Sangfor SSL VPN Presentation Sunny Tse Product Manager, International Division
Sangfor SSL VPN Presentation Sunny Tse Product Manager, International Division Agenda Mobility of Today’s Business 3 Secure, Fast, Easy-to-use SSL VPN 7 Best Practice & Solution 22 Case Study 25 Sangfor Company 28 Access Mobility of Today’s Business SSL VPN Market Growth End-user Spending on SSL VPN (APAC) (US$MM) 300 250 200 150 100 50 0 2010 2011 2012 2013 2014 End-user Spending 2015 Source: Frost & Sullivan Improve business productivity by enable mobile and remote office; Include supplier/partner/customer into company’s business process to improve efficiency and productivity Business Becomes More Mobile User on the road: At home/ Out of office: Employees occasionally out of office or at home Management, Sales, technical profession, researchers on business trip, in the airport , etc. Application servers Storage & database Authorized partners/ customers : Business partners, supplier, contractors, customers remotely access product/ partnership system, etc Remote offices/ selling house/business hall: Remotely access business application systems to carry on business deals, etc. Remote maintenance: IT do remote maintenance or 3rd party technical maintainers do maintenance to internal systems Authentication server Tele PCs conference Expands Business with SSL VPN User on the road Application servers Storage & database At home/ Out of office Remote maintenance Authentication server Remote offices/HBO Authorized partners/ customers Tele PCs conference Secure, Fast, Easy-to-use SSL VPN Sangfor SSL VPN Security Rapidity Rapid SSL VPN access; Full access optimization to ensure high-efficient mobile office, thus enhance the productivity. Ensure the end users’ access experience; Secure SSL VPN access; Ensures the authorized user, using a secure endpoint via a secure tunnel to access the authorized resource; Usability Easy-to-use SSL VPN; Intuitive, low learning curve for end user; Easy for administration Offer flexibility to meet with corporation’s future needs. Comprehensive Security Protection • User authentication: Username/Password, LDAP,RADIUS, CA, USB key , Dynamic Token, Hardware ID, SMS Identification • Host checker • Dedicated SSL VPN Tunnel • Cache Cleanup • Secure Desktop End Point • Standard encryption algorithm: AES, DES, 3DES, RSA, DH, RC4, MD5, SHA Digest algorithm • Account binding • “User-Role-Resource” association • Dynamic privilege • Man-in-the-middle attack detection Transmission INTERNET Authorization Host Checker Check security status of host prior to user login, and during the SSL VPN session Operating system, registry file, process, personal firewall, anti-virus files, login time, line IP, user IP, usercustomized security rules… Meet policy condition 1&2&3 Resource 1 Meet policy condition 2&3 Failed to meet any policy Resource 2 Secure Desktop SD creates an isolated workspace to ensure the absolute security of remote access; APP APP O APP APPO 3 2 S APP 3 1 S APP 2 1 APP APP O APP APPO 3 2 S APP 3 1 S APP 2 1 Common office resource Critical/R&D resource Minimize Exit Print Default desktop Save to local disk Secure desktop Copy & Paste to local resource Cached/temp. files Account Binding Account binding enables unified authorization and simplified administration SSL VPN Account A Application account A SSL VPN Account B Application account A APP3 APP2 OS APP3 APP1 OS APP2 APP1 Authorized resource Application account B Complete Access Optimization Time Link optimization • Intelligent link selection Link Transmission optimization Transmission Data optimization Redundant Data Resource optimization Resource • High-speed Transfer Protocol • Byte cache • Streaming compression • Webpage access optimization • Resource load balancer Enabling a high-efficient SSL VPN access Saving telecommunication(3G) traffic and cost; Access Optimization - Lab Test Result File size: 10M Network environment: 2Mbps, 100ms latency, 1% packet loss Remarkably Easy-to-use SSL VPN Mobile user Easy to use, able to connect to business any time, any where with any device; Administrator Easy to manage, able to meet with organization’s future needs; Cross-platform support; Hierarchical management; Remote application; Virtual secure portal; Single-Sign-On; Asymmetrical cluster; Login page customization; Built-in IPSec VPN; System tray; Syslog, SNMP; … … Remote Application Users remotely operate on the application servers: Remote application windows Remote user with any device Key strokes, mouse click, … [Terminal server(s)] C/S applications Windows applications • No need to pre-install C/S application clients to the endpoints; • Enable accesses to C/S applications, Windows applications on smart phone, tablet, such as iPad, iPhone, Android devices, etc. • Fast transmission speed even when accessing with a limited bandwidth; Remote Application – Sangfor EasyConnect Take the office in your pocket! Virtual Secure Portal Visualize SSL VPN into up to 253 virtual SSL VPNs Mobile user group URL:https://app.mobile.com Login methods M Login page M Published resource M Administrator M Partner group URL:https://app.partner.com Login methods P Login page P Published resource P Administrator P Virtual Secure Portal Customer group URL:https://app.customer.com Login methods C Login page C Published resource C Administrator C Asymmetrical Cluster M5800-S, 5000 users M5600-S, 3800 users Asymmetrical cluster M5900-S, 16000 users 24800 users Cope with business growth; Cluster Cloud Cluster cloud meets with deployment requirements when in a multiple datacenter/ cloud environment; Centralized configuration for the cluster appliances 云C Choose the fastest and healthy SSL VPN appliance to access Unified domain name for remote accesses APP1 APP2 APP2 Datacenter Hong Kong User A Hong Kong Cluster URL:https://app.unified.com APP1 APP2 Datacenter London User B London • Increase remote access speed and accessibility; Wide Range of Product Model Asymmetrical cluster Cluster up to 20 units M5900-S-I, 16000 User M5800-S-I, 5000 User M5600-S-I, 3800 User M5500-S-I, 2600 User M5400-S-I, 1200 User M5100-S-I, 300 User Best Practice & Solution Implementation of Sangfor SSL VPN User on the road Virtual secure portal M • • • • • • SMS SOHO/ Remote maintenance Tunnel encryption Host checker Secure desktop Remote application Access optimization … Headquarters SMS 3G Remote small office HW ID AD Resource authorization Business Resource Internet Virtual secure portal P Virtual secure portal C Partners Secure Desktop Customers Password PCs WLAN WLAN Security Enhancement Normally, only user/password authentication is required in an WLAN network; Once connected, all users almost enjoy the same access authority due to lack of authorization measures; Intruder can easily steal APP3 APP2 OS APP3 APP1OS APP2 APP1 the data by intercepting into the WIFI session ; Resource1 APP3 APP2 OS APP3 APP1OS APP2 APP1 Unauthorized users Guests Internal users Resource 2 Case Study Case Study Sangfor SSL VPN Customer The central bank of the People's Republic of China Play an important role in China's macroeconomic management Requirements Employees frequently go business trip to local banks in different cities, the mobility requires a secure way for employees to remotely access the office systems, such as OA, email systems of PBC’s Sangfor Users are authenticated with combined USB, SMS measures before accessing the systems; All user names are bind with the hardware code of the employees’ laptops; Solution Various security protection measures are enabled to guarantee safety before/during/after employees’ remote access; Apply the acceleration policies to enable fast and efficient remote access; 26 Sangfor SSL VPN 34% 36% 2009 2010 31.1% 2008 2010, 2011 2008, 2009, 2010 Sangfor Company Sangfor Company Sangfor Overview Founded in 2000 ― 44 Offices found in major cities of Mainland China, Malaysia , Hong Kong, Singapore, Thailand , Indonesia, Vietnam and UK ― 1000+ employees; ― 15,000 customers; 8 product lines ― IPSec VPN, SSL VPN, Internet Access Management, WAN Optimization, Application Delivery , Secure Gateway, Application Performance Management and Next Generation Firewall; Continuously fast growth ― 29 50–70% annual growth in the past 6 years CMMI Level 3 authentication for R&D system; ISO 9001 authentication for Service System; Offering Solution at Three Levels SSL VPN One stop solution to serve for customers ADC SSL VPN Data Center IAM AF Branch Office IPSec VPN AF (Low End) WOC 30 APM WOC HQ Gateway IAM AF Cloud-Computing Ready Cloud Endpoint Visualization TV Optimization Efficiency Management WAN Laptop/ PC WANO/VPN Internet Mobile phone WANO/AD SSL VPN IAM / NGFW Optimization WANO EasyConn 3G/SVAT Visualization APP3 APP2 OS APP3 APP1OS APP2 OS OS APP1OS OS Pad Central management SC 31 APP3 APP2 OS APP3 APP1OS APP2 OS OS APP1OS OS APM Prospective Vendor Deloitte Technology Fast 500 AsiaPacific in 2005, 2006, 2007, 2008, 2009, 2010,2011 Mid-sized Enterprise Gold Award from Standard Chartered Bank Network Security Manufacturer in Asia Pacific Award 2009 from Frost & Sullivan “Best Company to work for” Award from Fortune China, 2009 “Best Company to work for” Award from Fortune China, 2011 Thank You 4th Floor, Building 2, Financial Base, No. 8 Kefa Rd, Technology Park, Nanshan District Shenzhen, Guangdong Province, P. R. China P. C.: 518052 Tel: +86-755-8633 6171 Fax: +86-755-8662 7753 Email: [email protected]
© Copyright 2024