"Digital campus" is based on digital information and network, established on the basis of computer and network technology for the collection, processing, integration, storage, transmission and application of campus information such as teaching, research, management, technical services, life services, A virtual educational environment that allows digital resources to be fully optimized.
With the gradual improvement of China's education system, the scale of colleges and universities at all levels continues to grow, the school's information construction has become a cross-network communication, network security, identity certification and other disciplines, ERP, OA, VOD and other applications The huge project of mobile Internet and other resources, a large data network is rapidly unfolding.
Project requirements
A university with 34,000 students has planned a three-level switching system for the entire network under the background of big data, including backbone switching (all core layers are 10 Gigabit switching), and regional switching (gigabit fiber is laid from the core to the region) 56 kilometers), building exchange (gigabit twisted pair to the desktop), terminal information points reached 25,000.
At the same time, a total of 15 sets of management information systems, such as the card management system, personnel management system, student status management system, and degree certification system, are integrated in the school, and the goal is to achieve a unified portal and unified certification.
The school provides open HTTP, FTP, Email and other public services, 22 departments and 30 management institutions have their own portals, and students have built 58 HTTP / FTP sites.
The school has also launched a digital campus mobile platform through student-specific 147 mobile phone cards and provincial mobile cooperation. The system integrates mobile OA, mobile mailbox, application interactive platform, all-in-one card system, educational administration system, Internet management system, online question answering system, SMS fault warranty system, Function modules such as WEB management system.
The above applications place high requirements on the network carrying capacity. The school requires:
Security gateway equipment is deployed at the school's general exit
Must be able to simultaneously access three 100M telecommunications links, two 100M and one 900M Netcom links, one 100M mobile link and one education network link
Provide policy routing and ISP routing support for different address segments distributed throughout the school
The internal network port of the device must use a 10 Gigabit interface
Bandwidth usage that does not comply with school regulations must be discoverable
Support gateway anti-virus function
Can not affect the school's data applications, such as OA, VOD, all-in-one card, etc.
All applications can support or extend support IPv6 protocol
solution
After on-site analysis, Wangyu Nebula believes that the school's network security mainly needs to solve three problems: first, the peak is up to 2.4G traffic, and it is mainly a UDP packet-based data processing capability; second, ARP attacks, frequent Web attacks Problem, the school has repeatedly detected and attacked the internal network server, student personal host, and even the integrated management platform of the information center, and even appeared to tamper with the test scores of the back-end database of the file management system; the third is the bandwidth control problem. A large number of non-critical applications such as P2P downloads and IM videos devour the limited bandwidth resources of the campus network, but critical application services such as mail, web pages, and data transmission are not guaranteed.
After fully understanding the school network, Net Royal Nebula proposed to use the high-performance full-service integrated security gateway Power V6000-U8000 as the campus big data security solution. The product integrates firewall, antivirus, intrusion prevention, flow control, Internet behavior management, Web security protection and other functions support complex multi-exit strategy routing. The product's flexible interface configuration and networking methods are sufficient to meet any access environment.
Solution advantages
In the implementation process, Power V6000-U8000 products are equipped with 8 Gigabit electrical ports to meet the access requirements of 8 links, 1 Gigabit optical port to meet DMZ zone access requirements, and 1 10 Gigabit SFP + optical port Directly connected with 4 10 Gigabit core switches. Power V6000-U8000 products have the following advantages:
First of all, 63 groups of addresses / address segments were planned during the implementation, and policy routing was applied to these 63 groups of address / address segments to point to 8 link exits, and the number of policy routes reached more than 200.
At the same time, the product supports anti-ARP attacks and IP spoofing, and can also enable anti-virus functions for certain important address segments, and supports Web security management and network database attack protection functions for Web servers and background databases managed by the school. All network hosts enable anti-port scanning and host scanning functions.
Then, the product can allow H.323 protocol traversal through adjustment policies, and can implement loose protection strategies for status detection, UDP long connection, Java script, ActiveX plug-in and so on.
Finally, the application identification and URL filtering function of the product can enable identification / blocking of school access to website content such as reactionary and yellow, can block search results of sensitive keywords, and can allow IM software to chat but prohibit it Video chat function, for P2P video can be classified according to detailed applications such as Tudou.com, Youku, etc. to limit traffic.
Since the school started in September 2012, the traffic of the device has been steadily controlled between 2.2G and 2.4G, neither consuming bandwidth nor exceeding the bandwidth threshold. No feedback from 25,000 nodes across the school dropped or the network was slow. The school's applications are running steadily, and there are no problems such as unable to log in and access errors. At the same time, the CPU idle rate of the Power V6000-U8000 equipment has always remained above 90%, and the equipment use effect has been highly recognized by the school leaders, making the school exclusive in the wave of big data education system.
Netyu Nebula full service fusion security gateway product introduction
Net Royal Nebula Power V6000-U8000 is a full-service integrated security gateway product developed based on Intel's latest Sandy Bridge multi-core architecture. The product functions are developed based on a unified software core. AV + IPS functions are fully opened up to 10 Gigabit processing capacity. . The product supports expansion to 49 Gigabit ports or 24 10 Gigabit optical ports, and the appearance size is 2U height. In terms of functions, fusion and integration technologies are adopted. Antivirus, intrusion prevention, online behavior management, web security protection, session management, terminal security, and other functions can be combined in any combination. All protection functions can be executed at a time in one strategy, greatly reducing the maintenance intensity , Almost no effect on the processing performance of the system application layer. The Power V6000-U8000 fully supports the IPv6 next-generation Internet protocol standard, which is not limited to layer 2 and layer 3 support such as routing protocols, but also layer 7 support such as intrusion prevention and online behavior management. In addition, the product can also provide real-time traffic analysis functions. It can provide real-time analysis reports on the applications used, URLs accessed, and file types transferred. It supports host traffic sorting and provides detailed reports on the traffic usage of each host.
Acoustic Wall Panel ,Soundproof Wall Panels,Sound Panels For Walls ,Acoustic Insulation Panels
Feat Top International(China) CO.,LTD , https://www.ft-project.com