Internet security is a hot topic at the moment, and a visit to this years Networld+Interop show in Las Vegas revealed an ever increasing number of firewall and VPN (Virtual Private Network) products available for those keen to keep their private data….. well, private.

However, as firewalls move from the category of "propeller-head" to "commodity", the smart vendors are already realising the need to differentiate their products further. This is achieved bay layering additional services on top of the firewall, so that critical processes which are best performed at the corporate gateway to the Internet – such as virus scanning or bandwidth control – can be executed by the firewall box.

According to Checkpoint, for instance, the customer wants tight integration of all security and traffic control components, together with policy-based management for all business. Two of the most crucial services being developed by savvy firewall vendors include Directory Services support and bandwidth control. Checkpoint’s FireWall-1 is one of the first firewalls to offer integrated LDAP support with the release of version 4.0, announced at the show. This simplifies user management within security policies, since it allows FireWall-1 to share user and group repositories already established within an organisation.

And with FloodGate-1, Checkpoint also offers a standalone bandwidth management product that can operate with any firewall, including, of course, FireWall-1. FloodGate-1 uses the same Stateful Inspection engine as FireWall-1, and provides a very similar rules-based interface. Instead of blocking undesirable traffic, however, FloodGate-1’s rules dynamically control the mix of traffic passing through the gateway not just on a per-connection basis, but also on an aggregate level. Limited bandwidth can be allocated amongst multiple classes of traffic, including critical Internet applications or important groups of users.

It is becoming apparent that bandwidth management is one of the most critical factors in ensuring the success of a corporate intranet as a strategic business tool, with true bandwidth usage monitoring and control at the departmental and application level vital for implementing an effective traffic policy. As more companies move to client-server networking, Internet/intranet browsing and today’s GUI-based applications consume a significant portion of the available bandwidth – and this can affect performance of mission critical activities.

With the increase in the use of the Internet and intranet as and integral part of business strategy, today’s network managers face diverse traffic management considerations such as:

• How can they guarantee users and business-critical applications adequate bandwidth?
• Can bandwidth be adjusted to meet the requirements of individuals on a flexible and time-sensitive basis?
• Can they accurately assign bandwidth charges to the appropriate users and departments?
• How can they manage the use of intranets over expensive WAN links?
• Have they reached the bandwidth capacity of their network?
• How can they use their network efficiently to save investments in new bandwidth and new networking equipment?
• Can they validate the quality of service provisioned by their ISP?

Policy-based performance management stands in stark contrast to the "street-brawling" nature of today’s IP-based networks where, effectively, "anything goes". The nature of the Internet’s IP traffic allows applications and hosts to monopolise bandwidth, causing congestion and erratic performance. Furthermore, the rapid spread of push technologies requires a managed approach to Internet bandwidth.

Another company which is established in the bandwidth control market is California-based Ukiah Software, which announced version 2.1 of its TrafficWARE product at Networld+Interop. This is a Windows NT-based product that allows network managers and ISP’s to monitor and control intranet and Internet traffic. It features performance management support for a host of business critical applications such as Lotus Domino, Oracle databases and Citrix WinFrame, and the built-in profiling capabilities allow the administrator to monitor application response time, throughput and related network failures. Using this information, TrafficWARE control policies can be easily defined to allocate more bandwidth and higher priority to critical applications so that users benefit from improved response time and faster network throughput.

TrafficWARE is able to control IP network traffic based on priorities, specified bandwidth levels, and rules for admitting network sessions. The result is guaranteed performance for critical network users, servers and applications. Deployment of TrafficWARE at a gateway system, right at the Internet or WAN link, will reduce the need to solve performance problems through expensive upgrades to routers, servers, or the Internet/WAN link itself. Such upgrades often fail to get to the root cause of the performance problem, frequently shifting the bottleneck elsewhere in the system. Instead, bandwidth control systems such as TrafficWARE can manage the available bandwidth for optimal use by the applications, users and servers that need it the most. And with this sort of control, you can finally make sure that access to the company’s order entry server is not slowed down by users checking their daily stock quotes!

As with the CheckPoint offering, TrafficWARE is complemented by a full-blown firewall product to cover the security angle, and the Netroad FireWALL is unique in that it is the only one that supports both an NT and a NetWare environment. It does this on two levels too – the first is to provide a native NetWare version of the firewall (the only one we are aware of other than Novell’s own Border Services), and the second is to integrate IPX and NDS support (with LDAP and Active Directory planned) in both versions.

This makes the Ukiah offering particularly attractive to Novell sites, and especially those already using NDS. It is very satisfying when creating traffic and security policies to have the users and groups appear from your NDS database, as well as being able to achieve policy-based management at NDS object level, storage of security policies within NDS, and remote management of multiple firewalls.

At present, the only alternatives to these kinds of bandwidth control products are to switch to ATM or RSVP-compliant networks. Products like FloodGate-1 and TrafficWARE provide the means to offer effective traffic control without the requirement for major changes to the existing network infrastructure.

Top         Home

NSS Awards

Group Test Reports

Articles/White Papers

Contact

Home

Send mail to webmaster with questions or 
comments about this web site.
Copyright � 1991-2005 The NSS Group Ltd.
All rights reserved.