NetDevices Unified Services Gateways Brochure

Download the PDF

The NetDevices SG family of unified services gateways are multi-service networking devices designed to reduce the cost and complexity of managing branch office networks. NetDevices unified services gateways unify the multiple hardware and software networking solutions typically required for a branch site, adding comprehensive remote management and unparalleled serviceability. IT managers can eliminate cascaded point devices and support security, voice, routing, switching and more on a single, easy to manage platform.

Product Overview

Leveraging highly modular software and hardware design, the NetDevices SG-8 unified services gateway integrates enterprise security, core networking technologies, and adaptive services into a single, highly available system for branch office networking. The NetDevices SG-8 greatly simplifies deployment, provides 100% remote manageability, lowers operating expenses (OpEx) and complexity, and provides unparalleled investment protection.

The Value for Customers Significantly lower operational costs via resilient remote management and simple in service upgrades that minimize the need for on-site intervention Significantly lower capital costs by integration of multiple service functions on a single platform Higher productivity and lower downtime due to modular design, multi-level redundancy and rapid troubleshooting Flexibility and reduced response times through simplified support for new applications

The NetDevices SG-8 unified services gateway features stateful firewall protection, intrusion detection and prevention, voice over IP (VoIP) support, scalable dynamic and static routing, 10/100/1000 Mbps Ethernet switching, IPSec virtual private networks (VPN), and dedicated security processing. As multiple services are added, scalability and performance are maintained through its unique OnePass^TM approach that performs common packet classification and inspection across multiple services.

NetDevices ModuLive^TM modular operating system maximizes availability and greatly reduces the time required to deploy new or upgrade existing services. With ModuLive full software modularity, as new services are added or existing ones modified within a NetDevices SG-8, there is zero disruption to other services in operation.

With its Lifeline^TM management framework, the NetDevices SG-8 provides always available access to system management. All services can be managed remotely while appearing to be local, thereby eliminating the need for on-site intervention and delivering substantial operational cost savings.

Unified, Full-Featured Portfolio of Services

With the NetDevices SG-8 unified services gateway, customers can eliminate cascaded point devices, integrating all required branch services onto one platform. This results in significantly reduced capital expenditures while enabling simplicity of services management. The NetDevices SG-8 offers full-featured, enterprise-class support for multiple branch office services, including:

• Stateful firewall with DoS attack prevention, NAT, ALG & ACL capabilities
• High performance intrusion detection and prevention
• VoIP support through SIP ALG gateway with QoS
• IPSec VPN with dedicated hardware accelerator offering 1Gbps+ throughput
• Advanced routing with support for required protocols (BGP, OSPF, RIPv1/v2)
• Layer 2 Ethernet switching
• QoS capabilities

High Performance & Scalability for Multiple Services

The NetDevices SG-8 delivers guaranteed performance and scalability for multiple services through its unique OnePass^TM approach for common packet classification and inspection across different services. With OnePass, the SG-8 provides global classification of packets for all services, down to an application's payload level, in a single pass. Once a packet is classified, it is processed only through the appropriate services. With service modules relieved of the need to classify and process every packet, processor efficiency dramatically increases and latency remains the same no matter how many service modules are added to the system.

Resilient, Comprehensive Remote Management

By integrating a separate management plane, dedicated management processors in each line card, N+1 redundant architecture and multiple access mechanisms to reach the system, NetDevices' patent-pending Lifeline^TM management framework allows highly available remote system administration -- independent of the state of the system. For instance, even if the main routing and switching modules fail, the administrator will continue to have access to the gateway for monitoring/analysis, configuration changes and restart. With a common management framework for all network services, Lifeline provides a simplified, uniform view of all components and network services operating in the system. Granular visibility and control is provided for remotely performing all critical management functions such as system monitoring, service provisioning, configuration management and software upgrades. This enables IT staff to manage a complete branch office network and multiple services without the need and cost for on-site administration.

Modular, Carrier-Grade Architecture

NetDevices' ModuLive^TM operating system is a fully modular, always live software base that provides a level of availability and serviceability previously unavailable in enterprise branch office products. The ModuLive^TM OS enhances uptime by enabling in-service upgrades and configuration changes, and by ensuring that a fault in one service causes minimal or no disruption to other services in operation.

The ModuLive OS runs on a modular hardware chassis with separate slots for different line interface cards, Ethernet switch cards, the switching fabric and the Services Engine (which is the packet processing core of the system). The chassis design allows wide flexibility to customize the number and mix of cards used, along with the ability to add optional hardware components such as the Hard Disk Drive (HDD) card when required.

The features enabled by NetDevices' modular software and hardware include:

• Granular in-service software upgrades. New services can be initiated with no disruption to services in operation. The system allows new services to be dynamically inserted in the packet flow path. The ModuLive Service Manager supports comprehensive revision control and tracking of each service module with the ability to roll back to an older version if required.
• Live “plug & playâ€? insertion and removal of cards. ModuLive Chassis Manager supports dynamic detection of new hardware modules and configuration changes, thereby enabling seamless service continuity during hardware upgrades.
• Proactive hardware monitoring and correction. To maximize service resiliency, ModuLive Chassis Manager proactively monitors the health of each line card using detailed environmental information and automatically alerts the management system if corrective action is required.
• Automatic service configuration. ModuLive License Manager reduces costs and delivers a higher level of automation for IT managers by enabling them to pre-select the services & features they need at each branch location. ModuLive License Manager allows highly granular licensing options and
  templates to be pre-defined based on customer, site or service criteria (e.g. Routing/Firewall sites, VPN-only sites, etc.).

Application Scenarios

With its unique multi-service functionality, ModuLive^TM OS and Lifeline^TM management framework, NetDevices solutions enable enterprises & managed service providers (MSPs) to address virtually any set of requirements and deployment scenarios for distributed branch office environments. Example deployment scenarios include:

Unifying and Simplifying Enterprise Branch Services

As enterprise branch networks continue to become more complex and comprehensive, IT managers are seeing the benefits of integrating multiple network services - such as firewall, security, routing, and virtual private networks (VPN) - on a single branch office platform. As multiple services are unified, management and operation of each service must remain granular and non-overlapping.

With its patent-pending ModuLive OS and Lifeline management framework, NetDevices unified services gateways deliver the sophisticated service management capabilities required in such a distributed environment.

In the scenario below, an enterprise has separate, dedicated organizations to manage their WAN access, security and LAN switching functions across all of their branch offices. Each team requires full management control over its service module as if they were managing independent devices, yet the branch network lead administrator has only a single platform to manage. In addition, to ensure full system visibility and avoid policy conflicts, the lead administrator may have read-only access into service modules managed by other administrators.

Key Benefits

• Single platform to manage, therefore reduced operating and support costs
• Maximum service availability through modular architecture
• Existing departmental control of individual services via modular service partitioning

Carrier/Managed Service Provider (MSP) Deployment

With the increasing complexity of enterprise networks, many organizations have started outsourcing management of their remote networks. For service providers, this provides a new revenue stream by offering a range of value-added services, in addition to basic access and transport. For businesses, this leads to reduced capital expenditure and enhanced flexibility.

With the carrier-class availability and full modularity of its ModuLive software base, NetDevices unified services gateways enable Carriers and MSPs to flexibly & profitably address the emerging managed services business opportunity. To optimize service management and reduce operating expenses, NetDevices provides its Lifeline management framework to allow MSPs to cost-effectively meet varied and changing needs across different customers, while effectively complying with their SLA requirements.

The NetDevices gateways support remote provisioning of services on demand thereby enabling service providers to rapidly respond to new service requirements from their customers and exploit new revenue opportunities. Using the ModuLive License Manager, highly granular licensing options can be defined based on the customer, site or service, leading to a greater level of control for both service providers and their business customers.

Key Benefits

• On-demand provisioning to enable fast response to new service requirements
• Detailed visibility for effective management of SLAs
• High service availability to enable compliance with SLA requirements
• Total remote management for simplified & lower cost operations

Technical Specifications

Unified Services

• Stateful Firewall
• IPSec VPN
• IDS/IPS
• VoIP support
• Routing
• QoS
• Ethernet Switching

Hardware

• Modular 10 slot chassis
• 2 slots for redundant switch fabric
• 1 slot for dedicated Services Engine
• 7 slots for line cards and second Services Engine
• Optional hard disk drive card

Services Engine (SE)

• 2GHz AMD Opteron
• 512MB to 2GB memory
• 2 x 10/100/1000 Ethernet Interfaces

High Availability

• Built-in architectural redundancy
• Dedicated management plane with N+1 redundancy
• Redundant interfaces (WAN)
• In-service software and hardware upgrades

Network Interfaces

• 2 Port 10 / 100 / 1000 Ethernet built-in on SE
• 8 Port 10/ 100/ 1000 Ethernet switch
• 4 Port T1 / E1

System Management & Logging

• Remote management capabilities: Monitoring, Upgrades, Provisioning, Configuration & Fault Management
• Access Interfaces: Console port, Universal Modem, USB
• User Interfaces: CLI, WebUI (HTTP, HTTPS)
• Management Protocols: SNMP v1/v2
• Syslog forwarding
• Standard & custom MIBs
• Management plane for NetDevices Lifeline^TM framework

Administration

• Local & external administrator database
• ModuLive Service Manager (software upgrades & configuration management)
• ModuLive Chassis Manager (hardware configuration management & monitoring)
• ModuLive License Manager (licensing options)

Service Functions

• Firewall: Network attack detection, DoS & DDoS protection, NAT, ALG & ACL capabilities, Common Classifier
• VPN: IPSec NAT traversal with DES / 3DES / AES
• IDS/IPS: intrusion detection & prevention with regular signature updates
• VoIP: VoIP transport, SIP ALG with QoS Static & dynamic routing
• Routing Protocols: RIP v1, RIP v2, OSPF, BGP
• QoS: 16 queues with priority, WRED
• Switching: VLANs, PVSTP, bridging
• DHCP: relay
• DNS: DNS Proxy

Power

• AC: 100-240 V, 350 Watts per supply, 6 AMP

Physical Specifications

• Dimensions: 5.25" H x 17.5" W x 17" D
• Weight: 50 LBS fully configured

Rack: 19" standard rack mountable

Environmental Specifications

• Operating Temperature: -5 to 55C
• Non-Operating Temperature: -25 to 70C
• Operating Humidity: 10 - 90% (non-condensing)
• Power Consumption: 300W
• Operational Altitude: 10,000 ft
• Non-Operational Altitude: 15,000 ft

Agency Certifications

• UL, CUL, CSA, CB, EMC Certification, FCC Class B