在資訊網路漫長的演進過程中，發展出許多的網路標準，從早期的Dec Net、 FDDI、Token-Ring、Nowell、AppleTalk、TCP/IP 到ATM以及 Ethernet...等等，不論其他各種網路標準具備了多麼完整的架構、安全性與包 容性，乙太網路及IP網路最終以低廉的價格及易於使用的優勢，擊敗所有其 他網路標準，壟斷業界大多數系統的L2/L3網路層(甚至傳統電信根深蒂固的 網路底層SONET/SDH也受到侵襲)。儘管IP和乙太網路已佔據大多數的用戶 環境，然而乙太網路和IP網路在安全與管理層面有其先天的缺陷，在面對快 速增長的數量和複雜性不斷增加，例如:不斷增長的有線和無線連線、跨客戶 端，服務器，電話和移動設備的連線訪問...等，使得IT部門面臨日益困難的 管理和安全挑戰。雖然大多數企業已採取許多的措施來保護其網路的外圍環 境，包括部署防火牆、 IDS / IPS、WAF，用於遠程訪問甚至安全的VPN以及 對抗試圖入侵無線接入點的駭客;然而對於底層網路仍然嚴重缺乏在基礎的乙 太網路管理和對內部IP訪問的控制和審核能力。

乙太網路及IP網路簡單易用的架構，使其有著低廉的價格優勢，然而缺乏可 見性，策略執行以及有效的控制能力，例如: 使用者可任意變更 IP位址、造成 隨處可見的IP 位址衝突;無法立即有效的瞭解企業網路設備與IP 數量，甚至 無法知道是否有外來訪客設備接入內網...等等， 使得大部份 IT網路的基層仍 面臨嚴重的資安威脅及管理問題。而無法有效管理的網路及非法網路訪問等問 題，無形中給企業帶來技術施行困難，業務風險甚至法律責任。

802.1X的架構及功能優點說明

本文首先探討IP / 乙太網路的當前狀態，使用者界接管理，並解釋網路地址和 界接訪問方面的需求與問題差距，以及當今流程和解決方案中的管理和政策控 制。 第二部分介紹一種新的 IP/MAC管理與解決方案「PIXIS管理系統」。它 提供企業，政府，教育和服務供應商等，IP和乙太網路的接入訪問控制;對於 整個網路的全自動監控，網路底層基礎資安策略執行、審計與位址追踪能力。 並討論佈建IP/MAC 控管系統的優勢和快速的投資回報率。

1. 乙太網路/ IP訪問管理現狀

時至今日，由於IP/ 乙太網路已成為業界標準，同時世界各國網路資安問題不 斷發生等諸多因素，傳統上不被重視的“ IP/MAC地址管理”很快的被各大企業 及IT管理人員列為重要指標。現今，許多系統應用已離不開IP位址的應用， 諸如:

1. 網頁化的應用程序。來越多的應用系統利用Internet的IP化連接標準。此 外，越來越多的應用程序外包給基於Internet的ASP(例如大量的客戶整合作 業系統集成於雲端服務)，這些變化導致交付關鍵任務服務和應用程序對於 IP網路的依賴性增加。


2. 又如IP電話(VoIP)的大量應用，使得網路上潛在的IP/乙太網路設備數 量加倍。兼容Wireless-LAN的移動設備(Mobile Phone、平板、手持裝置) 更 加劇網路設備的爆炸式增長。 由於 VoIP呼叫數據流本質上是點對點的，因此 VoIP電話尤其不僅會增加設備數量，而且還會增加其在網路上的連線複雜 性。


3. 未經授權的設備的安全問題。由於乙太網路的本質，在於使設備容易接入 網路，因此對於接入設備的記錄追蹤與管制，幾乎處於完全不設防的狀態。因 此企業IT人員面對內網設備的連接之合法性，有相當大的責任與壓力。根據 CSI / FBI 2012年計算機犯罪和安全調查，在1000多個接受調查的組織中，有 超過一半的組織承認遭受了一個或多個內部安全漏洞，甚至可能引入諸如病毒 的惡意軟件，而有32%的人完全不知道自己是否遭受過內部或者外部的入 侵。


4. 現行企業關鍵應用服務作業完全基於IP連線的基礎架構之上。現行企業組 織IT基礎架構的命脈幾乎已經完全仰賴IP通信連線。一般用戶的客戶端電腦 或筆記型電腦上的IP地址衝突僅會造成單一用戶或部分用戶群組的服務中 斷，但IP衝突若發生於關鍵服務器上，將導致直接的應用系統中斷、或者生 產停頓，直接造成企業高昂損失代價。如何保持服務的連續性，IP地址管理不 當將直接影響服務和應用程序的可用性。

面對日益重要的IP位址管理，許多的企業組織仍然使用手動流程和基本工具 (例如Excel電子表格)來進行IP 地址的追踪以及管理。 根據 Forrester Research的調查，有25%的人開發了內部數據庫解決方案，而另外20%的 人採用了第三方供應商的DHCP管理產品來幫助應對地址管理。

然而，面對現今瞬息萬變的資訊與安全管理狀態/需求，現有的IP地址管理方 案大多缺乏足以控制變動所需的三個關鍵要素，以滿足實現全面的IP /乙太網 路管理與界接之解決方案。

1. 缺乏即時性與完整的覆蓋
   當前用於管理IP /乙太網路的訪問流程和解決方案中最大的困難之一就是缺乏 即時的整體覆蓋能力。實務中以手動或表格追踪IP 地址的管理變更之過程， 難以維護且十分耗時，而且無法隨時更新，甚至經常會錯過網路中的重大更 改。 基於 DHCP的系統雖然有助於為用戶的客戶端設備分配IP地址，但不能 涵蓋常駐在許多IP網路中的眾多靜態IP的服務器和非PC 設備。 這種部分覆 蓋或管理本身可能導致意外的地址衝突。此外，對靜態 IP地址及其底層乙太 網路MAC地址缺乏實時可見性，這意味著無法有效的進行策略控制。強制使 用一紙禁令進行管制(如:不允許任意更改IP，不可使用非公司配發NB或設 備)、更只能流於空談。由於將靜態IP地址設定於任何IP 端設備十分簡單，因 此這是訪問控制安全性的主要漏洞。 員工甚至訪客都可以輕鬆連接個人筆記 本電腦，甚至連接網路硬盤、個人分享器等。


2. 缺乏靈活，即時的管制能力
   大多數手動管理程序(如: 定義交換器ACL)，僅能管理當下事件，無法因應網 路變化而實施任何特定的IP策略。基於DHCP的派發系統由於缺乏靜態設備 的覆蓋範圍，因此不容易涵蓋整體的實施策略。而採用網路交換器將特定的乙 太網路MAC地址鎖定於特定的埠上，更使得設備移動能力受到限制，且需要 花費大量的時間與人力維護。又如無線網(WLAN)的解決方案，因僅涵蓋無線 網路的範圍，傳統有線網路不易採用相同之控制器，使得這種管制的方式法不 足以實施於全面的網路訪問策略。


3. 缺乏完整的歷史追蹤文件和審計線索
   由於缺少所有聯網設備的完整覆蓋範圍，因此當今的地址管理流程和解決方案 不容易提供歷史追蹤資料及審計線索，以正確地掌握設備連網的軌跡並建立用 於監管審計目的的文檔。 現今政府的資安法規已對所有上市公司以及許多行 業的財務信息引入了監管要求，諸如 醫療保健，銀行，金融服務，電信和遊 戲運營商必須遵守有關金融，客戶和患者信息的法規要求。 如果沒有對應的 網路訪問策略控制的完整方案，完整的全網路範圍管理和全面的審計跟踪，則 很難證明有效且適當的控制措施已經到位，從而使組織面臨重大的財務處罰和 責任。

2. PIXIS管理系統簡介:全局IP /乙太網路訪問控制

現在，IT部門可以使用一種新的，更全面的IP /乙太網路訪問管理方法，該方 案可以對所有IP/乙太網路設備進行全面性，完整的網路範圍的策略控制和監 視，以建立基於IP管理策略的方案有效控制其整個IP/乙太網路基礎架構。

PIXIS管理系統的工作方式:

PIXIS管理系統通過控制對乙太網路MAC和IP層對內部網路界接的基本訪 問，使得任何使用IP 方式之設備均受其管制。 任何網路的接入處均為使用者 用以連結應用系統，流量進出網路的端點。在網路邊際界接處，施行管制，是 最有效地實施安全策略的方案。任何 IP設備必須經由PIXIS管理系統或IT管 理人員認證註冊，該IP設備才可以順利進入企業內部網路訪問，無論使用靜 態IP地址還是動態IP地址，均可有效管制。

PIXIS管理系統解決方案具備分散式的網路探針設備(Probe) 、中央控制的管 理主機及資料庫所組成。系統運行時Probe將執行即時自動檢測、分析網路流 量，監視終端設備的連網接入狀態，並將收集到的資訊立即傳送到中央的管理 主機。管理主機負責接收並整合所有資訊，建立完整終端設備狀態資料庫。配 合策略實施，隨時監視、控制內網所終端設備之活動。IT管理人員可從Web- GUI之服務台輕易掌控內網所有情況，全局監視信息，並可依IP資安策略實施 控制以及追踪設備歷史軌跡。

基於設備佈建的解決方案，PIXIS管理系統提供了一種易於部署的解決方案， 不需要於終端設備安裝客戶端軟件(Agent)，並相容於所有網路交換器設備， 節省大量建置時間與建置、維護之成本，並且提供了以下六大面向功能來實現 有效的IP /乙太網路訪問控制:

1. 外來設備管理: 靈活且即時的網路管制實施，基於網路策略的任何IP / MAC設備可即時的自動接納(通過授權)或阻斷(非授權設備)，而此種管制 並不需使用到任何網路交換機控制功能(亦即任何網路設備或架構均可適 用PIXIS管理系統)。可完全封鎖非法設備連網、亦可結合AD驗證，自動 授權連網，並具備員工/訪客認證程序，除提供有效、便捷之新設備連網 管理，並即時留存新設備接入之文件供日後參考。


2. 終端設備、監看控管: 全面性管理範圍監看，網路上IP / MAC設備的實 時自動檢測和監視，包括靜態和動態尋址設備，無論是無線還是有線連 接，因為無需安裝客戶終端軟件(agent) 所以涵蓋更全面的終端設備，不 論PC (各種OS: Windows，Linux)，筆電、行動裝置(手機、平板)、印表 機、IP Phone ... 等設備，均可輕易納入管理。


3. 異常事件、阻斷、告警處理: 強大，集中的IP/MAC管理策略定義，監視 和警報，諸如:未授權/超出管理範圍主機、IP 衝突偵測與IP 自行變更管 制、未知 DHCP 偵測與封鎖、重要設備 IP 離線偵測告警、設備廣播 / 群 播封包超量警示...等。


4. IP 派發與管理: 即時了解連網設備IP數量(包含上線中、離線設備數量) 以及設備何時上線、離線等紀錄。適用於IP和MAC 地址級別的預設策 略，例如 合法與未認證 MAC的管控，IP與MAC位址的綁定...等)、DHCP 依策略派發IP ，例如 依 MAC派發固定IP位址、依IPv4 位址，派發IPv6 對應關聯性之位址，真正有效追蹤同一設備之IPv4與IPv6 活動紀錄。


5. 網路架構、自動偵測: Switch Port 自動偵測，掌握終端設備連接位置。 自動定義串接 / 一般埠，閒置(未使用) Switch Port 報表便於稽核查詢， 自動生成網路拓樸圖，提供網段即視圖。


6. 紀錄稽核、符合ISO27001管理: 具備所有IP / MAC設界接網路的完整 歷史記錄和審核追踪資料，以符合ISO27001管理準則。包含: IP / MAC 使用歷程、AD、WSUS (微軟Patch) 佈署率、防毒軟體版本部署率等報 表、使用中/可用/ 閒置 Switch Port 報表，並可自定義相關排程報表。

PIXIS管理系統的優勢以及快速的投資回報

1. 記錄的網路訪問策略控制: PIXIS管理系統使公司能夠構建智能的訪問控 制解決方案，以管理整個有線/無線設備的中央策略，並提供持續性的追 蹤歷史文件，以證明它可為任何監管或審核機構明確定義並實施了有效的 網路訪問策略。


2. 減少因地址衝突而導致的停機時間: 依據Forrester Research報告稱，企 業總體停機時間中有15%是由於網路問題造成的，而大部分基於網路的 停機時間都歸因於解決問題所耗時間。通過消除地址衝突，並即時了解衝 突設備位置，IT部門可以防止沮喪的用戶停機時間和關鍵任務服務器停機 時間。


3. 與現有IP網路的無縫集成: 建置PIXIS 管理系統無需變更既有網路架構， 也不須考慮任何網路設備之相容性，建置過程中IT人員更無需通告企業或 申請系統中斷時間，有效減輕IT人員建置壓力，此種架構上的簡單性和完 整性使解決方案變得簡單，使其可以與其他網路組件無縫共存。


4. 易於部署且降低運營成本: 與許多需要大量部署客戶端軟件(agent) 的安 全解決方案不同，PIXIS管理系統使IT 部門可以在不增加安裝和維護客戶 端軟件的額外開銷的情況下，對其網路進行更有效的控制。這意味著用戶 不需要額外的培訓，管理人員也不會為增加維護負擔而煩惱。 此外， PIXIS管理系統同時支援IT部門有線和無線設備之間的訪問控制流程，從 而進一步減化流程減少開銷。

考慮到服務器停機和內部安全漏洞的成本，這些好處將可帶來快速的投資回 報。

結論

PIXIS管理系統為IP/乙太網路設備的全局可審核網路訪問管理提供了全面的解 決方案。通過將PIXIS管理系統與集中式用戶身份驗證系統結合使用以訪問網 路上的服務器資源，IT部門可以顯著降低內部安全漏洞的風險，並消除地址衝 突帶來的網路停機時間。提供了包括全方位的企業級支持服務的完整決方案。

In the long evolution of the information network, many network standards have been developed. From the early Dec Net, FDDI, Token-Ring, Nowell, AppleTalk, TCP/IP to ATM and Ethernet...and so on, no matter how complete the architecture, security and package of other network standards Capacitive, Ethernet and IP networks ultimately defeat all others with low price and easy-to-use advantages. Other network standards, monopolize the L2/L3 network layer of most systems in the industry (even the deep-rooted traditional telecommunications SONET/SDH at the bottom of the network is also attacked). Although IP and Ethernet have occupied the majority of users Environment. However, Ethernet and IP networks have inherent flaws in the security and management aspects. The number and complexity of rapid growth continue to increase, such as: growing wired and wireless connections, cross-customer Internet access, servers, phones and mobile devices... etc., making IT departments face increasingly difficult Management and security challenges. Although most companies have taken many measures to protect the peripheral ring of their network Environment, including the deployment of firewalls, IDS/IPS, WAF, remote access and even secure VPNs, and Fight against hackers who try to invade wireless access points; however, there is still a serious lack of basic B Ethernet management and the ability to control and audit internal IP access.

The simple and easy-to-use architecture of Ethernet and IP networks gives them a low price advantage, but lacks availability Visibility, strategy execution and effective control capabilities, for example: the user can change the IP address arbitrarily, causing IP address conflicts can be seen everywhere; unable to immediately and effectively understand the number of corporate network equipment and IP, or even It is impossible to know whether there are external guest devices connected to the intranet... etc., so that the basic level of most IT networks remains Facing serious information security threats and management problems. The network that cannot be effectively managed and illegal network access, etc. The question, invisibly brings technical implementation difficulties, business risks and even legal liabilities to the enterprise.

Description of the advantages of 802.1X architecture and functions

This article first discusses the current status of IP/Ethernet, user interface management, and explains the network address and The demand and problem gaps in boundary access, as well as the management and policy control in today’s processes and solutions system. The second part introduces a new IP/MAC management and solution "PIXIS Management System". it Provide enterprise, government, education and service providers, etc., IP and Ethernet access control; for Fully automatic monitoring of the entire network, the implementation of basic information security strategies, auditing and address tracking capabilities at the bottom of the network. And discuss the advantages of deploying IP/MAC control system and fast return on investment.

1. Current status of Ethernet/IP access management

Today, because IP/Ethernet has become the industry standard, and the network security issues in countries all over the world are not Due to many factors such as the occurrence of interruptions, the traditionally ignored "IP/MAC address management" has quickly been adopted by major enterprises. And IT managers are listed as important indicators. Nowadays, many system applications are inseparable from the application of IP address. Such as:

1. Web-based applications. More and more application systems use the Internet's IP connection standard. this In addition, more and more applications are outsourced to Internet-based ASPs (for example, a large number of customer integration cooperation Industry systems integrated into cloud services), these changes have led to the delivery of mission-critical services and applications for Increased dependence on IP networks.


2. Another example is the large number of applications of IP telephony (VoIP), which makes the number of potential IP/Ethernet devices on the network Double the amount. Mobile devices compatible with Wireless-LAN (Mobile Phone, Tablet, Handheld Device) Intensify the explosive growth of network equipment. Since the VoIP call data stream is point-to-point in nature, In particular, VoIP phones will not only increase the number of devices, but also increase the complexity of their connections on the Internet. sex.


3. Security issues of unauthorized equipment. Due to the nature of Ethernet, it is easy to access devices The Internet, therefore, is almost completely unguarded for the record tracking and control of access devices. because The IT personnel of this enterprise have considerable responsibility and pressure when facing the legality of the connection of the intranet equipment. according to CSI/FBI 2012 Computer Crime and Security Investigation, among more than 1,000 organizations under investigation, there are More than half of the organizations admit to having suffered one or more internal security breaches, and may even introduce viruses such as Malware, and 32% of people don’t know if they have been attacked internally or externally. Invade.


4. Current enterprise key application service operations are entirely based on the infrastructure of IP connection. Active Enterprise Group The lifeblood of the organization's IT infrastructure has almost entirely relied on IP communication connections. General user's client computer Or the IP address conflict on the laptop will only cause a single user or some user groups in the service However, if an IP conflict occurs on a key server, it will cause direct application system interruption or failure. The production stoppage directly caused high losses for the enterprise. How to maintain the continuity of services, IP address management is not It will directly affect the availability of services and applications.

Facing the increasing importance of IP address management, many organizations still use manual processes and basic tools (Such as Excel spreadsheet) to track and manage IP addresses. According to Forrester According to the research of Research, 25% of people have developed internal database solutions, while the other 20% People used a third-party vendor’s DHCP management products to help deal with address management.

However, in the face of today’s rapidly changing information and security management status/demand, the existing IP address management Most of the cases lack the three key elements needed to control the changes in order to achieve a comprehensive IP/Ethernet Solutions for road management and interface.

1. Lack of immediacy and complete coverage
   One of the biggest difficulties in the current access process and solutions used to manage IP/Ethernet is the lack of Instant overall coverage capability. In practice, the process of tracking the management change of the IP address manually or in a form, It is difficult to maintain and time-consuming, and cannot be updated at any time, and even major changes in the network are often missed. change. Although a DHCP-based system helps to assign IP addresses to users’ client devices, it cannot Covers many static IP servers and non-PC devices residing in many IP networks. Partial coverage Covering or managing itself may cause unexpected address conflicts. In addition, for static IP addresses and their underlying Ethernet The lack of real-time visibility of network MAC addresses means that policy control cannot be effectively carried out. Compulsory Use a paper ban for control (such as: arbitrarily changing IP is not allowed, and non-company allotment of NB or device Prepared), it can only be empty talk. Since it is very simple to set a static IP address on any IP end device, This is the main vulnerability of access control security. Employees and even visitors can easily connect to personal notes This computer even connects to network hard drives, personal sharing devices, etc.


2. Lack of flexibility and immediate control capabilities
   Most manual management procedures (such as: defining switch ACLs) can only manage current events and cannot respond to the network Implementation of any specific IP strategy according to the road changes. DHCP-based dispatch system due to lack of static equipment Therefore, it is not easy to cover the overall implementation strategy. And use a network switch to connect a specific B The Ethernet MAC address is locked to a specific port, which limits the mobility of the device and requires It takes a lot of time and manpower to maintain. Another example is the wireless network (WLAN) solution, which only covers wireless The scope of the network, traditional wired network is not easy to use the same controller, making this kind of control method impossible Enough to implement a comprehensive network access strategy.


3. Lack of complete historical tracking files and audit trails
   Due to the lack of complete coverage of all networked devices, today’s address management processes and solutions It is not easy to provide historical tracking data and audit trails in order to correctly grasp the track of equipment connection and establish Documents for regulatory audit purposes. Today’s government’s information security regulations have imposed on all listed companies and many businesses. The financial information of the industry has introduced regulatory requirements, such as healthcare, banking, financial services, telecommunications, and tourism. Theater operators must comply with regulatory requirements regarding finance, customer and patient information. If there is no corresponding A complete solution for network access policy control, complete network-wide management and comprehensive audit trails, then It is difficult to prove that effective and appropriate control measures are in place, thereby exposing the organization to significant financial penalties and Responsibility.

2. Introduction to PIXIS Management System: Global IP/Ethernet Access Control

Now, IT departments can use a new and more comprehensive IP/Ethernet access management method, which The project can carry out comprehensive, complete network-wide policy control and monitoring of all IP/Ethernet equipment It can effectively control its entire IP/Ethernet infrastructure by establishing a solution based on IP management strategy.

How the PIXIS management system works:

The PIXIS management system controls the basic access of the Ethernet MAC and IP layer to the internal network interface. Ask, make any device that uses IP mode is subject to its control. The access point of any network is the user Used to connect the application system, the end point of the traffic entering and leaving the network. At the edge of the network, control is enforced, yes The most effective way to implement the security strategy. Any IP equipment must pass through the PIXIS management system or IT management Management personnel certification and registration, the IP device can enter the corporate intranet access smoothly, regardless of the use of static Both the dynamic IP address and the dynamic IP address can be effectively controlled.

The PIXIS management system solution has a distributed network probe device (Probe) and a centrally controlled management system. It is composed of management host and database. Probe will perform real-time automatic detection and analysis of network flow while the system is running Monitors the network access status of terminal equipment, and immediately transmits the collected information to the central management Host. The management host is responsible for receiving and integrating all information, and establishing a complete terminal equipment status database. match The implementation of the strategy is to monitor and control the activities of the terminal equipment in the intranet at any time. IT managers can download from Web- The GUI service desk easily controls all situations in the internal network, monitors information globally, and can be implemented in accordance with IP security policies Control and track the historical trajectory of equipment.

Based on the equipment deployment solution, the PIXIS management system provides an easy-to-deploy solution, There is no need to install client software (Agent) on the terminal device, and it is compatible with all network switch devices, Save a lot of construction time and construction and maintenance costs, and provide the following six major functions to achieve Effective IP/Ethernet access control:

1. External device management: flexible and real-time network control implementation, any IP based on network strategy / MAC devices can automatically accept (through authorization) or block (unauthorized devices) in real time, and this kind of control No need to use any network switch control function (that is, any network equipment or structure can be adapted Use PIXIS management system). It can completely block illegal devices from connecting to the Internet, and can also be combined with AD verification, automatically Authorized to connect to the Internet, and have employee/visitor authentication procedures, in addition to providing effective and convenient new equipment to connect to the Internet Manage and save the files of new device access immediately for future reference.


2. Terminal equipment, monitoring and control: comprehensive monitoring of the scope of management, the implementation of IP / MAC equipment on the network Automatic detection and monitoring at any time, including static and dynamic addressing devices, whether wireless or wired Because there is no need to install client terminal software (agent), it covers a more comprehensive terminal equipment. On PC (various OS: Windows, Linux), laptop, mobile device (mobile phone, tablet), printer Devices, such as mobile phones, IP Phone..., etc., can be easily managed.


3. Abnormal events, blocking, and alarm handling: powerful, centralized IP/MAC management strategy definition and monitoring And alerts, such as: unauthorized/out-of-management hosts, IP conflict detection and IP self-change management Control, unknown DHCP detection and blocking, important equipment IP offline detection alarm, equipment broadcast/group Broadcast packet overweight warning...etc.


4. IP distribution and management: real-time understanding of the IP number of connected devices (including the number of online and offline devices) And when the device is online, offline and other records. Preset policies for IP and MAC address levels Omit, such as the management and control of legal and unauthenticated MAC, the binding of IP and MAC address... etc.), DHCP Distribute IP according to policy, for example, distribute fixed IP address according to MAC, distribute IPv6 according to IPv4 address Corresponding addresses can effectively track the IPv4 and IPv6 activity records of the same device.


5. Network architecture, automatic detection: Switch Port automatically detects and grasps the connection location of the terminal device. Automatically define serial/general ports, and the idle (unused) Switch Port report is convenient for audit and query. Automatically generate network topology and provide network segment view.


6. Record audit, compliance with ISO27001 management: complete with all IP/MAC interfaced networks Historical records and audit trail data to comply with ISO27001 management standards. Contains: IP / MAC Use history, AD, WSUS (Microsoft Patch) deployment rate, anti-virus software version deployment rate, etc. Table, Active/Available/Idle Switch Port report, and customize related schedule report.

The advantages of PIXIS management system and fast return on investment

1. Recorded network access policy control: PIXIS management system enables companies to build intelligent access control System solutions to manage the central strategy of the entire wired/wireless equipment and provide continuous follow-up Historical documents to prove that it can clearly define and implement effective Network access strategy.


2. Reduce downtime caused by address conflicts: According to a Forrester Research report, companies 15% of the overall downtime of the industry is caused by network problems, and most of the network-based Downtime is attributed to the time it takes to solve the problem. By eliminating address conflicts, and real-time understanding With sudden equipment locations, IT departments can prevent frustrated user downtime and mission-critical server downtime time.


3. Seamless integration with existing IP networks: There is no need to change the existing network architecture to build a PIXIS management system, There is no need to consider the compatibility of any network equipment, and IT personnel do not need to notify the company or Apply for system interruption time, effectively reducing the pressure of IT personnel to build, the simplicity and completeness of this architecture Integrity makes the solution simple, allowing it to coexist seamlessly with other network components.


4. Easy to deploy and reduce operating costs: Compared with many security Different from the full solution, the PIXIS management system enables IT departments to install and maintain customers without increasing In the case of the additional overhead of the end software, the network can be more effectively controlled. This means that the user No additional training is required, and the management staff will not bother to increase the maintenance burden. also, The PIXIS management system also supports the access control process between the wired and wireless devices of the IT department, from And further reduce the process to reduce overhead.

Considering the cost of server downtime and internal security breaches, these benefits will lead to a quick return on investment Newspaper.

Conclusion

The PIXIS management system provides a comprehensive solution for the global auditable network access management of IP/Ethernet devices. Solution. By combining the PIXIS management system with a centralized user authentication system to access the Internet With server resources on the road, the IT department can significantly reduce the risk of internal security vulnerabilities and eliminate address collisions. Sudden network downtime. Provides a complete solution including a full range of enterprise-level support services.