Presentation is loading. Please wait.

Presentation is loading. Please wait.

Sangfor SSL VPN Presentation Sunny Tse Product Manager, International Division.

Similar presentations


Presentation on theme: "Sangfor SSL VPN Presentation Sunny Tse Product Manager, International Division."— Presentation transcript:

1 Sangfor SSL VPN Presentation Sunny Tse Product Manager, International Division

2 Agenda Best Practice & Solution22 Case Study25 Mobility of Today’s Business3 Sangfor Company28 Secure, Fast, Easy-to-use SSL VPN7

3 Access Mobility of Today’s Business

4 SSL VPN Market Growth Improve business productivity by enable mobile and remote office; Include supplier/partner/customer into company’s business process to improve efficiency and productivity (US$MM) Source:Frost & Sullivan

5 Business Becomes More Mobile Authentication server Tele - conference PCs Application servers Storage & database User on the road: Management, Sales, technical profession, researchers on business trip, in the airport, etc. Authorized partners/ customers : Business partners, supplier, contractors, customers remotely access product/ partnership system, etc At home/ Out of office: Employees occasionally out of office or at home Remote maintenance: IT do remote maintenance or 3 rd party technical maintainers do maintenance to internal systems Remote offices/ selling house/business hall: Remotely access business application systems to carry on business deals, etc.

6 Expands Business with SSL VPN Authentication server Tele - conference PCs Application servers Storage & database User on the road At home/ Out of office Remote maintenance Remote offices/HBO Authorized partners/ customers

7 Secure, Fast, Easy-to-use SSL VPN

8 Sangfor SSL VPN Rapidity Usability Security Secure SSL VPN access; Ensures the authorized user, using a secure endpoint via a secure tunnel to access the authorized resource; Rapid SSL VPN access; Full access optimization to ensure high-efficient mobile office, thus enhance the productivity. Ensure the end users’ access experience; Easy-to-use SSL VPN; Intuitive, low learning curve for end user; Easy for administration Offer flexibility to meet with corporation’s future needs.

9 Comprehensive Security Protection Standard encryption algorithm: AES, DES, 3DES, RSA, DH, RC4, MD5, SHA Digest algorithm Man-in-the-middle attack detection User authentication : Username/Password, LDAP,RADIUS, CA, USB key, Dynamic Token, Hardware ID, SMS Host checker Dedicated SSL VPN Tunnel Cache Cleanup Secure Desktop Account binding “User-Role-Resource” association Dynamic privilege Identification End Point TransmissionAuthorization INTERNET

10 Host Checker Check security status of host prior to user login, and during the SSL VPN session Resource 1 Failed to meet any policy Meet policy condition 1&2&3 Meet policy condition 2&3 Resource 2 Operating system, registry file, process, personal firewall, anti-virus files, login time, line IP, user IP, user- customized security rules…

11 Secure desktop ExitMinimize Secure Desktop Default desktop APP 3 APP 2 OSOS OSOS APP 1 APP 3 APP 2 APP 1 APP 3 APP 2 OSOS OSOS APP 1 APP 3 APP 2 APP 1 Critical/R&D resource Common office resource SD creates an isolated workspace to ensure the absolute security of remote access; Copy & Paste to local resource PrintSave to local disk Cached/temp. files

12 Account Binding SSL VPN Account A Application account A SSL VPN Account B Application account B Application account A Account binding enables unified authorization and simplified administration APP3 APP2 OS APP1 APP3 APP2 APP1 Authorized resource

13 Link Complete Access Optimization Time Resource Redundant Data Transmission High-speed Transfer Protocol Transmission optimization Byte cache Streaming compression Data optimization Webpage access optimization Resource load balancer Resource optimization Intelligent link selection Link optimization Saving telecommunication(3G) traffic and cost; Enabling a high-efficient SSL VPN access

14 Access Optimization - Lab Test Result File size: 10M Network environment: 2Mbps, 100ms latency, 1% packet loss

15 Remarkably Easy-to-use SSL VPN Mobile user Administrator Cross-platform support; Remote application; Single-Sign-On; Login page customization; System tray; … Hierarchical management; Virtual secure portal; Asymmetrical cluster; Built-in IPSec VPN; Syslog, SNMP; … Easy to use, able to connect to business any time, any where with any device; Easy to manage, able to meet with organization’s future needs;

16 C/S applications Windows applications Remote Application Key strokes, mouse click, … [Terminal server(s)] Remote application windows Remote user with any device No need to pre-install C/S application clients to the endpoints; Enable accesses to C/S applications, Windows applications on smart phone, tablet, such as iPad, iPhone, Android devices, etc. Fast transmission speed even when accessing with a limited bandwidth; Users remotely operate on the application servers:

17 Remote Application – Sangfor EasyConnect Take the office in your pocket!

18 Login methods M Login page M Published resource M Administrator M URL:https://app.mobile.com Login methods P Login page P Published resource P Administrator P URL:https://app.partner.com Login methods C Login page C Published resource C Administrator C URL:https://app.customer.com Virtual Secure Portal Visualize SSL VPN into up to 253 virtual SSL VPNs Partner group Customer group Mobile user group Virtual Secure Portal

19 Asymmetrical Cluster M5900-S, users M5800-S, 5000 users M5600-S, 3800 users users Cope with business growth; Asymmetrical cluster

20 Cluster Cloud Datacenter Hong Kong Datacenter London APP1 APP2 云C云C APP1 APP2 APP1 APP2 Cluster cloud meets with deployment requirements when in a multiple datacenter/ cloud environment; User A Hong Kong User B London URL:https://app.unified.com Unified domain name for remote accesses Centralized configuration for the cluster appliances Choose the fastest and healthy SSL VPN appliance to access Increase remote access speed and accessibility ; Cluster

21 M5900-S-I, User M5800-S-I, 5000 User M5600-S-I, 3800 User M5500-S-I, 2600 User M5400-S-I, 1200 User M5100-S-I, 300 User Asymmetrical cluster Cluster up to 20 units Wide Range of Product Model

22 Best Practice & Solution

23 Implementation of Sangfor SSL VPN AD Business Resource Internet 3G Remote small office HW ID Customers Password Resource authorization Virtual secure portal M Partners Secure Desktop SOHO/ Remote maintenance SMS User on the road SMS Virtual secure portal P Virtual secure portal C Headquarters Tunnel encryption Host checker Secure desktop Remote application Access optimization … WLAN PCs

24 WLAN Security Enhancement APP3 APP2 OS APP1 APP3 APP2 APP1 APP3 APP2 OS APP1 APP3 APP2 APP1 Resource1 Resource 2 Unauthorized users GuestsInternal users Normally, only user/password authentication is required in an WLAN network; Once connected, all users almost enjoy the same access authority due to lack of authorization measures; Intruder can easily steal the data by intercepting into the WIFI session ;

25 Case Study

26 26 Sangfor SSL VPN Customer The central bank of the People's Republic of China Play an important role in China's macroeconomic management Requirements Employees frequently go business trip to local banks in different cities, the mobility requires a secure way for employees to remotely access the office systems, such as OA, systems of PBC’s Sangfor Solution Users are authenticated with combined USB, SMS measures before accessing the systems; All user names are bind with the hardware code of the employees’ laptops; Various security protection measures are enabled to guarantee safety before/during/after employees’ remote access; Apply the acceleration policies to enable fast and efficient remote access;

27 Sangfor SSL VPN 2008, 2009, , 2011

28 Sangfor Company

29 29 Sangfor Company Founded in 2000 ―44 Offices found in major cities of Mainland China, Malaysia, Hong Kong, Singapore, Thailand, Indonesia, Vietnam and UK ―1000+ employees; ―15,000 customers; 8 product lines ―IPSec VPN, SSL VPN, Internet Access Management, WAN Optimization, Application Delivery, Secure Gateway, Application Performance Management and Next Generation Firewall; Continuously fast growth ―50–70% annual growth in the past 6 years Sangfor Overview CMMI Level 3 authentication for R&D system; ISO 9001 authentication for Service System;

30 30 Data Center Gateway SSL VPN ADC APM AF WOC SSL VPN IAM IPSec VPN AF (Low End) WOC IAM AF One stop solution to serve for customers Offering Solution at Three Levels H Q Branch Office

31 31 Cloud-Computing Ready Mobile phone Pad Laptop/ PC TV APP3 APP2 OS APP1 OS APP3 APP2 OS APP1 OS Cloud Endpoint SCAPM Central management WANO/VPN EasyConn APP3 APP2 OS APP1 OS APP3 APP2 OS APP1 OS Visualization WANO Optimization Management IAM / NGFW Efficiency SSL VPN WAN Internet 3G/SVA T Optimization WANO/AD Visualization

32 Prospective Vendor Deloitte Technology Fast 500 Asia- Pacific in 2005, 2006, 2007, 2008, 2009, 2010,2011 Mid-sized Enterprise Gold Award from Standard Chartered Bank Network Security Manufacturer in Asia Pacific Award 2009 from Frost & Sullivan “Best Company to work for” Award from Fortune China , 2009 “Best Company to work for” Award from Fortune China , 2011

33 Tel: Fax: th Floor, Building 2, Financial Base, No. 8 Kefa Rd, Technology Park, Nanshan District Shenzhen, Guangdong Province, P. R. China P. C.: Thank You


Download ppt "Sangfor SSL VPN Presentation Sunny Tse Product Manager, International Division."

Similar presentations


Ads by Google