Simplifying the Enterprise Edge 
Products   | Solutions   | Resources   | Support   | News & Events   | About Us

 
Home » News & Events
NetDevices' Next-Generation Architecture Enables Fully Unified Services Networking

Innovations in SG-8 Unified Services Gateway Include Single Pass Packet Classification, Fully Modular Operating System, and Dedicated Lifelineâ„¢ Management Framework

SUNNYVALE, Calif., June 27, 2005—To enable truly unified services networking, NetDevices, Inc., a developer of services gateway products for enterprise branch networks, has created an advanced system architecture and a method for classifying and inspecting packets for its SG-8 Unified Services Gateway (USG), which was introduced today. Existing multi-function networking products are not much more than a collection of independent service appliances consolidated into one box, offering little in the way of economies of scale, cost, processing, or management. NetDevices purpose-built the SG-8 USG from the ground up to reduce complexity; optimize network performance; and unify services, including next-generation services such as Voice over IP (VoIP) as well as a range of data, security, and branch office services.

At the heart of full services unification is the company’s OnePass capability for packet classification and inspection; OnePass also ensures excellent performance and scalability. Other important elements of the SG-8 are the ModuLive™ modular operating system, which optimizes interprocess communications within the SG-8 USG, and the Lifeline™ management framework, which ensures centralized management across services and always-available system access.

“NetDevices realized that the architecture for multi-function devices, especially when used in branch offices, needed to be rethought from the ground up,� said Rob Haragan, co-founder and vice president of engineering at NetDevices. “When individual components and processes are connected together in a disjointed way, performance, especially of real-time services such as VoIP, can suffer. The SG-8 Unified Services Gateway takes a system-wide approach to processing and management; our architecture allows services to work together rather than in isolation, thus ensuring the highest possible performance, reliability, and manageability.�

“A services gateway isn’t a router, switch, or firewall with features added on,� said Zeus Kerravala, vice president, Yankee Group. “It’s a purpose-built device designed from the ground up to do all these functions, and more, while optimizing the productivity of the IT staff responsible for enterprise remote offices.�

OnePass Enables Unified Services
Packet classification and inspection are essential for services processing. Traditional routers and today’s consolidated services systems use Access Control Lists (ACLs) to classify packets for service processing. Different ACLs identify packets that qualify for different services, such as firewall or security. A packet may need to be processed through several services, yet most consolidated systems still classify packets one service at a time, as if they were passing through multiple independent appliances. The greater the number of services, the greater the processing load and the less efficient the overall system becomes.

OnePass offers a radically more efficient solution to packet classification and inspection with an elegant syntax for defining classification and specifying complex policies. As a result, the SG-8 USG provides global classification of packets for all services, down to an application’s payload level, in a single pass. Once a packet is classified, it is processed only through the appropriate services. With service modules relieved of the need to classify and process every packet, CPU efficiency dramatically increases, improving service performance and reducing the risk of errors.

The OnePass syntax provides scalability, making it easy to add new services without having to reroute packets and without straining the gateway’s resources. Because a packet is inspected in one pass when it enters the gateway, latency is minimized no matter how many service modules the customer adds. With consolidated systems, latency constantly increases and scalability degrades because each additional service requires significant additional processing.

Next-Generation Operating System
NetDevices’ carrier-class, next-generation operating system, ModuLive, optimizes interprocess communications within the SG-8 USG. ModuLive has an open, flexible, modular architecture that is divided into a data plane, a control plane, and for the first time, a management plane, thus enabling the full separation of data and management traffic.

ModuLive has a hardened forwarding path into which multiple services are inserted and integrated. This modularity future-proofs the USG; as new service modules become available, users can easily plug them into the modular plane within the forwarding process. Users can also start and stop individual service modules, fix bugs, and update modules, all without having any impact on other services in operation. In contrast, existing consolidated routers and service platforms require a full product outage to upgrade or add individual services.

ModuLive also lowers the risk associated with introducing new functionalities. Instead of purchasing an entirely new box, customers simply purchase a new software module that easily plugs into the existing architecture, which is already a known entity. Customers can also add extra processing modules to the system, ensuring new services always have the horsepower they need to run at peak performance.

Vendors of older integrated systems often have multiple operating system versions released concurrently, making it difficult for customers to add new services or update their systems. NetDevices, on the other hand, maintains one active version of the ModuLive OS and of all services, making it easy for customers and resellers to keep their USGs completely up to date.

Management Framework Provides High Availability
NetDevices’ Lifeline dedicated management framework provides the industry’s highest level of always-available system access and significantly reduces management costs. Lifeline consists of a dedicated management processor in each hardware module with N+1 failover support, all connected by a dedicated management backplane. All services are completely accessible, deployable, and manageable from a central location, even when other portions of the SG-8 USG are not available. When the control plane of a traditional device is unavailable, on the other hand, the whole device is unavailable. If the primary path between corporate IT or the managed service provider’s network operations center and the gateway at the branch is down, IT staff can still access the NetDevices platform via dial-up or cellular secondary paths. Headquarters thus never loses access to and control over the branch platform due to disruptions such as misconfigurations or Denial of Service (DOS) attacks.

Putting Security First
All services enabled the by the SG-8 USG are performed at correct points in the packet flow. In typical integrated systems, for example, packets go to an unprotected router first, where they are forwarded to a wide variety of security services such as firewalls and content filters. This flow opens the router to DOS attacks or other security problems. The SG-8 USG applies security first; security services include a stateful Layer 7 firewall, intrusion detection and prevention, and web filtering. The gateway is thus able to eliminate DOS attacks, intrusions, and more before it verifies the packet as safe and forwards it to the router and on to the internal network. Session search and content analysis, as well as packet forwarding, are only done once. The OnePass inspection capability makes it easy to add on new security applications, and the entire SG-8 USG platform, including VoIP services, remains highly available and manageable even under severe attacks.

Price and Availability
NetDevices SG-8 Unified Services Gateways are currently shipping and available now. Pricing begins at $14,990 USD.

About NetDevices Inc.
Founded in July 2003, NetDevices, Inc. provides next generation products that simplify the multiple technologies found in remote enterprise networks. NetDevices unified services gateways unify multiple security and networking services into a single, highly available platform, while vastly improving manageability. Enterprises can significantly reduce their total cost of ownership while retaining flexibility, and increase the serviceability and reliability of critical branch services. NetDevices is headquartered in Sunnyvale, California. For more information on NetDevices, please visit www.netd.com.

Julie Huang
EngagePR
510-748-8200, ext. 209
jhuang@engagepr.com

Mark Weiner
NetDevices, Inc
408-734-5400, ext. 204
mweiner@netd.com

 
Copyright © 2005-2008, NetDevices Inc. All rights reserved. NetD, NetDevices, the NetDevices logo,
ModuLive, LifeLine & OnePass are trademarks of NetDevices, Inc. 		Feedback | Privacy Policy