Network Security and Topology

Similar documents
Soft Gateway Installation. Velocity

Integration Note for. Q-SYS Platform. by QSC. Atlona Integration Note. Velocity

Document Sub Title. Yotpo. Technical Overview 07/18/ Yotpo

Installation Guide AT-VTP-550

Integration Note for. Symetrix. Atlona Integration Note. Velocity

Integration Note for. Zoom Room. Atlona Integration Note. Velocity

Configure the Cisco DNA Center Appliance

NGFW Security Management Center

SCALE AND SECURE MOBILE / IOT MQTT TRAFFIC

Configuration Guide. How to set up the IPSec site-to-site Tunnel between the D-Link DSR Router and the SonicWall Firewall.

Configuration Guide. How to set up the IPSec site-to-site Tunnel between the D-Link DSR Router and the Fortinet Firewall. Overview

Integration Note for Biamp Tesira

SECURE, FLEXIBLE ON-PREMISE STORAGE WITH EMC SYNCPLICITY AND EMC ISILON

Installation Guide AT-OMNI-311

Information Security Policy

IBM Planning Analytics Workspace Local Distributed Soufiane Azizi. IBM Planning Analytics

RSA SecurID Implementation

the Corba/Java Firewall

NGFW Security Management Center

AKAMAI WHITE PAPER. Enterprise Application Access Architecture Overview

OpenShift Dedicated 3 Release Notes

Enterprise Open Source Databases

NGFW Security Management Center

Choosing an Interface

HikCentral V.1.1.x for Windows Hardening Guide

System Specification

Delivers cost savings, high definition display, and supercharged sharing

Server Appliance for Atlona Management System

Taming your heterogeneous cloud with Red Hat OpenShift Container Platform.

NGFW Security Management Center

Exam : Implementing Microsoft Azure Infrastructure Solutions

Introducing VMware Validated Designs for Software-Defined Data Center

HOWTO: Practical guide to configuring high availability in Panda GateDefender Integra

Deploy. A step-by-step guide to successfully deploying your new app with the FileMaker Platform

Omega 4K HDR 3x2 Matrix Switcher for HDMI and USB-C with HDMI Outputs

NGFW Security Management Center

Introducing VMware Validated Designs for Software-Defined Data Center

Network Automation using Contrail Cloud (NACC)

Nuage Networks Product Architecture. White Paper

NGFW Security Management Center

Introducing VMware Validated Designs for Software-Defined Data Center

Service Mesh and Microservices Networking

McAfee Network Security Platform 9.2

Deploy. Your step-by-step guide to successfully deploy an app with FileMaker Platform

Release Notes for Cisco Application Policy Infrastructure Controller Enterprise Module, Release x

Architectural Overview INSIGHT Remote Monitoring Platform

Customer Onboarding with VMware NSX L2VPN Service for VMware Cloud Providers

WHITE PAPER NGINX An Open Source Platform of Choice for Enterprise Website Architectures

NGFW Security Management Center

Zero to Microservices in 5 minutes using Docker Containers. Mathew Lodge Weaveworks

Docker Universal Control Plane Deploy and Manage On-Premises, Your Dockerized Distributed Applications

White Paper. Nexenta Replicast

WHITE PAPER. RedHat OpenShift Container Platform. Benefits: Abstract. 1.1 Introduction

CLUSTERING HIVEMQ. Building highly available, horizontally scalable MQTT Broker Clusters

SteelConnect. The Future of Networking is here. It s Application-Defined for the Cloud Era. SD-WAN Cloud Networks Branch LAN/WLAN

Move, manage, and run SAP applications in the cloud. SAP-Certified Infrastructure from IBM Cloud

Configuring Cisco VPN Concentrator to Support Avaya 96xx Phones Issue 1.0. Issue th October 2009 ABSTRACT

HikCentral V1.3 for Windows Hardening Guide

RecoverPoint for Virtual Machines

SAP Vora - AWS Marketplace Production Edition Reference Guide

Protocol Architecture (2) Suguru Yamaguchi Nara Institute of Science and Technology Department of Information Science

Commvault Backup to Cloudian Hyperstore CONFIGURATION GUIDE TO USE HYPERSTORE AS A STORAGE LIBRARY

Apica ZebraTester. Advanced Load Testing Tool and Cloud Platform

TIBCO Cloud Integration Security Overview

Identity Management and Compliance in OpenShift

Basic Configuration Installation Guide

Atlona Manuals Software AMS

NGFW Security Management Center

NGFW Security Management Center

Oracle IaaS, a modern felhő infrastruktúra

Run containerized applications from pre-existing images stored in a centralized registry

Self-driving Datacenter: Analytics

Veeam Cloud Connect. Version 8.0. Administrator Guide

Configure the Cisco DNA Center Appliance

Optimize and Accelerate Your Mission- Critical Applications across the WAN

SHARE in Orlando Session 17436

Cisco Tetration Analytics

Dolby Conference Phone 3.1 configuration guide for West

Etanova Enterprise Solutions

KERIO TECHNOLOGIES KERIO WINROUTE FIREWALL 6.3 REVIEWER S GUIDE

From Zero Touch Provisioning to Secure Business Intent

Hadoop and HDFS Overview. Madhu Ankam

PULSE CONNECT SECURE APPCONNECT

Launch Smart Products With End-to-End Solutions You & Your Customers Can Trust

IBM Spectrum Protect Version Introduction to Data Protection Solutions IBM

TEN LAYERS OF CONTAINER SECURITY

Highly Available Forms and Reports Applications with Oracle Fail Safe 3.0

MPLS vs SDWAN.

AT&T NetBond for SoftLayer

PROXY Pro v10 RAS Security Layer Overview

Implementing Microsoft Azure Infrastructure Solutions (20533)

TCO REPORT. NAS File Tiering. Economic advantages of enterprise file management

Ordering and deleting Single-node Trial for VMware vcenter Server on IBM Cloud instances

Configure the Cisco DNA Center Appliance

The Future of Virtualization Desktop to the Datacentre. Raghu Raghuram Vice President Product and Solutions VMware

A10 HARMONY CONTROLLER

Installation Guide AT-OPUS-RX

Continuous Integration and Deployment (CI/CD)

Reference Architecture

MODEL ANSWER PAPER SUBJECT: COMPUTER ORGANIZATION & OPERATING SYSTEM (THEORY)

Transcription:

Network Security and Topology AT-VCC AT-VGW Atlona Manuals Control

Version Information Version Release Date Notes 1 10/17 Initial release Velocity Control Sytem 2

Table of Contents Network Security and Topology 4 Introduction 4 Security 4 Velocity Gateway Appliance 5 Security 5 Velocity Gateway Appliance Redundancy 6 Velocity Virtual Software Gateway 7 Velocity Virtual Software Gateway Linux Containers 8 Velocity Control Suite Private 9 Network Traffic I/O 9 Network Ports 10 Cloud Connectivity 10 Velocity Control Sytem 3

Network Security and Topology Introduction Atlona Velocity delivers a highly secure and flexible network topography for small business and large-scale enterprise organizations. In today s challenging environments of digital networks, security is paramount. Network breaches and attacks are of common occurrence to organizations and are a significant liability to corporate and consumer information. Velocity has been strategically designed to challenge the most sophisticated security attacks. AV control and automation platforms should hold up to the same security standards as any other deployed digital system. It is up to manufacturers of AV technology to adhere and keep up with modern digital security standards. To deliver on the needs for flexibility, scale, and management, Atlona Velocity implements cutting edge technology and practices. The Velocity platform is built and derived from the Go programming language, React, and MongoDB. These technologies are backed by both Google and Facebook. Velocity is positioned to be the leader in performance, stability, and flexibility by harnessing these modern technologies. This provides the ability to service clients with a cost-effective and scalable AV control platform. In the modern age of distributed computing systems, it is not enough to only operate technology on a single hardware appliance. Distributed and scalable systems can now be deployed within virtual machines, Linux containers, and cloud-based architectures. Velocity can be deployed within any of these architectures. This provides the flexibility for AV integrators and IT organizations to design the best solution to fit the organization s needs. Atlona Velocity deploys the latest standards in network security strategies and protocols to protect and prevent network breaches into Velocity and third-party integrations. Velocity deploys the following security standards: TLS 1.2, ECDHE_RSA with P-256, AES_128_GCM, HTTPS security. Slow hashed passwords. Two-factor authentication. Private LAN self-signed certificates. Cross-site request forgery prevention. Cross-site scripting prevention. No backdoor access. Limited TCP/IP port exposure. Secure Linux operating system. Role-based features. Security Velocity Control Sytem 4

Velocity Gateway Appliance Network Security and Topology The AT-VGW-250 control gateway can support a maximum of 250 TCP/IP connections to AV equipment. With a general assumption that most corporate spaces would comprise of 10 or less controlled AV appliances, a single AT- VGW-250 can support approximately 25 rooms or more. Figure 1 depicts a general flow diagram and shows how to control and configure a single gateway appliance from a cloud or LAN environment. Figure 1 Security Velocity Control Sytem 5

Velocity Gateway Appliance Redundancy Network Security and Topology For organizations who require High Availability (HA) service for AV technology solutions, the AT-VGW-250 can be configured in a master/slave control setup. This requires a two-appliance approach. Due to the nature of some AV appliances only allowing a single TCP/IP connection, a master controller is dedicated to all AV connections. In the event the master is not available, the slave will engage all required connections and take over control requests. The slave now becomes the master controller. In a configuration where there are more than two gateways operating, some gateways become Control Managers that manage a partial set of the system s TCP/IP connections. Figure 2 Velocity Control Sytem 6

Network Security and Topology Operating Velocity in a virtual environment(s) can provide much flexibility and scale to both small and large corporate organizations. The AT-VSG can be licensed for 2500 or 5000 IP connections per virtual instance or group cluster. The Velocity Virtual Software Gateway (VSG) can also be a single self-contained virtual machine or a fully distributed High Availability (HA) server cluster paired with multiple database-replicated virtual machines. Figure 3 depicts a more complex setup for Velocity configured in an HA / database replication environment. Figure 3 Velocity Virtual Software Gateway Velocity Control Sytem 7

Velocity Virtual Software Gateway Linux Containers Network Security and Topology In the event an organization prefers to operate using Linux containers, Velocity can be executed within a container. Velocity operates within Linux containers via the use of Docker. Docker is an open source Linux container engine that executes software from within the container and, in addition, can manage and orchestrate Docker containers using Docker Swarm. For more information about Docker, visit https://www.docker.com/what-docker. To manage a Docker cluster, please visit https://docs.docker.com/engine/swarm/swarm-tutorial. Docker can be installed and operated within all three major operating systems for macos Yosemite 10.10.3 or above, Microsoft Windows 10 Pro or Enterprise 64-bit or Windows Server 2016, nearly all major Linux editions, and nearly all major cloud providers. Velocity is dependent on MongoDB database for storage of configuration, runtime information, and reporting data. Today, Docker is not the recommended choice for running enterprise class database systems. It is still highly recommended to run your MongoDB replicas within a virtual machine stack or on bare metal machines. Velocity can be configured with as many Docker nodes as desired for best performance and management. When multiple nodes are spawned, Velocity will configure specific nodes as Control Managers. These managers will be the central point of TCP/IP connections with AV equipment. This is done to meet the challenge of single socket connection appliances. Figure 4 shows a hypothetical Docker configuration. Figure 4 Velocity Control Sytem 8

Velocity Control Suite Private Network Security and Topology The Velocity Control Suite hosted on the cloud at https://velocity.atlona.com is a shared hosted service. Velocity Control Suite can also be hosted as a dedicated private service, either on an internal LAN or hosted via a cloud provider. More information on licensing and hosting options coming soon. Typical network traffic for the Velocity platform requires a 10/100 Mbps network switch. The platform is designed around push notifications to keep overall network traffic to a minimum. Usages with specific AV equipment may vary depending on API design and implementation of control for specific third-party equipment. Browser traffic is also kept to a minimum by design of Single Page Application (SPA), browser caching, and HTTP 2.0 technology. Navigation from page to page by users is done by partial data requests rather than a full-page HTTP request. Full-page requests are only performed once on initial load to minimize traffic. Velocity supports browser caching to minimize HTTP file requests. Velocity also supports HTTP 2.0 which deploys new request compression technology to reduce traffic payload. Below are average traffic requests for browser access. Network Traffic I/O Request page Request type Cached Payload (kb) Home Full page No 1500 Home Partial page No 173 Home Full page Yes 241 Home Partial page Yes 2.2 Room Modify Devices Full page No 1600 Room Modify Devices Partial page No 301 Room Modify Devices Full page Yes 588 Room Modify Devices Partial page Yes 301 Room Control Full page No 1500 Room Control Partial page No 170 Room Control Full page Yes 415 Room Control Partial page Yes 170 N/A HTTP POSTS N/A < 200 N/A AV equipment API calls N/A < 1 Velocity Control Sytem 9

Network Security and Topology Network Ports The following default ports are required to be open on your router to communicate to and from Velocity for both LAN and WAN networks. Port number I/O type LAN required Cloud required 80 HTTP requests Yes No 443 HTTPS requests Yes Yes 23 Atlona API Telnet Yes No 52315 Velocity MQ Pub / Sub Yes No Cloud Connectivity In order for Velocity Gateway appliances to be connected to the cloud, two-way traffic must be allowed to and from https://velocity.atlona.com. Velocity Control Sytem 10

atlona.com 408.962.0515 877.536.3976 2017 Atlona Inc. All rights reserved. Atlona and the Atlona logo are registered trademarks of Atlona Inc. All other brand names and trademarks or registered trademarks are the property of their respective owners. Pricing, specifications and availability subject to change without notice. Actual products, product images, and online product images may vary from images shown here.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback