Fortinet s Data Center Solution



Similar documents
Fortinet FortiGate App for Splunk

Securing the Data Center

WHITE PAPER. Protecting Your Network From the Inside-Out. Internal Segmentation Firewall (ISFW)

How To Get A Fortinet Security System For Free

WHITE PAPER. Protecting Your Network From the Inside-Out. Internal Segmentation Firewall (ISFW)

The Enterprise Cloud Rush

SDN Security for VMware Data Center Environments

Improving Profitability for MSSPs Targeting SMBs

The Fortinet SDN Security Framework

WHITE PAPER. Protecting Your Network From the Inside-Out. Internal Network Firewall (INFW)

WHITE PAPER. Protecting Your Network From the Inside-Out. Internal Segmentation Firewall (ISFW)

Fortinet Secure Wireless LAN

FortiCore A-Series. SDN Security Appliances. Highlights. Securing Software Defined Networking (SDN) Architectures. Key Features & Benefits

High performance security for low-latency networks

Use FortiWeb to Publish Applications

Keeping the Store Open: Fighting the Cyber Criminal in the Retail World

Secure Access Architecture

WHITE PAPER. Empowering the MSSP. Part 2: End To End Security Services Ecosystem

5 ½ Things That Make a Firewall Next Gen WHITE PAPER

MSSP Advanced Threat Protection Service

FortiGate/FortiWiFi -60C Series Integrated Threat Management for Small Networks

FortiGate/FortiWiFi 60D Series

Securing Next Generation Education A FORTINET WHITE PAPER

Transforming Your WiFi Network Into A Secure Wireless LAN A FORTINET WHITE PAPER. Fortinet White Paper

FortiSwitch. Data Center Switches. Highlights. High-performance and resilient managed data center switch. Key Features & Benefits.

FortiGate/FortiWiFi 90D Series

FortiGate 100D Series

Overview. Where other. Fortinet protects against the fullspectrum. content- and. without sacrificing performance.

FortiVoice Enterprise

FortiGate/FortiWiFi -90D Series Enterprise-Grade Protection for Smaller Networks

The Evolution of the Enterprise And Enterprise Security

SOLUTION GUIDE. Hybrid WAN Solutions with FortiWAN. The cost-effective way to deliver the WAN bandwidth and redundancy your organization demands

INDEPENDENT VALIDATION OF FORTINET SOLUTIONS. NSS Labs Real-World Group Tests

The Fortinet Advanced Threat Protection Framework

Protecting the Cloud. Fortinet Technologies and Services that Address Your Cloud Security Challenges WHITE PAPER

White Paper. Juniper Networks. Enabling Businesses to Deploy Virtualized Data Center Environments. Copyright 2013, Juniper Networks, Inc.

Place graphic in this box

Increase Simplicity and Improve Reliability with VPLS on the MX Series Routers

FortiGate 200D Series

Load Balancing Microsoft Exchange 2013 with FortiADC

FortiAnalyzer VM (VMware) Install Guide

Virtualized Security: The Next Generation of Consolidation

Protecting against DoS/DDoS Attacks with FortiWeb Web Application Firewall

SOLUTIONS GUIDE. Secure Wireless LAN Solutions Guide. Complete Wi-Fi Security for Any Network Topology

Load Balancing Microsoft Exchange 2013 with FortiADC

FortiGate. Accelerated security for mid-enterprise and branch office. Designed for today s network security requirements

FortiGate -3700D High Performance Data Center Firewall

WHITE PAPER. Empowering the MSSP. Part 3: Monetizing Fortinet s Ecosystem in a Multi-Tenant Cloud Service

FortiVoice Enterprise

Purchase and Import a Signed SSL Certificate

SoLuTIoN guide. CLoud CoMPuTINg ANd ThE CLoud-rEAdy data CENTEr NETWork

FortiGate-AWS Deployment Guide

Network Virtualization Solutions - A Practical Solution

Disaster Recovery with Global Server. Load Balancing

VMware vcloud Networking and Security Overview

Unlock the full potential of data centre virtualisation with micro-segmentation. Making software-defined security (SDS) work for your data centre

Scalable Approaches for Multitenant Cloud Data Centers

FortiAuthenticator TM User Identity Management and Single Sign-On

SOFTWARE DEFINED NETWORKING

The Fortinet Secure Health Architecture

BUILDING A NEXT-GENERATION DATA CENTER

Vyatta Network OS for Network Virtualization

PRODUCTS & TECHNOLOGY

Use Case Brief BUILDING A PRIVATE CLOUD PROVIDING PUBLIC CLOUD FUNCTIONALITY WITHIN THE SAFETY OF YOUR ORGANIZATION

The Next Phase of Datacenter Network Resource Management and Automation March 2011

Advantages of Consolidating Network Security with Wireless for Small & Mid-Size Businesses

The Fortinet Secure Health Architecture

The Production Cloud

Achieving Low-Latency Security

Solving I/O Bottlenecks to Enable Superior Cloud Efficiency

FortiAP Wireless Access Points

MaxDeploy Ready. Hyper- Converged Virtualization Solution. With SanDisk Fusion iomemory products

Software-Defined Networks Powered by VellOS

Fortinet Partner Program

Safeguarding the cloud with IBM Dynamic Cloud Security

CLOUD & Managed Security Services

Cloud-ready network architecture

SOLUTION GUIDE. Secure Access Architecture. Enterprise Network Access with Complete Security

SINGLE-TOUCH ORCHESTRATION FOR PROVISIONING, END-TO-END VISIBILITY AND MORE CONTROL IN THE DATA CENTER

Securing Virtual Applications and Servers

Reasons to Choose the Juniper ON Enterprise Network

WHITE PAPER. Securing ICS Infrastructure for NERC Compliance and beyond

The Advantages of Cloud Services

How Solace Message Routers Reduce the Cost of IT Infrastructure

SOLUTIONS FOR DEPLOYING SERVER VIRTUALIZATION IN DATA CENTER NETWORKS

FortiSwitch B and C-Series

Securing Virtualization with Check Point and Consolidation with Virtualized Security

The Impact of Virtualization on Cloud Networking Arista Networks Whitepaper

Managed Security Service Provider Program.

Solving Scale and Mobility in the Data Center A New Simplified Approach

Silver Peak s Virtual Acceleration Open Architecture (VXOA)

Securing the private cloud

Getting More Performance and Efficiency in the Application Delivery Network

Transcription:

SOLUTION BRIEF Fortinet s Data Center Solution High Performance Network Security for Government Operations Introduction The data center is the focal point of several trends in computing and networking that are driving rapid change to the overall IT infrastructure strategy for many organizations as well as the requirements for data center security. This guide discusses these trends and demonstrates how Fortinet s data center security solutions can help governments meet the corresponding security requirements to take advantage of the opportunities presented by these trends. Market Trends Affecting the Government Data Center nmobility and BYOD With the increasing presence of smartphones, tablets, and wearable devices in government facilities, along with a growing demand for onpremise and off-premise access to data and services, such as regulation and law enforcement, there is a challenging need for robust discovery and security compliance. nserver Virtualization and Data Center Consolidation The combining of multiple physical systems with server virtualization, multi-agency architectures, and the close proximity of trusted and untrusted networks puts a greater burden on the network Highlights nhigh performance, high capacity, and ultra-low latency ncloud-ready multi-tenant support and virtual domain support for network segmentation and mutliagency isolation nflexibility to enforce necessary firewall policy and security compliance with edge or core deployment, network segmentation, or integrated security technologies nsingle-pane-of-glass management for unmatched visibility and control nsingle security platform delivers all needed data center services nlower TCO, improved projection, increased performance n Unmatched flexibility of deployment with appliance, chassis, and virtual machine options approved for listing on the U.S. federal government s Unified Capabilities Approved Products List (APL) www.fortinet.com 1

infrastructure to provide physical and virtual isolation while maintaining performance and manageability. ncloud Computing and Software Defined Networking As organizations of all sizes utilize public and private cloud services, data centers have to evolve to support flexible infrastructure orchestration, seamless integration with third party application services, and greater availability to external parties. This connectivity and accessibility must exist without exposing government agencies to advanced persistent threats (APT), hacktivist, and other targeted threats. These trends are driving, if not accelerating an ongoing Moore s Law effect of core network speeds doubling every 18 months. This is not just in the refresh of the data center network switching and routing fabric, but also in the firewalls and network security appliances needed, more than ever, to secure data and IT assets in these dynamic, multi-tenant environments spanning on-premise and external cloud resources. In fact, Infonetics Research found in a recent survey of decisionmakers of large organizations of over 1,000 employees that most are looking for: nfaster firewalls with 100+ Gbps aggregate throughput nhigh-speed ports to interface to their core network fabric (40G and 100G) to nbetter performance of their multi-function security technologies nthe ability to deploy additional security services without affecting performance What this Means for Government Security Requirements 1. Performance As networks continue to accelerate, the data center is at the forefront of the requirement to support higher performance and need high-speed, high-capacity, and low latency firewalls. Just like any other business, Government operations depend on information sharing, communications and reduced manual processing. Maximum performance allows government organizations to meet the demands for complex virtual infrastructures, VPN and remote access, and policy compliance while still maintaining high throughput and resiliency to outside threats. 2. Segmentation As data centers have become more dynamic, organizations are embracing increased network segmentation as a best practice to isolate data based on applications, user groups, regulatory requirements, business functions, trust levels, and locations. As a result, firewalls need to provide high port density and logical abstraction to support both physical and virtual segmentation across private and public clouds. Government has some of the strictest requirements to secure data. Government networks not only have to comply with FISMA and DISA, but also HIPAA, PCI and other regulatory requirements, depending on what service the agency provides, or what data it collects, processes and/or stores. Segmentation is a critical component in the compliance effort across all compliance drivers. Segmentation provides that abstraction and enables the organization to define trust zones depending on the sensitivity of data. With varying security mandates and controls, the network infrastructure must provide logical abstraction to support both physical and virtual isolation across private and publicsector network segments. FIGURE 1: 73% of respondents want to upgrade their data center firewalls. 3. Simplification As these data centers extend to external parties of varying trust levels, organizations need to consider a Zero-Trust model for data access that drives multiple security functions from traditionally just the data center edge more deeply into fine-grained segmentation throughout the core of the network. This requires a consolidated security platform that can support high speeds even as many functions are turned out at each micro-perimeter. Government agencies must rely on numerous external parties, contractor agencies and service providers to 2

outsource many of their services and also to help support the agency. As this diversification continues to grow, Government agencies must have a way to allow this connectivity while ensuring the internal network remains secure, without slowing down the connection or adding complexity. The capability to add additional security layers granularly to untrusted network segments decreases the risk of these foreign connections while increasing the simplicity of security and network management. One example of the challenge of securing government outsourced connections is in call center operations. The government often utilizes contracted services to answer calls for customer service, claims, complaints, and many other purposes. These outsourced agencies must have the capability to connect into the government systems to look up and note accounts. The Government agency must be able to allow this remote connectivity while limiting what those users can access, and what types of potentially malicious traffic can traverse the two connected networks. Multiplied by a thousand, the challenge can be overwhelming. A solution that simplifies this secured segmentation across the enterprise can save the Government millions of dollars. Fortinet s Data Center Solution Fortinet has been a leader in securing data centers for over 10 years. Our high-performance, low-latency chassis and appliance-based solutions have protected many of the largest data centers in the world. Fortinet customers are focused on very high throughput and ultra-low latency to meet increasing data center core network speeds. To meet these performance demands, FortiGate platforms deliver some of the highest throughputs and lowest latencies on the market, several with over 100 Gbps aggregated performance and sub-5 µs latency. This high performance enables organizations to implement the network segmentation discussed earlier to support regulatory compliance, function, location or trust level. One examaple of the importance of this in government operations is an agency like the IRS which process hundreds of millions of filings and transactions in a year. Much of this activity occurs at peak periods driven by filing deadlines. This heavy network load requires robust, reliable and secure infrastructures that are also fast. The Fortinet Difference Purpose built appliances, custom ASICs At the heart of the FortiGate Date Center firewalls are purposebuilt FortiASIC processors (described in detail below) that enable this extremely high level of performance. These custom content and network processors provide near-wire speed switching, routing, and stateful firewalling. The network processors eliminate the need for legacy L2 switches and routers within the datacenter. Instead, FortiGate takes over and performs network segmentation, switching, routing, and network security, all while reducing network complexity. Furthermore, our integrated architecture provides extremely high throughput and exceptionally low latency, minimizing packet processing while accurately scanning the data for threats. Custom FortiASIC processors deliver content inspection at multi-gigabit speeds. FIGURE 3: Dedicated ASICs versus CPU Architectures FIGURE 2: Data Center Core Firewall 3

Traditional Security Appliances that use multi- purpose CPU based architectures becomes an infrastructure bottleneck. Even when using multiple multi-core general purpose processors, network security devices cannot deliver the high performance and low latency required in data center deployments. The only way for a Network Security Platform to scale is via purpose-built ASICs, which accelerate specific parts of the packet processing and content scanning function. FortiGate technology utilizes optimum path processing (OPP) to optimize the different resources available in packet flow. The FortiASIC can scale to 500 Gbps of Firewall throughput independent of packet size while maintaining a high number of sessions and extremely low latency. The FortiASIC utilized by the FortiGate Firewall models are: ncontent Processor (FortiASIC CP8) - Accelerated content security such as antimalware, VPN encryption/decryption and authentication processing nnetwork Processor (FortiASIC NP6) Accelerated network security tasks such as Firewall, VPN and IPv6 translation Scale-Up and Scale-Out for Virtual and Cloud Environments Many Government agencies rely on Service Level Agreements (SLAs) to satisfy both consumer agreements and regulatory requirements. The financial and management challenge for such large agencies is to maintain a network infrastructure capable of handling heavy load times. A scalable cloud environment is critical to provide bandwidth, storage, application tiers and other services on demand, while scaling back during downtrends. This capability, in large Government organizations, can save millions of dollars a year. FortiGate hardware solutions provide scale-up performance for data centers of all sizes with a range of appliance and chassis form factors ranging from 20 Gbps up to an industry-leading 560 Gbps blade-in-chassis. These Fortinet solutions can provide Government agencies attractive performance, TCO and flexibility in a single unit for organizations ranging from mid-sized to larger enterprises, and to telco/carrier segments. In addition to providing efficient scale-up performance in compact appliance and chassis options, FortiGate also provides equally critical scale-out performance through FortiGate-VM virtual appliances that provide agile capacity that can deploy elastically with virtualization hosts or cloud infrastructure to provide unlimited scalability through a distributed approach with dozens if not hundreds of virtual security appliances across both private and public clouds. FIGURE 4: FortiGate Performance Physical and Virtual FortiGate-VM virtual appliances, along with nearly a dozen other Fortinet solutions available as virtual machines, support major enterprise hypervisors from VMware vsphere to Hyper-V, Xen, and KVM, as well as leading cloud service providers ranging from Amazon Web Services to major telecom public cloud offerings. Unique virtual domain (VDOM) technology along with virtual LAN (VLAN) support provide ability for both FortiGate appliances to manageably scale in multi-tenant private or public cloud environments. Long used in large-scale managed service environments, VDOM s can divide a single larger physical (or even virtual) FortiGate appliance into dozens, if not hundreds of logical independent instances, to flexibly provide either isolated or coordinated firewall policies and security configurations to individual tenants. Single Pane-of-Glass Management Across Physical, Virtual, and Cloud Fortinet s complementary management solutions ensure coordinated security policy across hundreds of physical and virtual FortiGate appliances, whether solely within an internal data center, extending the private cloud to an external public cloud, or across multiple public clouds. With a single, centralized platform for defining firewall rules and security policies and to aggregate and analyze logs and events, FortiManager and FortiAnalyzer ensure a consistent security posture across the hybrid cloud regardless of where workloads instantiate, migrate, or fail over. FortiManager and FortiAnalyzer themselves can even run as virtual appliances in a private or public cloud, leveraging the benefits of cloud-based security management, such as for scale-out log aggregation and analytics capacity or ubiquitous administrative access. 4

FIGURE 5: Single Pane of Glass Management Across Hybrid Cloud Government networks can be massive in size, with a complex and decentralized set of security and network management consoles. This complexity increases costs and reduces efficiency of operations. Additionally, this complexity breeds inconsistent firewall rules and security policies. Finally, the diversity of devices and vendors makes log correlation almost impossible. A single-pane-of-glass solution provides the capability of centralizing and standardizing the implementation of security policies across multiple security domains, clouds and trust zones. This centralized platform also allows the Government agency to consolidate, aggregate and correlate logs which is one of the most important security operations functions. Summary The data center is one of the most dynamic aspects of network security today. As significant trends in computing and networking continue to drive changes in many critical business practices, organizations look for innovative network security solutions to help them embrace those changes. Fortinet s FortiGate Network Security Platform can provide the backbone of your Data Center strategy. Fortinet s industry-leading, high capacity Firewall technologies deliver exceptional throughput and ultra-low latency, enabling the security, flexibility, scalability and manageability you demand across physical, virtual and cloud environments. For more information on the FortiGate Network Security Platforms, please go to http://www.fortinet.com/solutions/ data-center-firewalls.html GLOBAL HEADQUARTERS Fortinet Inc. 899 Kifer Road Sunnyvale, CA 94086 United States Tel: +1.408.235.7700 www.fortinet.com/sales EMEA SALES OFFICE 120 rue Albert Caquot 06560, Sophia Antipolis, France Tel: +33.4.8987.0510 APAC SALES OFFICE 300 Beach Road 20-01 The Concourse Singapore 199555 Tel: +65.6513.3730 LATIN AMERICA SALES OFFICE Paseo de la Reforma 412 piso 16 Col. Juarez C.P. 06600 México D.F. Tel: 011-52-(55) 5524-8428 Copyright 2015 Fortinet, Inc. All rights reserved. Fortinet, FortiGate, FortiCare and FortiGuard, and certain other marks are registered trademarks of Fortinet, Inc., and other Fortinet names herein may also be registered and/or common law trademarks of Fortinet. All other product or company names may be trademarks of their respective owners. Performance and other metrics contained herein were attained in internal lab tests under ideal conditions, and actual performance and other results may vary. Network variables, different network environments and other conditions may affect performance results. Nothing herein represents any binding commitment by Fortinet, and Fortinet disclaims all warranties, whether express or implied, except to the extent Fortinet enters a binding written contract, signed by Fortinet s General Counsel, with a purchaser that expressly warrants that the identified product will perform according to certain expressly-identified performance metrics and, in such event, only the specific performance metrics expressly identified in such binding written contract shall be binding on Fortinet. For absolute clarity, any such warranty will be limited to performance in the same ideal conditions as in Fortinet s internal lab tests. Fortinet disclaims in full any covenants, representations, and guarantees pursuant hereto, whether express or implied. Fortinet reserves the right to change, modify, transfer, or otherwise revise this publication without notice, and the most current version of the publication shall be applicable. April 28, 2015-FED

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information