网络分段
Increase network security and improve user experience by segmenting the network
Modern networks must support an ever-increasing number and diversity of devices. Often these are unmanaged devices, including BYOD and guest devices, that can be risker than those owned by IT. IoT devices may also be especially vulnerable to security threats. Absent any means to prevent them, security threats can readily propagate horizontally within the network environment once they have penetrated the network perimeter.
Device proliferation can also contribute to a poor user experience, particularly in certain industries such as multi-dwelling units. Users have visibility into devices that are not relevant to them, and this can create confusion. Data-intensive applications accessed by visitors may compete for bandwidth with mission-critical applications. Network segmentation—or the practice of dividing the network into multiple smaller subnetworks—can help address these challenges.

Stronger IT security with multiple virtual networks to separate devices
IT teams can improve the security posture of the network using network segmentation to isolate certain devices and groups of devices from others. This can keep threats from propagating on the network. Unmanaged and IoT devices can be placed upon their own virtual networks to mitigate the risk. That means that, if a device connects that is affected by a security threat, it won’t be able to infect other devices that are on a separate virtual network. IT can grant guest users internet access only on a separate guest network. Network segmentation can also isolate users and devices that are subject to stringent compliance requirements, making it easier to meet these requirements.

Virtualized personal networks for a better user experience
Network segmentation can help IT teams deliver a better, more personalized experience for users. This is especially true in multi-dwelling units, including in higher education. CommScope RUCKUS® enables IT teams to segment a single physical network into multiple virtual networks—even down to the level of individual users. Since each user is on their own virtual network, they only see the devices that are relevant to them. They can roam about the network environment and still be connected to their personal virtual network. IT teams can also use network access policies to prioritize mission-critical data traffic—providing superior quality of service where it matters most to the organization.

Deployment options to support any network—whether or not it’s a RUCKUS network
CommScope offers two technologies within the RUCKUS product line to enable network segmentation—VLANs and VXLANs. VLANs can be employed whether or not the underlying network is a RUCKUS network, and this approach scales to about 4,000 separate virtual networks. RUCKUS Cloudpath® Enrollment System enables this capability. VXLANs have much higher scalability than VLANs, and enable virtual networks than span physical network segments. Deploying VXLANs on a RUCKUS network requires a SmartZone™ controller, SmartZone Data Plane and Cloudpath Enrollment System. RUCKUS products automate many tasks associated with setting up VXLANS to dramatically simplify the process.
推荐资源

视频:网络分段
网络分段是将企业网络划分为较小子网络的做法。它将用户和设备彼此隔离,以增强IT安全性和用户体验。Ruckus网络可帮助简化任何网络的网络分段,并通过RUCKUS网络提供更强大的功能。
客户案例分析:AVE Union
AVE Union是新泽西州联合县的一个豪华住宅社区。他们采用了RUCKUS网络,以实现永远在线的高性能Wi-Fi。Cloudpath注册系统使居民能够轻松、安全地快速连接到网络。新网络帮助该物业从竞争对手中脱颖而出。

点播微型网络研讨会:网络分段
此次点播微型网络研讨会涵盖网络分段、支持网络分段的技术(VLAN、VXLAN)和相关RUCKUS产品。它还提供了多住户单元(MDU)领域虚拟化个人网络的专用用例。
解决方案简介:网络分段
This solution brief describes supporting technologies and use cases for network segmentation.
