网络分段

Increase network security and improve user experience by segmenting the network

Modern networks must support an ever-increasing number and diversity of devices. Often these are unmanaged devices, including BYOD and guest devices, that can be risker than those owned by IT. IoT devices may also be especially vulnerable to security threats. Absent any means to prevent them, security threats can readily propagate horizontally within the network environment once they have penetrated the network perimeter.

Device proliferation can also contribute to a poor user experience, particularly in certain industries such as multi-dwelling units. Users have visibility into devices that are not relevant to them, and this can create confusion. Data-intensive applications accessed by visitors may compete for bandwidth with mission-critical applications. Network segmentation—or the practice of dividing the network into multiple smaller subnetworks—can help address these challenges.

Security icon
Stronger IT security with multiple virtual networks to separate devices

IT teams can improve the security posture of the network using network segmentation to isolate certain devices and groups of devices from others. This can keep threats from propagating on the network. Unmanaged and IoT devices can be placed upon their own virtual networks to mitigate the risk. That means that, if a device connects that is affected by a security threat, it won’t be able to infect other devices that are on a separate virtual network. IT can grant guest users internet access only on a separate guest network. Network segmentation can also isolate users and devices that are subject to stringent compliance requirements, making it easier to meet these requirements.

mdu-private-network-icon-orange-257x172
Virtualized personal networks for a better user experience 

Network segmentation can help IT teams deliver a better, more personalized experience for users. This is especially true in multi-dwelling units, including in higher education. CommScope RUCKUS® enables IT teams to segment a single physical network into multiple virtual networks—even down to the level of individual users. Since each user is on their own virtual network, they only see the devices that are relevant to them. They can roam about the network environment and still be connected to their personal virtual network. IT teams can also use network access policies to prioritize mission-critical data traffic—providing superior quality of service where it matters most to the organization.

deployment-management-icon-orange-257x172
Deployment options to support any network—whether or not it’s a RUCKUS network

CommScope offers two technologies within the RUCKUS product line to enable network segmentation—VLANs and VXLANs. VLANs can be employed whether or not the underlying network is a RUCKUS network, and this approach scales to about 4,000 separate virtual networks. RUCKUS Cloudpath® Enrollment System enables this capability. VXLANs have much higher scalability than VLANs, and enable virtual networks than span physical network segments. Deploying VXLANs on a RUCKUS network requires a SmartZone™ controller, SmartZone Data Plane and Cloudpath Enrollment System. RUCKUS products automate many tasks associated with setting up VXLANS to dramatically simplify the process.

其他资源

排序方式:

过滤器

  • 案例研究:AVE Union

    下载
  • 解决方案简介:网络分段

    下载
HAHVDPLd3UBi6e2R5nLeLR
视频:网络分段 

网络分段是将企业网络划分为较小子网络的做法。它将用户和设备彼此隔离,以增强IT安全性和用户体验。Ruckus网络可帮助简化任何网络的网络分段,并通过RUCKUS网络提供更强大的功能。

观看视频
6k8QkVeB4fjLgKerAFusem
Network Segmentation Mini-Webinar

此次点播微型网络研讨会涵盖网络分段、支持网络分段的技术(VLAN、VXLAN)和相关RUCKUS产品。它还提供了多住户单元(MDU)领域虚拟化个人网络的专用用例。

观看网络讲座