Perfect Access Security
- Support multiple authentication methods, including source address authentication, certificate authentication, dual authentication, EAP-AKA authentication, and PSK-based authentication.
- Support multi-standard encryption/decryption algorithms, integrity algorithms, pseudo-random functions and DH Groups, including DES, Triple-DES, AES-CBC, HMAC-SHA-1, HMAC-MD5, HMAC-SHA-2, AES- XCBC-PRF, DH Group 1, DH Group 2, DH Group 5 and DH Group 14, etc.
High Performance/Low Latency
- Employs many technologies including SR-IOV, DPDK and separated control and forwarding to improve performance and reduce latency.
- By using the SR-IOV technology to share one PCI device with multiple VMs, the vSeGW enhances the utilization rate of I/O devices and shortens the network latency. The SR-IOV can work on GE/10GE/40GE interfaces.
- Employs the DPDK technology to enable more powerful system processing.
- Using different paths to separate control plane services (for example, protocol processing and dynamic generation of policy information) and user plane services (for instance data packet filtering, forwarding and processing), making data forwarding more efficient.
- Employs the AES NI technology to use the underlying hardware in order to reduce CPU cycles and improve AES encryption/decryption performance;
- Using QAT sub-card for encryption and decryption, it will not occupy the CPU of server, thus improving the performance of packet encryption and decryption.
- Employs the enhanced VRRP protocol running on the HA path between the active and standby OMPs to ensure the security gateway capable of working in the hot redundant mode.
- To keep the system reliable and away from data blocking, the vSeGW implements data synchronization and backup via multiple HA paths.
- Automatic Deployment: The vSeGW can be deployed on a universal server automatically. When maintenance engineers finish making the vSeGW deployment blueprint, the entire deployment can be done rapidly, flexibly and automatically, which obviously makes the O&M much easier.
- Elastic Scale-In/Out: To enable simplified deployment and management, as well as more efficient resource utilization, the vSeGW enables user-defined Scale-In/Out policies.
- Easy to Integrate: The vSeGW can be easily integrated to different security protection scenarios. Related cloud management centers are responsible for the orchestration and management.