This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>

Se precisar de ajuda, clique aqui:

Anti-DDoS Solution Protects "Online Lifestyle "

28/04/2014 10:30:56

Customer Information

Founded in November 1998, Tencent, Inc. has grown into China's largest and most used Internet service portal. Tencent has been providing value-added Internet, mobile and telecom services, and online advertising under the strategic goal of providing users with "one-stop online lifestyle services". Tencent's leading Internet platforms in China, including social networks, web portals, e-commerce, and multiplayer online games, have profoundly influenced the ways hundreds of millions of Internet users communicate with one another as well as their lifestyles. Tencent's service system covers ten Internet Data Centers (IDCs) in China, with hundreds of millions of users and over 100 million online users. Tencent not only has China's largest Internet community to meet Internet users’ various needs, including communication, information, entertainment, e-commerce, and others, but also maintains rapid and steady growth in various services.

Challenges

Security and performance, neither is dispensable

Tencent takes a global lead in terms of the scale, scope, and number of online-service users, so any network system interruption may cause huge losses to Tencent's online services. Tencent, therefore, has extremely high requirements for service network security and application availability.

In recent years, Tencent's online services have been challenged by widespread and uncurbed Distributed Denial of Service (DDoS) attacks that feature simple attack behaviors but bring serious damage and changeable application-layer protocol (including HTTP, HTTPS, SIP, and DNS) attacks. Traditional security solutions (such as the firewall and IPS) underperformed in protecting Tencent's enormous online services. Online equipment not only failed to support Tencent's system throughput, but also became the bottleneck of system performance, not to mention defending against increasingly serious DDoS attacks. In addition, the equipment could not precisely identify attacks, so enabling the attack defense always caused network performance degradation and adversely affected online services. Therefore, Tencent selected equipment to defend against DDoS attacks with extreme prudence. Based on the features of online services, Tencent was in urgent need of a security solution that achieves high security, performance, scalability, and availability. In addition, the solution must offer low O&M cost, the ability to filter out DDoS attacks of various scales and types to fully protect the large online services, and ensure high-quality network delivery as well as providing better user experience.

High security

The security solution must be able to defend against DDoS attacks of various types, regardless of the traffic attacks or application-layer attacks, to protect all online services from attacks.

High performance

To avoid being the bottleneck of the whole system, the security solution must feature high-performance defense capabilities so that it can deal with the traffic flooding attacks on Tencent's large-scale services. This solution must have defense capabilities to provide at least 10G for small package protection, in order to handle with the small-package traffic challenges brought from emerging services such as network gaming and online multimedia services.

High scalability

The security solution must support flexible performance expansion to vary with service requirement changes, catch up with service mode innovation, and form an architecture required for long-term service development, in order to protect previous investment and reduce total investment cost. In addition, this solution must be able to quickly respond to emergencies, be applicable to complex and changeable network security environments, and cope with unexpected security threats.

High availability

The security solution must ensure reliable service connections,precisely differentiate attack traffic from normal traffic, and accurately identify attacks.In this manner, the DDoS defense does not affect Tencent's service running and both system security and user experience can be ensured.

Low O&M cost

Considering that O&M cost significantly affects Tencent, the security solution must be small-sized, consume low power, minimize occupied equipment room space and consumption with improved performance, and greatly reduce the TCO for deploying multiple nodes in batches. To further reduce O&M cost, products need to be maintained and managed in a centralized manner to meet the centralized management requirement in distributed cross-regional deployment.

Huawei Solution

Huawei's security technology helps Tencent achieve carefree online services

Strict tests in labs and online operation appraisal have demonstrated that Huawei's anti-DDoS solution is one of the best optimal solutions. It achieves the balance between high performance and high security and meets the requirements of high availability and low cost. Huawei's anti-DDoS solution is a professional DDoS defense system, which aims to protect various and key online service systems regardless of how the network security environment changes. It can effectively cope with traditional traffic attacks and application-layer attacks, as well as attacks in the IPv6 and IPv4 hybrid network, providing support for building future-proof, secure, and high-availability online services.

Based on accumulative experience in the security field and understanding in customer's requirements, Huawei provides the anti-DDoS solution with the lead in the security protection capability, performance, scalability, and reliability. In addition, Huawei's professional anti-DDoS research and maintenance team continuously traces and studies the DDoS technology to ensure that Huawei's anti-DDoS solution is advanced enough to cope with changeable security threats.

Tencent has deployed Huawei's anti-DDoS solution in its multiple IDCs to protect the online service system. During application, Huawei's anti-DDoS solution has assisted Tencent to defend against hundreds of attacks and ensure stable and smooth running of the online service system, enhancing the security of the online services.

Multiple benefits of Huawei's anti-DDoS solution support service development

By deploying Huawei's anti-DDoS solution, Tencent not only had the strong ability to protect the online service system and ensure service continuity with economical investment and O&M costs, but also ensured high-quality network application and service delivery, provided optimal user experience, and thereby obtained powerful support for service development.

Enhanced security

Huawei's anti-DDoS solution provides the leading security protection capability, so Tencent achieved enhanced security for its online service system using the solution. Based on the precise and comprehensive seven-layer detection concept that is generated from the analysis of global 26000G traffic samples, Huawei provides the anti-DDoS solution that can defend against hundreds of various attacks, support accurate attack identification, and provide brilliant IPv6 attack defense capability. The intelligent defense engine, developed by Huawei for DDoS defense, can filter out attack traffic by layer using the integrated 7-layer defense algorithm in order to precisely and comprehensively defend against traffic attacks and application-layer attacks. In this manner, Tencent's online services are protected regardless of the DDoS attack severity.

Improved availability

Tencent achieved high stability and reliability for its online service system by deploying Huawei's anti-DDoS solution, so the availability of the online service system was greatly improved. By using the advanced multi-core distributed hardware architecture, Huawei's anti-DDoS solution is able to support the protection of a maximum of 200 Gbit/s per device and respond to attacks within two seconds, so the solution can easily deal with DDoS attacks of various scales and help Tencent quickly recover services when unexpected faults occur. In addition, the solution provides at least 10G for small package protection, so the development of Tencent's emerging services such as network gaming and multimedia services can be protected. Besides, the key components of devices in this solution are backed up and the carrier-class reliability is 99.999%, which bring a solid stability to Tencent's online service system.

Optimized scalability

Tencent achieved on-demand scalability for its online service system with the help of Huawei's anti-DDoS solution, which efficiently assisted Tencent's long-term service system architecture construction and service mode innovation. Huawei's anti-DDoS solution supports expansion up to 10 times that of the current capability, so it can flexibly expand the capacity from 2G to 200G.

Reduced O&M cost

Huawei's anti-DDoS solution is small-sized and consumes low power, so Tencent effectively reduced occupied equipment room space and energy cost using the solution. Especially in large-scale application deployment, more operation costs are reduced. Tencent also implemented centralized management in distributed cross-regional deployment, further reducing O&M cost. The leader of Tencent's DDoS defense team said, "Huawei's anti-DDoS solution provides high security and ensures service continuity and effectiveness, allowing us to concentrate on service operation and innovation. This solution has received high recognition from our security platform department and service department by virtue of its brilliant performance."

0 visualizações

(0 opiniões)

Gostou da história? Dê sua opinião.

0/500

Deixe seu comentário aqui.
Enviar

0  comentários

    Mais conemtários

      Opinião enviada com sucesso

      Enviado com sucesso

      Falha na avaliação

      Falha no envio

      Por favor, deixe seu comentário primeiro.

      Share link to: