PowerStation Product Presentation

2

Outline

HGiga Power Family Series Award & Certification Essential Functionalities Platform Specifications Summary

3

HGiga Power Family Products

4

PowerStation Product Positioning

Bandwidth Management

Product RoleFirewall & Access Authentication

WAN Load Balancer

5

Who would choose PowerStation ?

Companies that want to use multiple WAN links effectively Companies that plan to use multiple inexpensive

broadband links to replace expensive lease lines Companies whose business depends on stable and highly

available Internet connection Companies that want to manage their bandwidth and

maintain quality of service of their applications Companies that want to have an integrated edge

appliance as their gateway to reduce the total cost of ownership.

6

Awards & Honors #1 Security Solution Provider in

Taiwan that received CMMI ® Maturity Level 3

#1 Security Solution Provider in Taiwan whose firewall product received ICSA Labs Corporate Firewall 4.1a. Certification.

7

Essential Functionalities

WAN Load Balance Outbound LB Outbound Failover Inbound LB Inbound Failover Healthy Link

Detection

QoS Management Connection Policy Host Policy P2P QoS Policy Traffic Analysis /

Report

VPN Solutions Remote Access

(PPTP/L2TP) VPN Load Balance

WLAN Access Control User-Level Auth Service Level

Agreement (SLA) External Auth Source

( AD,LDAP,POP3, SMTP,RADIUS )

Server Load Balance Single-Port App Server Health Monitor Multiple SLB

Algorithms

L7-App Filtering Blocking P2P

(BT, eDonkey, Kazaa) Blocking IM

(MSN, Yahoo, AOL, GTalk, QQ)

8

Network Architecture Overview

9

Outbound Load Balance

Outbound LB Outbound LB The healthy status of each

Internet connection is being

closely monitored, such as

response time, upstream /

downstream traffic rate and the

link utilization. The outbound

traffic is redirected via the

available best route(s).

Enterprises benefit with more

bandwidth at a lower cost.

10

Redundant Link Failover

Link Failover Link Failover The availability and connectivity

of each Internet connections is

monitored constantly. Once a

link fails, the traffic is redirected

via the next available link. Thus

the enterprises never worry

about the unexpected

interruption of their business.

11

Inbound Load Balance

Inbound LB Inbound LB [Inbound LB] is achieved via the

help of Domain Name System

(DNS). When an external user

would like to access a public

server (service), the best routing

path is calculated and the

resolved IP address is replied

back to the user.

12

Inbound Fault Tolerance

IB Failover IB Failover The DNS entries are constantly

modified based on the status of

each internet connection. It

ensures a non-interruptive,

guaranteed Internet service by

resolving DNS requests to a

functional IP address.

13

Sophisticated Healthy Link Detection

Link Monitor Link Monitor

The two detection

mechanisms are employed

to ensure the availability of

Internet connections. [Path

Traverse] monitors nearby

consecutive nodes of an

outgoing path. [Multi-Node

Probing] simulates user

behavior by constantly

accessing well-know public

servers.

14

Complete Link Quality Report (1/4)

Round Trip Time (Link Quality) Upstream/Downstream (Bandwidth)

Link MRTG

15

Complete Link Quality Report (2/4)

Link Status ReportLink Congestion Report

Link Error Report

16

Complete Link Quality Report (3/4)

Link Reliability

Health Count

17

Complete Link Quality Report (4/4)

Top N Hosts

18

VPN Load Balance (Tunnel Routing, Bonding)

Tunnel RoutingTunnel RoutingNot only Inbound/Outbound

Load Balance is achieved,

enterprise VPN also benefits

from [VPN Aggregation] by

combining bandwidth of multiple

Internet connections. Also link

failover is guaranteed by

redirecting VPN traffic over any

existing functional Internet

connections.

• As the VPN gateway

•Load balance VPN traffic

19

P2P/IM Blocking

Block P2P/IM. Block P2P/IM. IM/P2P brings new

challenges to network

administrators in terms of

network security and

bandwidth abuse. With the

help of new [L7-App Filter],

commonly-seen IM/P2P

software can be easily

blocked and network

administrators are relieved

from burden.

20

L7 Content Filtering: Supported Protocols P2P IM Web Mail Web IM Tunnel

BitComet / BT MSN AIM Mail Web Messenger

TeamViwer

eMue Yahoo Microsoft Hotmail

meebo

Kazaa AIM Yahoo Mail eBuddy

Foxy (GNUTELLA) Gtalk Gmail imhaha

WinMX QQ Gmail-SSL ILoveIM

Xunlei Mail2000 MSN2Go

BearShare Hinet Xuite KOOLIM

21

QoS Bandwidth Management

QoS Management. QoS Management. Bandwidth is never enough if no

proper management policy is defined.

[Smart QoS] is aimed to ensure the

quality of important application

services.

22

QoS Bandwidth Management

Source Destination Service Bandwidth Limit

192.168.0.0/16 ALL ALL Tx: 350

Rx: 150

192.168.0.0/16

Tx: 350Rx: 150

Tx: 350Rx: 150

Tx: 350Rx: 150

Tx: 350Rx: 150

Search every host and apply QoS limit

Dynamic TrackingDynamic TrackingThe experience tells us that 80%

of the available is abused by

only 20% of total

users/applications. Also, the

bandwidth abusers frequently

change the IP as well as MAC

address to avoid from being

tracked, which causes quite a lot

of administrative burden.

PowerStation monitors and

searches for every alive host on

the controller network and

applies QoS limit accordingly.

23

Traffic Analysis / Report

Traffic AnalysisTraffic Analysis Bandwidth management is

less effective if no proper

traffic analysis is provided.

Detailed analysis and traffic

chart are offered for problem

isolation and decision-making.

24

Traffic Report (1/5)

List the bandwidth limit for hosts and the real time traffic chart of each.

25

Traffic Report (2/5) List Top N hosts/services, in the forms of pie and line charts.

26

Traffic Report (3/5) List the traffic and connection information of every monitored host.

# of connectionsReport and Charts

Total Transferred Real-Time Speed

27

Traffic Report (4/5)

Real-Time Traffic

Host MRTG

28

Traffic Report (5/5)

Real Time ConnectionsQoS Connections

2929

Historical Traffic Analysis

Network Traffic AnalysisNetwork Traffic Analysis PowerLog is traffic analysis system that

continuously monitors the behavior of

every network node and presents the

analyzed data in a systematic way. Also,

a supplicated query engine is available

for customizing your own reports and

charts.

30

WLAN Access Control (DAC)

Access ControlAccess ControlWLAN bring security breaches into

enterprise network. Without proper

protection, invaluable cooperate

information is prone to theft by

malicious WLAN users. DAC [Data

Access Control] protects the wireless

network by providing authentication

and authorization. Only authorized

user is granted the proper access

right.

31

Building 1PowerDAC-MGMT

PowerDAC-AG

3. AUTH REQ

5. AUTH REP

4. Proxy-AUTH2. Login　

Account System

Building 2

PowerDAC-AG

Centralized Mgmt Architecture (Access Gateway + Controller + FAT AP)

Advantages again Thin AP: Choose any preferred access point venders, no

historical burden. Choose the latest, the most powerful, the most

suitable access point models. Due to market competition, deployment of

massive quantity of access points can be very affordable (an indoor AP is about 50~80 USD)

Indoor AP Indoor AP

Indoor AP Indoor AP

32

Tight-Integration with Enterprise Account

POP3 SMTP RADIUS Microsoft Active Directory

LDAP

Account MGMT. Account MGMT. DAC provides seamless account

integration with existing account

servers. The account profile does not

need to reside on the DAC. The

existing enterprise servers can serve

as the external authentication sources,

such as commonly-seen POP3/SMTP

servers, RADIUS, MS AD and LDAP

servers. For system administrators, the

deployment of DAC is really a piece of

pie.

33

Mobile VPN

Provide secure remote access for mobile users. Windows has built-in support for PPTP/L2TP, no license and

client software is required.

34

Server Load Balance

Server LBServer LB A cluster of servers is easily

grouped by Server LB. Server LB

offers availability and scalability to

almost any existing Internet

services. Any backend server can

join and leave the cluster group

based on the customer’s need.

Any server malfunction could no

longer bring the critical application

offline.

35

Hardware Failover

High AvailabilityHigh Availability Mission-Critical application

requires 7x24 availability. Two

appliances is clustered in

Active/Passive configuration.

The active appliance responds

to all connection requests As

soon as the active appliance

fails, the passive appliance

takes over the job to ensure

non-interruption of service.

36

Hardware Specification (1/2)

Platform2050 3400 4220 4440

10 ／ 100 Base-TX 5 X 2 4

10 ／ 100 ／ 1000 Base-TX X 4 2 4

Physical WAN Links 4 3 3 7

Throughput (Mbps) 250 400 450 800

Concurrent session64000 128,000 256,000 280,000

Target Customer (person) 40~80 100~500 200~500 500~1000

Customer Scale SOHO, SmallSmall,

MediumSmall,

MediumMedium,

Large

37

Hardware Specification (2/2)

Platform 5620 9000 9200

10 ／ 100 Base-TX 2 1 X

10 ／ 100 ／ 1000 Base-TX 610

(copper x 8, SFP x 2)

24 A: copper x 24B: copper x 16 , SFP x 8)

Physical WAN Links 7 11 23

Throughput (Gbps) 2.8 3.2 4.8

Concurrent session 500,000 2,000,000 3,000,000

Target Customer (person) 3000~6000 3000~6000 6000~20000

Customer Scale LargeLarge,Carrier

Large, Carrier

38

Summary

HGiga Power Family features Awards and Certifications Modular Functionality Highly Reliable Superb Customer Feedback Intuitive Mgmt Interface Integrated Total Solutions

Your Security, Our Mission

39

Platform Hardware Specifications

40

Platform Hardware Specification (1/3)

Model 2050 3400

CPU VIA C3 1.5 GHz Intel Celeron M

RAM512 MB (DDR2 400/533MHz)

512 MB (DDR 400/333/266)

Chipset VIA CN700 + VT8237R+ Intel 852GM + ICH4

LAN Chip Realtek RTL8100C Intel 82540EM

10/100/1000 LAN None 4

10/100 LAN 5 None

LAN Bypass None None

Serial 1 (DB9, Rear) 1(RJ45, Front)

Power 60W Power Adaptor 200W AT Power Supply

Form Factor 1U 1U

Dimension 178 x 250 x 44 mm 426 x 365 x 43.5 mm

Certification CE/FCC CE/FCC

Net Weight 1.5 kg 8kg

2050│3400

41

Platform Hardware Specification (2/3)

4220│4440

Model 4220 4440

CPU Intel Pentium 4 Intel Pentium 4

RAM 512 MB (DDR 333/266) 512 MB (DDR 333/266)

Chipset Intel 845GV + ICH4 Intel 845GV + ICH4

LAN Chip Intel 82540EM/82551QM Intel 82540EM/82551QM

10/100/1000 LAN 2 4

10/100 LAN 2 4

LAN BypassFE LAN Bypass

(One Pair)FE LAN Bypass

(One Pair)

Serial 2 (DB9, Front/Rear) 2 (DB9, Front/Rear)

Power 250W ATX Power Supply 250W ATX Power Supply

Form Factor 1U 1U

Dimension 426 x 379 x 43.5 mm 426 x 379 x 43.5 mm

Certification CE/FCC CE/FCC

Net Weight 10kg 10kg

42

Platform Hardware Specification (3/3)

Model 5620 9000 9200

CPU Intel Core 2 Duo Intel Dual XEON EM64T Intel Dual Quad-Core 

RAM 1G (DDR 667)2GB (DDRII 400, ECC &

Registered)2GB (DDR2 533/667 Fully-

buffered DIMM)

Chipset Intel 945G + ICH7R Intel E7520 + 6300ESB Intel® 5000P + Intel® ESB2

LAN Chip Intel 82551ER/82573 Intel 82546GB Intel® 82571EB, 82546GB

10/100/1000 LAN 6 10 (Copper x 8, SFP x 2)A: Copper x 24

B: Copper x 16 + SFP x 8

10/100 LAN 2 1 0

LAN BypassGbE LAN Bypass

(3 Pairs)GbE LAN Bypass

GbE LAN Bypass (Max. 12 Pairs)

Serial 1 (DB9, Front) 1 (RJ45, Front) 1 (RJ45, Front)

Power250W ATX Power

Supply460W ATX Power Supply x 2

(Redundant)460W 1+1 ATX Redundant

Power Supply

Form Factor 1U 2U 2U

Dimension 430 x 380 x 44 mm 424 x 530 x 88 mm 424 x 600 x 88 mm

Certification CE/FCC CE/FCC CE/FCC

Net Weight 8kg 18kg 25 kg

5260 | 9000│9200

43

Q & A

Please visit us at www.secureone.com.my

44

Thank you

Please visit us at www.secureone.com.my