You are on page 1of 98

PRODUCTS AND SOLUTIONS 2010

Terence Teo SE

Agenda
Company Profile

Brocade DataCenter Product Portfolio

Brocade Application Switch

Brocade Wireless Solution Brocade NMS IronView

Next Generation Technology

FOR INTERNAL USE ONLY 2009 Brocade Communications Systems, Inc. All Rights Reserved.

BROCADE PRODUCT PORTFOLIO


DATA CENTER

2009 Brocade Communications Systems, Inc. Company Proprietary Information

FastIron 10/100 Ethernet Ports Edge Switch


Basic Package: 16,000 MAC Addresses 4096 VLANs External Redundant Power Supply Protected Link Groups Port-based Access Control Lists Dynamic Voice VLAN Assignment Private VLANs and uplink-switch Port Loop Detection IP Source Guard BPDU Guard and Root Guard STP, RSTP, MST, PVST/PVST+ 802.1x and Port Security Metro Ring Protocol (MRP 1) ACL and Rate-limit Quality of Service (QoS) DHCP Relay ECMP PIM Snooping RIP v1/v2 announce VRRP, VSRP and VSRP Aware IPv4 Static Routes Hardware sFlow Network Prober DHCP Snooping Dynamic ARP Inspection Denial of Service (DoS) protection IPv6 Ready

FastIron FWS624 -EPREM


2010/100 Mbps ports plus four RJ45/SFP (1-GE) combo ports

FastIron FWS624-POE -EPREM


2010/100 Mbps PoE ports plus four RJ45/SFP (1-GE) combo ports

FastIron FWS648 -EPREM


4410/100 Mbps ports plus four RJ45/SFP (1-GE) combo ports

FastIron FWS648-POE -EPREM


4410/100 Mbps PoE ports plus four RJ45/SFP (1-GE) combo ports

Edge Premium Package IGMP V1, V2, and V3 OSPFv1,v2 RIP v1,v2 Route-only support Routes in hardware maximum: 1000 VRRP

2009 Brocade Communications Systems, Inc. All Rights Reserved.

FastIron 10/100/1000 Ethernet Edge Switch


Basic Package: 16,000 MAC Addresses 4096 VLANs External Redundant Power Supply Protected Link Groups Port-based Access Control Lists Dynamic Voice VLAN Assignment Private VLANs and uplink-switch Port Loop Detection IP Source Guard BPDU Guard and Root Guard STP, RSTP, MST, PVST/PVST+ 802.1x and Port Security Metro Ring Protocol (MRP 1) ACL and Rate-limit Quality of Service (QoS) DHCP Relay ECMP PIM Snooping RIP v1/v2 announce VRRP, VSRP and VSRP Aware IPv4 Static Routes Hardware sFlow Network Prober DHCP Snooping Dynamic ARP Inspection Denial of Service (DoS) protection IPv6 Ready

FastIron FWSG624 -EPREM


2010/100/1000 Mbps ports plus four RJ45/SFP (1-GE) combo ports

FastIron FWSG624-POE -EPREM


2010/100/1000 Mbps PoE ports plus four RJ45/SFP (1-GE) combo ports

FastIron FWSG648 -EPREM


4410/100/1000 Mbps ports plus four RJ45/SFP (1-GE) combo ports

FastIron FWSG648-POE -EPREM


4410/100/1000 Mbps PoE ports plus four RJ45/SFP (1-GE) combo ports

Edge Premium Package IGMP V1, V2, and V3 OSPFv1,v2 RIP v1,v2 Route-only support Routes in hardware maximum: 1000 VRRP

2009 Brocade Communications Systems, Inc. All Rights Reserved.

FastIron 10/100/1000 Stackable Edge Switch


FastIron LS 624 -EPREM
20 x 10/100/1000 Mbps ports plus 4 combination RJ45/SFP Gigabit Ethernet (copper or fiber) ports. The switch includes 3 slots for optional 1 port 10GbE modules
Basic Package: Same as FWS Series 10GbE Optional Stacking capable up to 8 units per stack 40 Gbps Stacking throughput

FastIron LS 624-STK
20 x 10/100/1000 Mbps ports plus 4 combination RJ45/SFP Gigabit Ethernet (copper or fiber) ports plus 2 x 10GbE CX4 stacking ports and one open slot for an optional 1 port 10GbE module
Edge Premium Package IGMP V1, V2, and V3 OSPFv1,v2 RIP v1,v2 Route-only support Routes in hardware maximum: 1000 VRRP

FastIron LS 648 -EPREM


44 x 10/100/1000 Mbps ports plus 4 combination RJ45/SFP Gigabit Ethernet (copper of fiber) ports. The switch includes 2 slots for optional 1 port 10GbE modules

FastIron LS 648-STK
44 x 10/100/1000 Mbps ports plus 4 combination RJ45/SFP Gigabit Ethernet (copper or fiber) ports plus 2 x 10GbE CX4 stacking ports

2009 Brocade Communications Systems, Inc. All Rights Reserved.

FastIron 10/100/1000 Stackable Edge Switch


FastIron GS 624P-EPREM
20 x 10/100/1000 Mbps ports plus four combo ports supporting 10/100/1000 Mbps RJ45 or 100/1000 Mbps SFP connectivity
Basic Package: Same as FWS Series 10GbE Optional Stacking capable up to 8 units per stack 40 Gbps Stacking throughput Field Upgradable PoE Built-in Redundant Power Supply 1.5 RU

FastIron GS 624-STK
20 x 10/100/1000 Mbps ports plus four combo ports supporting 10/100/1000 Mbps RJ45 or 100/1000 Mbps SFP connectivity, 2 x 10GbE CX4 stacking ports
Edge Premium Package IGMP V1, V2, and V3 OSPFv1,v2 RIP v1,v2 Route-only support Routes in hardware maximum: 1000 VRRP

FastIron GS 624P-POE-EPREM
20 x 10/100/1000 Mbps PoE ports plus four combo ports supporting 10/100/1000 Mbps RJ45 with PoE or 100/1000 Mbps SFP connectivity

FastIron GS 624-POE-STK
20 x 10/100/1000 Mbps PoE ports plus four combo ports supporting 10/100/1000 Mbps RJ45 with PoE or 100/1000 Mbps SFP connectivity, 2 x 10GbE CX4 stacking ports

2009 Brocade Communications Systems, Inc. All Rights Reserved.

FastIron 10/100/1000 Stackable Edge Switch


FastIron GS 648P-EPREM
44 x 10/100/1000 Mbps ports plus four combo ports supporting 10/100/1000 Mbps RJ45 or 100/1000 Mbps SFP connectivity
Basic Package: Same as FWS Series 10GbE Optional Stacking capable up to 8 units per stack 40 Gbps Stacking throughput Field Upgradable PoE Built-in Redundant Power Supply 1.5RU

FastIron GS 648-STK
44 x 10/100/1000 Mbps ports plus four combo ports supporting 10/100/1000 Mbps RJ45 or 100/1000 Mbps SFP connectivity, 2 x 10GbE CX4 stacking ports
Edge Premium Package IGMP V1, V2, and V3 OSPFv1,v2 RIP v1,v2 Route-only support Routes in hardware maximum: 1000 VRRP

FastIron GS 648P-POE-EPREM
44 x 10/100/1000 Mbps PoE ports plus four combo ports supporting 10/100/1000 Mbps RJ45 with PoE or 100/1000 Mbps SFP connectivity

FastIron GS 648-POE-STK
44 x 10/100/1000 Mbps PoE ports plus four combo ports supporting 10/100/1000 Mbps RJ45 with PoE or 100/1000 Mbps SFP connectivity, 2 x 10GbE CX4 stacking ports

2009 Brocade Communications Systems, Inc. All Rights Reserved.

FastIron 10/100/1000 Stackable Edge Switch


FastIron CX 624S -ADV
2010/100/1000 Mbps ports plus four RJ45/SFP (1-GE) combo ports plus 2 x 16GbE dedicated stacking ports, plus 1 x RPS13 power supply
Base Models: Same as FWS Series Up to 2 10GbE ports Stacking capable up to 8 units per stack 64 Gbps Stacking throughput Built-in Redundant Power Supply 1RU IGMP V1, V2, and V3 OSPFv1,v2 RIP v1,v2 Route-only support Routes in hardware maximum: 16,000 32,000 MAC Addresses

FastIron CX 624S-HPOE-ADV
2010/100/1000 Mbps PoE+ ports plus four RJ45/SFP (1-GE) combo ports plus 2 x 16GbE dedicated stacking ports, plus 1 x RPS14 power supply

Advance Models BGP

FastIron CX 648S -ADV


4410/100/1000 Mbps ports plus four RJ45/SFP (1-GE) combo ports plus 2 x 16GbE dedicated stacking ports, plus 1 x RPS13 power supply

FCX624S-F
24 x 100/1000 Mbps SFP ports plus 2 x 16GbE dedicated stacking ports

FastIron CX 648S-HPOE-ADV
4410/100/1000 Mbps PoE+ ports plus four RJ45/SFP (1-GE) combo ports plus 2 x 16GbE dedicated stacking ports, plus 1 x RPS14 power supply

FCX624S-F-ADV
24 x 100/1000 Mbps SFP ports plus 2 x 16GbE dedicated stacking ports. Ships with advance Layer 3 license.

2009 Brocade Communications Systems, Inc. All Rights Reserved.

Scaling the Intelligent Edge


Stacking Capable FastIron GS/LS/CX Models

Up to 8 Units

Up to 8 Units

FastIron GS/LS PoE or non-PoE Models

FastIron CX HPoE or non-HPoE Models

IronStack -Up to 40Gbps Backpane -Up to 384 10/100/1000 PoE or non-PoE ports

IronStack -Up to 64Gbps Backpane -Up to 384 10/100/1000 PoE+ or non-PoE+ ports -Up to 16 10GbE ports

2009 Brocade Communications Systems, Inc. All Rights Reserved.

10

FastIron 10/100/1000 Performance Edge Switch

FastIron FESX624 -PREM 24 ports 10/100/1000 Mbps Ethernet with 4 combination RJ45/SFP Gigabit Ethernet for copper or fiber uplink connectivity plus 2 ports of 10GbE uplinks

FastIron FESX648 -PREM 48 ports 10/100/1000 Mbps Ethernet with 4 combination RJ45/SFP Gigabit Ethernet for copper or fiber uplink connectivity plus 2 ports of 10GbE uplinks
PREMIUM Upgrade: RIP v1, v2 OSPF v1, v2 BGP4 IGMP, PIM, etc.

FastIron FESX624HF-PREM 24 ports 100/1000 Mbps SFP with 4 combination RJ45/SFP Gigabit Ethernet for copper or fiber uplink connectivity plus 2 ports of 10GbE uplinks

Base Models: Built-in Redundant Power Supply 1.5 RU 256,000 IPv4 Route Entries 32,000 IPv6 Route Entries 16,000 MAC Addresses Static Route

2009 Brocade Communications Systems, Inc. All Rights Reserved.

11

TurboIron 24X
24-port 10 GbE/1 GbE SFP+/SFP with 4-port 10/100/1000 RJ45
Modular Power Internal AC power supplies Auto-sensing 110V/220V AC Redundant, load sharing Hot-swappable Airflow Front-to-back airflow Variable-speed fan Hot-swappable fan assembly

Performance 488 Gbps forwarding throughput 1.5 usec cut-through latency 2 MB buffer for transient congestion protection

Flexibility and Green Design Low-power SFP+ ports Only 7.3W per port Cu-SFP+ (Twinax) option 1 GbE SFP support

2009 Brocade Communications Systems, Inc. All Rights Reserved.

12

TurboIron 1G/10G Top-of-Rack Switch


POWER: Load sharing, Hot-swappable 176 W power consumption 600 BTU/hr dissipation FEATURES: STP, RSTP, MSTP, PVST/PVST+, PVRST+ Link aggregation 802.3X Pause Frame QoS, Jumbo, Rate limiting, Rate Shaping L2 Multicast Port Mirroring ACLs sFlow PERFORMANCE: 488 Gbps throughput 363 Mpps forwarding capacity 1.5 uSec latency 512 M Memory 32 M Flash 2000 Rate Limiters 512 STP groups 32,000 MAC forwarding 4000 VLAN 9000 Jumbo Frame 128 Trunk Groups/8 Links

TurboIron TI-24X-AC
TurboIron 24-port 10GbE/1GbE SFP+ with 1 AC power supply (RPS11) and Fan

10Gbps Optics: 10G-SFPP-SR


10GBASE-SR, SFP+ optic (LC), target range 300m over MMF

10G-SFPP-LR
10GBASE-LR, SFP+ optic (LC), for up to 10km over SMF

2009 Brocade Communications Systems, Inc. All Rights Reserved.

13

Brocade FastIron SX800/SX1600


Advanced L2/L3 switching with scalable POE, wire-speed 10/100/1000 Mbps, 100/1000 Mbps Fiber, and 10-Gigabit Ethernet Modular, High-Availability Enterprise Convergence Switches Redundant System + POE Power, Management and Switch

FastIron SX 800

FastIron SX 1600

PREMIUM
Full Layer 3 IPv4 Upgrade 256,000 Routes FIB 1 Million BGP Routes in RIB

PREMIUM6
Full Layer 3 IPv6 Upgrade 64,000 Active Routes RIPng, OSPFv3, BGP4+

Common OS, Line Modules, Power Supplies with SuperX

2009 Brocade Communications Systems, Inc. All Rights Reserved.

14

Brocade FastIron SX Series Switches


Product Highlights
Industrys highest PoE density in a chassis: Ideal for aggregation and high-density wiring closet Up to 384 10/100/1000 Class 3 PoE ports with redundant PoE power supply High-performance enterprise solution: Features a 2-port 10 GbE management module Up to 36 10 GbE ports 24-port copper modules are PoE-upgradable 10 GbE module supports LAN and WAN PHY Complete VoIP software features: Power management, including power priority Dynamic Voice VLAN configuration sFlow for detailed network traffic accounting Support for 802.3af devices, including IP phones, access points, and security cameras

2009 Brocade Communications Systems, Inc. All Rights Reserved.

15

Brocade BigIron RX Series Switches


Advanced Gigabit and 10-Gigabit Ethernet Densities
Up to 1,536 Gigabit or 512 10-Gigabit ports in a single chassis

High availability Hardware and Software architecture for core resiliency Advanced Layer 2/3 feature set for the High Performance Core Purpose-built for increasing efficiency
Best in class power efficiency lowers Watts/Gbps Consolidate network into fewer devices
2009 Brocade Communications Systems, Inc. Company Proprietary Information

16

Brocade BigIron RX Series Core Switch

RX-4
-16 10GbE Line-rate -192 1GbE Line-rate -400Gbps Data Switching Capacity -285Mpps L2/L3 Throughput

RX-16
-64 10GbE Line-rate -768 1GbE Line-rate -1.6Tbps Data Switching Capacity -1.14Bpps L2/L3 Throughput

RX-8
-32 10GbE Line-rate -384 1GbE Line-rate -800Gbps Data Switching Capacity -570Mpps L2/L3 Throughput

RX-32
-128 10GbE Line-rate -1536 1GbE Line-rate -3.2Tbps Data Switching Capacity -2.3Bpps L2/L3 Throughput

2009 Brocade Communications Systems, Inc. All Rights Reserved.

17

BigIron RX-32 Highlights


Interface Module
32 Half slot I/O Module Slots Same 16x10GE, 4x10GE, 24x1GE and 48x1GE as entire BigIron RX Series

Integrated Cable Management


Top, Bottom and Side

Switch Fabric
Eight 3-Stage Clos Switch Fabric Modules

Modular Cooling System


Front to Back Airflow

Management Modules
512 MB SDRAM Base Upgradeable to 2 GB SDRAM PowerPC processor 1:1 redundancy Same System Software for Entire BigIron RX Series

M + N Power Supply Redundancy

2009 Brocade Communications Systems, Inc. Company Proprietary Information

18

Brocade BigIron RX Series Core Switch


Modular, scalable, resilient system architecture Complete hardware redundancy Hitless Layer 2 and Layer 3 failover Hitless Software upgrade

Enables high availability network architectures for VoIP, video conferencing, and mission critical Data
Sub-second L-2 convergence: MRP, VSRP, RSTP Fast Re-route for SONET-like 50ms resiliency Powerful security with line rate traffic monitoring and filtering High performance L2/L3/L4 Inbound ACL support Line rate sFlow monitoring with port mirroring for optimal security

Meeting tomorrows needs today


Over 2 Billion Packets per Second for room to grow 40/100 GE ready design compatible with todays hardware

2009 Brocade Communications Systems, Inc. Company Proprietary Information

19

RX System Architecture
bE bE bE bE 0G 10G 10G 10G 1 x x 1x 1 1x 1 Interface Module 10 /1 /1 00 00 0

GIG

Tower1

Tower2

CPU
512MB DRAM

1 Gig

Controller

System Controller

CPU

Management Module

12Gig Multiplexed to the SFM

A Tower = 1 PP + 1 TM Each Tower has a 12Gig link multiplexed to the SFM

CLOS SWITCH FABRIC

20

2009 Brocade Communications Systems, Inc. Company Proprietary Information

20

BigIron RX-series - The Specs

RX-series Model
Data switching capacity Packet forwarding capacity

BigIron RX-4
400 Gbps 285 Mpps

BigIron RX-8
800 Gbps 570 Mpps

BigIron RX-16
1.6 Tbps 1.14 Bpps

BigIron RX-32
3.2 Tbps 2.3 Bpps

I/O Modules
Height Max Power Draw Software RIB Route Capacity HW FIB Route Capacity per interface module IPv6 Management and Protocols

Common Line Modules : 16x10GbE (up to 10Km SFP+); 4x10GbE (up to 80Km XFP); 48x1GE (mini-RJ21); 24x1GE (up to 150km SFP) and 24x1GE Copper
Chassis (4 RU high) 1217W Chassis (7 RU high) 2417W Chassis (14 RU high) 4905W Up to 1M Routes Up to 4M Routes (with MR2) Up to 512K Routes YES; RIP NG, OSPFv3, ISIS, BGPv6 Chassis (33 RU high) 11,353W

2009 Brocade Communications Systems, Inc. Company Proprietary Information

21

BROCADE CARRIER ETHERNET


SERVICE PROVIDER

2009 Brocade Communications Systems, Inc. Company Proprietary Information

22

Brocade NetIron MLX Series Core Routers

MLX-4
-16 10GbE Line-rate -80 1GbE Line-rate -960Gbps Fabric Switching Capacity -400Gbps Data Switching Capacity -240Mpps L2/L3 Throughput

MLX-16
-64 10GbE Line-rate -320 1GbE Line-rate -3.84Tbps Fabric Switching Capacity -1.6Tbps Data Switching Capacity -960Mpps L2/L3 Throughput

MLX-8
-32 10GbE Line-rate -160 1GbE Line-rate -1.92Tbps Fabric Switching Capacity -800Gbps Data Switching Capacity -480Mpps L2/L3 Throughput

MLX-32
-128 10GbE Line-rate -640 1GbE Line-rate -7.68Tbps Fabric Switching Capacity -3.2Tbps Data Switching Capacity -1.92Bpps L2/L3 Throughput

2009 Brocade Communications Systems, Inc. Company Proprietary Information

23

Brocade NetIron MLX Series Core Routers


Sneak Preview

MLX-4
-32 10GbE Line-rate -192 1GbE Line-rate -400Gbps Data Switching Capacity

MLX-16
-128 10GbE Line-rate -768 1GbE Line-rate -3.2Tbps Data Switching Capacity

MLX-8
-64 10GbE Line-rate -384 1GbE Line-rate -1.6Tbps Data Switching Capacity

MLX-32
-256 10GbE Line-rate -1536 1GbE Line-rate -6.4Tbps Data Switching Capacity

Double Capacity in 2010


-High Capacity Switch Fabric Modules -48-port 1G RJ-21 Line Modules -8-port 10G Line Modules -2-port 100G Full-Slot Line Modules

2009 Brocade Communications Systems, Inc. Company Proprietary Information

24

NetIron MLX Series Highlights


Scalable, high-capacity core routers: 3.2 Tbps capacity in a single chassis Redundant hardware and non-stop software design Power-efficient design Collapse multiple network layers Advanced services: Multi-services (IPv4, IPv6 and MPLS) Advanced Virtualization with Multi-VRF Cost-effective and Industrys Highest port density per rack: 128 x 10 GbE ports, 64 x 1 GbE ports 40/100 GbE ready

2009 Brocade Communications Systems, Inc. Company Proprietary Information

25

Brocade NetIron MLX Series Core Router

1:1 Redundant Management Modules

Half-slot Modules for Graceful Growth & Lower Sparing Cost

N+1 Switch Fabric Element Redundancy

Modular Cooling System

N+1 / N+N Power Supply Redundancy (AC & DC)

2009 Brocade Communications Systems, Inc. Company Proprietary Information

26

NetIron MLX Series Highlights


Rich mix of broadband services
IPv4 Routing: IPv4, IP over MPLS Full IPv6 routing for unicast & multicast today MPLS-TE MPLS L2 VPNs: VLL, VPLS MPLS L3 VPNs: BGP/MPLS (RFC 2547bis)

State-of-the-art CLOS fabric design Hardware-based forwarding for all services Multiple concurrent services over the same interfaces High-availability design for non-stop operation
Hardware redundancy: 1:1 management, N+1 fabric, N+1 power, N+1 fans Hitless management failover with protocol graceful restart Hitless software upgrades

2009 Brocade Communications Systems, Inc. Company Proprietary Information

27

NetIron MLX Series Highlights


Advanced Metro Ethernet switching
802.1Q, Q-in-Q, RSTP, 802.1s, PVST, VSRP, MRP

Full IPv4 and IPv6 unicast/multicast routing protocol support

Designed for NEBS Level 3 compliance


Extensive OAM capabilities incl. MAC ping, traceroute Enables high availability services
Sub-second L-2 convergence: MRP, VSRP, RSTP Fast Re-route for SONET-like 50ms resiliency

2009 Brocade Communications Systems, Inc. Company Proprietary Information

28

NetIron MLX Series Power of Performance


512K IPv4 routes or 120k IPv6 routes in hardware FIB (Line Modules) 2M IPv4 BGP routes in RIB (Manangement Modules) 256 BGP peers 4,000 VLL & VPLS instances; 256K VPLS MACs 1M MAC addresses

2009 Brocade Communications Systems, Inc. Company Proprietary Information

29

Brocade NetIron CER Series Routers


Product highlights
Leading high-capacity routers
Scalable routing in compact form factor Scalable to full Internet routing table: 512K routes Dense BGP applications: 128 peers Wire-speed performance: 88 to 136 Gbps Deep packet buffers MEF 9, 14, 21 certification Virtualization through multi-VRF and MPLS Full IPv4 unicast and multicast capabilities Advanced QoS capabilities Ingress and egress ACL

Advanced functionality

Optimum flexibility
24- and 48-port copper and fiber models All models are field-upgradable to 2-port 10 GbE

High availability

SP/DC/Campus Edge

NEBS level 3 certification Hot-swappable, redundant, load-sharing AC/DC power supplies N+1 redundant, replaceable cooling system
2009 Brocade Communications Systems, Inc. Company Proprietary Information

30

Brocade NetIron CER


Feature NetIron CES NetIron CER NetIron MLX NetIron XMR

IPv4 FIB IPv4 RIB


IPv6 FIB BGP peers Multicast cache ACL Ingress ACL Egress VRF LSP (I+E) LSP (LSR) VLL VPLS

32K 256K
8K 64 2500 8K 4K 16 128 1K 512 128

512K 4M+
128K 128 4K 16K * 8K * 128 1K 4K 1536 1K

512K 2M
112K 512 16K 64K 12K 256 5K 10K 8K 4K

1M 10M
240K 2000 16K 64K 12K 2K 10K 20K 48K 16K

* Not tested and subjected to change


2009 Brocade Communications Systems, Inc. Company Proprietary Information

31

BROCADE APPLICATION SWITCH - SERVERIRON


DATA CENTER

2009 Brocade Communications Systems, Inc. Company Proprietary Information

32

Basic Deployment Scenario


Application Delivery Infrastructure
Web Apps Email Business Applications

ServerIron ADC

BigIron RX

ADCs enable virtual server farms


OnDemand server farm and application scalability High Availability applications with failure detection and automatic failover Load balancing for best service response time and application performance Robust server farm and application security from most attacks Server resource conservation by offloading connection management, SSL handshake Maximized server utilization and better return on investment (ROI)
COMPANY CONFIDENTIAL 2009 Brocade Communications Systems, Inc. All Rights Reserved.

33

DoS and SYN Attack Mitigation


Partnering with McAfee Firewall Enterprise
Firewall Operational Issues
Scaling firewall bandwidth without replacing existing firewalls Firewalls can be melted down by L2-3 Denial-of-Service attacks Firewall service needs to be 24x7 to insure communications

ServerIron FWLB Solution


ServerIron FWLB transparently supports firewall clusters Provides high-speed DoS protection to prevent firewall meltdown Can offload NAT processing from firewalls Ensures that firewalls can be scaled inexpensively, securely, with maximum performance Supports McAfee, CheckPoint, Cisco, Juniper, and other firewall clustering systems
COMPANY CONFIDENTIAL 2009 Brocade Communications Systems, Inc. All Rights Reserved.

34

Web Application Firewall


Partnering with Imperva SecureSphere
Automated Operations
Dynamic Profiling models user interactions with applications and adapts as applications change over time, eliminating manual tuning Security events are correlated across security layers (Dynamic Profile, IPS, and so on) and over time to identify attacks without false positives ServerIron uses load balancing, SSL offloading and HTTP multiplexing to accelerate end users and Web traffic. Transparent inspection technology from Imperva delivers gigabit throughput and submillisecond latency Hierarchical management enables large enterprises and ASPs to efficiently manage hundreds of applications and many thousands of users Imperva user tracking technology ensures an audit trail that links security violations to specific Web application user names without making any changes to protected applications

Accuracy

Acceleration and Performance

Scalability

User Awareness

COMPANY CONFIDENTIAL 2009 Brocade Communications Systems, Inc. All Rights Reserved.

35

Transparent Cache Switching (TCS)


Partnering with Blue Coat ProxySG
Load Balancing Cache Servers
Cache Servers use a different paradigm than regular servers Client requests must be diverted from real servers to cache servers In case all cache servers are down, client requests must go to real servers Scaling to multiple cache servers is not transparent to clients

ServerIron TCS with ProxySG


ServerIron ports can be configured as TCS ports Client requests are diverted to cache servers for content Client requests are load balanced among cache servers TCS supports HTTP, FTP, and other protocols Client requests go directly to real servers if cache servers are all down
COMPANY CONFIDENTIAL 2009 Brocade Communications Systems, Inc. All Rights Reserved.

36

SYN-Guard
Industrys Most Comprehensive High-Speed DoS Protection
Most scalable high speed DoS protection at up to 120M Syn/Second TCP syn packet seen by SI, which sends TCP SYN ACK back to client (with special sequence number) If no corresponding client ack seen, SI simply drops the original connection request If client ack seen for original connection request, connection is then made to appropriate server Hardware based implementation in SI guarantees high-speed with no CPU overhead Prevents Server Session Table meltdown when under attack Must be used in non-DSR mode
COMPANY CONFIDENTIAL 2009 Brocade Communications Systems, Inc. All Rights Reserved.

37

SYN-Defense
The ONLY DoS Solution for Direct Server Return (DSR) Config
Many customers use DSR mode so that return traffic from Server does not go back through ADC SYN-Guard security feature only available if ADC sees return traffic Using Syn-Defense, ServerIron can provide DoS attack security, even in DSR mode ServerIron sees original TCP syn from hacker and forwards to appropriate server TCP SYN ACK sent by server back to client (not seen by SI) SI waits to see client return the ACK to server. If not seen in specified interval, SI resets the TCP connection on Server (freeing Server session state table space and overhead)
COMPANY CONFIDENTIAL 2009 Brocade Communications Systems, Inc. All Rights Reserved.

38

Advanced SSL Acceleration and Offload


ServerIron supports two optional SSL acceleration capabilities
Integrated SSL on WSM Separate SSL module

SSL is terminated on the ServerIron, and client traffic is delivered to server via a single TCP connection
Server no longer must process SSL and TCP connection management is reduced

Multiple SSL modules supported for added scalability & performance


Up to 34,000 SSL transactions/sec Up to 2Gig Bulk SSL throughput

SSL Proxy mode allows ServerIron to re-establish SSL connection to server for added security Support for multiple ciphers allows added flexibility
COMPANY CONFIDENTIAL 2009 Brocade Communications Systems, Inc. All Rights Reserved.

39

Web Application Firewall Enhanced Security


Advanced, high-speed Web Application Firewall available at no charge in ServerIron Allow /Deny/Log incoming HTTP requests based on configurable security policies Hides back-end application specific error information that could be used to launch additional attacks Prevents a range of web application attacks, including:
Cookie and Parameter Tampering Cross-Site Scripting Buffer Overflows Internal web page access

Allows cloaking to be used to replace 4xx/5xx error responses with configured responses
COMPANY CONFIDENTIAL 2009 Brocade Communications Systems, Inc. All Rights Reserved.

40

Securing Enterprise Applications


Delivering Performance and Scalability
Application Deployment Problems Scaling Application Performance Securing Applications from DoS and other attacks Delivering Application & Infrastructure High Availability Offloading Server SSL and HTTP processing ServerIron Solution Increased Application Performance for multiple servers Industrys highest speed DoS Defense at over 7Mpps Active-Active & Hot Standby HA Integrated & Upgradeable SSL & HTTP offload solutions Application Health Checks Chassis & Stackable solutions with redundant power

ServerIron ADX 8000

Layer 2-3 I N F R A S T R U C T U R E

Internet

ServerIron ADX 4000 HA Pair

Intranet

ServerIron 350 HA Pair + SSL

COMPANY CONFIDENTIAL 2009 Brocade Communications Systems, Inc. All Rights Reserved.

41

Using Global Sever Load Balancing


Multi-Site Redundancy and Enhanced Performance
Datacenter

Global DC Deployment Issues


ServerIron Datacenter DNS

Handling site failures transparently Providing best site selection per user Leveraging both DNS and non-DNS solutions for multisite redundancy

Datacenter

Providing disaster recovery and non-stop operation

ServerIron GSLB Solution GSLB controller works with local ServerIron to load balance global datacenter traffic Incorporates site health, load, user proximity, and service response for user site selection Provides transparent site failover in case of disaster or service outage Supports route health injection using OSPF/BGP when DNS cannot easily be employed

COMPANY CONFIDENTIAL 2009 Brocade Communications Systems, Inc. All Rights Reserved.

42

Unified Communications (UC)


Ensuring High Availability, Security, and Responsiveness
Active Directory SQL Server Backend

Focus IM Conf Server Web Conf Server Telephony Conf Server A/V Conf Server

Unified Communications Issues End User Response times need to be predictably low High Availability is required for these business critical services Communications must be secured Investment protection & flexibility is important to address future growth

ServerIron HA Pair

IIS Server

UC Users

ServerIron UC Solutions Industrys most scalable, high speed L4-7 switching ensures users with rapid response times ServerIron HA configuration prevents any loss of communication service Denial-of-Service at wire-speed fully secures UC services Brocade and Microsoft have certified ServerIron with MS Unified Communications Services
COMPANY CONFIDENTIAL 2009 Brocade Communications Systems, Inc. All Rights Reserved.

43

Intrusion Detection System (IDS) Solutions


Highly Scalable Traffic Classification
Network Traffic

Issues with Scaling IDS

Trunk Mirrored Traffic Generic IDS

For high bandwidth environments IDS systems are extremely expensive Even the highest performing IDS systems cannot effectively handle all of the traffic IDS systems typically focus on specific types of application traffic Some mechanism must be provided to categorize & segment the traffic

Web IDS

email IDS

ServerIron IDS Load Balancing Solution


ServerIron can support multiple Gig and 10 Gig mirrored trunks from network devices Traffic is then categorized and segmented by application type in real-time Segmented traffic is then load balanced across multiple IDS systems that handle only that application type Ideal for legal intercept and high bandwidth SP and Enterprise environments
COMPANY CONFIDENTIAL 2009 Brocade Communications Systems, Inc. All Rights Reserved.

44

Message Reputation and Email Servers


Providing SPAM Mitigation and Load Balancing Services
Effective SPAM Mitigation
Email Servers

Message Reputation Service is costly and difficult to scale

Multiple servers are often needed to deal with the high volume of email and SPAM
ServerIron

Some mechanism to quickly discard known SPAM from even getting to complex reputation servers should be provide

ServerIron IP Black List Support


IP Black List

ServerIron can import IP Black Lists from a number of trusted sites ServerIron IP Black List support eliminates up to 30% of SPAM This allows reputation servers to focus on more complex SPAM mitigation

Message Reputation SPAM Servers

Internet

IP Black List Sites


COMPANY CONFIDENTIAL 2009 Brocade Communications Systems, Inc. All Rights Reserved.

45

Enhanced GUI Management and Monitoring

Content Manipulation
Dashboard for Real-Time Health Monitoring System Traffic Monitoring with Live Charts and Graphs SSL Key and Certificate Management

Policy Management

COMPANY CONFIDENTIAL 2009 Brocade Communications Systems, Inc. All Rights Reserved.

46

Web GUI Additions


High Availability All 3 HA modes

COMPANY CONFIDENTIAL 2009 Brocade Communications Systems, Inc. All Rights Reserved.

47

Web GUI Additions


Health Checks L4/7 Health Checks, Port Profiles, Port Policies, Element Health Checks, Match Lists

COMPANY CONFIDENTIAL 2009 Brocade Communications Systems, Inc. All Rights Reserved.

48

Web GUI DEMO

COMPANY CONFIDENTIAL 2009 Brocade Communications Systems, Inc. All Rights Reserved.

49

IronView Network Manager


Network Management for ServerIron L4-7 Products
IronView Provides

ServerIron discovery and topology

management Configuration and image deployment Thumbnail status and alarm views Configuration backup Security policy management SSL certificate management

COMPANY CONFIDENTIAL 2009 Brocade Communications Systems, Inc. All Rights Reserved.

50

Introducing ServerIron ADX


Technology and Business Drivers
Scalable Architecturecombines the leading processing performance with the highest densitythe only way to support advanced ADC features and data center growth Investment Protectionmodular, easily upgradeable line cards, management cards, acceleration cards, and switch fabrics ensure ongoing value

COMPANY CONFIDENTIAL 2009 Brocade Communications Systems, Inc. All Rights Reserved.

51

ServerIron ADX 1000


Industrys highest-performing, 10 Gigabit-capable 1U ADC

SI-1016-2-SSL

SI-1016-4-SSL

SI-1216-4-SSL

CPS L4 = 1Mil L7 = 75K Concurr = 8 Mil Throughput L4= 4.5G L7 = 9G 16x1Gig ports SSL Bulk 1G SSL TPS 12K

CPS L4 = 2Mil L7 = 150K Concurr = 16 Mil Throughput L4= 9G L7 = 9G 16x1Gig ports SSL Bulk 2G SSL TPS 24K

CPS L4 = 2Mil L7 = 150K Concurr = 16 Mil Throughput L4= 9G L7 = 9G 16x1Gig ports 2x10GbE ports SSL Bulk 2G SSL TPS 24K
52

COMPANY CONFIDENTIAL 2009 Brocade Communications Systems, Inc. All Rights Reserved.

ServerIron ADX 4000


The industrys only highly scalable 4U platform
App Switch Module (ASM) Up to two ASMs Each ASM with eight cores 16 total cores 2 GB memory per core Management Module (MM) Dual-core management FAT-compatible USB Ethernet and DB9 mgmt Future upgradable options Two line card slots 12 x 1 Gb line card 4 x 10 Gb line card Switch Fabric Module (SFM) Modular Scalable Hot-swap fan tray

Basic
Single SSL exp card Single ASM 12 Gig ports 17.5 Gig L4 & L7 throughput 4Mil L4 CPS 300K L7 TPS 32 Mil concurent connections 30M Syn Cookie SSL Bulk 4G SSL TPS 48K

Full
Single SSL exp card Dual ASM 12 Gig ports + 4x10Gig 35G Gig L4 & L7 throughput 8 Mil L4 CPS 600K L7 TPS 64 Mil concurent connections 60M Syn Cookie SSL Bulk 8G SSL TPS 96K

Front-serviceable power Redundant AC/DC option

COMPANY CONFIDENTIAL 2009 Brocade Communications Systems, Inc. All Rights Reserved.

53

ServerIron ADX 10000 Chassis


Highest-performance, highest-density cores and line cards
App Switch Module (ASM) Up to four ASMs Each ASM with eight cores 32 total cores 2 GB memory per core Four line cards per chassis 12 x 1 Gb line card 4 x 10 Gb line card Management Module (MM) Dual-core management Redundant mgmt option FAT-compatible USB Ethernet and DB9 mgmt Future upgradable options Front-serviceable power AC or DC option 2 + 2 redundancy

Switch Fabric Module (SFM) Modular Scalable

Hot-swap fan tray

Half Load
Dual ASM Single SSL exp. module 8x10Gig 35G Gig L4 & L7 throughput 16 Application Cores 8 Mil L4 CPS 600K L7 TPS 64 Mil concurent connections 60M Syn Cookie SSL Bulk 8G SSL TPS 96K

Full Load
Quad ASM Dual SSL exp. module 16x10Gig ports 70G Gig L4 & L7 throughput 32 Application Cores 16M L4 CPS 1.2M L7 TPS 128 Mil concurent connections 120M Syn Cookie COMPANY CONFIDENTIAL 2009 Brocade Communications Systems, Inc. Dual mgmt All Rights Reserved. SSL Bulk 13.5G SSL TPS 192K

54

ServerIron ADX Series


ASM, Management Module, SFM and Line Cards

SSL & Compression

ASM8 Application Management Module Switching Module Dual Core 4 dual core Barrel Processors, for 8 Space for specialized hardware application cores

Switch Fabric Module

4 x 10 Gb Line Card

12 x 1 Gb Line Card RJ-45

12 x 1 Gb Line Card SFP

COMPANY CONFIDENTIAL 2009 Brocade Communications Systems, Inc. All Rights Reserved.

55

Application Switch Module (ASM8)


State of the Art Technology and Performance Upgradability

4 Dual Core CPUs 8 App Cores (BPs) 2GB Mem/core L4-7 Processing ~Up to 4M TPS ~Up to 17.5G thruput

AC1

AC3

AC5 AC4 AC6

AC7 AC8 Packet Acceleration Processor (PAX)


Counter Sync Server Selection H/W Assist

AC2

1 App Core = 1 BP

ASM Switch Fabric AXP AXP

PAX

App Acceleration Processor (AXP)


One AXP per 4 App Cores Provides Syn-cookie & DDoS H/W support TCP Options Processing Checksum Processing Outbound packet processing Room for future app acceleration functions
COMPANY CONFIDENTIAL 2009 Brocade Communications Systems, Inc. All Rights Reserved.

56

BROCADE WIRELESS SOLUTION


CAMPUS LAN

2009 Brocade Communications Systems, Inc. Company Proprietary Information

57

Brocade Mobility Enterprise Wireless LAN


Access Points
Mobility 7131

Mobility Controllers

Wireless IDS

Mobility RFS7000 AirDefense Enterprise Mobility 5181

Advanced Forensics

Mobility RFS6000

LiveRF

Mobility 300

Advanced Troubleshooting

Spectrum Analysis

FOR INTERNAL USE ONLY 2009 Brocade Communications Systems, Inc. All Rights Reserved.

58

Introducing Brocades New Mobility Enterprise WLAN Switch and AP Product Set
WIRELESS SWITCHES ACCESS POINTS
Mobility 300 (Dual-radio a/b/g)

Dependent AP
Internal/External Antenna Versions

Large-Very Large Enterprises


Mobility RFS7000 Supports 256 dependent and 1024 adaptive APs

Mobility 5181 (Dual-radio a/b/g) Outdoor AP Supports mesh Adaptive AP Integrated Firewall

Mobility 7131 (Single/dual-radio a/b/g/n) Adaptive AP Remote Site Survivability Resilient, Self Forming Mesh Internal/External Antenna Versions Integrated Firewall, RADIUS

Medium-Large Enterprises and


Branch Offices
Mobility RFS6000 Supports 48 dependent and 256 adaptive APs 3G WAN Backhaul Expansion Slot

FOR INTERNAL USE ONLY 2009 Brocade Communications Systems, Inc. All Rights Reserved.

59

AirDefense Security For Brocade Mobility


INDUSTRY-LEADING WLAN SECURITY PORTFOLIO
Rogue Detection & Elimination 24x7 Wireless Intrusion Detection Automated Prevention Policy Compliance (PCI, HIPAA, SOX) Wireless Troubleshooting Forensic Analysis Location Tracking Enterprise-class Scalability

AIRDEFENSE PRODUCT OPTIONS


Wireless IDS
SV-1250-P-1 (Appliance Model 1250) SV-3650-P-1 (Appliance Model 3650) SV-4250-P-1 (Appliance Model 4250) BKSV-1250-P-1 (Backup Appliance Model 1250) BKSV-3650-P-1 (Backup Appliance Model 3650) BKSV-4250-P-1 (Backup Appliance Model 4250) AD-SNFL-P-1 (WIPS license for 1 sensor) AD-ATSN-P-1 (Adv Troubleshooting license) AD-CMC-P-1 (Centralized Mgmt Console license) AD-EPSN-P-1 (Encryption Prot., WEP Cloaking license) AD-FESN-P-1 (Adv Forensic Analysis license) AD-SASN-P-1 (Spectrum Analysis) AD-TRSN-P-1 (Access Point Tracker license) MB-SW2G-P-1 (Mobile WLAN analyzer sw license)

LiveRF

Advanced Forensics

Spectrum Analysis

Advanced Troubleshooting

IDS

FOR INTERNAL USE ONLY 2009 Brocade Communications Systems, Inc. All Rights Reserved.

60

Brocade Mobility RFS7000


Product highlights
Scalable, robust wireless infrastructure
A converged platform to deliver multimedia applications (data, voice, video), wireless networking, and value-added mobility services such as secure guest access and locationing for Multi-RF networks.

Advanced features
Wireless VoWLAN with unmatched QoS, prioritization, SIP CAC functionality. Support for VoIP protocols and handsets

Ease of management
SPEC
256 AP300; 1024AAP 5181; 1024 AAP 7131; Cluster up to 12 Units.

Simple management for wireless Deploy, configure, and monitor all controllers and APs from a single console

Robust Gap-free security


Integrated wired/ wireless solutions for IDS/IPS, wireless firewall, identity and location-based access policies IPSec VPN Gateway, AAA Radius Server, Secure Guest Access, MAC-based authentication Geofencing, NAC support with Microsoft and Symantec FIPS 140-2 and CC EAL4 model
FOR INTERNAL USE ONLY 2009 Brocade Communications Systems, Inc. All Rights Reserved.

Campus Access

61

Brocade Mobility RFS6000


Product highlights
Scalable, robust wireless infrastructure
An architecture that is purpose-built to deliver high availability and scalability Secure reliable voice, data, and video delivery Enterprise class delivers the best in class performance, security, scalability and manageability required to meet the needs of demanding mission critical business applications

Advanced features
QoS, prioritization, SIP CAC functionality. Support for VoIP protocols and handsets

SPEC
48 AP300 256 AAP 5181; 256 AAP 7131; Cluster up to 12 Units.

Ease of management
Simple management for wireless Deploy, configure, and monitor all controllers and APs from a single console

Robust Gap-free security


Integrated wired/ wireless solutions for IDS/IPS, wireless firewall, identity and location-based access policies IPSec VPN Gateway, AAA Radius Server, Secure Guest Access, MAC-based authentication Geofencing, NAC support with Microsoft and Symantec
FOR INTERNAL USE ONLY 2009 Brocade Communications Systems, Inc. All Rights Reserved.

Campus Access

62

Brocade Mobility 7131


Product highlights

Scalable resilient wireless infrastructure


SiStationltaneous service to Stationltiple 802.11a/b/g/n Adaptive Switch assisted Mesh Mesh networking for data backhaul

Advanced features
Best solution for 802.11n with PoE+ support 802.11h WW operation dynamic freq selection Virtual AP: wireless VLANs, separate broadcast domains Wireless mobility at Layer 2 or Layer 3 WiFi Multimedia extensions for QoS

Ease of management
Zero-configuration setup using plug-and-play architecture WLAN Manager: deploy, configure, and monitor all controllers and APs from single console

Robust security

Campus Access

Integrated Wireless IPS, rogue AP protection, wireless firewall, and guest access WIPS sensor for Air Defense 802.1x supplicant: auth to Radius server FOR INTERNAL USE ONLY
2009 Brocade Communications Systems, Inc. All Rights Reserved.

63

Brocade Mobility 5181


Product highlights
Scalable resilient wireless infrastructure
Simultaneous service to Multiple 802.11a/b/g Adaptive Switch assisted Mesh Mesh networking for data backhaul

Advanced features
802.11h WW operation dynamic freq selection Virtual AP: wireless VLANs, separate broadcast domains Wireless mobility at Layer 2 or Layer 3 WiFi Multimedia extensions for QoS

Ease of management
Zero-configuration setup using plug-and-play architecture WLAN Manager: deploy, configure, and monitor all controllers and APs from single console

Robust security

Campus Access

Integrated Wireless IPS, rogue AP protection, wireless firewall, and guest access WIPS sensor for Air Defense 802.1x supplicant: auth to Radius server
FOR INTERNAL USE ONLY 2009 Brocade Communications Systems, Inc. All Rights Reserved.

64

Brocade Mobility 300


Product highlights
Scalable resilient wireless infrastructure
Delivers IEEE 802.11a/b/g connectivity Dual-radio 802.11a and 802.11g design

Advanced features
802.11h WW operation dynamic freq selection Virtual AP: wireless VLANs, separate broadcast domains Wireless mobility at Layer 2 or Layer 3 WiFi Multimedia extensions for QoS

Ease of management
Zero-configuration setup using plug-and-play architecture WLAN Manager: deploy, configure, and monitor all controllers and APs from single console

Robust security
Integrated Wireless IPS, rogue AP protection, wireless firewall, and guest access WIPS sensor for Air Defense 802.1x supplicant: auth to Radius server

Campus Access

FOR INTERNAL USE ONLY 2009 Brocade Communications Systems, Inc. All Rights Reserved.

65

Brocade Mobility Key Differentiators


Wired/Wireless Integration
PoE+ (for 802.11n), Power management, Security, Auto-discovery

Maximum Flexibility
Dependent, Independent & Adaptive AP deployment Scales easily from Enterprise Branch office to Large Campuses

Mesh and Point to point deployments indoors and outdoors

Unmatched Reliability:
SmartRF with Mesh Controller Clustering Maximum survivability (WWAN backhaul support in controllers)

Enhanced Wireless Security:


Maximum security: L2 and L3 Stateful Firewall WLAN traffic is L2 FIPS 140-2 and CC EAL4 certification 24x7 Wireless IDS/IPS with over 200+ WLAN signatures

FOR INTERNAL USE ONLY 2009 Brocade Communications Systems, Inc. All Rights Reserved.

66

Enterprise WLAN Competitive Landscape


Cisco
Market leader with 50%+ revenue share of market (CY08)

Uses WLAN sales as trojan horse for broader account penetration


WLAN Product Offering: 2/3/5XXX Series Controllers and AiroNet Series APs

Aruba
Start-up with sole focus on WLAN controllers and access points Motorola gained share over Aruba during CY2008*

WLAN Product Offering: Aruba 2/3/6000 Controllers and Aruba 65/75/105/120 APs
* Per Wireless LAN and WiFi Mesh Equipment and Phones, Infonetics Research, March, 2009
FOR INTERNAL USE ONLY 2009 Brocade Communications Systems, Inc. All Rights Reserved.

67

Competitive: Reliability
REQUIREMENT
Accurate RF Planning Wireless Mesh Redundancy QoS and Network Segmentation over Mesh Links Smart Clustering with Cost Effective Redundancy AP Load Balancing SMART RF 24x7 Monitoring Remote Site Survivability Advanced Troubleshooting Spectrum Analysis

Brocade

CISCO

ARUBA

Excellent

Good

Average

Poor

Ensuring users have uninterrupted access to applications in enterprise & extreme environments
FOR INTERNAL USE ONLY 2009 Brocade Communications Systems, Inc. All Rights Reserved.

Non Existent

68

Competitive: Security
REQUIREMENT
Authentication and Encryption 24x7 WIPS Simultaneous Full Time AP and Sensor Operation

Brocade

CISCO

ARUBA

Excellent

Rogue Device Elimination


Wireless Firewall Reporting & Compliance Legacy Protection GeoFencing NAC Integrated Security Services

Good

Average

Poor

Brocade provides the most comprehensive WLAN security offering in the industry
FOR INTERNAL USE ONLY 2009 Brocade Communications Systems, Inc. All Rights Reserved.

Non Existent

69

BROCADE NMS - IRONVIEW


DATA CENTER

2009 Brocade Communications Systems, Inc. Company Proprietary Information

70

The Need for Intelligent Management


Complexity of Network Management

The Complexity of Network Management grows faster as the Network grows


Configuration gets complex More VLANs, subnets, IPv6, etc More Events, Alerts Network Troubleshooting becomes more difficult Require granular traffic analysis Network wide security threats increase

# of Network Elements Intelligent Management NMS with the capability to scale as the Network grows Intelligent features that saves time and enhance productivity Network wide traffic monitoring and analysis tools Closed loop security
2009 Brocade Communications Systems, Inc. All Rights Reserved.

71

Brocade IronView Network Manager


Value proposition
Unified Management
Layers 2-3 Layers 4-7 MPLS Wireless Northbound Interface

MAC Filter Manager ACL Manager IronShield 360

Robust Security

Simplify Network Management


Easy to use L2-3 Topology Group Configuration Change Management Reporting

Event Manager Traffic Analyzer sFlow Collector Performance Monitor

Increase Network Availability

2009 Brocade Communications Systems, Inc. All Rights Reserved.

72

Brocade IronView Network Manager


Only unified network manager for wired, wireless, and MPLS
MPLS Provisioning Topology Security

Event Management

Policy Management

Configuration

2009 Brocade Communications Systems, Inc. All Rights Reserved.

73

Manage the Full Brocade IP Product Portfolio


Including support for third-party devices
Access Aggregation

FI-ES Series

FI-WS Series

FI-ESX Series

Core

FI-LS Series NI-CES Series FI-GS Series NI-XMR Series FI-CX Series TI-24X SI-ADX Series FI-SX Series BI-RX Series

Third Party
NI-MLX Series

IPM Series

Scalable to over 10,000 devices

2009 Brocade Communications Systems, Inc. All Rights Reserved.

74

Unified Management
MPLS Manager
Easy-to-use, intuitive GUI Support for VLL, Local VLL, VPLS, Local VPLS, and VCIP pools Status, configuration, statistics, topology, and end-point settings NetIron MLX, XMR, and CES support

Wireless Manager
Centralized management of wireless switches and Access Points (APs) across the network RF monitoring to detect rogue APs

Northbound Interface ServerIron Manager


Physical and virtual IP management
Gobal Server Load Balancing (GSLB) Support for new ServerIron ADX Application Delivery Controllers Integration with third-party Network Management Systems (NMSs) Inventory information for Brocade and third-party devices Java or Perl scripting interface

2009 Brocade Communications Systems, Inc. All Rights Reserved.

75

Simplified Network Management


Ease of Use
Intuitive Web-based tools to reduce management time and OpEx Access from anywhere within the network Dashboard with at-a-glance summary asset and event information

Device Configuration Manager


Automatically deploy device configurations Execute CLI commands across groups of switches

Change Manager
View, retrieve, and restore configurations Manual or scheduled backups Pre/post-change snapshots Roll back configuration changes

Topology Manager
Integrated topology discovery L2, VLAN, IP, STP/RSTP, MRP, and MPLS Background maps support Device search capabilities

2009 Brocade Communications Systems, Inc. All Rights Reserved.

76

Increased Network Availability


Event Manager
SNMP, Syslog, Snort, and partner events SNMP Trap forwarding Reporting, analysis, monitoring, and remediation Easier to meet Service Level Agreements (SLAs) Closed-loop remediation through integration with Device Configuration Manager

Performance Monitor
Monitor essential network performance information Advanced graphing tool

Traffic Analyzer
sFlow reporting, accounting, and presentation Gain visibility into network activity Custom report generator Trending and analysis for troubleshooting

Brocade and third-party device support


Export graphs as images or CSV files

2009 Brocade Communications Systems, Inc. All Rights Reserved.

77

Robust Security
MAC Filter Manager
Importing, configuration, and deployment of MAC filters across devices Wired and wireless device support

Access Control List (ACL) Manager


Rapidly configure and deploy ACLs Replicate ACLs to groups of switches Supports predefined service ACLs ACL customization support

Brocade IronShield 360


sFlow collection and conversion to PCAP

Integration with Snort and other open source Intrusion Detection Solutions (IDSs)
Identify accidental or malicious activity

2009 Brocade Communications Systems, Inc. All Rights Reserved.

78

Brocade INM Benefits


FEATURE
Intuitive GUI INM Dashboard AoR (Area of Responsibility) support Device Configuration Manager Performance Monitor Proactive event notifications with closed-loop remediation Support more than 10,000 devices Northbound Interface Wireless Manager Change Manager ServerIron Manager MPLS Manager Topology Manager Report Manager IronShield 360 Closed-Loop Security

BENEFIT
Ease of use At-a-glance asset and event summary information Delegate management tasks Automate repetitive tasks to reduce OpEx Understand network performance characteristics Meet SLAs Manage large environments from a single console Integration with third-party Network Management Systems (NMS) and Operational Support Systems (OSS) Centrally manage wireless resources across an entire campus Schedule switch configuration backups with the capacity to roll back configuration changes Integrated management of application delivery controllers Intuitive interface to manage MPLS settings across the WAN Physical and virtual topology maps for L2, VLANs, IP, and MPLS Asset reports with detailed information of all managed devices Full intrusion detection and prevention

Traffic Analyzer with sFlow collector

Gain visibility into network activity, even at the edge

2009 Brocade Communications Systems, Inc. All Rights Reserved.

79

Operating System Support


INM Server
Windows 2003 Server SP2, XP Professional SP3, and 2008 Server Red Hat Enterprise Linux Release 4 AS, ES,WS and Desktop; Red Hat Enterprise Linux Release 5 Advanced Platform, Base Server and Desktop Sun Solaris 9 and 10 SPARC VMware Workstation 6.5.2 for Windows:
Guest OS: Windows 2008 Enterprise Server 64-bit Guest OS: Red Hat Enterprise Linux 5 64-bit Windows 2008 Enterprise Server 64-bit

VMware Workstation 6.5.2 for Red Hat Enterprise Linux 5: Microsoft Hyper-V Manager 6.0.6001.18016

INM Client
Windows 2003 Server SP2, XP Professional SP3, Vista Business, and 2008 Server Red Hat Enterprise Linux 5 Advanced Platform, Base Server, and Desktop Sun Solaris 10 SPARC

2009 Brocade Communications Systems, Inc. All Rights Reserved.

80

Server and Client System Requirements


INM Server
1 to 200 Devices 201 to 1000 Devices

Windows

Linux

Solaris
Sun UltraSPARC T1 (or similar UltraSPARC processor), 3 GB RAM Sun UltraSPARC T2 (or similar UltraSPARC processor), 4 GB RAM Sun UltraSPARC T2+ (or similar UltraSPARC processor), 4+ GB RAM 200 GB

3.0 GHz Pentium 43 GB RAM Multicore Xeon Processor 3000 sequence or above (or similar AMD processor), 4 GB RAM Dual (or more) Xeon 5000 sequence or above (or similar AMD processor), 4+ GB RAM

CPU and Memory

1001+ Devices HDD

INM Client
Internet Explorer Mozilla Java Runtime Environment (JRE)

Windows
IE 7 and 8

Linux
N/A Firefox 3.0.x 1.6.0_13

Solaris

Web Browser

2009 Brocade Communications Systems, Inc. All Rights Reserved.

81

Licensing Options
License Type
INM Base License

Part Number
IVIEW-NT IVIEW-LINUX IVIEW-SOL IVIEW-LIC IVIEW-20-LIC

Details
INM base license for each OS versions

Concurrent User License

Five additional concurrent user license 20 additional concurrent user license

MPLS License

IVIEW-MPLS-LIC
IVIEW-MPLS25-LIC IVIEW-MPLS40-LIC

License for 10 MPLS-configured devices


License for 25 MPLS-configured devices License for 40 MPLS-configured devices

INM MPLS Bundle

IVIEW-NT-MPLS
IVIEW-LINUX-MPLS IVIEW-SOL-MPLS

INM base with license for 10 MPLSconfigured devices for each OS version

2009 Brocade Communications Systems, Inc. All Rights Reserved.

82

Event Management Automated Alerts & Countermeasures


Use of SNMP Collector + Trap Forwarding + INM Event Manager
Enable STP
Send email alert from switch Server High CPU INM

Configure customized email alerts based on SNMP MIBs


Very flexible email alerts can be generated on any MIB based event High CPU

Corp Net

SNMP SNMP CPU Utilization CPU Utilization

CPU above 70%?Trap

High Temperature Fan Failure INM can also generate CLI reports or send CLI commands to fix the issue

Corp Net

Add greater Productivity Get instant customized email alerts. INM can also generate reports and even fix your network
Disable Loop Loop
2009 Brocade Communications Systems, Inc. All Rights Reserved.

83

Security IronShield 360 Snort + sFlow


INM Server

Closed Loop Security


10.55.1.124

Automatic threat detection and remediation Complementary IDS/IPS Solution that is extremely cost effective Use each Foundry switch as a network monitor

sFlow

Corp Net

sFlow

Corp Net

INM + SNORT for signature analysis with automatic alerts & remediation

Network Attacks
2009 Brocade Communications Systems, Inc. All Rights Reserved.

84

MPLS Manager VLL Manager


Configure & Edit VLL Display VLL View and Statistics VLL View
VCID Name Status Conflict Endpoints

2009 Brocade Communications Systems, Inc. All Rights Reserved.

85

MPLS Manager VPLS Manager


Configure & Edit VPLS Displays VPLS View and Statistics VPLS View & Topology
Details tab shows textual status of VPLS Settings & Status Endpoint Settings Topology status is updated via polling & traps Dotted line indicates peer is down Solid line indicates peer is up
2009 Brocade Communications Systems, Inc. All Rights Reserved.

86

Non-Brocade Device Support


IP discovery Topology map support

MIB II
ICMP Ping health check FDP, CDP, LLDP

Support any non-Brocade device with standard MIB support

2009 Brocade Communications Systems, Inc. All Rights Reserved.

87

Performance Manager
Performance Manager (Enhanced SNMP Collector) Support for nonBrocade devices Display real time status of SNMP MIB values CPU Utilization Temperature Fan status etc Up to 5 values can be plotted
2009 Brocade Communications Systems, Inc. All Rights Reserved.

88

NEXT GENERATION TECHNOLOGY UPDATE


DATA CENTER

2009 Brocade Communications Systems, Inc. Company Proprietary Information

89

Data Center Market Dynamics


Key trends
Global competition Recession Data center consolidation New technology - Intel Xeon 5500 + Server 10 GbE - Server virtualization - FCoE ROI More storage More bandwidth

Resulting needs
24 x 7 uptime

Solutions needed
High availability Price/performance value Converged Enhanced Ethernet (CEE) 10, 40, and 100 GbE Low latency

2009 Brocade Communications Systems, Inc. Company Proprietary Information

90

Brocade Data Center Networks


High-level architecture
1 GbE 4 Gbps FC 8 Gbps FC

Core

10 GbE L2L3 BigIron RX

WAN

10 Gbps CEE
10 GbE

Aggregation

10 GbE L2-3 BigIron RX

10 GbE L4-7 ServerIron

10 GbE L2-3 BigIron RX

8 Gbps DCX Backbones

Tape Libraries

SAN
GbE ToR FastIron 1/10 GbE ToR TurboIron 10 GbE MoR FastIron SX GbE ToR CES Storage Arrays 10 GbE ToR FCoE/CEE 8000 8 Gbps DCX 4S / 48000 / 5300 / 5100

Access

NAS

Servers

2009 Brocade Communications Systems, Inc. Company Proprietary Information

91

Next-Generation Data Center LAN


Core
WAN

BigIron RX

Aggregation 100 GbE BigIron RX 10 GbE Access

DCX 16 Gbps

Tape Libraries

SAN
Storage Arrays DCX 16 Gbps

Brocade 8000

TRILL Calisto
FastIron CX
24/48x1 GbE server 4x10 GbE uplink

NetIron CES
24/48x1 GbE 2x10 GbE uplink

TurboIron 24X
24x10 GbE Server/uplink

2009 Brocade Communications Systems, Inc. Company Proprietary Information

92

40G / 100G Ethernet Standard

Higher Speed Ethernet being defined in IEEE P802.3ba project Standard intended to define MAC and physical layer for 40G and 100G Ethernet speeds Standard expected to be ratified in mid-2010

Brocade is actively investing in development of these technologies


Brocade BigIron is 40G / 100G ready BigIron RX will be industry most cost-effective 100G chassis!

2009 Brocade Communications Systems, Inc. Company Proprietary Information

93

100 GE and 40 GE Reach Options


PHY
At least 1m over a backplane At least 10m over copper cable At least 100m over MMF (ribbon cable)

40 Gbps support
40GBASE-KR4 40GBASE-CR4 40GBASE-SR4

100 Gbps support

100GBASE-CR10 100GBASE-SR10

At least 10km over SMF


At least 40km over SMF

40GBASE-LR4

100GBASE-LR4
100GBASE-ER4

Brocade Confidential - Under NDA

2009 Brocade Communications Systems, Inc. Company Proprietary Information

94

Brocades Current Plans for 40G & 100G


40G Module:
Targeted for DC access and aggregation layers Inherits current capabilities of RX modules Requires hSFM

100G Module:
Targeted for SP backbones and DC backbones Inherits current capabilities of RX modules Requires hSFM Backward compatible with existing modules CFP optics Permits longer reach from day 1 (at
least 10 km)

Backward compatible with existing modules


QSFP optics Initial optics focus on short-reach Target Availability: H1, 2011

Target Availability: H2, 2010


Preliminary Info: Subject to Change without Notice
2009 Brocade Communications Systems, Inc. Company Proprietary Information

Brocade Proprietary and Confidential

95

Summary of Industry Trends


Increase scalability Increase bandwidth Reduce cost Reduce complexity

Remain committed to open standards


Remain green

2009 Brocade Communications Systems, Inc. Company Proprietary Information

96

Our Value Proposition


Industry leading performance Compelling TCO advantages Superior quality products Delivered and supported by world-class global supply chain and global service organization

2009 Brocade Communications Systems, Inc. Company Proprietary Information

97

THANK YOU
DATA CENTER

2009 Brocade Communications Systems, Inc. Company Proprietary Information

98