More Related Content
![[WSO2Con EU 2017] WSO2 Unleashed: Full Stack Automation, Pitfalls and Solutions](https://cdn.slidesharecdn.com/ss_thumbnails/fiot-final-171107115910-thumbnail.jpg?width=560&fit=bounds)
Similar to Cisco Standard Network Platform (SNP) - Catholic Relief Services Case Study (20)
Cisco Standard Network Platform (SNP) - Catholic Relief Services Case Study
- 1. CRS STANDARD NETWORK PLATFORM July 6th, 2017 Presented by: Victor Konana
- 2. Standard Network Platform overview 2 • Part of System Management Program – Standard Network Platform – End User Computing – Database Migration to Commercial Hosting • Aimed toward decrease of ICT footprint in CPs – Technology change – Services becoming more important than servers – CP realizes IT infrastructure cost saving over time – Lower cost of maintenance of equipment • Standardization of ICT systems Agency-wide – Technology standardization – Configuration standardization
- 4. 4
- 6. Physical equipment • Enterprise level of networking equipment based on Cisco brand – Router • Integrated Services Router - 2921/2951 • Multiple services/technologies implemented within – http://www.cisco.com/c/en/us/products/routers/2951-integrated-services-router- isr/index.html – http://www.cisco.com/c/en/us/products/routers/2921-integrated-services-router- isr/index.html – Switches • Cisco Catalyst 2960-24LC-S – PoE enabled/24 ports – Wireless access points • Cisco Aironet AIR-CAP2702E-x-K9 – Dual band controller based 802.11 a/g/n/ac with external antennas 6
- 7. 7
- 8. Services • Content filtering, malware scanning, intrusion prevention • Hypervisor virtualization platform containing MS Windows Server • Optimization & acceleration of CRS Global internet traffic • Central management and monitoring system • Network services – Firewall – DHCP/DNS – Virtual Private Network/VPN – for SNP devices management • Network segmentation – Multiple networks within CP – Guest wireless (isolated from internal network) 8
- 9. Content filtering & malware scanning • Based on Cisco Cloud Web Security (CWS) aka Scansafe • Cloud based system • Traffic is proxied through Cisco CWS cloud • Inspects all traffic and blocks unwanted content/sites • Same, standard blocking set for the entire Agency • Prevents malware and viruses infecting CRS computers • Provides zero-day threat protection as well (in real time) • Strong reporting capability on utilization of internet traffic within CP • Failover capability enabled • Enables identification of rogue (bandwidth consuming) devices 9
- 10. Hypervisor virtualization platform with Windows Server 2012 • Windows 2012 R2 Standard Operating System • Runs as Virtual Machine on VMWare environment hosted on UCSE module integrated within router • 1 TB of HDD space (fault tolerant), 16 GB of RAM, Intel Xeon E3 CPU • Managed by CP IT staff - full management rights • Replaces existing legacy server(s) – Additional backup domain controller will be shipped by end of May for increased fault tolerance • Designed for – AD/DC/DNS – File services – CP applications (transfer in accordance with Change Control Board processes) 10
- 11. Global management and monitoring systems • Cisco Prime (Collocated at Rackspace) – Central management system for routers and switches – Management and monitoring of Cisco devices – Also used as backup system for configuration of Cisco devices • Cisco Wireless Controller (Collocated at Rackspace) – Central management system for wireless devices – Provisioning, management and monitoring of wireless devices • PRTG (Collocated at Rackspace) – Real-time monitoring tool for availability of network devices – Also used as troubleshooting system for internet connectivity issues in CPs – To be utilized as alerting system for connectivity issues • CWS aka Scansafe (Cisco Cloud) – Web security setup, application traffic control, management and reporting 11
- 12. Optimization of CRS Global internet traffic • Based on Cisco WAAS (Wide Area Application Service) technology • Improves bandwidth utilization between CP and CRS Global systems (SharePoint and accompanying services) • Technology integrated into each router • Centrally managed • http://www.cisco.com/c/en/us/products/routers/wide-area-application-services- waas-software/index.html 12
- 13. Network services • Firewall – Zone based firewall – Integrated in router configuration – Granular firewall rules allow network segmentation (and guest wireless network) – http://www.cisco.com/c/en/us/products/security/ios-firewall/index.html • DHCP/DNS – Router IOS base services – Replaces MS Windows DHCP systems – Internal AD DNS namespace is forwarded to internal Windows AD DNS server(s) • Virtual Private Network/VPN – Connects SNP setup in CP office with central management systems in Rackspace – Used for managing SNP devices only. SNP setup fully functional if VPN is down – Uses site-to-site IPSec VPN 13
- 14. Where are we now? • Standard Network Platform operational on 88 locations (Min 15 Users) • Content filtering/malware scanning system is operational (450k malware filtered weekly) • Fully on Microsoft hosted Email Office 365 and Onedrive • Microsoft SharePoint • Microsoft intune Desktop and Mobile device Management • Global ERP Solution • Testing of Cisco Web Security Client for End Users • Pre-positioning of equipment for New Offices, Emergencies and Support 14
- 15. • ICT4D is gaining momentum in the Agency • Decrease of infrastructure cost and maintenance – increased resources availability for ICT4D • Sharing of information and practices, using common configuration approach • Central monitoring tools and reporting systems • Improved Documentation 15
- 16. Challenges • Logistics • Connectivity – ISP/VSAT related issues – Bandwidth consumption – Optimization of internet routes for Cisco Web Security • Communication – Identification of issue – Improve our troubleshooting techniques in order to identify the core cause of the problems and properly escalate • Hardware equipment failure 16
- 17. Standard Network Platform support • Integrated support approach (coordination between GKIM, RISA and CP IT Managers) • Round the clock support provided (support provided in 22 time zones on 3 languages) • Due to standardization of Standard Network Platform, network layer is maintained by GKIM • Windows Server virtual machine is managed by CP IT Managers • Vendor support – CISCO TAC 17
- 18. 18
- 20. What is CWS? 20
- 22. Features 22 • Web filtering • Malware scanning • Web reputation • Application visibility and control • Centralized management and reporting
- 23. Why ScanSafe? • Talos Security and Research Group: analyzes anomalies, uncovers new threats, and monitors traffic trends. Talos generates new rules and updates every 3 to 5 minutes. • World-class support – Software updates and major upgrades to keep applications performing optimally with the most current feature set – Access to Cisco Technical Assistance Center (TAC) for fast, specialized support – Online tools that build and expand in-house expertise and boost business agility • Industry-leading uptime – Delivers an SLA of 99.999 percent uptime. – Cloud Web Security stays current with the latest threat information. – Security is always on and available, freeing your staff to focus on other priorities 23
- 27. Scan Center Web Filtering Reporting Output 27
- 28. Application and Composite Reporting 28
- 30. Overview 30
- 31. Objectives • Proactive performance monitoring for all Internet links • Monitor Availability of Network Active Equipment • Network Traffic Protocol Analysis 31
- 33. Device Groups and Sensors 33
- 34. Sensor States Sensor COLOR STATUS NAME Red Down Bright-Red Down (Acknowledged) Yellow Warning Orange Unusual Green Up Blue Paused 34
- 35. 35 DashBoard
- 36. 36 Live Data 36
- 38. 38 EmailAlerts