At the same time, the information security technology is gradually changing--from the Simple Network Exchange security technology to the more complex network application security direction, which undoubtedly to the information security equipment, especially gateway class security equipment in the processing capacity put forward more and more high requirements.
New technology in demand
The complex application layer security detection and control functions in the network need CPU to deal with, but the traditional hardware platform because of the PCI bus and CPU performance is far from satisfying, in some enterprise user network security equipment not only reduces the protection function, even becomes the network bottleneck. Some specific users (such as ISP operators, gaming websites, securities trading systems, etc.) are forced to opt out of security because they do not have a solution that provides sufficient performance.
Market demand promotes the emergence of new technology--as the next Generation network security technology, multi-core architecture has powerful 64-bit parallel operation and application layer processing capability, not only can the parallel fast processing network data flow, to the application layer detection and fine-grained control ability to give full play.
For the high performance demand of the security gateway, the Hillstone full line products adopt the hardware architecture of 64-bit multi-core processor and high speed switching bus, which not only has a great improvement on the pure security processing capability, but also requires different modules to carry on the multi-level security processing, The data channel between modules is guaranteed to be unobstructed. Multi-core CPU integrates network processor, can support up to 20Gbps of data throughput ability, with 48Gbps internal high speed switch chip, can support multiple modules of multifunction system to the interaction required for data processing. This system also supports hardware acceleration for IPSec, SSL VPN, character matching, TCP, compression, and so on. Hillstone's safe handling operating system Stoneos is a highly parallel, highly scalable, security-hardening operating system. Stoneos can coordinate the cooperation between the modules of the system, and make full use of the processing ability of the hardware platform.
As far as Hillstone is concerned, the industry's use of multi-core security products has greatly improved in performance. Especially for functions that require CPU intervention and cannot be accelerated with other hardware. For example, a firewall has a very important performance indicator is the number of new connections per second, this indicator shows a firewall to deal with the unexpected event, because the traditional technology in the number of new sessions per second is very low, the device is often the instantaneous launch of the internal virus flooding, External attacks and even bursts of traffic are exhausting resources and cannot be answered or even crashed. After the combination of multi-core technology, our products are 5-10 times higher than traditional devices, which owes much to the hardware architecture of multi-core processors and the highly parallel dedicated network security operating system (STONEOS). Notable aspects of performance improvement include packet performance, anti attack performance, Application layer processing performance, VPN processing performance, QoS performance, and so on.
Multi-core technology gives security products unlimited reverie
In fact, not only is the firewall, for other security gateway products, multi-core technology has also greatly helped its performance. Taking UTM as an example, this product is undoubtedly a highly integrated device with security features. The need for CPU processing power is very high, many UTM devices, although with the help of hardware acceleration, while the security features are open, its performance degradation is still very serious, in many cases become unavailable. Multi-core CPU is the solution to the application of safe handling ability. With the advent of multi-core CPU security platform, the performance of UTM can be greatly improved. The market acceptance of UTM will also have a great effect on the promotion.
The emergence of multi-core technology solves many problems that traditional devices can't do: In the Enterprise users we encounter, there is a large number of DNS server visits by a certain telecom user, and the new session of traditional security devices and the low value of the maximum concurrent sessions can not provide security protection, which makes the server exposed to the internet for a long When customers use Hillstone, they find that the SA series firewall based on multi-core 64-bit technology can provide a good security protection for the server cluster and maintain a lower than 30% CPU occupancy rate in the event of an average daily intercept of 43.2 billion attacks.
Traditional UTM equipment with its "all in one" characteristics to attract the majority of users, however, because the underlying architecture of the congenitally deficient, even high-end equipment, in the case of all the features turned on the performance of only about 100M, far from meeting the needs of users network. and multi-core architecture through 64-bit parallel network operating system can easily break through this bottleneck, such as Huizhou College network exports have 2.2G bandwidth, at the same time online 20,000 IP, in the use of Hillstone SA-5050 Security gateway to observe the highest concurrent session reached 1.8 million, At this time, based on a new generation of multi-core technology equipment resource occupancy rate is only about 23%.
For users, the emergence of multi-core platform will greatly improve the network security products cost-effective, especially for users more concerned about the application of security equipment cost-effective. The robust performance of multi-core platforms further facilitates the integration of security features and network features, simplifies user network deployments, and lowers TCO. With the development of multi-core technology and the increasing perfection of multi-core structure, it is only the first step to solve the contradiction between "function diversity and efficiency" of security gateway equipment, and this technology will undoubtedly give more imagination space to the future people in the means of information security prevention.