RealTime IT News

Nexsi Takes Performance, Security Deeper into the Enterprise

Much has been said about performance enhancement, but until now most of the so-called "heavy lifting" performed by content delivery networks (CDNs) or routing enhancement providers like RouteScience have occurred at a level beyond the enterprise.

Examining the seven layers of open system interconnection -- FYI, our sister site, Webopedia, has developed a great diagram to help you better visualize this concept -- one can see that businesses from CDNs to managed services providers (MSPs) have concentrated their services on Layers 1-3 for the most part.

"The bulk of what Akamai does with its distributed platform is levels one through three," confirmed Felicia Spagnoli, spokeswoman for Cambridge, Mass.-based Akamai Technologies. To be fair, Akamai's flagship EdgeSuite solution can be integrated into Oracle databases to extend through all seven levels of an network's infrastructure; however, those Edge Side Includes (ESI) are not part of the standard EdgeSuite solution package.

But now a San Jose, Calif.-based start-up called Nexsi Systems has come up with hardware to address remaining parts (Layers 4-7) of networking infrastructuring -- a segment that ironically has been sorely ignored even while an overcapacity was building up in the areas of switching and bandwidth on the fiber market.

On Tuesday, Nexsi Systems will unveil its Nexsi 8000, which company officials are labeling the world's first Content Services System (CSS). Nexsi plans to demonstrate the 8000 at the Networld + Interop show in Atlanta during the week of Sept. 10.

In their eyes, CSS is an expandable networking system that aggregates and delivers a rich suite of managed security, bandwidth management and content services for hundreds of secure content domains at multi-gigabit rates in a single system. In layman's terms, it's the first box that addresses all of the data packet processing (firewalls, VPNs, SSL, etc.) at Layers 4-7 of the network interconnection. (Okay...perhaps that wasn't completely understandable to the layman but this is IT.)

"What we're trying to do is modernize an area of the network that has languished," said John McFarlane, CEO of Nexsi Systems. "It ain't the pipes anymore. We know how to get packets from Point A to Point B. What we don't know is how to [efficiently] unwrap them."

"Layer 4-7 needs thousands of times more instructions per packet. It's more an issue of how many instructions you can process per second," said Douglas Brockett, VP of marketing and business development at Nexsi. "If you connect your browser to an e-commerce Web site, you'll hit SSL (Secure Sockets Layer) encryption. Performance is hit by at least 5 percent due to encryption. The problem is the server. What Nexsi has done is taken a fresh approach to this problem."

To address the problem, Nexsi's development team began at Square One starting with design efforts on silicon and working their way up to a proprietary system. The system is powered by Nexsi's a custom designed, 87-million transistor System-on-a-Chip (SoC), which integrates processing units, network interfaces and special-function acceleration elements. On Tuesday, Nexsi will also announce IBM as its foundry partner for the SoC technology.

The end results is a piece of hardware that is six to 10 times faster than current VPNs with the added horsepower to eliminate hardware requirements for firewalling, web switching and SSL encryption. In fact, company officials said benchmarking results have found Nexsi 8000 to be able to replace 40 Netscreen 100's, 20 Alteon web switches, 60 Alteon SSL accelerators and 400 Checkpoint VPNs.

And because performance enhancements efforts have focused blindly on packet delivery, Nexsi argues that CDNs forgo many of the security concerns at the expense of efficiency. The Nexsi 8000, though, is built to speed the processing of Internet protocol security (IPSec) and triple data encryption standard (DES) as well as other performance functions like load balancing and bandwidth management -- all functions that occur at Layers 4-7.

This could be a boon to MSPs, which until now have been unable to shoulder the weight of extending subscription services further into the enterprise due to the security concerns, analysts said.

"A lot of the first generation equipment was not able to have the horsepower...what happens today, if you take a look at a typical hosting center, it's really managed as an outsourcing model," said Susan Almeida, co-founder of Boston-based management consultancy, Network Strategy Partners. "A lot of individual security and QoS platforms are running out of steam. If you take a look at a typical hosting center, there are hundreds of customers in them."

Nexsi officials predict that even though only 3 percent of HTTP sessions are encrypted today, as much as 50 percent will travel through secure lines in five years.