Nexsi Takes Performance, Security Deeper into the Enterprise

Much has been said about performance enhancement, but until now most of
the so-called “heavy lifting” performed by content delivery networks (CDNs)
or routing enhancement providers like RouteScience have occurred at a
level beyond the enterprise.

Examining the seven layers of open system interconnection — FYI, our
sister site, Webopedia, has developed
a great diagram to help you better visualize this concept — one can see that
businesses from CDNs to managed services providers (MSPs) have concentrated
their services on Layers 1-3 for the most part.

“The bulk of what Akamai does with its distributed platform is levels one
through three,” confirmed Felicia Spagnoli, spokeswoman for Cambridge,
Mass.-based Akamai Technologies. To be fair, Akamai’s flagship EdgeSuite
solution can be integrated into Oracle databases to extend through all seven
levels of an network’s infrastructure; however, those Edge Side Includes (ESI) are not part of the standard
EdgeSuite solution package.

But now a San Jose, Calif.-based start-up called Nexsi Systems has come
up with hardware to address remaining parts (Layers 4-7) of networking
infrastructuring — a segment that ironically has been sorely ignored even
while an overcapacity was building up in the areas of switching and
bandwidth on the fiber market.

On Tuesday, Nexsi Systems will unveil its Nexsi 8000, which company
officials are labeling the world’s first Content Services System (CSS).
Nexsi plans to demonstrate the 8000 at the Networld + Interop show in
Atlanta during the week of Sept. 10.

In their eyes, CSS is an expandable networking system that aggregates and
delivers a rich suite of managed security, bandwidth management and content
services for hundreds of secure content domains at multi-gigabit rates in a
single system. In layman’s terms, it’s the first box that addresses all of
the data packet processing (firewalls, VPNs, SSL, etc.) at Layers 4-7 of the
network interconnection. (Okay…perhaps that wasn’t completely
understandable to the layman but this is IT.)

“What we’re trying to do is modernize an area of the network that has
languished,” said John McFarlane, CEO of Nexsi Systems. “It ain’t the pipes
anymore. We know how to get packets from Point A to Point B. What we don’t
know is how to [efficiently] unwrap them.”

“Layer 4-7 needs thousands of times more instructions per packet. It’s
more an issue of how many instructions you can process per second,” said
Douglas Brockett, VP of marketing and business development at Nexsi. “If you
connect your browser to an e-commerce Web site, you’ll hit SSL (Secure
Sockets Layer) encryption. Performance is hit by at least 5 percent due to
encryption. The problem is the server. What Nexsi has done is taken a fresh
approach to this problem.”

To address the problem, Nexsi’s development team began at Square One
starting with design efforts on silicon and working their way up to a
proprietary system. The system is powered by Nexsi’s a custom designed,
87-million transistor System-on-a-Chip (SoC), which integrates processing
units, network interfaces and special-function acceleration elements. On
Tuesday, Nexsi will also announce IBM as its foundry partner for the SoC

The end results is a piece of hardware that is six to 10 times faster
than current VPNs with the added horsepower to eliminate hardware
requirements for firewalling, web switching and SSL encryption. In fact,
company officials said benchmarking results have found Nexsi 8000 to be able
to replace 40 Netscreen
, 20 Alteon web switches, 60 Alteon SSL accelerators and 400
Checkpoint VPNs.

And because performance enhancements efforts have focused blindly on
packet delivery, Nexsi argues that CDNs forgo many of the security concerns
at the expense of efficiency. The Nexsi 8000, though, is built to speed the
processing of Internet protocol security (IPSec) and triple data encryption
standard (DES) as well as other performance functions like load balancing
and bandwidth management — all functions that occur at Layers 4-7.

This could be a boon to MSPs, which until now have been unable to
shoulder the weight of extending subscription services further into the
enterprise due to the security concerns, analysts said.

“A lot of the first generation equipment was not able to have the
horsepower…what happens today, if you take a look at a typical hosting
center, it’s really managed as an outsourcing model,” said Susan Almeida,
co-founder of Boston-based management consultancy, Network Strategy Partners. “A lot of
individual security and QoS platforms are running out of steam. If you take
a look at a typical hosting center, there are hundreds of customers in

Nexsi officials predict that even though only 3 percent of HTTP sessions
are encrypted today, as much as 50 percent will travel through secure lines
in five years.

News Around the Web