|
|
|
|
 |
| Product Overview |
| |
| Next Generation Network Security Architecture |
| |
|
 |
With constant emergence of new network based attacks and growing complexity of these attacks, systems based on simple network layer protection is no longer enough. Traditional network firewall operates on the network layer, and its software and hardware architecture is designed for network layer operation. |
|
During the past 12-13 years firewalls have evolved from the first generation software based firewall, to the second generation firewall based on PC architecture, to the third generation hardware firewall based on ASIC or NP (Network Processor). The ASIC and NP based firewall can offer network layer protection at high performance, but it has an Achilles heel in defending against application layer attacks. Because of the complexity of application protocol processing, application layer protection are mostly handled by CPU. This problem is most notably in the current UTM products, where performance will drop dramatically if application protections, such as P2P/IM control, IPS, Web filtering, Anti-Virus, Anti-Spam, and other content filtering functionalities are turned on. In many cases, this makes the appliance unusable in the customer scenario.
Hillstone pioneers a new generation of network security platform based on state of the art multi-core processors and ASIC. The hardware platform includes 64 bit multi-core processors that specialize in network and security processing. The processor can have up to 16 cores running in parallel. The system uses high speed switch fabric with 48-480Gbps capacity, and the high end products also comes with next generation ASIC. With powerful hardware and parallel processing software architecture, Hillstone appliances achieve a new milestone in network security processing. An example is in an important metrics of firewall performance, new session ramp up rate, Hillstone appliance reaches 200,000 TCP connections per second, which is an industry record and 5 to 10 times that of third generation platforms based on ASIC or NP. The processing power of the 64 bit multi-core processor also provide enough horsepower for application and content security functionalities, and avoid weakness in session control and QoS faced by ASIC or NP based appliances. The multi-core processor also integrates on-chip hardware acceleration for functions including IPSec VPN, SSL VPN, TCP, QoS, compression/uncompression, helps Hillstone products maintains high performance in VPN, traffic control and application processing. Hillstone technology with the new hardware and software platform provides high performance, high scalability, high reliability security solution for the customer and open up a new era in network security. |
|
|
|
New Generation of Network Security Architecture
|
| |
| High Performance |
| |
|
 |
It is well known that because of the complexity of application handling, application performance in a security device is in a very large way determined by the processing power of the CPU. This is true even in ASIC and NP based systems. This is the critical bottleneck faced by security products today. |
|
| In some products concentrated on single application security technology, for example, IPS or content filtering, vendors abandon ASIC and NP and go back to pure CPU architecture. The 64 bit multi-core processor used by Hillstone security appliance has up to 16 MIPS cores and can greatly enhance the performance for application processing. But while pure CPU architecture can deal with application security, it lost the high performance network layer processing provided by ASIC. Hillstone achieves a balance in application performance and network performance by including a new generation of security ASIC with the multi-core processor. With the new hardware architecture, Hillstone appliance reaches a new ground in firewall performance, for example, one of the most important metrics in security device is the new TCP session ramp up rate and Hillstone applicance recorded 200,000 per second. The Hillstone SA series appliance is also highly extensible and provides ample resources for integrating new application security module. |
| |
| StoneOS - 64bit Real-Time Parallel Proprietary Operating System |
| |
|
 |
The full line of Hillstone products is based on StoneOS, a proprietary 64bit security processing operating system. StoneOS is highly parallelized and modulized, offers scalable performance with processor cores and easy integration of security functionalities. The OS is security hardened and optimized for the new generation multi-core processor, |
|
| result in increasing processing efficiency, enhanced stability and security of the system. Modular and multi process nature of the operating system ensure the extensibility of the system including supporting for modular hardware and software integration. It is well known that operating system is the heart of a security device. The OS of a security product must have high level of defense against attacks. Some of today’s security products are still based on off the shelf operating system such as Linux. Off the shelf operating system openly exposes system vulnerability, no matter how strong other part of the security system is, a backdoor in operating system can cause a total compromise of the system. Today, major security vendors all use proprietary operating systems. Hillstone series of security appliances all use the proprietary StoneOS. StoneOS is a 64bit real-time operating system; its major components are optimized for the Hillstone hardware platform, and enhanced processing efficiency and system stability. StoneOS offers great extensibility and ease of integration through its modular architecture. The system can continue function and recover under failure of a subcomponent. |
|
|
|
StoneOS Software Architecture
|
| |
| High Security |
| |
|
 |
The proprietary operating system StoneOS uses patent pending multi-processor control technology, and is optimized and security hardened to realize the properties of the new architecture: modular, extensible, stable, efficient and secure. This avoids the vulnerabilities of off the self operating systems and ensures the security and attack defense capability of StoneOS |
|
| |
| High Integration |
| |
|
 |
Enterprise customers have been more and more in favor of integrated security products. Integrated products offer low cost, easy deployment and maintenance which has matched customer’s demand to lower both CapEx and OpEx for their IT department. Today, many security product including UTM has this performance bottleneck, |
|
| the more functionalities that are integrated and turned on, the slower the system gets, and can not satisfy the ever expanding performance requirement by the customer. Hillstone uses the highest performing multi-core processor in the industry today, with 16 MIPS cores and hardware acceleration for both network and application processing. The processor provides ample processing power for the resource hungry security functionalities. Hillstone security appliance today integrated firewall, IPSec VPN, QoS, network monitoring, SSL VPN, Anti-Virus and DDoS protection. Hillstone aims to organically integrating more and more networking and security functionalities to provide better security solution for the customers. |
| |
| High Reliability and Stability |
| |
|
 |
Hillstone accumulates years of experience in product development and product marketing. Hillstone’s new generation of security appliance achieves a new level of reliability and stability in both software and hardware design. Hillstone product and high availability solution will to the maximum extent ensure the uninterrupted service and operation of the enterprise network. |
|
| |
| |
|
|
| |
 |
|
| |
|
Related Links
|
|
|
 |
|
|
|
|
|
|
|
