You are on page 1of 62

Solues Huawei Symantec

Huawei Symantec Technologies Co., Ltd.

Viso e Misso
Huawei Symantec
O principal parceiro confivel em solues de segurana de informao e de armazenamento

Foco nas necessidades dos clientes, fornecer solues de baixo custo e trazer valor sustentvel para os clientes, acelerando a inovao tecnolgica e aplicao em segurana da informao e de armazenamento

Huawei

Symantec
Confiana num mundo conectado

Enriquecer a vida atravs da comunicao

Plataforma de TI
Network
...

Security ...

Secospace
SVN 3000 SSL VPN USG 2000/5100/5300 USG 9100/9300 NIP100/100 0

DPI

Server
... RH1285 RH2285 T8000 E6000 iNIC SSD

Storage
... T3000 V1500/1800 S2000 S5000 VTL3600 N8000 VIS6000

Servidores TecalTM
Value-Added Components Blade Server Rack Server
ES1000 ER1000 ES1200
Packet Capture

HW Platform

T8000

E6000

RH1280

RH1285

RH5480

RH1120

RH2280

RH2285

Technical Specifications
Computing

Oceanspace T3500 G2

Support of one or two CPUs in the modes of Intel E5500 or E5600 series 8 x DIMM slots (a maximum of 32GB)

I/O
Two GE ports are integrated on the mainboard and I/OAT is supported. Four PCI-e expansion slots One VGA port, two USB 2.0 ports, and one serial port

4U/24-bay 446 mm x 685 mm

Availability
Hot-swappable disks Redundant and hot-swappable power supplies Standard: RAID 0/1/10

Oceanspace T3200

Management
IPMI 2.0, Web management user interface (UI)

OS
Linux (Suse, Redhat, and others), Windows, Solaris

2U/12-bay 446 mm x 685 mm

Plataforma de TI
Network
...

Security ...

Secospace
SVN 3000 SSL VPN USG 2000/5100/5300 USG 9100/9300 NIP100/100 0

DPI

Server
... RH1285 RH2285 T8000 E6000 iNIC SSD

Storage
... T3000 V1500/1800 S2000 S5000 VTL3600 N8000 VIS6000

Solues de Armazenamento
Container Data Center CDC
Data Protection Data Protection SAN
2U ~ 96 Disks
Software

Application Application
I PACS Integrated Picture Archiving and Communication System iNVS

40ft 10 Racks

Video Surveillance

Data Protection
HDP VIS VTL

HSSD
Diamond2
50/100/200GB R250MB/W180MB

SSD

HuaweiSymantec Data Protection

Virtual Intelligent Storage

Virtual Tape library

SAN
S2600 S5000 S6800E S12000

NAS
N8000

4U 120~ 480 Disks

4U ~ 1080 Disks

2-8 Controllers ~ 2400 Disks

2-16 Nodes ~ 15360 Disks

HyperMirror

HyperImage

HyperCopy

HyperClone Storage Management

S2600

Technical Specifications of the S2600


Oceanspace S2600
Model
Standard / MAX Cache size

S2600S 4 GB/8 GB One or two controllers Four 4x3Gb SAS

S2600i 4 GB/8 GB One or two controllers Eight 1Gbit/s iSCSI

S2600F 4 GB/8 GB One or two controllers Eight 4Gbit/s FC

S2600C 4 GB/8 GB One or two controllers Four 4 Gbit/s FC and Four 1 Gbit/s iSCSI

Controller Host ports Host ports per controller Number of disks Disk type

One 4x3 Gbit/s SAS 96 SAS/SATA 96 SAS/SATA 96 SAS/SATA 96 SAS/SATA

Disk options

SATA disk: 1TB/2TB (7,200 rpm) SAS disk: 300GB/450GB/600GB (15,000 rpm) 12 disks per enclosure Supported 4 64/256 64/256 64/256

Disk density Disk spin-down Number of hosts supported Standard/Maximum Value-added software

Snapshot, LUN copy, mirroring (implemented in June, 2010)

Novos modelos de mdio porte New Srie T


S6800T New S5800T New

Applied for middle and large scale Enterprise Meeting the requirements of large scale database including OLTP/OLAP, HPC, digital media, internet service providers,

S5600T backup, disaster recovery, New data migration and other S5500T scenarios

Scalability

S12000

S6800E S5600 S5500 S5300

S2600 S2300

Performance

Comparao modelos novos e antigos


S5300 Cache Maximum Number of Disk Maximum number of host port Diskcompatibility Maximum number of hosts Maximum number of LUNs S5500 8GB/16G B 240 16 S5500T 8GB /16GB/32GB 288 16 S5600 16GB /32GB 480 16 S5600T 24GB/48GB 576 32 S6800E 32GB 1080 12 S5800T 48GB/96G B 1152 40 S6800T 48GB /96GB/192GB 1440 40 4GB/8GB 120 16

SSD/FC/SATA

SSD/SAS/SATA

SSD/FC/SAT SSD/SAS/SATA/F SSD/FC/SAT SSD/SAS/SATA/FC A C A 256 2048 1024 4096 512 4096 1024 4096 1024 4096

256 1024

256 1024

512 2048

Arquitetura S2600
iSCSI FC SAS Combo
Host port module CPU CPU Host port module

iSCSI FC SAS Combo

SAS controller

SAS mirror channel

SAS controller Maintenance/ Management interface

RS232 FE Disk enclosure interface

maintenance/ Management interface SAS Expander SAS Expander

RS232 FE Disk enclosure interface

Controller A

Controller B

TurboModule

Real IO Module Hot Plugable With The Controller Online! Turbo Flex Frontend&Backend IO Module Number&Slots Layout! Turbo Density of 12 IO Module/48 IO Ports in One Single 4U Space!

Storage de Alta Disponibilidade

Hot Spare Trocas Online


Online maintenance

Upgrade Online Reparo de trilhas


1

RAID5

Destage

Falha no disco

1 Falha em disco. 3 2 O disco de hot spare 2 assume as funes do disco defeituoso. O disco sincronizado 3 e recuperado.

SAS SAS SAS SAS SAS SAS SAS SAS S SAS

SAS SAS SAS SAS SAS SAS SAS SAS SAS SAS SAS SAS

SAS SAS SAS SAS SAS SAS SAS SAS SAS SAS SAS SAS SAS SAS SAS SAS

SAS SAS SAS SAS SAS SAS SAS SAS SAS SAS SAS SAS SAS SAS SAS SAS SAS SAS SAS SAS SAS SAS SAS SAS SAS SAS SAS SAS

Ambiente de Alta Disponibilidade


Soluo com Cluster/Multi-path

DB cluster

Storage network

Controller A

Controller B

OceanStor S2600

Uso de vrias tecnologias


Insero mista de discos para otimizar a utilizao de espao

Discos SAS e SATA Utilizao mista de redes FC e iSCSI

DB server

Mail server

Backup server

Video server

FC SAN

iSCSI

DB server

Mail server

Video server

Backup server

ATAS ATAS ATAS ATAS ATAS ATAS ATAS ATAS ATAS ATAS ATAS ATAS

ATAS ATAS ATAS ATAS ATAS ATAS ATAS ATAS ATAS

SAS SAS SAS SAS SAS SAS SAS SAS SAS

SAS SAS SAS SAS SAS SAS SAS SAS SAS

ISM storage network management software

Incrementando Desempenho
Intelligent Cache Prefetch

Dynamic Traffic Control (DTC)


Prioridade para trfego de produo X reconstruo

Host
Read Read Read Read Read request 1 request 2 request 3 request 4 request 5

Prefetch inteligente de cache


Detecta automaticamente modo de leitura e faz prefetch

Controller
Cache
a b

The system recognizes the sequential data addresses and then enables the cache prefetch.

Suporte a discos SSD


Convivendo na mesma gaveta com outras tecnologias Na linha Turbo pode ser usado como cache de segundo nvel

Disk
a 0x21 b 0x22 0x23 c 0x24 d 0x25 e 0x26

TurboBoostSSD Cache
Host Server
Technics: Data reading from HDD Copying hot data to SSD Reading hot data from SSD 3 SSD 1 HDD Eliminating cold data from SSD Features: High Performance with fewer SSD Low power consumption Good compatibility

SSD HDD

HDD

HDD

Values: Multiple times of read performace boosting

2
SSD Cache Boost Engine

Reducing $/IOPS significantly More than 40% power saving

Hot Data

Cold Data

SSD Solid State Disk

TCO: Reduzindo OPEX


100 HDDs 45 HDDs + 1 SSD

+
1/10 Consumo de energia 1/8 custo Capacidade: 14 TB Performance: 18k IOPS Cap/Op-X: RMB 1,600,000 to 2.5 kWh

HDDs de alta capacidade

Capacidade: 14 TB Performance: 18k IOPS Cap/Op-X: RMB 200,000 to 0.25 kWh

Caractersticas de TI Verde
Desvatagens de ventiladores em alta velocidade Poeria Rudo Consumo de energia Soluo: controle inteligente de ventiladores

Intelligent Fan Control


Ambient temperature Ambient temperature < 35 Fan is in C: > 35 Fan is in HIGH C: LOW rotation speed. rotation speed.

Controller
Spin down para discos pouco acessados
Receives the temperature information from the monitoring point, and sends the speed control command.

B B B B

B B B B B B B B

A A A A A A A A

A A A A A A A A

Storage Software

HyperImage

HyperImage & HyperCopy

HP MSA Series

EMC CLARiiON

HyperCopy
SAS

IBM DS series

HyperCopy Data Migration


SATA SATA SATA

SATA LUN SATA SATA

HyperMirror

SAS SAS

HyperImage
1 2 3 4 5

HyperClone

9:30

10:30

11:30

12:30

13:30

teste

pesquisa

Backup

Archive

NAS - N8000

N8300

N8500

Unified storage
File servers Application servers Database servers

NFS/CIFS

iSCSI Block-level

FC

File-level Block-level
NAS IP SAN FC SAN

N8000 Cluster NAS

N8000 - Alta Disponibilidade


Windows user Unix user

IP CIFS NFS

N8000 Cluster NAS

N8000 - Escalabilidade
Windows user Unix user

IP Network CIFS NFS

N8000 Cluster NAS

Caractersticas do N8000
Item
Num of NAS engine

N8300
2-6

N8500
4-16

Clustering mode

Active-Active

Oceanspace N8300

Cache Interface of

8/48 GB per NAS engine

4/6 per NAS engine network Interface of FC Max. capacity Disk type RAID

2*4Gb per NAS engine

7.68PB
SSD, SAS, FC,SATA

15PB
Oceanspace N8500

RAID 0, 1,10, 5, 6

Armazenamento hierrquico dinmico


Data Center
Service LAN
IP IP IP IP IP IP IP IP IP

FC

FC

FC

FC

IP

IP

IP

IP

IP

Permite a definio de polticas para movimentao de dados de acordo com a necessidade do ambiente Dados com alto nvel de acesso podem ser movimentados para discos de maior performance Dados raramente acessados podem ser movimentados para discos de maior capacidade

FC-SAN

NAS

FC IP

FC

N8000
FC FC

SSD

FC

Tier 1 storage Tier 2 storage

Identical storage array

SSD

FC

SAS

SATA

VIS 6000

OceanStor VIS6000

Plataforma Unificada de Disaster Recover

Unix Linux Win

Unix Linux Win

Host

IP/FC SAN FC SAN IP SAN VIS6000 VIS6000

Transmission network (WAN/LAN/dedicated line)

Disaster recovery center

Array

Valores do VIS
Disaster recovery
Replicao baseada em I/O Replicao: Sincrona Assncrona Cclica

Confiabilidade
Redundncia Suporta multi-path Mltiplos ns ativos em cluster

Consolidao do Storage

Sistema de armazenamento aberto Preveno de locks por vendedores

Gerencia Simplificada
Administrao centralizada de storage de diferentes fornecedores

Valor para clientes

dddd

Histrico dos sistemas de Video Surveillance

Video Matrix
Generation 3:Sistema Digital de Video Vigilncia Rede IP Sinais digitalizados Compressode dados Internet Streaming Vdeo Dezenas de milhares de cameras

1 Gerao: Sistema Analgico de Video Viilncia Cabos Coaxiais Modo Analgico Centro de controle Pouca escalabilidade e gerncia 20-100 cameras

2 Gerao: Sistema de Video Vigilncia "Analogico + Digital Cabos Coaxiais Modo Analgico Digitalizados Armazenados atravs do centro de controle ou de DVR 100-200 cameras

4 Gerao: Digital Sistema Inteligente de Video Vigilncia Imagens de Alta Definio Anlise inteligente de comportamento e busca Diversos mtodos de acesso Centenas de milhares de cameras

1998 2006 1980 1998

2007 2010

2011 futuro

Arquitetura de Video Vigilncia NVR Network Video Recorder

PTZ Camera

Decodifica dor Swit ch Decodifica dor

Swit ch Rede IP

Decodifica dor

Monitor

Camera Fixa

Camera IP NVR Captura Transmisso Client e

Decodifica dor Display


Analogico Sinal (RS485) Rede IP

Gerencia

Inteligncia para anlise de vdeos


Reconhecimento de placas Reconhecendo placas comumente utilizadas dentro de uma certa regio. Capturando imagens panoramicas e em closede veculos, licenas, placas e marcas.

People counting Contagem de pessoas


Contagem do nmero de pessoas num perodo de tempo numa determinada regio. Contagem do nmero de pessoas que se movem numa determinada direo ou em direes opostas

Super resoluo
O processamento de imagens n claro Vrios rudos durante a transmisso das imagens

Deteco de eventos
Detecta pessoas suspeitas ou veculos em certas regies. Automatica e inteligentemente analisa os relatrios de eventos suspeitos

A arquitetura aberta e compatibilidade com software de terceiros permite o desenvolvimento de poderosas funes.

Datacenter Convencional
Energia
Sala de Monitorao

Ar condicionado Racks

CDC - Container Data Center


Combate a incndio

Ar condicionado Segurana Racks

Energia

Container Data Center

Container padro de 40 ps 10 racks 42U Capacidade de resfriamento ar condicionados de preciso: 62.5 kW (4+1)

Container Data Center 20 ps

2 ou 4 racks Ar-condicionado 1+1 ou 2+1

Layout of Air-Cooled Container


Power supply cabling tray Network cabling tray Management server Power supply PDF Video camera

Air-condition evaporator Static proof floor


Hot aisle Transect view Cold aisle

Rack Entrance chamber Lightning Protection Box

CRAC

Top view

Cabinet Layout and Sizes with Precision Air Conditioning


Cabinet #10 Air conditioner #5

Air conditioner #1

Inert gas extinguishing facility cabinet 2.59 m 0.15 m

Management server cabinet #1 0.85 m 0.6 m Power distribution cabinet Lightning protection box PUE of container data center < 1.5

COMPONENTES da Soluo CDC


40 ps - 10 RACKS 42 Us
20 ps 2 ou 4 racks

Sistema de refrigerao de preciso (4+1) 40 ps


20 ps 1+1 ou 2+1

Sistema de Combate a Incndio (HFC 227ea) Sensores de temperatura, umidade e fumaa Sistema de monitorao do ambiente com cameras de vdeo Contrle de acesso Sistema de monitorao local ou remota Robustez
Descargas eltricas Vento Fogo Chuva Terremoto Salinidade Bolor

Container Data Center

Cabeamento eltrico instalado Sistema de para raios e aterramento No Break e Gerador

VANTAGENS da Soluo CDC


Baixo custo de aquisio, 20 a 40% menor Baixo custo de operao, 20 a 33% menor Escalabilidade Portabilidade Baixo tempo de implementao, 90 a 120 dias Soluo Completa Implementao
Integrao com infra-estrutura adicional

Container Data Center

Migrao Configurao Testes Treinamento Acompanhamento Vida til de no mnimo 10 anos

Plataforma de TI

Security ...

Secospace
SVN 3000 SSL VPN USG 2000/5100/5300 USG 9100/9300 NIP100/100 0

DPI

Server

Security Product Portfolio


Security Service Network and Content Security Security Security SW
Capability
Bypass series Botnet Signature Base Protocol Base (DPI) Virus Signature Base Spam Base URL Signature Base Intrusion Signature Base Emergency Response On-line Upgrade Reputation Assessment Security Mgmt Security Mgmt Service Security Consulting

Service

Deep Packet Inspection (DPI)


SIG1000E SIG9280E Inline series
~ 100G

SIG9810 SIG9820

IDS
NIP200/1000

WAF

Anti-DDoS Solution
USG5000ADD/ADI USG9300 ATIC

~ 20G

~ 60G

~ 40G

200M-1G

1-2G

10-80G

Mgmt Center

Service Routing Gateway/ Enterprises Gateway


USG2000/5000BSR USG2000/5000HSR USG2100/2200

UTM
USG5100/5300/5500 USG9300

SSL VPN
SVN 3000/5000

160K-1500KPPS

<1G

1G-20G

10G-160G

2000 -12000 users

Terminal Security Management


TSM DSM ELog

Security Management
VSM

Terminal Security Mgmt

Document security Mgmt

Log Mgmt and Audit

unified management

Values Brought by the UTM Concept


External threats
In terms of the deployment, the USG5300 can effectively solve the problem of device deployment in serial connection mode, and reduce the risk of a single point fault and the delay of data forwarding. In terms of the usage, the USG5300 simplifies the management of network devices, and reduces costs and human resource investment.

Virus, erotism, violence, and political site

Worm and Trojan horse

Bandwidth abuse of P2P

Attack and intrusion

Border device
Intrusion Information disclosure Chatting/Downloading/Surfing Account embezzlement Mail virus

User terminal
Online behavior management

Mail server Data server Web server

Data theft DDoS attack Web page tampering

Internal threats

Security Gateway Series Product


USG9120 USG9110 USG 5360 USG 5350 USG 5330 USG 5320 USG 5150 USG 5130 USG 5120 USG 5110 USG 2250 USG 2230 USG 2220 USG 2210 USG 2160 USG 2130 USG2110

USG9320 USG9310

MAN 10 Gigabit egresses

MAN traffic cleaning

Large enterprises and Data centers

Large and medium-sized enterprises

Medium-sized enterprises

Small and medium-sized enterprises Small enterprises and remote offices

Ranging from desktop devices to high-end Gigabit to fully protect your networks

Proteo de Terminais
Solving the security problems most concerned by CIO Network access control, internal employees' behavior management, document security management

Access control

Security policy management

Document authority management

Patch management Employees' behavior management 010101010 010101010 010101010 TSM

DSM User management

Log audit

software distribution Asset management

Secospace Terminal Security Management Solution


Integrated intranet terminal security solution based on one agent Deploying the carrier-class SACG, 802.1x or software SACG which are on the Layer 3 or Layer 2 to meet complicated network requirements Diversified security policies to automatically reduce low-end security threats and ensure that employees use network resources properly Automatic deployment to reduce operating costs and complexity through
Partner Branch
Enterprise Extranet VPN access

Untrusted

DMZ
SA Pre-authentication domain SA VPN Gateway SC SM Core network SACG
Enterprise intranet
Third-party domain management server Third-party anti-virus server

Local Local SA

Third-party patch server

Trusted

Post-authentication domain three Post-authentication domain two

Post-authentication domain one

SA: security agent SM: security manager SC: security controller SACG: secure access control gateway

Huawei Symantecs Terminal Security Management Process


Policy ID authentication Security check Recovery Response Audit Authorization Monitoring access

Remote employees On-site employees Visitors External illegal users

Sensitive information resources

Core information resources

repair

General information resources

Isolating and repairing Providing audit results of untrusted users behavior monitoring Preventing Authorizing users' access unauthorized users range

Asset Management
Uniformly managing enterprise assets, knowing the asset lifecycle, preventing asset loss, and improving management efficiency

Automatically collecting asset software and hardware information Bundling user's asset information and specifying the owner of assets Automatically tracking the modified assets and providing alarms by short messages when the asset is modified, which effectively prevents asset loss Managing the asset lifecycle, such as reminding users that the retirement time is due or the product is beyond the warranty period Take statistics of asset information by providing diversified asset statistics forms and asset modification form
Performing asset management Triggering the automatic collection of assets

Asset statistics forms Asset modification forms Asset alarms SM

Automatically collecting asset information

Administrator

Feeding back asset modification information

Terminal users

Page 57

Secospace DSM Process


2. Security authentication user operation authentication Storing the key and authority information in the DS Disallowing external users who do not have access authority

ID authentication failure

Problems solved: Intentional leakage Stolen by hackers Lost by accident

DSM server
Unable to download authority information

External users

Di str ib 1 2 4 uti ng 3. Information distribution inf Through Internet or or attachments of emails m Through FTP download ati other devices on to th 3 e ou DSM client DSM client 4. Information access tsi Receiving users de 1. Information protection authentication Temporarily acquiring Encrypting documents the key and authority Uploading document Being authorized to authority information perform offline operations
and cache the key

Unified log management for all devices


security device, Router, Switcher, BRAS for Huawei Security device and Network device for competitor Operating system, DB, web server Standard syslog device
Firewall DPI UTM

manage all logs in a unified manner and achieve highly reliable storage for massive logs. query log by keyword based on regular expressions. can collect logs of various security devices, network devices, hosts (Windows, Linux, and Unix), databases (Oracle, DB2, Informix, Sybase, and SQL Server), and Web servers (IIS, and Apache). provide the function of detailed analysis of the logs for the Eudemon/USG firewalls. It allows users to query logs accurately by log type.

Secospace eLog

Syslog Session log OPSec SNMP Trap DB log Text log Audit log Event log

IDS IPS

Router

BRAS

Switcher

OS DB web server

Unified Topology Interface

IP Topo

Transport Topo

Transport IPAccess Unified Topo Access Topo

Unified Physical Topo, Service Topo, IP Topo With clear total view of the whole network and fiber connection . Flexible sub-network division , make large network management more convenient.

Centralized Alarm Monitoring


EMS-1 VSM EMS-2

EMS-n

Multi-sets EMS for large network without whole network alarm information Different equipment managed by different EMS, trouble shooting efficiency is very low by manpower between different departments.

Centralized fault monitoring of whole network, alarm amount convergence. From multi-system, multi-team to single system, single team improve trouble shooting efficiency greatly.

Solues Huawei Symantec

Marcelo Campos
Gerente de Produto - Technical Sales Department

Huawei Symantec Technologies Co., Ltd.