Corporations and service providers will be able to secure the traffic in and out of a data centre in several ways, all at high speed, using a cluster system announced Tuesday by Nortel Networks Corp., the company said.
Nortel’s Alteon Security Cluster will allow network administrators to connect a variety of security appliances – initially, the Alteon Switched Firewall and Alteon SSL (Secure Sockets Layer) Accelerator – to an Alteon Web switch, and have the switch apply the security rules each security appliance creates for a given session. The company also plans to integrate other security appliances through partnerships, beginning with Internet Security Systems Inc.’s (ISS) intrusion-detection technology.
The cluster is designed to prevent corporations and carriers from having to send traffic through a string of devices, each of which inspects every packet, said Marie Hattar, director of security solutions at Brampton, Ont.-based Nortel. Instead, each specialized appliance can provide policy information to the Web switch that the switch then uses to accept or reject packets. The appliances only have to calculate and upload new policies each time a new session – defined in terms such as the user and the application in use – begins.
“You hang all the security capabilities off the side of that Web switch, and it applies all those policies,” Hattar said.
“The processing-intensive part is coming up with the rule set,” she added. “That thinking is done once for any session.”
The result, according to Nortel, is faster, secured traffic. With the cluster arrangement, the Web switch will be able to forward traffic at speeds up to 3.2G bps (bits per second) while applying Alteon Switched Firewall security, Hattar said. Nortel offers two different Web switches, the Alteon 180 series and the Alteon AceDirector series, both of which can be configured with 10M bps, 100M bps and 1G bps Ethernet ports.
The cluster is designed for corporate data centres as well as managed hosting facilities operated by service providers. It uses Nortel Application Acceleration Protocol software for appliances to communicate policies to the Web switch, as well as software for managing the cluster as a unit. Other security products can be used at the same time, as standalone devices.
Currently, the only appliances that can be integrated into a cluster are the Alteon SSL Accelerator, which performs SSL encryption of e-commerce transactions, and the Alteon Switched Firewall, which runs firewall software from Check Point Software Technologies Ltd. By the second quarter of 2002, Nortel will offer another appliance that runs the ISS software for intrusion detection, Hattar said. The company is also seeking partners to provide antivirus and content filtering capabilities, and it expects to announce those deals in early 2002. The capabilities would become available later.
The cluster is available now, priced starting at US$55,000, including one Web switch, one appliance, Nortel Application Acceleration Protocol, and management software.