWORKS PLANNING AND MANAGEMENT

Sun Microsystems Product Information

70-414: Implementing an Advanced Server Infrastructure Course 01 - Creating the Virtualization Infrastructure

Cisco 4000 Series Integrated Services Routers: Architecture for Branch-Office Agility

Ethernet Wide Area Networking, Routers or Switches and Making the Right Choice

OnePlanner. Unified Design System

Securing Access to Network Devices

Ellie Bushhousen, Health Science Center Libraries, University of Florida, Gainesville, Florida

Cisco Data Center Network Manager 5.1

PROJECT PROGRESS REPORT Information Technology Equipment. Chabot- Las Positas CCD October 27, Equipment Categories of Hardware and Software:

Table of Contents Table of Contents...2 Introduction...3 Mission of IT...3 Primary Service Delivery Objectives...3 Availability of Systems...

Dell Solution for JD Edwards EnterpriseOne with Windows and SQL 2000 for 50 Users Utilizing Dell PowerEdge Servers And Dell Services

3050 Integrated Communications Platform

PASS4TEST. IT Certification Guaranteed, The Easy Way! We offer free update service for one year

IPv6 Deployment Planning

Federal Agencies and the Transition to IPv6

Virtualisierung nur im RZ? Werden Netzwerke immer komplexer? Göran Friedl Senior Network Consultant, Avaya Deutschland GmbH

HABERSHAM COUNTY BOARD OF COMMISSION EXECUTIVE SUMMARY

Prepared by Agha Mohammad Haidari Network Manager ICT Directorate Ministry of Communication & IT

CCNP BCMSN Quick Reference Sheets

Understanding VLANs. Existing Shared LAN Configurations CHAPTER

Cloud Computing introduction

OmniSwitch 6850E Stackable LAN Switch

Virtual Switching System

The Aruba S3500 Mobility Access Switch

BREITKOM Network Sdn Bhd Corporate Profile

Introduction to Cisco ASR 9000 Series Network Virtualization Technology

Los Rios Community College District Enterprise WAN Backbone

ATTACHMENT 1 Vendor Compliance Matrix Request for Proposal 3093 CCAC Infrastructure Upgrade Phase 1: Campus Core Switch Upgrade Project

EXAM - HP0-J64. Designing HP Enterprise Storage Solutions. Buy Full Product.

Best Practices for Deploying a Mixed 1Gb/10Gb Ethernet SAN using Dell Storage PS Series Arrays

Cisco FirePOWER 8000 Series Appliances

Technical Document. What You Need to Know About Ethernet Audio

Sage 200 Online. System Requirements and Prerequisites

DELL EMC VSCALE FABRIC

Information Technology General Control Review

Service Level Agreement (SLA) and Service Level Objectives (SLO)

HP ProCurve Manager Plus 3.0

Question No : 1 Which three options are basic design principles of the Cisco Nexus 7000 Series for data center virtualization? (Choose three.

Cisco NAC Network Module for Integrated Services Routers

HP StoreVirtual Storage Multi-Site Configuration Guide

VMware vsphere 4. The Best Platform for Building Cloud Infrastructures

Large SAN Design Best Practices Using Cisco MDS 9700 and MDS 9500 Multilayer Directors

Architecting the High Performance Storage Network

Service Manager. Ops Console On-Premise User Guide

Integrating Cisco Video Surveillance Manager with Virtualized Multi-Tenant Architecture

The OnApp Cloud Platform

Virtual Private Networks (VPNs)

Windows MultiPoint Server 2011 Planning Guide. Document Version 1.0 March 2011

HP E-PCM Plus Network Management Software Series Overview

GoToMyPC Corporate Product Guide

21CTL Disaster Recovery, Workload Mobility and Infrastructure as a Service Proposal. By Adeyemi Ademola E. Cloud Engineer

Huawei Enterprise Network esight Channel Sales Guide HUAWEI TECHNOLOGIES CO., LTD. Issue 3.2. Date

12/04/ Dell Inc. All Rights Reserved. 1

Exam Questions

firewalls perimeter firewall systems firewalls security gateways secure Internet gateways

Chapter 4. Fundamental Concepts and Models

WINNER 2007 WINNER 2008 WINNER 2009 WINNER 2010

Private Cloud at IIT Delhi

IPv6 Deployment Planning. Philip Smith PacNOG 10, Nouméa 21 st November 2011

Simplifying Downtime Prevention for Industrial Plants. A Guide to the Five Most Common Deployment Approaches

2. Firewall Management Tools used to monitor and control the Firewall Environment.

Transcription:

Perfigo Design Comparison Overview The University of Utah has chosen the Cisco Perfigo product to provide a replacement for the University WANA product. The Perfigo initial implementation will replace only the existing WANA functionality. The University will not deploy any additional feature sets. The Perfigo installation will cover the entire University/University Hospital campus network system. Due to the nature of the Perfigo product and the current implementation layout of the campus network system, the University has different design choices available to it. The optimum choice will combine ease of maintenance, distribution of load and the minimizing of costs. The basic design of the Perfigo product is a Smart Manager that controls 1 or more of the Smart Servers. The Smart Manager communicates to the Smart Servers via secure routed connections. The individual Smart Servers communicate directly to the wireless Access Points via a Layer 2 connection. The Smart Servers have two main functions in the initial deployment of the U. They act as authentication devices for clients attempting to connect to the wireless network and they act as routers that take the layer 2 traffic and route it appropriately. Figure 1 shows the basic Perfigo conceptual drawing. Figure 1 Perfigo Basic Conceptual Diagram Page 1 of 6

Detail The Perfigo design options break into two discrete options with a third option that is simply a variation of one of the former two. In all design options, the University of Utah would maintain two Smart Manager units. One Smart Manager would reside in the Komas Datacenter or EBC Datacenter. The other unit would reside in either the Hospital datacenter or the EBC Datacenter. Perfigo Design 1 Distributed Smart Servers The first design option for the Perfigo deployment is a simple replacement of the existing WANA boxes with Perfigo Smart Servers. The individual Smart Servers would reside in the location of each of the campus distribution nodes (note: campus distribution node refers to either the hospital or lower campus distribution node) exactly like the current WANA boxes do today. Virtual Local Area Networks (VLANs) span from the campus distribution nodes onto the individual departmental switches and terminate at the Access Points. Table 1 shows some of the pros and cons of this design option. Figure 2 shows a rough diagram of the design. Table 1 List of Pros and Cons for Perfigo Design Option One Pros Cons Design already proven, no real change Highest server count (hardware and software license) Simple replacement of existing WANA boxes No redundancy for servers or networks (can add redundant servers at a cost No spanned vlans across the campus backbone, Distributed power/cooling requirements in multiple limits any spanning tree issues locations (increase of costs) No requirement for additional physical resources, i.e. fiber and fiber installation Page 2 of 6

Figure 2 Diagram of Perfigo Design option 1 Perfigo Design 2 Aggregated Smart Servers with spanned vlans The second design option for the Perfigo deployment aggregates the Smart Servers in the datacenter. The Smart Servers would reside completely in a datacenter and not distribute across the node locations. VLANs from the aggregated Smart Servers would span across the campus backbone into a department s network equipment and terminate at the Access Points. Table 2 shows some of the pros and cons of the Perfigo Design Option Two. Figure 3 shows a rough diagram of the design. Table 2 List of Pros and Cons of Perfigo Design Option Two Pros Cons Stability of servers in a very hardened datacenter Spanned vlans offer a possible impact on the whole campus infrastructure Potentially fewer servers for a campus-wide Introduction of additional latency by traversing deployment campus (on order of milliseconds) No requirement for additional physical resources, No redundancy for servers or networks (can add i.e. fiber and fiber installation redundant servers at a cost) Page 3 of 6

Figure 3 Diagram of Perfigo Design option 2 Perfigo Design 3 Aggregated Smart Servers with fiber The third design option for the Perfigo deployment replicates the design of option two with the exception of how it delivers layer 2 functionality to the Access Points. The third design brings layer 2 functionality from the datacenter to the distribution node via private fiber instead of a spanned VLAN. From the distribution node switch to the Access Point, the design would use a spanned VLAN over departmental switches and terminate at the Access Point. Table 3 Lists of Pros and Cons of Design Option Three Pros Cons Stability of servers in a very hardened datacenter Use of fiber and fiber installation resources (raises costs) Provides physical isolation of a portion of the Bypasses use of existing backbone resources (raises wireless network from the campus network costs) No spanned VLANs from distribution point to the Introduction of additional latency by traversing datacenter campus (on order of milliseconds) Potentially fewer servers for a campus-wide No redundancy for servers or networks (can add deployment redundant servers at a cost) Page 4 of 6

Other Considerations Campus to Departmental VLAN implications Each of the three design options poses the problem of the spanned VLAN from the distribution node into the end department. This problem has multiple facets. The spanned VLAN requires cooperation between the end department and the central campus. The central campus must either administer the VLAN span or trust the local network administrator to correctly deploy the spanned VLAN across the departmental network. The department and central campus must also agree whether the IP space on VLAN is from the central campus pool or from the department s allocation of IP space. Generally, the allocation of campus IP space will probably make more sense but individual entities might have requirements due to firewall or other restrictions that will require use of their IP allocation. The hospital is potentially a case in point. For those entities that can use the campus allocation within their network borders, those entities will benefit by being able to treat the wireless users as completely foreign users. Power treatment All of the options have specific power requirements and, therefore, treatment of the power grid is necessary to understand the full implications. For example, if the Perfigo deployment uses option 2 or 3, all the servers could potentially be in the same datacenter. If a disaster happens to that datacenter, all web authenticated wireless access will fail. However, if the deployment follows option 1, then personnel will have to ensure that each distribution node has adequate power/cooling hardening, thereby, increasing the total cost. Implications of changes in campus physical topology The lower campus is slowly changing the physical topology of its distribution nodes. Over time, the lower campus portion of the network is collapsing the distribution nodes into two physical hardened datacenter areas. This collapse directly affects the Perfigo designs. For the first design, less Perfigo servers will be necessary to provide equivalent services. For the third design, the effect is to less the amount of fiber and fiber installation necessary to cross-connect the servers in the datacenter with the actual distribution node. The collapse does not necessarily affect the second design unless the campus also chooses to also collapse the number of distribution nodes. Spanned VLAN discrepancies The University of Utah Hospital and the lower campus view spanned VLANs across a campus backbone in distinctly different ways. The hospital spans numerous VLANs across its core to accommodate various applications. The lower campus has maintained a strictly routed backbone. The hospital manages networks to the desktop or at least to the switch port. The lower campus manages some networks to the desktop and some networks to a departmental router. At the departmental router, the lower campus network group must either trust the competency and judgment of the end network administrator or take steps to protect the core from mishaps. This discrepancy has implications regards the design option two. Remote clinics/campus treatment None of the three options gives adequate treatment to remote clinics/campuses. Due to the nature of the Perfigo product, one must deliver layer 2 services from the main campus to the remote clinic/campus. Delivery of the layer 2 services lies outside the scope of the Perfigo deployment. Options that exist: a) arrange for connectivity to remote clinics/campuses that allow layer 2 service deployments b) deploy a wireless vendor that supports proprietary layer 2 services to the Access Point c) deploy layer 2 services over some sort of tunneling mechanism to the remote sites. Page 5 of 6

Hardware Treatment The hardware necessary for the CleanAccess Manager and CleanAccess Servers can vary widely, depending on the expected load and features required for a particular implementation. The University can approach the problem of hardware purchases by one of two options: a) buying the best servers today and amortize them over the next 3 years b) using existing hardware and upgrade the hardware as usage requires. The top of the line option would comprise: Cisco Clean Access Server machines o Lower campus - (4 x) HP DL380G4 w/2 gig of memory. 361011-001 $5103 o Upper campus (2x) HP DL380G4 w/2 gig of memory. 361011-001 $5103 Cisco Clean Access Manager machines o Lower campus (1x) HP DL380G4 w/2 gig of memory. 361011-001 $5103 o Upper campus (1x) HP DL380G4 w/2 gig of memory. 361011-001 $5103 The second option uses existing hardware. The campus currently owns the following hardware: (6x) Pentium 4 2.6GHz 512MB RAM dual 80GB hard-drive dual Gig interface Of these 6 boxes, 4 would be available for use for rolling out the Cisco CleanAccess boxes. The campus would have to purchase 4 more boxes for the complete project. The campus would also have to roll out the project in a manner which retained current images of the existing hard drives in case of problems. The existing boxes currently run the WANA system today. These boxes are around 6 months old. Recommendation For the design recommendation with accompanying budget requirements, please see the document: Cisco CleanAccess (a.k.a. Perfigo) Design Recommendation. The title reflects the re-branding of the Perfigo product acquisition by the Cisco marketing team. Summary The initial University of Utah Perfigo deployment will completely replace the WANA deployment that provides web authentication for much of the wireless infrastructure. This deployment has two distinct options and a variation of one of the options. The University must decide on an appropriate option and deploy. Other considerations exist outside the deployment itself that directly impact the deployment. Page 6 of 6

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback