Large-scale Terminal
Protection
Terminal Security Project for FAW-VW
Background
FAW-Volkswagen Automotive Company (FAWVW), founded on February 6, 1991, is a Chinese
joint venture between First Automobile Works (FAW)
and Volkswagen Group. FAW-VW established
China's first modern passenger vehicle production
base. The enterprise has almost 20,000 employees
working in three major production bases in
Changchun, Chengdu, and Foshan, and 500,000
employees working along the vehicle production
chain in 1,000 related enterprises. In 2011, FAWVW's sales volume amount exceeded CNY200
billion.
Key Challenges
FAW-VW's rapid development required a high
number of communication terminals. They also faced
challenges in security management, IT Operation
and Maintenance (O&M) costs, and employees work
efficiency.
Due to service and organizational expansion, this
large, multi-regional enterprise had the following
terminal security protection requirement:
• Efficient management and maintenance
20
Challenges in large-scale network management
included users with varying terminal usage skills,
limited network management personnel, mass
terminals asset management, and mass IT events
such as terminal patches installation.
• Reliable access control and user rights
management
The original terminal management system had no
access control measures. All terminal connected
to the network had full access right to all network
resources. Repeated unauthorized access to the
service system inflicted significant damage and
enabled key information leaks; therefore, FAW-VW
urgently needed to address this issue.
• Comprehensive network protection
FAW-VW had massive network resources, which
required a comprehensive network management
system for network access control and user
rights management to improve network security
management efficiency.
Solution
Huawei deployed the Secospace Terminal Security
Management (TSM) system to divide the intranet
One Net: Connect Everyone,
Connect as One
Huawei deployed the
Secospace Terminal
Security Management
(TSM) system to ensure
service continuity
network security. >>
into several logical parts, enabling centralized system management and
domain-based security protection. Key devices deployed in redundancy
mode ensured service continuity. The TSM performed access control
on the network, terminals, and network boundaries. Security protection
measures, such as user authentication, security check, access control,
operation monitoring, emergency response, and log audition, ensure
network security.
• Centralized management, domain-based protection, and
redundant network design
Huawei provided the Secospace TSM system to centrally manage FAWVW's terminals, enabling unified security policy customization.
The TSM control server was deployed in each branch in redundancy
mode to perform user authentications and security checks. The TSM
management server was deployed at headquarters in redundancy mode to
manage control servers in all branches.
All network resources were classified into isolated, server, and office
regions, based on service and security levels. Users access network
resources are based on their assigned rights, which prevents unauthorized
access.
• Linked access control and refined user rights management
Huawei installed client agents on all terminals accessing the network,
and the TSM server connected terminals to the Security Access Control
Gateway (SACG). The client agent authenticates users and confirms user
network access rights through information interaction with the SACG.
Refined user rights management policies ensured that users have only the
access rights to resources required in their service of operation.
• Comprehensive security protection
TSM provided security protection measures in network boundaries,
network devices, and terminals for comprehensive network security
protection.
The TSM system client agent was installed on all access terminals. The
system automatically collects and refreshes terminal information to
manage terminal lifecycle, improving terminal management efficiency. A
unified, stable, secure, and automatic patch upgrade mechanism performs
security checks for all terminals to enable off-line policy control and
management, prevented terminals from bypassing security authentication
and improving employee efficiency.
This terminal management solution has been adopted by Huawei, as a
large enterprise like FAW-VW, for years. This mirrors our confidence in
providing long-term solution services for FAW-VW.
Customer Benefits
This green terminal system facilitates
FAW-VW's terminal O&M. The unified,
layered, and comprehensive intranet
security management system enables
predictive and active security protection.
Huawei uses various industry
terminal security check policies for a
comprehensive security enhancement
and protection solution to assess
terminal security status, securing and
controlling all terminals. This facilitates
FAW-VW security management policy
implementation and regulation and code
compliance.
The solution has, on one hand, cut
asset management costs and IT O&M,
which enables network and terminal
management performance in three major
production bases with dozens of network
management personnel; on the other hand
promoted FAW-VW's future terminal
expansion.
21