advertisement
db_bladepack_engl_090714.qxd:db_bladepack_engl.qxd 14.07.2009 9:56 Uhr Seite 2
mGuard
The unique security solution for rack installation
The mGuard blades are available in the performance classes
I mGuard blade / 266
I mGuard blade / 533
The mGuard bladePack is the integrated, all-in-one security solution for installation in 19-inch rack systems. Featuring a redundant power supply and quick and easily integration, it requires neither modifications to the current system settings nor driver installation – regardless of the processor technology and operating system currently being used.
db_bladepack_engl_090714.qxd:db_bladepack_engl.qxd 14.07.2009 9:56 Uhr Seite 3
Unlimited protection
Conventional gateway appliances are generally used to protect entire networks or network segments with a universal security standard. However, a critical company server system often requires a security level that is much higher. And different systems call for various levels of security.
Primary functions mGuard, the “device attached security” solution from Innominate, unites all func tions to reliably protect IP connections:
I VPN (optional) for secure data transmission via open networks
(hardware-based DES, 3DES and
AES encryption, IPsec protocol).
I Configurable firewall protects the system from unauthorized access from „ outside “ . The Stateful Inspection Firewall filters data packets based on the originating and target address, block ing un desired data traffic – also from „ inside “ .
I Integrated anti-virus protection
(optional) supporting the HTTP,
FTP, SMTP and POP3 protocols.
Anti-virus protection takes place out side of the server. Therefore, no incursion into the system takes place – protecting the server while assuring high performance.
I High system availability through the optional fire wall redundancy.
Firewall policies and rules are maintained redun dantly. In the case of an mGuard outfall, they stay automatically available for use.
The mGuard blades enable you to assign each of your critical server systems its own security components – with individual levels of security and specifically configured access rights, not to mention numerous other unique advantages.
Simply incomparable: The integrated, all-in-one security solution
The mGuard bladePack by Innominate is at home in any IT environment, for its compatibility is unparalleled.
Regardless of which server system you use, regardless of which operating system you work with, with this unique “device attached security” solution, you can guarantee the highest security standards. Uniformly and around the clock. In every industrial environment
– from automotive to pharmaceutical – in medical technology areas, at remote maintenance applications and also in your industry.
Maximum data throughput for the VPN and firewall
The Intel processor features hardware-based DES,
3DES and AES en cryp tion. This guarantees maximum data throughput for firewall (up to 99 Mbit/s) and
VPN (up to 70 Mbit/s).
The mGuard bladePack is the convenient solution for individually protecting business critical systems.
These include:
I
I
I
I
I
SAP or Oracle servers
Citrix application servers
OS/2 and Windows server farms
Web hosting servers
UNIX/Linux and MacOS X servers
Virtual addressing in VPN tunnel
Virtual private networks often connect networks in which non-public IP addresses are used. These arbitrary address spaces are often used on a multiple basis. In order to avoid address conflicts, the mGuard offers an address translation feature (1:1 NAT) within the VPN. The components which can be reached via
VPN are each displayed under a different IP address to local devices.
Maximal availability, minimal time and effort
The mGuard bladePack consists of the mGuard blade Base (which can be integrated effortlessly into every 19-inch standard 3 U rack system) and up to
12 mGuard blades. In order to guarantee the highest possible level of availability, the mGuard bladeBase is standard-equipped with a redundant power supply, which is controlled by a monitoring unit. In the case of a problem, alerts are immediately transmitted via
SNMP traps to the administrator. Additionally, every integrated mGuard blade is identified and monitored.
db_bladepack_engl_090714.qxd:db_bladepack_engl.qxd 14.07.2009 9:56 Uhr Seite 4
Up to 12 mGuard blades can be used with each mGuard bladeBase, allowing up to 12 individual server systems to be individually protected. By combining two mGuard blades into a hot standby system, you guarantee maximum protection and availability for up to six server systems. In this case, the mGuard
blades monitor one another reciprocally. In the case of error, the twin mGuard blade takes over the complete range of functions (optional mGuard Redundant
Firewall Option).
Innominate Device Manager
With the Innominate Device Manager (IDM) large populations encompassing se veral thousand mGuard appliances can be efficiently configured and managed. Due to the Innominate mGuard’s templatebased approach, the roll-out of numerous identicallyconfigured appliances can be carried out quickly and conveniently.
At a glance:
I “device attached security” system: independent of the hardware platform and operating system used.
I Redundant Firewall for high system availability
(optional).
I Redundant power supply, monitoring unit and hot standby mode for maximum security and availability.
I Independent reconfiguration of the standby system when blades are exchanged.
I Maximum data throughput using hardware-based encryption for high speed VPN/firewall (optional).
I Virtual addressing (1:1 NAT) in the VPN tunnel avoids address conflicts.
I User firewall regulates access to internal or external resources via user login to the mGuard and central RADIUS server.
I
I
High-capacity anti-virus solution (optional).
Configuration with the Innominate Device Manager
(IDM).
I Hot swapping allows replacement during
operation.
Unassailable with the Innominate
Stealth Mode mGuard systems by Innominate take advantage of a special function – the
Stealth Mode. This allows the systems to perform absolutely transparently, as they do not require their own IP addresses. Instead, the mGuard uses the same IP as the computer it is protecting and there fore cannot be recognized by invaders, making the system unassailable to attack.
db_bladepack_engl_090714.qxd:db_bladepack_engl.qxd 14.07.2009 9:56 Uhr Seite 1
Hardware performance features
CPU
RAM / Flash
1 LAN / 1 WAN port
MAU management
Internet
Internet support
Network Services
DHCP support
DNS cache
Dyn. DNS
NTP client
LLDP (Link Layer Discovery Protocol)
VLAN (802.1Q)
Internet updates
Remote syslog logging
User based configuration profiles
Multi language
Virtual Private Network (optional)
VPN data throughput (3DES)
Max. number of VPN tunnels
Encryption procedure
Hardware-based encryption
IPsec mode
Authentication
Data integrity
Internet Key Exchange (IKE)
IPsec L2TP server
VPN in Stealth Mode
1:1 NAT in the VPN
IPsec NAT Traversal
Dead Peer Detection (RFC 3706)
Dyn. DNS VPN support mGuard blade / 266 mGuard blade / 533
Intel IXP 42x with 266 / 533 MHz
64 MB SDRAM / 16 MB Flash
Ethernet IEEE 802.3 10 / 100 BaseTX,
RJ45, full-duplex, Auto-MDIX
•
PPPoE, PPTP, Static IP, DHCP client, Stealth / Multi-Stealth
Server or relay agent
•
•
•
•
•
•
•
•
German, English and Japanese
266: 35 Mbit/s; 533: 70 Mbit/s
10 or 250
DES, 3DES, AES-128, -192, -256
•
ESP tunnel / ESP transport
X.509v3 certificates with RSA or pre-shared keys (PSK)
MD5, SHA-1
Quick mode, main mode, PFS
•
•
•
•
•
•
System management
Web-based management (HTTPS)
Command line interface (SSH)
SNMP v1, v2, v3
Innominate Security Configuration Manager
Innominate Device Manager
Anti-virus protection*
Integrated scan engine
Scans HTTP, FTP, POP3, SMTP, HTTP proxy
Block by file size
Automated pattern file updates
* For anti-virus software option the use of an 533 MHz appliance is recommended.
Technical overview mGuard blade
Serial interface
Power supply
Operating temperature
Relative humidity
MTBF
Dimensions (W x H x D)
Weight
RS232
Via bladeBase
0 to 40 °C
20 to 90 %, non-condensing
MTBF: 102,3 years;
MIL-HDBK 217F: Gb 25 °C
160 x 100 x 26 mm approx. 200 g
Firewall
Firewall data throughput
User licenses
Stateful Inspection Firewall
NAT, 1:1 NAT
Port forwarding
MAC-Filtering
Firewall rules in VPN connections
IP spoofing protection
Syn flood protection
Configurable DoS protection
Redundant Firewall (VRRP)
•
•
• optional optional optional optional optional optional
The all-in-one system mGuard bladePack
The integrated mGuard bladePack se cu rity solution consists of the mGuard bladeBase with redundant power supply and a monitoring unit. Up to 12 mGuard blades can be integrated into the mGuard bladeBase – for the protection of up to 12 individual server systems.
Maximum security and availability are assu red by combining two mGuard blades into a hot standby system. In the case of error, all functions (including complete configuration) are automat i cally carried out by the standby module.
Technical overview mGuard bladePack
I
I
19-inch rack installation, 3 RU (rack units)
Operation temperature: 0 to 40 °C
I Ambient temperature (transport and storage):
-40 °C to 70 °C
I Relative humidity:
20 to 90 %, non-condensing
I Power supply:
90–264 V AC, 50/60Hz
I
I
Power consumption (fully equipped): approx. 100 W
Conformance: CE
I
I
Dimensions (W x H x D): 483 x 133 x 235 mm
Weight (fully equipped): approx. 13 kg
99 Mbit/s unlimited
•
•
•
•
•
•
•
• optional mGuard Software Options
Innominate mGuard VPN-10
IPSec VPN Gateway, max. 10 VPN tunnels
Innominate mGuard VPN-250
IPSec VPN Gateway, max. 250 VPN tunnels
Innominate mGuard Anti-Virus-50
50 appliances, perpetual license for CLAM AV ™ virus patterns
Innominate mGuard Anti-Virus-200
200 appliances, perpetual license for CLAM AV ™ virus patterns
Innominate mGuard Anti-Virus-1000
1000 appliances, perpetual license for CLAM AV ™ virus patterns
Innominate mGuard Redundant Firewall Option
Requires two mGuard Security Appliances
Innominate mGuard is a registered trademark of Innominate Security Technologies AG. Several national and international patents have been registered or are pending for the mGuard technology. All other trademarks, brands and names are property of the corresponding firms.
Product specifications are subject to change. Errors and omissions excepted. Status 07.2009
Innominate Security Technologies AG · Rudower Chaussee 13 · D-12489 Berlin · Tel. +49(0)30-92 10 28-0 · Fax +49(0)30-92 10 28-020 · www.innominate.com
m
advertisement
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Related manuals
advertisement