On May 28, 2008, as the leader in information security market in China, Venusense announces to present the 10G multi-core UTM platform in Beijing, which symbolizes that the Venusense leads in the world in multi-core UTM R&D.
It is known that the Venusense 10G multi-core UTM platform USG-10000 is developed based on Cavium multi-core technology. Depending on the experienced special product R&D team, over 10-year accumulation in intrusion detection technology and multi-year experiences in UTM product development, Venusense can easily control the multi-core platform. Now this platform has realized the firewall and IPS function. The highest firewall processing speed is up to 25.45Gbps. The highest ISP is up to 11.74Gbps, which reaches the 10G , especially IPS 10G processing capability represents the top level in China. Meanwhile, ranked as the second position, Venusense becomes one of the international leaders.
Why is 10G UTM required?
The China UTM market is increasing at an explosive speed in 2007 and the annual increase rate exceeds 80%. Compared with the last year, even the increase rate exceeds 100% in the last half a year. The users are continuously recognizing and praising the UTM product. UTM product has become the first product to solve the network boundary security.
As the leader in UTM in China, Venusense involved the UTM area 4 years ago, has focused on the user value all the time and has been dedicated to promotion of UTM industry. Venusense released the first-generation “overlapped” UTM product in 2005 and released the “integrated” UTM product in 2007.
Venusense can realize the higher UTM performance based on traditional x86 platform which can satisfy the network boundary security protection requirement of the government and middle-scale and small-scale enterprises. Venusense notices that the users are very interested in UTM in the industries such as the colleges, large enterprises and telecommunication operators. The special functions of UTM can fully satisfy the demands of the users in these industries, but the purchase quantity is limited. The root reason is insufficient performance.
When developing “integrated” UTM in 2006, Venusense perceived this demand and started to study the performance of the high-end UTM product since that time. via the half-year research, Venusense concludes that the CPU performance is low on the current hardware platforms such as CPU, NP, ASIC and multi-core. NP performance is proper, but it is difficult to develop, so it is difficult to select. It is difficult to realize the application-layer security function based on ASIC. The flexible and high-performance multi-core technology becomes the technology suitable for the high-end UTM products. By analyzing the chip manufacturers, technical route and key technologies, Venusense thinks that it is feasible to realize the high-performance UTM based on the multi-core platform.
Technical difficulties of multi-core UTM
The feasibility does not mean no difficulties. Some foreign manufacturers have started to study and develop the high-performance UTM product based on the multi-core platform since 2005, but the progress is slow due to complexity of multi-core technology. it is difficult to complete control the multi-core technology.
First, due to multiple processors in multi-core chip, the traditional operating system can not run, so the architecture of the operating system must be changed and developed, including memory management, timer management and file management function. it is very difficult to solve them.
Secondly, it is very difficult to schedule UTM service on the multiple cores. Generally the service can be processed in a serial or parallel mode. For the parallel mode, the common processing method can not guarantee unique in case of multi-core allocation of multiple streams, so the intelligent parallel service scheduling is required to guarantee uniqueness on the multi-core platform. The multi-core resources should be fully mined and utilized. For the serial mode, the resources are allocated according to the system resource occupancy of the function modules to guarantee no performance bottleneck. When the function module or the platforms change, much associated work are required. The software business flow will be developed and adjusted again. The improper adjustment will lead to the performance bottleneck in the multi-core processor. So the service scheduling difficulties exist in the parallel processing mode and serial processing mode.
Thirdly, when the parallel processing mode is used, the application-layer detection efficiency can not be guaranteed. The software architecture requires every core to realize all function, including firewall, intrusion prevention, anti-virus, content filtering and P2P control, so it will consume much system resources to detect the application-layer data and lead to the performance bottleneck of single core. To avoid single bottleneck, the application-layer detection efficiency should be improved as higher as possible.
Finally, to control the multiple cores and completely mine the multi-core performance via the software design and implementation is also a world-class difficulty. From the macro view, some security providers have studies and developed the UTM products based on the multi-core platform in the world since 2005. Up to May, 2008, the incomplete statistics show that 9 manufacturers have released the multi-core high-end products in the world. Most of manufacturers realize 10000 M firewall, but only one foreign manufacturer has actually developed the multi-core UTM product and put it into commercial application. The R&D of UTM spends two years and half a year. It shows that to realize the full-function and high performance based on the multi-core processor is a world-class difficulty.
Based on the complete understanding and assessment on these difficulties, Venusense found a high-quality team since May, 2007. This team has over 10-year experiences in the special hardware platform development and has successfully studied and developed various high-end routers, switches and firewall products based on the special hardware platforms such as NP, ASIC, FPGA and TCAM, so this team can control the multi-core platform. Meanwhile, Venusense selects Cavium OCTEON as the cooperative platform for the multi-core technology and has invested 20 million in next year. Now the team has continuously tackled multiple difficulties in operating system reconstruction, break through the difficulties such as the parallel service scheduling and automatic single-core failure recovery, and completely control the multi-core processor.
Via the huge investment during one and half a year, now Venusense has tackled all predictable difficulties. The first type of actual 10G UTM will be presented in China. The performance issue which blocks the further development of UTM is effectively solved.