June, 2010 Freescaleâ€™s UTM Security Appliance Solutions

TMFreescale, the Freescale logo, AltiVec, C-5, CodeTEST, CodeWarrior, ColdFire, C-Ware, mobileGT, PowerQUICC, StarCore, and Symphony are trademarks of Freescale Semiconductor, Inc., Reg. U.S. Pat. & Tm. Off. BeeKit, BeeStack, CoreNet, the Energy Efficient Solutions logo, Flexis, MXC, Platform in a Package, Processor Expert, QorIQ, QUICC Engine, SMARTMOS, TurboLinkand VortiQa are trademarks of Freescale Semiconductor, Inc. All other product or service names are the property of their respective owners. © 2010 Freescale Semiconductor, Inc.

FTF-NET-F0788

Freescale’s UTM Security Appliance Solutions

June, 2010

Karthik EthirajanNMG Software Products Division

TM

2Freescale, the Freescale logo, AltiVec, C-5, CodeTEST, CodeWarrior, ColdFire, C-Ware, mobileGT, PowerQUICC, StarCore, and Symphony are trademarks of Freescale Semiconductor, Inc., Reg. U.S. Pat. & Tm. Off. BeeKit, BeeStack, CoreNet, the Energy Efficient Solutions logo, Flexis, MXC, Platform in a Package, Processor Expert, QorIQ, QUICC Engine, SMARTMOS, TurboLinkand VortiQa are trademarks of Freescale Semiconductor, Inc. All other product or service names are the property of their respective owners. © 2010 Freescale Semiconductor, Inc.

Agenda

► UTM Market

► UTM Security Appliance Solutions

► Summary

TM


System Integration (Customer and/or SI partner)

UTMAppliance

COTS or Custom H/W (QorIQ Processors)

What is an UTM Appliance?

3rd PartyLinux OS

SMP

Power Architecture™Core

D-Cache I-Cache

L2 Cache

Network Protocols

Firewall

IPSec VPN

IPS

Functions from FSL Functions from Ecosystem Partner/Customer

Diagram Key:

Power Architecture™Core

D-Cache I-Cache

L2 Cache

Anti-x

TM


MALICIOUSHACKERS

ENTERPRISE NETWORK

Email Server

App Server

Web Server

Confidential Data

EDI Server

Other Internal Users

MARKETING SUBNETMarketing Users

Logging Console

Admin Console

FINANCE SUBNET

Finance Users

VortiQa™Software

Trojan Attack

DoS AttacksAccess

Control Lists

HOMEOFFICE

TELECOMMUTER

Confidential Data

BRANCH OFFICE

Policies for individual security domainsPolicies for Individual usersPolicies for user groups

•Allow remote access•Allow access to web server•Deny access to finance server•Deny access to confidential data

Security Domain 1

Security Domain 2

Security Domain 3

Security Domain 4

Internet

UTM-1020

4

MPC8315

UTM

-408

0

UTM-2020

Where is UTM Appliance Deployed?

TM


Security Appliances MarketCY10 $6B TAM, 2.5Mu

Security Appliances

0

500

1,000

1,500

2,000

2,500

3,000

CY05 CY06 CY07 CY08 CY09 CY10 CY11 CY12 CY13 CY14

Units

('00

0s)

$0

$1,000

$2,000

$3,000

$4,000

$5,000

$6,000

$7,000

Reve

nue

($ M

il)

Units Revenue

Region: Worldwide (All), North America, EMEA, Asia Pacific, CALA

Product Type: Integrated Security Appliances and Software, Network-Based IDS/IPSProducts

Source: Infonetics

TM

6Freescale, the Freescale logo, AltiVec, C-5, CodeTEST, CodeWarrior, ColdFire, C-Ware, mobileGT, PowerQUICC, StarCore, and Symphony are trademarks of Freescale Semiconductor, Inc., Reg. U.S. Pat. & Tm. Off. BeeKit, BeeStack, CoreNet, the Energy Efficient Solutions logo, Flexis, MXC, Platform in a Package, Processor Expert, QorIQ, QUICC Engine, SMARTMOS, TurboLinkand VortiQa are trademarks of Freescale Semiconductor, Inc. All other product or service names are the property of their respective owners. © 2010 Freescale Semiconductor, Inc. 6

Freescale QorIQ and VortiQa solutions for: High Growth Security Appliance Market

Small Enterprise/SME► FW Throughput: 1-2 Gbps► VPN tunnels: 2K► FW/IPS sessions: 100K► FW policies: 1k; sessions/s:5K► VPN: 500Mbps; Tunnels/sec: 10► Firewall/IPS: 500Mbps – 1Gbps► Anti Virus: 100 HTTP obj./sec

Datacenter/Carrier► FW throughput: 6 – 10 Gbps► VPN tunnels: 100K► FW/IPS sessions: 1 Million► FW policies: 10k; sessions/s:100K► VPN: 5-10Gbps; Tunnels/sec: 500► Firewall/IPS: 4-8 Gbps► Anti Virus: 2500 HTTP obj./sec

Mid-/High-end Enterprise► FW throughput: 2-5 Gbps► VPN tunnels: 10K► FW/IPS sessions: 250K► FW policies: 5k; sessions/s:15K► VPN: 1-2 Gbps; Tunnels/sec: 50► Firewall/IPS: 1-2 Gbps► Anti Virus: 500 HTTP obj./sec

Small BusinessSmall Enterprise

Mid-endEnterprise

Datacenter/CarrierInfrastructure

High-endEnterprise

SoC w/Crypto

SoC or Multicore w/Crypto

Multicore w/Crypto and RegEx

Multicore w/ Crypto and RegEx

Notes on Performance / Cost Estimates:• Subject to hardware configuration; may vary substantially• All performance numbers are target numbers as estimated to be required for

individual deployments and are estimated with VortiQa software product; subject to interpretation and detailed analysis

PowerQUICC MPC83xxE processor family PowerQUICC MPC85xxE processor family

QorIQ P1 and P2 processor family QorIQ P4, P5 processor family

VortiQa software for enterprise equipment VortiQa software for service provider equipment

OS and BSP – Linux® OS and BSP – Linux and/or LWE

TM


QorIQ P4PRODUCTS:P4080

QorIQ P3PRODUCTSP3041

QorIQ P2PRODUCTS:P2020P2010

QorIQ P1PRODUCTS:P1020P1010P1011

QorIQ P5PRODUCTSP5020P5010

How QorIQ Platforms and VortiQa Products Align

Radio Network Control

Serving Node Router (GSN)

Metro Carrier Edge Router

IMS Controller

Access GatewaySSL, IPSec, Firewall

Converged Media Gateway

Unified ThreatManagement

BasestationWireless MediaGateway

VoIP Carrier-Class Media Gateway

Home MediaHub

NetworkAttached Storage

Integrated Services Router

Service ProviderRouters

NetworkAdmission Control

StorageNetworks

VortiQaSoftware ProductsQorIQ Platforms/Products

TM


UTM Security Appliance Solutions - Focus Markets

► Security appliances► UTM appliances► IPS/IDS appliances► Content security appliances► Routers (secure and VPN)► Secured switches► Business gateways

IMS Controller

NetworkAdmission

Control

Service ProviderRouters

Integrated ServicesRouters

Storage Networks

Unified ThreatManagement

SSL, IPsec, Firewall

TM


Agenda

► UTM Market


► Summary

TM


► QorIQ silicon: P4080, P2020, P2010, P1020

► (+) VortiQa software for enterprise equipment

► (+) EcosystempPartners

► SOLUTION OUTCOME:• Cost optimized: UTM appliance portfolio, from low-

end to high-end, from major ODMs (2-4 Gbps to 20 Gbps)

• Ready to ship: FCC, UL and CE certified• Performance: performance optimized software

END USER PRODUCT

(OEM Branding + Channel + Support)NETWORKING OEM

HARDWARE ODM/CMQorIQ or MPC silicon based H/W Platform

(PCBA + OS and Board support package)

PRODUCTION READY SECURITY SOFTWARE APPLICATION

(Software Platform + Integration with Freescale Silicon + Integration testing + Regression testing

+ Certifications, where applicable)VortiQa Software

Security Appliance Program: Value PropositionProduction-ready BOM and performance optimized fully integrated solutions

TM


UTM Security Appliance Solutions - Portfolio

UTM Appliance

ODM Freescale Processor

Cores Core Frequency

Schedule Features

CAK-1000 Portwell QorIQ™ P2010 1 1 GHz August 2010 Small enterprise value systems; highest performance with lower power in its class

CAK-2000 Portwell QorIQ P2020 2 1 GHz/1.2 GHz

August 2010 Mid enterprise, low power systems

NCP Series3120/5260/7560

Advantech & O2 Security

QorIQ P4080 8 1.5 GHz TBD High-end enterprise or service provider systems

VPX6-187 Curtis Wright

QorIQ P4080 8 1.5 GHz TBD High-end enterprise in Military & Aerospace

GP3SSA 8555

Silicon Turnkey

MPC8555 PowerQUICC III

1 533 MHz Now Small enterprise

GP3SSA8541

Silicon Turnkey

MPC8541 PowerQUICC® III

2 533 MHz Now Small enterprise

SifoWorksG400/G600

O2 Security MPC8540 PowerQUICC III

1 667 MHz/1 GHz

Now Small to mid enterprise

SifoWorksDU100P

O2 Security MPC8572E PowerQUICC® III

2 1.2 GHz Now Mid-enterprise IPS based deployments

► ODM sample boxes are available now► Schematics and Gerber files are available for Freescale prototype of UTM-2020

TM


Freescale UTM Appliance PerformanceWinning performance and system cost

UTM Appliance Firewall IPsec VPN AES32-SHA1

IPsec VPN3DES-SHA1

IPSSW DFA

UTM-8315 (MPC8315, 400 MHz, 1 core)VortiQa software for SOHO/residential gateway

675 Mbps 175 Mbps 174 Mbps N/A

UTM-8377 (MPC8377, 800 MHz, 1 core)VortiQa software for SOHO/residential gateway

1.5 Gbps 658 Mbps 616 Mbps N/A

UTM-1011 (P1011, 533 MHz, 1 core)VortiQa software for enterprise equipment 1.8 Gbps** N/A++ 493 Mbps** 219 Mbps**

UTM-1020 (P1020, 800 MHz, 2 cores)VortiQa software for enterprise equipment 2 Gbps** N/A++ 886 Mbps** 441 Mbps**

UTM-2020 (P2020, 1.2 GHz, 2 cores)VortiQa software for enterprise equipment 4 Gbps 1.3 Gbps 1.3 Gbps 593 Mbps

UTM-4080 (P4080, 1.5 GHz, 8 cores)VortiQa software service provider equipment 20 Gbps* 10 Gbps 10 Gbps N/A

Performance numbers are measured or estimated for big packet size traffic Firewall performance is saturated at line rate*performance estimates based on cycle-accurate model**estimates based on P2020 test data++ data not clooected, similar to 3DES-SHA1

Detailed Freescale VortiQa performance papers and live demos available for customers under NDA

TM


►Freescale prototype design has 5 Gbe ports►Portwell 1U design has 6 GbE ports►2 pair bypass segments►Up to 4 GB DDR3, 64-bit 32 MB flash►1 mini PCIe slot►2 USB 2.0 ports►<30W power consumption

UTM-2020 Offers 4x Performance

TM


UTM-8377 Appliance~$100 BOM

BOM MPC8377E $28.00 LV Power Supply $5.00 16MB Flash $2.25 DDR2 Socket $1.50 GE Ports $2.65 GE Switch $7.00 Debug (RS232) $0.85 SATA Connector $1.00 Mini PCI $1.43 Misc ICs, LED, R,C,L $8.00 PCB $6.00 Assembly $7.00

Total PCBA $70.68 2G DDR2 Memory SO-DIMM $20.00 Power Supply $4.50 Enclosure $4.50

Total $99.68

► BOM Cost is for 25K volume ► BOM does not include SATA Hard disk

36% CostAdvantage over

x86 basedAppliance x86

Power

TM


Agenda

► UTM Market


► Summary

TM


XyzXyzXyz

Customer Engagement ModelFlexible approach to engage partners and customers

FREESCALE PARTNER CUSTOMER

1. Joint marketing and sales calls with partners

2. Deliver security appliances for evaluation and initial product development; customer to use partner for volume manufacture

3. Deliver silicon and silicon roadmap

4. License of hardware schematics and other details

5. License BSP, OS and other enablement software

6. License VortiQa software as a complete suite or applicable modules

1. Joint marketing and sales calls with Freescale

2. Deliver security appliances for evaluation and initial product development

3. Option: COTS hardware delivery and negotiate appropriate terms with the customer

4. Option: Custom hardware delivery and negotiate appropriate terms with the customer

5. Modify BSP, OS according to customer requirements, where applicable

1. Evaluate Freescale silicon

2. Evaluate Freescale VortiQa software

3. Evaluate COTS hardware from partners

4. HW product development: a) COTS hardware from the partner;b) Custom hardware from the partner; c) Own manufactured hardware from

other manufacturer

5. SW product development: a) Port existing software porting to

Freescale silicon;b) License VortiQa software; c) Port other 3rd party software; d) Port open-source software

TM


► Unlock the potential of multicore processors and built-in acceleration engines

► Speed time to market with an integrated networking and security software product line

► Deliver innovative and differentiated services using our solutions-centric approach

Summary

Customer Solutions = QorIQ and PowerQUICC Processors +

VortiQa Software + Ecosystem products and services

TM


For More Information

http://www.freescale.com/VortiQahttp://www.freescale.com/UTM

TM

Documents

June, 2010 Freescaleâ€™s UTM Security Appliance Solutions