HP makes push for network stability
Hardware-heavy ProCurve Access Control Solution a step in the right directionFollow @pvenezia
These days, network stability means more than just making sure links are available and the proper routes are in place. A single workstation on a network segment can easily wreak havoc following a virus or worm infection, as continuous attempts to infect neighboring systems consumes enormous bandwidth on the LAN — and eventually the WAN or Internet circuit.
Many vendors are trying to solve this access-control problem, generally by pushing 802.1x link authentication, which requires authentication to a central directory to connect to the network in the first place. This can greatly increase the security on an internal network, but it requires more moving parts and user interaction to be functional.
To combat this situation, HP is touting the newest tools in its ProCurve switching line, including active virus-throttling and identity-driven access controls. The hardware-heavy solution is rather daunting in scope and requires HP gear throughout the network, but some of its parts can be divorced from the overall package and used in conjunction with network hardware from other vendors. Overall, ProCurve Access Control Security Solution may be a sign of good things to come.
Piece by piece
HP sent me a rackful of ProCurve gear to evaluate, including the ProCurve 5300xl modular switch with a Gigabit Ethernet blade and a 10/100 PoE (power over Ethernet) blade, a ProCurve 760wl wireless access controller, a ProCurve 7203dl WAN router, and the ProCurve 420wl wireless AP.
Taken as a whole, ProCurve Access Control Security Solution is impressive. The 5300 provides eight half-width slots for line cards, with a single slot used for the management blade. The 10/100 PoE blade in the 5300 is rather odd, requiring the ProCurve 600 RPS (Redundant Power Supply) to provide juice to the network ports. Apparently it’s impossible to provide enough power to the PoE blade through the 5300 chassis itself, so HP fitted this blade with a front EPS (External Power Supply) power connector to bump up the available wattage. It works, but is less than attractive and can cause cable management headaches, especially in a fully populated chassis.
The 5300xl series is available in a few different chassis flavors. I tested the 5304xl, a four-slot 5300xl chassis. Each slot can be populated by a variety of blades, such as the 24–port 10/100 blade or the four-port 10/100/1000 blade.
The 5304xl has a 38.4Gbps switching fabric and a top end of 24mpps (million packets per second). These numbers are rather light for a core layer-3 switch, and the blade count and port density are also limited when compared with chassis-based switches from the competition, such as Cisco’s 4500 or 6500 series and Foundry Networks’ BigIron switching family.
The wireless side of the equation is handled by the ProCurve 760wl, tasked with providing security policy management and configuration as well as policy enforcement across the whole wireless network. The 760wl is built around a FreeBSD core, and thus is really a server with an internal hard disk. This is an Achilles’ heel when it comes to fault tolerance, but the 760wl can be implemented in an active/passive fail-over configuration to mitigate risk of failure. Configuration and management of the appliance is accomplished via ProCurve Manager, which allows admins to oversee the whole network.