Of the initial crop of security gateway vendors, four have now been snapped up: Sarvega by Intel, NetScaler by Citrix, DataPower by IBM, and Reactivity by Cisco Systems. With the exception of Intel, which uses the Sarvega technology to help other vendors build XML software or appliances around standard CPUs rather than custom ASICs, all are still selling gateways. But they're taking the products in different directions.
Citrix's NetScaler appliances combine an XML firewall with application front end, or AFE, functionality, something Cisco plans to do by integrating Reactivity into its Application Control Engine product line. Because AFEs also sit at the network edge and accelerate SSL, this combination makes a lot of sense, both for customers and for AFE vendors wanting to enter new markets. F5 has already announced that it will add an XML firewall, developed in-house, and competitors are likely to follow suit.
The other independent security gateway vendors--Layer 7, Vordel, and Xtradyne--are moving in the opposite direction, toward software and virtualization. Vordel and Xtradyne have always distributed their gateways as software, intended to be installed on dedicated blade servers. They're embracing virtual appliances, with Layer 7 and Vordel already selling versions of their software that run under VMware.
VIRTUALIZATION IN ITS PLACE
The performance hit of virtualization means that a virtual appliance can't yet match a dedicated server, so Vordel currently aims its virtual version more at testing and integration than production. Layer 7 started as a vendor of custom appliances with dedicated XML and SSL silicon, so it sees virtualization as an entry point to smaller customers that can't yet justify specialized hardware. But while "software-only" may be a budget-minded mantra for now, it's likely that virtual appliances will soon be used in businesses of all sizes.
Virtual machine performance is increasing rapidly, and the flexibility that virtualization brings is particularly useful in SOA. As new services are rolled out and reused, the SOA infrastructure needs to adapt, and virtualization lets hardware quickly be reassigned between roles. But sharing hardware resources requires that other servers be virtualized, and that can introduce security issues. Although few VMware security vulnerabilities have been reported, the complexity of managing multiple VMs may make it more likely that traffic will accidentally bypass a firewall (see our feature on virtualization security in the Aug. 20 issue of Strategic Security).
Because they include so much overlapping functionality, security gateways are merging with Web services management software. DataPower and Reactivity had both entered the management market before they were acquired, and at least one other firewall vendor is planning to do the same. Management vendors have not yet fought back by adding full XML firewalls, mostly because their software is intended to be run throughout a SOA rather than at the edge.
Bob Friday, Chief AI Officer for Juniper Networks, explains how the advanced technology is transforming operations.
Contact center leaders from 8x8, Awaken Intelligence, and 360insight discuss the importance of agent experience.
AI may force enterprises to rewire parts of their data centers so they are fully optimized to run such workloads. The question is do you use Ethernet or InfiniBand?
