AMF Security Controller

SDN Controller for Enterprise Networks

The Allied Telesis AMF-Sec Controller(1) enables our state-of-the-art network management and security solution. It provides exactly what enterprises need—reduced management costs, increased security and an improved end-user experience.

AMF-Sec screens

Overview

Allied Telesis Autonomous Management FrameworkTM (AMF) simplifies and automates network management. AMF-Sec(1) adds a powerful security component with an intelligent, fully-featured SDN controller. It reduces manual effort and cost in two ways: first, it reads data from business applications and automatically changes network configuration. Then, AMF-Sec works with security applications to instantly respond to alerts, and block the movement of threats within a wired or wireless network.

Intelligent Isolation Adapter automatically blocks threats

Most organizations utilize an Intrusion Prevention System (IPS) or Intrusion Detection System (IDS) to defend their network from attacks. However, an IPS can introduce latency and bottlenecks, and an IDS can usually only alert after a threat is found—by the time the operator reacts to the warning, the damage may be done.

AMF-Sec uses best-of-breed IDS applications to identify threats, then the intelligent Isolation Adapter engine built into our AMF–Sec controller responds immediately to isolate the affected part of the network, and quarantine the suspect device. Remediation(2) can be applied so the device can re-join the network with minimal disruption. Responses are configurable, and comprehensive logging provides a clear audit trail. This innovative feature helps organizations avoid lost time and unnecessary disruption to network services.

Protect the network edge

Most IPS solutions are only capable of blocking suspicious traffic as it passes through the IPS device. Since this tends to be near the gateway to the Internet, only external threats can be detected and blocked—this is the traditional “secure border” model. However, AMF-Sec can isolate traffic anywhere in the network, so it can prevent threats not only on the border, but also inside the network through USB drives, BYOD, and more. Thus, AMF-Sec is an innovative solution that can monitor traffic entering and traversing the local network, without introducing latency or bottlenecks.

Wired and wireless SDN

AMF-Sec is the first commercial SDN solution for wireless networks that offers programmability and control inside the network where it is most vulnerable. Allied Telesis wireless Access Points (APs) are OpenFlow-capable, and can be controlled by AMF-Sec to provide a dynamic network, and offer end-users a better experience. New policies and security updates can be easily implemented from the centralized controller to all APs in seconds, to dramatically cut the time required for network and security management—with a corresponding reduction in operating costs.

Open and flexible SDN solution

AMF-Sec interoperates with networks containing compatible OpenFlow switches, and with a range of physical and virtual firewall products. There is no need to upgrade to take advantage of the benefits of AMF-Sec, because it can interoperate with a wide range of existing equipment.

AMF-Sec also integrates with the Allied Telesis Autonomous Management Framework (AMF), a powerful network management and automation tool which also delivers cost and time savings. When used with AMF, it does not need to rely on the OpenFlow protocol to communicate with network devices. Instead, it can use AMF to deliver instructions to network devices.

This provides all the benefits of an SDN solution—without the need for OpenFlow. It lowers both risk and cost for an enterprise wanting to adopt SDN, since their existing network can remain unchanged.

AMF-Sec is an innovative SDN solution. It delivers real value by removing duplication and reducing network operating costs, while constantly monitoring for threats and protecting the network.

While other SDN solutions provide esoteric solutions for obscure networking problems, Allied Telesis AMF-Sec delivers true business value, all day, every day.

The AMF Application Proxy enables the AMF-Sec controller to communicate with the AMF master when a threat is detected, so it can take action to block the threat at source by quarantining the infected end-point.

Key Features

  • OpenFlow v1.3 compatible
  • Suitable for both wired and wireless networks
  • Integrates with business apps to save time and money
  • Integrates with security products to detect threats
  • Intelligent Isolation Adapter engine automatically blocks threats
  • Scalable—add more business apps for greater value
  • AMF Application Proxy

(1) Previously ‘Secure Enterprise SDN Controller’

(2) Remediation is managed by the network administrator

Block threats at the source

Most threat protection solutions are only capable of blocking suspicious traffic as it passes through the firewall, so only external threats can be detected and blocked—this is the traditional “secure border” model.

However, the AMF-Sec controller can isolate traffic anywhere in the network, with the built-in Isolation Adapter engine automatically blocking threats, such as those introduced inadvertently by staff with USB sticks, BYOD and so on.

This makes AMF-Sec an innovative security solution that can monitor traffic entering and traversing the local network, without introducing latency or bottlenecks.

Block threats at the source

Business application integration

The AMF-Sec controller includes powerful northbound APIs that collect real-time data from business applications. AMF-Sec analyzes this data to decide if network configurations need to be altered to reflect new business rules. For example, when new employees join the company, their details are entered into the HR system. AMF-Sec detects this, and automatically instructs the network to grant the new users the appropriate level of network access.

Business application integration
SPECIFICATION
Server
Processor CPU 2.5GHz or faster, 64bit x86 processors
RAM 4GB or larger
Disk Space 80GB or larger
Physical Requirements Network Interface GbE × 1, Optical drive DVD drive (bootable)
Virtualization VMware vSphere ESXi 5.5 (Hypervisor)
VMware vSphere ESXi 6.0 (Hypervisor)
VMware vSphere ESXi 6.5 (Hypervisor)
Microsoft Windows Server 2012 R2/2016 Hyper-V
Management
Browser Microsoft Internet Explorer 11
Google Chrome
Mozilla Firefox
Allied Telesis Switch for AMF Application Proxy (AMF Master) AMF Cloud(3),
SwitchBlade x8106(3),
x950 Series
SwitchBlade x8112(3),
SwitchBlade x908 GEN2(3),
x930 Series
Allied Telesis Switch for AMF Application Proxy (AMF Member) SwitchBlade x8112
SwitchBlade x8106
SwitchBlade x908 GEN2
x950 Series
x930 Series
x550 Series
x530 Series
x530L-52GPX
x510/x510L Series
x310 Series
XS900MX Series
GS900MX Series
x230 Series
x220 Series
GS980M Series
FS980M Series
IE510-28GSX
IE300 Series
IE200 Series
IE210L Series
AR Series
Allied Telesis Switch for OpenFlow SwitchBlade x908 GEN2
x950 Series
x930 Series
x550 Series
x510/x510L Series
x310 Series
x230 Series
IE510-28GSX
IE300 Series
IE210L Seires
AMF Master Maximum: 4
AMF Member Management Maximum: 510
Allied Telesis AP for OpenFlow TQ4600
Features
OpenFlow Switch Management Maximum: 510
Device Management Max MAC Address : 5000
Policy Management Max Policy : 5000
User Management Max User : 5000 (*Up to 255 MAC Address and 8 policy per user)
Location Management Max : 510 (*1 location enables listed 510 OpenFlow switches)
VLAN 0 ~ 4094
Administration Interface Web GUI
Backup and restore of configuration
edit of text, loading
updating Firmware
connecting license
Log Syslog
Device Authentication Result
OpenFlow Controller
OpenFlow Packets
GUI Operation
Trap Monitor
Mail Notification Under OpenFlow Control Device authentificating, Blocking, Isolating, Rogue device accessing, Device for excess license accessing, Cnanging at Database synchronization
Under AMF Application Proxy Control Device authentificating, Blocking, Isolating, Rogue device accessing
Redundancy Max : 2 system, Active&Standby
Scalability AMF Application Proxy Additional SESC License(3), AMF Master, AMF Member
OpenFlow Additional SESC License(3), OpenFlow License on each Switch(4)
System Version 1.6.0

(3) These products do not need additional licenses as they include the AMF-Sec license

(4) Please refer to “Ordering Information”

AT-FL-SESC-BASE-(1YR/5YR)

Base software including 10 node license for 1 or 5 years

Additional Licenses

AT-FL-SESC-ADD10-(1YR/5YR)

License for an additional 10 nodes for 1 or 5 years

AT-FL-SESC-ADD50-(1YR/5YR)

License for an additional 50 nodes for 1 or 5 years

AT-FL-SESC-ADD100-(1YR/5YR)

License for an additional 100 nodes for 1 or 5 years

AT-FL-SESC-ADD200-(1YR/5YR)

License for an additional 200 nodes for 1 or 5 years

Related AMF Licenses

AT-FL-x950-AAP-(1YR/5YR)

x950 series AMF Application Proxy license for 1 or 5 years

AT-FL-x930-AAP-(1YR/5YR)

x930 series AMF Application Proxy license for 1 or 5 years

Related OpenFlow Licenses

AT-FL-GEN2-OF13-(1YR/5YR)

SBx908 GEN2 OpenFlow license for 1 or 5 years

AT-FL-x950-OF13-(1YR/5YR)

x950 series OpenFlow license for 1 or 5 years

AT-FL-x930-OF13-(1YR/5YR)

x930 series OpenFlow license for 1 or 5 years

AT-FL-x550-OF13-(1YR/5YR)

x550 series OpenFlow license for 1 or 5 years

AT-FL-x510-OF13-(1YR/5YR)

x510 series OpenFlow license for 1 or 5 years

AT-FL-x310-OF13-(1YR/5YR)

x310 series OpenFlow license for 1 or 5 years

AT-FL-x230-OF13-(1YR/5YR)

x230 series OpenFlow license for 1 or 5 years

AT-FL-IE5-OF13-(1YR/5YR)

IE510-28GSX OpenFlow license for 1 or 5 years

AT-FL-IE3-OF13-(1YR/5YR)

IE300 series OpenFlow license for 1 or 5 years

AT-FL-IE2-OF13-(1YR/5YR)

IE210L series OpenFlow license for 1 or 5 years

AT-TQ4600-OF13

TQ4600 with OpenFlow featured