Checkpoint presentation 21/22 – New era of security for the hybrid data centre

Firstly, he began making an introductory reflection as a debate on what were the main reasons that drove the most important clients in the current market to transfer their data centre to the cloud. Ideas such as viability or saving infrastructure were proposed by the students, but the main environment for which the expert believes that it should be used is in stationary business models since it adapts to what is always needed (double the power for a certain period, activate and deactivate a service for a few minutes, etc.). It seems that many customers consider moving to the cloud in order to save costs, which is completely wrong, since the amount of on-premise material that is discarded can be considerable.

Raul proceeded with his presentation with a well-defined main idea: “cloudize data centres on-premise”. Customers are currently looking for solutions that last as long as possible, adapting to the different changes that may occur, making only a single economic effort. A first characteristic that must always be guaranteed to achieve this is maximum security, since there have been cases of clients that begin to withdraw security functions from their firewalls because they have reached their limit in terms of performance, an action that totally compromises the environment security. Secondly, another essential capacity is hyper scalability that allows growth on demand, ensuring that the solution to be offered can be adapted to support, for example, from traffic increases at specific times to new communication protocols that require more CPU cycles. Thirdly, it must guarantee maximum efficiency when setting up class architectures that take advantage of the maximum amount of material possible that has been paid for, unlike other currently existing proposals such as active-active or active-passive configurations. To sum up, what must always be ensured is that the client does not think he has made a mistake buying our solution, ensuring its linearity in the costs of capacity increases.

The solution that Checkpoint has been offering to the market for about two or three years is none other than a device called the Quantum Maestro Orchestrator MHO-175 whose functionality is very similar, in general terms, to a conventional switch. It is responsible for being the manager of a firewall communications architecture in which, instead of having devices next to each other where one is active and the other in standby, you can have up to fifty-two devices operating at the same time based on customer demand. Within each device there is the option of creating virtual instances (data centre, web, email, etc.) depending on the service you want to offer. The main advantage of this is that Maestro conditions are very powerful, since the client only must worry about inserting all the muscle they need based on the required capacity, reaching communication links of the order of terabits. It should be noted that the full capacity of the devices that are inserted is used, offering totally linear scalability on the topology. Regarding connectivity, Maestro, usually featuring redundancy to avoid points of failure, connects directly to the network while the connections to the firewalls are direct cables with optics already soldered. A very important advantage that it offers is that it is compatible with both the latest Checkpoint devices that have just been launched on the market and with the oldest that exist (as long as they have a link of at least 10 gigabits), a fact that allows to reuse the hardware already obtained by the customer. However, one of the main drawbacks is that it is only compatible with Checkpoint, being a considerable complication when the customer's data centre is made up of firewall devices from different manufacturers.

The conference ended by exploring in a little more detail some real cases of scenarios in which Maestro is currently implemented and working, being able to adapt to the different business needs that the client may present, being from security group formations to autoscaling management through performance thresholds. Finally, it only remains for the students to thank Raul for the time he spent with us, since the contents exposed will be very useful for the previously mentioned delivery to be made at the end of the course.