InfoNet Bilgi Teknolojileri

Crossbeam ® X80

Safer, simpler networks.

The X80 – Crossbeam’s flagship high-end switch for complete network, mail and Web security. The X80 offers all of the features and benefits of the X-Series, including integrated load balancing and flow sequencing using Crossbeam’s patentpending X-Stream TM technology; multiple bestin- class security engines from companies such as Check Point Software Technologies, ISS, and Trend Micro; and also offers twice the port density and throughput of the X40.

8 GBPS MULTIPLE SECURITY ENGINE PLATFORM

The X80 provides up to 32 Gigabit Ethernet ports or up to 64 Fast Ethernet ports and up to 8 Gbps of full duplex firewall throughput (using Check Point FW-1 NG). The platform is designed from the ground up to offer true, carrier-class high availability (six 9’s) and superior performance while running multiple best-in-class security engines for firewall, accelerated virtual private – networks (VPNs), intrusion detection and prevention, anti-virus and employee Internet content management (URL filtering). The X80 offers companies a safer, simpler solution for network security – resulting in operational and capital efficiencies not achievable with disparate products.

MULTIPLE SECURITY TECHNOLOGIES

These days, using just a perimeter firewall to protect a company’s information security assets is not enough. A more sophisticated, layered defense approach is required. But traditional approaches to building layered defense-in-depth security architectures require multiple disparate devices – an expensive and cumbersome proposition, since each device requires its own maintenance (patches, upgrades), management infrastructure and connectivity. Consider it – configuring the right data flow through the separate security technologies requires an intricate knowledge of routing, tapping and/or port mirroring. Scaling performance means adding load balancers, which adds yet another layer of complexity. All together, every element increases complexity and opens unseen vulnerabilities.

The X80 fundamentally improves the economics of security by integrating defense-in-depth in an easy-to-implement multitechnology security solution. All security technologies are tied together by a sophisticated chassis-based system that removes the need for external switches, load balancers, taps and/or port mirrors. Configuring flow paths through the multiple security technologies is easily handled from a graphical user interface (GUI) that gives the user complete flexibility. This consolidation creates the simplest, most secure and most economical defense model in the industry.

The Crossbeam X80 security services switch is:

• A high-performance, high port-density solution – up to 8 Gbps of fully stateful firewall processing and up to 32 Gigabit/64 Fast Ethernet interfaces

• A flexible platform supporting highly complex, performance-intensive network security configurations through the X-Stream secure flow processing technology

• A multiple security engine platform that delivers high performance for security processing including firewall, VPN, intrusion detection, anti-virus scanning, URL filtering, content filtering and anti-spam defenses

• A member of Crossbeam’s X-Series family, the only complete suite of high availability (HA) security solutions on the market – total redundancy (no single point of failure), multiple levels of failure tolerance (i.e. non-stop operations), complete hot-swappable and serviceable capabilities – and 99.9999 availability The X80 is composed of the following leading-edge components:

Chassis, Backplane, Power Supplies and Fans

• 14-slot carrier-class chassis

• Four passive data backplanes (each with 1.6 Gbps fully switched links)

• Two passive data backplanes (each with 100 Mbps fully switched links)

• Up to four 1200W AC power supplies (only two using around 600W are used to run the entire system) with separate power feeds

• Two fan trays with a total of 15 fans

Network Processing Modules (NPMs)

• NPMs that support full line-speed flow classification and integrate Crossbeam’s patent-pending load balancing algorithm for an even distribution of flows. Flow definitions are fully user configurable.

• Four NPMs in an X80 can be configured to be completely independent, or they can be configured in pairs for active/active or active/standby redundancy.

FOUR VERSIONS OF THE NPM ARE OFFERED

• The NPM 8200 has eight Gigabit Ethernet (SX, LX or Copper) interfaces

• The NPM 8210 has sixteen Fast Ethernet (10/100 Mbps) interfaces

• The NPM 8110 has one Gigabit Ethernet (SX, LX or Copper) interface and eight 10/100 Ethernet interfaces

• The NPM 8100 has two Gigabit Ethernet (SX, LX or Copper) interfaces

Application Processing Modules (APMs)

• APMs that process received flows from the NPM by using best-in-class security engines

• Each APM runs one or more instances of a security engine, and the APMs can be grouped to create load balancing groups for high availability and increased processing performance. Multiple APM groups can be created to design a complete defense-in-depth security model completely housed within a single X80.

APM OPTIONS

• The APM 8200 comes standard with a single P-III 1.26 GHz processor and 512 MB of memory. Additional memory (up to 4 GB) and processor (up to 2) configurations can also be ordered.

• Each APM can be ordered with either an optional hard drive or VPN acceleration engine. The hard drive is recommended for disk-intensive security engines such as IDS and anti-virus, and the VPN acceleration engine is used to accelerate 3DES IPSEC traffic for VPN applications.

Key Benefits

Control Processing Modules (CPMs)

• CPMs manage the system’s vital signs by constantly monitoring all modules for failures and performing the appropriate switch-over activity. The CPMs also provide the user with dedicated management interfaces to connect to management stations and logging servers.

• Two CPMs act as a redundant active/standby pair with RAID-1 mirrored hard drives.

X-Series Operating System (XOS)

XOS is a secure operating system that combines both the power and speed of embedded real-time operating systems with the application flexibility and security of the Linux operating system.

The NPMs run a real-time operating system from VxWorks ™ , the operating system of choice for most high-end networking products. The APMs and CPMs run a hardened Linux kernel and operating system specifically optimized for the X80. This operating system is called Crossbeam Linux and is compatible with most security applications that are compiled for Linux.

Safer, Simpler Networks.

The Crossbeam X80 Security Services Switch reduces security complexity for networking and security managers through:

REDUCED SITE COMPLEXITY

• Consolidation of multiple load balancers, switches and appliances into one security services switch for easier management and lower CapEx and OpEx

• Reduction in the amount of network resources and personnel to manage the security infrastructure – freeing up resources for more critical activities and projects

EASIER CONFIGURATION

• Automatic load balancing – no need for manual inputs

• Automatic fail-over for zero service disruption

• No configuration required to dynamically add resources to a group

SIMPLER MANAGEMENT

• Management of one device versus tens – even hundreds – of devices

• Consolidated point-of-security policy administration resulting in fewer holes for intruders

X80 CHASSIS Technical Specifications

CHARACTERISTICS

Physical and Power Dimensions : 762mmH x 444.5mmW x 444.5mmD (30in. H x 17.5in. W x 17.5in. D) Front and mid-rack mountable, standard 19" racks

Weight : 100 lb. Chassis, 190 lb. fully loaded

Power : 100-240 VAC, 1,000W (rated maximum)

Environment Temperature : 0° - 40°C ( 32° - 104°F ) with Single P-III APMs; 0° - 35°C with Dual P-III APMs

Humidity : 10% - 90% non-condensing

Altitude : 3048 m (10,000 ft.)

Regulatory Compliance Safety : UL 60950, IEC 950 Emissions FCC 47 CFR Part 15 Class A, EN 55022 Class A / EN 55024, VCCI V-3, AS/NZS 3548:1995, CNS 13438 Class A

Status Indicators System status LEDs (Critical/Major/Minor), Module status LEDs, Port status LEDs, Power supply status LEDs

NPM 8100, NPM 8110, NPM 8200, NPM 8210

Interfaces NPM 8100: 2 x 1000BASE-SX/LX full duplex

NPM 8110: 1 x 1000BASE-SX/LX, 8 x 100BASE-T

NPM 8200: 8 x 1000BASE-SX/LX full duplex

NPM 8210: 16 x 100BASE-T

INTERFACE SPECIFICATIONS

Interface Gigabit Ethernet 10/100 Ethernet

Connector Type 1000BASE-SX or LX, 10/100 RJ-45

LC multimode

Maximum Distance 62.5 micron fiber Cat 5 – 100 M – 260 m (853 ft.), (328 ft.) 50 micron fiber – 550 m (1805 ft.) 10 M with LX

APM 8200 — CHARACTERISTICS

Processor, Memory Single and Dual Pentium III 1.26GHz options with 512 MB of memory (up to 4 GB) and Options Optional local hard drive or VPN acceleration engine

CPM 8100 — CHARACTERISTICS

Processor, Memory Pentium III 1GHz with 256 MB memory and hard drive and Storage

Interfaces Logging port: 10/100/1000

Management and HA ports: 2 x 10/100

Modem and console ports: 2 x RS232

INTERFACE SPECIFICATIONS

Interface 10/100/1000 10/100 RS232

Connector Type RJ-45 RJ-45 DB-9

Maximum Distance Cat 5E, Cat 6-100m Cat 5-100m (328 ft.) (328 ft.)

Features

CROSSBEAM’S X-STREAM SECURE FLOW PROCESSING

The X80 platform supports highly complex, performance-intensive network security configurations through the X-Stream secure flow processing technology. X-Stream consists of:

• Intelligent Load Balancing – load balancing from the NPMs to the APMs based on the actual device usage metrics on the APMs. This load balancing capability is the result of Crossbeam’s patent pending flow scheduling technology. Using precise measures on the APMs (including CPU utilization, memory, queue depths, traffic received, etc), the X80 can determine the most efficient distribution of loads across the set of available application resources. This allows users to have the best use of their available processing hardware based on their network traffic flow.

• Serialization – allows security managers to dynamically route flows through the X80 in any conceivable order (e.g. firewall to anti-virus to URL filter to firewall). Flows can be directed by standard IP forwarding (next-hop) rules or with policies on the NPM that classify packets and force flows through specific applications.

• Parallelization – allows for the duplication of flows for passive or sensing applications such as intrusion detection. The X80 high-speed switch fabric duplicates packets of flows at line speed and sends an exact copy of the flow to a passive application such as an IDS sensor. With parallelization, security managers can construct interior and exterior IDS configurations without the complexity or fault probability introduced by taps or port mirrors.

With X-Stream, virtually any configuration that can be constructed with discrete network elements can be implemented, all within the highly available X80 system. This type of unprecedented flexibility gives complete control, even in the most complex security configurations. And the full depth and breadth of defense delivers measurable cost savings given the number of infrastructure components eliminated by the X80 platform.

DATA CENTER- AND CARRIER-CLASS PLATFORM

• Redundant fans, power supplies and redundant passive backplane

• Two (redundant) data switch fabrics and two (redundant) control switch fabrics

• Redundant control processor modules with RAID-1 mirrored hard drives

• Logical interface redundancy (VRRP-based)

• Application availability (load balancing) and dynamic re-route (stateful)

• Dynamic standby application module for M:N sparing

• Full hot-swap and zero-configuration replacements for failed application modules

• Dedicated high availability link between systems

MULTIPLE SECURITY ENGINES RUNNING CONCURRENTLY

• Applications pre-loaded – all licensing purchased separately

• Up-to-date, complete Check Point FireWall-1/VPN-1 VSX and NG features “out of the box” – “Secured by Check Point”-certified

• Internet Security Systems ™ (ISS) RealSecure ® Network

• Enterasys Networks ™ Dragon ™ Sensor Intrusion Detection System

• Trend Micro ™ InterScan ™ VirusWall ™ anti-virus gateway and eManager Anti-Spam / Content Filtering plug-in

• Websense ® Enterprise URL Filtering – OPSEC-certified

• Secure Computing SmartFilter URL Filtering

• F-Secure ® Anti-Virus for Firewalls – OPSEC-certified

• SNORT ™ Intrusion Detection

• Squid Reverse Proxy Cache

• Argus Flow Monitor

PERFORMANCE

• Up to 8 Gbps full-duplex stateful firewall throughput using industry leading Check Point FW-1 ™ firewall

• Multiple applications processed in parallel with no added latency per application

• VPN hardware acceleration card for APM-8200 providing up to 280 Mbps of VPN or SSL traffic-per-module

• QoS rate limiter that allows the user to define a guaranteed rate and a maximum burst rate with 1 kbps granularity

SECURE LINUX-BASED OPERATING SYSTEMS

The APMs use a customhardened version of Linux specifically optimized for secure processing of network flows. However, the Linux base allows for quick and easy support of new applications or unique applications to the customer environment. This allows for complete integration of existing security technologies and the ability to always keep up with the latest state-of-the-art defense techniques.

EASE OF MANAGEMENT

X80 systems are managed over secure standards-based interfaces (SSH and SSL) with multiple levels of access control. Configuration and user policies are managed from a GUI-based management station. Configuration is also fully supported in a complete Command Line Interface (CLI). Applications running on the X80 are managed using their native management tools and can be managed from the same station and over the same interfaces as the X80 system.

• Full GUI and CLI for all configuration and monitoring

• Hot-swappable blades and easy software updating

• Separate, out-of-band management network to prevent hacker attacks

• Wizard-based installation

• SNMP support for secure retrieval of statistics and trap information

• Secure SSH/SSL and HTTPS access to management interfaces

• Full audit trail