sangfor ssl vpn presentation sunny tse product manager, international division
TRANSCRIPT
Sangfor SSL VPN Presentation
Sunny TseProduct Manager, International Division
Agenda
Best Practice & Solution 22
Case Study 25
Mobility of Today’s Business 3
Sangfor Company 28
Secure, Fast, Easy-to-use SSL VPN 7
Access Mobility of Today’s Business
SSL VPN Market Growth
Improve business productivity by enable mobile and remote office;
Include supplier/partner/customer into company’s business process to improve efficiency
and productivity
(US$MM)
Source: Frost & Sullivan
2010 2011 2012 2013 2014 20150
50
100
150
200
250
300
End-user Spending on SSL VPN (APAC)
End-user Spending
Business Becomes More Mobile
Authentication server
Tele -conference
PCs
Application servers
Storage & database
User on the road: Management, Sales, technical profession, researchers on business trip, in the airport , etc.
Authorized partners/ customers :Business partners, supplier, contractors, customers remotely access product/ partnership system, etc
At home/ Out of office: Employees occasionally out of office or at home
Remote maintenance: IT do remote maintenance or 3rd party technical maintainers do maintenance to internal systems
Remote offices/ selling house/business hall:Remotely access business application systems to carry on business deals, etc.
Expands Business with SSL VPN
Authentication server
Tele -conference
PCs
Application servers
Storage & database
User on the road
At home/ Out of office
Remote maintenance
Remote offices/HBO
Authorized partners/ customers
Secure, Fast, Easy-to-use SSL VPN
Sangfor SSL VPN
Rapidity Usability
Security
Secure SSL VPN access; Ensures the authorized user,
using a secure endpoint via a secure tunnel to access the authorized resource;
Rapid SSL VPN access; Full access optimization to
ensure high-efficient mobile office, thus enhance the productivity.
Ensure the end users’ access experience;
Easy-to-use SSL VPN; Intuitive, low learning curve
for end user; Easy for administration Offer flexibility to meet with
corporation’s future needs.
Comprehensive Security Protection
• Standard encryption algorithm: AES, DES, 3DES, RSA, DH, RC4, MD5, SHA Digest algorithm
• Man-in-the-middle attack detection
• User authentication : Username/Password, LDAP,RADIUS, CA, USB key , Dynamic Token, Hardware ID, SMS
• Host checker• Dedicated SSL VPN
Tunnel • Cache Cleanup• Secure Desktop
• Account binding• “User-Role-Resource”
association• Dynamic privilege
Identification End Point Transmission Authorization
INTERNET
Host Checker
Check security status of host prior to user login, and during the SSL VPN
session
Resource 1
Failed to meet any policy
Meet policy condition 1&2&3
Meet policy condition 2&3
Resource 2
Operating system, registry file, process, personal firewall, anti-virus files, login time, line IP, user IP, user-customized security rules…
Secure desktop
Exit Minimize
Secure Desktop
Default desktop
APP3APP
2OS
OS
APP1
APP3APP
2APP1
APP3APP
2OS
OS
APP1
APP3APP
2APP1
Critical/R&D resource Common office resource
SD creates an isolated workspace to ensure the absolute security of remote
access;
Copy & Paste to local resource
Print Save to local disk
Cached/temp. files
Account Binding
SSL VPN Account A
Application account A
SSL VPN Account B
Application account B
Application account A
2 factorAuthenticati
on
Account binding enables unified
authorization and simplified
administration
APP3APP2OS
OSAPP1 APP3
APP2APP1
Authorized resource
Link
Complete Access Optimization
Time
Resource
Redundant Data
Transmission • High-speed Transfer Protocol
Transmission optimization
• Byte cache• Streaming compression
Data optimization
• Webpage access optimization • Resource load balancer
Resource optimization
• Intelligent link selection Link optimization
Saving telecommunication(3G) traffic and cost;
Enabling a high-efficient SSL VPN access
Access Optimization - Lab Test Result
File size: 10M
Network environment: 2Mbps, 100ms latency, 1% packet loss
Remarkably Easy-to-use SSL VPN
Mobile user Administrator
Cross-platform support;
Remote application;
Single-Sign-On;
Login page customization;
System tray;
…
Hierarchical management;
Virtual secure portal;
Asymmetrical cluster;
Built-in IPSec VPN;
Syslog, SNMP;
…
Easy to use, able to connect to
business any time, any where with any
device;
Easy to manage, able to meet with
organization’s future needs;
C/S applicationsWindows applications
Remote Application
Key strokes, mouse click, …
[Terminal server(s)]
Remote applicationwindows
Remote user with any device
• No need to pre-install C/S application clients to the endpoints;
• Enable accesses to C/S applications, Windows applications on smart phone, tablet, such
as iPad, iPhone, Android devices, etc.
• Fast transmission speed even when accessing with a limited bandwidth;
Users remotely operate on the application servers:
Remote Application – Sangfor EasyConnect
Take the office in your pocket!
Login methods MLogin page MPublished resource MAdministrator M
URL:https://app.mobile.comLogin methods PLogin page PPublished resource PAdministrator P
URL:https://app.partner.com Login methods C
Login page CPublished resource CAdministrator C
URL:https://app.customer.com
Virtual Secure Portal
Visualize SSL VPN into up to 253 virtual SSL VPNs
Partnergroup
Customergroup
Mobile user group
Virtual Secure Portal
Asymmetrical Cluster
M5900-S, 16000 users
M5800-S,5000 users
M5600-S,3800 users 24800 users
Cope with business growth;EXCLUSIVE !A
symm
etrical cluster
Cluster Cloud
Datacenter Hong Kong
Datacenter London
APP1
APP2
云 CAPP1
APP2
APP1
APP2
Cluster cloud meets with deployment requirements when in a multiple
datacenter/ cloud environment;
User AHong Kong
User BLondon
URL:https://app.unified.com
Unified domain name for remote accesses
Centralized configuration for the cluster appliances
Choose the fastest and healthy SSL VPN appliance to access
• Increase remote access speed and accessibility ;
Cluster
M5900-S-I,16000 User
M5800-S-I,5000 User
M5600-S-I,3800 User
M5500-S-I,2600 User
M5400-S-I,1200 User
M5100-S-I,300 User
Asymmetrical cluster
Cluster up to 20 units
Wide Range of Product Model
Best Practice & Solution
Implementation of Sangfor SSL VPN
ADBusiness Resource Internet
3GRemote small office HW ID
Customers
Password
Resource authorization
Virtual secure portal M
Partners
Secure Desktop
SOHO/Remote maintenance SMS
User on the road
SMS
Virtual secure portal P
Virtual secure portal C
Headquarters
• Tunnel encryption • Host checker • Secure desktop• Remote application• Access optimization• …
WLAN PCs
WLAN Security Enhancement
APP3APP2OS
OSAPP1 APP3
APP2APP1
APP3APP2OS
OSAPP1 APP3
APP2APP1
Resource1
Resource 2
Unauthorized users
Guests Internal users
Normally, only user/password authentication is required in an WLAN network;
Once connected, all users almost enjoy
the same access authority due to lack of
authorization measures;
Intruder can easily steal
the data by intercepting
into the WIFI session ;
Case Study
Case Study
2626
Sangfor SSL VPN
Customer The central bank of the People's Republic of China
Play an important role in China's macroeconomic management
Requirements Employees frequently go business trip to local banks in different cities, the mobility requires a secure way for employees to remotely access the office systems, such as OA, email systems of PBC’s
Sangfor
Solution
Users are authenticated with combined USB, SMS measures before accessing the systems; All user names are bind with the hardware code of the employees’ laptops;
Various security protection measures are enabled to guarantee safety before/during/after employees’ remote access;
Apply the acceleration policies to enable fast and efficient remote access;
Sangfor SSL VPN
2008, 2009, 2010 2010, 2011
2008 2009 2010
31.1%
34% 36%
Sangfor Company
29
Sangfor Company
Founded in 2000
― 44 Offices found in major cities of Mainland China,
Malaysia , Hong Kong, Singapore, Thailand ,
Indonesia, Vietnam and UK
― 1000+ employees;
― 15,000 customers;
8 product lines
― IPSec VPN, SSL VPN, Internet Access
Management, WAN Optimization, Application
Delivery , Secure Gateway, Application
Performance Management and Next Generation
Firewall;
Continuously fast growth
― 50–70% annual growth in the past 6 years
Sangfor Overview
CMMI Level 3 authentication for R&D system;
ISO 9001 authentication for Service System;
30
Data Center
Gateway
SSL VPN
ADC
APM
AF
WOC
SSL VPN
IAM
IPSec VPN
AF (Low End)
WOC
IAM
AF
One stop solution to serve for customers
Offering Solution at Three Levels
H QH Q
Branch Office
31
Cloud-Computing Ready
Mobile phone
Pad
Laptop/PC
TV APP3APP2OS
OSAPP1OS
APP3APP2OS
OSAPP1OS
Cloud Endpoint
SC APM
Central management
WANO/VPN
EasyConnAPP3
APP2OS
OSAPP1OS
APP3APP2OS
OSAPP1OS
Visualization
WANO
Optimization
Management
IAM / NGFW
Efficiency
SSL VPN
WAN
Internet
3G/SVAT
Optimization
WANO/AD
Visualization
Prospective Vendor
Deloitte Technology Fast 500 Asia-
Pacific in 2005, 2006, 2007, 2008, 2009,
2010,2011
Mid-sized Enterprise Gold Award from
Standard Chartered Bank
Network Security Manufacturer in Asia
Pacific Award 2009 from Frost &
Sullivan
“Best Company to work for” Award
from Fortune China , 2009
“Best Company to work for” Award
from Fortune China , 2011
Tel: +86-755-8633 6171
Fax: +86-755-8662 7753
Email: [email protected]
4th Floor, Building 2, Financial Base,
No. 8 Kefa Rd, Technology Park, Nanshan District
Shenzhen, Guangdong Province, P. R. China
P. C.: 518052
Thank You