The Role of Accton Network Security Appliances in Today's Connected World
 

Nowadays, with increasing demands on data centers, enterprises must find ways to improve IT efficiency and optimize resources, as well as provide agility and scalability for new business models that offer revenue growth. In order to attain these business goals, enterprises are evolving their data center architectures and moving to virtualized environments in the cloud. The biggest challenge in this move to new business computing models is  'security'.  Enterprises must rethink security that fits and how to develop new tools to ensure the goal of this transformation is protected. Network security appliances are the solution that meets this demand.

Research by the Enterprise Strategy Group (ESG) shows that over 50% of cloud data center challenges are in network security (see Figure 1).


Figure 1: The Biggest Data Center Networking Challenges

Network security appliances are dedicated devices for enforcing and managing security functions in an enterprise data center network. Including a number of security functions along with hardware acceleration, network security appliances can protect enterprise networks from viruses, spyware, intruders, and unwanted data traffic, as well as enforce security policies, filter span email, create and manage VPN, provide firewall protection, and manage bandwidth with centralized reporting features. Figure 2 shows common enterprise cloud network attacks.

For enterprise data center networks with a complex structure, implementing a reliable, secure, and centrally managed network is critical for maintaining business continuity. Deploying a range of individual end-point security solutions that prevent threats and attacks is a major issue of management and control in a cloud data center infrastructure. The major network security appliance functions are:

  • Viruses, worms and Trojan horse prevention
  • Spyware, spam prevention
  • Hacker intrusion attack prevention
  • Zero-hour attack prevention
  • Denial of service attack prevention
  • Data interception and theft prevention

 -----------------------, ------7dc3d8384041aContent-Disposition: form-data; name=

Figure 2: Enterprise Cloud Network Attacks

Over the years, Accton has provided the best products and ODM services for network switch, Wi-Fi AP (EAP/OAP), and PON. In line with its mission of Internet solutions provider, Accton is investing in data center network security products in the form of network processors and x86 hardware platforms. The product solutions include hardware platforms, turnkey-kit, and further integration of Accton???powerful feature-rich network switches, Wi-Fi, and PON devices to provide an enterprise and data-center-level total solution.

Figure 3 shows Accton???network security appliance building block. For hardware-platform customers, Accton can provide the system hardware and specific OS, including Kernel, drivers, library, tool-chain, I/O control, and TCP/IP protocol. Accton can also provide a turnkey-kit to customers, which includes firewall, VPN, remote access control, IDS, IPS, content filtering, anti-virus, anti-spam, and integrated UTM package. Customers are able to rapidly customize their own network security appliances, and also their existing enterprise and data center switches, Wi-Fi APs, PON devices. Accton provides complete, diverse, and comprehensive availability of network products.

 

Figure 3: Building Block of Network Security Appliances

The distinguishing features of Accton???network security appliance platforms are:
1) Powerful Packet Processing
Accton network security appliances support multiple CPU families, not only to offer appliance platforms with NP CPUs from Broadcom, Freescale, and Cavium, but also Intel x86 CPU families. Accton has extensive design experience around various CPU families for different functions and performance in networking products.

2)  Rich Network LAN Interface
Accton network security appliances support multiple LAN ports, from 6 to 48 Gigabit Ethernet NIC ports for different applications in cloud data centers, to SOHO or SMB solutions.

3)  Resilient Network Traffic
Accton network security appliances are built with an Ethernet LAN bypass function to achieve high levels of availability for network connectivity. Ethernet ports can be configured to automatically pass the link to the next available appliance to ensure the network is always available. Figure 4 shows the Ethernet LAN bypass for normal mode, where WAN ports connect to Internet routers, and LAN ports to security appliances and switches. Bypass mode will be active when there is a single point of network failure, then WAN ports directly connect to LAN ports so essential business communications can continue. Figure 5 shows the Ethernet LAN bypass active with CPLD and relay control.

 

Figure 4: Ethernet LAN Bypass Normal and Bypass Mode

 


Figure 5: Ethernet LAN Bypass Active with CPLD and Relay Control

4).  Security Virtualization
When a cloud data center needs to be virtualized, Accton network security appliances will support VMware virtualization on their security platforms.

5).  Event Log Storage
Network security appliances are capable of generating security events, including authentication events, audit events, intrusion events, and anti-virus events. These events are usually stored in operating system logs, security logs, or database tables. Therefore, an event log storage device is needed for this application. Accton network security appliances provide SATA HDD and/or with RAID 5/6 for event log local storage.

Conclusion
Enterprise and data center networks are a complex environment of physical and virtual systems, integrated and optimized to deliver timely and trusted information throughout an organization with 'security' being a very important demand. Accton Technology Corporation offers comprehensive, flexible, and robust network security appliances that are specifically tailored for enterprise and next-generation data center requirements.