|Page (1) of 1 - 01/28/08||email article||print page|
ConSentry Delivers Integrated User and Application Control to LAN Access Edge with Intelligent Switching Architecture(January 28, 2008)
The following new LANShield Switch features provide support for Intelligent Switching in the LAN:
§ Application-based quality of service (QoS) at Layer 7
§ Increased control of Web-based applications and instant messaging (IM)
§ Complete LAN visibility by user, role, server, and file
§ Automatic device and role discovery, drawing from existing identity stores
§ New security and policy features to protect against MAC spoofing and avoid static IP address mapping of web destinations
ConSentry customer Adaptec (NASDAQ:ADPT) has standardised on ConSentrys Intelligent Switching to replace existing Cisco access switches across its global operations. ?The value of having this degree of user and application intelligence integrated into our wiring closet switch is key, said Lou Owayni, global network and telecom manager at Adaptec. ?With LANShield, when new users are placed in Active Directory, I can safely and automatically add them to the LAN and implement access controls with a single touch. This simple deployment improves efficiency and reduces our TCO tremendously. We also can automatically track where users go and what resources they need to perform their roles, which helps me better manage application performance and develop policies that map to real business practices.
Editors Note: See the announcement ?Adaptec Selects ConSentry LAN Access Switch as ?Best in Class for Network Upgrade and Future Growth, also released today, for more details of the Adaptec deployment.
Legacy LAN Architectures Cannot Support Intelligent Switching
Todays IT organisations are being asked to simultaneously support a more dynamic, collaborative, and diverse workforce; rapidly roll out new LAN services such as VoIP and wireless; and optimise application performance to ensure high user productivity, all while protecting corporate assets and logging user activity in detail.
The legacy access-switch architecture complicates these tasks because it operates on IP addresses and Layer 3/Layer 4 ports and has no inherent understanding of users, user roles, devices, applications, or the interplay of these factors. IT must create and maintain complex VLANs and ACLs and/or deploy third-party applications and devices to implement even the most basic user and application control. To align LAN operations with business needs requires smarter networks that have the processing performance and native understanding of users and applications to deliver complete control, right in the wiring closet.
Legacy Architecture Intelligent Architecture
Performance Wire speed Wire speed
Latency Microseconds Microseconds
Hardware Fixed Programmable
Processing Packet-based Flow-based
User context IP address Identity, device, role
Application detail Limited to L4 Rich L7+ detail
Access policies Complex VLANs/ACLs Dynamic by user/role/app
Security Overlay, external apps Embedded
Audit/Troubleshoot Sampled L4 data Full user/app/resource data
ConSentrys LANShield Switches incorporate an Intelligent Switching architecture that combines a multi-threaded, multi-core, custom packet processor with enterprise-class merchant switch silicon and a mature software suite to provide detailed Layer 7 visibility and dynamic control of users and applications across the LAN.
The research firm Gartner has defined the five dimensions of network design as access/location, user, application, device, and activity. ?Network architects must understand these dimensions to effectively build a next-generation network, said Mark Fabbi, vice president, distinguished analyst, Gartner. ?Beyond designing around these elements, IT needs a way to implement controls based on them, and enabling these dimensions in a switch allows that control to be pervasive. Given the changing nature of traffic patterns in todays LANs, with less traffic following a hub-and-spoke design and an increase in peer-to-peer applications, that control is best implemented at the user edge.
Intelligent Switching Addresses Todays LAN Requirements, Fulfills ConSentry Founding Vision
ConSentry was founded to deliver the next generation of switching platforms, and the company has spent the last two years tuning its systems to support the most demanding LAN applications, such as wire-speed access security. Now the company has extended its support to the full range of user and application control in a high-performance, intelligent switch that leapfrogs legacy architectures.
The ConSentry LANShield Switch authenticates users and devices against standard identity stores and automatically learns their roles. Then for each traffic flow, it identifies the application in use, applies policies based on role, and fully tracks all activities. Rolling out new services and supporting shifting workforces becomes much simpler because the need to manually separate traffic onto different VLANs, implement and update ACLs, and configure QoS policies is eliminated.
Incident response and troubleshooting is also faster and easier. Instead of combing through logs of IP addresses and Layer 4 ports, IT gets a complete and consolidated dashboard view of who is doing what on the LAN, with username, role, application, and server all tied together. This tight integration enables granular control, down to file-based views of individual and global application use.
?Our vision for ConSentry has always been to build a network that automatically and transparently provides user and application control, said Jeff Prince, founder and CTO of ConSentry. ?The legacy switch architecture supports connectivity, but with limited intelligence or control, so we knew there was a huge opportunity in building a switch that could natively support todays much more demanding global business environment without increasing complexity, as so many other technologies have. To deliver the ?smarts of Intelligent Switching requires new, multi-threaded processing hardware and new parallel-processing software. Standard CPUs and switching software can never support the packet processing and correlation requirements of Intelligent Switching.
ConSentry has been awarded five patents for its LANShield processor related to wire-speed packet handling.
Pricing and Availability
ConSentry LANShield Switches with Intelligent Switching are available today at a base price of $7,995 and the latest version of the LANShield OS is available as a free upgrade to ConSentry switch customers with a current support contract.
Related Keywords:consentry, lanshield