IBM Partners with CloudShield for Network Security Blade Server
September 2, 2008 Timothy Prickett Morgan
There is so much malware, spam, and other garbage running around the Internet these days that it is fair to say that the idea of anonymity expressed in the Internet Protocol was probably a bad choice. But, because the world runs on TCP/IP these days and we are not about to all be issued permanent IP addresses at birth, whether we are humans or servers, we are stuck trying to cope with the onslaught as best we can with various kinds of security products. IBM rolled out a new one last week.
The BladeCenter PN41 is a new kind of blade server from Big Blue. It is not a generic X64 or Power blade, suitable for running Windows, Linux, AIX, or i operating systems, but rather a device using a specialized processor from Intel and a set of systems software encoded on the blade that allows it to do deep packet inspect and network traffic shaping in an effort to cope with viruses, other kinds of malware, and denial of service attacks on networks. This kind of blade would have been handy in both Russia and Georgia a few weeks ago, when the two countries essentially went to war over the separatist regions of Abkahzia and South Ossetia but before the tanks rolled in and the gunfire started, they both launched hack attacks on each other’s public-facing government computers.
The PN41 blade implements a set of software on a real-time operating system created by CloudShield Technologies to implement the DPI security protocol, which is embedded inside a program called DNS Defender, as well as another set of code called Subscriber Services Manager, which allows network traffic to be prioritized and shaped at the subscriber level in peer-to-peer networks. The PN41 blade also includes an IP Transition Gateway, which bridges the gap (both forward and backward) between old IPv4 networks and new IPv6 networks. The new blade is based on an Intel IXP2805 network processor, which handles data packets; the blade has a number of different memory technologies, including standard DRAM and other kinds of cache, but it does not have any flash memory or disk drives (since traffic isn’t stored so much as processed). The blade has four Gigabit Ethernet controllers as well as four 10 Gigabit Ethernet controllers on the board, which is lot of bandwidth but which is necessary considering the amount of traffic such a device is designed to handle. The software is written in something called packetC, and the development tools from CloudShield snap into any Eclipse-compatible integrated development environment. CloudShield also sells its own development environment, called the PacketWorks IDE.
According to CloudShield, which co-developed the PN41 with IBM and which is selling them, too, the blade can handle 20 Gb/sec of sustained network bandwidth while running the DPI code to sniff out malware and DDoS attacks. So when you do the math, that works out to 280 Gb/sec per BladeCenter chassis and over 1 Tb/sec per server rack of blades. Incidentally, CloudShield had already created a set of appliances running its various security and traffic shaping programs on rack servers.
The PN41 blade will plug into the BladeCenter H and HT chasses, and can be managed by IBM’s System Director tools, which are used for its X64 and Power blades as well. The one thing that IBM and CloudShield will not talk about when the PN41 blade is announced next week is what it costs; the device is only available on a special bid basis at the moment. It will be generally available in October. The IP Traffic Gateway software will be available sometime before the end of the year, according to IBM.