• United States
by Peter Ruber

Boom boxes

Nov 25, 20026 mins

Vendors are making noise with appliances that aggregate multiple functions and offer virtualization of network services in the data center.

A number of companies are attacking the problem of cluttered data centers with hardware-based megaboxes that aggregate multiple functions into a single high-performance unit.

Your data center topology is starting to scare you. You’ve got firewalls connected to VPN termination devices connected to load balancers connected to intrusion-detection systems, Secure Sockets Layer (SSL) offloaders, distributed denial-of-service appliances, caches – all sitting in front of your server farm and back-end data storage.

The downside of having so many appliances and servers chained together is obvious. It’s hard to manage them, hard to troubleshoot them, hard to upgrade. Then there’s the physical clutter of all those racks and appliances and cabling in your data center.

But a number of companies are attacking the problem with hardware-based megaboxes that aggregate multiple functions into a single high-performance unit.

Other vendors are taking the additional step of providing configuration and management features that let companies and service providers “virtualize” the network functions inside the data center.

For example, Inkra Networks is selling a data center switch that combines firewall, load balancing, SSL acceleration, Web acceleration and VPN in one ASIC-based appliance. Inkra co-founder Dave Roberts says Inkra has developed all of the modules from the ground up.

Taking a different approach, Crossbeam offers an appliance that comes preloaded with best-of-breed security products, such as firewall, VPN and intrusion detection, from leading vendors.

But Inkra goes beyond simply aggregating point products. It also is touting its ability to create virtual racks within a single, physical Virtual Service Switch. Each virtual rack can be configured, deployed, scaled, upgraded and partitioned on the fly.

Similarly, Nauticus Networks is developing a data center switch that does Web application switching, SSL-based authentication and encryption, plus load balancing. The Nauticus Application Switch also offers virtualization, so a single switch can be sliced into multiple virtual switches.

The benefit for companies and service providers is the ability to simplify data center management on the back end and to better serve customers and end users on the front end. For example, service provider Savvis Networks is installing an Inkra 4000 Virtual Service Switch. “We’ll be getting rid of hundreds of rack-mounted devices and eliminate miles of cables when we move our customers over to the switch,” says CEO Rob McCormick.

It will “make a huge difference in our operational expenses and the time to repair,” he says.

For one of Savvis’ customers,, the move to a data center switch is expected to mean quicker turnaround time when Telezoo needs a load balancer, firewall or other piece of IP hardware.

“In the past, it used to take Savvis up to 14 days to purchase, install and configure a new piece of equipment for me,” says Rojan Mohan, vice president of Telezoo’s product development. “Very soon we’ll be able to phone in the order for another firewall or load balancer or a configuration change, and have those services provisioned in a matter of minutes.”

The benefits of network virtualization are not lost on network executives. But of the three areas within the data center that can become virtual – servers, storage and network resources – the network might be the toughest nut to crack.

“Our IT is extremely complex,” says Cesar Vallejos, vice president of network product engineering for JP Morgan Chase, “and we desperately need to simplify it.” The bank plans to use virtualization wherever it can.

But Vallejos says he needs to do a return-on-investment analysis to determine if moving to something like an Inkra switch will let him provide services at the right price for internal customers.

It’s likely that JP Morgan Chase will virtualize its server farms first. The underlying network might be more difficult to attack.

“You have to consider a data center as the microcosm of telecom. It’s bunches of wires connecting one rack to another. If you can virtualize that, you wind up with a far greater chance of success in maintaining domain control under one roof,” Vallejos says. “But that’s a lot of work.”

Investment banker Morgan Stanley is hoping to deploy a virtual network pilot program in the next few months for the e-commerce operation of 600 Dean Witter retail centers that service more than 5 million investors.

“Our multiple data centers have commodity services – load balancing, SSL authentication, and firewalls to some extent,” says Lance Braunstein, executive director of technical services. “These become a headache if you do them in a disparate way.”

But for caching, performance and business-continuity reasons, some data centers might have to remain in regional areas. However, it might be possible to administer them in a more central way, Braunstein says.

Braunstein adds that the pilot also will look at whether a virtualized approach makes it easier to track client utilization of online services and allocate costs. “If a customer logs on to our Web site, how much of that cost is associated with our firewall, ISP or load balancer for that session. Being able to report more accurately on customer activities becomes more important than being able to allocate those costs in a sort of client-segregated way. [But] we need to prove this out through a proof-of-concept pilot,” he says.

One step at a time

Virtualizing network resources is more complicated than consolidating centrally stored servers or data stores because of the distributed nature of today’s corporate network. There are voice and mobile systems that have to fit seamlessly into the network, VPNs to business partners and e-business customers. While financial services companies appear to be at the forefront of deploying virtualization because their businesses are driven by data, IT shops in other industries tend to be more conservative.

IDC analyst Dan Kuznetzky says that in today’s economic climate most corporate CIOs have to carefully set spending priorities. “CIOs follow rules such as, ‘If it isn’t broke, don’t fix it.’ That means networks evolve over time, and that’s going to continue to be the case. Companies won’t virtualize their computing environments until it makes sense to do so.”

In fact, the first company to enter the data center switch market has already gone under. Nexsi launched an ASIC-based data center switch in September 2001. But the company ran out of money and filed for Chapter 7 bankruptcy earlier this year.