Select Page

Twin Mode HA Security for
Redundant Data Centers

Hillstone Twin-Mode Data Center Redundancy Solution

Full Security and Continuity for Intra-Data Center Traffic

To support 24/7 application availability for enterprise operations, a redundant data center design with application failover has become the standard. However, many next-gen firewalls lack the ability to ensure full data center security in these environments. Hillstone’s Next Generation Firewalls address this issue head-on with Firewall Twin-Mode, which links redundant firewall pairs across data centers to maintain full security for all redundant data center traffic flows. With Hillstone’s Firewall Twin-Mode, enterprises can achieve workflow agility and 24/7 business continuity while maintaining full data center security.

About Data Center Redundancy

Uptime is critical for many industries, like financial services, healthcare, service providers and others. Performance and security in tandem are required to protect against loss of application access or data, either of which can damage revenues and reputation. A redundant data center design mitigates the impact of hardware, software and data center failures, allowing systems and the business to continue to operate 24/7.

In a redundant data center architecture, critical business systems run in two or more data centers at the same time, and users are served via multiple data centers which also function as backups for each other. In a failover event, another data center takes over and continues to provide services without interruption. In addition, a redundant configuration effectively doubles the capacity of a given data center through resource allocation.

Challenges of Data Center Redundancy

In order to protect sensitive corporate data, stateful next-gen firewalls are deployed at the data center perimeter and inspect all traffic for threats and anomalies. Unlike routers, load balancers and other data center hardware devices that use Data Center Interconnection (DCI) devices, however, firewalls need to analyze the state of sessions in order to accurately apply security policies.

When multiple redundant data centers are serving applications and data for users, a session might traverse a different firewall than the one on which it originated. The second firewall would be unaware of the session established on the first firewall and drop the session as suspicious. This type of asymmetric traffic flow can occur in multiple scenarios within redundant data centers.

Firewall Twin-Mode Addresses Data Center Redundancy

Hillstone’s Firewall Twin-Mode addresses the issue of asymmetric data flows by synchronizing pairs of redundant data center firewalls through dedicated data control links. Also known as overlay transport virtualization (OTV), twin-mode creates a single logical firewall comprised of all firewalls in the redundant architecture.

Through twin-mode, session configuration and state information is synchronized across all linked firewalls. Data flows are routed appropriately, session state is maintained, and the requested information is seamlessly delivered to the user.

Secure Business Continuity

The importance of next-gen firewalls in redundant data centers cannot be overstated; they are critical to protecting against both perimeter attacks as well as lateral movement of threats between distributed data centers. Through Hillstone’s Firewall Twin-Mode, enterprises gain:

Synchronization

Automatic synchronization of firewall configuration and session information across multiple data centers, which allows stateful firewall failover to ensure business continuity

Data Flow Security

Secure asymmetric data flows across data centers to protect sensitive data and defend against intra-data center transfer of malware and other threats

360° Visibility

Full visibility into all intra-data center traffic through Hillstone’s security management platform interface, as opposed to traditional DCI traffic which is often invisible to admins

Reliable Continuity

Full security and 24/7 business continuity across a wide variety of data center high-availability architectures

Recent Blog Articles

iSource 2.0R12: Unlocking New Capabilities for IT Management

Leveling Up Your Security Game: What’s New in Recent BDS Releases

HSM 5.6.0: Taking Centralized Management to the Next Level

Contact Hillstone Networks regarding Twin Mode HA for Redundant Data Centers.

Learn more about Hillstone’s twin mode solutions by contacting a local authorized Hillstone Networks reseller. 

Contact Us

For the second year in a row, Hillstone Networks has been recognized in Gartner Peer Insights Customers’ Choice for Network Firewalls.

The Customers’ Choice is a rating of vendors in a given market — for Hillstone, it’s Network Firewalls — that take into account both the number of reviews and the overall user rating. Based on feedback and ratings from our end users who have purchased, implemented and are happily using our products and services, Hillstone’s overall rating came to 4.8/5.