Huawei USG9000V Cloud Integrated Security Gateway Brochure

Huawei USG9000V Cloud Integrated Security Gateway Brochure

Product overview

The Huawei USG9000V cloud integrated security gateway closes the gaps in traditional network security and Operations Administration and Maintenance (OAM) that have been opened by the adoption of cloud computing architecture. Cloud-based services pose higher requirements for automated deployment, performance scalability, and O&M intelligence. The USG9000V enables enterprises to meet those requirements with software implementation deployed on the cloud. This software product is compatible with mainstream cloud platforms throughout the industry.

Cloud computing inherently features distributed architecture and scattered resource distribution. Without a way to perform unified scheduling, enterprises cannot use resources effectively, which causes services to be delayed and performance to deteriorate.

The Huawei USG9000V cloud integrated security gateway addresses these issues by implementing elastic expansion through centralized resource scheduling to optimize resource utilization. With up to 2.5 Tbit/s forwarding capabilities, this software product also provides high-performance, easy-to-manage, and comprehensive virtual network security protection.

The USG9000V offers simple security service deployment, rapid service rollout, flexible capacity expansion, and efficient O&M — thus helping enterprises achieve elastic, reliable, efficient service when using cloud architectures.

Product highlights

Simplifies network deployment with centralized management and high single-NE performance

The Huawei USG9000V helps deal with the characteristics of large-scale data centers: High concurrency, high capacity, and complex application types. These characteristics require that gateways deployed on egresses provide high performance, high availability, and support for high concurrency.

As a software product, the USG9000V avoids the limitations of conventional hardware firewalls, which cannot be deployed along with clouds or load services on demand. The Huawei USG9000V addresses these issues by adapting to the cloud architecture with separate control and forwarding. Based on distributed load-balancing capabilities, the USG9000V supports flexible single-NE scale-out/in and as many as 128 VMs in a cluster, providing overall forwarding performance of 2.5 Tbit/s. Additionally, the USG9000V supports status backup between Service Processing Units (vSPUs) to meet high availability requirements of the enterprise. Through centralized management on the control plane, the USG9000V can manage the configurations of 128 VMs and schedule pool-based resources for the VMs, reducing service management difficulties.

Provides elastic scale-out/in to meet rapid service change requirements and reduce operating costs

The Huawei USG9000V automates management functions to eliminate gaps created by operation in a cloud environment, where it is difficult for network controllers to monitor the status of virtual firewall CPU and session resources in real time. As a result of the difficulty with conventional setups, traffic is unevenly distributed among the virtual firewalls. After service scale-out, controllers of conventional gateways may not be able to properly distribute traffic among multiple virtual firewalls.

By interworking with the Management and Orchestration (MANO) layer, the Huawei USG9000V triggers single-NE elastic scale-out/in when services change, automatically starts or releases VMs, automatically configures services, and evenly distributes traffic. The USG9000V thus satisfies cloud-based service elasticity requirements and effectively reduces operating costs.

Product specifications

Virtual Machine Resource Requirements1
Hypervisor VMware ESXi
Linux KVM
Huawei FusionSphere
vCPU2 Main Processing Unit (vMPU): Four vCPUs
Line Processing Unit (vLPU): Eight vCPUs
Service Processing Units (vSPU): Eight vCPUs
Memory Main Processing Unit (vMPU): 16 GB
Line Processing Unit (vLPU): 16 GB
Service Processing Units (vSPU): 16 GB
Storage Main Processing Unit (vMPU): 100 GB
Line Processing Unit (vLPU): 60 GB
Service Processing Units (vSPU): 60 GB
Number of vNIC Interfaces Main Processing Unit (vMPU): 4
Service Processing Units (vSPU): 4
Line Processing Unit (vLPU): 6
Number of VMs in a Cluster (min./max.) 3/128
Functions
Basic Functions Application Specific Packet Filter (ASPF), access control, state monitoring, address translation, whitelist and blacklist, virtual firewall, security zones, IPv6, etc.
CGN Supports NAT44(4), NAT64, DS-Lite, 6RD, port range allocation, PCP, and static NAT mappings
IPsec VPN Supports basic IPSec functions, PKI (X.509), IKEv1, IKEv2, EAP authentication, and IKEv2 redirection
Routing Supports static routing, RIP, OSPF, BGP, IS-IS, etc.
Anti-DDoS Implements anti-DDoS to defend against more than 10 types of DDoS attacks, such as SYN flood and UDP flood
Reliability Supports dual-MPU switchover, status backup between SPUs, automatic VM state detection, and fault fixing
Platform Compatibility Supports mainstream virtualization platforms, including VMware ESXi, Linux KVM, and Huawei FusionSphere
Software Package Format Supports software packages in .vmdk, .iso, .qcow2, and .ovf formats for simple deployment

1: Virtual Machine Resource Requirements are the requirements for resources provided for deployed VMs. The requirements cover vCPU, memory, disk, and virtual interface resources.

2: vCPU is a logical CPU virtualized from an Intel x86 64-bit CPU that supports VT technology. One core corresponds to two vCPUs.

Product availability

The Huawei USG9000V will be available in Q2 2017.