Introduction April 22

RELIABLE SECURE MANAGED CONNECTIVITY

April 22, 2015

Introduction


What Welbeck Does

Unlike older remote access technologies that bring the remote device to the LAN, Welbeck brings the LAN to the device. • Data volumes and LAN

applications are not a problem.

• Remote devices “think” they are on the LAN.

• Integrated FIPS 140-2 compliant AES 256 encryption.

• Integrated traffic shaping and compression – supports VoIP and UC.

• Remote monitoring and management.

Welbeck Secure

LAN Extension

NextGen VPN

MPLS Replacement

Mobile/Remote

BYOD

M2M/IoT

Critical Infrastructure

3


The World’s Longest Ethernet Cable

Remote office/branch/M2M device

WelbeckAppliance

WelbeckAppliance

HQ office/data center

Welbeck End-to-end Data

Tunnel Over Internet

Any Endpoint Device Any Connection Any Network Gear

WELBECK LAN-TO-LAN LAYER 2 ETHERNET BRIDGE

4


Remote Management

Remote office/branch/M2M device

WelbeckAppliance

WelbeckAppliance

HQ office/data center

Welbeck End-to-end Data

Tunnel Over Internet

Out-of-Band Management

5


5

Product Line

WELBECK SECURE SOLUTIONS NORTH AMERICAN PRODUCT LINE Q2 2015 (SPECIFICATIONS MAY CHANGE) INQUIRIES: CALL 855-WELBECK OR EMAIL [email protected]

NetBlazerModel 7

Model 71LW Model 71LC 70 Series(72, 75-01, 78)

Model770

Model 79RServer

VirtualAppliances

Connections USB, WiFI, Ethernet Ethernet & WiFi Ethernet & 3G/4G 4 x GigE; USB 4 x GigE; 2 x USB 6 x GigE *

Tunnels 1 1 1 1 to 8 1 to 25 1 to 1,000 1,000s

Applications Indiv/M2M

Indiv/group/M2M

Indiv/group/M2M

Office/M2M

Office/SmallEnterprise

Enterprise/Data Center/Cloud

Data Center/Cloud

Throughput 17-25 Mbps 25-35 Mbps 25-35 Mbps 85 Mbps 150-250 Mbps 1000 Mbps/1Gig *

AutoConnectTM ✓ ✓ ✓ ✓ ✓ ✓ ✓

Integ’d Failover ✓ ✓ ✓ ✓ ✓ ✓ ✓

Remote Mngt ✓ ✓ ✓ ✓ ✓ ✓ ✓

Dimensions 0.6” x 0.9” x 2.6” 3” x 4” x 1” 3” x 4” x 1” 6.5”x 6.5” x 2.0” 9.0” x 6.9” x 1.7” 1RU x 19” *

Rec’d Users 1 - 3 10 - 20 10 - 20 100 - 250 250+ 1000s *

Power 5VDC@110-140mA 9VDC@500mA 9VDC@500mA 24VDC@250mA [email protected] 100-250VAC 35W

*

mailto:[email protected]


6

Competitive Positioning


Connectivity & Control

Multisite Redundancy

Full Touch Remote Management

AutoConnect/Full Network Connectivity

Multi-Payload Encapsulation

Dyn IP + Private IP Both Ends of Link

Security & Trust

X509v3 Certs + 512bit TLS Auth

AES256/SHA1 +Dynamic DH Key +Perfect Forward Secrecy

WiFi Client & Uplink +802.11ACL +AES256WPA2

Clientless Operation Per-Client Username/Password

for all deployment types

Built-in L2 and L3 and L4 ACLs

Competitive Positioning

7


8

Applications


Sample Applications

9

NextGen VPN for Mobile and Remote Easier to use, more secure and more reliable than IPsec VPN Remote monitoring and management of endpoints

MPLS Replacement for Branch and Enterprise Built-in traffic shaping, redundancy and management Private “leased lines” over any last mile medium, including

wireless, cellular, RF, SATCOM and whitespace Machine-to-Machine/Internet of Things

No client required on the M2M/IoT device Interoperable with PLCs, SCADA, access controls, cameras, etc.


Sample Applications

10

NextGen VPN for Mobile and Remote

MPLS Replacement for Branch and Enterprise

Machine-to-Machine/Internet of Things


11

• Wired and wireless• USB/Ethernet• WiFi access point/uplink• 2-factor authentication• AES 256 encryption

Welbeck NetBlazer Remote


Welbeck Enterprise ServerThe remote devices are on the

Enterprise Network with Full LAN Functionality

Remote locationSeveral devices connectwired or wirelessly via theWelbeck 71LW appliance

Branch Office/Workgroup

Welbeck tunnels wired or wirelessly over Internet

9


13

Welbeck vs Cisco VPN

Cisco VPN: 22 issues• Enable NAT−Traversal (#1 RA VPN)• Enable ISAKMP• Enable/Disable PFS• Clear Old or Existing Security Associations (Tunnels)• Verify ISAKMP Lifetime• Enable or Disable ISAKMP Keepalives• Re−Enter or Recover Pre−Shared−Keys• Mismatched Pre−shared Key• Verify the ISAKMP Identity• Remove and Re−apply Crypto Maps• Verify that sysopt Commands are Present (PIX/ASA Only) • Verify Idle/Session Timeout• Verify that ACLs are Correct and are Binded to Crypto Map• Verify the ISAKMP Policies• Verify that Routing is Correct• Verify that Transform−Set is Correct• Verify Crypto Map Sequence Numbers and Name• Verify the Peer IP Address is Correct• Verify the Tunnel Group and Group Names• Disable XAUTH for L2L Peers• VPN Pool Getting Exhausted• Issues with latency for VPN client traffic.

Source: Cisco TAC - Most Common L2L and Remote Access IPsec VPN Troubleshooting Solutions: IPsec VPN Configuration Does Not Work. http://www.cisco.com/en/US/products/ps6120/products_tech_note09186a00807e0aca.shtml

Welbeck set up:• Plug in power• Connect to Internet

THIS IS NOT YOUR GRANDMOTHER’S VPN

http://www.cisco.com/en/US/products/ps6120/products_tech_note09186a00807e0aca.shtml


Sample Applications

14





Secure Branch Network

Location B – Large Branch OfficeHead Office/Data Center

Welbeck secureprivate network

over Internet

Location A – Small Office

Welbeck enterprise servers or virtual appliances


Secure Cloud Access

Cloud Customer BCloud Provider


over Internet

Cloud Customer A

Welbeck enterprise servers or virtual appliances


Data Center Mesh Network

Location B

Welbeck enterprise server or virtual appliance

Location C


over Internet

Location A



17


Sample Applications

18





M2M: Industrial and Utility Sensors

19

Secure Data Access & Distribution. Welbeck polls existing utility monitors via Ethernet and RS485 interfaces every 5 minutes. Welbeck encrypts data and pushes encrypted data via commodity Internet or 3G/4G Cellular every 15 minutes. Data is pushed both to central server and to public website.


Internet of Things: Residential

20

Security Cameras and Alarms.

Welbeck unit on the customer’s premises avoids the need to open a port on the customer firewall, protecting the customer’s Internet connection from intrusion. AES 256 encrypted data is sent via customer’s existing Internet connection to the Welbeck server (physical or virtual) at the security service provider. Both the customer and the service provider can access data securely, including from existing mobile devices, over Welbeck end-to-end secure tunnel.


M2M/Internet of Things: Commercial

21

Facilities SecurityAccess Controls & IP Cameras. Welbeck connects via Ethernet interface to existing access controls and cameras without modification. Welbeck encrypts and pushes encrypted data feed via Welbeck 3G Cellular connection, providing immediate secure, reliable connectivity without costly wiring.


22

Cost and ROI Advantages


Cost/ROI Benefits to the Customer

23

TCO 30-40% of the competition Lower cost to acquire Lower cost to install Lower cost to maintain

High ROI Increased productivity Less down time Superior security

Interoperability Supplement, don’t supplant, existing infrastructure Any device, any transport, any network gear Remote management and NAC compatibility.


24

CapEx – Equipment Purchase

Equipment Purchase Savings using Welbeck/IpTL vs.

Cisco

$41.4K Savings in Acquisition

Cisco Welbeck/IpTL

24 site+HQ; Non-Redundant Cisco 892+ASA5510/50 vs. M71LW and M79R

$-

$10,000.00

$20,000.00

$30,000.00

$40,000.00

$50,000.00

$60,000.00


25

OpEx – VPN Recurring Expenses

Recurring Costs Welbeck vs. Cisco

Welbeck/IpTL is less than HALF the cost to operate year-over-year

Cisco Welbeck/IpTL

24 site+HQ; Non-Redundant Cisco 892+AASA5510/50 vs. M71LW and M79R - $50 inet link; cisco smartnet only—no IDS subscriptions

$-

$500

$1,000

$1,500

$2,000

$2,500

$3,000


26

Leased Line

Internet

$-

$50.00

$100.00

$150.00

$200.00

$250.00

$300.00

$350.00

$400.00

$400.00

$70.00

$330.00

Savings

Cost

$3,960-per-year SAVINGS with Welbeck/IPTL (Multiply per location!)

OpEx – MPLS/Carrier Services

• 1.5mbps 0-mile leased-line - $400/mth• No High-Definition Video• Limited surveillance cameras support• Redundancy is 2x cost

• 80mpbs Fiber Internet - $70/mth• Multichannel HD Video Capable• VoIP/PBX integration• Full site management and control

29


The Network Has Left

the Building

Call Bob Smith (202) 577-5366

Introduction April 22

Documents

Transcript of Introduction April 22