1 Overview
1.1 background and demand
The current headquarters and branch network independent application system, mainly concentrated in the headquarters, visit company branch is not convenient and security of the ERP and MES mail system, and remote access, there are certain requirements for speed, so we need to provide a set of mature network solutions to address this situation at the same time, to meet the needs of later expansion and effectiveness.
2 solutions
2.1 design principle and acceleration principle
2.1.1 design principles
1, rapidity
The speed of application will greatly affect the efficiency of the application system, especially in some special environment, large range, inter regional network application system access. As a result, speed up devices require access to access in harsh environments.
2, easy scalability
To be able to solve the demand of the point cover surface, it can not only meet the security access of the latter branch network, but also solve the security access access of mobile office personnel and offices.
3, security
The application data transmitted by the company is private information and is not to be known to the unknown. Therefore, the acceleration device follows the security of data transmission.
2.1.2 solutions
1, equipment deployment:
The headquarters and subordinate branches deploy WOC devices, and support various modes of deployment (network management, single arm, bridge), and can adapt to various network environments, and deploy centralized management platform at headquarters to reduce maintenance workload.
2, VPN networking:
The headquarters and branch through the Internet to accelerate the establishment of VPN channel, data transmission equipment of channel transmission is encrypted, implementation of branch security access on the headquarters of ERP, MES mail and other applications, to avoid data streaking on the Internet by criminals to steal and theft.
3, the whole network acceleration:
The whole network device is enabled, application acceleration, data reduction, network transmission optimization and other optimization functions are accelerated to ensure the access effect. Aiming at the problem of packet loss delay caused by network operators, inter regional and network quality, the HTP high-speed transport protocol is adopted to optimize. In view of redundant data overload, slow response speed and increased bandwidth throughput pressure, the technology of stream buffer and stream compression is used to accelerate the speed.
2.1.3 implementation effect topology
1 program advantages
1.1 speed up equipment advantages
1.1.1 professional VPN equipment, high safety guarantee
IPSec VPN is currently recognized as the most secure virtual private network technology, but also the most widely used inter VPN networking technology, providing as much as the independent line of security. In 2007, led by the national password administration, formulated the "IPSec VPN technical specifications", the specification as a national IPSec VPN equipment security, network security, technical specifications and a series of mandatory binding standards. Science and technology as the core designated manufacturers involved in the formulation of the standard, WOC products fully support the national standard. At the same time, speed up the equipment WOC products fully meet the international standard IPSec VPN, capable of docking with the Cisco and three party standard IPSec VPN, to meet the demand after network expansion.
According to IDC survey report, VPN to 30.5% of the market share firmly occupy the first place, the total amount of second, third of the total is also higher than as much as 6 percentage points.
Professional products provide security, technology, brand multi guarantee.
1.1.2 business system quick access, improve efficiency
The WOC device adopted in this project has the function of accelerating the wan. After the completion of the basic VPN channel construction, the quality of the channel is guaranteed and optimized. Compared with the direct access of the Internet and the construction of ordinary VPN, the application system is greatly accelerated. The original with direct access to the Internet or is the deployment of ordinary VPN, the transmission of a design document to dozens of minutes, open the order system page need to wait for a few seconds, and a single order entry will need to wait ten minutes, after the completion of the acceleration of VPN deployment, will greatly improve the various business applications access, network file transfer speed effect from, and thus enhance the efficiency of office staff.
1.1.3 traffic shaping, reasonable allocation of bandwidth resources and service bandwidth guarantee
As a maintenance channel for internal internet access, external application system and branch access application, the export line determines the application effect and user experience for the allocation of bandwidth resources for various applications. Set the traffic management function of WOC equipment, can carry out the flow visualization, bandwidth allocation and traffic shaping on the export bandwidth, through real-time and historical traffic visualization report generation, take traffic control measures, to ensure the business application of Internet security, bandwidth allocation of various websites, released through the Internet business system, bandwidth guarantee VPN access channel branch application, achieve bandwidth management orderly, resource allocation optimization.
1.1.4 whole network equipment centralized management, network availability maximum guarantee
After the equipment centralized management platform of the whole network of centralized control, real-time understanding of connection to the health status of all the equipment running status and VPN, once the equipment causes disruptions of the VPN tunnel, can immediately provide alarm to notify the administrator for emergency treatment, to recover the fastest VPN network in order to ensure the normal business. At the same time, from the long-term direction to consider, in the work of network transformation, the upgrading of equipment, configuration, issued a unified upgrade of the whole network equipment through the centralized management platform can, no need to spend a lot of manpower Taiwan and Taiwan equipment maintenance, to avoid the allocation are not unified in VPN network construction the risk, but also greatly reduces the headquarters and branch of VPN network administrator's workload management.