HGiga PowerStation Product Presentation

advertisement
PowerStation Product Presentation
Outline
HGiga Power Family Series
 Award & Certification
 Essential Functionalities
 Platform Specifications
 Summary

2
HGiga Power Family Products
3
PowerStation Product Positioning
WAN Load
Balancer
Firewall & Access
Authentication
Product Role
Bandwidth
Management
4
Who would choose PowerStation ?





Companies that want to use multiple WAN links effectively
Companies that plan to use multiple inexpensive
broadband links to replace expensive lease lines
Companies whose business depends on stable and highly
available Internet connection
Companies that want to manage their bandwidth and
maintain quality of service of their applications
Companies that want to have an integrated edge
appliance as their gateway to reduce the total cost of
ownership.
5
Awards & Honors

#1 Security Solution Provider in
Taiwan that received CMMI ®
Maturity Level 3

#1 Security Solution Provider in
Taiwan whose firewall product
received ICSA Labs Corporate
Firewall 4.1a. Certification.
6
Essential Functionalities

WAN Load Balance






Outbound LB
Outbound Failover
Inbound LB
Inbound Failover
Healthy Link
Detection

QoS Management

User-Level Auth
 Service Level
Agreement (SLA)
 External Auth Source
( AD,LDAP,POP3,
SMTP,RADIUS )

Single-Port App
 Server Health Monitor
 Multiple SLB
Algorithms
VPN Solutions

Connection Policy
 Host Policy
 P2P QoS Policy
 Traffic Analysis /
Report
WLAN Access Control  Server Load Balance


Remote Access
(PPTP/L2TP)
 VPN Load Balance

L7-App Filtering

Blocking P2P
(BT, eDonkey, Kazaa)
 Blocking IM
(MSN, Yahoo, AOL,
GTalk, QQ)
7
Network Architecture Overview
8
Outbound Load Balance
 Outbound LB
The healthy status of each
Internet connection is being
closely monitored, such as
response time, upstream /
downstream traffic rate and the
link utilization. The outbound
traffic is redirected via the
available best route(s).
Enterprises benefit with more
bandwidth at a lower cost.
9
Redundant Link Failover
 Link Failover
The availability and connectivity
of each Internet connections is
monitored constantly. Once a
link fails, the traffic is redirected
via the next available link. Thus
the enterprises never worry
about the unexpected
interruption of their business.
10
Inbound Load Balance
 Inbound LB
[Inbound LB] is achieved via the
help of Domain Name System
(DNS). When an external user
would like to access a public
server (service), the best routing
path is calculated and the
resolved IP address is replied
back to the user.
11
Inbound Fault Tolerance
 IB Failover
The DNS entries are constantly
modified based on the status of
each internet connection. It
ensures a non-interruptive,
guaranteed Internet service by
resolving DNS requests to a
functional IP address.
12
Sophisticated Healthy Link Detection
 Link Monitor
The two detection
mechanisms are employed
to ensure the availability of
Internet connections. [Path
Traverse] monitors nearby
consecutive nodes of an
outgoing path. [Multi-Node
Probing] simulates user
behavior by constantly
accessing well-know public
servers.
13
Complete Link Quality Report (1/4)
Link MRTG
Round Trip Time (Link Quality)
Upstream/Downstream (Bandwidth)
14
Complete Link Quality Report (2/4)
Link Error Report
Link Status Report
Link Congestion Report
15
Complete Link Quality Report (3/4)
Health Count
Link Reliability
16
Complete Link Quality Report (4/4)
Top N Hosts
17
VPN Load Balance
(Tunnel Routing, Bonding)
 Tunnel Routing
• As the VPN gateway
• Load balance VPN traffic
Not only Inbound/Outbound
Load Balance is achieved,
enterprise VPN also benefits
from [VPN Aggregation] by
combining bandwidth of multiple
Internet connections. Also link
failover is guaranteed by
redirecting VPN traffic over any
existing functional Internet
connections.
18
P2P/IM Blocking
 Block P2P/IM.
IM/P2P brings new
challenges to network
administrators in terms of
network security and
bandwidth abuse. With the
help of new [L7-App Filter],
commonly-seen IM/P2P
software can be easily
blocked and network
administrators are relieved
from burden.
19
L7 Content Filtering: Supported
Protocols
P2P
IM
Web Mail
Web IM
Tunnel
BitComet / BT
MSN
AIM Mail
Web Messenger
TeamViwer
eMue
Yahoo
Microsoft Hotmail
meebo
Kazaa
AIM
Yahoo Mail
eBuddy
Foxy (GNUTELLA)
Gtalk
Gmail
imhaha
WinMX
QQ
Gmail-SSL
ILoveIM
Xunlei
Mail2000
MSN2Go
BearShare
Hinet Xuite
KOOLIM
20
QoS Bandwidth Management
QoS Management.
Bandwidth is never enough if no
proper management policy is defined.
[Smart QoS] is aimed to ensure the
quality of important application
services.
21
QoS Bandwidth Management
Source
Destination
Service Bandwidth
Limit
192.168.0.0/16
ALL
ALL
Tx: 350
Rx: 150
Tx: 350
Rx: 150
Tx: 350
Rx: 150
Tx: 350
Rx: 150
Tx: 350
Rx: 150
192.168.0.0/16
Search every host
and apply QoS limit
 Dynamic
Tracking
The experience tells us that 80%
of the available is abused by
only 20% of total
users/applications. Also, the
bandwidth abusers frequently
change the IP as well as MAC
address to avoid from being
tracked, which causes quite a lot
of administrative burden.
PowerStation monitors and
searches for every alive host on
the controller network and
applies QoS limit accordingly.
22
Traffic Analysis / Report
Traffic Analysis
Bandwidth management is less
effective if no proper traffic
analysis is provided. Detailed
analysis and traffic chart are
offered for problem isolation
and decision-making.
23
Traffic Report (1/5)

List the bandwidth limit for hosts and the real time traffic
chart of each.
24
Traffic Report (2/5)

List Top N hosts/services, in the forms of pie and line
charts.
25
Traffic Report (3/5)

List the traffic and connection information of every
monitored host. Total Transferred Real-Time Speed
Report and Charts
# of connections
26
Traffic Report (4/5)
Host MRTG
Real-Time Traffic
27
Traffic Report (5/5)
QoS Connections
Real Time Connections
28
Historical Traffic Analysis
Network Traffic Analysis
PowerLog is traffic analysis system that
continuously monitors the behavior of
every network node and presents the
analyzed data in a systematic way. Also,
a supplicated query engine is available for
customizing your own reports and charts.
29
29
WLAN Access Control (DAC)
 Access Control
WLAN bring security breaches into
enterprise network. Without proper
protection, invaluable cooperate
information is prone to theft by
malicious WLAN users. DAC [Data
Access Control] protects the wireless
network by providing authentication
and authorization. Only authorized
user is granted the proper access right.
30
Centralized Mgmt Architecture
(Access Gateway + Controller + FAT AP)
2. Login
4. Proxy-AUTH
Building 1
Indoor AP
PowerDAC-MGMT
3. AUTH REQ
Indoor AP
5. AUTH REP
Account
System
PowerDAC-AG
Advantages again Thin AP:
Building 2
Indoor AP

Indoor AP

PowerDAC-AG

Choose any preferred access point venders, no
historical burden.
Choose the latest, the most powerful, the most
suitable access point models.
Due to market competition, deployment of
massive quantity of access points can be very
affordable (an indoor AP is about 50~80 USD)
31
Tight-Integration with Enterprise Account
 Account
POP3
SMTP
RADIUS
Microsoft
LDAP
Active Directory
MGMT.
DAC provides seamless account
integration with existing account
servers. The account profile does not
need to reside on the DAC. The
existing enterprise servers can serve
as the external authentication sources,
such as commonly-seen POP3/SMTP
servers, RADIUS, MS AD and LDAP
servers. For system administrators, the
deployment of DAC is really a piece of
pie.
32
Mobile VPN


Provide secure remote access for mobile users.
Windows has built-in support for PPTP/L2TP, no license and
client software is required.
33
Server Load Balance
 Server LB
A cluster of servers is easily
grouped by Server LB. Server LB
offers availability and scalability to
almost any existing Internet
services. Any backend server can
join and leave the cluster group
based on the customer’s need.
Any server malfunction could no
longer bring the critical application
offline.
34
Hardware Failover
 High Availability
Mission-Critical application
requires 7x24 availability. Two
appliances is clustered in
Active/Passive configuration.
The active appliance responds
to all connection requests As
soon as the active appliance
fails, the passive appliance takes
over the job to ensure noninterruption of service.
35
Hardware Specification (1/2)
2050
3400
4220
4440
10/100 Base-TX
5
X
2
4
10/100/1000 Base-TX
X
4
2
4
Physical WAN Links
4
3
3
7
Throughput (Mbps)
250
400
450
800
64000
128,000
256,000
280,000
40~80
100~500
200~500
500~1000
SOHO, Small
Small,
Medium
Small,
Medium
Medium,
Large
Platform
Concurrent session
Target Customer (person)
Customer Scale
36
Hardware Specification (2/2)
Platform
5620
9000
9200
2
1
X
10/100/1000 Base-TX
6
10
(copper x 8, SFP x 2)
24
A: copper x 24
B: copper x 16 , SFP x 8)
Physical WAN Links
7
11
23
Throughput (Gbps)
2.8
3.2
4.8
Concurrent session
500,000
2,000,000
3,000,000
3000~6000
3000~6000
6000~20000
Large
Large,
Carrier
Large,
Carrier
10/100 Base-TX
Target Customer (person)
Customer Scale
37
Summary
 HGiga Power Family features
 Awards and Certifications
 Modular Functionality
 Highly Reliable
 Superb Customer Feedback
 Intuitive Mgmt Interface
 Integrated Total Solutions
Your Security, Our Mission
38
Platform
Hardware
Specifications
39
Platform Hardware Specification (1/3)
2050│3400
Model
2050
3400
CPU
VIA C3 1.5 GHz
Intel Celeron M
RAM
512 MB (DDR2 400/533MHz)
512 MB (DDR
400/333/266)
Chipset
VIA CN700 + VT8237R+
Intel 852GM + ICH4
LAN Chip
Realtek RTL8100C
Intel 82540EM
10/100/1000 LAN
None
4
10/100 LAN
5
None
LAN Bypass
None
None
Serial
1 (DB9, Rear)
1(RJ45, Front)
Power
60W Power Adaptor
200W AT Power Supply
Form Factor
1U
1U
Dimension
178 x 250 x 44 mm
426 x 365 x 43.5 mm
Certification
CE/FCC
CE/FCC
Net Weight
1.5 kg
8kg
40
Platform Hardware Specification (2/3)
4220│4440
Model
4220
4440
CPU
Intel Pentium 4
Intel Pentium 4
RAM
512 MB (DDR 333/266)
512 MB (DDR 333/266)
Chipset
Intel 845GV + ICH4
Intel 845GV + ICH4
LAN Chip
Intel 82540EM/82551QM
Intel 82540EM/82551QM
10/100/1000 LAN
2
4
10/100 LAN
2
4
LAN Bypass
FE LAN Bypass
(One Pair)
FE LAN Bypass
(One Pair)
Serial
2 (DB9, Front/Rear)
2 (DB9, Front/Rear)
Power
250W ATX Power Supply
250W ATX Power Supply
Form Factor
1U
1U
Dimension
426 x 379 x 43.5 mm
426 x 379 x 43.5 mm
Certification
CE/FCC
CE/FCC
Net Weight
10kg
10kg
41
Platform Hardware Specification (3/3)
5260 | 9000│9200
Model
5620
9000
9200
CPU
Intel Core 2 Duo
Intel Dual XEON EM64T
Intel Dual Quad-Core
RAM
1G (DDR 667)
2GB (DDRII 400, ECC &
Registered)
2GB (DDR2 533/667 Fullybuffered DIMM)
Chipset
Intel 945G + ICH7R
Intel E7520 + 6300ESB
Intel® 5000P + Intel®
ESB2
LAN Chip
Intel 82551ER/82573
Intel 82546GB
Intel® 82571EB, 82546GB
10/100/1000 LAN
6
10 (Copper x 8, SFP x 2)
A: Copper x 24
B: Copper x 16 + SFP x 8
10/100 LAN
2
1
0
LAN Bypass
GbE LAN Bypass
(3 Pairs)
GbE LAN Bypass
GbE LAN Bypass
(Max. 12 Pairs)
Serial
1 (DB9, Front)
1 (RJ45, Front)
1 (RJ45, Front)
Power
250W ATX Power
Supply
460W ATX Power Supply x 2
(Redundant)
460W 1+1 ATX Redundant
Power Supply
Form Factor
1U
2U
2U
Dimension
430 x 380 x 44 mm
424 x 530 x 88 mm
424 x 600 x 88 mm
Certification
CE/FCC
CE/FCC
CE/FCC
Net Weight
8kg
18kg
25 kg
42
Q&A
Please visit us at
www.secureone.com.my
43
Thank you
Please visit us at
www.secureone.com.my
44
Download