Version 2.0 of Inkra Networks Corp.s system software installed on Inkras Virtual Service Switch might just convince IT managers that VPNs, firewalls, and other network performance and security functions can be effectively provided in a single box.
Until now, eWEEK Labs has recommended that managers of midsize and large enterprise networks use single-purpose appliances or software-based packages to provide network services. This is because multipurpose devices that attempted to combine functions such as intrusion detection and firewalls just didnt work that well.
Our perception changed when we tested the Inkra VSS hardware with the VSS 2.0 software—which includes Center Point Server, Virtual Rack Operating System and Virtual Service Modules—prior to the softwares October release. Version 2.0s new SAI (Security Anomaly Index) neatly combined information the VSS gathered from across the virtual components we configured in the system. The SAI also provided a comprehensive view of the security activity in the test network.
The SAI is a good addition to the VSS software because it enables IT managers to perform one of the hardest security management tasks: establish a base line of normal activity. Over time, IT managers can use the SAI to see when activities increase or decrease, which is useful for discovering a problem—be it in security or performance.
Wed like to see more alerting associated with the SAI. However, this is not a fatal flaw because other components in the VSS—specifically, the firewall and VPN modules—provide alerts and reports on real-time problems. The SAI worked more like a trending report.
Inkra VSS/Version 2.0 software
Inkras VSS appliance gains new configuration and monitoring strength when paired with Version 2.0 of the software that runs the system. The new SAI allows managers to see when network threats detected by the VSS firewalls, intrusion detection systems and VPNs go out of the normal range of network activity. However, with a base price of $27,000 and the need to buy in pairs for safety reasons, the appliance/software combo isnt a casual purchase. More information is at www.inkra.com.
EVALUATION SHORT LIST
Even so, the information it provided, by aggregating data from multiple sources in the appliance, could be helpful in bringing potential problems to the fore without requiring that an operator constantly monitor the report.
One of our biggest concerns when setting up to test the Inkra 1500 appliance (which is required to run the VSS 2.0 software) was that the Inkra 1500 would be a single point of failure. Because a single appliance can fail and cut off all network traffic, we recommend that the Inkra 1500 always be purchased in pairs.
This makes the product an investment that IT managers will need to plan out. The Inkra 1500, minimally configured, costs $27,000. The Inkra 4000 chassis, which we did not test and which is designed for the largest enterprises or ISPs, starts at $86,000. License fees depend on the number and type of virtual appliances in a customers system.
Other all-in-one products, such as Symantec Corp.s Gateway Security Appliance and Internet Security Systems Inc.s Proventia, are coming to the market. Look for eWEEK Labs reviews of these products in the coming months. Based on preliminary conversations with vendors of these products, its clear that IT managers will likely benefit from a reduced number of physical appliances, management interfaces and policy configuration plans as these systems come online.
We are concerned that with Inkra offering many highly configurable and complex products, the companys support staff might inadvertently impede getting the devices up and functional. IT managers should consider the response time and level of expertise they will get from Inkra. In our tests, with top-notch Inkra engineers on hand, its not surprising we had a smooth implementation.
Senior Analyst Cameron Sturdevant is at firstname.lastname@example.org.