IBM adds fuel to its firewall services

Somers, N.Y.

IBM Global Services is boosting its managed firewall service by adding support for the Internet Engineering Task Force's IP Security (IPSec) tunneling protocol, new utilization reporting and server load balancing.

The service, now called the Managed Data Network Services Firewall, should have greater customer appeal, one analyst said. The previous service was called IBM Global Network Firewall Option.

With its previous service, IBM was not offering all of the bells and whistles, such as reporting and IPSec, that users look for in a security service, said Frank Dzubeck, president of Communications Network Architects, Inc., a Washington, D.C.-based consulting firm. The IPSec-based tunneling protocol will let users securely access the Internet over their frame relay or dedicated IP connections by using encryption and authentication.

IPSec is a Layer 3 protocol that supports X.509 digital certificates, which encrypt and authenticate each packet that passes through a firewall.

This is the first time IBM is supporting IPSec, a protocol that is believed to be one of the more secure ways to perform IP tunneling, according to industry analysts.

Big brother tool

IBM is also offering utilization reports that monitor where employees go on the 'Net and how long they are online.

In addition, Interactive Network Dispatcher server load-balancing software is part of the new service. The load-balancing software moves users away from a firewall server that is nearing overload and directs them toward another that is less taxed, said Andy Slater, global services manager at IBM.

The load-balancing software is especially appropriate for IBM's service because the company puts all of its firewalls in universal server farms, Slater said. This centralized approach should make it easier to switch between servers.

More than 1,000 servers are stored, managed and monitored at IBM's universal server farms, he said. There are server farms in Illinois, England and Germany. IBM is adding another server farm in the Asia-Pacific region in April, Slater said.

In contrast, many of IBM's competitors, such as Sprint Corp., GTE Internetworking and ANS Communications, offer managed firewall services in which the firewalls are actually installed at each users location.

IBM's approach is similar only to that of Pilot Network Services, Inc., which has been offering its managed firewall service for the past two years. Like IBM, Pilot has off-site server farms.

The services also are similar in the fact that Pilot and IBM are using their own firewall technologies. But there is also a key difference between the approaches of the two companies.

Pilot offers its customers security status reports that detail break-in attempts and how Pilot handled those situations. IBM does not have any plans to offer such a feature, according to Slater.

IBM's service is slated for availability at the end of the month. Pricing starts at $500 per month for 2G bytes of traffic for up to 25 users. Long-term contracts for a high volume of users can lower monthly fees to the equivalent of $5 per user, Slater said.