REVIEW: Crossbeam X-Series Platform Consolidates Security Functions

The Crossbeam X-Series Platform is a modular Ethernet switch targeted at the enterprise and carrier market. eWEEK Labs tested the the Crossbeam X80 model, and found that it will be a good bet for businesses that need a flexible, high-speed security switch. The $500,000 price tag is well worth it given the ability of the platform to consolidate many security functions and still push traffic at 40G bps.

Every enterprise network is built on a switched Ethernet foundation. It's difficult to estimate just how many Ethernet switches are out there, but, according to Infonetics Research, devices worth $3.4 billion were shipped in Q2 2009.

If any piece of network gear might be as widely deployed as the Ethernet switch it would be the firewall. And, as network usage evolves, enterprises must add more and more security devices and/or software solutions. Not only do these solutions need to be individually configured, managed and patched, but they take up space, use energy and generate heat in the data center.

The Crossbeam X-Series Platform is a modular Ethernet switch targeted at the enterprise and carrier market. The versatile, scalable and high-performance architecture can be thought of as a fully customizable combination of a UTM (unified threat management) device running on top of an Ethernet switch.

However, unlike most UTM devices, the Crossbeam X-Series Platform allows you to select best-of-breed security applications to deploy. Partners-currently including Checkpoint, IBM, Imperva, Sourcefire, Trend Micro and Websense-provide software ranging from firewall to anti-malware to URL filtering to IPS (intrusion prevention system). Such versatility contributes to data center consolidation by removing the need to rack, connect, power and manage a multitude of point solutions.

The X-Series consists of the seven-slot, 8U X45 chassis or the 14-slot, 14U X80 chassis. The backplane of the chassis itself is a 160G-bps nonblocking switch fabric.

Both the X45 and X80 models can be populated with a mix of APMs (Application Processor Modules), NPMs (Network Processor Modules) and CPMs (Control Processor Modules).

Each NPM has a 10G-bps full-duplex point-to-point connection to each APM, CPM and the other NPMs. Each APM can receive up to 12G bps of network traffic, while all signaling and management information travels through a dedicated 1G-bps control path to the CPM.

Units can be configured for "single-box high availability" using redundant modules or "dual-box high availability" using redundant chassis.

NPMs are available in a variety of configurations (1G-bps Ethernet, 10G-bps Ethernet, copper and fiber), and include an integrated 16-core MIPS64 security processor, a high-speed NPU and a Crossbeam-designed switch fabric FPGA.

APMs, also available in a variety of configurations, are essentially a PC on a card complete with multiple dual-core Xeon processors, up to 4GB of RAM and up to two hard drives, plus an FPGA. The FPGA on the NPM and the FPGA on the APM build a virtual meshed network through which network traffic flows.

APMs run security applications-in my case, Checkpoint R70-on a hardened version of Red Hat. APMs can be load-balanced for performance and failover, and are hot-swappable. During testing, I yanked an APM out of the chassis and the box didn't miss a beat.

Finally, the CPMs then manage all components of the solution. If, for some reason, an APM crashes, it will reboot and the CPM will redeploy the security application automatically.