In the field of cloud computing applications, operators have always been a force to be reckoned with. In order to occupy a more advantageous position in the next round of market competition, the operators represented by the telecom enterprises are at the forefront in the cloud computing construction tide. China Mobile, for example, has invested heavily in building the big cloud, and Unicom has released its cloud plan, which is also part of its strategic transformation. This is also evidenced by the launch of the Cloud Computing Center project, which is dominated by telecoms companies around the world.
Operators in the cloud computing gradually exerting force, on the one hand to find a new business growth, on the other hand also met many new challenges. With the rapid popularization of intelligent terminals, mobile interconnection, cloud computing and the development of Internet of things, various operators have introduced various business applications based on IP bearer technology, which has brought many technological innovation and business development opportunities. In this process, the information security risk can be effectively controlled, the operator cloud business of the normal opening of the decisive significance.
In the field of operators and cloud computing has accumulated a lot of experience H3C, and fully aware of the new changes in the demand for the safety of operators, and with the help of the next generation of Internet NGIP solution technology and products, the operator Cloud computing security Construction provides more support and protection.
Virtualization of AB-surface operators Cloud security focus
Operators ' cloud computing is divided into private clouds for internal use, and two parts of the public offering services, and the security needs are different. H3C Safety product line chief Engineer Li Yanbin said that from the perspective of private cloud applications, the security of operator cloud computing is not much different from other industries.
Li Yanbin points out that the most salient feature of cloud network security is to address the security threats of virtualization that are common in cloud computing applications. In H3C's view, the problem is mainly focused on three aspects, the first is for the virtualization software vulnerability attack threat, the serious will cause the server to be unable to use, CVE organization also is releasing some virtualization software loophole, this kind of loophole will become the hacker main direction in the future; second, after the physical server virtualization, How to do access control between virtual machines; In addition, operators of different business units are concentrated in a cloud computing center, different departments of the security policy is not necessarily the same, the data center of the security device to create virtualization requirements, the need to share security equipment must be able to partition, a device virtual into multiple devices, To meet the needs of different users.
In view of the security problem of the operator's private cloud, H3C has a complete set of methods. On the one hand, through the network equipment + firewall + Intrusion defense system to establish a l2-7 layer of defense, to increase the virtual vulnerability of the characteristics of the study to solve the problem of virtualization software security; On the other hand, through the HP/H3C-VEPA protocol, the data flow inside the virtual machine is protected by security devices. To achieve secure access and attack detection for the two-tier exchange traffic between the server's internal VMS. In addition, H3C through the implementation of a full range of End-to-end product virtualization in practical applications, H3C security equipment can not only be a device virtual into n multiple units, can also be based on virtual requirements to achieve n:1 convergence requirements, in the cloud with the network, to form End-to-end virtual channel, To meet the needs of operator Cloud Data Center Security device virtualization.
However, for the network security of the public cloud services provided by the operators, the focus of their consideration is very different. H3C, Deputy Minister of Telecommunications systems, Xu Quan, in the past, operators of cloud computing data centers and Internet companies are similar, in the export end of the firewall and other gateway equipment, so as to maximize the export bandwidth rate. However, in the past one or two years, the operators of public cloud from the business development point of view, began to create more demand for security equipment. When operators provide cloud computing data center services to their users, some customers often need operators to provide value-added services in security. Therefore, the operators need to be the same as computing, storage and so on to achieve resource pooling, so that when the customer needs as a resource for the user.
As a result, the virtualization problem of security equipment becomes the focus of the public cloud security construction of the operators. At this time H3C security device virtualization advantages can be further reflected. H3C Safety product line chief Engineer Li Yanbin introduced to, at present, multi-instance configuration of key features has been h3c in the aspect of security device virtualization, such as NAT multiple instances of firewalls, support of independent security domain partitioning and policy configuration, implementation of virtual equipment resource partitioning, such as the maximum virtual service (real service) of load balancing devices, etc. , each virtual device has independent administrator rights, can monitor, adjust the configuration implementation of the policy at any time, and multiple virtual device administrators operate concurrently.
At the same time, Li Yanbin also pointed out that the operators of the public cloud on the performance of security devices also have higher requirements. As a customer-oriented service, the public cloud is more stringent than the private cloud on the capacity of the security device, and the scalability is better, when customers demand, can be very fast to improve system performance. To this, h3c through the security IRF technology easily realizes the system expansion, the highest can fictitious out 1280G high-performance equipment, can satisfy the future in the cloud computing environment 40G and the 100G Ethernet standard performance processing request, thus solves the operator cloud service the worry.
Operator safety Market H3C exerting force
As operators pay more and more attention to safety problems, the choice of safety equipment is more and more valued by operators. It is understood that in recent years, operators have increased the strength of the collection of security equipment, not only highly concerned about the response of security vendors and service capabilities, its products and the cost of the program also put forward higher requirements, operators of safety equipment market has ushered in a new round of shuffling process.
H3C, Deputy Minister of Telecommunications systems Xu Quan said that in recent years H3C security equipment into the operator market, achieved a very outstanding results, especially high-end security products, performance, price, service and other aspects have a leading edge. In the operator collection, H3C firewall/vpn/lb has two consecutive years of shipments first, super million trillion firewall for four consecutive years to become China Telecom, China Mobile Group's core short list supplier. At present, the H3C security equipment has been widely used in China Mobile, China Telecom, Unicom and radio and television companies at all levels. In the field of cloud computing, cloud security or network security reinforcement projects, such as private cloud of Sichuan Telecom, Jiangxi Telecom Cloud computing, Hainan Mobile IDC, etc., have become the model of cloud security in H3C. In addition, H3C also with China Telecom, China Mobile and Unicom actively cooperate to help carry out cloud computing, cloud security related norms, and telecommunications integration to carry out deep cooperation, the operator cloud security in the field of the most important manufacturers.
This, Li Yanbin says, is inextricably linked to H3C's long-term commitment to security. As the leading enterprise in the field of network security and application security, H3C from the focus on routers, switch security features and implementation, to build a l2-7 layer of integrated Defense firewall, IPS products, to the integration of the campus network, WAN and data Center security integrated Solutions, H3C has been committed to network security integration research and technological innovation. So it is not surprising that such a result has been achieved.
At the same time, he also stressed that in the cloud security era H3C will still grasp the trend of information security technology, research and development based on the world's leading information security products, to provide operators with tailor-made network security solutions and perfect service. Next H3C will also address the needs of operators, the release of 20G security card, million trillion IPs and other new products, further help operators to solve security problems.
Carrier Cloud computing will continue to accelerate the pace of security requirements will be more urgent. Xu Plenary said that for H3C, the future operators cloud security market, will still be a vast world.