Check Point adds virtual firewall appliance |
 |
By Neil Roiter, Senior Technology Editor, Information Security magazine
19 Aug 2008 | SearchSecurity.com |
|
|
Indianapolis-based BlueLock LLC describes its business as "infrastructure as a service." It's not as conducive to a smooth acronym as Software as a Service (SaaS), but it makes the same compelling case for hardware/software savings and reduced management overhead.
|
|
|
|
|
With physical boxes, you have to have copies of all that disparate hardware sitting at a remote site, and must sync configurations between the two; that's really difficult to do.
Pat O'Day,
chief technology officer, BlueLock LLC
|
|
|
|
|
|
|
|
|
|
It offers nimble, dynamic growth on demand, which means servers, switches and routers are all virtualized on VMware. And security, which has meant, in large part, Check Point Software Technologies Ltd. VPN-1 firewalls, and now, a new virtual appliance VPN-1 Virtual Edition (VE), which debuted this week.
"We took all those traits of SaaS and saw the opportunity to match that up with the infrastructure space to build business around that," said Pat O'Day, chief technology officer of BlueLock. "In order to deliver that business model, we use virtual cloud computing, so our entire infrastructure is based on VMware -- hence our interest in Check Point VPN-1 as a virtual machine."
BlueLock has virtualized VPN-1 since it started in March 2007, taking advantage of Check Point's Secure Platform -- commonly known as "SPLAT"-- a lean, hardened version of Red Hat Enterprise Linux that can be installed as a VMware virtual machine. O'Day has been running about 60 of these virtualized firewalls -- one for each client -- on 80 blade servers.
Now, VPN-1 VE gives BlueLock a fully supported virtual firewall that can be managed through Check Points administrative tools.
"This enables customers to regain the segmentation -- that separation between different applications -- that people associate with physical servers, that was lost as they collapsed the data center onto a single server," said Bill Jensen, product marketing manager at Check Point. It also gives enterprises the flexibility to manage mixed physical-virtual environments.
"It's a single solution," said Jensen, "with the same level of security, the same interface, so they don't have additional costs for security products on an operational basis."
O'Day said the only drawback right now is a performance hit, because VPN-1 VE does not support the new VMware tools, which Check Point said it is working on. BlueLock compensates by dedicating additional processor core to clients as needed -- for security or network/server requirements.
Check Point's Jensen said the next step is tighter integration with VMware, including the ability to see into its dynamic environment, such as VMotion, which allows dynamic movement of virtual machines from one physical server to another.
Virtualized security is a young field, as security, is all too typically playing catch-up with the business needs for adopting new technology. Check Point's introduction of VPN-1 VE signals the movement of major vendors into this arena, which includes virtualization security specialists like Blue Lane Technologies Inc., which provides intrusion prevention for physical and virtual environments, and Reflex Technologies Inc.
A fully virtualized operation allows BlueLock to meet its prime business requisites as an in-the-cloud infrastructure service, said O'Day: capacity on demand and replication and failover for disaster recovery.
"With physical boxes, you have to have copies of all that disparate hardware sitting at a remote site, and must sync configurations between the two; that's really difficult to do," said O'Day. BlueLock replicates its virtual environment -- routers, switches, servers and security through its SAN to its Salt Lake City DR site.
"I literally log in at Salt Lake City, and I can just press the power button and the entire environment boots up. Cost-wise, the only thing you are buying at the disaster recovery site is storage," O'Day said.
|
|
|
|
