Support Center > Search Results > SecureKnowledge Details
CloudGuard Network Security - Azure Stack HCI Overview and Prerequisites Technical Level
Solution

Notes: 

  • Before you read this article, refer to Azure Stack HCI documentation
  • Azure Stack HCI runs Hyper-V at its core, and the requirements, capabilities, and limitations are essentially identical in regards to Check Point Network Security deployments.

Overview

Azure Stack HCI is a hyper-converged infrastructure (HCI) cluster solution that hosts virtualized Windows and Linux workloads and storage in a hybrid environment that combines on-premises infrastructure with Azure cloud services.

Azure Stack HCI, version 21H2 is now available for download. You can purchase integrated systems from a Microsoft hardware partner with the Azure Stack HCI operating system pre-installed or buy validated nodes and install the operating system yourself. See the Azure Stack HCI Catalog for hardware options. Use the Azure Stack HCI sizing tool to estimate the hardware requirements for your Azure Stack HCI solution. This sizing tool is currently in public preview and requires your personal Microsoft account (MSA) credentials (not a corporate account) to sign in.

Azure Stack HCI is intended as a virtualization host, so most apps and server roles must run inside of virtual machines (VMs). Exceptions include Hyper-V, Network Controller, and other components required for Software Defined Networking (SDN) or for the management and health of hosted VMs.

Azure Stack HCI is delivered as an Azure service and billed to an Azure subscription. Azure hybrid services enhance the cluster with capabilities such as cloud-based monitoring, Site Recovery, and VM backups, as well as a central view of all of your Azure Stack HCI deployments in the Azure portal. You can manage the cluster with your existing tools, including Windows Admin Center and PowerShell.

Prerequisites

  • Azure Stack HCI environment...see the link at the top of the SK for the official Microsoft documentation.
    • A cluster of two or more HCI servers from the Azure Stack HCI Catalog, purchased from your preferred Microsoft hardware partner.
    • An Azure subscription.
    • Operating system licenses for your workload VMs – for example, Windows Server. See Activate Windows Server VMs.
    • An internet connection for each server in the cluster that can connect via HTTPS outbound traffic to well-known Azure endpoints at least every 30 days. See Azure connectivity requirements for more information.
    • For clusters stretched across sites, you'll need at least one 1 Gb connection between sites (a 25 Gb RDMA connection is preferred), with an average latency of 5 ms round trip if you want to do synchronous replication where writes occur simultaneously in both sites.
    • If you plan to use SDN, you need a virtual hard disk (VHD) for the Azure Stack HCI operating system to create Network Controller VMs (see Plan to deploy Network Controller).
    • Make sure your hardware meets the System requirements and that your network meets the physical network and host network requirements for Azure Stack HCI.
    • For Azure Kubernetes Service on Azure Stack HCI requirements, see AKS requirements on Azure Stack HCI.
    • Azure Stack HCI is priced on a per-core basis on your on-premises servers. For current pricing, see Azure Stack HCI pricing.
  • Check Point Security Management Server or Smart-1 Cloud
  • Check Point SmartConsole
  • Supported Versions:  R80.40 | R81 | R81.10 (recommended version)
  • Internet connectivity required
  • Supported Deployments:
    • ClusterXL High Availability
      • BEST PRACTICE:  Deploy cluster members on separate HCI nodes
    • Single Security Gateway
    • Security Management Server
  • Licensing:  BYOL only
    • Supported SKUs:
      • CPSG-VSEC-VEN-BUN-NGTP
      • CPSG-VSEC-VEN-BUN-NGTX
  • Generation 1 virtual machines supported only
  • Synthetic network interfaces are recommended over Emulated
  • SCSI disks not supported on the disk where GAIA OS is installed
  • CloudGuard Controller not supported
  • Always apply the latest GA Jumbo Hotfix for the version installed

Performance

Test Coverage

2 vCPUs
4 vCPUs 8 vCPUs
Firewall only 7.1 Gbps 13.1 Gbps >16 Gbps
Firewall + IPS 4.4 Gbps 7.6 Gbps 15.3 Gbps
NGFW
(Firewall + IPS + Application Control)
3.4 Gbps 6.1 Gbps 11.1 Gbps
NGTP
(NGFW + URL Filtering + Anti-Virus + Anti-Bot)
1.25 Gbps 2.2 Gbps 4.2 Gbps
- Concurrent connections dependent on RAM allocated: 240K connections per 1 GB of RAM
- Test environment utilized CloudGuard Network Security R80.40
- It is recommended to run additional testing within your environment to ensure your performance requirements are met. Your performance may vary depending on underlying hardware performance.

Related Solution: sk106855 - Check Point Gaia OS support for Hyper-V

Give us Feedback
Please rate this document
[1=Worst,5=Best]
Comment