db_bladepack_engl_090714.qxd:db_bladepack_engl.qxd 14.07.2009 9:56 Uhr Seite 2

mGuard

The unique security solution for rack installation

The mGuard blades are available in the performance classes

I mGuard blade / 266

I mGuard blade / 533

The mGuard bladePack is the integrated, all-in-one security solution for installation in 19-inch rack systems. Featuring a redundant power supply and quick and easily integration, it requires neither modifications to the current system settings nor driver installation – regardless of the processor technology and operating system currently being used.

db_bladepack_engl_090714.qxd:db_bladepack_engl.qxd 14.07.2009 9:56 Uhr Seite 3

Unlimited protection

Conventional gateway appliances are generally used to protect entire networks or network segments with a universal security standard. However, a critical company server system often requires a security level that is much higher. And different systems call for various levels of security.

Primary functions mGuard, the “device attached security” solution from Innominate, unites all func tions to reliably protect IP connections:

I VPN (optional) for secure data transmission via open networks

(hardware-based DES, 3DES and

AES encryption, IPsec protocol).

I Configurable firewall protects the system from unauthorized access from „ outside “ . The Stateful Inspection Firewall filters data packets based on the originating and target address, block ing un desired data traffic – also from „ inside “ .

I Integrated anti-virus protection

(optional) supporting the HTTP,

FTP, SMTP and POP3 protocols.

Anti-virus protection takes place out side of the server. Therefore, no incursion into the system takes place – protecting the server while assuring high performance.

I High system availability through the optional fire wall redundancy.

Firewall policies and rules are maintained redun dantly. In the case of an mGuard outfall, they stay automatically available for use.

The mGuard blades enable you to assign each of your critical server systems its own security components – with individual levels of security and specifically configured access rights, not to mention numerous other unique advantages.

Simply incomparable: The integrated, all-in-one security solution

The mGuard bladePack by Innominate is at home in any IT environment, for its compatibility is unparalleled.

Regardless of which server system you use, regardless of which operating system you work with, with this unique “device attached security” solution, you can guarantee the highest security standards. Uniformly and around the clock. In every industrial environment

– from automotive to pharmaceutical – in medical technology areas, at remote maintenance applications and also in your industry.

Maximum data throughput for the VPN and firewall

The Intel processor features hardware-based DES,

3DES and AES en cryp tion. This guarantees maximum data throughput for firewall (up to 99 Mbit/s) and

VPN (up to 70 Mbit/s).

The mGuard bladePack is the convenient solution for individually protecting business critical systems.

These include:

I

I

I

I

I

SAP or Oracle servers

Citrix application servers

OS/2 and Windows server farms

Web hosting servers

UNIX/Linux and MacOS X servers

Virtual addressing in VPN tunnel

Virtual private networks often connect networks in which non-public IP addresses are used. These arbitrary address spaces are often used on a multiple basis. In order to avoid address conflicts, the mGuard offers an address translation feature (1:1 NAT) within the VPN. The components which can be reached via

VPN are each displayed under a different IP address to local devices.

Maximal availability, minimal time and effort

The mGuard bladePack consists of the mGuard blade Base (which can be integrated effortlessly into every 19-inch standard 3 U rack system) and up to

12 mGuard blades. In order to guarantee the highest possible level of availability, the mGuard bladeBase is standard-equipped with a redundant power supply, which is controlled by a monitoring unit. In the case of a problem, alerts are immediately transmitted via

SNMP traps to the administrator. Additionally, every integrated mGuard blade is identified and monitored.

db_bladepack_engl_090714.qxd:db_bladepack_engl.qxd 14.07.2009 9:56 Uhr Seite 4

Up to 12 mGuard blades can be used with each mGuard bladeBase, allowing up to 12 individual server systems to be individually protected. By combining two mGuard blades into a hot standby system, you guarantee maximum protection and availability for up to six server systems. In this case, the mGuard

blades monitor one another reciprocally. In the case of error, the twin mGuard blade takes over the complete range of functions (optional mGuard Redundant

Firewall Option).

Innominate Device Manager

With the Innominate Device Manager (IDM) large populations encompassing se veral thousand mGuard appliances can be efficiently configured and managed. Due to the Innominate mGuard’s templatebased approach, the roll-out of numerous identicallyconfigured appliances can be carried out quickly and conveniently.

At a glance:

I “device attached security” system: independent of the hardware platform and operating system used.

I Redundant Firewall for high system availability

(optional).

I Redundant power supply, monitoring unit and hot standby mode for maximum security and availability.

I Independent reconfiguration of the standby system when blades are exchanged.

I Maximum data throughput using hardware-based encryption for high speed VPN/firewall (optional).

I Virtual addressing (1:1 NAT) in the VPN tunnel avoids address conflicts.

I User firewall regulates access to internal or external resources via user login to the mGuard and central RADIUS server.

I

I

High-capacity anti-virus solution (optional).

Configuration with the Innominate Device Manager

(IDM).

I Hot swapping allows replacement during

operation.

Unassailable with the Innominate

Stealth Mode mGuard systems by Innominate take advantage of a special function – the

Stealth Mode. This allows the systems to perform absolutely transparently, as they do not require their own IP addresses. Instead, the mGuard uses the same IP as the computer it is protecting and there fore cannot be recognized by invaders, making the system unassailable to attack.

db_bladepack_engl_090714.qxd:db_bladepack_engl.qxd 14.07.2009 9:56 Uhr Seite 1

Hardware performance features

CPU

RAM / Flash

1 LAN / 1 WAN port

MAU management

Internet

Internet support

Network Services

DHCP support

DNS cache

Dyn. DNS

NTP client

LLDP (Link Layer Discovery Protocol)

VLAN (802.1Q)

Internet updates

Remote syslog logging

User based configuration profiles

Multi language

Virtual Private Network (optional)

VPN data throughput (3DES)

Max. number of VPN tunnels

Encryption procedure

Hardware-based encryption

IPsec mode

Authentication

Data integrity

Internet Key Exchange (IKE)

IPsec L2TP server

VPN in Stealth Mode

1:1 NAT in the VPN

IPsec NAT Traversal

Dead Peer Detection (RFC 3706)

Dyn. DNS VPN support mGuard blade / 266 mGuard blade / 533

Intel IXP 42x with 266 / 533 MHz

64 MB SDRAM / 16 MB Flash

Ethernet IEEE 802.3 10 / 100 BaseTX,

RJ45, full-duplex, Auto-MDIX

•

PPPoE, PPTP, Static IP, DHCP client, Stealth / Multi-Stealth

Server or relay agent

•

•

•

•

•

•

•

•

German, English and Japanese

266: 35 Mbit/s; 533: 70 Mbit/s

10 or 250

DES, 3DES, AES-128, -192, -256

•

ESP tunnel / ESP transport

X.509v3 certificates with RSA or pre-shared keys (PSK)

MD5, SHA-1

Quick mode, main mode, PFS

•

•

•

•

•

•

System management

Web-based management (HTTPS)

Command line interface (SSH)

SNMP v1, v2, v3

Innominate Security Configuration Manager

Innominate Device Manager

Anti-virus protection*

Integrated scan engine

Scans HTTP, FTP, POP3, SMTP, HTTP proxy

Block by file size

Automated pattern file updates

* For anti-virus software option the use of an 533 MHz appliance is recommended.

Technical overview mGuard blade

Serial interface

Power supply

Operating temperature

Relative humidity

MTBF

Dimensions (W x H x D)

Weight

RS232

Via bladeBase

0 to 40 °C

20 to 90 %, non-condensing

MTBF: 102,3 years;

MIL-HDBK 217F: Gb 25 °C

160 x 100 x 26 mm approx. 200 g

Firewall

Firewall data throughput

User licenses

Stateful Inspection Firewall

NAT, 1:1 NAT

Port forwarding

MAC-Filtering

Firewall rules in VPN connections

IP spoofing protection

Syn flood protection

Configurable DoS protection

Redundant Firewall (VRRP)

•

•

• optional optional optional optional optional optional

The all-in-one system mGuard bladePack

The integrated mGuard bladePack se cu rity solution consists of the mGuard bladeBase with redundant power supply and a monitoring unit. Up to 12 mGuard blades can be integrated into the mGuard bladeBase – for the protection of up to 12 individual server systems.

Maximum security and availability are assu red by combining two mGuard blades into a hot standby system. In the case of error, all functions (including complete configuration) are automat i cally carried out by the standby module.

Technical overview mGuard bladePack

I

I

19-inch rack installation, 3 RU (rack units)

Operation temperature: 0 to 40 °C

I Ambient temperature (transport and storage):

-40 °C to 70 °C

I Relative humidity:

20 to 90 %, non-condensing

I Power supply:

90–264 V AC, 50/60Hz

I

I

Power consumption (fully equipped): approx. 100 W

Conformance: CE

I

I

Dimensions (W x H x D): 483 x 133 x 235 mm

Weight (fully equipped): approx. 13 kg

99 Mbit/s unlimited

•

•

•

•

•

•

•

• optional mGuard Software Options

Innominate mGuard VPN-10

IPSec VPN Gateway, max. 10 VPN tunnels

Innominate mGuard VPN-250

IPSec VPN Gateway, max. 250 VPN tunnels

Innominate mGuard Anti-Virus-50

50 appliances, perpetual license for CLAM AV ™ virus patterns

Innominate mGuard Anti-Virus-200

200 appliances, perpetual license for CLAM AV ™ virus patterns

Innominate mGuard Anti-Virus-1000

1000 appliances, perpetual license for CLAM AV ™ virus patterns

Innominate mGuard Redundant Firewall Option

Requires two mGuard Security Appliances

Innominate mGuard is a registered trademark of Innominate Security Technologies AG. Several national and international patents have been registered or are pending for the mGuard technology. All other trademarks, brands and names are property of the corresponding firms.

Product specifications are subject to change. Errors and omissions excepted. Status 07.2009

Innominate Security Technologies AG · Rudower Chaussee 13 · D-12489 Berlin · Tel. +49(0)30-92 10 28-0 · Fax +49(0)30-92 10 28-020 · www.innominate.com

m