Thinking about Data Center Solutions

Engineers from La Salle-URL share the latest news and projects in the field of network solutions in telematic engineering.

09 April 2019 | Posted by josep.jordana

Check Point Maestro Hyperscale Network Security

Early this year, Checkpoint, one of the leading providers of cybersecurity solutions, released the first hyperscale network security solution, named Maestro Hyperscale Orchestrator. In this post, we are going to explain what it is and what its deployment can provide to datacenter architectures.

Nowadays, network requirements (risks, threats, bandwidth, latency, etc..) are evolving and changing increasingly fast, meaning that companies need to have the ability to adapt easily and effectively in order to continue providing their services.

However, the scalability of network gateways has always been difficult to achieve, and has often resulted in a loss of resources, either because that network device had to be replaced for a better one (incurring the loss of the functioning old gateway device) or because, with standard clustering, only one device can be active at any time (others in standby).

So, how does Maestro achieve what other protocols and devices cannot? It has the ability to combine different physical gateway devices into one or multiple logical devices (security groups), which allows for some unique properties:

  • Hyperscale security: companies can scale their existing gateways on-demand, up to 50x of their original throughput.
  • Software Defined Gateway Control:   For all devices connected to Maestro, there exists the Maestro Security Orchestrator, a software interface that allows for easy control and organization of these devices, minimizing by a large margin management overhead.
  • Security groups: Maestro permits the creation of a number of security groups, a cluster of firewall devices (security group members) that share the same security configuration. As such, configuring a new firewall device is a matter of introducing it to the security group, reducing deployment time to mere minutes.
  • Cloud-level resiliency: Maestro offers cloud-level resilience and reliability with Check Point’s HyperSyncTM , which basically means load-balancing and redundancy between the different security group members.

That being said, one must take into account three things. The first one is that not every device can work with maestro hyperscale orchestrator, only the Security Gateway Appliances on this chart can do so, all other devices are incompatible. The second is that within one Security Group, all devices must be the same, though that is expected to change in the future software updates. The third is that the 52x appliances propaganda is not exactly true, as even the best Maestro version has only 32x 100 GbE ports, meaning that to achieve the desired number of devices, chaining more than one Maestro might be necessary.

To summarize, Maestro is suitable for almost every datacenter irrespective of its size, as it adds network gateway scalability.

Share

Add new comment

CAPTCHA
This question is for testing whether or not you are a human visitor and to prevent automated spam submissions.
9 + 4 =
Solve this simple math problem and enter the result. E.g. for 1+3, enter 4.