Provider-1
Overview
Service providers and large enterprises have to support rapidly growing customer or user bases that need different security policies. At the same time, they have to minimize support staff and hardware.
Provider-1 is a highly scalable multi-domain management solution that addresses the unique requirements of large multi-policy environments. For service providers, it consolidates and centralizes the management of security policies for thousands of customers. For enterprise network operations centers, Provider-1 simplifies a complex security policy by segmenting it into manageable sub-policies for geographic, functional, or other groupings.
Provider-1 Enterprise Edition enables management of up to 3 or 5 separate security domains, allowing for separate management access rights while sharing global objects and policies across the security domains. Provider-1 Enterprise Edition comes with the following blades: Network Policy Management, Endpoint Policy Management, Logging & Status, Monitoring, IPS Event Analysis, Provisioning, Management Portal and User Directory.
Provider-1 aggregates multiple, distinct
security
policies on a single platform.
Key Benefits
- Improves management efficiency
- Minimizes hardware investment
- Enables revenue opportunities
- Ensures customer data privacy and integrity
- Scales to thousands of customers or business units
Features
- Multi-domain, multi-policy management
- Global VPN communities
- Granular, role-based administration
- Management high availability
- Global SmartDefense™ Services updates
- Global reporting and event correlation
Multi-domain, multi-policy management
Provider-1 provides a multi-domain security management solution, with each management domain having multiple security policies, its own database, and logs.
By separating enterprise or Service Provider networks into multiple management domains, Provider-1 enables enterprises to optimize policy size and gain better control over security policy updates as changes made to each management domain can be completed independently. Policy changes and logs for different domains can be audited separately, as needed, to meet customer service level agreements or regulatory requirements.
Multi-Domain GUI presents a comprehensive view
of all networks and policies under management.
Global VPN communities
Sometimes customers need to establish secure VPN connections between different management domains. Examples include large enterprises that have created different management domains to manage corporate networks in different cities or countries, or an MSP that may need to provide secured communication between partners of different customers. With Provider-1, cross-customer VPN communication is handled easily with global VPN communities.
Granular, role-based administration
In the Provider-1 environment, the management model has been designed so that network security managers can centrally manage many distributed systems. This model enables enterprises to designate trusted administrators with different access rights, which can range from the ability to manage the entire Provider-1 system to just the ability to manage a certain aspect of a customer network. In addition, the same administrator can be given different permission profiles for different customer management domains. Therefore, enterprises can allow local department administrators who operate outside of Provider-1 to access and manage their own security policies.
Because Provider-1 supports multiple, simultaneous administrator access, administrators in diverse locations can work autonomously on the same infrastructure. Therefore, enterprises and network operation centers can more efficiently provide 24/7 administrative security monitoring for their networks. Service Providers will benefit by providing value to their customers with timely delivery of changes and modifications, as well as allowing their customers to manage their own management domains.
Provider-1 enables granular control of administrative authority.
Management high availability
Provider-1 delivers fully redundant management architecture for rapid disaster recovery. High availability is supported at multiple levels—from the Customer Management Add-on (CMA) customer level to the Multi-Domain Sever (MDS) global level. An administrator can implement failover gateway management for a customer network by deploying two CMAs in high availability mode. Data synchronization between the two CMAs improves fault tolerance and enables the administrator to seamlessly activate a standby CMA when required. Distributed high availability options are also available for each CMA. The administrator can deploy a Security Management Software Blades server to serve as a high availability peer for the CMAs, but it would actually be located closer to the gateway and allow for full security management and provisioning even when there is no communication between the remote site and the network operations center. Multiple MDSes can also be deployed to provide mutually redundant failover capabilities and configured to automatically synchronize global policy data. For example, an enterprise can centralize the Provider-1 management network at one branch yet have one or more backup MDSes at other locations.
Global SmartDefense™ Services updates
The Event Correlation Software Blade delivers a flexible, scalable platform capable of managing millions of logs per day per correlation unit in large enterprise networks. Through its distributed architecture, the Event Correlation blade can be installed on a single server but has the flexibility to spread its processing load across multiple correlation units.
Global reporting and event correlation
In a Provider-1 environment, Event Correlation and Reporting Software Blades provide real-time and historical security event analysis and reporting. Real-time event correlation and reporting can be performed at the global level or targeted at a specific network segment or customer. Reports can be generated on a per-customer or cross-customer basis. Enterprise and Service Provider administrators can automatically generate reports to be sent to various stakeholders for overall security performance analysis or auditing purposes. Multiple Reporter and Event Correlation Software Blades can be implemented to run in parallel, scaling to meet the needs of large-scale environments.
Specifications
| Feature | Details |
|---|---|
| HA of Global MDS Manager databases | MDS, global policy, and Internal Certificate Authority |
| Synchronized MDS databases | Synchronize at configurable intervals and/or events or manually as needed |
| Global policy templates | Set corporate policy and objects at the global level and assign to CMAs |
| Global IPS profiles | Set IPS protections at a global level and assign to CMAs |
| Optional Log Modules | Dedicated log modules improve performance and provide separation of events |
| HA of CMA databases | Policies, objects, and Internal Certificate Authority |
| Synchronized CMA databases | Automatically at policy install, policy save, or on other scheduled events |
| Cross-CMA object search | Search across multiple CMA databases for objects and rules |
| Multiple administrator roles | Provider-1 superuser, customer superuser, global manager, and customer manager |
| Limited privilege command shell | Provides users with limited CLI level access |
| Secure communication | Check Point SIC using certificates for authentication, standards based SSL for the creation of the secure channel, and 3DES for encryption |
| Authentication methods supported | Internal, RADIUS, TACACS, and RSA SecurID |
| Audit logs of global and CMA administrator activities | Available for third party auditors |
| Component status | Monitor management HA status, CMA/CLM status, policies assigned, connected administrators and GUI clients |
| Multi-platform support | Solaris, Red Hat, VMware, and Check Point SecurePlatform |
| OPSEC API support | CMA level; CPMI, ELA, LEA, and SAM CLM level; ELA and LEA |
| All of the other features of Security Management Software Blades | CMAs provide full Security Management Software Blade functionality |
Support
Threats to networks are constantly evolving and becoming more sophisticated. To maintain continuity and productivity, defenses must advance as quickly to deliver the technology and features that protect the business. Check Point Services protect against emerging threats with critical hot software fixes, service packs, and major software upgrades.
Benefits
- Ensure continuous security with access to critical hot fixes and service packs
- Maximize ROI and investment with access to major upgrades and enhancements
- Increase security with the latest applications, features, and technologies
Things to Do
More to Know
Related Products
Software Blades
Security Management Software Blades