The many new mechanisms to secure and speed up applications running on networks are heading for consolidation that should make it easier and less expensive to deliver the kind of performance end users want.
F5 Networks Inc. next Tuesday will bring this integration to a new high with the next generation of its Big-IP software platform, which will pack traffic compression, denial-of-service (DoS) attack protection and other features into a variety of new server load balancing devices as well as some older F5 boxes. The company, a pioneer vendor of application traffic management hardware, which handles the performance of applications over a network, aims to stop the proliferation of separate appliances and accompanying software interfaces.
That’s a worthy goal, according to industry analysts.
“Every time there’s ten new products out on the market, you end up with ten boxes on your network,” said Joel Conover of Current Analysis Inc., in Sterling, Va. Consolidation is natural, he added. “All these products get perpetually integrated down into these Web load balancers,” he said.
A Big-IP platform acts as a front end to an array of servers, balancing the load of user requests to those servers as well as giving each user session the right characteristics and securing the network, according to Jason Needham, senior product manager at F5, in Seattle. It includes content acceleration, connection optimization, traffic compression, rate shaping, DoS attack protection, Secure Sockets Layer (SSL) encryption and an application firewall. Each enterprise can tune the software to best serve its own applications, he said.
As enterprises make existing applications accessible via the Web, they will have to keep delivering the performance that end users have come to expect, said analyst Jarad Carleton of Frost & Sullivan, in San Antonio, Tex. The functions built into the Big-IP platform should help them deliver that, Carleton said.
Bringing those functions together into a single box with one operating system and user interface can save money on hardware as well as management time, analysts said. But in some cases it may also be the only way to carry them all out, because encryption has to be coordinated with other functions or they won’t work, according to Lynn Nye, president of APM Advisors, a consultancy in Portland, Ore.
“Encryption makes the network stupid real fast, because (it) can’t see into the data and do anything,” Nye said. SSL encryption, which many financial institutions use to secure their customers’ Web transactions, scrambles data so it can’t be compressed, prioritized or directed to a certain server based on markers such as XML (extensible markup language) details, Nye said.
F5 isn’t the only company joining the integration trend, Nye said. He believes Cisco, which F5 calls its main competitor, will back up its evangelism for building more intelligence into networks by acquiring a maker of this type of multifunction “application front end.” Once it does, the networking giant could offer the capabilities in an appliance or integrate them into a switching platform, he said.
An added security capability in the new Big-IP platform is the capability to analyze traffic in both directions. This feature, which most current traffic management products don’t have, lets the system halt information that shouldn’t get out of the enterprise, according to F5. That could be a critical security capability, Nye said. For example, it could block a server from ever sending Web shopping customers’ U.S. Social Security numbers out of the network, he said.
Big-IP, Version 9, will be available starting next Tuesday, along with three new hardware platforms. They range from the 1500 IP Application Switch, priced at US$16,995, to the 6400 IP Application Switch at US$34,995. All come equipped with SSL acceleration at 100 transactions per second. There are also add-on modules starting at US$1,995, including ones for compression, rate shaping, advanced client authentication, IPV6 (Internet Protocol, Version 6), routing modules and faster SSL acceleration. Big-IP, Version 9, will also be available for existing F5 customers using the 1000, 2400 and 5100 platforms.