Copyright © Huawei Technologies Co., Ltd. 2011. All rights reserved.

Trademark Notice

General Disclaimer

, HUAWEI, and are trademarks or registered trademarks of Huawei Technologies Co., Ltd.Other trademarks, product, service and company names mentioned are the property of their respective owners.

The information in this document may contain predictive statements including, without limitation, statements regarding the future financial and operating results, future product portfolio, new technology, etc. There are a number of factors that could cause actual results and developments to differ materially from those expressed or implied in the predictive statements. Therefore, such information is provided for reference purpose only and constitutes neither an offer nor an acceptance. Huawei may change the information at any time without notice.

No part of this document may be reproduced or transmitted in any form or by any means without prior written consent of Huawei Technologies Co., Ltd.

Huawei Security SolutionEnterprise Campus Network

— Campus Network Security Solution

Cam

pus Netw

ork Security Solution

1

OverviewEnterprise campus networks are facing increasing

security issues in applications and services, such as

malicious intrusions, Trojan horses, viruses, phishing,

overuse of P2P applications, and threats from

internal users. These issues impact campus network

efficiency and service security. In the information era,

a network must provide very high bandwidth for

emerging applications, such as Web 2.0, P2P video,

and broadband access over cable networks. It has

become a trend to use gigabit switches as desktop

switches and 10G routers or switches as backbone

devices, and many switches and routers provide 10G

ports. As more services are deployed on large-scale

enterprise networks and the network capacity keeps

expanding, traditional security systems have become

a vulnerability on campus networks and cannot

guarantee enterprises' information security.

On a campus network, informat ion leakage,

unauthorized access, slow response or crashing

of devices, interruption of core services, network

breakdown, and other security or availability issues

cause losses to the enterprise. Traditional desktop/

terminal security management solutions cannot force

user terminals to install the authentication client or

effectively prevent attacks. IT administrators have to

spend a lot of time in taking anti-attack measures.

Enterprises require a security solution that can force

user terminals to install the authentication client.

Huawei has an industry-leading network protocol

analysis team and a complete protocol library. Based

on in-depth understanding of security threats to

various network protocols, Huawei endeavors to

provide comprehensive network security solutions and

technical support for customers to deal with security

threats. Huawei information security products and

professional security solutions help build a complete

security system for enterprise campus networks.

PrincipleThrough in-depth understanding of campus network

construction and services, and rich experience in

network and terminal security management, Huawei

has developed a systematic approach to information

security system construction, following the principle of

"creating values for customers."

Cam

pus Netw

ork Security Solution

2

Huawei has a world-leading security capability center

and excellent security solution teams. They use

carrier-grade security hardware products and versatile

software products to provide an environmentally

adaptive and user-friendly security solution with the

following advantages:

Retains original user network topologies and devices • and secures campus networks without degrading network performance and reliability.

Provides better user experience through refined designs • of solutions that are easy to deploy and manage.

Supports flexible configuration of security policies and • reports.

Supports flexible configuration of security policies and • reports and updates them using a cloud knowledge base.

Ensures secure and reliable network operation using • a service continuity design, patented file network fast forwarding technique, and real-time intelligent security monitoring platform.

The Huawei campus network security solution consists

of the following components.

Customer service

High availability

Traffic cleaning

Clear structure

Simple man agement

Disaster recovery

Service in spection gateway(SIG)

Security Routing Gateway

Edge security

Reliable business

Terminal security and data protection soution

Reliable connection

VRN remote access solution

Reliable service

UTM& Firewall edge security solution

Improve efficiencyVisible

Man

agea

ble

Low

cos

t

Increaseprofit

Availability Integration

Acti

ve

protec

tion

Glo

bal

secu

rity

Com

ply

with

st

anda

rds

Protectasset

Rel

iabl

e s

ervi

ceSim

plem

anagement

Security Solution Components

Cam

pus Netw

ork Security Solution

3

Advantages

Campus Edge Security Solution

High performance and reliability

The advanced “NP+mult i -core+distr ibuted” • architecture dramatically improves network performance.

The large capacities of edge devices ensure fast • transmission of key services.

The most stable and reliable security gateways • are deployed at the network edge to ensure service continuity.

High VPN performance allows a large number of • services to be encrypted and transmitted in a timely manner.

Industry-leading UTM features

A comprehensive intrusion protection system (IPS) is • used to prevent various security threats. The signature library can save more than 2500 signature rules, allowing users to identify and analyze attacks efficiently.

Powerful and stable antivirus features are provided, • which can quickly obtain the latest virus characteristics and antivirus engines.

A URL library with more than 55 million URLs ensures

fast filtering and classification of URLs.

A network integrating the routing, switching, Wi-Fi,

3G, and security, reducing network construction costs

Support for flexible expansion and smooth upgrade

An open Encapsulation Security Protocol (ESP)

platform, supporting multi-service expansion

Huawei campus network security

solutionTraffic Cleaning Solutiom

Terminal Security Management Solution

Icache SolutionDIP-based Fine-grained Management Solution

Campus Edge Security Solution

Remote Access Security Solution

Cam

pus Netw

ork Security Solution

4

Terminal Security Management Solution

Comprehensive terminal security management

The admission control feature applies to various • terminals, providing consistent and user-friendly operating environments.

Terminal security is easy to manage, reducing the • overall operation and maintenance workload.

Security policy updates can be obtained from a cloud • knowledge base, making network evolution more flexible.

Powerful file permission management

Dynamic file encryption enhances file security.•

Dynamic file permission control protects files during • transfer and storage.

Various permissions allow for flexible authorization.•

Group policies and policy templates help manage file • permission consistently.

Versatile file formats meet various service requirements.•

This solution provides user management functions • and supports all existing directory management and authentication services.

Remote Access Security Solution

Rich functions

IP VPN functions, including Security Socket Layer (SSL) • VPN and IPS VPN

Virtual VPN gateway •

Flexible configuration

A series of security products help achieve the optimal • configuration.

The maximum number of concurrent users and tunnels • will increase when products are upgraded.

High reliability

Enhanced security features are provided, including •

CA authentication, UKEY authentication, and RSA authentication.

Well-designed hardware and software are capable of • providing 24/7 services.

Easy maintenance

Supports unified security management of remote • access devices.

Supports multiple management modes, such as CLI,

web, and SNMP.

Traffic Cleaning Solution

Most excellent solution

Excellent performance: 160 Gbit/s capacity to defend • against large-scale attacks

Excellent fault detection: DPI technology, effectively • protecting the network against DDoS attacks

Excellent response speed: quick response to attacks in • seconds, ensuring stable network operation

Excellent reliability: 99.9999% availability, providing a • reliable network environment

Easiest solution

Easy to manage: low OPEX•

Easy to expand: low network expansion costs•

DPI-based Fine-grained Management Solution

Powerful traffic identification

Multiple DPI features are provided, including • feature identification, association identification, behavior identification, and dynamic decryption. These DPI features can identify more than 20 types of services (such as P2P, VoIP, instant messaging, video, game, and stock), 850 protocols, and 1000 applications.

Cam

pus Netw

ork Security Solution

5

The knowledge base supports manual upgrade and • automatic upgrade. Automatic upgrade does not require manual operations of administrators and will not interrupt running services, facilitating management.

Fine-grained traffic management

Analyzes traffic on the entire campus network.•

Controls traffic rate based on applications and users.•

Reducing network congestions and reducing costs on

egress bandwidth expansion

ICache Solution

Combination of traffic control and traffic caching

The iCache devices work with Huawei DPI devices to • combine traffic control and traffic caching. This prevents low-value traffic from occupying bandwidth of high-value traffic, improving user experience.

High scalability

The iCache solution uses a distributed network • structure. The iCache system performance can be improved quickly by simply increasing iCache devices on the network. Upgrade of the iCache system does not affect running services. Functions on one iCache device can be migrated to other iCache devices flexibly, improving device utilization.

Comprehensive traffic caching

The iCache system platform can identify various • protocols and cache traffic of services such as web browsing, P2P downloading, HTTP downloading, and online video. As the platform develops, it will be able to cache the traffic of more services.

Uniform and simple management

Huawei provides an NMS to manage the DPI and •

iCache systems. The NMS has user-friendly GUIs that are easy to navigate and provides various traffic statistical reports.

High reliability

The P2P and video traffic caching system is connected • to the carrier network in bypass mode and cache traffic using port mirroring or optical splitters. This deployment mode does not change the carrier network structure or deteriorate the carrier network performance. Key components work in redundancy mode; therefore, services will not be interrupted when a disk or a device fails.

Energy conservation

Following the principle of environmental protection, • the iCache solution uses mult iple energy-saving technologies, including hard disk soft start, hard disk sleeping, and intelligent fan speed control. In addition, iCache devices use highly efficient power modules, low-power interface cards, and low-power chips. These energy-saving technologies and components dramatically reduce customers' OPEX.