Hyperscale security is actually possible.

Of course, that’s probably not been your experience. You are probably imagining having to duct tape together a stack of firewall appliances and run them as an expensive and complex Frankenstein cluster to achieve hyperscale security. That’s no longer true.

In fact, it’s just the opposite. Instead, you need to consider the power of a single chip. Fortinet recently launched the NP7 (Network Processor 7) – the industry’s most powerful Application-Specific Integrated Circuit (ASIC). The NP7 is part of Fortinet’s Security Processor Units (SPUs), and is the latest example of Fortinet’s long history and commitment to building purpose-built ASICs to accelerate network and security at very high-performance levels.

The NP7 is Fortinet’s 7th generation ASIC, designed to accelerate essential network functions such as IPv4, IPv6, Unicast, Multicast, Anycast, and IPsec decryption, to name a few. Fortinet’s new NP7 provides all the functionality and performance of the NP6, but it does so at exponentially higher speed, scale, and performance. For example, the NP7 can now support elephant flows, which are single sessions that consume a large amount of bandwidth. 

Of course, the NP6 also supports multiple 10Gbps bidirectional elephant flows. And, depending on your environment, it may be able to provide this at a performance level you need to transfer your large files over a single session. But for those organizations that need astronomically more performance – as many hyperscale architectures now require – the NP7 chip is the answer. Fortinet NP7 is the first purpose-built security ASIC to take performance to a previously unimagined level, supporting up to 100Gbps of data flows – an exponentially greater performance level than then NP6!

What’s more, a single NP7 chip supports 2 million connections per second session setup speeds for firewall and NAT sessions. 

This means that FortiGate NGFWs powered by the NP7 processor, such as the new FortiGate 1800F, are not constrained by the slow processing power of off-the-shelf hardware that other industry Next-Generation Firewalls (NGFWs) employ. For example, decrypting and inspecting IPSec-encrypted traffic takes such a toll on traditional CPU-designed NGFWs that most security vendors won’t even publish their performance numbers. But a single NP7 can perform this same function at 75Gbps – something no other vendor can come close to providing.

Which makes it ideal for today’s extreme scenarios – such as massively scaled services, such as compute, storage, and applications, co-hosted on physical and virtualized platforms that not only need to be protected, but also segmented for better control. The NP7 is able to accelerate VXLAN termination/re-origination to enable massively scalable and highly adaptable internal segmentation, while securely enabling super-fast communication among all segments. And if that wasn’t enough, the NP7 can also perform hardware-based logging and DDoS protection from volumetric attacks. 

Hyperscale Data Centers Require Hyperscale Security

Which brings us back to the challenge of hyperscale data centers requiring hyperscale security. Because delivering this level of performance is simply beyond the ability of even the most expensive data center-focused NGFW appliances, a growing number of organizations feel pressured by business demands to forgo security safeguards, and instead rely on the likes of routers and switches to front end their networking infrastructure protection.

Many of today’s extreme data centers rely on routers and switches because they fear that putting one of the currently available security devices – such as an NGFW – at the edge of the network will create a choke point for all of their hyperscale traffic entering and exiting the data center. This will bring their business to a crawl – translating directly to a loss in both competitiveness and revenue. As a result, they are rolling the dice that letting all traffic in and out of their network through routers and switches armed with nothing more than ACLs, rather than deploying performance-hogging Next-Generation Firewall security inspection, will enable them to meet their high-performance demands. They then just hope that security workarounds deep inside their networks will be sufficient to protect themselves from attack.

But the reality is, organizations are regularly attacked right at edge of their network, and the consequences are often serious. Such attacks can severely damage their brand and reputation, force the loss of revenue, and even completely shut down their business due to extended downtime.

FortiGate 1800F NGFW Accelerates Advanced Research

As part of the company’s new FortiGate Series, the FortiGate 1800F is designed to meet unprecedented business demands by providing massive capacity and astronomical performance across a variety of use cases. These advanced capacities are essential for supporting elephant flows.

Imagine you are a multi-national pharmaceutical company who participates in Pharmacovigilance – the practice of studying and managing drugs after they have been licensed for use, especially to identify and evaluate previously unreported adverse reactions. As part of this practice, you have to transfer extremely large data sets across geographically dispersed sites to leverage AI/ML simulations. This not only enables your business to detect potentially adverse reactions, but also helps ensure that the discovery of new medicines is faster, and with lowered costs and reduced risk to human life. These very large data sets are an example of an elephant flows.

Similarly, the oil and gas industry require high-throughput connections to share massive amounts of exploration information (datasets) across different sites. These data sets are used for AI and ML analytics and 3D modeling to accelerate the discovery of resources directly tied to business outcome, such as adding more capacity to serve a larger market than they are currently able to do. And larger markets mean larger market share, which potentially means more revenue.

These are just two examples of the increasing reliance on massive data sets used by organizations to perform tasks that were previously prohibitively time-intensive or expensive. Advances in aeronautics, space exploration, oceanography, climate change monitoring, and bioengineering all rely on data sets that are not only immense, but that also need to be protected against attacks and the theft of highly valuable intellectual property.

Powered by NP7, the FortiGate 1800F series NGFW provides a solution to this problem by providing multiple, very high-speed ports that are capable of handling parallel 40Gbps Elephant flows. This support for multiple, parallel 40 Gbps flows per chip can dramatically increase the rate of data transfer, providing up to 195 Gbps of throughput between research centers. With the NP7-powered FortiGate 1800F, massive multiple datasets can be transferred very quickly at very high speeds and still be fully secured with high performance IPsec encryption.

NP7-powered FortiGates also enable the implementation of Layer 4 access security policy (who or what is allowed versus not allowed) and provide hardware-based DDoS protection from volumetric attacks. 

The NP7’s performance and hyperscale security advancements also deliver significant business and productivity impact, as researchers no longer need to wait for network flows to complete or schedule them during off hours. This ultimately equates to increased capacity, faster time to market, and increased profitability. NP7-powered FortiGate appliances support very high-performance security to enable “the art of what’s possible.”

Don’t miss Fortinet’s upcoming global virtual event for cybersecurity and networking professionals to learn more about our latest product announcements. Sign up here.

Read more about the FortiGate 1800F Next-Generation Firewall, powered by our groundbreaking NP7, in our newsroom and on our blog.

Engage in our Fortinet user community (Fuse). Share ideas and feedback, learn more about our products and technology, or connect with peers.

Sourced from Fortinet

Recommended Posts