Q & A With ConSentry's Jeff Prince

Given the acquisition mania surrounding networking appliance companies these days, it's probably not too bad a time to be at a startup in the field. Though the comapny hasn't formally announced a product yet, the still-stealth-mode ConSentry Networks (formerly Tidal Networks) is prepping a new box targeting both the security and network-access areas of enterprise computing. Advanced IP Pipeline editor Paul Kapustka recently sat down with ConSentry chairman and CTO Jeff Prince (whose track record includes helping "found" Foundry Systems) to ask some questions about networking appliances, security, and the startup atmosphere in Silicon Valley, circa 2005.

Advanced IP Pipeline: It seems like technologies that now make it possible to inspect networks at the packet level are converging with a greater concern for network security. Is that where ConSentry's headed?

Jeff Prince: It's funny, because I spent earlier parts of my career solving every problem in the LAN by throwing bandwidth at it. You can fix QoS by throwing bandwidth at it. But now there's an infrastructure out in the LAN that's just this huge pile of bandwidth, and anyone can get at it. The situation now is that it's unlimited bandwidth with which bad things can propagate.

We've moved beyond just forwarding packets. Now it's about controlling what gets on the network and what has access to what, because with that unlimited bandwidth you can do very large amounts of damage very quickly if you can't control it.

The other thing that happened is that networks are no longer static. Now half the computers [on an enterprise network] get up at the end of the day and walk out the front door, then go plug into untrusted sources, then come back into your building. So things are coming into your building that you can't control. The concept of a 'perimeter' is changing a lot.Advanced IP Pipeline: What does that mean for administrators -- what are the types of tools they might need?

Prince: What you want to be able to do is lock down all the entry points to your network, and control who has access to what. You want to be able to do it user-based, or mobile policy-based, without having to rip and replace everything that's there.

Part of the problem is the natural thing people want to do is take perimeter technology and bring it into the LAN. If you look at the perimeter boxes, they're built on Pentium-class machines. Which is great for a perimeter that runs at T1, T3 speeds. But it's not good when you're trying to move that into a LAN where we're trying to increase bandwidth. It's like taking a sip from a firehose.

(At this point, Faizel Lakhani, ConSentry's vice president of marketing, joined the discussion.)

Lakhani: The wire-closet switch connect to the core layer today is at least a Gig [1 Gbps] so that's a disconnect. At the perimeter, it's 45 [Mbps]. Every wire closet has at least a Gig, and most have 2 or 4 Gigs coming out of them. So now you think of taking a Peribit box and putting that on a Gig uplink, well, you've got a problem. Why is Gig [speed] important? Because latencies in the LAN are critical. Corporate apps, whether they be Oracle, or homegrown, or even Voice over IP, demand latencies in the sub-one millisecond range, [or] closer to the hundreds of microseconds range. That today is not possible with [off-the shelf] silicon.Prince: So the way we've moved things forward, last 10-15 years, is to do [new] things in silicon.

Advanced IP Pipeline: Doesn't designing new silicon add a layer of complexity to a startup?

Prince: Back in the Foundry days, we had to do all our own silicon from scratch -- 13 ASICs in our first product, very silicon-intensive. Things have changed a bit in networking, in that a lot of the basic components needed to do the switching functions are [widely] available today. So we can choose to innovate in the deep packet processing.

Advanced IP Pipeline: What's it like running a startup in Silicon Valley these days?

Prince: It's actually easier. There's a lot of infrastructure available for pretty cheap prices -- for exmple, our building here [in Milpitas] costs 38 cents per square foot to rent. And there are a lot of smart people available, so you can get really good talent.0