|
Certeon Takes Network Acceleration to Secure New Heights
Published: July 13, 2006
by Alex Woodie
Network acceleration device maker Certeon has only been in business for a few months, but it's already making waves. The company's approach to accelerating content--providing application-specific pattern matching using Level 7 of the TCP/IP stack--is very likely the wave of the future, as the network acceleration device industry seems to have reached a performance plateau with existing techniques. The company is also one of a small but growing number of vendors providing acceleration for encrypted content.
Certeon opened for business out of Burlington, Massachusetts, in February with its S-Series line of application appliances. Since then, the company has done well, according to Gareth Taube, vice president of worldwide marketing. "We have a steady stream of major customers," Taube says, including battery maker Energizer Holdings and St. Jude Medical, a manufacturer of medical devices. The company also counts as a customer the services arm of software giant Microsoft, which is using S-Series devices to accelerate the Office SharePoint environment it manages for select customers. And last week, the company announced its new partner reseller program.
While Certeon doesn't yet command a very large share of the $500-million-per-year WAN acceleration device business, Taube expects that to change. "Many companies are putting in some kind of application acceleration device. The problem is there appears to be a clear acceleration ceiling out there." This ceiling is due, in part, to the inability of current WAN acceleration devices to work with encrypted content, he says.
In actuality, the notion of accelerating data that's been encrypted is a bit of a fallacy. This is because encrypted content has been basically separated into random parts, so, as a rule, it cannot be broken apart to reveal the byte-level patterns that can be pulled out and cached, which has been a go-to technique for accelerating data across a WAN for years. After all, if encrypted data could be accessed in this manner, it wouldn't provide much in the way of security.
To get around this unavoidable fact, Certeon realized it must first decrypt the data sent across the Web using the HTTPS protocol, at which point it can apply compression and acceleration using a mix of common techniques and a few new tricks of its own. It then re-encrypts the data using IPsec tunneling before sending it across the WAN.
Certeon's line of S-Series devices do this without sacrificing the security of the data or the encryption keys, says Jeff Black, co-founder and chief scientist of Certeon. "It's end-to-end security," he says. The devices "communicate with each other so that certificates and private keys never leave data center, but branch offices are able to terminate the SSL locally. . . We never compromise the keys."
Data on the S-Series hard disks is also encrypted, Black adds, so a physical break-in of the devices wouldn't comprise the security of the data. The only place unencrypted data is stored is in volatile memory, which isn't easy to get at, and which would be cleared if the device was unplugged.
As the amount of encrypted traffic on the Web grows, the capability to compress and accelerate that traffic will grow in importance as well. Certeon cites a Gartner study that found about 35 percent of companies in 2005 used SSL encryption to secure their critical applications, and that SSL traffic is now growing at a 25 percent annual rate.
When it launched in February, Certeon was one of a small number of vendors providing acceleration of encrypted traffic, an area in which it owns several patents. However, since then, it has become a much more crowded space, with BlueCoat probably providing the most direct competition. By some estimates, there are more than a dozen vendors launching products or with plans to compete in this area.
Certeon holds a certain advantage over other players in the WAN acceleration market, Black says. "If I were starting a company today, I'd be crazy not to think about and bake into my product the ability to deal with secure environment and encryption. That's going to be a fact of life for business, an absolute requirement," he says. "One of the advantages we have, entering the marketplace when we did . . . after Riverbed, Juniper, Perebit, or Expand, is we deal with things at a lower layer. Whereas we stepped in a little bit later, we realized that applications are what's important, not the packet and plumbing layer. We address it with our architecture from a top down view, rather than a bottom up view."
The other core feature that Certeon says separates it from the pack is its support for Level 7 acceleration, which it accomplishes using its "application acceleration blueprints." These blueprints work by telling the S-Series devices to look for specific file and object types when handling traffic from certain types of applications. The blueprints reside on disks spinning in the devices; the more disk space allocated to the blueprints, the more acceleration is provided.
For example, the S-Series device could recognize a Word document from an application blueprint. After identifying the file type, the device sends a token to the downstream device, which then preloads a version of that document, and fills in only the parts that have been changed before reassembling the document and delivering it to its final destination. This technique reduces the amount of data sent across the wire.
Certeon uses other acceleration techniques, including compression, caching, TCP acceleration, packet aggregation, and forward error correction. But it's the application blueprints that boost its acceleration from the 10-to-15x level up to 50 times faster, Taube says.
Currently, Certeon only offers blueprints for Microsoft Office SharePoint and Oracle E-Business Suite 11i. The company has plans to support major enterprise applications, including SAP and the CRM offerings from Salesforce.com and Siebel, which is now owned by Oracle. The company is also looking at delivering blueprints for Microsoft Exchange Server, as customers have expressed a need to accelerate Outlook Web Access (OWA).
Certeon is selling three S-Series appliances, which are differentiated by capacity and the number of WAN links supported. The S-1000 supports five WAN links, the S-2000 supports 10, and the S-3000 supports 50. The boxes range in price from $6,000 to $35,000. For more information, go to www.certeon.com.
|
