Security Challenges in the Cloud Era Security, a major challenge in the cloud era. Lack of resources/experience Security Cloud management cost Compliance DDoS Management/Control Multi-type cloud service management Complexity of building private clouds Performance Source: 2017 State of the Cloud Report from RightScale Changing Services Conventional security unable to meet the requirements of changing services. Evolving Security Threats There is no mature defense solution for the advanced Threats. Changing Borders Multi-branch, cloudification, and IoT blur security borders. ERP/CRM/OA etc. Virus Worm Spam Spyware Smart worm Phishing APT IoT device and cloud VM vSwitch

Benefits for Enterprises Build Intelligent Self-learning System for Security Everywhere Security applications Policy management Self-service portal Identity management VAS store O&M platform Benefits for Enterprises Deep: Collaborated Protection with 99% Threat Detection Accuracy Wide: Virtualized Security Under Enterprise Security Scenarios Fast: Cloudified Security Services Subscription from within Minutes Open API Benefits for MSPs Security services increase revenues 12 types of VAS with PAYG mode Cloud-based, automatic Big Data analytics Passive defense → Positive defense Automatic policy management reduces OPEX by 80% Security management service Log correlation CIS (Big Data) Traffic analysis File behavior analysis VAS subscription Security service deployment SecoManager Security system O&M Security policy optimization Secure network connections CloudFabric Cloud Elastic Scale-out: 1 VM -> 128 VMs EC-IoT Security Lease Line Internet CloudEPN Security CloudCampus Security IVS Security

CloudFabric Security: Intelligent, Virtualized, and Automated Security Guarantees Cloud DCs Cloud management Complex security configuration & management Cloud management layer Unknown threat intrusion Automated, On-demand security management, proactively defense Automated configuration of security services ; Flexible security policy immigration CIS performs security posture awareness , collaborate to block unknown threats. Internet DC security Egress & border security protection FW/sandbox/AntiDDoS DC egress 3-layer defense , all-round security protection High capacity: Combination of Tbit/s FW, Tbit/s AntiDDoS, and 128-node cloud gateway Full-function: vFW 12-type security protection; Deep isolation: vFWs protect isolation among VMs; Advanced: Sandbox interworking with the firewall to inspect 50+ types of files Internal-Tenant Protection FW/IPS Core vFW Intra-Tenants Protection: among VMs Public Shared tenant Independent tenant

Cloud Campus & Branch Security: Comprehensive Cloudification Improves Security Construction Efficiency Network Architecture Solution Security cloud-based services improving efficiency Open API Mass branches Mass configuration Management of 200,000 branch security devices Management of 100,000 policies on campus SecoManager Authentication service Log collection Security configuration NGFW providing professional security protection 6300+ Internet applications identified Database of 85 M URLs NSS Lab recommended firewall, detecting 99.5% of malware Network intrusion Data theft Internet vpn Lease Line Unauthorized access Privilege escalation Multiple authentication supporting existing authentication system …… Includes AD, portal, AC, Radius, social account, etc. Branch A Branch B Branch N

EC-IoT Security: Security Solution Safeguards IoT Production Network Architecture Solution PKI Big Data security system analyzes IoT risks and prevents IoT incidents. IoT network anomaly Unaware threats Big Data security analysis, security posture awareness, collaborate protection, threat posture display Network-wide collaboration defending against unknown threats IoT platform Big Data Highly integrated IoT security gateways help reduce investment costs. Access of millions of devices Lightweight tunnel encryption algorithms IoT data disclosure IoT protocol-based attacks Device security plug-ins and a certificate management system make deployment more convenient and secure. Access of unauthorized IoT devices Device intrusion Security plug-in open API, device trusted authentication Certificate management system: PKI authentication capabilities Machine Camera Vehicle Electricity meter

First High-End Virtualization Universal SeGW in the Industry AS-IS TO-BE With the development of services, traffic in cloud DCs undergoes rapid changes. This creates a challenge for security O&M. Huawei's Cloud NFV NGFW solution helps build an elastic high-performance security system, simplifying O&M. Manual deployment Complex expansion Elastic scaling Easy LB 1 2 3 Fixed LB 1 Self-configurable 2 3 Adjustment on the core switch, induces O&M risks Device expansion: 30 days Link expansion: 8 days External LBs: Limited performance cannot meet long-term requirements of DCs. "0" adjustment of neighbor devices No interruption on services Automatic scale in/out in minutes with self-diagnosis Simple LBs: routing multiple next hops for MAX 128 VMs 2.56T throughput Internet USG9000V 1 Self-Configurable:Centralized management; distributed forwarding; automatically create a forwarding VM 2 Elastic scaling: Unified performance monitoring, automatic scale in/out 3 Load balancer Routing multi nexthop interface , Load balancing among forwarding VMs Internet Physical FW pool Adjust: IP/ACL/… Internet Isolated vFW cluster LB vFW Control plane MPU VM MPU VM Forwarding plane Core switch OR LPU VM SPU VM SPU VM LPU VM SPU VM SPU VM LPU VM SPU VM SPU VM

100,000+ enterprise customers across Europe, Latin America, Africa, and Asia Pacific in the Internet, finance, education, government, and energy industries Internet Finance Big companies Government Education Energy Media E-commerce Others EQUINIX,KIO，国家电网，Sberbank