Technical features
- Protect network resources and critical applications on 10 GbE network links — The HP Core Controller enables automated, in-line traffic inspection, up to 20 Gbps, to protect network devices, virtualization software, operating systems, and enterprise and Web applications from attack.
- Up to 20 Gbps IPS traffic inspection — The core controller is deployed as a "bump-in-the wire" network element for up to three 10-GbE network links. Traffic entering the core controller is intelligently flow-balanced to a bank of HP TippingPoint IPS units for traffic inspection. Malicious and unwanted traffic is blocked, and clean traffic is returned to the core controller for distribution to the appropriate 10 Gbps egress link, allowing you to scale security up to 20 Gbps with a single solution.
- Flow management across multiple IPS units — The HP Core Controller balances traffic inspection loads across multiple IPS units. In addition, the core controller supports both IPv6 and IPv4 traffic inspection and load balancing, providing maximum flexibility for heterogeneous networks. The unit guarantees flow affinity so that all associated traffic goes through the same IPS segment.
- Maintain network reliability for 10 GbE network segments — All HP TippingPoint appliances are purpose-built with the reliability to go in-line within enterprise and service provider networks. In addition, the HP Core Controller has sophisticated high-availability features, including redundant core controller configurability, built-in zero power high availability (Smart ZPHA), IPS heartbeat monitoring, link down synchronization, and hardware watchdogs.
- Flexible core controller and IPS redundancy configurations — The HP Core Controller solution allows an unprecedented level of flexibility to eliminate a single point of failure. Where 10 GbE redundant paths are implemented, one core controller can be deployed in each path, both of which then share a common pool of IPS units. As a result, an HP Core Controller or IPS can be removed from service without impacting network availability, performance, or security coverage.
- Hot-swappable XFPs and zero power high availability (Smart ZPHA) — Smart ZPHA is an optional, modular component available for the core controller's 10 GbE segments, enabling optical traffic bypass in the event of system power loss and providing an additional level of network uptime assurance. Smart ZPHA modules may be removed from the core controller without impacting traffic on the 10 GbE segment.
- Hot-swappable power supplies — The core controller supports redundant, hot-swappable power supplies, allowing modules to be replaced without affecting system performance, network availability, or security coverage. AC power is standard; however, DC power modules are available as an option.
- Hardware and IPS monitoring — The HP Core Controller implements advanced monitoring to ensure high availability in mission-critical environments. The core controller periodically sends heartbeat packets across IPS connections. These heartbeat packets measure latency and availability of the IPS. If the latency exceeds a user-specified threshold, or if a user-specified number of heartbeat packets are dropped, the core controller will remove the IPS from the pool.
- Layer 2 fall-back mode — In the event one of the monitoring mechanisms triggers a fault, the core controller can go into Layer 2 fall-back (L2FB) mode. If a single core controller is deployed (non-redundant 10 GbE paths), traffic is managed accordingly, up to and including simply passing traffic through uninspected, if the policy is configured to do so.
- Pay-as-you-grow IPS capacity — Start small with IPS capacity and minimize the cost of entry for 10 GbE protection. Buy only the IPS units initially required, and add more to the pool as traffic inspection needs increase.
- Utilize existing HP TippingPoint IPS units — With the core controller, customers gain the peace of mind of continuing to use already proven IPS technology. Further, units that have been purchased for lower-speed network links can easily be redeployed with the core controller for protecting 10 GbE segments.
- Single management system for IPS and core controller — A single security management system (SMS) can manage both HP TippingPoint IPS units and core controllers, simplifying installation, configuration, and ongoing monitoring and maintenance by taking advantage of the SMS's familiar and easy-to-use management interface.
- Multiple flow management algorithms cater to a variety of traffic profiles — The traffic mix on any given 10 GbE link can vary significantly. Some links may have a greater mix of large frames of file and video content, while others may have a greater mix of smaller packets associated with VoIP or other latency-sensitive traffic. The core controller contains several flow management algorithms to optimize the throughput and inspection based on the nature of the actual traffic traversing the link.
- Intelligent Learning Mode enables rapid deployment — An Intelligent Learning Mode is provided that analyzes network traffic on each 10 GbE segment and provides recommendations for the optimal flow management algorithm, saving valuable configuration time for network and security engineers.
|