1 / 43

Integrated Appliance Solution (IAS) Bladed Hardware Technical Training

Integrated Appliance Solution (IAS) Bladed Hardware Technical Training. May 13, 2010. Agenda. 1. 2. 3. 4. Introducing IAS Bladed Hardware. X-Series: Carrier-Grade Chassis. Linear Scalability Architecture. Selling IAS Bladed Hardware. The New Initiative.

cadee
Download Presentation

Integrated Appliance Solution (IAS) Bladed Hardware Technical Training

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Integrated Appliance Solution (IAS) Bladed HardwareTechnical Training May 13, 2010

  2. Agenda 1 2 3 4 Introducing IAS Bladed Hardware X-Series: Carrier-Grade Chassis Linear Scalability Architecture Selling IAS Bladed Hardware

  3. The New Initiative • Check Point and Crossbeam have announced a new partnership • Crossbeam X-Series platform is now an integral part of the Check Point portfolio • The X-Series products are part of the Check Point price list • Hardware/Software/Support all come from Check Point as an integrated package • Professional Services/Training can also be sold with the package; will be delivered by Crossbeam

  4. Introducing: IAS Bladed Hardware Customized Security Chassis for yourUnique Security Needs Designed to meet specific business needs Delivers carrier-grade platform for security Single SKU integrated solution and single contact for support NEW!

  5. Carrier-grade Solution Designed for the Most Demanding Environments • Integrates essential Check Point Security Gateway Software Blades • Based on Crossbeam X-series chassis Customer Benefits • Integrated carrier-grade chassis solution • Meets the needs of the most demanding networks • Single source of support Partner Benefits • Single SKU ordering and fulfillment • Expanded portfolio with scalable chassis solution • Software Blade upsell opportunities

  6. IAS Bladed Hardware—2 Bundle Options The only virtualized security gateway with FW, VPN, IPS, and URLF Best virtualized security performance with linear scalability Comprehensive, flexible and extensible security FW, VPN, IPS, Advanced Networking, and Acceleration & Clustering Conserves power and space by consolidating up to hundreds of gateways on a single platform Ideal for the large campus and data center VPN-1 Power VSX Dedicated gateway for multi-layer, multi-domain virtualized security Security Gateway SG805 Designed for the most demanding, highest-performance environments

  7. Crossbeam X-Series X80 Adapt security performance and scaling to fit your business Lower total cost of ownership with dramatic network consolidation and energy consolidation Decrease downtime with self-healing platform X45 Integrated superior network processing combined with exceptional application processing on an open architecture

  8. Flexibility: Hardware and Software Modular and Scalable Blade Architecture X80 X45 firewall blade IPSec VPN blade IPS blade advanced networking blade acceleration & clustering blade • X-Series • Scalable architecture • AC/DC power • NEBS-compliant • Fiber NICs • Modular NICs VPN-1 Power VSX

  9. Customer Benefits Single SKU and vendor FW, VPN, IPS, ACCL, ADN Better TCO (scalability, lower support rate) V A L U E Integrated solutions with software blades An extended global infrastructure with onsite support

  10. Agenda 1 2 3 4 Introducing IAS Bladed Hardware X-Series: Carrier-Grade Chassis Linear Scalability Architecture Selling IAS Bladed Hardware

  11. X-Series Components X80 X45 • NPM • Network connectivity • 2 - 10G ports • 10 - 1G ports X80 Customers choose for scale and performance 40Gbps Today “Change-Ready” to 160G • APM • Application blades run: • Security Gateway R70 • VSX R65 X45 Customers choose when space is a premium 20G Today “Change-ready” to 80G • CPM • Control blades • Manage and monitor the chassis

  12. X-Series—Modules Network Processing Modules (NPMs) Application Processing Modules (APMs) Control Processing Modules (CPMs) • Network connectivity and flow processing • Multi-link trunking • High-speed packet classification/distribution • Intelligent flow sequencing • Built in rate-limiting feature (per flow rule) • Fully VLAN capable; > 4000 VLANs per NPM • Multiple port density options • Virtual Application Processor (VAP) system • Best-in-class security engines • Full hot-swap with no reconfiguration • Seamless failover • Warm (license-less) standby • Optional local HD, crypto accelerator • Internal chassis management • HA monitoring and failover • Dynamic load balancing • Centralized configuration database • Dedicated mgt/logging/HA ports • Disk sync between dual CPMs

  13. X-Series—Accessories

  14. The Virtual Infrastructure L2 Internet L2 IPS FW LB LB LB LB What are we solving? How do we solve it? Why is it important? Real use cases Security changes require network changes causing increased time to change Typical multi-box architectures have a lot of duplication and inefficiency Difficult to add a new security service quickly

  15. The Virtual Infrastructure L2 Internet L2 R70 Blades R70 Blades LB LB LB LB What are we solving? How do we solve it? Why is it important? Real use cases • Crossbeam creates a “Network in a Box” • Network Processor Modules • Application Processor Modules consolidate Security Gateway Software Blades or VSX • Control Processing Modules The X-Series Platform becomes a “virtual infrastructure” integrating both network processing and application processing within a single operating system

  16. Provides switching fabric for data plane Switching fabric connects all NPMS and APMs 5 Gb/s throughput per NPM-8620 Provides 10 Gb/s throughput per NPM-8650 Provides 40 Gb/s throughput per chassis (4 NPM-8650) Provides physical network interfaces NPM-8620 has 10 x 1GbE SFP interfaces NPM-8650 has 10 x 1GbE SFP and 2 x 10GbE XFP interfaces Load balancing distributes traffic Scales throughput by distributing traffic across APMs Re-distributes traffic around failed APMs Consolidates network infrastructure Virtualizes switches, load balancers, patch and power cords Eliminates common network devices Network Processing Module (NPM) What are we solving? How do we solve it? Why is it important? Real use cases 16

  17. Hosts applications Supports “Virtual Application Processor” (VAP) Application runs within each VAP Scales performance Multiple APMs allow multiple VAPs These application instances share the traffic load Allows layered security Different APMs can run different applications NPM’s network virtualization provides connectivity between layers Provides application redundancy VAPs can run on any APM APMs can be re-provisioned on-the-fly Un-provisioned APMs automatically assume warm-standby role Application Processing Module (APM) What are we solving? How do we solve it? Why is it important? Real use cases 17

  18. Control Processing Module (CPM) What are we solving? How do we solve it? Why is it important? Real use cases • System management • Provides out-of-band management of chassis • Centralized configuration of all elements in the system • Provision applications based on configuration • Ensures desired configuration • Health monitoring • Continuously checks health of APMs, and NPMs • Failover control • Collects statistics (CPU, I/O, etc) from all other modules • Routes around failures 18

  19. XOS What are we solving? How do we solve it? Why is it important? Real use cases Optimizes data flow between the network and application processors Switched Data Path Management Dynamic Resource Allocation Provides a responsive system to application processing needs Secure Flow Processing Virtual Application Processor / Grouping Optimizes and controls flows between apps Allows application performance to scale independently Chassis Resource Protection Self-Healing Protects and ensures optimum network processing Automatic performance capacity restoration Network Processing Environment Application Processing Environment Provides Superior Network Performance Ensures Exceptional Application Processing Open Secure OS Broad support of best-in-class security applications

  20. The Virtual Infrastructure What are we solving? How do we solve it? Why is it important? Real use cases • A virtual infrastructure • Creates a very responsive on-demand architecture • Move, add, remove applications without impacting the network • Create logical application groups that can be scaled or changed depending upon performance demands • Self-healing architecture • Green Zone • Reduces waste by removing network inefficiencies • Reduce # Ethernet connections to a single “virtual infrastructure”

  21. Simplifying the Complex Which Network Rack can be Upgraded Faster? What are we solving? How do we solve it? Why is it important? Real use cases • The X-Series Platform is the entire infrastructure—a single management interface for all security and network changes • Firmware and system software upgrades only need to be applied once using the Automated Workflow System

  22. The Virtual Infrastructure Solving the Problem • Crossbeam collapsed 800 Cisco ASA Firewall appliances into 4 X80 chassis running Check Point VSX • National Communications Co. now scales without adding additional hardware Business Outcome • National Telco was able to reduce the staff required for manage this service from 12 to just 3 Crossbeam Validation • Crossbeam was able to validate up to 250 virtual firewalls running on each X80 Chassis The Technical Problem • Current managed firewall service to local government education agency was overly complex, requiring 12 operational staff to maintain What are we solving? How do we solve it? Why is it important? Real use cases

  23. Agenda 1 2 3 4 Introducing IAS Bladed Hardware X-Series: Carrier-Grade Chassis Linear Scalability Architecture Selling IAS Bladed Hardware

  24. Linear Scalability Architecture Need to Maintain a Perfect Relationship Between Network and Application Processing in Order to Optimize a System What are we solving? How do we solve it? Why is it important? Real use cases Excellent for controlling the flow of data packets Poor at actually processing the data Excellent for processing the data Poor at controlling the flow of latency-sensitive data

  25. Linear Scalability Architecture What are we solving? How do we solve it? Why is it important? Real use cases True system scalability demands that every performance factor scales linearly

  26. Linear Scalability Architecture What are we solving? How do we solve it? Why is it important? Real use cases Integrated network and application processing facilitates true linear scalability 26

  27. Linear Scalability Architecture What are we solving? How do we solve it? Why is it important? Real Use-Cases Traffic flow controlled down to the individual processor core NPM APM Switched Data Paths (SDP)

  28. Check Point R70 Performance What are we solving? How do we solve it? Why is it important? Real use cases • The X-Series can scale to 40Gbps firewall throughput with iMIX UDP traffic • The X-Series also is the fastest firewall platform on the market in small packet performance, capable of scaling to 18M Packets Per Second with 64 byte packets

  29. Throughput…Think Real World The X80 Achieves the Maximum Throughput of 40Gbps with Real-World Packet Sizes, Not Just with Large Packets What are we solving? How do we solve it? Why is it important? Real use cases X80 with NPM and APM 8650 Modules Running Check Point R70 iMIX Performance Gigabits Per Second Packet Size

  30. We must push back on overinflated SRX performance claims Platform Performance The Honeymoon is Over for the SRX • SRX throughput for iMIX traffic plummets by nearly 65% • Clear demonstration of how unrealistic the 120Gb claim is • X80 iMIX performance doesn’t budge from our max throughput of 40Gbps Gigabits per Second • SRX performance drops even further when IPS is turned on Check Point Firewall + IPS on X80 has always outperformed SRX

  31. Platform Performance—Packet Forwarding Rate At 18 Million Packets per Second, the X-Series is the Fastest Firewallon the Market! Packet Forwarding Rate (64 byte packets) • Packet forwarding rate directly affects real-world throughput • This performance is achieved with 8-core APM-8650 modules • Utilizing Check Point CoreXL technology Millions of Packets per Second

  32. Scaling Against Juniper SRX X-Series Wins Against the SRX What are we solving? How do we solve it? Why is it important? Real use cases

  33. IAS Bladed Hardware—Performance Bundles What are we solving? How do we solve it? Why is it important? Real Use-Cases 5 Gbit Solution 10 Gbit Solution 20 Gbit Solution 40 Gbit Solution • The 5 Gbit/s solution—running on an X45 • The 10 Gbit/s solution—running on an X45 or X80 • The 20 Gbit/s solution—running on an X45 or X80 • The 40 Gbit/s solution—running on an X80 1-2-1 2-2-1 4-6-1 2-4-1

  34. Linear Scalability Architecture What are we solving? How do we solve it? Why is it important? Real Use-Cases • A linear scalable architecture • Provides ability to create an accurate performance budget and planning for future expansion • Dedicated resources can be allocated to specific applications ensuring performance service levels • Green Zone • Crossbeamswitched data paths dramaticallyincrease the efficiency of multi-core processor systems

  35. Linear Scalability Architecture • Solving the Problem • Crossbeam used 4th-generation blades to scale the O2 Internet-facing firewalls to accommodate 6.5 million concurrent connections • Business Outcome • O2 is now able to continue to service their existing subscriber base of 22 million and expand service to remain competitive in the UK market • Crossbeam Validation • Utilized the Linear Scalability validation test plan to show all performance metrics increased as firewall VAP group members were added • The Technical Problem • Critical need to continually increase throughput and concurrent connections to keep pace with 3G devices on the mobile network What are we solving? How do we solve it? Why is it important? Real use cases

  36. Agenda 1 2 3 4 Introducing IAS Bladed Hardware X-Series: Carrier-Grade Chassis Linear Scalability Architecture Selling IAS Bladed Hardware

  37. Product Solution Examples 4-8-1 Solution Example: CPAP-X45-2B-SG805 : Check Point IAS X45 Bladed Architecture with 2 Security Gateways (FW, VPN, IPS, ACCL, ADN) X80 Chassis 4 NPM 8650 8 APM 8650 1 CPM 8600 3 P/S $640K 2-4-1 X80 Chassis 2 NPM 8650 4 APM 8650 1 CPM 8600 2 P/S List Price 2-2-1 $345K X45 Chassis 2 NPM 8620 2 APM 8650 1 CPM 8600 2 P/S $185K NOTE: These are example configurations. Each deal will require some customization (20G) (40G) (10G) iMIX Performance

  38. IAS Bladed Hardware—SG805 High-performance Security Gateway for the Most Demanding Environments Indicates number of APMs

  39. IAS Bladed Hardware—VSX Dedicated Gateway for Multi-layer, Multi-domain Virtualized Security

  40. Strategy for Success Beating the Competition • Juniper SRX • Real-world performance – Performance hit to firewall when measured against real world traffic • Management interface – Cumbersome interface/menus loosely unifies ScreenOS and JunOS • High availability limitations – Choice between high availability and performance • Inspection performance – Traffic throughput drops when IPS turned on • Cisco ASA • Performance – Security technology lags in the industry • Complexity and cost – Security embedded in each appliance requiring many appliances • Security – May know the network, but not strong around network security

  41. 24/7 Support for the Most Critical Environments OTTAWATAC STOCKHOLMEndpoint escalation • Award-winning support • Always-on 24 X 7 coverage • Best-in-class electronic support tools • World-wide material inventory • Online support in 150 countries / 1,000 metropolitan areas DALLASTAC TEL AVIVTAC TOKYOTAC

  42. Sales Tools are available on PartnerMap Customer presentation Technical presentation At-a-glance sales guides And more… For additional information please contact your Check Point Channel Representative Sales Tools

  43. Summary: IAS Bladed Hardware Customized Security Chassis for yourUnique Security Needs Designed to meet specific business needs Delivers carrier-grade platform for security Single SKU integrated solution and single contact for support NEW!

More Related