Managed Services Technical Presentation

Service Provider Solution

Converged Managed Services

Delivery platform

Nov 08
 Agenda

• About UBIqube

• Service Provider Solution Suite

Introduction, technology platform

Service delivery models

• Detailed Technical Services portfolio

• Managed Router and Secure VPN
• Managed Security (FW, IPS, Content Filtering)
• Monitoring Alerting and Reporting

2
 About UBIqube

UBIqube is a global integrated network and security management

solution vendor.

• France Telecom R&D Spin-off, incorporated in 2000

• Engineering in Grenoble, Sales presence in France, Russia, CIS,

USA, Dubai and Hong Kong

• Innovative technology in the Management/OSS industry

endorsed worldwide by bluechip leaders

3
 Addressing the Services Market Opportunity

The NOC/SOC Tooling Challenge

Technology Management Segment Market Analysis

Diversity of tools. Sophisticated niche
focused solutions. (Audit, Vulnerability,
Log/syslog Event Management Correlation, etc.)
No 80/20 approach, no easy integration in
unified interface. Costly.

Lifecycle oriented solutions. (HPOV,

SNMP Device Monitoring etc.).
Mature segment. Costly.

Vendor Specific Device Provisioning Heterogeneous, complex, vendor

(Config MGNT / Change) specific tools.
CLI Not scalable.

Converged Network & Security Management Solutions

 Addressing the Services Market Opportunity

The Winning Ingredients

• A Scalable, flexible and agnostic NOC/SOC

• An ecosystem of vendors and channel partners

• A sustained service oriented Marketing&Sales

Strategy

5
 About UBIqube

UBIqube develops and markets 2 solution suites :

• UBIqube Enterprise Solution Suite helps organizations
streamline their network and security lifecycle management.

• UBIqube Service Provider Solution Suite is the corner stone of a

Converged Managed Services offering.

These solutions are endorsed by the world leader of Network and

Security equipment, Cisco.

6
 About UBIqube

UBIqube Key differentiators :

Unified Lifecycle
Simplicity Convergence
Solution Management

7
 Service Provider Solution Suite

Differentiator : Simplicity

Value for the SP :

• Reduces the OPEX
Reduces the level of • Offloads back office
expertise of field • Reduces the delivery
Multi Tenant Web Based GUI engineering in day to day time
routines.

Answers the branches

proliferation (11% per Value for the
year) management Customer :
nightmare. • Reduces the costs
(TCO and OPEX)

Pre defined Profiles

 Service Provider Solution Suite

Differentiator : Unified Solution

Multitenant Architecture Role Based Access Control

VPN FW IPS CF Voice

Device ITIL Based
Staging Provisioning Service Delivery

KPI Monitoring Detailed Reporting

Alerting Compliancy
SLA Management Log Management Asset Management

Multiple CPE Vendors

 Service Provider Solution Suite

Differentiator : Convergence

Monitoring • Silver
services • Gold
• Alerting
• Detailed Reports
Managed
• CME/CUE
Voice • UC500
• Dial Plan, Groups
• Self Care
Managed
Security • IPsec VPN
• Firewall
• IPS/IDS
• Content Filtering

Managed • WAN / LAN accesses

Router • Network : DHCP, static routing
• NAT, QoS (co)
 Service Provider Solution Suite

Differentiator : Lifecycle Management

Security

Networking Deploy
VoiP

Manage
and Test
Provisioning Improve
Staging
Monitor
Creation and
Respond

Monitoring Reporting

11
Service Provider Solution Suite

Solution Introduction

12
 Service Provider Solution Suite

Solution Description

• Integrated Service Delivery Platform to deliver managed network

and security services.

• Combining the MSActivatorTM with UBIqube’s management

appliance the SmartSOC-SATM (Service Agent), provides a unique
value proposition in the Managed Services industry.

• Features full service life cycle management from staging,

provisioning, ITIL based configuration and asset management.

• Automation and predefined configuration profiles lower the cost of

service delivery and reduce human error risk.

• The multi-tenant, web-based GUI called the VSOC simplifies

service management in a multi-vendor and multi-technology
environment.

13
 Service Provider Solution Suite

Solution Modules

VSOC
Webportal
SEC Engine Event Tracker Archive PKI

Staging Monitoring Backup

Unified GUI Authentication
Provisioning Alerting Tamper Proof
HTTPS Archiving Automation
Management Reporting

ITIL based CMDB

14
 UBIqube Technology Platform

CMDB

• Configuration management Database

– Built on a set of oracle databases.
– ITILcompliant
– Handle all the configuration and all monitoring data.
– Dedicated databases store all the configuration
information provided by the WEB Portal.
– Trigger the Sec Engine to update the managed devices.
– Another set of databases handle monitoring information.
– Provide logs and events storage and archiving.

• Oracle databases

15
 UBIqube Technology Platform

Event Tracker and CMDB

• Event Tracker
– Logs and events collector
– Handle syslog and flat files flows
– A built in analysis engine provide logs classification and
analysis
– Load balance the events to a set of reporting engine
– Upon the severity of the event, the engine triggers
alerts.

• C Language, Multi Threaded

16
 UBIqube Technology Platform

SEC Engine

• SEC Engine (Configuration Robot)

– Hide all the complexity of remote operation on a
group of devices.
– Guarantee coherence of all the devices.
– Use a database of tested configuration fragments to
calculate the new configuration for each device.
– Automatically update devices to allow dynamic
Internet addresses configurations
– Propagate security updates.

• C language, multi-threaded daemons

17
 UBIqube Technology Platform

VSOC Web Portal

• VSOC WEB portal

– Web-Based GUI : control your devices from anywhere.
– High-level interface to administer one or many Edge
devices.
– Multi-Tenant architecture – with role based access
control for service delegation

• Java based with Ajax on Tomcat and Apache

Servers

18
 UBIqube Technology Platform

Role Based Access Control Concepts

• The scope of a service provider is called an operator

or VSOC (Virtual SOC).

• The MSActivator supports different operators on the

same physical SOC

• Customers are created inside one operator.

• Security profiles are applied to managed device.

• Devices and profiles are managed by the services

providers called managers
 UBIqube Technology Platform

Role Based Access Control Concepts

Service Provider that need to
manage only one operator UBIqube

Privileged Administrator Service Provider that need to

Service Provider Staff that can manage manage several operators
all or only a subset of customers. Or Administrator A Administrator B
Customer with management capabilities

Privileged Manager Privileged Manager

Manager 1 Manager 2 Manager 1

Customer A Customer B Customer C Customer D

Customer Read Only Console Device 1

Device 1
Device 2
Device 2
Device 3

Profile 1
Profile 1
Profile 2

Operator AAA Operator BBB

 Service Provider Solution Suite

Service Delivery Scenarios Overview

21
 Service Provider Solution Suite

Service Delivery Scenarios

Service Depth

Local Log
Archiving

LAN/DMZ
Services

Legal
Requirement

Central SOC Service Delivery Remote Service-Agent

Off-Premises On-Premises

22
 Service Provider Solution Suite

Service Delivery Scenarios – Centralized

ISP Backbone

Traffic Customer 1
Traffic Customer 2
Management

23
 Service Provider Solution Suite

Service Delivery Scenarios – Service Agent

Lack of SP trust

ISP #1

Customer
ISP Backbone Network
ISP #2

SmartSOC
Service Agent

Centralized SOC Management

Service Agent Management

24
 Service Provider Solution Suite

Service Delivery Scenarios – Tiered

Integrator Service Service fulfillment

fulfillment partner Config management
Event management

ISP #1

Customer
ISP Backbone Network
ISP #2

Service Provider
Service Management Customer Self-Service
Integrator Service Reporting, Monitoring
management

25
 Agenda

• About UBIqube

• Service Provider Solution Suite

Introduction, technology platform

Service delivery models

• Detailed Technical Services portfolio

• Managed Router and Secure VPN
• Managed Security (FW, IPS, Content Filtering)
• Monitoring Alerting and Reporting

26
 Managed VPN Services

Overview

• Managed IPsec VPN (PKI authentication)

– LAN-2-LAN
– Remote Access

• Managed Router (advanced)

– Redundancy
– QoS

27
 Managed VPN Services

LAN-2-LAN VPN

• Transparent LAN-to-LAN connectivity

– Normal routed network environment
– Multiple subnets on each LAN
Client-Server VPN

• Client-Server VPN or Mesh

• IPsec VPN featuring :

– End-to-End Encryption
– Authentication with Certificates
• Avoids security risks with Pre-Shared Keys

Mesh VPN
• Dynamic Configuration Change Control
– Automatic propagation of configuration
Updates (eg new Device set up)

28
Managed VPN Services

LAN2LAN VPN

29
 Managed VPN Services

Remote Access

• Secure Remote Access for your Road

Warriors
– Works with WiFi, UMTS… Usually “Just Works”
– LAN-like transparent connectivity to all the
enterprise application

• IPsec VPN featuring :

– End-to-End Encryption
– 2 phase Authentication with Certificates and
Xauth
• Avoids security risks with Pre-Shared Keys
• Avoids security risks with Stolen Laptops

30
 Managed VPN Services

Redundancy

• Double the Internet Access and routers

– Protection against Failures
• Of the equipment
• Of the WAN link if a catastrophic failure occurs

– Use two ADSL links from different ISPs

• High Availability in actif / actif mode

– Or Backup your MPLS VPN with ADSL

VPN!

• Backup Broadband with Dial-Up ADSL

– Poor substitute, but powerful recovery PSTN

system

31
 Managed VPN Services

QoS

• Optimize the traffic on your access link, for

example :

– Define maximum bandwidth for Surfing

– Define minimum bandwidth for Business Applications

(VoIP)

• Modify your QoS policy to follow your network

expansion

32
Managed VPN Services

QoS

33
 Managed Security Services

Overview

• Managed Security
– Firewall
– IDS/IPS
– Anti-Virus
– URL-Filtering
– Anti-Spam

34
 Managed Security Services

Firewall

• Firewall Security profiles

– Configure one, deploy many

• Use of predefined recommended services

– DNS, HTTP, POP, SMTP, IMAP …

• 3 cookie cutters
– Soho profile
– Private DMZ profile
– Public DMZ profile

• Reliable Remote Administration

– No risk of being locked out from the router

35
 Managed Security Services

Firewall

Firewall Profiles
• Filter outgoing connections
(inside/DMZ to outside)

• Filter communications inside the

VPN (inside/DMZ to VPN)

• Control incoming connections (outside to inside/DMZ)

– Port-Forwarding,
• Allow incoming connections to Web and Mail servers
– Static NAT

36
Managed Security Services

Firewall

37
 Managed Security Services

IPS/IDS

• IDS/IPS profiles
– Configure one deploy many

• Monitor suspicious behavior

– Globally or locally depending of interfaces

• Signatures packs as cookie cutters

– Easy tunning of the IPS module

• Automatic Signatures Updates

– Licence Warnings
– False positive Management

38
Managed Security Services

IPS/IDS

39
 Managed Security Services

Detection means monitoring

• Intrusion Detection Systems watch for anomalies

– Requests without replies

• Generates Alerts
– Lots of Syslog messages
– Needs centralized collection and presentation

• Syslogs are stored in the SOC

– Impossible for an attacker to hide the traces
– Available for 1 month via vSOC
– Post-mortem or Forensic analysis hides nothing

40
Managed Security Services

IPS/IDS

41
 Managed Security Services

Anti-Virus

• Critical business runs over the Internet

– Viruses can be propagated over the Internet
– Resulting in outages and lost revenue

• SecureDevice Anti Virus manages and monitors Anti-

Virus on the Internet Gateway to guarantee :
– Protection of internal network resources from virus
attacks
– E-mail and Web traffic Cleaning
– Business continuity.

42
 Managed Security Services

Anti-Virus

• Anti-Virus/Spyware profiles
– Configure one, deploy many

• Monitor traffic
– Globally or subsets of traffic (recommended services http,
ftp, smtp, pop3 …)

• 3 cookie cutters
– Normal Anti Virus Profile (optimized performances)
– High Anti Virus Profile (scan all files)
– Paranoid Anti Virus Profile (scan all files recursivelly, update
frenquently, block all upon failure)

• Automatic Virus Databases Updates

– Licence Warning

43
Managed Security Services

Anti-Virus

44
 Managed Security Services

Anti-Spam

• Anti-Spam
– To much spam in the inbox impacts employee
productivity
– Prevent spam with very low false positives

• Anti-Phishing
– Phising can lead to Identity company or personal
credentials theft
– Prevent financial loss by adding protection against
phishing attacks

45
Managed Security Services

Anti-Spam

46
 Managed Security Services

URL-Filtering

• Control Web Access

– Explicit or by type

• Explicit declaration of URLs

– White-List or Black-List
• Easy, but limited use

• Restriction by type using a classification service

– Control employee Internet usage
– Block access to inappropriate or non-work-related
WebDevices
– Improving employee productivity and limiting the risk of
legal action

47
Managed Security Services

URL-Filtering

48
 Managed Security Services

Vulnerability Assessment

• The embedded scanner scan devices for

vulnerabilities

• The exploit database is automatically updated

• Can test managed or monitoring only devices

• Assessments can be schedules periodically

• Reports are available online on the Web Portal

49
 Managed Security Services

Vulnerability Assessment

50
 Managed VoIP Services

Managed VoIP Profiles

• Profile based provisioning of :

– Telephony & Voice Mail configuration
– Data/Voice twin VLAN configuration on CME &
UC routers
– SIP trunk configuration between CME & UC
– PSTN access configuration when FXO card
available
– Simple VPN setup for non-VoIP routers (SOHO)
– Easy configuration of proper QoS settings for
optimum VoIP experience

51
 Managed VoIP Services

Managed VoIP Profiles

52
 Managed Monitoring Services

Overview

• Silver Monitoring (SNMP)

– Map view : Graphical Real-time Monitoring Console
– KPI monitoring : Traffic, CPU load, Uptime, etc.
– Threshold alerting

• Gold Monitoring (Syslog)

– UBIscope and Security dashboard
– Log analysis and alerting
– Detailed Security PDF reports

• Asset Management
– Software and hardware inventory
– Licence management

53
 Managed Monitoring Services

Real-time Console and MapView

54
 Managed Monitoring Services

Real-time Console and MapView

55
 Managed Monitoring Services

Real-time Console and MapView

56
 Managed Monitoring Services

Silver Monitoring Network Statistics

• Availability
– Real-time availability testing
– After 6 consecutive failures, an
alert is generated

• Incoming/outgoing Traffic
– Monitor link saturation
– Plan for QoS

• Uptime
– Time since last reboot
– Distinguish Network and Router
problems

• CPU Load
– Diagnose usage anomalies
– Proactively propose upgrade

57
 Managed Monitoring Services

Silver Monitoring Enhanced Statistics

• Network Latency
– Monitor quality of ISP
connection

• IKE statistics
– VPN tunnels statistics
– Identifies VPN module failures

• QoS statistics
– Per traffic class statistics
– Monitor forward and drop
traffic

• IPS statistics
– Monitor the number of IPS
events
– Sorted by Device or Profile

58
 Managed Monitoring Services

Silver Monitoring Profiles

• KPI monitoring based

on SNMP OID

• Custom graph
rendering

• Threshold alerting

59
 Managed Monitoring Services

Gold Monitoring Dashboards

• Security DashBoard
– Online alert reporting
overview.
– Event History per
category
• IPS, Firewall
• Content Filtering
• Logs
– Top 5 :
• Device top 5 of the
week/month : most
attacked Devices
• Alert top 5 of the
week/month : the
most frequent alerts

60
 Managed Monitoring Services

Gold Monitoring Log analysis

Log Analysis
– Compute weekly summary reports
– Aggregate the logs events on a per day basis
– Customize the logs with human readable information

61
 Managed Monitoring Services

Gold Monitoring Alerting

Alert Generation
– Discard the event (marked as false positive)
– Generate an email alerting

62
 Managed Monitoring Services

Gold Monitoring Detailed Reporting

• Daily and Monthly detailed Reports

63
 Asset Management Services

Asset Management Inventory

• Updated and centralized software and hardware inventory

reports
• Dynamically tracks all security assets managed without the
need to schedule an audit

64
 Asset Management Services

License Management

• Security modules licenses inventory

• Validity email alerting

65
 Managed Monitoring Services

Gold Monitoring Auditing

• Configuration Backup
– The running configuration of each device is downloaded
and saved every night
– Stored for 6 months
– Locate illicit manual modifications

• Audit trail within UBIqube SOC

– A record is retained of every modification

66
 Supported Devices and available services

Managed Devices

Managed, including monitoring and reporting

• Cisco ISR Series 800, 1800, 2800, 3800, 7200 …
• Cisco UC500 Series
• Cisco ASA Series (CSC, AIP) 5505, 5510, 5520/40, 5550
• Cisco PIX Series 501, 506E, 515/525/535
• Juniper ScreenOS Series 5GT, ns25, 50, 204, 500
• Juniper SSG 5, 20, 140, 320, 520
• Fortinet Fortigate 60, 100, 200, 300, 400

Monitoring and Reporting

• Bluecoat SG
• Checkpoint Firewall 1
• Ironport – AsyncOS etc.

67
 Summary

The market for Managed Services is a huge opportunity.

Telecom operators are well positioned to take advantage

and generate margin intensive recurrent revenues while
addressing customer churn, improve IT ops and walk the
path of Value Added Service Provider.

Service Provider challenges are linked to Time-to-Service,

Costs control, Service and routes to market definition,
Sales&Marketing organisation.

Leveraging Cisco’s Service platforms together with

UBIqube’s Service Delivery Platform allow to successfully
address the Managed Service market opportunity

68