networkZONE Products for the week of August
28, 2006
Sensory Networks Says…
Sensory Networks Unveils New High-Performance, Low-Cost
Content Security Acceleration Solution
The new NodalCore-SX will deliver up to 500Mbit/s throughput
and price-positioned as the ideal solution for the SME market
Sensory Networks has announced the latest product in the C-Series content
security accelerator product line built on Sensory Networks' patented NodalCore
security processor technology. Capable of up to 500 Mbits/s throughput per
card, the NodalCore-SX extends Sensory's hardware acceleration line right
down to the SME market.
The C-Series PCI cards are built using reconfigurable technology that
can be reprogrammed even after units have been deployed in the field, meaning
performance enhancements and security updates can be delivered throughout
the product lifecycle. Recent advances by Sensory Networks have increased
performance in their existing NodalCore-MX and -Ultra products to such an
extent that they now compete in higher-end markets. The NodalCore-SX delivers
Sensory's leading security technology to the SME market at a competitive
price point.
"SME appliance vendors must deliver many security features, performance
guarantees and an affordable solution," said Michael Howard, Senior
Analyst for Heavy Reading. "This latest solution from Sensory Networks
really targets that sweet spot."
"We are proud to announce the latest addition to our C-Series product
line," said Sab Gosal, VP of Marketing for Sensory Networks. "The
new NodalCore-SX card takes advantage of our increases in performance to
provide the ideal SME appliance security solution."
About NodalCore security solutions
This latest addition to the NodalCore security solution product line expands
Sensory's offering to 4.
| Product |
Ideal appliance |
Peak Throughput |
Appliance Rating |
| NodalCore-SX |
Entry-level SOHO/SME |
500 Mbits/s |
100 Mbits/s - 1 Gbits/s |
| NodalCore-MX |
Mid-range |
1 Gbits/s |
1 Gbits/s - 2 Gbits/s |
| NodalCore-Ultra |
High-performance |
2 Gbits/s |
2 Gbits/s - 4 Gbits/s |
| NodalCore-Ultra Duo |
Carrier-class |
4 Gbits/s |
4 Gbits/s - 10 Gbits/s |
analogZONE Says . . .
2006 marks the year that Unified Threat Management
(UTM) technologies moved from the fringe to mainstream market, and Sensory
Networks new C-Series of content security accelerator cards seems well-positioned
to grab its share of the business. Sensory has adapted its programmable
multi-layer approach to high-performance UTM appliances (much of which is
described nicely in their two-part TechNote published here in May and August ) to
a less expensive family of boards which fit the tighter budget constraints
of the SME market where sales volumes should be pretty heavy. The company
provides a wide range of products, including raw chip sets and reference
designs, but the low cost ($399 in single units) of this latest series of
cards may tip the make/buy equation solidly towards "buy" in many
lower-volume and even some higher-volume applications.
Sensory's products employ a
configurable architecture that uses an FPGA (Xilinx) to relieve the host
CPU of the heavy lifting involved with multi-layer packet analysis and inspections
as deep as quintuple lookups. In fact the board is little more than an FPGA,
some on-board memory and a PCI bridge chip, all tied together with some
very clever software (see the photo). The added value here is Sensory's middleware which allows
multiple applications (both from Sensory and third-party vendors) to share
common classification and analysis resources to eliminate redundant processing
steps and reduce the storage requirements for the huge data bases and signature
tables. It also features a tiered approach to inspection and analysis which
makes the best use of the card's and the host's processing resources. All
packets go through a basic signature filter first and only those traffic
streams regarded as suspicious are passed to a more sophisticated but slower
application engine. If you want to get into more detail about this, Xilinx
has provided a nice little resource page which has several
really useful articles, spec sheets, and other files you can download for
your edification.
Sensory has also worked hard to keep most of the
deep inspection and table lookups on the card to minimize traffic on the
host processor and its system bus. Minimizing reliance on the host memory
resources also minimizes latency, something that can help reduce bandwidth
throttling that occurs when a TCP connection encounters too much delay and
begins to back off its transmit speed.
As I mentioned earlier, of the things that really
distinguishes Sensory's approach is that it's an open platform that supports
both its own applications and third party software. This has allowed a lively
ecosystem of applications to grow up around their hardware, including such
notables as ClamAV, Intoto, Kaspersky, Mcafee, and MessageLabs. The open,
easy-to-work-with architecture is now enjoying continuous support by most
of the top-notch security software vendors, assuring that your product won't
suddenly find itself an orphan.
About the only ding I'd put in this otherwise positive
review is the absence of a version of this card which supports the PCI Express
bus. Although the slower throughputs of these lower-cost cards would not
make full use of the enormous bandwidth afforded by PCIe, the rapid adoption
of this new bus within the server market makes me wonder why there is not
a second flavor of the card that supports it. Since it should be easy enough
to swap out the PCI bridge chip for a PCIe device from PLX, Tundra, or maybe
just implement it as part of the FPGA itself, it looked like a logical next
step. In fact, when I inquired with Sensory Networks about this, they acknowledged
that a PCIe development effort is already underway -- surprisingly initiated
at the behest of several Asian ODMs -- that we can expect to see on the
market in the relatively near future.
Available now with list prices as low as $399,
these cards provide designers with a compelling reason to consider buying
a UTM subsystem rather than designing one of their own. Of course, if your
volumes are high enough to push you towards the "make" side of
the "make vs. buy" equation, Sensory Networks will be pleased
to sell you raw chips, development platform and applications that will allow you
to roll-your-own UTM unit.
Data Sheet NodalCore boards
Data Sheet NodalCore X SPU chip set
analogZONE
(c) 2006. All rights reserved.
Sensory's products employ a
configurable architecture that uses an FPGA (Xilinx) to relieve the host
CPU of the heavy lifting involved with multi-layer packet analysis and inspections
as deep as quintuple lookups. In fact the board is little more than an FPGA,
some on-board memory and a PCI bridge chip, all tied together with some
very clever software (see the photo). The added value here is Sensory's middleware which allows
multiple applications (both from Sensory and third-party vendors) to share
common classification and analysis resources to eliminate redundant processing
steps and reduce the storage requirements for the huge data bases and signature
tables. It also features a tiered approach to inspection and analysis which
makes the best use of the card's and the host's processing resources. All
packets go through a basic signature filter first and only those traffic
streams regarded as suspicious are passed to a more sophisticated but slower
application engine. If you want to get into more detail about this, Xilinx
has provided a nice little resource page which has several
really useful articles, spec sheets, and other files you can download for
your edification.