Internet Insight: Smart, Safe and Speedy

Intelligent content switches are arriving in time to relieve server farms.

You sign up for voice mail from a telephone company, and a week later, a truck pulls up and out pops a technician to install an answering machine. That makes about as much sense as buying a new house when your closet space gets tight.

Ridiculous? Of course, yet data center operators—both service providers and enterprises—play out similar scenarios every day in their attempts to optimize network throughput and Web server performance.

Its not that theyre clueless; its because up until recently, they havent had a choice. But a new generation of smart network switches is arriving to give IT managers the tools to get better performance from fewer or smaller servers and, in the process, is cutting down on data center floor space. Whats more, the switches enable the managers to provision services on the fly without the need for CPE (customer premise equipment). These are strong selling points in a climate of "wear it out, use it up and make it do," which now rules IT budgeting and procurement.

These switches provide combinations of load balancing, Web switching, firewalls and acceleration of SSL (Secure Sockets Layer) protocol processing—all in one box. Web switching encompasses layers 4 to 7 of network traffic. Altogether, the idea is to handle the traffic of I/O-intensive applications at multigigabit speeds.

Further, the switches enable the creation of multiple instances of the same service, a process called virtualization. So if a service provider wants to provide firewalls to 50 customers, the provider doesnt have to purchase 50 firewalls. It just provisions in the same box another virtual firewall for each customer. And while most functions in these switches are designed to handle consumer-facing Web site applications, the future will bring about much-needed support for business-to-business applications.

The timing seems right for these smart switches. According to Lucinda Borovick, an analyst at International Data Corp., in Framingham, Mass., the market for intelligent content networks, including switches, will grow from $1.2 billion in 2000 to $8 billion in 2005.

Data centers and service providers are eager to give the switches a chance to prove themselves. eDeltacom, a managed service provider and division of ITC DeltaCom Inc., recently began testing intelligent multifunction switches. Before they were available, Young Lee, infrastructure engineering manager, had to keep his staff busy installing and maintaining CPE for eDeltacoms clients.

Lee said this was a costly way of doing business but the only way to ensure the accurate operation and maintenance of the firewalls, VPNs (virtual private networks) and other services eDeltacom provides. Lee also said using CPE was the only way to maintain and monitor the service-level agreements that have become a staple of eDeltacoms dealings with its customers.

"Typically, firewalls, VPNs, Web switches—that was the way we would have to offer those services," said Lee, in Atlanta. "If we only had one or two customers, that wouldnt be bad, but when you have 50 customers with 50 firewalls, theres a lot of time involved doing something simple like a minor code upgrade" because each device needs to be upgraded.

Since October, Lee has been part of the beta test of Nexsi Systems Corp.s Content Services System, an all-in-one smart content network switch, which promises to relieve eDeltacoms CPE burden while enabling the company to quickly sell additional services.

Nexsi, of San Jose, Calif., is one of many companies selling smart network switches. Michael Hoch, an analyst with Aberdeen Group Inc., in Boston, said there are about 30 companies with similar offerings that are either in development or being beta tested or have become generally available only in the last few months.

Douglas Brockett, vice president of marketing and business development for Nexsi, said these switches are paving the dirt road most corporate networks have been traveling on for the last four or five years.

While many companies have moved I/O-intensive applications, such as firewalls, from general servers to dedicated machines, such as those from NetScreen Technologies Inc., Brockett said Nexsi is taking the next step by incorporating firewalls with other services inside a single box.

"Our system can displace up to 500 boxes you might find in a typical data center," Brockett said, referring to the five services the box offers multiplied by the 100 instances of each it can run.

Including the test at eDeltacom, Nexsi is completing seven trials of its product, and Brockett said the company expects to announce its first paying customer this quarter.

Another benefit of buying into the new technology is ending the practice of buying a bigger server when the old one fills up. Today, when many IT departments run out of capacity on one server, they purchase another twice the size or larger and continue this cycle as business increases.

By purchasing a switch such as the Big-IP from F5 Networks Inc., a company can continue buying smaller servers as needed and connect them to the Big-IP switch, which will balance the processing load among them. Also, if one server fails, the Big-IP will automatically transfer its traffic to another server.

Peoples Bank, a longtime F5 customer, recently began implementing some of the Big-IPs newer technology such as SSL acceleration.

SSL acceleration has become more important in the last year, especially for financial institutions, as more people decide to do their banking online. However, the process of encrypting and decrypting data traffic between the customer and the bank, which is what SSL does, puts a heavy load on Web servers that were built simply to serve Web pages.

This was the problem Peoples Bank was running into until Brian Terry, vice president of IT, began deploying F5s load balancing and SSL acceleration components.

"One of the things weve been able to do by utilizing the [SSL] acceleration is scale back on the size of the Web servers weve been using," said Terry, in Bridgeport, Conn. "It was easy to implement—the data goes through the same process it did before—but its much quicker and much more efficient."

Now, the Web servers are performing much faster because theyre doing the work they do best—serving up Web pages. But theyre also saving space in the banks data center.

"We went from hefty boxes for Web servers to small units that are cheaper to buy and cheaper to run," Terry said.

One reason smart content switches are finding a receptive audience now is that the agenda in most data centers has changed dramatically over the past few years, and most of those changes have to do with money. In the past, particularly during the dot-com boom, the message from executives was to build bigger and better, sparing no expense to ensure the company can handle as many customers as technologically possible.

But that was then. This is now. Corporate executives are adrift in a recession, asking how they can keep companies above water. In short, IT budgets are tighter than ever. Thats a good thing for those producing smart multifunction switches, Aberdeens Hoch said, because these switches not only save money over time but also get the most from previous investments.

"Enterprises are interested in simplified management and deployment. They dont want to have huge, sprawling data centers anymore," Hoch said. "They dont want to hire more network managers, and if they have fewer boxes, they can have fewer managers."

People are the greatest expense to an enterprise or a service provider, said Bob Fernander, chief marketing officer for Surgient Networks Inc., in Austin, Texas. Surgients eQ2500 switch is optimized for streaming media and supports HTTP Web serving, caching, middleware and the ability to virtualize storage space for hundreds of customers over storage servers at 1G bps to 2G bps each.

"As [IT managers] rack and stack their gear, it forces them to increase labor," Fernander said. "We can fix their labor pool or reduce it by a huge fraction, depending on whether they want to grow or stay put."

With 30 companies vying in the market for intelligent content networks, Aberdeens Hoch said its obvious most arent going to make it to the finish line. Some are using different strategies to approach the market, such as Surgients focus on streaming media.

Radware Inc. is providing most of the same functions as the other companies but not all in one box. The company is instead producing a single box for each application.

"People say its cheaper to administer [one box], but when you dig into it, having a one-box solution is like eating a meal with a pocket knife," said Michael Rothschild, product marketing manager for Radware, in Mahwah, N.J. "We build specific boxes for specific jobs. You cant just have one box that does everything."

Throop Wilder, vice president of marketing and co-founder of Crossbeam Systems Inc., doesnt agree. Crossbeam, in Concord, Mass., offers one box that supports multiple security functions for the enterprise, such as a firewall, intrusion detection and protection against distributed-denial-of-service attacks. But instead of creating its own security technology, Crossbeam partnered with Check Point Software Technologies Ltd., to use Check Points firewall on Crossbeams platform. Wilder said the company plans to open up the rest of the platform to similar arrangements.

This answers a need recognized by some analysts. Aberdeens Hoch said one of the common concerns enterprise managers raise with him is whether the services that are run concurrently in one box are as good as the services that run individually. "So if someone sells a load balancer as part of one of these units, it better be as good as the single-function load balancers they already use," Hoch said.

Networking vendors Cisco Systems Inc. and Nortel Networks Corp. are keeping up with the action. Cisco, in San Jose, has begun offering modules to attach to its stable of switches that handle applications such as SSL acceleration.

Last September, Nortel, of Brampton, Ontario, announced it was adapting some of its high-end service provider equipment to fit into enterprise environments and compete with the multifunction switches.

While companies such as Nexsi and Surgient are innovating, IDCs Borovick said, the traditional networking companies—Cisco, Nortel, Inktomi Corp. and Network Appliance Inc.—have "a wider product offering and should still dominate this market."

Borovick said no one can predict which companies will survive over the next couple years; however, she said she does believe smaller companies have a chance if they can lock into niche markets. This will be key as the market takes shape over the next several years and new functions are added to the smart switches, such as the ability to support voice over IP and wireless applications such as Short Message Service messaging.

It all adds up to more network functionality and more efficient use of resources. Thats intelligent.

Brian Ploskina is a free-lance writer based in Oakford, Pa. He can be reached at [email protected].