NFV virtual security resource pool

NFV products under ABT cloud security product line, include Virtual Security Gateway (VSG) and Virtual Application Gateway (VAG), applicable to solving the increasingly serious enterprise virtualization environment security issues. In the scenario that the enterprise services are moving towards cloud environments, ABT NFV products seamlessly fits the cloud computing virtualization environment to provide high scalability, adaptability, and comprehensive security capabilities, meeting the service needs of operators, cloud tenants and other customers in cloud scenarios.

ABT cloud security protection model

In the basic protection model of virtual environment, each host needs to deploy SPOS to providesecurity protection for the traffic in the virtual machine. With the continuous development of SDN and NFV technologies, security protection can no longer be limited to the local, and a wider range of traffic protection can be achieved among virtual machines. ABT provides comprehensive security capabilities and virtualization technologies, and on the basis of the traditional cloud security environment, develop a more powerful security protection model based on SDN architecture, providing higher and more comprehensive security protection capabilities.

NFV products in SPOS over KVM/ESX deployment mode

ABT NFV products support the deployment above KVM or VMware ESX virtual environment. In this mode, there is no need for SPOS to adapt to the hardware and software environment of physical servers, with strong applicability, appearing as a security resource pool. With this NFV deployment model, SPOS can be easily deployed in the server, and forwarded using the physical network card, breaking through the limitation of IPC, so as to achieve the software implementation of security capabilities. The deployment of SPOS in this mode has multiple actual cases in the retail chain industry.

NFV products do not require OVS to redirect the traffic to itself in the mode of the traffic table when SPOS over KVM/ESX is used for deployment, and the VXLAN can be easily used or the gateway mode is configured to introduce the trafficto conduct security filtering or audit as a security service chain. With the ABT security controller, SPOS online or offline can be flexibly scheduled ondemand, so as to achieve the policy issuance and relocation.

ABT NFV products provide the most stable NFV product solutions with the highest performance in the industry. At present, ABT and DT Dream jointly developed a cloud security solution that has been implemented. In the DTcube, SPOS is scheduled ondemand to process security threats, and the results have been the highly recognized by DT Dream and the majority of users

NFV products in SPOS over HOST deployment mode

ABT NFV products support the direct deployment on the server HOST environment. As there is no virtualization layer, the performance of SPOS system in this mode is relatively high. At the moment, ABT NFV products need to be logically linked with OVS, and OVS uses traffic table to redirect the traffic to SPOS through the logical interface. As a result of performance bottlenecks, the installation of NFV on the HOST directly becomes popular gradually in the industry, more and more users require such a solution for deployment, and ABT NFV products can easily deal with the requirements.

Advantages of ABT products

• The solution has a goodapplicability. The NFV products that can be deployed in a variety of modes are compatible with most of the mainstream virtualization platforms.

• The solution has good third-party capability compatibility. It can be integrated with the products of multiple security vendors in the cloud security alliance. The universality is strong.

• The solution is mature and stable. It has the deployment and actual application cases in DT Dream.

• Combined with ABT overall solutions, the product can help users achieve cloud compliance.