TMCnet
New Coverage :  Asterisk  |  Call Center Outsourcing  |  Call Recording  |  SIP Trunking  |  Hosted Exchange  |  PBX
WEBINARS
TMCnet CHANNELS
#1 VoIP Enabler: Risk-free, Quick & Easy Deployment
4G Mobile Backhaul
Appliance Deployment
Application Performance Monitoring
Auto Attendant
Auto Dealer CRM
Bandwidth Management
BPA (3rd Party Remote Call Monitoring)
Broadband Solutions
Budgeting Software
Business Ethernet
Business Process Automation
Business Solutions
Business VoIP
Call Accounting
Call Center
Call Center Certification
Call Center Furniture
Call Center Hiring
Call Center Management
Call Center On Demand
Call Center Operations
Call Center Scheduling
Call Center Software
Call Center Solutions
Call Center Training
Call Center Wallboards
Call Center Workforce Management
Call Monitoring
Call Recording
Cloud Based Predictive Dialer
Cloud Business
Cloud Communications
Cloud CRM
Cloud Recording
Cloud Storage
Cloud Telephony
Communication Test Equipment
Consumer Robotics
Contact Center Outsourcing
Contact Center Software
Coordinated Care Management
CRM Cloud Computing
Customer Engagement
Data Center Network
Data Center Power
Data Center Services
Deployment and Management Solutions
e911
E911 Hosted Solutions
Embedded Multi-core
Enterprise Fax over IP
Enterprise SBC
Environmental Monitoring
Ethernet Extender
Expense Report Software
Fax
Fax Over IP
Fax Server
Fax Software
Fax VoIP
FoIP
Forensic Accounting
Google Apps - News
Green Builders
HD Voice
Healthcare Robotics
Hosted Billing
Hosted Call Center
Hosted Call Recording
Hosted Contact Center
Hosted PBX
Hosted Predictive Dialer
Hosted Softswitch
Identity Management
Industrial Robotics
Infrastructure as a Service
IP Communications
IP Fax
IP Media Server
IP Phone Maker
IP Phone Systems
IP Phones
IP Softswitch
IP Transit
IVR
IVR System
Knowledge Management
Lead Management Software
Least Cost Routing
Load Balancer
Load Testing
Managed Networks
Master Agent
Metro Ethernet
Military Robotics
Mobile Banking
Mobile Device Management
Mobile Security Management
Mobile Unified Communications
Mobile Video
Mobile VoIP
NERC Compliance
Netflow
Network Acceleration
Network Diagramming
Network Performance Management
Online Video Platform Solutions
Out of Band Management
Password Manager
PBX
Power Protection
Predictive Dialer
Quality Monitoring
Quality of Management
Renewable Energy
Sales Software
Satellite Communications
Satellite Optimization
SIM Server
SIP End Points
SMB VoIP
SMS Text Marketing
Social CRM & Mobile Care
Softswitch
Software Licensing
Solar Power
Spanish Language Contact Center Solutions
Speech Analytics
System Integrator
Telecom Expense Management
Telecom Platform Deployment
Telemarketing Software
Text Messaging
Unified Performance Management
Video Conferencing
Video Content Management Systems
Virtual Call Center
Virtual Office
Virtual PBX
Voice Broadcast
Voice Management
Voice Peering
VoIP Call Center
VoIP Call Recording
VoIP Gateways
VoIP Management
VoIP Solutions
VoIP Switch
WAN Optimization as a Service
Wind Power
Wireless Connectivity
Wireless Expense Management
Wireless Management
Workforce Management
Workforce Optimization
Share
Interview: Netronome Innovates SSL Inspection Technology

TMCnews Featured Article


March 08, 2010

Interview: Netronome Innovates SSL Inspection Technology

By Rajani Baburajan, TMCnet Contributor


The Pittsburgh, PA- based Netronome develops highly programmable semiconductor products that enable “intelligent and secure flow processing for virtualized servers and network equipment.” 

In February Netronome showcased a few new solutions for 40 and 100 Gbps applications of the NFP-32xx Network Flow Processors and network acceleration cards at the RSA (News - Alert) Conference at Moscone Center in San Francisco. In a related announcement the company also introduced Netronome SSL Inspector what they claim as “the industry's first SSL inspection appliance for 10 Gbps networks.”


In an interview with TMCnet, David Wells, Netronome’s vice president of technology and general manager of Europe, shared the details of Netronome’s latest solutions and their applications in today’s networks. Our exchange follows.

TMCnet: Could you briefly introduce your company Netronome?

David Wells: Netronome develops highly programmable semiconductor products that are used for intelligent flow processing in network and communications devices. Netronome’s solutions include network flow processors and acceleration cards that scale from 10 Gbps to 100 Gbps. They are used in carrier-grade and enterprise-class communications products that require deep packet inspection, flow analysis, content processing, virtualization and security.

TMCnet: What is the role of Netronome’s flow processing solutions in today’s network environments?

DW: In today’s networks there is an increasing requirement to apply intelligent processing to network traffic as it flows across gigabit speed links. Intelligent processing requires that both the packet payload and packet header information can be processed at line rate. This creates a need for a new class of flow processing, silicon and systems that go beyond the traditional packet header processing performed by network processors. The types of applications that require flow processing include in-line security scanning, user- and content-aware network control, wireless network subscriber tracking – just to name a few.

The Netronome Network Flow Processors, or NFP-32xx, and the family of acceleration cards/platforms built on this chip offer a comprehensive flow processing solution that can work at speeds up to 40 Gbps and beyond. Our customers may do their own system design using the NFP-32xx chip or can use the acceleration cards and platforms that Netronome provides as building blocks in their product development.

Netronome’s NFP-32xx brings breakthrough performance to a broad range of demanding networking applications, including shared service blades in switches and routers, 3G and LTE (News - Alert) wireless infrastructure, security appliances and virtualized servers.  The NFP-32xx is powered by 40 programmable networking cores running at 1.4GHz to deliver 56 billion instructions per second for L2-L7 processing. It is the first network flow processor to combine high-performance network, content and security processing into a fully programmable device to provide 40 Gbps of line rate L2-L7 processing and deep packet inspection. The NFPs high-speed PCIe 2.0 interface offers enhanced IOV support for the tightest coupling with Intel (News - Alert) processors in embedded communications designs. The NFP is backed by the industry’s largest suite of development tools, including an optimizing C-compiler and is the only processor that is backwards compatible with the market-leading Intel IXP-28XX network processor.

TMCnet: Tell us more about the recently introduced SSL inspection appliance for 10GigE networks? 

DW: The rise of cloud computing and Web 2.0 has many applications using SSL encryption to secure information while in transit over open networks. However, for every action there is a reaction and as a result of the increase in the use of SSL for encryption, enterprise networks are being exposed to attacks and malware from the outside and existing intrusion detection and prevention systems, or IDS, IPS, firewalls and other security appliances (that cannot track SSL traffic) are being made useless. These security appliances are unable to see inside the encrypted SSL traffic and therefore cannot detect or prevent any threats that may be contained within the SSL session. 

In order to address this issue, without requiring existing security devices to be replaced, Netronome developed the SSL Inspector Appliance. This device builds on the high performance flow processing systems that Netronome develops to offer a device that can be deployed in 1 Gbps and 10 Gbps networks and allows for existing security appliances to see inside SSL in order to detect and prevent threats.

In short, the SSL Inspector Appliance maintains an end-to-end SSL session between the client and the server while providing a copy of the decrypted traffic to the attached security appliances so that it can detect and prevent any threats that may be present.

TMCnet:  What are the target areas of this application?

DW: SSL inspection is typically deployed alongside Intrusion (News - Alert) Prevention Systems, IPS, Intrusion Detection Systems, IDS, Data Loss Prevention, DLP, systems and network forensics systems. With these appliances, the SSL Inspector Appliance is acting to prevent incoming attacks over SSL, IPS, IDS, preventing malware from infecting enterprise client systems, IPS, and detecting and preventing leakage of sensitive enterprise information, DLP, network forensics.

TMCnet:  How does the solution differ from the legacy solutions available for SSL inspection?

DW: There are no real legacy options for SSL inspection. The SSL Inspector is a fairly unique solution. Some security appliances do have the ability to deal with SSL traffic built into them, but the performance is poor and typically the functionality is limited. In the past, enterprises only have had small levels of SSL traffic so the problem was not seen as important. However, the level of SSL traffic in an enterprise today can be over 80 percent of the total traffic, making the problem unavoidable. Choosing not to use SSL is also not really an option since SSL is the core security mechanism used for Web 2.0 applications such as Saleforce.com, Gmail etc.

TMCnet: How do you expect the technology to evolve in the coming years, as the networks become more congested and demanding?

DW: Within the next few years SSL inspection on 1 Gbps and 10 Gbps links will become more common and it is likely that an SSL inspection device in the network will feed non-encrypted copies of SSL traffic to one or more security appliances. The use of SSL will also increase. A recent example of this trend is the move by Google (News - Alert) to change the default settings or Gmail from HTTP to HTTPS, ultimately switching millions of users to SSL for their Gmail sessions.

TMCnet: What are the new products in pipeline from Netronome?

DW: Netronome's new NFP-32xx is now sampling and there will be a host of new products that makes use of this silicon which will come to market over the course of this year. This will include higher performance SSL inspection appliances and enhanced features on both the current and future SSL appliances.

Rajani Baburajan is a contributing editor for TMCnet. To read more of Rajani's articles, please visit her columnist page.

Edited by Kelly McGuire