Presentation is loading. Please wait.

Presentation is loading. Please wait.

Sangfor SSL VPN Presentation

Similar presentations


Presentation on theme: "Sangfor SSL VPN Presentation"— Presentation transcript:

1 Sangfor SSL VPN Presentation
Sunny Tse Product Manager, International Division

2 Agenda Mobility of Today’s Business 3
Secure, Fast, Easy-to-use SSL VPN 7 Best Practice & Solution 22 Case Study 25 Sangfor Company 28

3 Access Mobility of Today’s Business

4 SSL VPN Market Growth (US$MM) Market growth driven by business needs: business mobility Source: Frost & Sullivan Improve business productivity by enable mobile and remote office; Include supplier/partner/customer into company’s business process to improve efficiency and productivity

5 Business Becomes More Mobile
User on the road: Management, Sales, technical profession, researchers on business trip, in the airport , etc. At home/ Out of office: Employees occasionally out of office or at home Application servers Storage & database Authorized partners/ customers : Business partners, supplier, contractors, customers remotely access product/ partnership system, etc Business mobility: In real-life Remote offices/ selling house/business hall: Remotely access business application systems to carry on business deals, etc. Remote maintenance: IT do remote maintenance or 3rd party technical maintainers do maintenance to internal systems Authentication server Tele - conference PCs

6 Expands Business with SSL VPN
User on the road Application servers Storage & database At home/ Out of office Remote maintenance SSL VPN is to build the secure tunnel/portal for remote access; Authentication server Tele - conference PCs Remote offices/HBO Authorized partners/ customers

7 Secure, Fast, Easy-to-use SSL VPN
Sangfor SSL VPN: security, rapidity, usability

8 Sangfor SSL VPN Security Rapidity Usability Secure SSL VPN access;
Ensures the authorized user, using a secure endpoint via a secure tunnel to access the authorized resource; Rapidity Usability Rapid SSL VPN access; Full access optimization to ensure high-efficient mobile office, thus enhance the productivity. Ensure the end users’ access experience; Easy-to-use SSL VPN; Intuitive, low learning curve for end user; Easy for administration Offer flexibility to meet with corporation’s future needs. Why and How security, rapidity, usability

9 Comprehensive Security Protection
User authentication: Username/Password, LDAP,RADIUS, CA, USB key , Dynamic Token, Hardware ID, SMS Host checker Dedicated SSL VPN Tunnel Cache Cleanup Secure Desktop Standard encryption algorithm: AES, DES, 3DES, RSA, DH, RC4, MD5, SHA Digest algorithm Man-in-the-middle attack detection Account binding “User-Role-Resource” association Dynamic privilege Identification End Point Transmission Authorization Security come along with the whole access process: identification, endpoint, transmission, authentication. Next let we discuss more about the featured Sangfor security technologies INTERNET

10 Host Checker Check security status of host prior to user login, and during the SSL VPN session Operating system, registry file, process, personal firewall, anti-virus files, login time, line IP, user IP, user-customized security rules… Meet policy condition 1&2&3 Resource 1 How to prevent the dangerous endpoint from accessing the intranet? Meet policy condition 2&3 Failed to meet any policy Resource 2

11 Copy & Paste to local resource
Secure Desktop SD creates an isolated workspace to ensure the absolute security of remote access; APP3 APP2 OS APP1 APP3 APP2 OS APP1 Common office resource Critical/R&D resource Default desktop Secure desktop Exit Minimize Once users are connected to SSL VPN,critical business resource, like sales data, customer information,etc may be leaked by end user intentionally or unintentionally. How to prevent the leakage risk? Copy & Paste to local resource Print Save to local disk Cached/temp. files

12 Account Binding Account binding enables unified authorization and simplified administration SSL VPN Account A SSL VPN Account B 2 factor Authentication ID/PW HW ID SMS USB Dynamic Token CA LDAP Radius Application account A Application account A Application account B End users may borrow SSL VPN accounts between each other. i.e. one sales forget his SSL VPN account, and he may ask another one’s SSL VPN account to access VPN and its released resource; The account borrowing problem can easily cause leakage risks, account binding is to solve the problem; APP3 APP2 OS APP1 Authorized resource

13 Complete Access Optimization
Time Intelligent link selection Link optimization Link Transmission High-speed Transfer Protocol Transmission optimization Redundant Data Byte cache Streaming compression Data optimization Sangfor transplant its WAN Optimization technology into SSL VPN to make the SSL VPN much faster than the rest in market; Enabling a high-efficient SSL VPN access Saving telecommunication(3G) traffic and cost; Webpage access optimization Resource load balancer Resource optimization Resource

14 Access Optimization - Lab Test Result
File size: 10M Network environment: 2Mbps, 100ms latency, 1% packet loss Lab test result

15 Remarkably Easy-to-use SSL VPN
Easy to use, able to connect to business any time, any where with any device; Easy to manage, able to meet with organization’s future needs; Mobile user Administrator Cross-platform support; Remote application; Single-Sign-On; Login page customization; System tray; Hierarchical management; Virtual secure portal; Asymmetrical cluster; Built-in IPSec VPN; Syslog, SNMP; Usability to both end user and administrator

16 Remote Application Users remotely operate on the application servers:
C/S applications Windows applications Remote application windows Remote user with any device [Terminal server(s)] Key strokes, mouse click, No need to pre-install C/S application clients to the endpoints; Enable accesses to C/S applications, Windows applications on smart phone, tablet, such as iPad, iPhone, Android devices, etc. Fast transmission speed even when accessing with a limited bandwidth; While the mobile users are at home or on a holiday, they may come across emergency and need to access lotus or other C/S applications, but the personal laptop they brought with them don’t have a software client, then what to do? – remote application. How to access Lotus notes/SAP with the iPad, iPhone and android? – remote application

17 Remote Application – Sangfor EasyConnect
Showcase: Sangfor EasyConnect- remote application for mobile phones,tablet Access business application freely with your smart phones Take the office in your pocket!

18 Virtual Secure Portal Visualize SSL VPN into up to 253 virtual SSL VPNs Customer group Mobile user group Partner group Login methods C Login page C Published resource C Administrator C URL:https://app.customer.com Login methods M Login page M Published resource M Administrator M URL:https://app.mobile.com Login methods P Login page P Published resource P Administrator P URL:https://app.partner.com the virtual secure portal is to visualize one SSL VPN box into multiple SSL VPN boxes. i.e. A organization has three kinds of mobile users: Internal mobile user, partner, customer; these three kinds of user group have different security requirement levels and access needs. For example, the entrance portal/address for customer is almost public, but the internal’s SSL VPN address need to be hidden; you may push a theme like “thank u for ur purchasing” to the customer, but “thank u for ur partnership” to ur partners on the login page… so do u need to deploy three boxes for the three user group? The SSL VPN VSP is to perfectly meet with the requirement of the situation;with the VSP function enabled, different user group can enjoy the independent access URL, login page, published resource, administrator and the login methods, etc. For customer and partners group, u can also choose the hide the IP address of the released resource to prevent security risks. Virtual Secure Portal

19 Exclusive ! Asymmetrical Cluster Asymmetrical cluster 24800 users
M5900-S, 16000 users M5800-S, 5000 users M5600-S, 3800 users 24800 users Protect investment, avoid investment waste Exclusive ! Cope with business growth;

20 Cluster Cloud Cluster cloud meets with deployment requirements when in a multiple datacenter/ cloud environment; Centralized configuration for the cluster appliances Choose the fastest and healthy SSL VPN appliance to access Unified domain name for remote accesses 云C APP1 APP2 Datacenter Hong Kong User A Hong Kong Some customers may have multiple DCs in different regions, for example, one in Hongkong, one in London,the multiple DCs share the same resource. If there is need for mobile access, it is definitely need two boxes deployed in each site to allow the remote users securely access the DC resource. What cluster cloud do is to let the two boxes clustered though they are in different geographical locations; besides, as mobile users may travel to different cities,for example, london worker may travel to hongkong, the cluster cloud will also redirect end users SSL VPN requests to the healthy and fastest SSL VPN appliance to access, insuring the mobile office efficiency and the best access experience to end users Cluster URL:https://app.unified.com APP1 APP2 User B London Datacenter London Increase remote access speed and accessibility;

21 Wide Range of Product Model
Asymmetrical cluster Cluster up to 20 units M5900-S-I, 16000 User M5800-S-I, 5000 User M5600-S-I, 3800 User M5500-S-I, 2600 User M5400-S-I, 1200 User M5100-S-I, 300 User

22 Best Practice & Solution

23 Resource authorization
Implementation of Sangfor SSL VPN Tunnel encryption Host checker Secure desktop Remote application Access optimization User on the road Virtual secure portal M SMS SOHO/ Remote maintenance 3G Headquarters SMS Remote small office Resource authorization HW ID AD Business Resource Internet Virtual secure portal P Put the SSL VPN technologies into real-life operation; Besides the traditional implementation of SSL VPN, the SSL VPN could offer value: WLAN security Partners PCs WLAN Secure Desktop Virtual secure portal C Customers Password

24 WLAN Security Enhancement
Normally, only user/password authentication is required in an WLAN network; Once connected, all users almost enjoy the same access authority due to lack of authorization measures; Intruder can easily steal the data by intercepting into the WIFI session ; APP3 APP2 OS APP1 3 security threats: …; SSL VPN helps to enhance the WLAN security by authentication, tunnel encryption and resource authentication Resource1 APP3 APP2 OS APP1 Unauthorized users Guests Internal users Resource 2

25 Case Study

26 Case Study Customer Requirements Sangfor Solution
Sangfor SSL VPN Customer The central bank of the People's Republic of China Play an important role in China's macroeconomic management Requirements Employees frequently go business trip to local banks in different cities, the mobility requires a secure way for employees to remotely access the office systems, such as OA, systems of PBC’s Sangfor Solution Users are authenticated with combined USB, SMS measures before accessing the systems; All user names are bind with the hardware code of the employees’ laptops; Various security protection measures are enabled to guarantee safety before/during/after employees’ remote access; Apply the acceleration policies to enable fast and efficient remote access; 26 26

27 Sangfor SSL VPN Frost & Sullivan 2011 haven’t be released yet( is expected to be released in April or May) 2010, 2011 2008, 2009, 2010

28 Sangfor Company

29 Sangfor Company Sangfor Overview Founded in 2000 8 product lines
44 Offices found in major cities of Mainland China, Malaysia , Hong Kong, Singapore, Thailand , Indonesia, Vietnam and UK 1000+ employees; 15,000 customers; 8 product lines IPSec VPN, SSL VPN, Internet Access Management, WAN Optimization, Application Delivery , Secure Gateway, Application Performance Management and Next Generation Firewall; Continuously fast growth 50–70% annual growth in the past 6 years CMMI Level 3 authentication for R&D system; ISO 9001 authentication for Service System; 29

30 Offering Solution at Three Levels
SSL VPN ADC APM AF WOC One stop solution to serve for customers SSL VPN Data Center IAM Branch Office IPSec VPN H Q Gateway AF (Low End) IAM WOC AF 30 30

31 Cloud-Computing Ready
Endpoint Cloud Visualization WANO/VPN EasyConn Management IAM / NGFW Efficiency SSL VPN APP3 APP2 OS APP1 TV APP3 APP2 OS APP1 Optimization WANO/AD WAN Laptop/PC Internet WANO Optimization Mobile phone 3G/SVAT APP3 APP2 OS APP1 Visualization Pad SC APM Central management 31 31

32 Prospective Vendor Deloitte Technology Fast 500 Asia-Pacific in 2005, 2006, 2007, 2008, 2009, 2010,2011 Mid-sized Enterprise Gold Award from Standard Chartered Bank Network Security Manufacturer in Asia Pacific Award 2009 from Frost & Sullivan “Best Company to work for” Award from Fortune China, 2009 “Best Company to work for” Award from Fortune China, 2011

33 Thank You 4th Floor, Building 2, Financial Base,
No. 8 Kefa Rd, Technology Park, Nanshan District Shenzhen, Guangdong Province, P. R. China P. C.: Tel: Fax:


Download ppt "Sangfor SSL VPN Presentation"

Similar presentations


Ads by Google