huawei svn2000 and svn5000 presales specialist · pdf filehuawei svn2000 and svn5000 presales...
Post on 13-Mar-2018
237 Views
Preview:
TRANSCRIPT
2014年3月12日星期三
Version: V1.1(20140311)
HUAWEI SVN2000 and SVN5000
Presales Specialist Training
2
Contents Click to add Title 1 Huawei and Enterprise Overview
Click to add Title 5 Success Stories
Click to add Title 3 Product Highlights
Click to add Title 4 Competition Analysis
Click to add Title 6 Ordering Guide
Click to add Title 7 How to Get Resources
Click to add Title 2 Market Overview and Positioning
3
5
15
Sustainable Growth
Huawei Technologies releases an annual report with consolidated financial statements
audited by KPMG. — From Huawei annual report audited by KPMG
Sales revenue (billion USD)
0
10
20
25
30
35
Who is Huawei?
Leading global ICT solutions
provider
Rank 315th on the 2013 Global
Fortune 500
Customer-centric culture
World-class management,
process, and practice
2009
21.5
2010
27.6
2011
32.4
2012
35.4
2013(Unaudited)
39.5
40
4
Worldwide Expertise
16 R&D Centers
170+ Countries
14 Regional HQs
28 Joint Innovation Centers
150,000 Employees Worldwide
45 Training Centers
5
Unprecedented Reach through Innovative Technologies
Enable 3.5 billion end users
6
Continuous Investment in Innovation
USD $5.45 billion in 2013
USD $25.4 billion over 10 years (from 2004 to 2013)
70,000 R&D employees
16 R&D centers
R&D investment Standards and patents
Continuous increase in percentage of R&D
investment to total sales revenue
Membership in 170+ international
standards organizations such as IEEE,
IETF, DMTF, Continua, and HL7
180+ positions in international standards
organizations
5,000 standards proposals in 2013 Standards
44,168 patent applications in China; 14,555
PCT patent applications and 18,791 patent
applications outside of China.
36,511 patent applications granted (by
December 31, 2013) Patents
0
5%
10%
15%
14% 9.7% 9.7% 11.6%
2013 2009 2010 2011
13.7%
2012
7
Industry-Recognized Innovation Awards
Corporate Use of Innovation Award
The Economist
Excellence in
Standards Development Award
CE12800 series DC switches won
the Best of Show Award in the Data
Center and Storage Category
Interop
Top 5 most innovative companies
in the world
Fast Company
Best LTE Commercial Performance
Award,
Best Contribution to LTE R&D Award
Informa
HVS high-end storage and IVS won
the Red Dot Design Award
WLAN AP products won the IF Industrial
Design Award
Red Dot & IF
IEEE
8
ICT Penetration Globalizes Huawei
Enlightenment
(1993-1997)
Centralization
(1998-2002)
Internationalization
(2003-2008)
Globalization
(2009-…)
Worldwide network, regional data centers, global IT support, IT security, VPN, VOIP
Cloud computing, unified communications, global telepresence, BYOD
Nationwide backbone network, enterprise-class data center
Nationwide DDN WAN, OA
9
Contents
2 Market Overview and Positioning
Click to add Title 5 Success Stories
Click to add Title 3 Product Highlights
Click to add Title 4 Competition Analysis
Click to add Title 6 Ordering Guide
Click to add Title 7
Click to add Title 1 Huawei and Enterprise Overview
How to Get Resources
10 Global SSL VPN market share in 2010 (M$) SSL VPN market share in China in 2011
Expected global VPN market in 2013 Global SSL VPN market participant in 2011
Market Overview
11
Product Overview
SVN2000 SVN5000
Product Category Application Scenario
SVN2230 Low-end and
middle-range
Less than or equal to 1000
concurrent users
SVN2260 Low-end and
middle-range
Less than or equal to 2500
concurrent users
Product Category Application Scenario
SVN5530 High-end and middle-
range
Less than or equal to 12,000
concurrent users
SVN5560 High-end and middle-
range
Less than or equal to 20,000
concurrent users
The SVN series provides security solutions, such as remote access, mobile working,
branch office interconnection, cloud access, and access through multimedia tunnels for
enterprises, governments, and carriers.
12
SVN2000 Series
SVN2230 or SVN2260
Huawei-priority Versatile Routing
Platform (VRP)
• Uses the embedded real time operating
system (OS) to avoid system vulnerabilities on
other versatile platforms, such as the x86
platform.
• Provides industry-leading network features to
integrate application-layer access protocols.
• Optimizes the cooperation between modules
for service continuity and stability.
Model SVN2230 SVN2260
Performance
Maximum number of concurrent users 1000 2500
Maximum number of new SSL
connections per second 300 500
Maximum number of virtual gateways 64 64
Maximum number of concurrent IPSec
VPN users 1000 2500
Maximum number of virtual firewalls 10 10
Interfaces
Fixed interfaces 4 x GE (RJ45) + 2 x GE
(combo) + 2 x USB
13
SVN5000 Series
SVN5530 or SVN5560
Embedded with the
encryption card
Carrier-class multi-core hardware platform
Redundancy and hot swap of key
components
Dual power supply
Seven automatic speed control fans
Adaptability to harsh environments
Dual-system hot backup
Service continuity and high availability
Model SVN5530 SVN5560
Performance
Maximum number of concurrent users 12000 12000
Maximum number of new SSL
connections per second 3000 5000
Maximum number of virtual gateways 256 256
Maximum number of concurrent IPSec
VPN users 12000 20000
Maximum number of virtual firewalls 10 10
Interfaces
Fixed interfaces
4 x GE (RJ45) + 4 x GE
(combo) + 1 x GE
management interface + 2
x USB
14
IDC
DMZ
Branch
Internet
App1
------
OS1
App1
------
OS1
App1
------
OS1
SVN
Office
Remote Access
Main Scenario of the SVN
Customers
Government Financial Factory Energy SMB
Remote security access
• Branch, partner, remote users secuiryt access and network access control
Mobile office security
• Mobile terminal security access;
Area isolate
• Many areas logic isolate, prevent Malicious behavior and virus spread.
15
Typical Application Scenario-Remote Access
Terminal security
•Access history clearing
•Host security check
•Terminal ID binding
Access security
•Identity authentication
•Network extension
•Web proxy
•Port forwarding
•File sharing
Transmission security
•Advanced encryption
•Integrity check
•SSL/TLS
Gateway security
•Refined access control
•Anti-DDoS
•OS security hardening
Management security
•Abundant logs
•Professional audit
•SSH/HTTPS
management
Hotel Residence
Partner
Mobile employee
File server
Other servers
Mail server Web server
SVN
16
Typical Application Scenario - Mobile Working
3G/LTE
Virtualized application
server
AP
Email OA Other IT
systems
Authentication
server
Terminal Access Enterprise
SSL
encryption
SVN
Terminal security Access security Transmission security Management security
•Refined access control
•Anti-DDoS
•OS security hardening
Gateway security
•Access history clearing
•Host check
•Terminal ID binding
•Secure desktop
•Multiple logs
•Professional audit
•SSH/HTTPS management
•Identity
authentication
•L3VPN access
•Virtual desktop
access
•Web proxy access
•Advanced encryption
•Integrity check
•SSL/TLS
17
Mobile terminal
Soft client (SC)
Thin client (TC)
Typical Application Scenario -Desktop Cloud
Internet
XenApp
ERP and other DB
DDC server SVN
18
Converged and Unified Communications
Conference AS
Management system SBC
Multimedia terminals
SVN
Internet
Terminal security Access security Transmission security
•Anti-DDoS
•OS security hardening
Gateway security
•Security SDK integrated
with applications
•Identity authentication
•L3VPN access
•Port aggregation
•Advanced encryption
•Integrity check
•SSL/TLS
19
Intelligent Inter-Area Isolation Solution Data protection Threat defense
The secure desktop controls the access of
external devices and a network.
Data on the secure desktop is encrypted
using advanced algorithms for storage.
Viruses or Trojan horses do not spread
across areas.
Access between the secure desktop and
real desktop is disabled.
Privacy and data
Access control Link security
The SVN uses 10 technologies for identity
authentication.
Data transmission is encrypted.
Only the authorized desktop can access the
authorized network area.
Access and transmission
Inter-area management
Management and audit Log audit
Users access the management page using HTTPS
and SSH.
Data can be transmitted securely across areas.
Secure data transmission supports fingerprint
verification.
The SVN meets requirements for log audit and
complies with regulations.
External devices,
such as USB
flash drive, COM
port, parallel port,
printer, CD-ROM
drive, and
infrared devices.
Services in office areas
SVN SVN
Internet
Access
Firewall
Secure
desktop
User's real
desktop
Internet secure
desktop
Office network
secure desktop
User’s real
desktop
20
Contents
3 Product Highlights
Click to add Title 5 Success Stories
Click to add Title 2 Market Overview and Positioning
Click to add Title 4 Competition Analysis
Click to add Title 6 Ordering Guide
Click to add Title 7
Click to add Title 1 Huawei and Enterprise Overview
How to Get Resources
21
3 4
2 1 SVN
7 mainstream operating systems
Mobile Access
10 authentication modes
Comprehensive Authentication
A maximum of 256 virtual gateways
One Device for Multiple Usages
5 access methods
Multiple Access Methods
SVN Key Features
X.509 certificate
USB key
Image verification code SMS authentication
LDAP
Terminal ID Dynamic password token
RADIUS
Local password Windows AD Employee at
department
A
Employee at
department B
SVN Department B
Department A
SVN B
SVN A
Virtual SSL
VPN for multiple
usages
Most
comprehensive
SVN
IPSec VPN SSL VPN
GRE VPN MPLS VPN
L2TP VPN
22
Network extension
Web proxy Port forwarding
File sharing SVN
Address of
intranet Web
page A:
http://7.1.1.233/
news
Public network access
address of an SVN
gateway
https://218.10.1.16
Web page address
configured on the SVN
gateway:
http://7.1.1.233/news
Real address for
access initiated by
a user:
https://218.10.1.16/
webproxy/7.1.1.23
3/news
Proxy
SVN
TCP 110
TCP 25
TCP
21
TCP 23
Application
request
Application
proxy
Client Server
SSL Internet
Perform secure access to TCP
applications of an intranet.
Port 443
SERVER
10.1.1.10
Virtual network adapter
10.1.1.20
CLIENT
202.1.1.20 202.1.1.30 10.1.1.30
SVN
SSL VPN Functions
23
Secure Browser
Encrypted data transmission
Enterprise data security
Privacy protection
Accurate security control
Secure
browser
Enterprise
data
Personal
data
You do not
have
permissions
to access
the web
page new
phone.html!
Transmission
encryption
24
Secure Pushmail
Powerful email features
1.Standard email protocol
2.Send and receive emails in real
time
3.Save encrypted emails
4.Wipe emails remotely
5.Wipe data automatically when
users exit the mailbox
6.Encrypt emails in transmission
Abundant email security policies
Integrated
permission
control over
emails
1. Control over sending emails
3. Control over storing attachments
2. Control over viewing email attachments
Have
permissions.
Do not have
permissions.
Only have view
permissions
4. Control over email attachments
Have permissions
to forward and save
attachments
Do not have
permissions.
Have
permissions.
Do not have
permissions.
Attachments are
deleted if forwarded
25
Secure File Transmission
Upload files from a
real desktop.
Upload files from a
secure desktop, Download files to a
real desktop. Download files to a
secure desktop.
Files are transmitted only through
authorized servers.
Transmitted data must pass the keyword
filtering.
Data transmission is encrypted with
advanced algorithms.
Inter-area transmission is disabled.
Directories for uploading and
downloading are specified, and
operations are audited.
26
Diversified Features for Accessing Applications
Open platform for customization Simple operation and O&M
C/S
B/S Multimedia
IP
Application Resource
Users can customize
the corresponding
security components
based on their
operating systems and
platforms.
SDK tool for all
platforms
(.dll/.so/.a/.jar)
139 community, eSpace, UC, V partner, HCS,
securities transaction clients, online banking clients,
and other applications
Strong Firewall Comprehensive Router
1. Packet filtering
2. IPv6 packet filtering
3. IP and MAC address
binding
4. Blacklist
5. Port mapping
6. NAT
7. Attack defense
8. Traffic control
9. Virtual firewall
1. Static route
2. RIP and RIPng
3. OSPF and OSPFv3
4. IS-IS
5. BGP
6. Policy-based routing
(PBR)
7. IPv6 routing
SVN
Simple O&M
Simplified
operations
Friendly
operation tip
SSO
Automat
ic login
Desktop
shortcut
icon/link
User
Experience
Telnet
Web UI
CLI
SNMP
Console
SSH
Management
Method
27
Contents
4 Competition Analysis
Click to add Title 5 Success Stories
Click to add Title 2 Market Overview and Positioning
Click to add Title 3 Product Highlights
Click to add Title 6 Ordering Guide
Click to add Title 7
Click to add Title 1 Huawei and Enterprise Overview
How to Get Resources
28
Page 28
Vendor Market Position Market Orientation Advantage Disadvantage
Juniper Top 1 globally
Global market especially the
European and American market
Mobile terminal secure access
market
Top 1 brand globally
In the Leaders Quarant of the Gartner Magic
Quadrant over a long period of time
Advanced solutions
Mature products
Many success stories globally
Strong and secure access capability of mobile
terminals and leading technology in wide terminal
support and One Agent
Poor localization service in China
Complicated configuration
High price
Weak firewall function
Cisco Top 3 globally
Global market especially the
European and American market
Borderless network solutions as
its main products
Famous brand globally
Advanced network solutions
Mature products
Many success stories globally
Industry-leading borderless network technologies
Poor localization service in China
Complicated configuration
Not cost-effective
Array
Famous in Asia
Pacific regions and
top 2 in China
Asia Pacific regions as its main
market
Famous brand in Asia Pacific regions
Global leading performance
Many success stories in Asia Pacific regions
Complicated configuration
Not cost-effective
IPSec not supported
Weak firewall function
Sangfor Top 1 in China
China market
Mobile terminal secure access
and region isolation market
Top 1 in China
Strong capabilities in customization
Many success stories in China
Good user experience in China
Weak firewall function
Weak virtualization capability
Weak IPSec function
Market Competition Analysis
29
Array Juniper
Sangfor
SA6500
1 U/10,000 users
MAG6610
1 U/20,000 users
SVN2230
Small- and medium-sized enterprises
1 U/1,000 users
SVN2260
Medium-sized enterprises
1 U/2,500 users
SVN5530
Large- and medium-sized enterprises
1 U/12,000 users
SVN5560
Carriers and large- and medium-sized
enterprises
1 U/20,000 users
HUAWEI
20,000
5000
1000
VPN3050
1 U/1,200 users
VPN6050
2 U/3,800 users
10,000
SA4500
1 U/1,000 users
Cisco
ASA5585
2 U/10,000 users
ASA5580
4 U/10,000 users
ASA5550
1 U/5,000 users
ASA5520
1 U/750 users
SPX5000
3 U/64,000 users
SVN9000
Carriers and large enterprises
1 million users
SVN5660
Carriers and large enterprises
100,000 users
SVN5630
Carriers and large enterprises
50,000 users
SPX2000
1 U/500 users
MAG6611
2 U/40,000 users
VPN4050
2 U/2,600 users
VPN7050
2 U/5,000 users
VPN8150
65,000 users
SPX4800
1 U/6,000 users
SPX800
1 U/50 users
SPX2800
1 U/1,200 users
ASA5505
1 U/25 users
SA2500
1 U/100 users VPN2050
1 U/300 users
Concurrent users
2500
SPX5800
2 U/12,000 users
VPN7150
2 U/16,000 users
VPN8050
35,000 users
VPN2150
1 U/800 users
VPN3150
1 U/2,000 users
SPX3000
1 U/2,500 users
SPX1800
1 U/100 users
ASA5540
1 U/2,000 users
ASA5510
1 U/250 users
MAG2600
1 U/100 users
MAG4610
1 U/1000 users
Plan
Vendors and Products
30
Guidance Item Juniper Cisco Array Sangfor
The Designated Enterprises for Producing
Commercial Cipher Products issued by the State
Cryptography Administration
Can be used to cheapen
counterparts.
Can be used to
cheapen counterparts.
Can be used to
cheapen counterparts.
The Sales Permission for Commercial Cipher
Products issued by the State Cryptography
Administration
Can be used to cheapen
counterparts.
Can be used to
cheapen counterparts.
Can be used to
cheapen counterparts.
The Certificate for Commercial Cipher Product
Models issued by the State Cryptography
Administration for SSL VPNs
Can be used to cheapen
counterparts.
Can be used to
cheapen counterparts.
Can be used to
cheapen counterparts.
Sales Permission for Computer Information System
Security Products issued by the Ministry of Public
Security
CMM 5 certified
Can be used to
cheapen
counterparts.
Developer of the IPSec VPN Technical Standards of
State Cryptography Administration
Can be used to cheapen
counterparts.
Can be used to
cheapen counterparts.
Can be used to
cheapen counterparts.
Developer of the SSL VPN Technical Standards of
State Cryptography Administration
Can be used to cheapen
counterparts.
Can be used to
cheapen counterparts.
Can be used to
cheapen counterparts.
SVN2000 and SVN5000 Guidance Strategies
31
Brand-Cheapening Strategies of Huawei
1. Requires Juniper to provide the combination of multiple authentication methods, such as terminal ID and SMS.
2. Requires Juniper to provide integrated VPN that supports multiple types of VPN access.
3. Requires Juniper to provide IPv6 support.
4. Requires Juniper to provide strong gateway device security defense functions such as advanced firewall and anti-DDoS.
5. Requires Juniper to provide solutions of high price performance ratio and local support in China.
6. Requires Juniper to provide the secure browser, secure Pushmail, and secure file transmission.
1. Does not support terminal ID verification and SMS authentication.
2. Does not support MPLS VPN, GRE VPN, and L2TP VPN.
3. Requires complicated configurations and does not support IPv6 and built-in CA.
4. Does not support advanced firewall and routing functions.
5. The price is high and local support in China is poor.
6. Does not support the secure browser, secure Pushmail, and secure file transmission.
Juniper disadvantages
Brand-cheapening strategies of Huawei
Juniper Disadvantages and Brand
----Cheapening Strategies of Huawei
32
1. Requires Cisco to provide authentication combination, such as SMS authentication.
2. Requires Cisco to support web-based graphic user interface.
3. Requires Cisco products to support Chinese.
4. Requires Cisco to support built-in CA.
5. Requires Cisco to provide the virtual desktop.
6. Requires Cisco solutions to be high at price performance ratio.
7. Requires Cisco to provide the secure browser, secure Pushmail, and secure file transmission.
1. Does not support SMS authentication.
2. Configurations are complicated.
3. local support is poor in China.
4. Does not support built-in CA.
5. Does not support the virtual desktop.
6. The price is high.
7. Does not support the secure browser, secure Pushmail, and secure file transmission.
Cisco disadvantages
Brand-cheapening strategies of Huawei
Cisco Disadvantages and Brand
----Cheapening Strategies of Huawei
33
1. Requires Array to provide the combination of multiple authentication methods, such as terminal ID verification.
2. Requires Array to provide integrated VPN that supports multiple types of VPN access.
3. Requires Array to provide IPv6 support.
4. Requires Array to support SMS authentication.
5. Requires Array to provide strong security defense functions, such as advanced firewall and anti-DDoS.
6. Requires Array solutions to be high at price performance ratio.
7. Requires Array to provide the secure browser, secure Pushmail, and secure file transmission.
1. Does not support terminal ID verification.
2. Does not support MPLS VPN, GRE VPN, and L2TP VPN.
3. Does not support IPv6.
4. Does not support SMS authentication.
5. Does not support advanced firewall and routing functions.
6. The price is high.
7. Does not support the secure browser, secure Pushmail, and secure file transmission.
Array disadvantages
Array Disadvantages and Brand
---Cheapening Strategies of Huawei
34
1. Requires that the Sangfor web proxy supports complex JavaScript rewrite.
2. Requires Sangfor to provide cross-platform security SDK.
3. Requires Sangfor to support MPLS VPN and GRE VPN.
4. Requires Sangfor to provide IPv6 support.
5. Requires Sangfor to support advanced firewall and routing functions.
6. Requires Sangfor to support independent virtual gateway and FICs.
7. Requires Sangfor to provide the secure browser, secure Pushmail, and secure file transmission.
1. Web proxy does not support complex JavaScript rewrite.
2. Does not support cross-platform security SDK.
3. Does not support MPLS VPN and GRE VPN.
4. Does not support IPv6.
5. Does not support advanced firewall and routing functions.
6. Does not support independent virtual gateway and flexible interface cards (FICs),
7. Does not support the secure browser, secure Pushmail, and secure file transmission.
Sangfor disadvantages
Sangfor Disadvantages and Brand
----Cheapening Strategies of Huawei
35
Contents
5 Success Stories
Click to add Title 4 Competition Analysis
Click to add Title 2 Market Overview and Positioning
Click to add Title 3 Product Highlights
Click to add Title 6 Ordering Guide
Click to add Title 7
Click to add Title 1 Huawei and Enterprise Overview
How to Get Resources
36
Customer Requirements
Haidian government network has two egresses connected
to China Unicom and Telecom networks and connects to
each commission, bureau, office, centers, merchants
buildings, and subdistrict office. Secure access channels are
required.
Huawei Solution
Benefits to Customers
The secure access channels between the SVN and public
institutions reduce network construction costs.
SVNs maintain account-terminal bindings, which
enhances access limitation based on user authentication
and authorization and improves intranet security.
The solution improves network reliability and expansibility
and meets the requirements of VPN applications.
Huawei SVNs are deployed at the egress side of Haidian
government network, which allows officials to read official
documents and reply files timely on trips, promotes
government departments to share information, and
improves the e-government system.
Government of Beijing Haidian District
37
China Telecom
China Unicom
Beijing government network Sub-district
office
Service
Service
Commission, bureau, and office
Merchants building
Three centers
Haidian government
Public network
SVN
SVN Mobile working
Government of Beijing Haidian District
38
Background and Challenges
The petroleum enterprise's network covers a wide range, and its
branches are located worldwide. VPN users are located in
different places. The petroleum enterprise requires industry-
leading technologies and reliable devices for service continuity.
The petroleum enterprise requires to support multiple device
types for excellent user experience.
Huawei Solution
Deploy VPN systems based on equipment rooms and network
egresses. Configure the VPN systems to back up each other.
VPN uses load balancing and cluster technologies to select login
nodes intelligently for excellent user experience.
Reliable and efficient VPN services secure the whole system.
Benefits to Customers
Wide adaptability to mobile terminals and nearest access
improve user experience.
Convenient and controllable access improves productivity and
reduces cost for branches and exploration teams worldwide.
PetroChina
39
DNS
Load balancer Load balancer
Building Headquarters
Client
Router
Firewall Firewall
Router
Unicom
network Telecom
network
Tietong
network
Telecom
Netcom
Tietong
Positioning accessed devices
Service data flow
SVN
SVN
SVN
eLog server
Unified network management platform
AD authentication server
Telecom
Netcom
Tietong
SVN
SVN
SVN
PetroChina
40
Background and Challenges
Multiple accessed services need to be managed separately.
Multiple VPN types are required.
Huawei Solution
Two SVN5560s are deployed at the province center.
30 virtual gateways are enabled.
SSL VPN and IPSec VPN are enabled.
Benefits to Customers
Centralized deployment is simple to perform and manage.
Abundant product features and cost-effective products bring much
benefits to the customer and reduce total cost of ownership (TCO).
Department of Human Resources and Social
Security of Inner Mongolia Autonomous Region
41
Medium- and
large-sized
designated
hospital, clinic,
or pharmacy
Ministry of human
resources and social
security
Village or
town
Labor and social
security operating
point
Small medical
organization
Street community
Financial
sector Public securit
y bureau
Internet
External user and
remote maintenance
personnel
Civil servant
Servers
Database
Network
management
platform SVN
SSL VPN tunnel
IPSec VPN tunnel
SSL VPN tunnel
Intranet
Social security
project
monitoring
center
Department of Human Resources and Social
Security of Inner Mongolia Autonomous Region
42
Customers in China
Government
Haidian district government of Beijing
Ministry of human resources and social
security
Wuhai Finance Bureau of Inner Mongolia
Jiangsu Entry-Exit Inspection and Quarantine
Bureau
Wenzhou Environmental Protection Bureau of
Zhejiang Province
State-owned Assets Supervision and
Administration Commission of Jiangxi Province
Hebei Administrator of Work Safety
Higher People's Court of Tibet
…
Beijing Jishuitan Hospital
Beijing Genomics Institute-Shenzhen
Zhucheng People's Hospital of Weifang,
Shandong Province
Linfen Municipal People's Hospital of
Shanxi Province
Wuxi cloud computing center
Sohu Changyou
PetroChina Company Limited
Nanjing Jiahuan Network Communications
Co,. Ltd.
Juhua Real Estate Co.,Ltd.
China National Chemical Corporation
China Railway Signal & Communication
Corporation (CRSC)
Southernpec Corporation
Tibet Electric Power Co.,Ltd.
Guangxi Radio and TV Network
…
Fudan University
Inner Mongolia University of Finance
and Economics
Information Center of Pingdingshan
Municipal Education Bureau
Education Department of Guizhou
Province
Nanjing Institute of Technology
National Library of China
…
Medical care
Education Enterprise
43
Customers Worldwide ATM Mobilis
Beltelecom
Bravo
CAMEROON POSTAL SERVICES
CENNTENIAL CAYMAN CORP. CHILE S.A
Comanche International Co., Ltd.
Creative Technology
EMIRATES TELECOMMUNICATIONS CORPORATION-
ETISALAT
Flextronics Telecom Systems Ltd.
Grupo CorpData, C.A.
MATFORCE
MTN Network Solutions (Pty) Ltd.
MTN Nigeria Communications Ltd.
Neutron C.A.
Nextel del Peru
NII Digital, S. DE R.L E C.V
NII Holdings, Inc
Opal Telecom
Open Source Technology Co.,ltd
Operational nucleus for the Information Society of Cape
Verde
Radiomovil DIPSA S.A.de C.V.
Secretaria de Comunicaciones y Transportes
Singapore Telecommunications Limited
StarHub Ltd
TEELEAP TELECOMUNICAES SA
Telefonica de Espana, S.A.U
Telmex Argentina
Ukrainian Trade Technological Co., Ltd.
44
Contents
6 Ordering Guide
Click to add Title 4 Competition Analysis
Click to add Title 2 Market Overview and Positioning
Click to add Title 3 Product Highlights
Click to add Title 5 Success Stories
Click to add Title 7
Click to add Title 1 Huawei and Enterprise Overview
How to Get Resources
45
The total number of all concurrent users of the SSL VPN, SDK, security desktop, security data transmission, and
virtual desktop cannot be larger than the maximum number of concurrent users on the device. Note:
Configuration Guide
46
1. A small- or medium-sized enterprise needs to provide remote SSL VPN access service for mobile workers. The
number of remote users is 500. The enterprise uses an AC power supply system and an RJ45 connector. The
configuration for this enterprise is as follows:
2. A carrier needs to provide remote access service for mobile workers. The number of remote users is 5000,
among which 2500 users need SSL VPN and 2500 users need L2TP over IPSec for access. The enterprise
uses a DC power supply system and an RJ45 connector and requires dual systems for high availability. The
configuration for this enterprise is as follows:
In high availability environment, users need to purchase only one SSL VPN license for primary and
secondary devices.
Item Model NO. Description Number
Host SVN2230-AC-01 HUAWEI SVN2230,SE3Z91UAH,SVN2230 Standard Configuration 6GE AC
Host,with HW General Security Platform Software 1
License LIC-SVN-SSL-500 Resource,SVN,SE3SSLVPNF,LSE3SSLVPN06,SSL VPN 500 Concurrent
Users,with HS General Security Platform Software 1
Item Model NO. Description Number
Host SVN5530-DC-01 HUAWEI SVN5530,SE4Z101UDH,SVN5530 Standard Configuration 8GE DC Host,with HW
General Security Platform Software 2
License
LIC-SVN-IPSEC-2500 Resource,SVN,LSE3VPN08,IPSec VPN 2500 Concurrent Users,with HW General Security
Platform Software 1
LIC-SVN-SSL-2500 Resource,SVN,LSE3SSLVPN08,SSL VPN 2500 Concurrent Users,with HW General Security
Platform Software 1
Typical Configuration
47
Windows
2000/2003/2008/Vista/7
iOS 4.0 and
later
Mac OS 10
and later
Android 2.3
and later Linux Symbian BlackBerry
Web proxy √ √ √ √ √ √ √
Port forwarding √ × × × × × ×
IPSec client
access
√ √ √ √ √ √ √
Secure desktop √ × × × × × ×
Network extension √ × √ √ × × ×
File sharing √ √ √ √ √ √ √
Virtual desktop × √ × √ × × ×
Secure browser × √ × √ × × ×
Secure Pushmail × √ × √ × × ×
Secure data
transmission
√ × × × × × ×
Secure SDK √ √ √ √ √ √ √
Functions in Different Operating Systems
48
1. By default, the device supports ten free-of-charge concurrent users for each feature for test or trial use. The free-of-charge
concurrent users will be unavailable after the customer buys a license.
2. The device provides a free-of-charge virtual gateway. After the customer buys a license, the free-of-charge virtual gateway is
added to the license capacity.
3. Users can purchase the SSL/IPSec licenses based on the number of users, such as 10, 25, 50, 100, 250, 500, 1000, 2500,
5000, 7500, 10,000, 15,000, and 20,000. The license capacity can be added up.
4. The number of concurrent terminals (including mobile terminals and fixed terminals) cannot exceed the maximum number of
concurrent SSL VPN users. (Windows OS allows two concurrent users. The two users are regarded as two terminals. ) If a user
purchases 10 SSL users. The total number of concurrent terminals cannot exceed 10, even if several terminals use the same
user name.
5. In high availability environment, users need to purchase only one SSL VPN license for primary and secondary devices.
6. In enterprise market, the concurrent IPSec VPN users are free-of-charge. In carrier market, the prices of concurrent IPSec
VPN and SSL VPN users are the same.
For more details, refer to the Sales Guide for the SVN2000 and SVN5000 Series.
Other Notes
49
Contents
7
Click to add Title 4 Competition Analysis
Click to add Title 2 Market Overview and Positioning
Click to add Title 3 Product Highlights
Click to add Title 5 Success Stories
Click to add Title 6 Ordering Guide
Click to add Title 1 Huawei and Enterprise Overview
How to Get Resources
50
How to Get Huawei Document Resource
Weapon1: Enterprise Website
http://enterprise.huawei.com/en/
Weapon2: Document Email
Channel Partner Program
– To learn Partner Policy
Partnership
– To be a partner
Material & Toolkit
– To find material and toolkit
Special Partner Zone
– ISV
enterprise_channel@huawei.com
Weapon 3: Document User Guide
Where can I find it
and give feedback?
51
How to Use Huawei Document Resources
Where can I find it
and give feedback
Web
http://enterprise.huawei.com/en
enterprise_channel@huawei.com
Product Main Slide (High-
level Version)
Product Main Slide (Tech-
level Version)
Sales Strategy Quick
Reference
Sales Strategy
Guidance
Product Brochure
(Brief edition)
Product
Datasheet
Quick
Reference
Module
Brochure
Feature Brochure
Product Photo
Article
Product Video
Case Study
Certificate Report
Function List
Product Comparison
List
Ordering Guide
EOM&EOS
Notice
Product Description
Product
Hardware Description
Test Report
(3rd party)
User Report
Product Pre-sale
Training Materials
FAQ
White Paper
Presentations Sales Guide Brochures Brand Case Studies Bidding Training White Papers
52
How to Get Pre-sale Help
enterprise_channel@huawei.com
Call Center
Huawei Experts
Team
Partners
Partners
7*24 hours presales email and
telephone support
Products and solutions consulting http://enterprise.huawei.com
/en/about/contact
Copyright©2012 Huawei Technologies Co., Ltd. All Rights Reserved.
The information in this document may contain predictive statements including, without limitation, statements regarding the future financial and operating results, future product
portfolio, new technology, etc. There are a number of factors that could cause actual results and developments to differ materially from those expressed or implied in the predictive
statements. Therefore, such information is provided for reference purpose only and constitutes neither an offer nor an acceptance. Huawei may change the information at any time
without notice.
HUAWEI ENTERPRISE ICT SOLUTIONS A BETTER WAY
top related