 |
General HyperManage platform gives full support to a great wealth of Firewalls built around different hardware and software platform: for all of them and depending on the underlying IT technology used, HyperManage delivers the proper technical tools and solutions to implement all the services needed to realize a fully managed enviroment. The Cisco PIXes firewalls are basically built over the Cisco routers hardware and software platforms so the way they are managed is somehow similar to the way the Cisco Routers are managed in Hypermanage. Operational Functions Firewall's Console Access via LAN port This connection functions while the firewall and the LAN IP-based connectivity linking the HyperNode to the Firewall are fully operational. If the firewall's network path becomes non operational or the firewall's network configuration become incompatible with the network configuration such access tool becomes non operational. Firewall's Console Access via Serial Console port This connection is realized by connecting the physical serial port of the HyperNode to the Firewall's Serial Console Port. This connection remains functional independently from the Local Area Network status or the Firewall's IP configuration status. As far as the HyperNode has a route to reach the HyperServer either via the primary WAN/LAN link or via a Secondary Network Connection or an Out of Band Connection (like a 3G based link created by inserting a USB 3G Key into the master USB port of the HyperNode), then the Firewall's serial console port will remain accessible and the Firewall will continue being remotely manageable.  The Power Control Function will also remain fully functional in all conditions and this, in case of a serial console connection, will allow not only give the Firewall a cold boot while keeping active the Firewall's serial console link for reconfiguration purposes, but it will allow to switch off the Firewall to deactivate all access path to the infrastructure in case of emergency. Backups of all the Firewall's configuration changes can automatically be saved on the server. All the previous and the current configurations of the router can be accessed, compared and reloaded at any time as required. HyperManage Auto-Login feature allows to give access to the PIXes Firewalls to a technician with a procedure fully performed by the HyperServer. HyperManage presents to the user an open session with the prompt to the device already fully logged in with the correct privilege level previously setup for such technician. The Auto-Login feature of HyperManage leaves credentials necessary to login on the different devices known only to the HyperServer and this is particularly important in the case of a Firewall management. An additional advantage of the AutoLogin function is that when the access of a technician to a device or to the entire HyperManage system is centrally suspended by centrally disabling the technician's RSA access key or by limiting its access rights, no other security precautions are needed because no technician has any knowledge of the credentials necessary to login onto the different devices managed through the HyperManage system. Management Functions HyperManage platform makes available a great wealth of management functions and tools to enable delivering a higher quality of service on PIX'es Firewalls while requiring less resources. Session recording and logging All maintenance sessions to Cisco PIXes performed by the different technicians can be fully recorded. This allows to use the historic knowledge of what has been done on the firewalls for different purposes:
For every management session detailed information on the specific technician and his management connection are also recorded and accessible to eligible users: The name of the technician and the IP address he/she used to connect to the HyperManage system, Session Start-Date and Time, Session End-Date and Time. Session Recording is a system wide feature that helps coordinating everybody's work, promotes efficiency, collaboration and leads to a prompter, better managed service. Proactive monitoring HyperManage Proactive monitoring function allows the technicians to do their work fully concentrated on their task without the need of monitoring devices for critical events. HyperManage can be configured to trigger different reactions like sending alarm emails, SMS and even making PhoneCalls in order to alert the responsible technicians and the management about a critical event occurred to a mission critical device like a Firewall. HyperManage can monitor a PIX Firewall by analyzing standard SNMP traps or by using the serial connection to the Firewall console. The HyperNode, if connected to the serial console port of the Cisco PIX, can automatically run some diagnosis commands and also analyze alarms spontaneously printed by the PIX Firewall on the console port. This produces a fast transfer of all status changes to the HyperManage, that can then be programed to alert the responsible technicians with email messages already reporting all alarm details or other forms of alerts like SMS's. On the WEB interface provided by HyperManage, the device with an abnormal or changed state will be highlighted to show a change of status and full information on the alarm is readily made available. HyperManage has an integrated management system that allows the management process of any alarm to be detailed so that any fact or action or observation consequest to the initial triggering event is noted and recorded. Consequently any action, decision, planning, connection becomes part of the alarm handling procedure: this is an essential tool to bring interpersonal coordination in the resolution process of a fault that in modern companies, most of the time, involves different people sometimes located in different physical locations. Such management system can also be used to give some limited visibility to clients and/or other users of the activities that are taking place in the fault handling procedure. From a system configuration point of view, access to the alarms generated by the Firewall is granted to eligible users/technicians on a case by case bases. The Alarms and Intervention Management system is a built-in feature of HyperManage that grants access to eligible users / technicians to the history of all alarm and intervention activities performed on a specific Firewall that is extremely useful in taking the right decision when a new problem comes up. The system also can generate SLA statistics on the firewall's intervention process that can also be made accessible to eligible users / technicians / clients and so on. Automatic Backup procedure The HyperNode can retrieve automatically the configuration of the Cisco PIX, on scheduled basis. All configuration changes are stored centrally on the HyperServer and can be accesses by eligible users any time are needed. Emergency functions One of the most distinguishing features of HyperManage is that it is NOT ONLY an information NOC, but it is mainly an Intervention S-NOC. Because of its structure being based on the HyperMatrix Superstructure and the SuperStructure being based on the local presence of HyperNodes, HyperManage delivers unprecedented intervention capabilities in full security. This means that in case of the firewall's failure or primary network failure through the HyperNode local presence, the technicians is still in full control of the situation.
|
 |