ExtremeCloud IQ Site Engine

ExtremeControl is available as part of ExtremeCloud IQ Site Engine. When access security in ExtremeControl is enabled, it provides role-based network access control (NAC) for all devices, including third-party networking devices. The application securely enables BYOD, guest access, and loT device control to protect the network against external threats and protect corporate data by proactively preventing unauthorized users and compromised endpoints from network access. Users can centrally manage and define granular policies to meet compliance obligations, locate, authenticate, and apply targeted policies to users and devices.

The full lifecycle of network management is supported. Beginning with the initial deployment planning stage via configuration templates to predefine site, port, service, reference firmware, and fabric attributes, to the deployment stage with Zero Touch Provisioning Plus (ZTP+). The ZTP+ capability enables the automated deployment of a new switch via templates and workflows. It supports daily and on-demand operations, such as adding new services and VLANS. Maintenance-related tasks (RMAs and service maintenance windows) can be implemented. Site Engine also supports configuration and firmware updates across third-party networking devices, reducing lengthy and error prone manual onboarding and updates.

ExtremeCloud – IQ Site Engine provides cross domain workflow automation capabilities via an intuitive graphical approach to easily automate network tasks. Built-in automation and workflow tools as well as support for common scripting languages, such as Python, provide the ability to create the sequential execution of tasks in workflows for customized orchestration. For example, a workflow to configure multiple Wired, Wireless, third-party, or a combination of devices with a single click. These capabilities assist in the reduction of command line interface-based management while helping to alleviate the burden on IT personnel and the impacts of unintended downtime.

A workflow can be triggered by any event, such as when a threshold is reached, a Syslog message or trap is received, a user action, or even an external API call. The workflow can reconfigure the network or interact with third-party automation solutions. For example, if the reboot of the device is detected, technical logs and details can be gathered, and a help desk ticket can be created by the workflow itself. If a high CPU utilization is detected, the workflow can automatically gather additional information about the running processes. Site Engine can change a 3:00 AM wake-up call to a 10:00 AM follow-up.

Topology maps provide non-fabric and fabric visualizations. Non-fabric visualizations enable, for example, the visibility of VLAN presence, or the link status of the primary and secondary paths within an Ethernet Automatic Protection Switching (EAPS) scheme of an Ethernet ring architecture. Users can visualize the state of link aggregation groups (LAG) and multi-switch link aggregation groups (MLAG) and determine which devices participate in the link aggregation. Users can visualize a bridge port extender (BPE) topology and determine what control bridges are used, what BPEs are present, and the state of the topology. This solution enables users to be more efficient with the management of their network by providing granular analysis and fabric management to make data-driven, informed decisions.

ExtremeCloud IQ Site Engine provides actionable insights for end-to-end network visibility. Granular details into the performance of applications and the network through application are provided through telemetry and deep packet inspection (DPI). ExtremeAnalytics is integrated with Site Engine to provide advanced capabilities. This includes a granular view of users, devices, and applications with an easy-to-understand dashboard inventory and network topology for efficient management. When Site Engine is used with ExtremeAnalytics, it speeds up troubleshooting by separating network from application performance, so users can quickly identify root causes. It monitors shadow IT, identifies and reports malicious or unwanted applications, and helps with security compliance.

The Analytics Engine within ExtremeAnalytics extends application visibility from Wired and Wireless devices all the way through the campus to the data center. With deep packet inspection, network administrators can see and analyze network traffic across multiple layers for real-time accurate information analysis. Additionally, the integration of private cloud solutions based on VMware ESXi and Microsoft Hyper-V provides a unique capability of a single analytics toolset that covers campus and data center.

ExtremeCloud IQ Site Engine enables the security of an organization’s wired and wireless networks through in-depth visibility and control over users, devices, and applications. Monthly security updates provided by Extreme Networks enhance compliance with security requirements. Flexible deployment options support a range of data security and compliance requirements and allow organizations to adapt over time.

Cloud-based network management delivers the operational efficiencies and extensibility of software-as-a-services (SaaS). Site Engine enables a migration path for third-party and non-cloud native networking devices to cloud-based network management. It extends device management support for third-party devices that do not have robust SNMP capabilities by utilizing scripts and Telnet/SSH. ExtremeCloud IQ Site Engine also enhances ExtremeCloud IQ’s management capabilities with additional features for Extreme Networks Universal Platforms (switches and access points) as well as legacy devices.

The benefits of cloud-based management are gained by using Site Engine together with ExtremeCloud IQ in a secure cloud-connected mode of operation to manage the network in the public cloud (AWS, Microsoft Azure, and/or GCP). The cloud-connected mode can provide flexible deployment options while preserving existing investments in devices and staff training.

Support for fabric management capabilities is natively designed into ExtremeCloud IQ Site Engine, so time to service is greatly reduced. Users benefit from flexibility via the ability to automatically change the switch OS persona from the factory default to the Fabric Engine OS while deploying the Fabric network. Other capabilities include the configuration and customization of fabric topology, as well as configuration of fabric services (L2VSNs, L3VSNs, Service ID, Name and Type), distributed virtual routing (DVR) element (Leaf, Controller, and Router) properties, router redundancy protocols (VRRP, RSMLT, DVR), and port templates.

Fabric-specific visualizations help users more easily monitor fabric-related parameters such as fabric areas and Fabric Connect links to locate where IS-IS areas are present and determine which links are part of the fabric. Also, users can visualize primary and secondary paths between two fabric switches in the network, and where in the network a specific fabric service is present to ascertain its main attributes (L2VSN vs L3VSN, VRF assignment). These key visibility capabilities assist users in monitoring and validating their non-fabric and fabric and combined deployments and troubleshooting them more easily when required.

The integration of Fabric over Extreme’s software defined wide area networks (SD-WAN) enables Site Engine to display tunnels extending fabrics through SD-WAN and report tunnel failure between SD-WAN devices. Network operators can easily navigate from Site Engine to an SD-WAN appliance, then use the 360 view to investigate and troubleshoot. The user can also access Site Engine from ExtremeCloud SD-WAN with SSO.

ExtremeCloud IQ Site Engine allows IT organizations to transition to cloud-based network management at their own pace. It provides flexibility to manage networks in a local, on-premises mode and transition to the cloud when ready. Site Engine works with ExtremeCloud IQ in a secure cloud connected mode of operation to facilitate cloud-based network management of distributed devices and end users. Additionally, ExtremeCloud IQ Site Engine can also be deployed in an “air-gapped” mode for adherence to industry and regional data security and compliance requirements.

It is useful to understand the device and network telemetry data that is forwarded from Site Engine to ExtremeCloud IQ to determine the shared details. To provide customers with greater control Extreme provides options, so users can select the data forwarded from Site Engine to ExtremeCloud IQ. (Details regarding the statistics communicated are documented here. Additional details regarding the connection between Site Engine and ExtremeCloud IQ are provided here.) Four configurable options are available for the data communicated from Site Engine:

• Share data from Site Engine with ExtremeCloud IQ
• Do not share the end-system information with ExtremeCloud IQ
• Use ExtremeCloud IQ as a license proxy only, no statistics are shared
• “Air Gap" mode, no internet connectivity required

As an organization’s strategy or requirements change, users can change the deployment model from “air-gapped” to connected mode and back with just a few clicks without the need to change network hardware or firmware, reinstall software, or purchase a different license. Support for all deployment models is provided with uncompromised security for client data and options respecting data sovereignty requirements.

Extreme Networks offers simplified licensing to help customers cost-effectively transition to cloud-based network management and subscription licensing. Site Engine includes integrations with ExtremeAnalytics and ExtremeControl. ExtremeAnalytics is available as part of the ExtremeCloud IQ Pilot license tier to make it easier for existing Extreme customers to transition in a way that makes sense for their organization.

• ExtremeCloud IQ Pilot is the primary license tier for the ExtremeCloud IQ suite for end-to-end management. It enables enhanced policy enforcement, visibility, reporting, and advanced configurations. Pilot delivers configuration and management of infrastructure devices at scale, including advanced policy, segmentation, and troubleshooting.
• ExtremeCloud IQ Navigator is an alternative, lower capability license tier delivering third-party device management. It provides basic visibility, limited reporting, configuration management, advanced SSH, scripting, configuration backup.

ExtremeCloud IQ Site Engine is integrated with key platforms from Extreme and third parties to streamline business processes. These integrations enable extended capabilities with ExtremeAnalytics, ExtremeControl, and/or ExtremeConnect. The benefits include more robust data analysis and better user experiences.

A comprehensive suite of open APIs is offered from Extreme’s network infrastructure portfolio of switches and Wireless APs. This includes the classic integration methods like SNMP, Syslog, and more efficient integration methods like REST-based APIs and the Swagger UI. Additional information regarding the ExtremeCloud IQ Site Engine API is available . ExtremeControl is integrated with major enterprise platforms, including solutions for network security, enterprise mobility management, analytics, cloud, and data center. It also includes an open northbound API for customized integrations to key enterprise platforms.

ExtremeCloud IQ Site Engine provides end-to-end management of the Wired and Wireless devices from the edge to the data center and across multivendor devices. It provides a centralized view of the entire network with visibility of all network devices without having to piece together multiple applications.