Are you looking for my non-technical blog?

This is now my technical-only blog, my non-technical blog is here.

23 April 2008

WAN Optimization - A Cookie With Your Morning Coffee

Today, I went to Second Cup Cafe to get some coffee before going to work, the guy there asked me if I want Cookie with my Coffee. The single Cookie there is for 5 EGP, while a pack of Boreo (Egyptian clone of Oreo) anywhere else is much cheaper than this. The point is, we all like cookies, but no one will ever go to such Cafe to get a Cookie for 5 EGP, so their only way to sell it, is by selling it along with a Cup of Coffee or Cappuccino.

This is exactly the case with WAN Optimizers. Ehmmm, I think I have to describe what a WAN Optimizer or WAN Accelerator is first. During the pre-historic ages of Computing, there were a creature called Main-Frame, and people used to sit on dummy terminals connected to those Main-Frames. So, as you see, the processing power was centralized in one location. Later on, after the Computing Ice Age, the earth was inhibited by PC's and the trend then was having distributed environment, we started to see Client-Server applications then, the the computing power was shared among them. Later on, we began to see Web 2.0 applications, and Virtualization, and the world decided to go back to the consolidated environment, where people sit on dummy terminals - this may be a simple Web Browser on their PC or even Mobile Phone - connected to a Server running VMWare and acting as your Mail-Server, CRM, Office Applications, you name it. During these stages the Data Centres were also moving back and forth from Centralized locations to Distributed Environment, then back to Centralized Location again. And since people are now in the phase of consolidating all the servers into a single location - let's say the Head Quarter - in order to reduce the IT cost and such stuff, the WAN links connected the disparate branches to the HQ are getting occupied with more and more traffic. And people in those branches are expecting the remote servers response to be as quick as if they were sitting on the same LAN. And that's why many companies started to develop WAN Optimizers as a way to solve these problems. A WAN Optimizer mainly compress and/or cache the data sent across the WAN link in order to save bandwidth, they also do some quality of service on such traffic, and try to optimize some protocols that were designed to work in the LAN environment, in order to adapt them to work on WAN links, which are known for their high delay.

Back to our Coffee and Cookie story, WAN Optimizers are just like the Cookies in Second-Cup, we are like them, and we know that we need to deploy them in our network, but as soon as we get into the process of buying them and paying money, we start to think twice and may be three times, especially that such products are really pricey and the CXO's sometimes are not able to see their value to their environment. That's why the key players started to offer them as extra modules or add-on's to other products. And the best product to plug the WAN Optimizer in is your WAN Router, they are already there on the WAN links connecting your branches, so it really makes sense to plug some hardware in the router to do some optimization to your traffic. And that's why Cisco and Juniper - the two key players in both WAN Optimization and Routing - decided to offer them both as an all-in-one box. Riverbed on the other hand is one of the market leaders in WAN Optimization, and they have a very good product, but unfortunately those guys do not have their own routers, so they decided to partner with Secure Computing - they make enterprise gateway security solutions - and have Secure Computing's security products running on top of Riverbed's WAN Optimizers (RiOS).
According to Secure Computing, the partnership will be two-phased. First, the vendors will jointly offer solutions through select channel partners to address both WDS and Web security for companies that want to boost application performance on the WAN and secure their Internet gateways.
Phase two will involve Secure Computing's Secure SnapGear firewall technology, its SmartFilter reputation-based Web filtering and its TrustedSource global reputation based anti-spam technology being offered as a software module that can run on Riverbed's RiOS Services Platform (RSP). Secure Computing said running on RSP ties together the two vendors' solutions into a single hardware platform, the Steelhead appliance. The mash-up lets users deliver virtualized edge services for branch offices.
Source: ChannelWeb, Secure Computing, Riverbed Team For Secure WAN Optimization.
This is a smart move, but how many customers are willing to deploy security solutions across their private WAN links. Come on, it's sad but true that most of the customers nowadays are having perimeter security solution only.

By the way, there is another player in this field that I forgot to mention, BlueCoat, these guys are really brilliant, they used to have Web Caches, but later on the Caches technology started to die, so they tweaked their product and started to market it as a WAN Optimizer sometimes, a Remote Access and SSL-VPN solution some other times, and may be an Application Layer Security or even a UTM too. So believe me, those guys do not need to integrate their WAN Optimizers with any other products, you can simply tell them your needs, and they will present their appliance to you as the ultimate solution that can solve all your problems and the pill that can heal all your pains. I even was surprised when I knew that they are going to acquire Packeteer, do they really need them? Anyway they may make use of the Customer Base and add Packeteer's QoS features on top of their one-stop-box.

Tags: , ,

12 April 2008

Network Element

During our Computer Network course in the university, we used to study the differences between LAN Switches and Routers, and one of the main differences between them was that Switches forward traffic using Layer-2 header (MAC Address) while Routers forward traffic based on Layer-3 header (IP Address). Later on, in my professional life, I realized that there are also Layer-3 switches, and these Switches can do Routing, ACL's, Network Address Translation, and all other Routers functionalities.

According to Wikipedia, "The major difference between the packet switching operation of a router and that of a Layer 3 switch is the physical implementation. In general-purpose routers, packet switching takes place using a microprocessor, whereas a Layer 3 switch performs this using application-specific integrated circuit (ASIC) hardware". And may be that's why Layer-3 switches have higher throughput and process more packets per second than routers. LAN Switches also have higher port density and the cost of an Ethernet port on a Switch is much cheaper than that of a Router. Ok, in fact, the behaviour of the traffic in a LAN environment is different than that in an ISP, and that's why the Router's interface hardware is different than that of a Switch. The Buffers and Queues of Router's interfaces are different than those of a Switch's interfaces, and that's why the Switch's interfaces is cheaper. But I am sure one day the Switch's interfaces will inherit those advanced features in their Router's equivalents, especially with the boom of Metro Ethernet. There Routers nowadays also support WAN Interfaces such as Serial Interfaces, E1's and STM-1's, while switches on the other hand do not support such kind of interfaces. MPLS is another protocol that you cannot find in Switches, however Foundry's NetIron for example supports it.

As you can see, in the following few years, the boundaries between LAN Switches and Routers are going to disappear.

Now, let's see what's is going on in the Network Security field. We used to have Firewalls, IDS's/IPS's, Network-Based Antivirus, Antispam, Anti-X. Each one of those, was a separate product. Now we just deploy a UTM, and it's just a Firewall, IPS, Antivirus, all in a single box. UTM's may be suitable now to SOHO and Medium Enterprises more than ISP's and Large Data Centres due to their performance limitations and so. But believe me the advances in Processors and ASIC's - Intel and Cavium Networks are doing great job here - are capable of getting the UTM's into your Data Centre soon.

But wait a minute, now the Network products are getting combined, and so are the security products. What about combining the Network and Security products together as well? Ok, let's see what the two main players are doing. Cisco is adding security features to their ISR (Integrated Services Router).
"Cisco Integrated Services Routers help maximize the power of your organization’s network with unified network services, integrated security, mobility, and application intelligence", Cisco Systems.
The also decided to open their ISR for Application developers to build their own applications and addons on top of it.
At the Cisco Partner Summit 2008 in Honolulu, the San Jose, Calif.-based networking giant unveiled the Cisco Application eXtension Platform (AXP). The AXP consists of open, Linux-based Cisco ISR hardware modules for application development and hosting to support a tighter integration of the network and applications. According to Inbar Lasser-Raab, Cisco's senior director of access routing and switching, several off-the-shelf and custom applications are already available for the ISR, along with a development and support ecosystem that includes a downloadable software development kit (SDK) and application programming interface (API) for application developers.
Lasser-Raab said opening the ISR to third-party applications, on top of the more than 30 services already available for the platform, creates a link between the network and applications and imbeds those applications directly onto the platform, instead of having them just hosted on the router. Services available for the ISR include VoIP, wireless, WAN access, unified communications and a host of security tools like NAC, IPS, content filtering and VPN.
Andrew R Hickey, ChannelWeb.
Juniper on the other hand introduced their SSG-Series of Firewalls/UTM few years ago, they can have multiple LAN as well as WAN interfaces, and they also can run all those well known dynamic routing protocols. Later on, Juniper wraps Security Services Into JUNOS, their Router's and Switches Operating System.
Juniper Networks (NSDQ:JNPR) took JUNOS one step further, announcing that it is now wrapping the security services typically found in its ScreenOS operating system into JUNOS, meaning ScreenOS firewall, IPsec VPN, NAT, DOS and D-DOS capabilities will run on top of JUNOS software.
Michael Frendo, Juniper's senior vice president of high-end security systems, said integrating security services into the vendor's line of J-Series services routers, with integration with EX switches to follow, solidifies Juniper's vision of "fast, reliable and secure networking".
Andrew R Hickey, ChannelWeb
Juniper have opened their Operating System to Application developers even before Cisco.
Juniper has announced a Partner Solution Development Platform (PSDP) allowing customers and partners to develop specialized applications on its JUNOS operating system.
The company claims the PSDP is the industry's first partner development platform for a carrier-class network operating system, and anticipates its customers and partners will deploy new services unique to their businesses, and improve network operations productivity.
Rodney Gedda , Computerworld.
In brief, I don't think in the coming few years, there will be dedicated, Firewalls, Switches, or Routers. There will be a Network Element instead. An all in one product that will be capable of doing all the Networking, Security and may be IP Telephony tasks.

Tags: , ,