Hifn Targets iSCSI Security

With Storage Networking World happening the same week as the RSA Conference, you had to figure somebody would make an announcement combining the two.

Lo and behold, chip vendor Hifn Inc. (Nasdaq: HIFN) has brought out two processors, the HIPP III 4300 and 4350, targeted at the storage market.

Hifn chose to have a booth and demonstration at SNW in Phoenix while sending a smaller, informal posse to RSA. That's because the new chips really are a storage gig, targeting the use of IPSec in iSCSI storage systems. IPSec which is a mandatory part of the Internet Engineering Task Force (IETF)'s iSCSI specification, and Hifn claims to be the first vendor to deliver chips specifically for this market (see iSCSI Gets Go-Ahead).

"Given the launch of this chip, we thought [SNW] was a better venue," says Bob Doud, product line director for Hifn.

Doud is part of the NetOctave team acquired by Hifn in September (see Hifn Snaps Up NetOctave). For $2.2 million, Hifn picked up 15 engineers and a 3,600-square-foot design center in Framingham, Mass., according to documents filed with the Securities and Exchange Commission (SEC). The rest of NetOctave's assets were sold to CyberGuard Corp. in January 2003.The change of owners has gone swimmingly, Doud reports. "We've kept on all the chip designs that were with NetOctave, and they're forming the core team for the HIPP III."

In fact, according to Doud, it's NetOctave's chip that was at the heart of Hifn's initial HIPP III announcement late last year -- the 8300 and 8350 chips, which are due to begin shipping this quarter. Hifn had already been planning HIPP III, but the NetOctave deal gave them a way to jump-start that development, Doud says.

The HIPP III family are Hifn's first in-line security chips. That is, they're intended to sit right behind the physical-layer (PHY) chip, so that every packet must hit the device, making it imperative that the chip do its job without slowing down traffic flow. That's in contrast to a look-aside model, where the security chip sits off of the main flow of traffic, with only selected packets being sent its way.

So what's the difference between the 4300/4350 and the 8300/8350? For one, the 43x0 chips are outfitted to handle the iSCSI protocol. They are also slimmed down, as the 8300/8350 were too expensive for the storage market and carried more traffic than necessary.

"The number of tunnels that you tend to set up in storage is much smaller than the number you have in VPN [virtual private network] environments," Doud says. The 4300 and 4350 chips support only 8,000 tunnels, "whereas for VPNs, some guys doing wireless need hundreds of thousands of tunnels."The new chips also are able to handle other quirks of storage networking traffic, such as highly asynchronous sessions and a preponderance of large packets (380 bytes on average), Doud says.

Like the 8300 and 8350, the 4300 and 4350 handle all aspects of an IPSec session, including key exchange and encryption. The 4300 comes with a single, full duplex, Gigabit Ethernet interface, for up to 2 Gbit/s of processing if you count both directions. The 4350 uses two Gigabit Ethernet interfaces.

For more information on HIPP III and competing processors, see Light Reading's report: Security Processors.

Craig Matsumoto, Senior Editor, Light Reading