Sangfor SSL VPN Presentation

Sunny TseProduct Manager, International Division

Agenda

Best Practice & Solution 22

Case Study 25

Mobility of Today’s Business 3

Sangfor Company 28

Secure, Fast, Easy-to-use SSL VPN 7

Access Mobility of Today’s Business

SSL VPN Market Growth

Improve business productivity by enable mobile and remote office;

Include supplier/partner/customer into company’s business process to improve efficiency

and productivity

(US$MM)

Source: Frost & Sullivan

2010 2011 2012 2013 2014 20150

50

100

150

200

250

300

End-user Spending on SSL VPN (APAC)

End-user Spending

Business Becomes More Mobile

Authentication server

Tele -conference

PCs

Application servers

Storage & database

User on the road: Management, Sales, technical profession, researchers on business trip, in the airport , etc.

Authorized partners/ customers :Business partners, supplier, contractors, customers remotely access product/ partnership system, etc

At home/ Out of office: Employees occasionally out of office or at home

Remote maintenance: IT do remote maintenance or 3rd party technical maintainers do maintenance to internal systems

Remote offices/ selling house/business hall:Remotely access business application systems to carry on business deals, etc.

Expands Business with SSL VPN

Authentication server

Tele -conference

PCs

Application servers

Storage & database

User on the road

At home/ Out of office

Remote maintenance

Remote offices/HBO

Authorized partners/ customers

Secure, Fast, Easy-to-use SSL VPN

Sangfor SSL VPN

Rapidity Usability

Security

Secure SSL VPN access; Ensures the authorized user,

using a secure endpoint via a secure tunnel to access the authorized resource;

Rapid SSL VPN access; Full access optimization to

ensure high-efficient mobile office, thus enhance the productivity.

Ensure the end users’ access experience;

Easy-to-use SSL VPN; Intuitive, low learning curve

for end user; Easy for administration Offer flexibility to meet with

corporation’s future needs.

Comprehensive Security Protection

• Standard encryption algorithm: AES, DES, 3DES, RSA, DH, RC4, MD5, SHA Digest algorithm

• Man-in-the-middle attack detection

• User authentication ： Username/Password, LDAP,RADIUS, CA, USB key , Dynamic Token, Hardware ID, SMS

• Host checker• Dedicated SSL VPN

Tunnel • Cache Cleanup• Secure Desktop

• Account binding• “User-Role-Resource”

association• Dynamic privilege

Identification End Point Transmission Authorization

INTERNET

Host Checker

Check security status of host prior to user login, and during the SSL VPN

session

Resource 1

Failed to meet any policy

Meet policy condition 1&2&3

Meet policy condition 2&3

Resource 2

Operating system, registry file, process, personal firewall, anti-virus files, login time, line IP, user IP, user-customized security rules…

Secure desktop

Exit Minimize

Secure Desktop

Default desktop

APP3APP

2OS

OS

APP1

APP3APP

2APP1

APP3APP

2OS

OS

APP1

APP3APP

2APP1

Critical/R&D resource Common office resource

SD creates an isolated workspace to ensure the absolute security of remote

access;

Copy & Paste to local resource

Print Save to local disk

Cached/temp. files

Account Binding

SSL VPN Account A

Application account A

SSL VPN Account B

Application account B

Application account A

2 factorAuthenticati

on

Account binding enables unified

authorization and simplified

administration

APP3APP2OS

OSAPP1 APP3

APP2APP1

Authorized resource

Link

Complete Access Optimization

Time

Resource

Redundant Data

Transmission • High-speed Transfer Protocol

Transmission optimization

• Byte cache• Streaming compression

Data optimization

• Webpage access optimization • Resource load balancer

Resource optimization

• Intelligent link selection Link optimization

Saving telecommunication(3G) traffic and cost;

Enabling a high-efficient SSL VPN access

Access Optimization - Lab Test Result

File size: 10M

Network environment: 2Mbps, 100ms latency, 1% packet loss

Remarkably Easy-to-use SSL VPN

Mobile user Administrator

Cross-platform support;

Remote application;

Single-Sign-On;

Login page customization;

System tray;

…

Hierarchical management;

Virtual secure portal;

Asymmetrical cluster;

Built-in IPSec VPN;

Syslog, SNMP;

…

Easy to use, able to connect to

business any time, any where with any

device;

Easy to manage, able to meet with

organization’s future needs;

C/S applicationsWindows applications

Remote Application

Key strokes, mouse click, …

[Terminal server(s)]

Remote applicationwindows

Remote user with any device

• No need to pre-install C/S application clients to the endpoints;

• Enable accesses to C/S applications, Windows applications on smart phone, tablet, such

as iPad, iPhone, Android devices, etc.

• Fast transmission speed even when accessing with a limited bandwidth;

Users remotely operate on the application servers:

Remote Application – Sangfor EasyConnect

Take the office in your pocket!

Login methods MLogin page MPublished resource MAdministrator M

URL:https://app.mobile.comLogin methods PLogin page PPublished resource PAdministrator P

URL:https://app.partner.com Login methods C

Login page CPublished resource CAdministrator C

URL:https://app.customer.com

Virtual Secure Portal

Visualize SSL VPN into up to 253 virtual SSL VPNs

Partnergroup

Customergroup

Mobile user group

Virtual Secure Portal

Asymmetrical Cluster

M5900-S, 16000 users

M5800-S,5000 users

M5600-S,3800 users 24800 users

Cope with business growth;EXCLUSIVE !A

symm

etrical cluster

Cluster Cloud

Datacenter Hong Kong

Datacenter London

APP1

APP2

云 CAPP1

APP2

APP1

APP2

Cluster cloud meets with deployment requirements when in a multiple

datacenter/ cloud environment;

User AHong Kong

User BLondon

URL:https://app.unified.com

Unified domain name for remote accesses

Centralized configuration for the cluster appliances

Choose the fastest and healthy SSL VPN appliance to access

• Increase remote access speed and accessibility ；

Cluster

M5900-S-I,16000 User

M5800-S-I,5000 User

M5600-S-I,3800 User

M5500-S-I,2600 User

M5400-S-I,1200 User

M5100-S-I,300 User

Asymmetrical cluster

Cluster up to 20 units

Wide Range of Product Model

Best Practice & Solution

Implementation of Sangfor SSL VPN

ADBusiness Resource Internet

3GRemote small office HW ID

Customers

Password

Resource authorization

Virtual secure portal M

Partners

Secure Desktop

SOHO/Remote maintenance SMS

User on the road

SMS

Virtual secure portal P

Virtual secure portal C

Headquarters

• Tunnel encryption • Host checker • Secure desktop• Remote application• Access optimization• …

WLAN PCs

WLAN Security Enhancement

APP3APP2OS

OSAPP1 APP3

APP2APP1

APP3APP2OS

OSAPP1 APP3

APP2APP1

Resource1

Resource 2

Unauthorized users

Guests Internal users

Normally, only user/password authentication is required in an WLAN network;

Once connected, all users almost enjoy

the same access authority due to lack of

authorization measures;

Intruder can easily steal

the data by intercepting

into the WIFI session ;

Case Study

Case Study

2626

Sangfor SSL VPN

Customer The central bank of the People's Republic of China

Play an important role in China's macroeconomic management

Requirements Employees frequently go business trip to local banks in different cities, the mobility requires a secure way for employees to remotely access the office systems, such as OA, email systems of PBC’s

Sangfor

Solution

Users are authenticated with combined USB, SMS measures before accessing the systems; All user names are bind with the hardware code of the employees’ laptops;

Various security protection measures are enabled to guarantee safety before/during/after employees’ remote access;

Apply the acceleration policies to enable fast and efficient remote access;

Sangfor SSL VPN

2008, 2009, 2010 2010, 2011

2008 2009 2010

31.1%

34% 36%

Sangfor Company

29

Sangfor Company

Founded in 2000

― 44 Offices found in major cities of Mainland China,

Malaysia , Hong Kong, Singapore, Thailand ,

Indonesia, Vietnam and UK

― 1000+ employees;

― 15,000 customers;

8 product lines

― IPSec VPN, SSL VPN, Internet Access

Management, WAN Optimization, Application

Delivery , Secure Gateway, Application

Performance Management and Next Generation

Firewall;

Continuously fast growth

― 50–70% annual growth in the past 6 years

Sangfor Overview

CMMI Level 3 authentication for R&D system;

ISO 9001 authentication for Service System;

30

Data Center

Gateway

SSL VPN

ADC

APM

AF

WOC

SSL VPN

IAM

IPSec VPN

AF (Low End)

WOC

IAM

AF

One stop solution to serve for customers

Offering Solution at Three Levels

H QH Q

Branch Office

31

Cloud-Computing Ready

Mobile phone

Pad

Laptop/PC

TV APP3APP2OS

OSAPP1OS

APP3APP2OS

OSAPP1OS

Cloud Endpoint

SC APM

Central management

WANO/VPN

EasyConnAPP3

APP2OS

OSAPP1OS

APP3APP2OS

OSAPP1OS

Visualization

WANO

Optimization

Management

IAM / NGFW

Efficiency

SSL VPN

WAN

Internet

3G/SVAT

Optimization

WANO/AD

Visualization

Prospective Vendor

Deloitte Technology Fast 500 Asia-

Pacific in 2005, 2006, 2007, 2008, 2009,

2010,2011

Mid-sized Enterprise Gold Award from

Standard Chartered Bank

Network Security Manufacturer in Asia

Pacific Award 2009 from Frost &

Sullivan

“Best Company to work for” Award

from Fortune China ， 2009

“Best Company to work for” Award

from Fortune China ， 2011

Tel: +86-755-8633 6171

Fax: +86-755-8662 7753

Email: marketing@sangfor.com

4th Floor, Building 2, Financial Base,

No. 8 Kefa Rd, Technology Park, Nanshan District

Shenzhen, Guangdong Province, P. R. China

P. C.: 518052

Thank You