Overview:
Check Point Maestro introduces to the industry a new way to utilize current hardware investment and maximize appliance capacity in an easy-to manage Hyperscale network security solution to bring our networks and data center to the world of hybrid clouds.
With Maestro, organizations can simplify their data center workflow orchestration and scale up their existing Check Point security gateways on demand - the same way as they can spin up new servers and compute resources in public clouds.
Check Point Maestro brings scale, agility and elasticity of the cloud on premise with efficient N+1 clustering based on Check Point HyperSync technology, maximizing the capabilities of your existing security gateways. Create your own virtualized private-cloud premise by stacking multiple Check Point security gateways together. Group them by security feature set, policy or the assets they protect and further virtualize them with virtual systems technology. With the Maestro Hyperscale Orchestrator, businesses of all sizes can have cloudlevel security on premise. Add compute to meet your needs using Maestro Web UI or RESTful APIs - all while minimizing the risk of downtime and maximizing your cost efficiency.
Security at Hyperscale
On demand expansion available to gateways of all sizes
Operational Supremacy
Opening up new simple ways to architect and manage cyber security
Cloud-Level Resiliency
Delivering the highest standard of security orchestration and resiliency with Telco-Grade technology
Scalability Has Never Been So Easy
Scale, as the business grows beyond any product in the industry with the Maestro Hyperscale Orchestrator
Maestro Scalable Threat Prevention Throughput
TRIPLE the Performance by Load Sharing with True LINEAR SCALE
Features:
Linear Scalability for Any Appliance
On demand expansion applicable to gateways of all sizes. Start large, become gaint.
Hyperscale Security System
With Maestro, you can start with two gateways and then can grow to up to 52 gateways. For example, when you start with 35.2 Gbps using two 16600HS gateways you can finish with an 850 Gbps security solution that supports over 500 million concurrent connections. Simply by using Check Point Maestro.
Hyperscale Orchestrator Connections
When a Security Group is created, an IP address is created for a Single Management Object connection to the security management server. Easily create and assign IP addresses to the internal and external network interfaces. These uplinks are the visible components of the Maestro security solution.
Fully Operational within Minutes
When we add a gateway to the system, it gets all the configurations, the policy, even the software version, updated and aligned with the existing deployment, ready to go within 6 minutes
Maestro Traffic Distribution
HyperSync tracks the Active/Standby/Backup state of group members. Sync traffic is limited to only the Active and Standby members handling the connection.
Cost-Efficient N+1 Deployments
Now businesses of all sizes can enjoy cloud-level resiliency and telco-grade technology using the efficient Maestro N+1 clustering design.
Management:
Security Groups
With Maestro, you can dynamically allocate or deallocate compute resources within and between Security Groups to meet your needs. Security Groups are logical groups of appliances providing active/active cluster functionally segregated from other Security Groups. Each Security Group has dedicated internal and external interfaces and may have a different configuration set and policy, e.g. Next Generation Firewall protecting a data center or Next Generation Threat Prevention providing perimeter protection.
Single Management Object (SMO)
Externally a Security Group is seen as one security gateway or VSX gateway object in the Check Point security management GUI client, SmartConsole. A single IP address per Security Group for management communications and policy install simplifies Security Group management. All configurations, e.g. interfaces or IP addresses and routes are mirrored on gateways in the Security Group. Prior to becoming an online member and actively handling traffic each new member of the Security Group synchronizes its image, software configuration and security policy with the SMO of the Security Group.
Security Software
Maestro members run R80 SP, the latest version of the field-tested and proven software that was first introduced in 2012 on our Check Point chassis security systems and now integrated into our R80 main train release. The security feature set includes Next Generation Threat Prevention (NGTP) to protect you from known threats and SandBlast Zero-day Threat Protection to protect you from the unknown and zero-day threats. All Check Point Quantum security appliances in the Maestro solution include zero-day threat prevention for one year.
With R80 SP, you can monitor and manage the Maestro security fabric with a web browser connection to the management interface of the Maestro Orchestrator. Easily see the state of the gateways and the overall performance of your Security Group members. Do advanced configuration such as setting up network bonds, image management and system optimization.
Maestro web browser User Interface (UI)
Specifications:
Maestro Hyperscale Security Orchestrator 140 and 175 Simple Connection Example
The Hyperscale Orchestrator 140 is a mid-range model with 48x 10GbE and 8x 100 GbE ports with a total fabric capacity of 1.28 Tbps. The Hyperscale Orchestrator 175 is a high-end model with 32x 100 GbE ports and a total fabric capacity of 3.2 Tbps.
For redundancy, deploy two Orchestrators of the same model together. Security Group members connect to the Orchestrator via Direct Attached Copper (DAC) cables, either 10, 40 or 100 GbE depending upon the gateway and Orchestrator models deployed. The Orchestrator's 300-nanosecond port-to-port latency deliver predictable wire speed performance with no packet loss for any packet size.
Maestro Hyperscale Orchestrator |
MHO 140 |
MHO 175 |
Fabric Capacity |
1.28 Tbps |
3.2 Tbps |
Latency |
300 nsec port to port |
400 nsec port to port |
Ports |
48x 10GbE and 8x 100 GbE |
32x 100GbE or 128x 10GbE |
Enclosure |
1RU |
1RU |
Standard Dimensions (W x D x H) |
17.24’ ’x 17’ x 1.72’’, 438 x 436 x 43.8mm |
16.84’ ’x 27’ x 1.72’’, 427.83 x 686 x 43.8mm |
Weight |
18.8lb (8.52kg) |
24.5lb (11.1kg) |
Power Input |
100-127 VAC, 200-240VAC, 50-60Hz |
100-127 VAC, 200-240VAC, 50-60Hz |
Single Power Supply Rating |
165W |
150W |
Dual Power Supplies |
Included |
Included |
Airflow |
Front to Back |
Front to Back |
Safety/Emissions/Environment |
UL60950-1, CB IEC60950-1 , CE LVD EN60950-1 / FCC, IC, CE, VCCI, RCM/C-Tick / RoHS, WEEE, REACH , *ISO14001 |
* Factory certificate