430 likes | 560 Views
Integrated Appliance Solution (IAS) Bladed Hardware Technical Training. May 13, 2010. Agenda. 1. 2. 3. 4. Introducing IAS Bladed Hardware. X-Series: Carrier-Grade Chassis. Linear Scalability Architecture. Selling IAS Bladed Hardware. The New Initiative.
E N D
Integrated Appliance Solution (IAS) Bladed HardwareTechnical Training May 13, 2010
Agenda 1 2 3 4 Introducing IAS Bladed Hardware X-Series: Carrier-Grade Chassis Linear Scalability Architecture Selling IAS Bladed Hardware
The New Initiative • Check Point and Crossbeam have announced a new partnership • Crossbeam X-Series platform is now an integral part of the Check Point portfolio • The X-Series products are part of the Check Point price list • Hardware/Software/Support all come from Check Point as an integrated package • Professional Services/Training can also be sold with the package; will be delivered by Crossbeam
Introducing: IAS Bladed Hardware Customized Security Chassis for yourUnique Security Needs Designed to meet specific business needs Delivers carrier-grade platform for security Single SKU integrated solution and single contact for support NEW!
Carrier-grade Solution Designed for the Most Demanding Environments • Integrates essential Check Point Security Gateway Software Blades • Based on Crossbeam X-series chassis Customer Benefits • Integrated carrier-grade chassis solution • Meets the needs of the most demanding networks • Single source of support Partner Benefits • Single SKU ordering and fulfillment • Expanded portfolio with scalable chassis solution • Software Blade upsell opportunities
IAS Bladed Hardware—2 Bundle Options The only virtualized security gateway with FW, VPN, IPS, and URLF Best virtualized security performance with linear scalability Comprehensive, flexible and extensible security FW, VPN, IPS, Advanced Networking, and Acceleration & Clustering Conserves power and space by consolidating up to hundreds of gateways on a single platform Ideal for the large campus and data center VPN-1 Power VSX Dedicated gateway for multi-layer, multi-domain virtualized security Security Gateway SG805 Designed for the most demanding, highest-performance environments
Crossbeam X-Series X80 Adapt security performance and scaling to fit your business Lower total cost of ownership with dramatic network consolidation and energy consolidation Decrease downtime with self-healing platform X45 Integrated superior network processing combined with exceptional application processing on an open architecture
Flexibility: Hardware and Software Modular and Scalable Blade Architecture X80 X45 firewall blade IPSec VPN blade IPS blade advanced networking blade acceleration & clustering blade • X-Series • Scalable architecture • AC/DC power • NEBS-compliant • Fiber NICs • Modular NICs VPN-1 Power VSX
Customer Benefits Single SKU and vendor FW, VPN, IPS, ACCL, ADN Better TCO (scalability, lower support rate) V A L U E Integrated solutions with software blades An extended global infrastructure with onsite support
Agenda 1 2 3 4 Introducing IAS Bladed Hardware X-Series: Carrier-Grade Chassis Linear Scalability Architecture Selling IAS Bladed Hardware
X-Series Components X80 X45 • NPM • Network connectivity • 2 - 10G ports • 10 - 1G ports X80 Customers choose for scale and performance 40Gbps Today “Change-Ready” to 160G • APM • Application blades run: • Security Gateway R70 • VSX R65 X45 Customers choose when space is a premium 20G Today “Change-ready” to 80G • CPM • Control blades • Manage and monitor the chassis
X-Series—Modules Network Processing Modules (NPMs) Application Processing Modules (APMs) Control Processing Modules (CPMs) • Network connectivity and flow processing • Multi-link trunking • High-speed packet classification/distribution • Intelligent flow sequencing • Built in rate-limiting feature (per flow rule) • Fully VLAN capable; > 4000 VLANs per NPM • Multiple port density options • Virtual Application Processor (VAP) system • Best-in-class security engines • Full hot-swap with no reconfiguration • Seamless failover • Warm (license-less) standby • Optional local HD, crypto accelerator • Internal chassis management • HA monitoring and failover • Dynamic load balancing • Centralized configuration database • Dedicated mgt/logging/HA ports • Disk sync between dual CPMs
The Virtual Infrastructure L2 Internet L2 IPS FW LB LB LB LB What are we solving? How do we solve it? Why is it important? Real use cases Security changes require network changes causing increased time to change Typical multi-box architectures have a lot of duplication and inefficiency Difficult to add a new security service quickly
The Virtual Infrastructure L2 Internet L2 R70 Blades R70 Blades LB LB LB LB What are we solving? How do we solve it? Why is it important? Real use cases • Crossbeam creates a “Network in a Box” • Network Processor Modules • Application Processor Modules consolidate Security Gateway Software Blades or VSX • Control Processing Modules The X-Series Platform becomes a “virtual infrastructure” integrating both network processing and application processing within a single operating system
Provides switching fabric for data plane Switching fabric connects all NPMS and APMs 5 Gb/s throughput per NPM-8620 Provides 10 Gb/s throughput per NPM-8650 Provides 40 Gb/s throughput per chassis (4 NPM-8650) Provides physical network interfaces NPM-8620 has 10 x 1GbE SFP interfaces NPM-8650 has 10 x 1GbE SFP and 2 x 10GbE XFP interfaces Load balancing distributes traffic Scales throughput by distributing traffic across APMs Re-distributes traffic around failed APMs Consolidates network infrastructure Virtualizes switches, load balancers, patch and power cords Eliminates common network devices Network Processing Module (NPM) What are we solving? How do we solve it? Why is it important? Real use cases 16
Hosts applications Supports “Virtual Application Processor” (VAP) Application runs within each VAP Scales performance Multiple APMs allow multiple VAPs These application instances share the traffic load Allows layered security Different APMs can run different applications NPM’s network virtualization provides connectivity between layers Provides application redundancy VAPs can run on any APM APMs can be re-provisioned on-the-fly Un-provisioned APMs automatically assume warm-standby role Application Processing Module (APM) What are we solving? How do we solve it? Why is it important? Real use cases 17
Control Processing Module (CPM) What are we solving? How do we solve it? Why is it important? Real use cases • System management • Provides out-of-band management of chassis • Centralized configuration of all elements in the system • Provision applications based on configuration • Ensures desired configuration • Health monitoring • Continuously checks health of APMs, and NPMs • Failover control • Collects statistics (CPU, I/O, etc) from all other modules • Routes around failures 18
XOS What are we solving? How do we solve it? Why is it important? Real use cases Optimizes data flow between the network and application processors Switched Data Path Management Dynamic Resource Allocation Provides a responsive system to application processing needs Secure Flow Processing Virtual Application Processor / Grouping Optimizes and controls flows between apps Allows application performance to scale independently Chassis Resource Protection Self-Healing Protects and ensures optimum network processing Automatic performance capacity restoration Network Processing Environment Application Processing Environment Provides Superior Network Performance Ensures Exceptional Application Processing Open Secure OS Broad support of best-in-class security applications
The Virtual Infrastructure What are we solving? How do we solve it? Why is it important? Real use cases • A virtual infrastructure • Creates a very responsive on-demand architecture • Move, add, remove applications without impacting the network • Create logical application groups that can be scaled or changed depending upon performance demands • Self-healing architecture • Green Zone • Reduces waste by removing network inefficiencies • Reduce # Ethernet connections to a single “virtual infrastructure”
Simplifying the Complex Which Network Rack can be Upgraded Faster? What are we solving? How do we solve it? Why is it important? Real use cases • The X-Series Platform is the entire infrastructure—a single management interface for all security and network changes • Firmware and system software upgrades only need to be applied once using the Automated Workflow System
The Virtual Infrastructure Solving the Problem • Crossbeam collapsed 800 Cisco ASA Firewall appliances into 4 X80 chassis running Check Point VSX • National Communications Co. now scales without adding additional hardware Business Outcome • National Telco was able to reduce the staff required for manage this service from 12 to just 3 Crossbeam Validation • Crossbeam was able to validate up to 250 virtual firewalls running on each X80 Chassis The Technical Problem • Current managed firewall service to local government education agency was overly complex, requiring 12 operational staff to maintain What are we solving? How do we solve it? Why is it important? Real use cases
Agenda 1 2 3 4 Introducing IAS Bladed Hardware X-Series: Carrier-Grade Chassis Linear Scalability Architecture Selling IAS Bladed Hardware
Linear Scalability Architecture Need to Maintain a Perfect Relationship Between Network and Application Processing in Order to Optimize a System What are we solving? How do we solve it? Why is it important? Real use cases Excellent for controlling the flow of data packets Poor at actually processing the data Excellent for processing the data Poor at controlling the flow of latency-sensitive data
Linear Scalability Architecture What are we solving? How do we solve it? Why is it important? Real use cases True system scalability demands that every performance factor scales linearly
Linear Scalability Architecture What are we solving? How do we solve it? Why is it important? Real use cases Integrated network and application processing facilitates true linear scalability 26
Linear Scalability Architecture What are we solving? How do we solve it? Why is it important? Real Use-Cases Traffic flow controlled down to the individual processor core NPM APM Switched Data Paths (SDP)
Check Point R70 Performance What are we solving? How do we solve it? Why is it important? Real use cases • The X-Series can scale to 40Gbps firewall throughput with iMIX UDP traffic • The X-Series also is the fastest firewall platform on the market in small packet performance, capable of scaling to 18M Packets Per Second with 64 byte packets
Throughput…Think Real World The X80 Achieves the Maximum Throughput of 40Gbps with Real-World Packet Sizes, Not Just with Large Packets What are we solving? How do we solve it? Why is it important? Real use cases X80 with NPM and APM 8650 Modules Running Check Point R70 iMIX Performance Gigabits Per Second Packet Size
We must push back on overinflated SRX performance claims Platform Performance The Honeymoon is Over for the SRX • SRX throughput for iMIX traffic plummets by nearly 65% • Clear demonstration of how unrealistic the 120Gb claim is • X80 iMIX performance doesn’t budge from our max throughput of 40Gbps Gigabits per Second • SRX performance drops even further when IPS is turned on Check Point Firewall + IPS on X80 has always outperformed SRX
Platform Performance—Packet Forwarding Rate At 18 Million Packets per Second, the X-Series is the Fastest Firewallon the Market! Packet Forwarding Rate (64 byte packets) • Packet forwarding rate directly affects real-world throughput • This performance is achieved with 8-core APM-8650 modules • Utilizing Check Point CoreXL technology Millions of Packets per Second
Scaling Against Juniper SRX X-Series Wins Against the SRX What are we solving? How do we solve it? Why is it important? Real use cases
IAS Bladed Hardware—Performance Bundles What are we solving? How do we solve it? Why is it important? Real Use-Cases 5 Gbit Solution 10 Gbit Solution 20 Gbit Solution 40 Gbit Solution • The 5 Gbit/s solution—running on an X45 • The 10 Gbit/s solution—running on an X45 or X80 • The 20 Gbit/s solution—running on an X45 or X80 • The 40 Gbit/s solution—running on an X80 1-2-1 2-2-1 4-6-1 2-4-1
Linear Scalability Architecture What are we solving? How do we solve it? Why is it important? Real Use-Cases • A linear scalable architecture • Provides ability to create an accurate performance budget and planning for future expansion • Dedicated resources can be allocated to specific applications ensuring performance service levels • Green Zone • Crossbeamswitched data paths dramaticallyincrease the efficiency of multi-core processor systems
Linear Scalability Architecture • Solving the Problem • Crossbeam used 4th-generation blades to scale the O2 Internet-facing firewalls to accommodate 6.5 million concurrent connections • Business Outcome • O2 is now able to continue to service their existing subscriber base of 22 million and expand service to remain competitive in the UK market • Crossbeam Validation • Utilized the Linear Scalability validation test plan to show all performance metrics increased as firewall VAP group members were added • The Technical Problem • Critical need to continually increase throughput and concurrent connections to keep pace with 3G devices on the mobile network What are we solving? How do we solve it? Why is it important? Real use cases
Agenda 1 2 3 4 Introducing IAS Bladed Hardware X-Series: Carrier-Grade Chassis Linear Scalability Architecture Selling IAS Bladed Hardware
Product Solution Examples 4-8-1 Solution Example: CPAP-X45-2B-SG805 : Check Point IAS X45 Bladed Architecture with 2 Security Gateways (FW, VPN, IPS, ACCL, ADN) X80 Chassis 4 NPM 8650 8 APM 8650 1 CPM 8600 3 P/S $640K 2-4-1 X80 Chassis 2 NPM 8650 4 APM 8650 1 CPM 8600 2 P/S List Price 2-2-1 $345K X45 Chassis 2 NPM 8620 2 APM 8650 1 CPM 8600 2 P/S $185K NOTE: These are example configurations. Each deal will require some customization (20G) (40G) (10G) iMIX Performance
IAS Bladed Hardware—SG805 High-performance Security Gateway for the Most Demanding Environments Indicates number of APMs
IAS Bladed Hardware—VSX Dedicated Gateway for Multi-layer, Multi-domain Virtualized Security
Strategy for Success Beating the Competition • Juniper SRX • Real-world performance – Performance hit to firewall when measured against real world traffic • Management interface – Cumbersome interface/menus loosely unifies ScreenOS and JunOS • High availability limitations – Choice between high availability and performance • Inspection performance – Traffic throughput drops when IPS turned on • Cisco ASA • Performance – Security technology lags in the industry • Complexity and cost – Security embedded in each appliance requiring many appliances • Security – May know the network, but not strong around network security
24/7 Support for the Most Critical Environments OTTAWATAC STOCKHOLMEndpoint escalation • Award-winning support • Always-on 24 X 7 coverage • Best-in-class electronic support tools • World-wide material inventory • Online support in 150 countries / 1,000 metropolitan areas DALLASTAC TEL AVIVTAC TOKYOTAC
Sales Tools are available on PartnerMap Customer presentation Technical presentation At-a-glance sales guides And more… For additional information please contact your Check Point Channel Representative Sales Tools
Summary: IAS Bladed Hardware Customized Security Chassis for yourUnique Security Needs Designed to meet specific business needs Delivers carrier-grade platform for security Single SKU integrated solution and single contact for support NEW!