Professional Documents
Culture Documents
Platform (HSM)
2
Challenges in Security Management
3
Security Management Remains a Challenge
How does a local admin issue a batch of policies, to equipment located in branches?
4
Hillstone Security Management
Platform (HSM) Value Proposition
5
Centralized and Efficient Management
6
Simplify and Secure Your Network
• Automated and centralized policy management
• Automated configuration management
• Automated device inspection
• Centralized monitoring of all devices
• High availability and distributed deployment
• Personalized and customizable dashboards
• Support Hillstone NGFW/NIPS/CloudEdge
• IPv6 compliant configuration and monitoring
Choose from three HSM models that provide an effective
cost/performance solution!
7
Centralized Management
8
Centralized Management & Configuration
Role and role mapping configuration in both private and shared type
13
Signature Library Online/Offline Upgrade
Synchronize and update APP, IPS, AV, URL signature library through HSM
14
Retrieve Device Configuration Automatically
Redundancy
Object
Check
Policy
Policy Policy
Redundancy Management Inheritance
Check
Rule Hit
Evaluation
17
Policy Management – Redundancy Object
Check the redundant objects with multiple policy bundling and generate analyze report
18
Policy Management – Redundancy Object
Check the redundant objects with multiple policy bundling and generate analyze report
19
Policy Management – Rules Conflict
Add same policy in different devices and configurations to reduce admin’s workload
22
Policy Management: Rule Hit Evaluation
Private policies can be added in batch to solve problem that was previously unsatisfied by
the sharing policy
25
Configuration Management
Configuration
Lock
Backup
recovery
Configuration
files
Historical file
comparison
Configuration
change
26
Configuration: Historical Files Comparison
• KPI monitoring for device CPU, memory etc. • Application traffic trends
• Monitor network traffic information, new Real-time • Port traffic trends
sessions, concurrent sessions device
availability • Trends and rankings for the TOP10
• Graphic display of device online/offline status threats
monitoring
• License status of devices
Multi-
VPN Comprehensive dimensional
Link Status
Monitoring Security security
information
Monitoring monitoring
30
Customizable Dashboard
A visual data display of system stats, system information, system resources, CPU/memory
utilization, threat type, APP/user traffic, etc.
31
Monitoring Device Status
Real-time understanding of available device status, including CPU, memory, traffic, license etc.
32
Monitoring Device Status
Real-time understanding of available device status, including CPU, memory, traffic, license etc.
33
Device Inspection
Automatically check the operation status of the firewall, resource consumption, signature
database and license status, generate reports and notify customers.
34
Monitoring VPN Link Status
Real-time understanding of VPN link status, including latency, packet loss ratio etc.
35
Monitoring VPN Links
Real-time understanding of VPN link status, including latency, packet loss ratio etc.
36
Multi-dimensional Monitoring
Master/Slave
roles
CLI Preemption
configuration mode
High
Availability
Master/Slave
Switchover Monitor/Log
Synchronization
Alarm
Automatic
Synchronizing
and Manual
Synchronizing
41
Master/Slave Roles
When selected, the HA system will synchronize the monitoring and log data generated by
the system from time to time
44
Automatic Synchronizing and Manual Synchronizing
Standalone/Mast
er/Slave modes
Distributed
Deployment
47
Standalone/Master/Slave Modes
Memory alarm, CPU alarm, disk alarm, and slave device offline alarm can be displayed on
master device
50
Hillstone SD-WAN Solution
HQ Firewall:
Mostly deployed at enterprise HQ egress
Zone A Zone B
• mid to high-end series of firewalls
VPN VPN
VPN HUB HUB
HUB (NGFW) (NGFW)
(vFW)
VPN HUB:
NGFW or vFW in the cloud
• mid to high-end series of firewalls or vFW
CPE:
Branch 1 Branch 2 Branch 3 Branch n Deploy firewall at each branch
CPE CPE CPE CPE • low-end series of firewalls
(NGFW) (NGFW) (NGFW) (NGFW)
51
SD-WAN Orchestration on Demand
internet
Branch Branch
ADSL/Fiber ADSL/Fiber HQ
MPLS
Branch HQ
HQ HQ Branch Branch
Branch
HQ
53
Hillstone Security Management Platforms
54
HSM Hardware Appliance Specifications
Devices Supported
(Default / Maximum) 15 / 500 15 / 150
Power Supply Single/dual power supply, 550W Single power supply, 250W
Height 1U 1U
55
HSM Virtual Appliance Specification
Management Capability
15 / 25 15 / 100 15 / 500 15 / 1000
(Default / Maximum)
vCPU Requirement 4 8 18 24
Virtual Environment
VMware Workstation/EXSi or KVM
Requirement
56
Deployment Scenarios & Winning
Cases
57
HSM Target Customers
Max # of Managed
Devices
1000
vHSM
500
100 HSM-500-D4
HSM-100-D4
25
58
HSM Deployment Scenario:
Large Enterprise and Government Branches
Scenario HSM
• Large number of devices
• Isolated business application servers
• Data switching occurs via VPN Business
Application Servers
• Hierarchical deployment and management
• Focus on operational device status, and monitoring of VPN link
status
Challenges and requirements
• Device management and monitoring
• Centralized management and configuration
Internet
• Privilege management
• Policy configuration management (FW Policy)
• Topology monitoring (VPN)
HSM benefits
• Real-time insights into network security status
• Rapid deployment of devices
• Centralized policy management
• Decentralized O&M management VPN Secured Link
59
HSM Deployment Scenario:
Large Enterprises & Financial Institutions Data Centers
HSM benefits
• Highly dynamic firewall rules management
IDC FW
• Routine policy maintenance
60
Winning Cases: HSM
CN Care Dubai International School First Capital Securities Hua'an Fund Management Royal Thai Embassy Ministry of Foreign Affaires
Other Education Finance Finance Government Government
China Hong Kong, UAE, HSM50 China, HSM50 China, HSM50 Thailand, vHSM Pakistan, HSM50
SD-WAN, HSM
61
+1 408 508 6750
inquiry@hillstonenet.com
5201 Great America Pkwy, #420
Santa Clara, CA 95054
www.hillstonenet.com
62