Documente Academic
Documente Profesional
Documente Cultură
Table of Contents
Table of Contents
Avaya Advanced Gateway 2330 ...................................................................................................... 2 Avaya Ethernet Routing Switch 2500 .............................................................................................. 6 Avaya Ethernet Routing Switch 4500 .............................................................................................. 9 Avaya Ethernet Routing Switch 5500 Series ................................................................................. 12 Avaya Ethernet Routing Switch 5600 Series ................................................................................. 15 Avaya Ethernet Routing Switch 8300 ............................................................................................ 20 Avaya Ethernet Routing Switch 8800 ............................................................................................ 27 Avaya Secure Router 2330 ............................................................................................................ 46 Avaya Secure Router 4134 ............................................................................................................ 50 Avaya Secure Router 8000 Series................................................................................................. 52 Avaya Secure Router Portfolio ....................................................................................................... 57 Avaya VPN Router ......................................................................................................................... 59 Avaya Configuration and Orchestration Manager .......................................................................... 61 Avaya IP Flow Manager ................................................................................................................. 70 Avaya WLAN 2300 Series ............................................................................................................. 75 Avaya WLAN 8100 Series ............................................................................................................. 83 Avaya Network Resource Manager ............................................................................................... 89 Avaya Enterprise Switch Manager ................................................................................................. 92 Avaya Identity Engines Portfolio .................................................................................................... 94 Avaya Visualization Performance and Fault Manager ................................................................... 99 Avaya VPN Portfolio .................................................................................................................... 106
We can deliver the following benefits: Reduces operational costs. This is due to the reduced maintenance, improved interoperability and greater reliability of SIP-based unified communications services, especially at remote sites. By delivering resilient SIP gateway services in a cost-effective, modular platform the Advanced Gateway 2330 is a compelling alternative to existing Avaya branch solutions and to the competition. Its voice survivability features allow it to provide ongoing phone services even when remote connectivity to the voice call server is lost. Since its voice gateway/survivability feature is SIP-based, it can provide resilient voice services with a range of Avaya call servers and phones, including Avaya Aura Session Manager as well as Communication Server 1000, Communication Server 2100 and Software Communication System call servers. It is also compatible with third party call servers such as Broadsoft and Sylantro. The Advanced Gateway 2330 can also be software upgraded to deliver a complete suite of routing and WAN services. This effectively converts the Advanced Gateway 2330 into a fully functional converged branch router, which can consolidate multiple branch devices and reduce total cost of ownership.
The Advanced Gateway 2330 is interoperable with Avaya Aura and Avaya 9600 Series IP Desktop phones as well as other Avaya and third-party call servers and phones. With a rich
suite of SIP gateway features, PSTN interface options, global signaling protocols, and resiliency support, it is an ideal branch solution for centralized UC deployments. It also can be upgraded to deliver a complete suite of data and WAN services, consolidating multiple branch devices and significantly reducing an enterprises total cost of ownership.
Offline prevention of unregistered users helps enable only registered and authorized users to be able to connect to the Advanced Gateway 2330 during periods of WAN outage.
All models also include an option to upgrade to full routing and WAN functionality. Since preinstalled voice modules only occupy two of the Advanced Gateway 2330 three slots, an additional module slot is available to add another FXO, FXS or T1/E1 PRI voice module.
Management
The Advanced Gateway 2330 employs an industry-aligned command line interface (CLI) that makes it easy to set up and manage. Features include: On-Premise, Console and Command Line Interface; Telnet, Events, Syslog. Remote SSHv2 provides secure communication for configuration and maintenance. Avaya Unified Communications Management provides for fault management and device reporting.
An easy choice
The Advanced Gateway 2330 is a flexible, cost-effective branch gateway solution that can address the UC connectivity needs of remote sites. It also can serve as the springboard for converged voice and data services in a common platform for simplified management, greater cost savings and a high quality of user experience.
Benefits include: Cost-effective Enterprise-class feature set at an entry level price Convergence-ready - Built-in Power-over-Ethernet functionality and 802.1AB support for auto-discovery of IP phones Enterprise-class management - Support for CLI, Web GUI, or Java Device Manager
We are excited by the opportunity to partner with to assist you in overcoming the challenges you face including: Because not all network devices require Power-over-Ethernet (PoE), needs a switch that offers the right mix of PoE and non-PoE ports, so you do not pay for power capacity that you might never use. Without a switch that provides this flexibility, you may
increase your power and cooling requirements in the wiring closet because of a switch that supports PoE on all ports needs a flexible switch that can scale to meet your needs while offering simplicity in the management of ports. And if the switch does not offer sub-second failovers in case of switch or stacking cable failure, you may find that your applications and network resources are not continually available to users You want your network and data to be secure. Doing so means installing equipment that can offer high levels of security and flexibility so only authorized personnel gain access to your LAN. Without this security at every level of your network, risks losing valuable data Wire-speed Performance for optimal application delivery Ethernet Routing Switch 2500 delivers wire-speed switching that enables real-time application performance such as voice and video Scalability to grow as the network grows - Customers can scale and grow the network by stacking Ethernet Routing Switch 2500 units. This can be achieved even with an Ethernet Routing Switch 2500 stand-alone unit. Stand-alone versions of the Ethernet Routing Switch 2500 can be field-upgraded to support resilient stacking functionality on the rear ports via a stacking license, without the need to replace hardware to expand the number of switch ports. Reliability - Ethernet Routing Switch 2500 stack remains operational in case of unit or cable failure, and when the Ethernet Routing Switch 2500 is deployed at the network edge with Avaya switching products in the network core that support Avaya Switch Clustering technology (Split Multi-Link Trunking), added performance and sub-second resilience is provided in the network solution A Unified Communications Ready Edge Wire-speed switching, Power-over-Ethernet Support for IP phones, and Quality of Service so time-sensitive data gets priority PoE on half of 10/100 ports minimizing cost for non-PoE devices High-performance switching in a cost effective platform
The Ethernet Routing Switch 2500 is available in four models with the flexibility to deploy them as stand-alone units or to deploy them in stacks of up to 8 units high to form a resilient intelligent stack architecture. Units purchased as stand-alone units require the purchase of a stacking license to enable stacking functionality on the rear ports. Stack pre-enabled units can also be purchased which eliminate the need for a separate license. The four models available in Ethernet Routing Switch 2500 Series of products include: Ethernet Routing Switch 2526T provides 24 x 10/100 ports, plus 2 x combination 1000BASE-T / SFP ports, plus 2 x 1000BASE-T RJ-45 ports at the rear. Ethernet Routing Switch 2526T-PWR provides 24 x 10/100 ports (PoE supported on 12 ports), plus 2 x combination 1000BaseT / SFP ports, plus 2 x 1000BASE-T RJ-45 ports at the rear.
Ethernet Routing Switch 2550T provides 48 x 10/100 ports, plus 2 x combination 1000BASE-T / SFP ports, plus 2 1000BASE-T RJ-45 ports at the rear. Ethernet Routing Switch 2550T-PWR provides 48 x 10/100 ports (PoE supported on 24 ports), plus 2 x combination 1000BASE-T / SFP ports, plus 2 x 1000BASE-T RJ-45 ports at the rear.
The Ethernet Routing Switch 2500 switches integrate with many other Avaya products to provide a complete solution to customers looking for cost-effective networking solutions. Ethernet Routing Switch 2500 switches are aimed at 10/100 wiring closet edge solutions providing PoE, non-PoE in stand-alone and stacked options. This product family differs from other products in that it is specifically aimed as a low priced entry level enterprise-class switching platform. The Ethernet Routing Switch 2500 switches are suitable to be linked with other Avaya products in the network core, such as Ethernet Routing Switch 5000 Series (5500 and 5600 models), and Ethernet Routing Switch 8600 products, to create networking solutions for small to medium enterprise businesses.
We are excited by the opportunity to partner with to assist you in overcoming the challenges you face including: needs a flexible switch that can scale to meet your needs while offering simplicity in the management of ports. And if the switch does not offer sub-second failovers in case of switch or stacking cable failure, you may find that your applications and network resources are not continually available to users s users want continuous access to the applications they need, and they want those applications to be fast. Getting what they need is a complex issue. You want a solution that can provide intelligent bi-directional traffic flows between switches and the ability to distribute trunks or aggregations across different units in the stack. Without this functionality, your traffic flows and application performance may suffer in the event of a switch or link failure You want your network and data to be secure. Doing so means installing equipment that can offer high levels of security and flexibility so only authorized personnel gain access to your LAN. Without this security at every level of your network, risks losing valuable data
10
High performance intelligent solution at the edge of the network - Ethernet Routing Switch 4500 offers the features, performance, and resilience to optimize a unified communications network Breadth of Portfolio - Eleven models to choose from allowing businesses to scale, change and grow according to business requirements Secure Networking - Intelligent stacking resilience enabling access to mission critical applications Avaya Ethernet Routing Switches consume 40% less energy than competitive solutions without sacrificing features or performance. The Avaya 4550T switch consumes 45 watts compared to 89 watts for Cisco 3750G, plugged in and idling with factory settings. This amounts to a 44 Watt savings before any devices are connected! If we assume a three-year replacement cycle for this example, then implementing the Avaya switch in place of the Cisco equivalent saves a million Watts of electricity over its life.
Avaya Ethernet Routing Switch 4500 highlights: Stackable 10/100 and 10/100/1000 switching with and without Power-over-Ethernet. Stacking provides fully redundant, non-blocking switch fabric distributed across all units in the stack. Furthermore, all units are managed as a single entity. The Ethernet Routing Switch 4500 also features auto-unit replace which automatically uploads the switch configuration when a new unit is added to the stack. High-performance, non-blocking throughput delivering up to 320 Gbps stacking capacity Advanced resiliency with fail-safe stacking, Distributed Multi-Link Trunking and redundant power option Sophisticated Quality of Service with Layer 2-4 traffic filters, prioritization based on 802.1p and DiffServ, marking, re-coloring and traffic shaping with flexible egress hardware queues Power to IP phones, WLAN Access Points, network cameras, security, lighting and access control devices through Power-over-Ethernet High-density desktop connectivity, supporting up to 400 10/100 ports or 384 10/100/1000 ports all managed as a single entity Higher network uptime through high-resiliency features such as fail-safe stacking, Distributed Multi-Link Trunking and power redundancy Investment protection with flexible mix-and-match stacking capabilities
The Ethernet Routing Switch 4500 models include: Ethernet Routing Switch 4526FX with 24 x 100BASE-FX ports plus 2 x combo 1000BASE-T/Small Form-Factor Pluggable (SFP) ports Ethernet Routing Switch 4526T with 24 x 10/100 ports plus 2 x combo 1000BASET/SFP ports Ethernet Routing Switch 4526T-PWR with 24 x 10/100 802.3af PoE ports plus 2 x combo 1000BASE-T/SFP ports
11
Ethernet Routing Switch 4550T with 48 x 10/100 ports plus 2 x combo 1000BASET/SFP ports Ethernet Routing Switch 4550T-PWR with 48 x 10/100 PoE ports plus 2 x combo 1000BASE-T/SFP ports Ethernet Routing Switch 4524GT with 24 x 10/100/1000 including 4 x combo 1000BASE-T/SFP ports Ethernet Routing Switch 4524GT-PWR with 24 x ports of 10/100/1000 PoE ports including 4 x combo 1000BASE-T/SFP ports Ethernet Routing Switch 4526GTX with 24 x 10/100/1000 ports including 4 x combo 1000BASE-T/SFP, plus 2 x 10GBASE-X XFP slots Ethernet Routing Switch 4526GTX-PWR with 24 x 10/100/1000 802.3af PoE ports including 4 x combo 1000BASE-T/SFP, plus 2 x 10GBASE-X XFP slots Ethernet Routing Switch 4548GT with 48 x 10/100/1000 including 4 x combo 1000BASE-T/SFP ports Ethernet Routing Switch 4548GT-PWR with 48 x 10/100/1000 PoE ports including 4 x combo 1000BASE-T/SFP ports
All models include built-in HiStack stacking ports that can deliver up to 320 Gbps stacking performance, plus redundant power support. Additionally, all models in the Ethernet Routing Switch family offer the ability to stack in any combination of models to form a stack up to 8 units high. This flexibility provides with a high degree of flexibility to mix and match the port configurations based on s needs. Simple installation and network configuration helps with these goals: Quick start tools for fast set-up Network management for configuration changes/updates Simple to configure stacking, and mix-and-match PoE, Fast Ethernet and Gigabit Ethernet improves flexibility and growth plans. Power-over-Ethernet provides flexible and fast installation.
In the Tolly Groups comparative study of equipment cost per throughput (report #210115 published in January 2010), the Avaya 4548GTPWR came out a clear winner at $70 per Gigabit throughput a fraction of the cost of the Cisco C3750G-48PS and the C3560G-48PS ($250 and $153 respectively). Another Tolly report on the Ethernet Routing Switch 4500 series (report #210116 published in January 2010) gives Avaya equipment straight As for reliability, throughput and quality, stating that, The Ethernet Routing Switch 4500 switches achieved zero-loss throughput with low latency and jitter, along with delivering stack resiliency.
12
We are excited by the opportunity to partner with to assist you in overcoming the challenges you face including: Accessible networks are vital for effective collaboration among employees and customers, and resource sharing between co-workers. In the unlikely event of a link or unit failure, these interactions must be able to continue without interruption Support for IEEE 802.3af standards-compliant Power-over-Ethernet enables a switch to power multiple devicesincluding IP phones, WLAN Access Points, network cameras, security devices, and other access control devices supporting 802.3afregardless of product vendor. It is recommended that select a product that provides this support Protecting the network against both external and increasingly prevalent internal attacks is a critical part of an IT managers job. The ability to do this requires simple to manage, yet intelligent, security solutions that not only look at the identity of the person logging in, but also at the device connecting to the network
We can deliver the following benefits: High-performance - Wire-speed throughput for your unified communications business applications and real-time applications such as voice and video Scalability and resilience at the edge or core of the network Intelligent, seamless stacking and switch clustering reliability; switch clustering technology offers sub-second
13
resilience and high levels of performance enabling access to mission critical applications Secure networking Avaya Identity Engines portfolio enables user/device authentication and partitions LAN resources into access zones for authentication, remediation and full access
The switches include a 1.5 ft cascade cable. The Power-over-Ethernet versions of these switches: the Ethernet Routing Switch 5520-24T-PWR and Ethernet Routing Switch 5520-48TPWR are also available. These models will also stack with the all other 5500 and 5600 models.
Ethernet Routing Switch 5520-24T-PWR offers 24 10/100/1000 RJ-45 ports for desktop switching and four built-in SFP ports for uplinks. Ports 21, 22, 23, and 24 can be configured as either 10/100/1000 or make use of the built-in SFP. Both Ethernet Routing Switch 5520-24TPWR and Ethernet Routing Switch 5520-48T-PWR may be combined in a single stack for maximum flexibility. All models within the Ethernet Routing Switch 5500 Series range are stackable up to eight (8) units high, forming a 'stackable chassis', a single logical network device that supports up to 384 ports of 10/100/1000 Ethernet, with or without Power-over-Ethernet. Stacks can be formed using like models, or with any mix of models from within the range. The Ethernet Routing Switch 5500 models are also 100% stack-compatible with models from the Ethernet Routing Switch 5600 Series. The Ethernet Routing Switch 5520-48T-PWR features 48 10/100/1000 RJ-45 ports for desktop connectivity and four built-in SFP ports for uplinks. Ports 45, 46, 47, and 48 offer configuration flexibility by allowing the network administrator to configure each port as either 10/100/1000 or make use of the built-in SFP. As many as eight Ethernet Routing Switch 5520-48T-PWR
14
models can be stacked to achieve up to 384 10/100/1000 ports for highest-density desktop switching.
15
The comprehensive options and the embedded versatility make the switch highly accomplished in any of the diverse deployment scenarios that customers typically face - wiring closet to highperformance computing environment. The Ethernet Routing Switch 5600 Series offers flexible and versatile deployment options and is the best value port-for-port than any product on the market, continuing to lead the way for premium networking delivered via an optimized total cost of ownership model. We are excited by the opportunity to partner with to assist you in overcoming the challenges you face including: Designing-out a lack of end-to-end application availability, potentially caused by individual equipment or component failure, or the inability of data-centric techniques to adequately support modern, delay-sensitive traffic. As modern business becomes intrinsically linked to the performance of its information technology resources, a lack of availability has a direct impact on the potential for consistent growth. The business needs to be flexible, in addition to the general evolution away from paperbased systems to ubiquitous electronic systems. Taken together, this means that the network needs to be easily and seamlessly scaled. Where networks cannot easily and seamlessly be scaled and operationally supported, the business will be impacted. This may involve delayed roll-out of support for users or applications, for increased costs in network deployment or support.
16
With networks being increasingly important there can also be something of a tendency to make them increasingly complex. However this can be counter-productive. Management is crucial, and simplicity is the key to effective real-work management. Where network management is sub-optimal, or at worst, ineffective, the business is being placed at risk. This generally becomes apparent during periods of downtime and reduced application performance or availability. This has direct and significant impacts on the ability of the business to undertake its core activity. Security continues to be a significant concern for network managers, often featuring right at the top of key purchasing decision criteria. In addition to the traditional threats from external sources there is the ever-expanding insider threat scenario that network managers need to consider and prepare for. Security of the network and of the information that passes over the network is one of the paramount responsibilities of the network manager. The entire survival of the business is put at risk should the network fail to provide levels of protection commensurate with the sensitivity of the information supported. Operational support is one of the areas where major costs and potential savings can be isolated. Wherever possible managers need to set up their network so it is efficiently built and supportable. Increasingly network managers are asked to do more with less. The business can be impacted if the network does not have the appropriate embedded capabilities to enable efficient and effective operational support.
We can deliver the following benefits: Flexible Advanced Stacking Technology which delivers unparalleled levels of resiliency, performance, scalability, and operational efficiency creating the stackable chassis as an alternative to lesser fixed-format offerings or more expensive modular options Switch Clustering solution for the core, the aggregation layer, and the data center. Virtualizing a pair of switches simplifies the network topology, reduces equipment costs, maximizes bandwidth, optimizes resources, and prevents one single point of failure Horizontal Stacking leveraging Flexible Advanced Stacking Technology for resiliency, performance, and scalability in addition to the real-world practicality of long stack cables enables Avaya to revolutionize the delivery of non-stop and cost-effective application availability in the data center. This solution sees high-performance switches implemented in the top of server racks, resiliently stacking these with switches in adjacent racks, and switch clustering the horizontally-stacked switches to achieve multiple layers of resiliency and the highest levels of performance
The Ethernet Routing Switch 5600 Series is a set of premium, fixed-format Ethernet switches that provide high-performance connectivity in a scalable pay-as-you-grow stackable solution. The model range includes five distinct models, and is also 100% stack-compatible with the Ethernet Routing Switch 5500 models, thereby providing an expanded range of 10 models. The Ethernet Routing Switch 5600 models are: Ethernet Routing Switch 5632FD offering a total of 32 concurrent network interfaces with 24 ports of 1000BASE-X SFP and 8 ports of 10GBASE-X XFP connectivity
17
Ethernet Routing Switch 5650TD offering a total of 50 concurrent network interfaces with 48 ports of 10/100/1000 and 2 ports of 10GBASE-X XFP connectivity Ethernet Routing Switch 5650TD-PWR offering a total of 50 concurrent network interfaces with 48 ports of 10/100/1000 with 802.3af Power-over-Ethernet and 2 ports of 10GBASE-X XFP connectivity Ethernet Routing Switch 5698TFD offering a total of 98 concurrent network interfaces with 96 ports of 10/100/1000, including 6 ports that are in a combo configuration with 6 ports of 10000BASE-X SFP, and 2 ports of 10GBASE-X XFP connectivity Ethernet Routing Switch 5698TFD-PWR offering a total of 50 concurrent network interfaces with 48 ports of 10/100/1000 with 802.3af Power-over-Ethernet, including 6 ports that are in a combo configuration with 6 ports of 10000BASE-X SFP, and 2 ports of 10GBASE-X XFP connectivity
The stacking capacity for the Ethernet Routing Switch 5600 models is similar to that for the existing Ethernet Routing Switch 5500 models: up to eight (8) switches, except when this involves the 5698 models, and then the limit is a maximum of 400 ports; this being governed by software. Therefore it is possible to have an Ethernet Routing Switch 5600 deployment that offers: Stack of 8 x 5632FD 192 ports of 1GbE and 64 ports of 10GbE, or Stack of 8 x 5650TD 384 ports of copper (with or with PoE) and 16 ports of 10GbE, or Stack of 4 x 5698TFD - up to 384 ports of copper (with or with PoE) and up to 24 ports of 1GbE, and 16 ports of 10GbE; the last six Gigabit ports being combo ports either 1000BASE-T or 1000BASE-X SFP, or Any combination of switches (up to the 8 switches or 400 ports maximums)
The Ethernet Routing Switch 5600 products feature non-blocking switch fabrics, with up to 384Gbps of capacity (288Gbps on the 5632FD & 5650TDs), providing an under-subscribed architecture regardless of the combination of both network and stacking interfaces. Avaya Flexible Advanced Stacking Technology delivers a series of differentiated capabilities revolving around three key areas: Bi-directional shortest-path traffic forwarding this capability is at the heart of our resilient stacking architecture, allowing the shortest, optimal forwarding path to be selectively chosen for each unique data flow. Avaya Ethernet Routing Switches do not use the unwieldy logical ring or token technology that competitors use, but a star-based distributed forwarding topology that allows traffic to flow either upstream or downstream simultaneously from each switch in the stack, optimizing both performance and resiliency. Auto-unit replacement this crucial serviceability and operability feature enables any unit failure to be quickly and easily rectified; a hot-swap capability. Enabling immediate like-for-like unit replacement without impacting the remaining stack functionality and traffic, and without complex engineering intervention empowers operators to deploy our stackable solutions just like they would a chassis. The auto-unit replacement
18
functionality automatically delivers the agent image software, the configuration file, and the diagnostic image software to the replacement switch. Scalable stacking performance the high performance logical backplane scales in direct proposition to the number of switches added the bandwidth scales linearly with the addition of each new unit into the stack and the number of ports/users that need to be supported.
The stacking connectors are directly integrated into the switches and recessed for additional robustness therefore no additional purchase is required, and a stacking cable is packaged with each switch. When a stack of Ethernet Routing Switch 5600 switches is created, a number of processes automatically occur: the integrity of the stacking cables is tested and confirmed, the switches are numbered and associated, the base unit is recognized and the temporary base unit is elected. When a stack is established, the Ethernet Routing Switch 5600 units form a stackable chassis solution, delivering crucial operational advantages: high performance logical backplane up to 1.152Tbps for a stack of 8 switches virtual hot-swap capability to facilitate the zero impact replacement of individual units centralized management and distributed forwarding non-blocking, wire-speed switch performance automatic unit replacement; software update and configuration download power redundancy with field replaceable AC and DC supplies up to 400 ports of 10/100/1000 Ethernet, or up to 192 ports of 1GbE & 64 ports of 10GbE the flexibility to stack vertically for wiring closet or core/distribution applications, or horizontally for deployment as the top-of-rack data center solution 100% stack-compatibility between the existing Ethernet Routing Switch 5500 and the new Ethernet Routing Switch 5600 models for enhanced investment protection and additional flexibility
Additionally, the Ethernet Routing Switch 5600 Series features field-replaceable redundant power supplies, both AC and DC variants and a variety of power ratings, to provide power redundancy and 802.3af Class 3 support without the need for any additional external power rack. The Ethernet Routing Switch 5600 Series supports a full suite of sophisticated software features and capabilities, and implements these via a tiered software licensing scheme. This minimizes unnecessary over-investment and reinforces the pay-as-you-grow theme of Avaya stackable chassis solution.
19
The Ethernet Routing Switch 5600 Series delivers comprehensive capabilities in: Layer 2 Spanning Tree support for standards-based interoperability, and extended support for various link aggregation techniques for additional performance, resiliency and flexibility Layer 3 Dynamic Layer 3 IP routing support, in addition to static and local routing, with implementations of RIP, OSPF, ECMP, and VRRP IP Multicast network efficiency improvements are enabled by implementing support for IGMP Snooping (at Layer 2) and PIM-SM Routing (at Layer 3) Security comprehensive network access control and denial-of-service prevention capabilities so the network edge infrastructure is both robust and can function as a truly effective first line of defense. The Ethernet Routing Switch 5600 supports standardsbased 802.1X EAP plus extensions, and Avaya Identity Engines solution Convergence the Ethernet Routing Switch 5600 supports a sophisticated Layer 2 and Layer 3 quality of service capability including filtering, traffic shaping, and policy-based rules. The products also support the 802.3af Power-over-Ethernet and 802.1AB Discovery protocols for effective internetworking of media devices Resiliency in addition to the obvious advantages of Avaya genuinely resilient stacking solution Flexible Advanced Stacking Technology the Ethernet Routing Switch 5600 Series also supports Avaya switch clustering capability (based on our Split Multi-Link Trunking technology). This allows Avaya to deliver a resilient solution at the appropriate price point for smaller networks.
The Ethernet Routing Switch 5600 Series delivers the highest levels of performance, functionality, scalability, and resiliency, enabling enterprises to deploy demanding applications with complete confidence. These premium stackable switches encapsulate the benefits of clear leadership in availability, unrivalled performance, scalability, flexible deployment options, and energy and space efficiency. This unique combination makes the complete Ethernet Routing Switch 5600 Series an exceptional value and the product-of-choice in its class.
20
We are excited by the opportunity to partner with to assist you in overcoming the challenges you face including: Improving quality of service. Classifying, prioritizing, policing, and marking LAN traffic can offer networks reliable connectivity and required bandwidth for mission-critical applications, such as IP telephony, to specific groups, users, and individual devices. Without the ability to do this, s users cannot experience optimized network resources and capabilities, and bandwidth efficiency will not be at its highest potential. Transitioning to Gigabit Ethernet. New graphically intense applications, and the deployment of converged services such as IP telephony and unified communications, are placing increasing demands on network resources. needs a solution that can help you seamlessly transition to Gigabit Ethernet. Enabling power availability. To increase flexibility and enable the highest priority users and devices to have service when they need it, needs a switch with Power-overEthernet (PoE) modules to support an option to configure the priority level for power delivery. Without this support, you may find that when you need more power for the multiple applications being offered, some of your higher priority users will be left without the system resources they need. Enhancing network security. Lapses or failures in network security can have a costly impact on your profitability. cannot safely operate without a proper defense against both external and internal sources. Adapting to changing business needs. s network must be closely aligned with your businessoften subject to seasonal variations, or changes through merger and acquisition activity. Your network needs to have great flexibility and the ability to adapt
21
without impacting availability. Without this flexibility, it will be difficult for your business to operate efficiently and grow as you want. We can deliver the following benefits: Convergence quality access - The Ethernet Routing Switch 8300 is a high-density, high performance wiring closet product offering a full range of Access Switch features and functionality, including quality of service, access control (802.1X) as well as host integrity checking delivered via Avaya Identity Engines Portfolio solution. Seamless transition to Gigabit Ethernet Six- and 10-slot chassis, with 1GbE and 10GbE pluggable, and 10/100 and 10/100/1000 copper modules; class-leading 10GbE port density. Versatility and flexibility Pay-as-you-grow options for both hardware and software capabilities. Reliability Supports Avaya Switch Cluster technology for delivering 99.999% end-toend resilient application availability. Standards-based Power-over-Ethernet with Dynamic Power Management.
22
that is consistently less than one second, regardless of the failure scenario. Through simplified, resilient solutions, Avaya addresses this need. Switch Clustering Switch Clustering is the Avaya advanced resilient solution utilizing the Split Multi-Link Trunking and Routed Multi-Link Trunking protocols and provides complete protection against any individual component, link or node failure. This solution provides for sub-second recovery combined with user session-based load-balancing all leveraging standards-based dynamic link aggregation at the edge of the network, both user and server. Deploying the Ethernet Routing Switch 8300 in the core of a mid-tier network is the ideal solution for delivering highlyavailable services. Routed Split Multi-Link Trunking provides rapid failover for networks that are using dynamic Layer 3 routing protocols, is not dependent on the routing protocol used, and IP Gateway redundancy is achieved by synchronizing forwarding information between switch CPUs. Redundant and resilient chassis-based solution As a stand-alone device, Ethernet Routing Switch 8300 provides an extremely robust platform for resilient networking. The system supports dual redundant switch fabric/CPU modules, N+1 AC or dual-input DC power supplies, and hot-swappable modules and fan trays.
Precision performance
Real-time applications are sensitive to variable performance and are relatively bandwidthintensive. Performance is closely linked to reliability with many of the design options for todays networks being a trade-off between performance needs and reliability requirements. Avaya Ethernet Routing Switch 8300 eliminates the need to choose one over the other by delivering high-speed, low-latency performance with superior reliability. Performance architecture At the heart of the Ethernet Routing Switch 8300, there is a passive backplane design and a distributed forwarding architecture that leverages the advantages of dual N-1, active-active switch fabrics. The 720Gbps crossbar and the 8394SF switch fabric module deliver up to 464Gbps of genuine data throughput and 345Mpps of frame forwarding performance per switch. Putting these figures into a business context, an Ethernet Routing Switch 8300 core switch cluster can transport more than 60,000 average-sized office files per second, and still not be subject to contention.
Model
8306 Chassis
8310 Chassis
23
Advanced QoS The Ethernet Routing Switch 8300s Quality of Service (QoS) features allow more efficient use of bandwidth to optimize existing network resources and capabilities, and also provide packet classification and marking at the edge, which simplifies the QoS solution at the core. By classifying, prioritizing, policing and marking LAN traffic, networks can deliver the right service levels for mission-critical and quality-sensitive applications. The Ethernet Routing Switch 8300 provides eight queues per port and advanced QoS features support the Internet Engineering Task Force (IETF) Differentiated Services (DiffServ) QoS architecture standard packet classification based on the contents of the IP Packet Header fields (e.g., voice, video and data). Avaya Automatic QoS With Avaya Automatic QoS enabled, an Ethernet Routing Switch 8300 supporting an Avaya Unified Communications solution automatically recognizes the special, private Differentiated Service Code Point (DSCP) values used by these applications, and optimizes the management egress queues. Without this automated functionality, operators would need to have detailed knowledge of how QoS works, and the private DSCP values, to enable manual configuration for optimized queue usage. With this feature, the process is automated and optimized, and protects against mis-configuration. The introduction of Avaya Automatic QoS support on the Ethernet Routing Switch 8300 will see the core functionality delivered first, followed by access functionality in a subsequent release. Traffic Policing and Shaping Traffic Policing enables the provisioning of different service levels by limiting traffic throughput at the ingress (inbound) port of the Ethernet Routing Switch 8300. This feature allows limits to be placed upon the amount of bandwidth that particular users or applications can push into the network. An associated capability, Custom Auto-Negotiation Advertisements (CANA), allows for only specified connection rates to be advertised by auto-negotiation, and therefore limits lowpriority devices to the appropriate connection speed. Traffic Shaping offers the ability to limit traffic on egress (outbound) from the Ethernet Routing Switch 8300, typically to comply with some form of service tariff. Enterprises working with Service Providers or Carriers can use this feature when they deploy Ethernet as an alternative to traditional Frame Relay or ATM WAN access solutions. IP Filtering and Deep Packet Pattern Matching IP Filters can be used to manage traffic and provide security, by allowing that specific actions are performed when defined criteria are matched. Only data that matches the pattern is allowed to pass through the filter, and these filters can be used to set traffic priority, drop or allow IP packets, as well as define the conditions for mirroring traffic (e.g., IP Telephony in a contact center environment). Deep Packet Pattern Matching is an advanced implementation of filtering that allows operators to match fields deep within the packet by specifying both an offset and a value to match.
24
facilitates enterprises transition to convergence-based applications by implementing key enabling technologies while minimizing capital and operational costs. Desktop Gigabit Many enterprises are looking to transition from Fast Ethernet to Gigabit Ethernet as the default for desktop connectivity. Gigabit Ethernet offers an alternative that is more strategic; as PCs gain more performance and efficiency, there is opportunity to exploit that zone between 100Mbps and 1Gbps. The Ethernet Routing Switch 8300 enables a seamless transition to Gigabit Ethernet by offering equivalent high-density 10/100 and 10/100/1000 modules that can readily co-exist in the same system. Standards-based Power-over-Ethernet Power-over-Ethernet (PoE) is increasingly becoming the default solution for connectivity for the converged desktop, often in combination with Gigabit Ethernet. The Ethernet Routing Switch 8300 supports the deployment of IP Telephony, Wireless LAN, and any third-party linepowered device by offering standards-based PoE support on both 10/100 and 10/100/1000 interface modules. Dynamic power management To increase flexibility and see that the highest priority users and devices have service when they need it, Ethernet Routing Switch 8300 PoE Modules support an option to configure the priority level for power delivery. In the event that total available power is less then that generally required by the sum of all the devices, power will be dynamically not statically served on the basis of the configured priority level. Device Auto Discovery The Ethernet Routing Switch 8300 automatically recognizes the connection of an IP phone or other convergence device and immediately provides power to it. The switch supports two schemes Avaya Auto-Discovery and Auto-Configuration (ADAC) and standards-based 802.1AB. This flexible capability eases the roll-out of convergence applications and devices, saving time and money. Integrated access control security Lapses or failures in network security can have a costly impact on the profitability of companies. Avaya has developed a multilayered strategy for enhanced defense against threats from external and internal sources. The Ethernet Routing Switch 8300, a key element of this strategy, supports comprehensive security services for access control at the access layer. 802.1X/Extensible Authentication Protocol The Avaya commitment to open standards is proven with the Ethernet Switching portfolios support for IEEE 802.1X/Extensible Authentication Protocol (EAP) across the entire range of Access Switches. The Ethernet Routing Switch 8300 has comprehensive 802.1X/EAP support with additional enhancements such as: Multiple Hosts Multiple Authentications (MHMA) Multiple Hosts Single Authentication (MHSA) Guest VLAN
25
These enhancements contribute to a readily deployable solution that is compatible with all standards-compliant third-party 802.1X/ EAP products. This provides enterprises with a means of effectively authenticating access to the network. Identity Engines Portfolio is the Avaya endpoint security and policy compliance solution. It inspects and assesses, and thereby enables compliance to policy and enables remediation at the network end point source, prior to full network access. With Avaya, the enterprise is able to define acceptable criteria for the security software installed on PCs, test these criteria and confirm user credentials all before the user is given any access to corporate servers and information. Any failures or inconsistencies during the check process can be resolved from the safety of a quarantined remediation VLAN, and guest users can be given access to an isolated VLAN (for example, Internet-only access). Assuming successful logon and checking, the users port is automatically assigned to the appropriate production VLAN, with the correct quality settings.
26
and non-invasive diagnosis of cabling issues such as cable opens, cable shorts or impedance mismatch reporting. The Ethernet Routing Switch 8300 can detect and report these issues without the need to unplug cables or use expensive cable testers and additional personnel. Pay-as-you-Grow With the introduction of the tiered software license framework, Avaya enables customers to pay only for the functionality that meets their business needs. This avoids over-investing in unnecessary and unused software feature functionality, yet provides a seamless enhancement path and investment protection.
Base
All features, except those defined as Advanced or Premier
Advanced
All Base features, plus: Border Gateway Protocol (BGP-Lite) Deep Packet Pattern Matching Equal Cost Multi-Path (ECMP) Open Shortest Path First (OSPF) Protocol Independent Multicast-Sparse Mode (PIM-SM) Simple Loop Prevention Protocol (SLPP) Split Multi-Link Trunking Routed Split MultiLink Trunking Virtual Router Redundancy Protocol (VRRP)
Premier
All Base and Advanced features, plus: Virtual Routing and Forwarding (VRFLite)
Network Management The Ethernet Routing Switch 8300 can be managed by a variety of management tools, offering a very flexible operational environment according to individual business requirements. These include: dual Command Line Interface (CLI), the Web-based Enterprise Device Manager, SNMP-based management (SNMPv1, v2 & v3), Enterprise Switch Manager, Enterprise Policy Manager, and the evolving Unified Communications Management solution.
27
28
New graphically intense applications, and the deployment of converged services such as IP telephony and unified communications, are placing increasing demands on network resources. needs a solution that can help you seamlessly transition to Gigabit Ethernet. Lapses or failures in network security can have a costly impact on your profitability. cannot safely operate without a proper defense against both external and internal sources. s network must be closely aligned with your businessoften subject to seasonal variations, or changes through merger and acquisition activity. Your network needs to have great flexibility and the ability to adapt without impacting availability. Without this flexibility, it will be difficult for your business to operate efficiently and grow as you want.
We can deliver the following benefits: Security - Security is built into the Ethernet Routing Switch 8800, enabling security and data integrity across the network, from edge to core, and Metropolitan Area Networks as well. Convergence Ready The Ethernet Routing Switch 8800 is convergence ready out of the box, with integrated quality of service and five 9s reliability. The five 9s reliability enables the network to provide voice and video services with the reliability of traditional voice and video systems and with the additional benefits a converged network can provide. Lowest Total Cost of Ownership - The total cost of ownership of this solution is one of the lowest in the industry. By providing a solution which doesnt require a three-tier architecture, Enterprises are able to gain wire-speed performance without purchasing aggregation layer devices, thereby eliminating additional equipment purchases, additional configuration time, and other maintenance costs. The scalability of the Ethernet Routing Switch 8800 allows the solution to grow with an organizations network as its network needs change and evolve over time. Avaya Green IT - Avaya Ethernet Routing Switch 8800 delivers a reliable, secure and efficient network routing solution for todays convergence and Web-based applications. Like the other enterprise switches in the Avaya line, the Ethernet Routing Switch 8800 saves 60 percent of energy consumed. Only vendor in the industry to offer multiple options to enable VPN solutions across campus including standard solutions of IP-VPN MPLS and Avaya IP VPN-Lite that offers added benefit by running over existing IP backbone infrastructure without additional capital investment or operational expense. Only vendor in the industry to offer increased value per slot by delivering a combo module with copper 10/100/1000, SFP and XFP interfaces to meet the demand of smaller aggregation sites. Customers can effectively dual connect to servers, desktops and switch clustering with minimum investment, maximum flexibility and sub-second failover.
29
Only vendor to support redundant connectivity for virtualized solutions such as VRFLite, VPN-Lite for edge/core and MPLS LER IP-VPN for edge networks using Split Multi-Link Trunking/Routed Split Multi-Link Trunking. One of the industrys highest 10G densities per module/rack. The switch clustering capability (Split Multi-Link Trunking) offers resiliency in IP Hashing mode for VMware server virtualization where multiple iSCSI targets are used.
30
Enables flexible virtualized Layer 3 deployment scenarios with device and network options: VRF-Lite, the Avaya innovative IP VPN-Lite, MPLS, and IETF IP VPN Enables consistent IP VPN services delivered across the campus and metro; leveraging the same infrastructure to seamlessly extend service provider MPLS networks into the LAN Provides simplified multicast virtualization (IGMP, PIM-SM/SSM) and Unicast traffic supported by Switch Clusterings resiliency to service multiple customers or communities-of-interest Supports high-performance IPv6 networking a key scalability tool for demanding and expanding networks Offers high-density 10G, very high-density Gigabit and 10/100/1000 Ethernet for enterprise core and aggregation applications, delivering competitively high value, flexibility, and enhanced slot conservation with the new combo module Switch Cluster resiliency model is extended to VMware Server virtualization in an iSCSI storage area network environment Supports Avaya Unified Communications Management framework featuring consistent AJAX-compliant Web-based common services, authentication and audit logging, also benchmarks network traffic and identifies anomalous behavior using standards-based IP Flow Information Export (IPFIX) Supports large-scale convergence deployments, with numerous and flexible high-speed Ethernet-over-Fiber connectivity options
The Ethernet Routing Switch 8800 meets demanding enterprise-class requirements for scalability, simplification, maximized application uptime, value, and security. It reduces network design complexity by simplifying network architecture and increasing per port value with advanced features on high-density modules.
Business continuity
Network resiliency is the most basic requirement when implementing a converged network. The Ethernet Routing Switch 8800 supports redundant connectivity for virtualized solutions such as VRF-Lite, VPN-Lite, and MPLS LER IP-VPN for edge networks. With Avaya VRF-Lite, businesses can use the same hardware platform to create multiple Layer 3 routing domains supporting numerous customer environments. The Avaya innovative IP VPN-Lite solution facilitates deployment of resilient, fault-tolerant IP VPNs over an existing IP infrastructure (Campus or Metro). To provide maximum protection, the Ethernet Routing Switch 8800 addresses resiliency at multiple levels. At the hardware level, the switch provides hot-swappable modules and fan trays along with N+1 and dual input power supplies. Its software delivers resiliency for the core with industry-leading features that include Virtual Link Aggregation Control Protocol (VLACP) for Layer 1-2 link failure detection, Bi-Directionally Forwarding Detection (BFD) for Layer 3 link failure detection, and Switch Clustering that leverages our pioneering Split Multi-Link Trunking, Routed Split Multi-Link Trunking, and VRRP Active/Active technologies.
31
Additionally, organizations are encouraged to dual-connect servers and, with minimum additional investment, the sub-second failover advantage is automatically extended beyond the boundary of the networking equipment, all the way to the application host. Competitive solutions, basing their failure recovery model on variations of the Spanning Tree Protocol, can not provide a comparable level of resiliency and simplicity.
32
The new 8895SF switch fabric/CPU module is the latest version and offers significant enhancements in terms of CPU performance and memory capacity; it is also 33 percent more energy-efficient. These advances allow the 8895SF to natively support the new and emerging services and applications that place intense demands on the networking infrastructure. The 8895SF is functionally equivalent to the existing 8692SF switch fabric/CPU module when upgraded with the SuperMezz CPU daughterboard. The software brings support for the new 8003R 3-slot chassis; for the first time this pocket option supports the R/RS-Series new-generation modules and therefore the new and emerging applications that leverage their re-programmable NPU capabilities. One module with many uses The Ethernet Routing Switch 8800 supports an innovative hybrid combination module that concurrently supports 10G Ethernet (x2), 1000BASE-X (x24), and 1000BASE-T (x8) ports; economical, flexible and a class-first, this combination module meets the demands of smaller aggregation sites. It is an affordable solution providing all the functionality many enterprises need in one convenient module. Also recent additions to the existing range of high-performance I/O module options offer a number of practical benefits. These include a high-density 10G Ethernet (12 ports per module and up to 96 ports per chassis) and higher-density 1000BASE-X 48-port module that complements the existing 30-port model. RS-Series interface modules enable the Ethernet Routing Switch 8800 to deliver enhanced mirroring capabilities, including enabling one-tomany, many-to-one and many-to-many mirroring for sophisticated traffic analysis and IDS/TPS clustering.
Features
The Ethernet Routing Switch 8800 provides new features and hardware: New hardware: 8895SF switch fabric/CPU module and 8003R chassis Multicast enhancements: PIM-SSM, MVR, and IGMP Snoop Querier IPv6 enhancements: BGP+, Routed Split Multi-Link Trunking-for-IPv6, VRRP-for-IPv6, RADIUS-for-IPv6, and DHCP Relay-for-IPv6 Health, Diagnostic, and Debug enhancements: Key Health Indicator, RSP Packet Tracing, and ERCD Records Dump Security enhancements: BPDU Filtering, DHCP Snooping, Dynamic ARP Inspection, IP Source Guard IP Multinetting Enterprise Device Manager on-box Web-based management Operational enhancements
33
university seeking to connect several campuses can choose traditional MPLS technology or can leverage the Avaya innovative IP VPN-Lite solution. Virtual Routing and Forwarding (VRF-Lite) Through VRF-Lite on Ethernet Routing Switch 8800, enterprises can use the same hardware platform to create multiple Layer 3 routing domains to support multiple customers and to keep traffic separated for both Unicast and Multicast. The VRF-Lite capability virtualizes routing within the switch, addressing business and networking challenges driven by activities such as mergers and acquisitions, data center consolidation, departmental or business unit segmentation, and evolving audit and compliance requirements. By enabling the switch to have multiple routing instances (up to 255), more sophisticated connections can be enabled in addition to support for overlapping IP addresses. Complete and total traffic separation at Layers 2 and 3 is the usual practice, however the system can be configured to provide inter-VRF forwarding capabilities, allowing shared access to common resources. Virtual Private Networking through IP VPN-Lite The Avaya IP VPN-Lite capability is an innovative IP-in-IP technology that leverages the RSP flexible forwarding engine delivering VPN services that are easier to implement, deploy, and manage. With IP VPN-Lite, enterprises can build any-to-any private connections between local or geographically dispersed sites using any IP infrastructure (private networks or via a public IP Service Provider). IP VPNs are typically used for cross-location connectivity and to create trusted connections to external partner organizations, leveraging IP as the common carriage and removing dependency on specific wide area technologies (such as Frame Relay or ATM) or exclusivity to a single service provider. The Avaya IP VPN-Lite solution is inherently less complex and therefore much more cost-effective than using the MPLS alternative. Managing IP VPN-Lite versus MPLS is simpler and does not require specialized carrier-class IT skills or resources. The foundation of IP VPN-Lite is simply an IP network, using the flexible RFC 2547/4364 connectivity model and it does not require an MPLS-enabled core infrastructure. This simplified solution can scale per carrier-class MPLS with the cost-effective simplicity of a solution designed specifically for the enterprise. Delivering total flexibility, the Ethernet Routing Switch 8800 supports classic MPLS in addition to IP VPN-Lite and VRF-Lite and all VPN technologies can be concurrently leveraged to deliver individually tailored solutions. Multi-Protocol Label Switching (MPLS) MPLS forms the basis for most service provider IP VPNs and is used in most WAN solutions because it delivers sophisticated connectivity and traffic engineering techniques. By implementing this same functionality the Ethernet Routing Switch 8800 can interoperate directly with 3rd party MPLS networks and participate in their IP VPNs, extending them into the enterprise campus network as required. Enterprise architects can leverage this interoperability to create Ethernet Routing Switch 8800-based MPLS environments that increase the overall level of transparency.
34
35
requiring additional capital investment or the overhead operational expense of carrier-class MPLS. The unique design architecture of the next-generation R/RS modules sets Avaya apart; delivering optimal functionality and performance as new applications and services emerge, and offers high density and exceptional port value. Introduction of the combo module supporting copper 10/100/1000, SFP, and XFP interfaces cost-effectively meets the requirements of smaller sites. Avaya offers one of the industrys highest 10G Ethernet port densities, and is the only solution vendor to offer resiliency for Unicast, Multicast, Virtualized, and IPv6 environments.
Summary
The Ethernet Routing Switch 8800 is a resilient, efficient, scalable solution that enables enterprises to build a truly unified communication-ready network infrastructure and to provide reliable business continuity for critical applications; enterprises can scale converged and Web applications network-wide with Switch Clustering delivering always-on resiliency. The Ethernet Routing Switch 8800 offers a high-performance architecture combining rich, advanced services for converged applications that enhance, protect and simplify network service and operations. Customers wanting to make strategic investments in a campus LAN infrastructure can rely on the Ethernet Routing Switch 8800 to create flexible solutions that match their business evolution. A provider of end-to-end solutions spanning voice, data, applications and network management, Avaya has the necessary expertise to help businesses enhance revenue potential, streamline business operations, increase productivity and gain competitive advantage.
Table: Ethernet Routing Switch 8800 Technical Specifications Category
General and performance
36
Table: Ethernet Routing Switch 8800 Technical Specifications Category Ethernet Routing Switch 8800 Technical Specifications
RIP Instances: up to 64 RIP Interfaces: up to 200 RIP Routes: up to 10k OSPF Instances: up to 64 OSPF Adjacencies: up to 80 OSPF Routes: up to 50k BGP Peers: up to 250 BGP Routes: up to 250k VRF-Lite instances: up to 255 MPLS LDP LSPs: up to 16k MPLS Tunnels: up to 2,500 PIM Active Interfaces: up to 200 PIM Neighbors: 80/up to 200 for all VRFs IP Multicast Streams: up to 4k Interface modules 8612XLRS 12-port 10G Ethernet XFP Interface Module 8630GBR 30-port 1G Ethernet SFP Interface Module 8634XGRS 34-port 1000BASE-T/1G/10G Ethernet Combo Interface Module 8648GBRS 48-port 1G Ethernet SFP Interface Module 8648GTR 48-port 1000BASE-T Ethernet Interface Module 8648GTRS 48-port 1000BASE-T Ethernet Interface Module 8683XLR 3-port 10G Ethernet XFP Interface Module 8683ZLR 3-port 10G Ethernet WAN XFP Interface Module IEEE and IETF standards compatibility 802.1D-1998 Spanning Tree Protocol 802.1p Priority Queues 802.1Q Virtual LANs 802.1s Multiple Spanning Trees 802.1w Rapid Reconfiguration of Spanning Tree 802.1v VLAN Classification by Protocol and Port 802.1X Port Based Network Access Control 802.3 CSMA/CD Ethernet (ISO/IEC 8802-3) 802.3ab 1000BASE-T Ethernet 802.3ab 1000BASE-LX Ethernet 802.3ab 1000BASE-ZX Ethernet 802.3ab 1000BASE-CWDM Ethernet
37
Table: Ethernet Routing Switch 8800 Technical Specifications Category Ethernet Routing Switch 8800 Technical Specifications
802.3ab 1000BASE-SX Ethernet 802.3ab 1000BASE-XD Ethernet 802.3ab 1000BASE-BX Ethernet 802.3ad Link Aggregation Control Protocol 802.3ae 10GBASE-X XFP 802.3i 10BASE-T Auto-Negotiation 802.3 10BASE-T Ethernet 802.3u 100BASE-TX Fast Ethernet (ISO/ IEC 8802-3, Clause 25) 802.3u 100BASE-FX 802.3u Auto-Negotiation on Twisted Pair (ISO/IEC 8802-3, Clause 28) 802.3x Flow Control on the Gigabit Uplink port 802.3z Gigabit Ethernet 1000BASE-SX & LX RFC 768 UDP Protocol RFC 783 TFTP Protocol RFC 791 IP Protocol RFC 792 ICMP Protocol RFC 793 TCP Protocol RFC 826 ARP Protocol RFC 854 Telnet Protocol RFC 894 A standard for the Transmission of IP Datagrams over Ethernet Networks RFC 896 Congestion control in IP/TCP internetworks RFC 903 Reverse ARP Protocol RFC 906 Bootstrap loading using TFTP RFC 950 Internet Standard Sub-Netting Procedure RFC 951 / RFC 2131 BootP / DHCP RFC 1027 Using ARP to implement transparent subnet gateways/Avaya Subnet based VLAN RFC 1058 RIPv1 Protocol RFC 1112 IGMPv1 RFC 1253 OSPF RFC 1256 ICMP Router Discovery RFC 1305 Network Time Protocol v3 Specification, Implementation and Analysis RFC 1332 The PPP Internet Protocol Control Protocol RFC 1340 Assigned Numbers
38
Table: Ethernet Routing Switch 8800 Technical Specifications Category Ethernet Routing Switch 8800 Technical Specifications
RFC 1541 Dynamic Host Configuration Protocol RFC 1542 Clarifications and Extensions for the Bootstrap Protocol RFC 1583 OSPFv2 RFC 1587 The OSPF NSSA Option RFC 1591 DNS Client RFC 1695 Definitions of Managed Objects for ATM Management v8.0 using SMIv2 RFC 1723 RIP v2 Carrying Additional Information RFC 1745 BGP / OSPF Interaction RFC 1771 / RFC 1772 BGP-4 RFC 1812 Router Requirements RFC 1866 HTMLv2 Protocol RFC 1965 BGP-4 Confederations RFC 1966 BGP-4 Route Reflectors RFC 1998 An Application of the BGP Community Attribute in Multi-home Routing RFC 1997 BGP-4 Community Attributes RFC 2068 Hypertext Transfer Protocol RFC 2131 Dynamic Host Control Protocol RFC 2138 RADIUS Authentication RFC 2139 RADIUS Accounting RFC 2178 OSPF MD5 cryptographic authentication/ OSPFv2 RFC 2205 Resource ReSerVation Protocol v1 Functional Specification RFC 2210 The Use of RSVP with IETF Integrated Services RFC 2211 Specification of the Controlled-Load Network Element Service RFC 2236 IGMPv2 for snooping RFC 2270 BGP-4 Dedicated AS for sites/single provide RFC 2283 Multiprotocol Extensions for BGP-4 RFC 2328 OSPFv2 RFC 2338 VRRP: Virtual Redundancy Router Protocol RFC 2362 PIM-SM RFC 2385 BGP-4 MD5 authentication RFC 2439 BGP-4 Route Flap Dampening RFC 2453 RIPv2 Protocol RFC 2475 An Architecture for Differentiated Service RFC 2547 BGP/MPLS VPNs
39
Table: Ethernet Routing Switch 8800 Technical Specifications Category Ethernet Routing Switch 8800 Technical Specifications
RFC 2597 Assured Forwarding PHB Group RFC 2598 An Expedited Forwarding PHB RFC 2702 Requirements for Traffic Engineering Over MPLS RFC 2765 Stateless IP/ICMP Translation Algorithm RFC 2796 BGP Route Reflection An Alternative to Full Mesh IBGP RFC 2819 Remote Monitoring RFC 2858 Multiprotocol Extensions for BGP-4 RFC 2918 Route Refresh Capability for BGP-4 RFC 2961 RSVP Refresh Overhead Reduction Extensions RFC 2992 Analysis of an Equal-Cost Multi-Path Algorithm RFC 3031 Multiprotocol Label Switching Architecture RFC 3032 MPLS Label Stack Encoding RFC 3036 LDP Specification RFC 3037 LDP Applicability RFC 3065 Autonomous System Confederations for BGP RFC 3210 Applicability Statement for Extensions to RSVP for LSP-Tunnels RFC 3215 LDP State Machine RFC 3270 Multi-Protocol Label Switching Support of Differentiated Services RFC 3376 Internet Group Management Protocol, v3 RFC 3392 Capabilities Advertisement with BGP-4 LSP-Tunnels RFC 3443 Time To Live Processing in Multi-Protocol Label Switching Networks RFC 3569 An overview of Source-Specific Multicast RFC 3917 Requirements for IP Flow Information Export RFC 4364 BGP/MPLS IP Virtual Private Networks RFC 4379 Detecting Multi-Protocol Label Switched Data Plane Failures draft-holbrook-idmr-igmpv3-ssm-02.txt IGMPv3 for SSM draft-ietf-bfd-v4v6-1hop-06 IETF draft Bi-Directional Forwarding Detection for IPv4 and IPv6 (Single Hop) RFC 1075 DVMRP Protocol RFC 1112 IGMP v1 for routing / snooping RFC 1519 Classless Inter-Domain Routing: an Address Assignment and Aggregation Strategy RFC 2236 IGMP v2 for routing/ snooping RFC 2362 + some PIM-SM v2 extensions RFC 3446 Anycast Rendezvous Point mechanism using Protocol Independent
40
Table: Ethernet Routing Switch 8800 Technical Specifications Category Ethernet Routing Switch 8800 Technical Specifications
Multicast and Multicast Source Discovery Protocol RFC 3618 Multicast Source Discovery Protocol RFC 3768 Virtual Router Redundancy Protocol RFC 1881 IPv6 Address Allocation Management RFC 1886 DNS Extensions to support IP version 6 RFC 1887 An Architecture for IPv6 Unicast Address Allocation RFC 1981 Path MTU Discovery for IPv6 RFC 2030 Simple Network Time Protocol v4 for IPv4, IPv6 & OSI RFC 2373 IPv6 Addressing Architecture RFC 2375 IPv6 Multicast Address Assignments RFC 2460 Internet Protocol, v6 Specification RFC 2461 Neighbor Discovery RFC 2462 IPv6 Stateless Address Auto-Configuration RFC 2463 Internet Control Message Protocol for the Internet Protocol v6 Specification RFC 2464 Transmission of IPv6 Packets over Ethernet Networks RFC 2474 Definition of the Differentiated Services Field in the IPv4 and IPv6 Headers RFC 2526 Reserved IPv6 Subnet Anycast Addresses RFC 2710 Multicast Listener Discovery for IPv6 RFC 2740 OSPF for IPv6 RFC 2893 Configured Tunnels and Dual Stack Routing per port RFC 2893 Transition Mechanisms for IPv6 Hosts and Routers RFC 3056 Connection of IPv6 Domains via IPv4 Clouds RFC 3363 Representing Internet Protocol Version 6 Addresses in DNS3 RFC 3484 Default Address Selection for IPv6 RFC 3513 Internet Protocol Version 6 Addressing Architecture RFC 3587 IPv6 Global Unicast Address Format RFC 3596 DNS Extensions to Support IPv6 RFC 3587 IPv6 Global Unicast Address Format RFC 3590 Source Address Selection for the Multicast Listener Discovery Protocol RFC 3596 DNS Extensions to support IP version 6 RFC 3810 IPv6 Multicast capabilities SSH/SCP, Telnet, Ping, CLI, JDM support for IPv6 RFC 1305 NTP Client/Unicast mode only RFC 1340 Assigned Numbers
41
Table: Ethernet Routing Switch 8800 Technical Specifications Category Ethernet Routing Switch 8800 Technical Specifications
RFC 1350 The TFTP Protocol (Revision 2) RFC 2474 / RFC 2475 DiffServ Support RFC 2597 / RFC 2598 DiffServ per Hop Behavior RFC 1155 SMI RFC 1157 SNMP RFC 1215 Convention for defining traps for use with the SNMP RFC 1269 Definitions of Managed Objects for the Border Gateway Protocol v3 RFC 1271 Remote Network Monitoring Management Information Base RFC 1304 Definitions of Managed Objects for the SIP Interface Type RFC 1354 IP Forwarding Table MIB RFC 1389 RIP v2 MIB Extensions RFC 1565 Network Services Monitoring MIB RFC 1757 / RFC 2819 RMON RFC 1907 SNMPv2 RFC 1908 Coexistence between v1 & v2 of the Internet-standard Network Management Framework RFC 1930 Guidelines for creation, selection, and registration of an Autonomous System RFC 2571 An Architecture for Describing SNMP Management Frameworks RFC 2572 Message Processing and Dispatching for the Simple Network Management Protocol RFC2573 SNMP Applications RFC 2574 User-based Security Model for v3 of the Simple Network Management Protocol RFC 2575 View-based Access Control Model for the Simple Network Management Protocol RFC 2576 Coexistence between v1, v2, & v3 of the Internet Standard Network Management Framework RFC 1212 Concise MIB definitions RFC 1213 TCP/IP Management Information Base RFC 1213 MIB II RFC 1354 IP Forwarding Table MIB RFC 1389 / RFC 1724 RIPv2 MIB extensions RFC 1398 Definitions of Managed Objects for the Ethernet-Like Interface Types RFC 1406 Definitions of Managed Objects for the DS1 and E1 Interface Types RFC 1414 Identification MIB
42
Table: Ethernet Routing Switch 8800 Technical Specifications Category Ethernet Routing Switch 8800 Technical Specifications
RFC 1442 Structure of Management Information for version 2 of the Simple Network Management Protocol RFC 1447 Party MIB for v2 of the Simple Network Management Protocol bytes RFC 1450 Management Information Base for v2 of the Simple Network Management Protocol RFC 1472 The Definitions of Managed Objects for the Security Protocols of the Pointto-Point Protocol RFC 1483 Multiprotocol Encapsulation over ATM Adaptation Layer 5 RFC 1493 Bridge MIB RFC 1525 Definitions of Managed Objects for Source Routing Bridges RFC 1565 Network Services Monitoring MIB RFC 1573 Interface MIB RFC 1643 Ethernet MIB RFC 1650 Definitions of Managed Objects for the Ethernet-like Interface Types using SMIv2 RFC 1657 BGP-4 MIB using SMIv2 RFC 1658 Definitions of Managed Objects for Character Stream Devices using SMIv2 RFC 1695 Definitions of Managed Objects for ATM Management v8.0 using SMIv2 RFC 1696 Modem Management Information Base using SMIv2 RFC 1724 RIP v2 MIB Extension RFC 1850 OSPF MIB RFC 2021 RMON MIB using SMIv2 RFC 2037 Entity MIB using SMIv2 RFC 2096 IP Forwarding Table MIB RFC 2233 Interfaces Group MIB using SMIv2 RFC 2452 IPv6 MIB: TCP MIB RFC 2454 IPv6 MIB: UDP MIB RFC 2465 IPv6 MIB: IPv6 General group and textual conventions RFC 2466 IPv6 MIB: ICMPv6 Group RFC 2578 Structure of Management Information v2 RFC 2613 Remote Network Monitoring MIB Extensions for Switched Networks v1.0 RFC 2665 Definitions of Managed Objects for the Ethernet-like Interface Types RFC 2668 Definitions of Managed Objects for IEEE 802.3 Medium Attachment Units RFC 2674 Bridges with Traffic MIB RFC 2787 Definitions of Managed Objects for the Virtual Router Redundancy Protocol
43
Table: Ethernet Routing Switch 8800 Technical Specifications Category Ethernet Routing Switch 8800 Technical Specifications
RFC 2863 Interface Group MIB RFC 2925 Remote Ping, Traceroute & Lookup Operations MIB RFC 2932 IPv4 Multicast Routing MIB RFC 2933 IGMP MIB RFC 2934 PIM MIB RFC 3019 IPv6 MIB: MLD Protocol RFC 3411 An Architecture for Describing Simple Network Management Protocol (SNMP) Management Frameworks RFC 3412 Message Processing and Dispatching for the Simple Network Management Protocol RFC 3416 v2 of the Protocol Operations for the Simple Network Management Protocol RFC 3635 Definitions of Managed Objects for the Ethernet-like Interface Types RFC 3636 Definitions of Managed objects for IEEE 802.3 Medium Attachment Units RFC 3810 Multicast Listener Discovery v2 for IPv6 RFC 3811 Definitions of Textual Conventions for Multiprotocol Label Switching Management RFC 3812 Multiprotocol Label Switching Traffic Engineering Management Information Base RFC 3813 Multiprotocol Label Switching Label Switching Router Management Information Base RFC 3815 Definitions of Managed Objects for the Multiprotocol Label Switching, Label Distribution Protocol RFC 4022 Management Information Base for the Transmission Control Protocol 4087 IP Tunnel MIB RFC 4113 Management Information Base for the User Datagram Protocol RFC 4624 Multicast Source Discovery Protocol MIB Weights and dimensions Ethernet Routing Switch 8010 Chassis 14RU Height: 22.9 in. (58.2 cm) Width: 17.5 in. (44.5 cm) Depth: 19.9 in. (50.5 cm) Weight: up to 225 lb (102 kg) Cooling System: Fan Trays: 2 per Chassis Fans: 15 per Fan Tray Thermal Sensors: 1 per Fan Tray Ethernet Routing Switch 8010co Chassis 20RU
44
Table: Ethernet Routing Switch 8800 Technical Specifications Category Ethernet Routing Switch 8800 Technical Specifications
Height: 35.9 in. (88.9 cm) Width: 17.5 in. (44.5 cm) Depth: 23.7 in. (60.2 cm) Weight: up to 315 lb (143 kg) Cooling System: 8010co features front to back cooling and the maximum airflow specification for the 8010co Chassis is 330 linear ft/min The 8010co Chassis complies with Network Equipment Building Standard (NEBS) Level 3 as specified in SR3580. Typically the 8010co has superior physical and environment specifications; please reference the product documentation for full details. Ethernet Routing Switch 8006 Chassis 10RU Height: 15.8 in. (40.1 cm) Width: 17.5 in. (44.5 cm) Depth: 19.9 in. (50.5 cm) Weight: up to 170 lb (77 kg) Cooling System: Fan Trays: 1 per Chassis Fans: 20 per Fan Tray Thermal Sensors: 1 per Fan Tray Ethernet Routing Switch 8003R Chassis 7 RU Height: 12.25 in. (31.1 cm) Width: 17.5 in. (44.5 cm) Depth: 21.0 in. (53.5 cm) Weight: up to 76 lb (34.5 kg) Cooling System: Fan Trays: 1 per Chassis Fans: 3 per Fan Tray Environmental specifications Operating temperature: 0C to 40C (32F to 104F) Storage temperature: -25C to 70C (-13F to 158F) Operating humidity: 85% maximum relative humidity, non-condensing Storage humidity: 95% maximum relative humidity, non-condensing Operating altitude: 3024 m (10,000 ft) maximum Storage altitude: 3024 m (10,000 ft) maximum Free fall/drop: ISO 4180-s, NSTA 1A
45
Table: Ethernet Routing Switch 8800 Technical Specifications Category Ethernet Routing Switch 8800 Technical Specifications
Vibration: IEC 68-2-6/34 Shock/bump: IEC 68-2-27-29 Safety agency approvals Global basis for certification: IEC 60950 current edition with all CB member deviations US: UL60950 Canada: CSA 22.2 No. 60950 Europe: EN60950 (CE Marking) Australia/New Zealand: AS/NZS 3260 Mexico: NOM-019-SCFI-1998 Electromagnetic emissions Global basis for certification: CISPR 22-1997 Class A US: FCC CFR47 Part 15, Subpart B, Class A Canada: ICES-003, Issue-2, Class A Europe: EN 55022-1998 Class A; EN 61000-3-2/A14, Electromagnetic immunity Global basis for certification: CISPR 24:1997 Europe: EN 55024:1998
46
We can deliver the following benefits: Reduces operational costs. This is due to the reduced maintenance, improved interoperability and greater reliability of a single converged device, especially at remote sites. By combining data, resilient voice services and security in a cost-effective branch device, the Secure Router 2330 is a compelling alternative to existing Avaya branch solutions and to the competition. Its voice survivability features allow it to provide ongoing phone services even when remote connectivity to the voice call server is lost. Since its voice gateway/survivability feature is SIP-based, it can provide resilient voice services with a range of Avaya call servers and phones, including Avaya Aura Session Manager as well as Communication Server 1000, Communication Server 2100 and Software Communication System call servers. It is also compatible with third party call servers such as Broadsoft and Sylantro. Like other Secure Routers, the Secure Router 2330 provides high-throughput and significant five-year total cost of ownership savings versus the competition.
The Secure Router 2330 is a powerful modular system that converges routing, voice gateway, security and multimedia traffic forwarding in a single cost-effective platform for enterprises. Delivering fast, secure, reliable and scalable WAN access, the Secure Router 2330 is perfect for enterprises requiring high-speed IP or Internet access. Based on a simple-to-scale
47
architecture, the Secure Router 2330 provides consistent wire-speed throughput even with advanced services enabled. The Secure Router 2330 combines high performance, robust routing, flexible WAN and voice media gateway connectivity and is targeted at enterprise branch and remote site environments. A rich suite of routing services and advanced WAN functionality makes the Secure Router 2330 ideal for high-speed Internet access, private line WAN connectivity, IP Telephony and multimedia, IPsec VPN, stateful firewall and data applications. Comprehensive, simple-to-use software tools enable sophisticated access and bandwidth management for dependable communications.
Robust routing
Routing services include a full IPv4 and IPv6 protocol set, including BGP-4 and multicast capabilities. A full-function IPv6 implementation also enables deployment into environments that require extended IP addressing with the same routing services all without any additional system memory requirements.
Integrated security
Powerful, integrated security features include VPN and firewalls for increased reliability and user confidence. Capabilities include stateful packet firewall, detection and prevention of more than 60 Distributed Denial of Service (DDoS) attacks, VPN hardware acceleration for hub and spoke deployment over IPsec and VPN tunnels, and IPsec VPN data-encryption services with AES, 3DES, DES, SHA-1, MD-5 and Diffie-Hellman support.
48
the lowest latency for voice, video and other high-priority traffic while guaranteeing bandwidth among all classes.
Multi-link capabilities
The Secure Router 2330 provides multilink PPP (MLPPP) and multilink frame relay (MFR) support to allow bonding of T1/E1 and other WAN interfaces to create a single virtual interface capable of transmitting at the maximum bandwidth available. Multilinking enables hassle-free bandwidth scalability, high-speed video, voice and data transfer while securing connectivity from individual link failures.
Management
The Secure Router 2330 employs an industry-aligned command line interface (CLI) that makes it easy to set up and manage. Features include: On-Premises, Console and Command Line Interface; Telnet, Events, Syslog Remote SSHv2 provides secure communication for configuration and maintenance
An easy choice
Secure Router 2330 is a high-performance, cost-effective branch convergence solution. It combines feature-rich voice and data services into a common platform for simplified management, greater cost savings and a high quality of user experience.
49
Features
Multi-service platform Full IPV4/IPV6 routing, IPsec, VLAN and firewall Voice media gateway services, including support for digital and analog trunks, analog phones, fax machines and modems Range of WAN connectivity, including T1/E1, ISDN BRI, Serial, Ethernet and ADSL2+ Range of integrated voice interfaces including T1/E1 PRI, BRI, FXS/ DID and FXO/CAMA enable connection to the PSTN or analog telephony devices SIP survivable gateway enables business continuity for SIP devices Up to 64 simultaneous voice (DSP) channels can handle voice gateway needs of small to large branch sites
Robust routing Low-latency, high-packet throughput ideal for VoIP and multimedia transport IPv4 or IPv6 with BGP-4 and Multicast services (PIM-SM, DVMRP)
Integrated security Stateful packet inspection firewall VPN hardware acceleration and IPsec VPN services for secure voice and data transport
50
We are excited by the opportunity to partner with to assist you in overcoming the challenges you face including: may be reluctant to deploy converged services platforms when expertise has been built around managing data and voice systems separately. Maintaining separate equipment and teams costs time and money could be unable to meet the capital cost reduction required of your IT budgets. This causes you to fall further behind in deploying converged services platforms that can reduce their capital budgets and solve the problem Customers are struggling to define collaborative communication implementations as a result of the perceived complexity associated with multiple vendors and additional equipment
We can deliver the following benefits: Unique device that integrates Routing, Switching, IP Telephony, and UC application hosting in a single cost-effective platform Wire-speed performance for toll-quality VoIP and Unified Communications, with low latency and loss for small packets Can host either Microsoft OCS software or Avaya Software Communication System (SCS) on an embedded co-processor to simplify Unified Communications deployment at the branch WAN, Routing, Switching, VPN, Voice, Security, and Unified Communications applications in a single box improving Return on Investment and reducing Total Cost of Ownership Extends convergence/Unified Communication applications to the branch office with performance, quality of experience and better manageability than competing solutions
The Secure Router 4134 addresses enterprise branch, regional and even headquarters routing needs. But it is especially targeted at the enterprise challenge of too many networking devices,
51
particularly in remote sites. Its highly modular design can handle a range of low-density and high-density LAN and WAN modules, as well as future voice modules. In its maximum configuration, the Secure Router 4134 supports up to 72 Power over Ethernet/Fast Ethernet ports or 58 Gigabit Ethernet ports; or up to 3 DS3/T3 or HSSI ports; or up to 91 physical/logical T1 connections. The Secure Router 4134 software architecture further provides support required by Unified Communications branch applications. Its superior low-latency and small packet handling provides a high quality of experience, regardless of which applications and services are enabled across the network. By integrating Microsoft intelligence, as well as VoIP gateway capabilities, the Secure Router 4134 fulfills the Avaya vision for the Unified Communications integrated branch. In summary, the Secure Router 4134 offers the highest performance and connectivity in the Avaya Secure Router portfolio to date. Its advanced hardware and software design not only make it a premier branch office platform, but also allow it to handle the network routing requirement of most enterprise regional and headquarters sites.
52
We can deliver the following benefits: Cost savings from converged WAN deployments Reduced management/maintenance costs Core router capability Scalability allows your organization to grow much higher bandwidth and users Investment protection for Avaya installed base or migrating from BayRS equipment Improved flexibility in network deployment for a contiguous Avaya solution Resilient high end router solution
With packet processing of up to 24 million packets per second and a 40 Gig backplane architecture, the Secure Router 8000 Series handles both enterprise data center and service provider edge routing environments. High-speed (OC-3/STM-1, POS and ATM) and high-
53
density WAN interfaces (up to 96 T1/E1) make the Secure Router 8000 Series well suited for connecting large numbers of remote sites and users. And the routers do this without sacrificing the reliability and traffic management required by demanding converged voice/data applications. The Secure Router 8000 Series routers are next-generation, centralized, high-speed forwarding routers. Based on a fault tolerant design, the Secure Routers provide scalable performance. The routers are ideal for the carrier aggregation layer and the enterprise backbone layer network. The Secure Router 8000 Series consists of four models (Secure Router 8002, 8004, 8008 and 8012) based on the number of slots.
54
55
56
Highly optimized Quality of Service The Secure Router 8000 Series Quality of Service (QoS) design handles the demands of converged voice and data applications. It handles the demands through an integrated Layer 2 and Layer 3 QoS architecture. The Series supports Differentiated Services (DiffServ). This provides packet classification, metering, policing, coloring, re-marking, queuing and shaping. The Secure Router 8000 enables reliable, efficient traffic handling while maintaining critical services under even the most severe loads. The Secure Router 8000 Series delivers maximum performance and low latency for voice, video and other high-priority traffic. It does this while enabling bandwidth among all classes. Additionally, Layer 2 to Layer 4 traffic classification and Classed Based Queuing can be used for granular definition of service classes. These classes can be defined to match any communication service levels required for Layer 2 to Layer 4 networks. Integrated security The Secure Router 8000 Series combines secure device access with secure networking services. The routers enable business continuity and protect your valuable business assets. The Secure Router 8000 Series offers: Site-to-site VPN services for scalable, resilient branch office VPN applications Full-featured packet filtering (i.e., Access Control Lists) Full-featured Network Address Translation (NAT)
Management solutions The Secure Router 8000 Series offers industry-standard Command Line Interface (CLI) tools. This enables administrators to quickly deploy, operate and maintain the routers. It provides role-based management access and extensive event logging and troubleshooting. This reduces operational costs while maximizing availability and performance across the enterprise network. The routers enable Secure Access via SSHv2 and IPsec VPNs, include RADIUS and TACACS+ for user authentication and provide secure network management via SNMPv3.
57
We can deliver the following benefits: When Enterprises and Service Providers want fast, secure, reliable and scalable wide area network (WAN) T1/E1 and serial access, they turn to Avaya and the Secure Router 1000 Series router. These powerful platforms provide consistent high-speed throughput with no degradation in performance even with advanced services enabled. Secure Router 1000 Series routers perform up to three times faster than standard and some much higher-end WAN access platforms. A fast path forwarding engine enables delivery of services and applications at consistently high speeds, independent of bandwidth-intensive applications, packet sizes or enabled services, unlike other routers that cannot sustain peak performance as services are added.
Secure Routers provide interoperability with Avaya solutions, convergence applications and regional WAN requirements. Secure Routers are ideal for Avaya multi-product network and convergence deployments.
58
The Secure Router product line includes: Secure Router 1001 1-port T1/E1 with ISDN back-up option Secure Router 1001S 1 serial port with ISDN back-up option Secure Router 1002 2-port T1/E1 Secure Router 1004 4-port T1/E1 Secure Router 2330 three-slot modular unit with support for up to 6 x T1/E1 or other optional I/O cards. Secure Router 3120 two-slot modular unit with support of up to 2 x DS-3 or 16 x T1/E1 port Secure Router 4134 In its maximum configuration, the Secure Router 4134 supports up to 72 Power-over-Ethernet/Fast Ethernet ports or 58 Gigabit Ethernet ports; or up to 3 DS3/T3 or HSSI ports; or up to 91 physical/logical T1 connections.
Secure Router 1000 Series and 3120 are equipped with 2 x 10/100 Ethernet; Secure Router 2330 has 8 Ethernet (4 x 10/100 plus 4 x 10/100/1000), Secure Router 4134 has 4 x 10/100/1000 Ethernet in its base chassis. With this range, Secure Routers can address entry-level enterprise remote and branch sites through large regional and headquarters sites. Secure Router 1000 Series and 3120 are ideal for enterprise branch, remote or regional site environments. The Secure Router 1000 Series delivers fast, secure, reliable and scalable WAN T1/E1 and serial access for enterprises and service providers. These platforms are ideal for installation in enterprise remote sites, branch offices or service provider points of presence (POPs). Delivering fast, secure, reliable and scalable WAN access, the Secure Router 3120 is perfect for enterprises requiring high-speed IP or Internet access. It is targeted at larger branch and regional enterprise environments. The Secure Router 4134 represents the next evolution in the Secure Router product portfolio, extending the Secure Router positioning into the mid to high-end enterprise router market. In addition to providing multiple levels of reliability these platforms offer extensive hierarchical QoS, stateful firewalling, address translation, BGP routing, VPN with a variety of WAN interface options including T1/E1, V.35 and DS3. In addition, all models provide 2 ports of 10/100 Ethernet.
59
We can deliver the following benefits: VPN Routers are architected to deliver the security required by enterprise IP networks with the ability to scale to address a complete range of high-performance IP services. We offer flexibility and simplicity. With a portfolio ranging from low-end VPN Router 1750 to the high-end VPN Router 2700/2750, VPN Router devices can handle the needs of the smallest branch site to those of the largest headquarters, and every environment in between. Its broad range of LAN/WAN interface options makes it an easy fit into existing enterprise networks.
With a comprehensive set of secure IP services, VPN Router offers what normally takes multiple purpose-built IP and security devices to deliver. Enterprises can deploy it as a VPN
60
gateway, IP access router, or stateful firewall device. A flexible software licensing system further allows them to turn up new services as they are needed. For example, the VPN Router can be installed initially as an IP access router, then VPN or firewall services can be added later via a simple license key. This allows quick deployment of needed services today with the flexibility to add new ones in the futureall without costly hardware upgrades. Built on our Secure Routing Technology framework, the VPN Router is designed with security inherent across all its operations. Secure Routing Technology integrates the major functional components of VPN Routersuch as management, access, routing, and policiesweaving a consistent security structure across these services. This provides scalability and high performance even when running multiple IP services in the same device. The VPN Router family consists of the following models: VPN Router 1750: Supports up to 500 tunnels VPN Router 2700/2750: Supports up to 2000 tunnels
Since it is standards-based, the VPN Router interoperates with existing routing, authentication, directory, and security services. This means the VPN Router can bridge the transition during the introduction of new IP services into the network. VPN Router devices can be initially installed behind an existing IP access device (router, DSL modem, etc.) without disruption to the network. Or, an enterprise deploying VPN Router as a VPN gateway can later add firewall services and/or transition the VPN Router to the primary Internet access device for that site. VPN Router platform is evolving from a VPN appliance to an integrated VPN Router. Rather than providing separate devices for separate functions (tunneling, encryption, authentication, routing, WANs and firewall) Avaya provides integrated security and IP services on a single platform.
We are excited by the opportunity to partner with to assist you in overcoming the challenges you face including: Configuring multiple devices one at a time is cumbersome and can result in errors. This can increase operational costs and slow down business processes. Without user access controls, there is no way to restrict access to configuration and management tools. Your network is unprotected and can be harmed due to unauthorized access. This can lead to increased network downtime, lost business and revenue. Network administration and troubleshooting is time consuming, taking up valuable IT resources and increasing installation and maintenance costs.
We can deliver the following benefits: Consolidated configuration/provisioning and orchestration saves time and operational costs Multiple concurrent user support and powerful access control protects network and reduces downtime GUI-driven/network-wide installation/maintenance configuration/provisioning easy and cost-effective
Device element management accelerates processes, saves money, frees up IT resources Simplified, intuitive wizards, easy-to-use templates reduces configuration set-up time, decreasing errors
Applications that support strategic business plans and goals are dependent on complex network services and protocols. And, although these services and protocols are becoming more complex, installation and configuration of them should not have to be. That is where the Avaya Configuration and Orchestration Manager comes in. Imagine a typical network environment in which there are thousands of devices. An IT staff member makes a change to one of these devices, which results in several minutes of network downtime. For the enterprise, the costs of this downtime can be significant reduced productivity, lost business and missed revenue. So how do you determine who made the change and why? Without effective user-access controls in place, it is possible that the network administrator might never know. Avaya Configuration and Orchestration Manager comes with user access controls that administrators can use to restrict or permit access to configuration and management tools. It helps to protect the network from potential harm caused by unauthorized access. As a central configuration platform, the GUI-driven Configuration and Orchestration Manager reduces the administration, complexity and related costs of configuring, provisioning and troubleshooting your network all from one central server. Furthermore, Configuration and Orchestration Manager intuitive and easy-to-use wizards can help reduce configuration time by as much as 70 percent, freeing your valuable IT experts to work on other critical projects. Configuration and Orchestration Manager supports the Avaya portfolio of Ethernet Routing Switches (including modular and stackable) and Wireless LAN (WLAN) products. Configuration and Orchestration Manager allows authorized and authenticated personnel to conveniently, quickly and securely configure devices on the network regardless of where the user or the device is located.
Consolidates configuration, provisioning and Saves time and operational costs orchestration through topology-driven, Webbased, integrated element management Supports multiple concurrent users and Protects your network, facilitates faster includes powerful access controls such as configuration and changes to the network, role-based user control functionality and reduces the potential for network downtime GUI-driven, network-wide configuration and Enables easy and cost-effective installation provisioning of new or existing network and maintenance devices Device element management, inventory, Accelerates processes, saves money and updates, and device and user access frees up valuable IT resources control through centralized element management Simplified, intuitive wizards and easy-to- use Reduces configuration setup time, while templates that can be reused as needed decreasing the likelihood of error
and
Orchestration
Manager
and
Unified
Avaya Unified Communications Management provides comprehensive management capabilities across voice, data and multimedia applications, utilizing a set of common services that serve as a foundation for unifying management applications. Common services allow network management applications to integrate with each other so that common components (e.g., user data and database information) can be shared, without requiring that the same definitions and configurations be repeated for each application. Configuration and Orchestration Manager is an important part of the Avaya Unified Communications Management strategy. Future releases of Configuration and Orchestration Manager will align with this strategy, enabling the sharing of portals, users and credentials with other Avaya Unified Communications Management products. In addition, a future release will provide orchestration, which enables integration with business process management and composite applications. This integration will enable IT teams to automate: triage and troubleshooting; repair of incidents and alerts; change and configuration management; and many repetitive maintenance tasks.
result? Best practices based configuration, pre-populated device aware configuration workflow, fewer keystrokes, accelerated installation and a reduction in errors that can lead to costly network downtime.
Configuration and Orchestration Manager enables administrators to create multiple Split MultiLink Trunking/Single Link Split Multi-Link Trunking access. A tab-based Split Multi-Link Trunking/Multi-Link Trunking access view allows administrators to transparently see VLANs across all Split Multi-Link Trunking/Multi-Link Trunking access. Additionally, an intuitive VLAN creation wizard lets administrators create a VLAN and use it for Split Multi-Link Trunking/Single Link Split Multi-Link Trunking access.
VLAN Wizard
Element management is performed through scalable plug-in software called Off-Box Enterprise Device Manager. Once administrators download the software onto Configuration and Orchestration Manager, administrators can manage all elements from one server including assigning specific users access to a given device.
Unlike on-box solutions that have limited processing power, Off-Box Enterprise Device Manager is able to leverage the servers powerful CPU and memory to accelerate configuration processes and perform faster and better monitoring of the system.
For customers who still have older devices in their network, Configuration and Orchestration Manager also supports Java Device Manager in addition to Off-Box Enterprise Device Manager. Configuration and Orchestration Manager will launch Java Device Manager or Enterprise Device Manager depending on the type of device.
Multi-Link Trunking Manager Multi-Link Trunking is a point-to-point connection that aggregates multiple ports into a single logical port with the aggregate bandwidth available to it. By grouping multiple ports into one logical port or link, administrators can achieve higher aggregate throughput on a switch-toswitch or server-to-server application.
The Multi-Link Trunking Manager in Enterprise Switch Manager allows creation, deletion and editing of Multi-Link or Split Multi-Link Trunk membership information across devices in a network. Virtual Routing and Forwarding Manager Virtual Routing and Forwarding allows multiple instances of a routing table to co-exist within the same router at the same time. The routing instances are independent, allowing administrators to use the same or overlapping IP addresses. Virtual Routing and Forwarding management enables administrators to configure applications and services from multiple devices using a single GUI workflow. Additionally, administrators can be mapped to device-specific Virtual Routing and Forwarding, enabling better access control and device partitioning for device management where multiple users and various enterprises or divisions share the device based on Virtual Routing and Forwarding. Routing Manager The Routing Manager enables administrators to configure routing parameters on devices discovered by Configuration and Orchestration Manager across the network. The manager supports IP Routing, RIP, OSPF, ARP, VRRP, IPv6 Routing and IPv6 OSPF. Trap and Log Manager With Log Manager, administrators can open log files that are transferred from a network device. Administrators can view the entire file or just selected information. The log file is a file saved on the flash memory of a device and is used to analyze any activity written to the log file that may be of potential concern. In addition, Log Manager adds trap severity prioritization with associated color highlights. Avaya Configuration and Orchestration Manager can also be configured to receive traps for all managed devices. This helps control the overhead of checking for traps in individual switches. File and Inventory Manager File Manager is used for bulk uploads or downloads of files to or from multiple devices. With this feature, it is easier to deploy updated image or configuration files across the network. The Scheduler feature enables scheduling of file uploads/downloads. Inventory Manager displays current information about hardware and software discovered on the network.
Device Port Scan The Device Port Scan feature enables the scanning of network device ports in order to determine the MAC addresses of connected end nodes. The data collected from these scans is stored and put into a file format. The frequency of scans is flexible as they can be scheduled at regular intervals or manually triggered. Scheduler Scheduler is a tool that allows administrators to schedule tasks submitted by sub-managers. This tool runs in the background independent of Configuration and Orchestration Manager, which means that it can execute scheduled tasks with or without Configuration and Orchestration Manager running in front. CLI management The CLI management tool allows administrators to interact with the device using Telnet and SSH. CLI manager is integrated with the Avaya Configuration and Orchestration Manager, eliminating the need for the tool to be installed on individual devices.
70
We can deliver the following benefits: A holistic end-to-end view of IP Flows providing a realistic assessment of network bandwidth utilization and application behavior over a period of time Standards-based management supporting both IPFIX, NetFlow v5/v9 and thereby making it an excellent tool to do flow capture and analysis in a multi-vendor network deployment
71
Packet capture and analysis facilitates deeper diagnosis of network problems IP Flow Manager also allows users to monitor voice traffic for planning purposes and supports protocols like RTP, SIP, and unified stimulus (UNIStim)
Following are some of the essential functional blocks of IP Flow Manager providing valuable network management experience to users:
Top 10 View
IP Flow Manager provides a powerful yet easy to use and visualize reporting capability providing comprehensive details on top 10 consumers of network resources. Top 10 Views typically shows heaviest traffic patterns across the network. A user can obtain a network resource usage report not only by application level, but also by protocol, conversation, host, subnet and port. A user can launch Top 10 views as separate tabs with an ability to look at the data both as a tabular and chart form.
72
73
Packet Capture
Packet capture capability is a unique feature of IP Flow Manager and a major differentiator from competitor products that allows network managers to perform a deeper analysis of network problems. It works in conjunction with packet capture capabilities of the Ethernet Routing Switch 8600 device family. This distinct feature allows network managers to view detail of the traffic (ingress) passing through a specific slot/port on the Ethernet Routing Switch device in the IP Flow Manager user interface.
All models (stand 6.0 and later alone mode only) All models 5.0 and later
IP Flow Manager could collect data from devices that: Support IPFIX, NetFlow v5, or NetFlow v9 Can be configured to send the IP flow data to the IP Flow Manager
74
We can deliver the following benefits: A better administrative experience - The WLAN 2300 Series makes life easier for administrators by automating tasks throughout the entire implementation and operations life cycle.
Simple installation - The WLAN Management Software system can be used to map the location of access points based on the expected number of users and type of applications being accessed. The WLAN Management Software system will also calculate each access points ideal configuration and push it out to the WLAN Security Switches which automatically configure the access points upon installation. Easy implementation From planning to production The WLAN Management Software system helps network administrators through every phase of a WLAN project from planning and configuration through to monitoring, reporting, expansion and ongoing operations. Standards-based/open client approach for user and application compatibility - The WLAN 2300 Series is simply: compatible. WLAN 2300 adheres to the latest IEEE and de-facto industry standards to ensure strong security and QoS while maintaining compatibility with user devices. Centralized access point management provides simplified administration - Each WLAN Security Switch provides centralized management for the access points under its control. Firmware updates, configuration changes and RF management can all be performed by the WLAN Security Switch through a management interface or via Wireless Management Software.
The Avaya WLAN 2300 Series is a complete 802.11 solution for enterprises wishing to deploy widespread wireless coverage for todays business, IP Telephony and converged multimedia applications. The solution combines the latest industry standards with a centralized architecture and advanced features to create a secure, cost-effective and highly scalable WLAN infrastructure. The WLAN 2300 Series includes the tools and features required for successful planning and implementation, whether deploying a first-time WLAN using a quick and simple approach, or graduating to a precisely engineered mobile infrastructure as part of a global enterprise mobility strategy. The WLAN 2300 Series features a centralized wireless LAN deployment model with thin access points controlled and managed by a central WLAN Security Switch. The series is comprised of four primary elements: WLAN Access Points WLAN Security Switches WLAN Management Software system WLAN Location Engine
Each plays a key role in the complete mobility solution. The Avaya WLAN 2300 Series Access Points perform 802.11a/b/g mobile connectivity, encryption/decryption for wireless traffic, priority queuing and radio frequency (RF) monitoring, including rogue access point identification and containment. Access points exchange control and data traffic with their associated WLAN Security Switch.
The Avaya WLAN 2300 family of security switches controls the access points and performs key functions such as security, networking, quality of service (QoS) and roaming for mobile users. The WLAN Security Switch also correlates radio frequency data from multiple access points and coordinates their response to changing RF conditions and RF attacks. The Avaya WLAN Management Software system is a comprehensive design and management tool that identifies ideal access point locations on detailed floor plans, configures all devices with a single click and provides granular monitoring and reporting for complete visibility and control over the entire system. The WLAN Location Engine is an optional element that adds integrated location services to any WLAN 2300 installation enabling new applications and services such as location-based security policies, content delivery or asset locating and tracking.
In WLAN 2300 Release 7, Avaya introduced Trapeze branded 802.11n products: the MP-432 802.11n AP, the MP-82 802.11n AP and the MX-2800 high capacity controller.
This solution is for customers with an immediate need for 802.11n. Avaya remains committed to bringing its own 802.11n solution to market in the third quarter of calendar year 2010. The Trapeze branded hardware is an interim solution until the Avaya solution is available. The WLAN 2300 Series includes a family of four security switches, each designed to meet specific needs of enterprise-wide deployments. The portfolio breadth, combined with advanced features and a common management system, provides unparalleled deployment flexibility and scalability to meet the growing demands of mobile professionals. Each switch can be deployed and managed independently, or can participate with other WLAN 2300 Security Switches in large enterprise network deployments. In multiple switch architectures, client information and policies are shared among switches to permit fast roaming among all access points. Regardless of network size or topology, the WLAN Security Switch 2300 family can lower equipment costs substantially by offering the right-sized product for any deployment scenario.
An unwired access point using one radio for 802.11a or 802.11g wireless backhaul, and the other radio to deliver 802.11b/g service for clients The Access Point 2332 offers one-hop meshed configuration to create a wireless link between buildings or other distant locations where network connectivity is required.
Local forwarding creates more efficient traffic flows by allowing the access point to forward data packets outside of the WSS tunnel. Local forwarding can reduce latency and jitter by as much as 90% for improved voice quality. The table below compares Avaya options for WLAN APs (802.11 a/b/g WAP 2332 and 802.11n MP-432 AP) with other vendors.
Yes
Dual radio 802.11a/b/g P-MP Wireless Bridging Dual Ethernet ports Local traffic forwarding
Adding a WLAN Security Switch 2382 to Avaya Ethernet Routing Switch networks (or other vendors Layer 2/3 networks) instantly enables wireless access point compatibility on any available PoE port and gives customers the flexibility of using existing wiring closet equipment to quickly roll-out access points and create an office-wide secure Wi-Fi mobility system. The WLAN Security Switch 2382 provides key features: Licensed capacity of 32, 64, 96 or 128 WLAN 2300 system access points Up to 32 WLAN Security Switch 2382s can provide seamless mobility across a total of 4096 access points and managed as a single entity Supports the full WLAN 2300 system feature set optimized for secure enterprise-scale pervasive Wi-Fi coverage and mobile voice and unified communications 2xGigE Small-Form Pluggable (SFP) ports for 1000BASE-SX/LX fiber or 1000BASE-T copper connectivity. Note: the interface jacks need to be purchased with the 2xGigE SFP interface ports. Load balanced ports and redundant power supply Intelligent user load balancing distributes users among available access points for greatest system capacity Enabled to support Avaya WLAN Handset 6100 plus 2200 handsets for Wireless VoIP capability and associated applications.
The table below compares WLAN Security Switch 2300 models along with the new Trapeze MX-2800 controller, being introduced in Release 7.
Number of access 3 points supported Third-party support Form factor AP Yes Small
12
12
Yes table 1U
Yes rack 1U
Application
resolve a devices location and track its movement - thousands of devices can be tracked simultaneously. The WLE 2340 uses both geometric algorithms and RF pattern matching to allow customers to dial-in the level of accuracy they require. By using data already captured by the access points, the integrated solution mitigates the need to install client tracking software on Wi-Fi devices this simplifies operation, allows a broader range of devices to be tracked and allows locationbased security filters to be applied to any device including guest users where there is no control over client configurations. The WLE 2340 features an external API that allows developers to incorporate location information into applications such as voice, messaging, unified communications, supply chain, security, monitoring, troubleshooting, inventory management and others where a location context or presence state is required.
83
We can deliver the following benefits: Reduce total cost of ownership: The WLAN 8100 Series provides centralized management and removes the complexities of supporting multiple overlay networks (LAN, WLAN, VPN, network management). This reduces operational costs. Performance: The WLAN 8100 Series provides high performance through the 802.11n standard. It uses Multiple In, Multiple Out-Orthogonal Frequency Division Multiplex
84
(OFDM-MIMO) and multiple spatial streams, allowing for high performance levels and improving coverage when compared to prior systems such as 802.11a, g, b. Avayas extensive experience with OFDM-MIMO as a significant contributor to the standards is reflected in the superior radio frequency performance of the Avaya Access Points. Security: WLAN 8100 Series solution is built around 802.11i. It supports Wi-Fi Protected Access 2 (WPA2) and other security features that are more robust than those of any wired network. Strong, flexible two-factor authentication and authorization, along with robust protection mechanisms, make the wireless network secure enough to meet your customers expectations. E911 support VoWLAN (voice) scaling Clustering of AP licenses: N-1 resiliency model compared to the industry norm of N+1
Avaya WLAN 8100 Series includes Avaya WLAN Access Point 8120, Avaya WLAN Controller 8180 and Avaya WLAN Management Software 8100. The WLAN 8100 Series architecture provides a complete 802.11n solution as well as unified management, a broad range of wireless application opportunities and VoWLAN. The WLAN Controller 8180 -- operating as a standalone controller in the first release -- controls the WLAN Access Point 8120 devices. Avaya plans for the WLAN 8100 Series to support split-plane architecture in a later release. Customers who purchase the WLAN 8100 Series today will be able to take advantage of splitplane in the future. The WLAN Controller 8180 can be made into a Wireless Switching Point only or Wireless Control Point only in the future. The Wireless Switching Point can be moved into the Ethernet Routing Switches and allow the same WLAN Controller 8180 to become a Wireless Control Point only and scale much higher in its singular role. With the data plane and the control plane combined in the same device you can split the traffic so the traffic goes to the Ethernet Routing Switch or the WLAN Controller 8180. This reduces total cost of ownership. Customers can deploy WLAN 8100 Series today as an overlay. The WLAN 8100 Series products in the first release are split-plane ready. When you implement split-plane, you reuse your existing components. You can support growth without needing new controllers. The WLAN 8100 Series includes: WLAN Access Point 8120: an indoor, dual radio, 802.11n AP. WLAN Controller 8180: a standalone controller, designed for medium to large enterprises. It can support up to 256 APs. For smaller deployments, a 16-license version (WC 8180 -16L) is available. WLAN Management Software 8100: a graphical user interface (GUI) application suite used to plan, configure, deploy and monitor a WLAN and its users. The WLAN Management Software 8100 is integrated into Avaya Unified Communications Management which provides unified management across wired and wireless networks, enabling network administers to streamline their workflows and reduce time required to install, configure, maintain and troubleshoot networks.
85
WLAN Access Point 8120s provide wireless access to mobile devices and perform encryption/decryption for wireless traffic, priority queuing and radio frequency (RF) monitoring, including rogue Access Point (AP) identification and containment. WLAN Access Point 8120s exchange control and data traffic with their associated Wireless Controller. Features include: Two 802.11a/b/g/n radios Two spatial streams over integrated Multiple In, Multiple Out (MIMO) Antennas (2.4 GHz and 5 GHz) Integrated and external antenna options Simultaneous dual band operation (2.4 GHz and 5 GHz) Adaptive frame aggregation One GigE uplink port Multiple Power over Ethernet options, including 802.3af support at full performance
WLAN Controller 8180s control the access points and perform key centralized functions such as security, networking, quality of service (QoS) and roaming for mobile users. Controllers can be deployed as either standalone wireless controllers today or integrated into the Avaya wired portfolio in the future.
86
WLAN Controller 8180s provide key features: Scalable architecture with separate data and control planes, each of which can scale independently and more cost-effectively than traditional controller-based architectures Expansion module for further flexibility in scaling Ability to move data plane to core/edge switches and control plane to a virtual environment in the future Support for up to 256 APs (802.11n) per controller, 32 controllers per cluster
The WLAN Management Software 8100 is a comprehensive configuration and management tool. It provides detailed floor plan and RF coverage views, configures all devices with a single click and provides granular monitoring and reporting for complete visibility and control over the entire system. WLAN 8100 Series: Enabling the unwired enterprise The WLAN 8100 Series allocates separate resources to management, control and data forwarding. The wireless controller/switch architecture delivers an optimized WLAN switching system. By combining the operational advantages of centralized management and intelligence with the scalability, efficiency and performance of distributed switching, the optimized wireless controller/switch architecture is able to deliver an optimized WLAN switching system.
87
The unwired enterprise a new era of WLAN Avaya envisions a future where the wireless bandwidth will exceed user application requirements. This will enable office environments to be entirely wireless and integrated with existing fixed and cellular wide area networks. This will give workforces seamless universal mobility both in and out of the office. This capability will be enabled by a true wireless broadband infrastructure capable of supporting all communications needs, including voice, video, unified communications and other real-time applications.
Increased performance, coverage and security Provides higher performance, throughput, reliability and more, through support for 802.11n Common network access security capabilities that can be set for all users and devices, both wired and wireless; support for popular authentication types and security standards
Enhanced user mobility and productivity Optimized for voice and multimedia applications; supports industry-leading wireless voice call densities and introduces the industrys first solution to extend E-911 support to wireless devices Offers end-to-end solutions, including fixed-mobile convergence (e.g., WLAN infrastructure, WLAN handsets, data, voice, Mobile Unified Communications solutions) to extend reach and increase worker productivity
88
The WLAN 8100 Series delivers a simpler, lower-cost solution. It offers common policies and tools for security, guest access and network management across the wireless and wired network infrastructures. As we enter the unwired enterprise era, Avaya is committed to developing solutions that deliver true unification and WLAN technology is an integral part of that. The WLAN 8100 Series, which is built from the ground up within Avaya, leverages the companys rich voice and carriergrade heritage and a decade of innovation in wireless.
89
A key challenge is managing converged data networks that support unified communications solutions. IT Operations is faced with managing a growing and increasingly complex network, often without the budget to add additional staff. And while reducing network outages is critical, most network outages are due to manual configuration errors.
90
The prospect of using a standard command line interface is almost inconceivable in medium to large network environments. It is a complex task to manually manage configurations, perform backups and software updates, and implement routine password changes individually on a device-by-device basis.
Avaya solution
Network Resource Manager is a software application and a key component of the Avaya Unified Communications Management solution. It streamlines and automates routine management tasks. It automates device configurations from templates, backup and restore configurations, and updates software. Network Resource Manager automates security administration tasks by enabling passwords and/or community string updates on groups of devices. Automating management tasks decreases the total cost of ownership. It maximizes staff efficiency. Automation reduces manual configuration errors that have the potential to undermine network security. Device configuration errors sometimes cause network problems that can be difficult to diagnose and correct. The ability to automate changes also reduces network downtime.
Application features
Configuration Update Generator Administrators can use the Configuration Update Generator service tool to run a common set of configuration commands on multiple system devices. With this tool, administrators can apply previously created template files to multiple devices with a single action. For example, this tool can quickly set up firewalls on multiple network elements of the same type on a network. Administrators can also populate specific data fields for devices from a comma-separated values file. This feature allows administrators to use Microsoft Excel to organize device-specific adjustments to configuration parameters in an easy-to-read format. Configuration Backup and Restore Administrators can use the Configuration Backup and Restore tool to backup and restore device configuration parameters. If administrators need to restore a device configuration, the tool automatically reboots the device after a restore operation. Software Version Updater Administrators can use the Software Version Updater tool to perform software updates of device images. Administrators can also create a package to update a group of devices of the same type. This greatly simplifies software updates on s network when new software releases are available. Device Password Manager With the Device Password Manager tool, administrators can select a group of managed devices and change an administrator password and an SNMP read-only and read/write community string. If has staff turnover or if has a policy of changing device passwords every 90 days, the process of updating passwords can be greatly simplified and rapidly executed through automation.
91
Tunnel Guard Distributor Administrators can use the Tunnel Guard Distributor tool to copy a Tunnel Guard rule from one device to multiple devices. This greatly simplifies configuration of Avaya Secure Network Access Switches that enable only trusted users utilizing compliant devices to access network resources.
92
We are excited by the opportunity to partner with to assist you in overcoming the challenges you face including: Configuring device by device is prone to human error and configuration errors are the number one cause of poor network performance and failure Some port configuration settings are best for VoIP and not a PC. Having the wrong VoIP configuration can negatively impact the user experience If an Ethernet switch needs to be replaced, restoring an old configuration can impact the performance, and potentially bring back old problems Inconsistent deployment of Ethernet switch software can lead to performance issues that can be time consuming to isolate and resolve
We can deliver the following benefits: Active user interface - comfort, speed - input and output via the same window or user dialog Visualization of information - speed, simplicity effective use of colors, tables, summaries Individual object handling - comfort, speed, simplicity - single object or/and grouped object management Input/output device - comfort, speed, simplicity - mouse clicks, mouse selections Information consolidation - comfort, speed - information export to printer, tables, excelfiles, what you see is what you get
Lost productivity and missed opportunities due to network downtime are costly to an enterprise. New applications and services that support strategic business functions are more dependent than ever on complex network services and protocols. Managing network configuration and reliability is a key function for IS/IT professionals.
93
Avaya Enterprise Switch Manager is a Java-based configuration management application for Avaya Ethernet products including Ethernet Routing switches, Application switches for versions AOS 21.0 or higher, and WLAN devices. With the Enterprise Switch Manager, you can discover, configure and view more than 500 devices and their physical links on a graphical topology map. The management tool is network-centric it enables you to perform configuration management of a small to medium-sized network of Ethernet products. Enterprise Switch Manager provides a graphical view of the network displaying physical connectivity between devices. It can discover devices on demand that are configured in the network. Once the discovery is completed, other sub-manager applications can perform monitoring and configuration operations on the discovered devices. The tool is the launch point for sub-manager applications.
A dramatic improvement over command line interface applications that require complex command strings, this intuitive Java-based solution streamlines the configuration process by using a GUI that displays data in easy-to-view windows. Enterprise Switch Manager allows network managers to configure individual port settings, default gateways, SNMP traps, VLAN configurations, and perform image and configuration file maintenance, which simplifies the set-up and management of multiple devices. This easy-to-use application expands the pool of administrators capable of performing complex network configurations. It provides a system-level view of a network and physical connectivity between devices and discovery is automatic.
94
We are excited by the opportunity to partner with to assist you in overcoming the challenges you face including: Allow guest users or visitors temporary and restricted access to the network Enable only authorized devices to be permitted on the network
95
Enable users/devices accessing the network to be only given access to the portions of the network that they require access to
We can deliver the following benefits: What truly sets Avaya Identity Engines portfolio apart from the others is its unique ability to function in a truly heterogeneous environment including its tight integration with thirdparty back end directories. This enables enterprises to preserve their very significant investments in existing edge devices as well as directory implementations. Its plain English policy definition and deep abstraction capabilities makes the operational management capabilities of this solution significantly more intuitive and cost effective when compared to the competition. Given its standards-based approach, the Avaya Identity Engines solution can be relied upon for many years to come. This presents a dramatic contrast to proprietary solutions which are not only costly, but may also have a very short shelf life.
It is important to note that none of these solutions are mutually exclusive and the proposal includes the components necessary to implement some or all of the solutions described in this section. Guest Access The first solution utilizes the Avaya Identity Engines portfolio to provide for a Guest Access solution. With this solution, it is possible to enable front-desk (reception/security) staff or the visitors themselves to safely and securely provision temporary access to the network. The solution enables the creation of temporary accounts as well as assignment to restricted portions of the network. This solution applies to both wired and un-wired as well as 802.1X and non 802.1X enabled guests. A typical implementation may look something like this: Guest arrives at the facilities and proceeds to security/reception. Reception verifies their identification as well as who they are there to see. Reception points their Web browser to the Guest Manager URL which provides them a form (which restricts them to only the required information). Since most cases it is not clear if the guest is using 802.1X on their iPhone, BlackBerry, laptop, and so on, the most common scenario is to request the guests MAC address. A hot-sheet at reception can provide the necessary instructions on how to obtain this info. Once obtained, reception can enter the info in the Web form and this will create the temporary access for this guest. Once the time expires, the Identity Engines Ignition Server will instruct the edge devices to disconnect the guest. The guest simply uses wired or wireless access to access the network and if implementing the MAC address model then no further credentials are needed (nor is any user training).
Authorized Device Access This solution is commonly used as a mechanism to prevent rogue or unauthorized devices from connecting to the network. It is most common to register the MAC addresses for the approved devices which normally include devices like printers, fax, all-in-ones, network devices and wireless access points. These MAC addresses can be registered in the Ignition Server internal
96
store (and MAC level authentication is done) or they can be registered in an external database such as LDAP or Active Directory (in this case device level authentication is done). In either case, the Ignition Server is responsible for looking up the device, and if present and authentication succeeds, then instructing the network switch or access point to grant access. This allows the enterprise to centralize the device access list as opposed to configuring MAC level authentication on each network device in the enterprise. This also prevents someone from unplugging a printer and plugging in a device to get access to the corporate network. Even more critical, in todays world, this prevents an employee from bringing in their own wireless access point and unknowingly exposing the corporate network to the outside world. Restricted Access Where regulatory compliance and audit controls are a large concern, Identity Engines can be used to isolate users to specific portions of the network. While the previous two solutions are very straightforward and can be setup quickly, planning this solution requires additional prepwork. With this solution, the employees workstations are enabled for 802.1X access which can be as simple as enabling 802.1X functionality that exists as part of the Windows operating system. The network must also be constructed in a manner that permits segmentation. This simply means the ability to group like services/requirements to common areas. This could mean grouping by building (where employees should only have access to the network where they reside) or it could be more robust where VLANs are used to create segmentation such as the HR or Finance network. Finally, plain-English Ignition Server policies are created to evaluate the access request and provide the desired response. A common policy includes querying the Active Directory to determine specific group membership for key groups (e.g., HR Group, Building 1) and, based on the group membership, instructing the edge device to allow (or deny) access and provisioning the user with a specific VLAN or Access Control List (ACL). The proposed Network Access Control solution utilizes the existing network infrastructure as well as the Identity Engines portfolio to provide with the desired capabilities.
97
Identity Engines Portfolio Optional Components In addition to the components referenced above that make up the proposal, the following optional components are available. Identity Engines Ignition Analytics: Delivers at-a-glance reports highlighting user info, failed authentications and usage summaries. Ignition Analytics is a software application that is installed on a customer provided Windows 2003 server in the data center. The Windows Server can either be virtualized (using any valid virtualization technology) or can be standalone. On an operator-scheduled basis, the Ignition Server pushes its logs to the Analytics server where upon they are automatically imported into a database that is used for reporting. The operator can then use a standard Web browser to access the reporting system to run standard reports or create custom reports. With Ignition Analytics, it is possible to schedule reports as well as receive them via email and in various formats such as HTML, PDF or XLS to name just a few. Identity Engines Ignition Posture: Performs device health assessments to enable endpoints to comply with security policies. It is possible to interrogate the users PC to enable corporate compliance prior to allowing them on the network. This allows the operator to write policies to check for things such as the presence of anti-virus or personal firewall software. Posture checking can be very granular and advanced where one could not only check for the presence of anti-virus software but check that real-time anti-virus is running and that a scan has completed within the last 24-hours for example.
98
Furthermore, it is possible to auto-repair common out-of-compliance conditions such as out-ofdate virus definitions via simple user click of the repair button. The Ignition Posture module is actually two components. The Posture Integration Module is enabled on the Ignition Server and is required to define posture policies. An appropriate number of Health Assessment End-Point licenses are required for the actual client software that runs on the users PC to conduct the actual compliance check. Identity Engines Ignition TACACS+: Enables TACACS+ authentication and authorization policies. The optional TACACS+ Integration module is applied via license key to the Ignition Server in order to enable TACACS+ functionality. This allows the enterprise to consolidate all AAA requests to the Ignition Server to support both user and network operator authentication.
99
We can deliver the following benefits: A holistic end-to-end view of the network which improves the quality and reduces the time required to manage todays complex networks. Standards-based management enables quicker access to any new device being added to the network and the instrumentation it provides. Centralized management versus proprietary domain management reduces the number of applications used to manage the network. It also reduces the data being presented thus providing an easier management experience.
100
The Visualization Performance and Fault Manager has the ability to discover every device on your network, even if you deploy equipment from numerous vendors. The application transforms complex network topology into simple-to-use, hierarchy-based maps, giving you clear, end-to-end views that help you quickly determine if network issues are physical or logical in nature. By having insight into how devices are connected and performing, you can zero in on aspects of the network and reduce your mean-time-to-repair. Personnel can be dispatched quickly, resulting in less downtime, greater productivity, elevated levels of user satisfaction and a proactive rather than reactive network management environment. Through the Visualization Performance and Fault Manager you can increase productivity for not only support personnel, but also every user on the network. The application enables you to determine that a switch has gone down, view which users are connected to the switch, and perform impact analysis. An example might include an email server failing. Using the Visualization Performance and Fault Manager, you could identify which users are affected and then take proactive measures, such as sending a broadcast voicemail to say, Were aware of the issue, and working to resolve it.
Network discovery
The Visualization Performance and Fault Manager offers heterogeneous-based network discovery (versus domain-based) with support for standards-, proprietary-, application- and OSbased discovery. This means that as long as the device is IP or SNMP-based, the Visualization Performance and Fault Manager can discover it. Discovery applies to servers, end nodes and operating systems. The application discovers all IP devices and nodes attached to the network, including servers, storage servers, printer servers, switches, routers, user end nodes (e.g., PCs and laptops), IP phones and more. But the functionality does not stop there. The Visualization Performance and Fault Manager also discovers the relationships that exist among devices in the network, including topology and links. Operating systems and applications on servers can also be part of the discovery process if operating system security settings allow.
101
Network visualization
Once devices are identified through discovery, Visualization Performance and Fault Manager takes complex network topologies consisting of multiple geographic locations, multiple devices, hundreds or even thousands of devices connected to the network and transforms them into simple hierarchy-based topology views. It shows degrees of device connectivity based on device function and where it is located in the network (i.e., a layered environment approach). The visualization function also includes VoIP service-based views that provide you with insight into the application. Having service-based views enables you to differentiate between physical connectivity and logical- or application-connectivity issues. Finally, the Visualization Performance and Fault Manager provides device-centric views that enable you to see the relationship between devices, i.e., identifies a switch and all the devices connected to it, enabling you to perform impact analysis.
102
Fault management
Once the issue(s) have been identified through network visualization, you can use the Visualization Performance and Fault Manager to monitor the network for faults. Using information collected from the network and the devices themselves, the Visualization Performance and Fault Manager performs status monitoring and sends the information that you need to do event correlation and root cause analysis. The Visualization Performance and Fault Manager determines what is the most likely cause of the network outage by correlating all network events and determining the primary and secondary devices affected. Fault management also performs event handling. If an event occurs on a specific device, the Visualization Performance and Fault Manager will know that it has to take a certain action for example, send an email notification or page the appropriate personnel. The parameters and action required are defined by the administrator during the configuration phase.
103
Fault Management
Performance management
Through the Visualization Performance and Fault Manager, you can use performance management for two key activities: capacity planning and the monitoring of changes to the network. In the latter case, the Visualization Performance and Fault Manager enables you to monitor modifications to the network such as the addition of a new switch and observe how the device performs in the short term. From a longer-term perspective, the Visualization Performance and Fault Manager performance management capability also provides crucial information that can help you address your capacity planning requirements. For example, if traffic on a particular link begins to exceed a pre-determined threshold, such as 30 percent, the Visualization Performance and Fault Manager can record and report on the performance. If the trend continues, you can plan changes to your network accordingly to address growing traffic.
104
Diagnostics management
Diagnostic management allows the network operator to run and collect diagnostic data from network devices. The Visualization Performance and Fault Manager provides Layer 2 and 3 diagnostic information in an end-to-end connectivity rather than a hierarchical view. Through this capability, you can also print and export the data in graphical format.
Diagnostics Management
105
And if you choose the Visualization Performance and Fault Manager-Lite application initially, and your network requires the enhanced functionality of the full Visualization Performance and Fault Manager, you can upgrade easily, simply by purchasing the appropriate licenses.
106
We are excited by the opportunity to partner with to assist you in overcoming the challenges you face including: wants to extend network access to partners, contractors, and customers without having to distribute or manage client software. How can you extend access to non-employees and unmanaged endpoints while guarding against information loss, theft, and unauthorized disclosure? Not all applications on a corporate network require the same level of security. Subscription or license-based databases have strict access constraints, departmental applications contain sensitive information, human resource applications provide confidential personal data, and financial systems require restricted access. These applications, among many others, warrant additional security within the corporate network.
We can deliver the following benefits: Dynamic access and policy management capabilities - VPN Portfolio provides dynamic access policy management to enable simplified yet highly secure provisioning of users and groups within the enterprise. The gateways also provide granular access control, auditing and logging for both security tracking purposes as well as user/VPN capacity planning. Flexible, universal secure access - Enterprises need solutions that offer easy-to-use flexible access options that address a wide range of access requirements. The VPN Portfolio delivers this flexibility with the industrys broadest selection of secure access options and capabilities. SSL is a convenient secure remote access alternative to IPsec that leverages the native capabilities of widely deployed Web browsers and avoids the need to install and administer client tunneling software on remote PCs. SSL services can take advantage of common user profiles, authentication techniques and management already in place for IPsec users to minimize administrative overhead.
107
An integrated Universal Access Portal further front-ends and simplifies the VPN user experience by transparently invoking the most appropriate VPN access (IPsec or SSL) based on a users access needs.
Extend access to partners, contractors, customers The VPN Portfolio leverages browser-based software already available on a users PC to provide secure remote access. This enables enterprises to extend access without having to distribute or manage client software. An on-demand model further enables any required client side software to be loaded when needed and removed at the end of the session. When connected, end-users are granted access only to the data and applications they require. Increase employee productivity teleworkers, day extenders, mobile users Remote workers can have full network access without losing functionality they normally have within the traditional office environment. By providing application access over a standard broadband or Internet connection, the VPN Portfolio can provide huge cost savings to the enterprise. The VPN Portfolio can also be used by mobile workers, enabling them to connect from hotels, hotspots and from within other enterprise networks for convenient anytime, anywhere access. Protect information, assets and networks Administrators can guard against information loss or theft without burdening end users with intrusive, hard-to-use security features. The VPN Portfolios fine-grained access controls enable users to get access to only what is necessary to perform their job function nothing more, nothing less. Flexible endpoint security scan and block features allow on-demand validation of unmanaged endpoints. And cache cleaning enables no data to remain on the endpoint at the end of the session. The VPN Portfolio can even prevent users from saving or printing data during the session. Key VPN Portfolio Features Flexible, universal secure access for SSL and IPsec users Secure access to all applications, including voice and multimedia, from a Web browser Hardware-appliance or software-based VMware deployment options MultiOS endpoint support including Windows, Mac, Linux and PDA Dynamic role-based access to applications and resources Strong endpoint security and information protection Log and audit trails for compliance High performance, availability and scalability
Flexible, scalable, cost effective deployment The VPN Portfolio can be deployed either on dedicated VPN Gateway 3050/3070 system hardware or as a virtual appliance on any VMware compliant hardware. The virtual appliance provides the same functionality as its dedicated hardware counterpart but at a significantly lower entry-level cost. Both hardware options employ a seat-based license model which allows
108
end-user capacity to be added as needed. This allows VPN Gateway to economically support small, medium or large deployments with the flexibility to grow as the enterprise demands. Business continuity services Avaya VPN Gateway devices can be clustered to deliver reliable business continuity services. Up to 255 VPN Gateway devices can be clustered to function as a single system with massive hardware redundancy. Clusters can also be deployed in multiple locations to provide site redundancy and optimum performance for a widely-distributed workforce. Avaya also makes it cost-effective to deploy access capacity for worst-case scenarios through Emergency Remote Access (ERA) user licenses that enable capacity to be available when needed. Key Capabilities Flexible, universal secure access The VPN Portfolio offers flexible access options to address a wide range of enterprise requirements and needs. Support for both SSL and IPsec on a common appliance also eliminates the need to deploy and maintain separate VPN devices and/or vendor relationships. Key capabilities include: Secure Portable Office an entirely new way to deliver secure access using portable USB flash memory. Secure Portable Office leverages advances in portable memory technology to deliver a solution that combines VPN access to enterprise applications with strong security and information protection. Secure Portable Office addresses a range of access and security requirements in a portable, easy-to-use solution. Clientless Web access enables access to Web-based e-mail, file systems and Web applications from any Web browser through on-the-fly content transformation. Enhanced clientless access increases the breadth of application access to client/server and mainframe systems. This capability allows administrators to provide access to targeted non-Web applications without giving end users full network access. Net Direct provides full network-layer access with no need to pre-install a client. Automatic download of Net Direct to the endpoint enables access to all Transmission Control Protocol (TCP) and User Datagram Protocol (UDP) applications, including voice, multimedia and collaboration tools from Windows, Macintosh and Linux endpoints. IPsec VPN client access includes support for the Avaya VPN Client. This allows enterprises to support users with an IPsec requirement on Windows, Mac, PDA and Unix-based clients. Mobile device support (both SSL and IPsec VPN) for tablet PC, PDA (Pocket PC, Palm) and Smart Phones (WAP-browsers) with small device formatting options to support highly mobile user devices and applications such as Outlook Mobile Access.
Dynamic access and policy management Avaya VPN Gateways provide dynamic access policy management to enable simplified yet highly secure provisioning of users and groups within the enterprise. The gateways also
109
provide granular access control, auditing and logging for both security tracking purposes as well as user/VPN capacity planning. Capabilities include: Role-based policy model that tightly integrates with existing identity management and directory services to assign user access privileges based on defined roles. Dynamic context-sensitive portal that enables administrators to control access based on source IP, browser type, digital certificates or other parameters before login is complete. Single sign-on capability that alleviates the need for end users to enter and maintain multiple sets of credentials for Web-based applications. Portal personalization that allows dynamic generation of the portal based on user profile. Access management that includes granular control at the URL, server or file level enabling security policies to be tailored to specific resources.
Layered security Designed as a hardened security/Web appliance, Avaya VPN Gateways provide a suite of safeguard features to protect the enterprise against malicious intent and user negligence. These include: VPN Tunnel Guard (SSL and IPsec) that performs endpoint security checking on both client and clientless VPN endpoints. Enables administrators to define endpoint security policies on the VPN Gateway itself and enable remote users devices to be inspected for compliance before access is granted. Cache cleaner for endpoints that enables software downloads and temp files installed at login to be erased at logout so that no data is left behind. Strong user authentication that includes support for options including secure tokens, smart cards and X.509 certificates. Flexible access controls that can be tailored to how or from where a user is accessing the network; for example, full network access from a managed PC versus intranet and e-mail access from a less trusted device. Auto log-off that automatically terminates a session after a configurable period of inactivity to address security in public and shared device situations. Private-side encryption that meets mandated legislative requirement for data confidentiality and security (Health Insurance Portability and Accountability Act or HIPAA, Gramm-Leach-Bliley Act or GLB, Patriot Act, etc.). Portal Guard a unique Avaya VPN Gateway feature that offloads SSL termination and public key operations from internal servers and provides a low-cost means for secure access to internal enterprise portals.
Scalable performance for enterprises and service providers The VPN Portfolio is capable of meeting the most demanding enterprise or service provider performance and availability needs while also delivering entry-level options that fit the budget of small and medium sized enterprises. Key capabilities/options include:
110
High-performance hardware platforms. VPN Gateway 3000 series dedicated hardware platforms employ an advanced switching architecture that can support up to 5,000 concurrent VPN users on a single system with hundreds of Mbps of aggregate 3DES VPN throughput. VMware Virtual Appliance allows the VPN Gateway software to be loaded onto any VMware ESX(i) compliant hardware. Along with 10 and 50-user license starter packs, this option is an excellent way to get all the advanced technology of the VPN Gateway at an entry-level price. VPN Gateway clustering in groups of 2 to 255 units enables the deployment of a logically single system that can support hundreds of thousands of users. The Avaya unique license pooling feature enables license capacity installed on one VPN Gateway device to be freely shared by the cluster no charge clustering. Global VPN load balancing allows gateways to be deployed in a distributed environment to provide multiple redundant access points to the private network. VPN partitioning of a single VPN Gateway device or cluster into as many as 250 unique VPN or customer domains. This feature is useful both to service providers seeking to offer a managed VPN service and to enterprises who want to quickly support new acquisitions or business partners.
111
1GB DDR 266MHz (2) 10/100/1000TX (1) dual 10/100/1000TX (1) 40GB IDE (1) CD-ROM
2GB DDR 266MHz (2) 10/100/1000TX (1) dual 10/100/1000TX or -FX (fiber) (1) 80GB IDE (1) CD-ROM
Drives
VPN Gateway Product specifications Security features Authentication RADIUS and challenge/response LDAP, Windows NT Domain Native local user database SC SafeWord, RSA SecurID, Entrust IdentityGuard Novell NDS/eDirectory X.509 Digital Certificate Microsoft Active Directory
Single Sign-on (SSO) WFS, Web apps HTTP, form based authentication HTTP headers SSO with CA SiteMinder, RSA ClearTrust
112
Domain/network specific sign-on SSO Authorization Dual-profile authorization Base profile includes network, service and application level information (Layer 3, 4/7) Extended profile adds source network, client security and authentication method Endpoint security status and access method (Tunnel Guard/SSL) Security protocols SSL v2.0, 3.0 TLS 1.0 (RFC 2246) IPsec ESP, AH
Cipher suites All ciphers covered by SSLv2.0, 3.0 and TLSv1.0 except the IDEA ciphers and the FORTEZZA ciphers
Accounting Syslog/RADIUS account start and stop including user name, gateway address, session ID, session time and cause of termination
Client security Avaya VPN Tunnel Guard Auto-logoff with countdown Rewriting to no-cache/no-store headers Cache cleansing of files/history Dynamic access policies Malware Detection
Avaya VPN Client Support Split Tunneling VPN Tunnel Guard (for both IPsec and SSL) Avaya VPN Client Mobility Portal full-access tab Certificate-based authentication
113
L2TP Client Support, including support for PDAs and smart phones Other Features and Capabilities Load balancing SSL service load balancing via clustering Load balancing of back-end services to include Source IP and round robin
Session persistence Source IP, SSL session ID, cookie information Application health checking SSL with TCP/IP/Port Scriptable, configurable intervals
Managed service features Support for 250 VPN domains per Gateway Up to 2,000 IPsec site-to-site tunnels per gateway VPN binding with 802.1q Authentication/DNS mapping Split administration License pooling and failover Emergency Use licenses for business continuity Clustering support for up to 255 VPN Gateways
Application support Access to Web-based, client/server and native terminal server applications Network-layer native desktop application access via SSL or IPsec mode Web content and protocols HTML/DHTML JavaScript/Java Applets/XML HTTP/HTTPS VBScript
114
GenericFTP
E-mail/messaging protocols Microsoft Exchange (MAPI) IBM/Lotus Domino/Notes IMAP, SMTP and POP3
Management Secure administrative Web GUI (HTTPS) Serial port to CLI Local logging, external Syslog SNMP v2 and v3 RFC 1213 MIB for Management of TCP/IP-based internets RFC 2737 MIB entPhysicalTable RFC 2863 Interfaces Group MIB RFC 3418 SNMP MIB RFC 2574 user-based security model (USM) for SNMPv3 RFC 2575 view-based access control model (VACM) SNMP VPN Cluster Manager Multi-site management and monitoring
Web portal customization Hexadecimal color customizable Company logo (.gif ), text
115
Browser support Windows (98, 2000, XP, Vista) Internet Explorer 5 or better with Suns JRE 1.3 or better Internet Explorer 5 or better with Microsofts JVM 4 or better Unix Netscape Navigator 7 with Suns JRE 1.3 or better Mozilla 1.3 or better with Suns JRE 1.3 or better
Modes of operation ClientlessHTML to browser Enhanced ClientlessProxy with Java Applet Full Network ExtensionSSL Client (Net Direct) delivered via download or Avaya VPN Client access
Feature Licenses Secure Services Partitioning Portal Guard Secure Portable Office Feature
Concurrent User Licenses SSL and IPsec User licenses Emergency Remote Access (ERA) SSL On Demand Protection (SODP) IPsec Only Secure Portable Office Client Licenses (per seat)