Cisco Cisco IPS 4520 Sensor Libro bianco
4
Introduction
August 2012 Series
4
Ease of Deployment, Flexibility, and Scalability
Organizations with up 10,000 users are often spread out among different
geographical locations, making flexibility and scalability a critical require-
ment of the network. This design uses several methods to create and
maintain a scalable network:
Organizations with up 10,000 users are often spread out among different
geographical locations, making flexibility and scalability a critical require-
ment of the network. This design uses several methods to create and
maintain a scalable network:
• By keeping a small number of standard designs for common portions of
the network, support staff is able to design services for, implement, and
support the network more effectively.
support the network more effectively.
• Our modular design approach enhances scalability. Beginning with a set
of standard, global building blocks, we can assemble a scalable network
to meet requirements.
to meet requirements.
• Many of the plug-in modules look identical for several service areas;
this common look provides consistency and scalability in that the same
support methods can be used to maintain multiple areas of the network.
These modules follow standard core-distribution-access network design
models and use layer separation to ensure that interfaces between the
plug-ins are well defined.
support methods can be used to maintain multiple areas of the network.
These modules follow standard core-distribution-access network design
models and use layer separation to ensure that interfaces between the
plug-ins are well defined.
Resiliency and Security
One of the keys to maintaining a highly available network is building the
appropriate resilience into the network links and platforms in order to guard
against single points of failure in the network. The resilience in the SBA
Internet edge architecture is carefully balanced with the complexity inherent
in redundant systems.
One of the keys to maintaining a highly available network is building the
appropriate resilience into the network links and platforms in order to guard
against single points of failure in the network. The resilience in the SBA
Internet edge architecture is carefully balanced with the complexity inherent
in redundant systems.
With the addition of a significant amount of delay-sensitive and drop-
sensitive traffic such as voice and video conferencing, we also place a
strong emphasis on recovery times. Choosing designs that reduce the time
between failure detection and recovery is important for ensuring that the
network stays available even in the face of a link or component failure.
sensitive traffic such as voice and video conferencing, we also place a
strong emphasis on recovery times. Choosing designs that reduce the time
between failure detection and recovery is important for ensuring that the
network stays available even in the face of a link or component failure.
Network security is also a strong component of the architecture. In a large
network, there are many entry points, and we ensure that they are as secure
as possible without making the network too difficult to use. Securing the
network not only helps keep the network safe from attacks but is also a key
component to network-wide resiliency.
network, there are many entry points, and we ensure that they are as secure
as possible without making the network too difficult to use. Securing the
network not only helps keep the network safe from attacks but is also a key
component to network-wide resiliency.
Ease of Management
While this guide focuses on the deployment of the network foundation, the
design takes next-phase management and operation into consideration. The
configurations in the deployment guides are designed to allow the devices
to be managed via normal device-management connections, such as
Secure Shell (SSH) Protocol and HTTPS, as well as via Network Management
System (NMS). The configuration of the NMS is not covered in this guide.
While this guide focuses on the deployment of the network foundation, the
design takes next-phase management and operation into consideration. The
configurations in the deployment guides are designed to allow the devices
to be managed via normal device-management connections, such as
Secure Shell (SSH) Protocol and HTTPS, as well as via Network Management
System (NMS). The configuration of the NMS is not covered in this guide.
Advanced Technology–Ready
Flexibility, scalability, resiliency, and security all are characteristics of an
advanced technology-ready network. The modular design of the architec-
ture means that technologies can be added when the organization is ready
to deploy them. However, the deployment of advanced technologies, such
as collaboration, is eased because the architecture includes products and
configurations that are ready to support collaboration from day one. For
example:
Flexibility, scalability, resiliency, and security all are characteristics of an
advanced technology-ready network. The modular design of the architec-
ture means that technologies can be added when the organization is ready
to deploy them. However, the deployment of advanced technologies, such
as collaboration, is eased because the architecture includes products and
configurations that are ready to support collaboration from day one. For
example:
• Access switches provide Power over Ethernet (PoE) for phone deploy-
ments without the need for a local power outlet.
• The entire network is preconfigured with quality of service (QoS) to
support high-quality voice.
• Multicast is configured in the network to support efficient voice and
broadcast-video delivery.
• The wireless network is preconfigured for devices that send voice over
the wireless LAN, providing IP telephony over 802.11 Wi-Fi (referred to
as mobility) at all locations.
as mobility) at all locations.
The Internet edge is ready to provide soft phones via VPN, as well as tradi-
tional hard or desk phones, as configured in a teleworker deployment.
tional hard or desk phones, as configured in a teleworker deployment.