Consolidate your security services infrastructure onto one scalable virtual platform

The CIO-level business angle on the latest tech

For the past few years, most companies have been riding the wave of the server consolidation trend. Everyone is looking to reduce the number of physical servers they have to manage while still enjoying their preferred applications.

One area that is ripe for consolidation is security services. In almost any large organization, there is a proliferation of security devices such as firewalls, intrusion detection/intrusion prevention (IDS/IPS) systems, Web filters, secure Web gateways, and antivirus applications. The situation is only getting worse as we find more security demons to battle and apply more technology solutions to address the problems.

Today, security service infrastructure is primarily built on appliances. An appliance (such as a firewall) has a limited capacity, both from a network computing perspective and an application perspective. So, to scale the service, you add another appliance. Before long, a large organization can end up with racks and racks of firewall appliances.

But it doesn't end there. Additional network infrastructure -- switches, load balancers, patch panels, patch cables and so on. -- is required to connect all those appliances. And that's just for one service! Each additional security service adds to the infrastructure architecture.

To continue reading, register here to become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

For the past few years, most companies have been riding the wave of the server consolidation trend. Everyone is looking to reduce the number of physical servers they have to manage while still enjoying their preferred applications.

One area that is ripe for consolidation is security services. In almost any large organization, there is a proliferation of security devices such as firewalls, intrusion detection/intrusion prevention (IDS/IPS) systems, Web filters, secure Web gateways, and antivirus applications. The situation is only getting worse as we find more security demons to battle and apply more technology solutions to address the problems.

Today, security service infrastructure is primarily built on appliances. An appliance (such as a firewall) has a limited capacity, both from a network computing perspective and an application perspective. So, to scale the service, you add another appliance. Before long, a large organization can end up with racks and racks of firewall appliances.

But it doesn't end there. Additional network infrastructure -- switches, load balancers, patch panels, patch cables and so on. -- is required to connect all those appliances. And that's just for one service! Each additional security service adds to the infrastructure architecture.

Crossbeam Systems has built a bladed security platform to address the need to run multiple security services without building a big infrastructure around those services. Crossbeam's X-Series devices function like a security architecture in a box.

Crossbeam collapses all the physical infrastructure of the security services plus the supporting network components into a single high-performance chassis. The result is a platform built to host best-in-class third-party security applications. Crossbeam doesn't produce the security application software; rather, the company partners with the likes of IBM, CheckPoint, Imperva, Websense, Trend Micro and others who develop world-class security applications. This allows you to choose the security applications that make the most sense for your own organization.

If you're thinking this solution represents a single point of failure, Crossbeam has the answer to that issue. The X-Series chassis is built as a carrier-grade platform; everything is fully redundant. The only thing in a chassis that isn't redundant is the sheet metal wrapped around it. Crossbeam says it is able to provide nearly six-nine's of availability with its platform. In fact, Crossbeam says the high availability of the platform has attracted 11 of the world's top 12 telecom carriers as customers.

Temple University implemented a Crossbeam platform in the summer of 2008. Adam Ferrero, executive director for network services at the university, says the school had reached the maximum capacity of its previous firewall and IDSs. Having to replace both systems at once prompted Ferrero to conduct his research into unified security solutions. But, he really liked his IPS from IBM's Internet Security Systems and wanted to continue using this product. Likewise, he was happy with his CheckPoint firewall software. When Ferrero learned he could keep both software applications by installing the Crossbeam platform, he bought into this solution.

Linda Musthaler is a principal analyst with Essential Solutions Corporation.