6WIND
Value-Proposition
for Network Security OEM Customers
Customer Case Studies:
-
Integrated Security and Routing
-
Multi-Services Security Gateways
6WINDGate™
Software Suites
|
New Challenges in
the Network Security Market
As security became a serious IT market concern,
a myriad of dedicated security products started to be deployed to
counter potential threats from different sources:
| • |
Firewalls to protect LANs from
outside attacks |
| • |
Virtual Private Networking (VPN)
to secure communications over insecure networks (e.g. the Internet) |
| • |
Intrusion Detection Systems (IDS) to monitor network communications
and identify suspicious traffic
|
| • |
Etc. |
|
As the market began to mature, a new class of network security
equipment appeared under the name of Unified Threat Management
(UTM) appliances. Embedding several security functions in
a single appliance, UTM appliances bring valuable end-customers
benefits:
| • |
Coherent multi-layered security architecture compared to a collection of disparate point-products |
| • |
CAPEX reduction with fewer
products to purchase |
| • |
OPEX reduction with a central configuration and management
system
|
| • |
Deployment flexibility by
using any of the available features without needing new
appliances |
|
 |
The large success of UTM appliances (IDC forecasts
UTM appliance market to grow continuously to $2.4B in 2009) is accompanied
by a growing number of vendors (nearly doubling every year since
2004). In this context, security vendors will focus on expanding
and enhancing their product lines. More than ever, product differentiation
will be based on:
| • |
Security performance |
| • |
Breadth of security features |
| • |
Centralized management
|
The network security market is currently seeing
a new paradigm shift caused by two main factors:
| • |
Increased competition from leading
networking vendors who are incorporating security technologies
in their infrastructure products to seek for differentiation
and business expansion into the fast growing network security
market |
| • |
Need to secure new applications:
Wireless LANs, Voice over IP, Storage, XML communications, etc. |
|
|
Such new market evolutions
are creating the need for a new breed of network equipment:
multi-services gateways, combining the functionalities of an
IP router, Ethernet switch, firewall/VPN appliance, VoIP gateway,
and WLAN access point. They are often targeted at small and
medium businesses or enterprise branch offices.
These devices, designed ground-up to support multi-services,
will still be optimized for specific applications. For
security providers, differentiation will still be centered around
security applications. However, they |
can't realistically master all software components of multi-services
systems, most of them being outside their core competence. Facing
increasing development costs and time-to-market challenges in a highly
competitive market, network security vendors are increasingly looking
for external device software to gain access to mature technology,
while keeping their internal R&D focused on delivering security
value-add. Consequently multi-services gateway software is now
a mix of proprietary technologies, open source and partner software,
raising the following questions for equipment developers:
| • |
How to quickly and cost-effectively
integrate all the software pieces coming from different sources? |
| • |
How to reduce time-to market? |
| • |
How to minimize development risks and costs?
|
| • |
How to get maximum performance benefits
from leading-edge processors? |
| • |
How to hide from end-users the management
complexity of disparate software while providing coherent configuration
mechanisms? |
6WIND Value-Proposition
for Network Security OEM Customers
Smooth Migration of
Security Product Line
6WINDGate™ Linux-based networking software enables
security OEMs to migrate their existing security appliance product
line towards high-performance multi-services security gateways.
It empowers them to:
| • |
Increase
security performance by interfacing 6WINDGate™ software
with hardware cryptographic accelerators or using it on advanced
network processors |
| • |
Integrate
6WINDGate™ comprehensive networking
feature-set to evolve to multi-services security gateways |
| • |
Manage security feature evolutions using 6WINDGate™
XML-based management framework for quicker feature integration
and management consolidation
|
In short, security OEMs can easily build
new generation multi-services security gateways by integrating their
UTM features with 6WINDGate™ networking middleware ported on
high-speed hardware.
Based on their product strategy, security OEMs
can either achieve these product enhancements all at once or migrate
smoothly, following a 3-step agenda. For instance, Firewall/VPN
appliance vendors can increase security performance while UTM appliance
providers can evolve their products to new generation multi-services
security gateways.
6WINDGate™ software suites allow to build
a complete range of security appliances, scalable in performance:
| • |
6WINDGate™
ADS for mono-processor architectures using software-based
cryptography or hardware-based cryptography to scale in performance
(in the range of several hundreds of Mbps), benefiting from
cost-effective Bill Of Material (BOM).
6WINDGate™ ADS is validated on x86, FreeScale, ARM (Intel
Xscale IXP42x) and MIPS64 (Cavium Networks OCTEON, Raza Microelectronics). |
| • |
6WINDGate™
SDS for multi-core processors or network processors (Fast
Path architectures) benefiting from the latest high performance
hardware components (multi Gbps). 6WINDGate™ SDS is validated
on MIPS64 (Cavium Networks OCTEON, Raza Microelectronics)
and Intel Multi-Core. |
Any specific development or customization made
by customers is preserved when they upgrade from 6WINDGate™
ADS to 6WINDGate™ SDS. This enables OEMs to provide a consistent
feature-set across all security products.
Software
Ecosystem Management
6WINDGate™ smart software architecture
enables OEMs to perform unmatched end-product customization. Reflecting
software development best practices, 6WINDGate™ open software
architecture enables an easy integration of additional software
components:
| • |
Application integration:
It is possible to integrate proprietary, open source or partner
application-level software with 6WINDGate™, in order to
build innovative and differentiated applications. Some applications
have already been tested and validated by 6WIND or its customers
in the area of security (UTM, proxies, content filtering, anti-virus)
and VoIP (SIP proxy). |
| • |
Management
integration: 6WINDGate™
eXtensible Management System (XMS) provides full-featured
and highly-customizable configuration tools: industry-standard
CLI, Web-based management, XML, SNMP. By separating system configuration
and user interfaces, 6WINDGate™ XMS greatly reduces management
development cycles. Instead of developing a complete management
system from scratch, 6WIND customers can focus on consolidating
management across various sub-systems as well as building advanced
policy-based management. As a result, they are increasingly
using this framework to integrate proprietary software, 6WINDGate™
functionalities and third party software components together.
6WIND customers can manage an entire partner ecosystem to
quickly get to market with high-performing, full-featured multi-services
security gateways. |
Clear OEM benefits
| • |
Reduced development and integration
cycles and costs with comprehensive, pre-integrated networking
middleware and highly customizable management system |
| • |
Optimized R&D resources for
leveraging core security competence and differentiation |
| • |
Longer returns on investment: less dependence on hardware,
scalable to high-performance and richer technologies
|
|
