Today, virtualization is the proven architecture to enhance performance and efficiency of service delivery in cloud computing. In fact, virtualized infrastructures have been implemented for servers in data centers worldwide and the topology is continuing its momentum as it can consolidate hybridized public and private clouds to offer enterprise IT personnel a more agile and flexible way to manage cloud service delivery.
Indeed, virtualization eases the establishment of enterprise cloud due to the use of virtual machines and network connections to abstract and scale computing resources. However, the virtualized architecture may encounter new security challenge which might not emerge in non-virtualized infrastructures, as there have been large-scale organizations under cyber threats.
Why Virtualized Next-Gen Firewall
When businesses rely more and more on virtualization for fast application deployment and workload management, security issues may arise because various workloads and application are associated with different trust levels. Most organizations have implemented arrays of firewalls for the traffic at the “surface” perimeter, but the VM (virtual machine) and the cloud layers are just defended by loose security provisioning. Hackers may thus attempt to attack this aspect with ransomware or data breach that are quickly spread over the data centers.
Therefore, to fully protect the entire cloud infrastructure including the VM traffic and the somewhat open private/public clouds, one of the most practical approaches is to deploy virtualization-oriented next-generation firewalls for various applications. The virtualized firewalls are programmed with security instruction policies towards different trust levels according to applications. In other words, the virtualized firewalls enable dynamic security provisioning over various functional applications (executed by VMs) of the enterprise cloud.
Recommended Appliances for Virtual Firewall
As mentioned, the virtualization-oriented next-generation firewall shall protect all the functional aspects of the cloud infrastructure, including VMs, VNFs, hardware, and network connections. Since clouds are the extended surface for data centers, it is strongly recommended to adopt virtualization-ready next-gen firewalls designed for providing scalable, secure protection across private, public, and hybrid clouds.
The virtual NGFW meet specified technological requirements for the virtualization environment. To optimize the network computing and throughputs in virtualized setting, these appliances features dual processors up to 56 core counts, DDR4 memory and Intel SR-IOV, AES-NI and AVX-512 new instructions to significantly accelerate packet processing efficiency, as well as high-throughput performance up to 100G, versatile/customizable network I/O selections, and Intel DPDK for optimal efficiency.
For crypto acceleration, virtual firewall appliances should be able to integrate hardware-based crypto engine (Intel QuickAssist technology) to accelerate up to 100Gbps cryptography across server, storage and network applications. Enhanced pattern recognition for deep packet inspection by Intel® Hyperscan technology
To ensure 99.9999% uptimes (the six-nine) in virtual environment, high availability, full-redundancy design with redundant power units and cooling fans are critical for the virtual network security appliance. Future-proof design like swappable CPU blades and network I/O modules is also the major consideration in order to adapt to the changing demands of network traffic,
Lanner provides network appliances optimized for virtual next-generation firewall that maximize hardware resource utilization with reduced risk of cyber breach and simplified administration.
High Performance Network Appliance for Network Security and Virtualization
|CPU||2nd Gen Intel® Xeon® Processor Scalable Family (Cascade Lake)|
1U High Performance x86 Network Appliance for Enterprise Firewall, UTM and IPS.
|CPU||Dual Intel® Xeon® E5-2600 v3/v4 series CPU (Haswell/Broadwell-EP)|
|Chipset||Intel C612 series Chipset|