Enterprises can secure their network traffic at higher performance and avoid proliferation of devices with a series of security hardware modules announced Tuesday for the Cisco Systems Inc. Catalyst 6500 Series switches.
The modules perform the same functions as existing Cisco security products, but at higher performance because they take advantage of the Catalyst 6500 Series, according to Tom Russell, director of product marketing in Cisco’s VPN and Security group, in San Jose, California. The Catalyst 6500 is one of Cisco’s main chassis-based switch platforms for enterprises and service providers. The security modules also can be deployed in the Cisco 7600 Series router.
Because enterprise networks have an increasing number of connections to the outside world, and each department may need its own security policies, it makes sense to deploy security at switches within the network as well as in devices at the edge, Russell said.
In addition to offering higher performance, the switch modules cost less than stand-alone devices, he added.
The line-up includes a VPN (virtual private network) Services Module and a Network Analysis Module, available now, as well as a Firewall Services Module and an SSL (Secure Sockets Layer) Module available in September.
Integrating security functions into a switch can help to simplify networks, a major goal of many enterprises, according to Zeus Kerravala, an analyst at Yankee Group, in Boston.
“Although best security practices would dictate you would have separate devices, it’s not always practical … because it gets harder to manage when you have that many devices,” Kerravala said. “A lot of people spend a lot of money managing their networks.”
Cisco is taking a smart approach by offering both integrated security and stand-alone devices, he added.
The security modules announced Tuesday offer more benefit than some earlier Cisco modules that could be plugged into switch backplanes, as these are truly integrated and can be managed through the same interface as the rest of the switch, Kerravala said.
The VPN module can encrypt and decrypt traffic with 3DES (Triple Data Encryption Standard) technology at 1.9Gbps and provide 8,000 concurrent VPN tunnels, using the IPSec (Internet Protocol Security) standard. At that level of performance, it can handle VPNs between enterprise campuses as well as remote users on dial-up and broadband, according to Russell. It is priced at US$35,000.
The new Network Analysis Module, NAM-2, provides roughly double the throughput of a current module for the Catalyst line, the NAM-1. The NAM-2 can monitor traffic at rates as high as 1Gbps to help administrators detect network problems and better use resources. The NAM-1 and NAM-2 are priced at US$17,995 and US$29,995, respectively.
The Firewall Services Module brings the functions of Cisco’s Pix Firewall to the switch platform along with an increase in performance from the standalone versions. It can secure traffic at throughput rates up to 5Gbps, over as many as 100,000 connections per second. As many as four of the firewall modules can be deployed in one Catalyst 6500 chassis, and one chassis with multiple firewall modules can be used as a high-performance security platform. It will be priced at US$34,995.
The SSL Services Module can encrypt and decrypt traffic using SSL at speeds up to 300Mbps, supporting as many as 2,500 connections per second. A typical deployment would be to offload security functions from an e-commerce server behind the Catalyst 6500, Russell said. The module will cost US$29,995.