Nokia rolled out an enhancement to its line of security appliances
yesterday to make them more resilient. Companies and service
providers can now cluster as many as four appliances with
load-balancing and failover capabilities.
The IP Clustering feature can be used to scale up firewall or IP
VPN (Internet Protocol virtual private network) functions provided
through Check Point Software Technologies software on Nokia's
security appliances. It allows as many as four boxes to work as a
single entity, with a single external and a single internal IP
address.
Nokia announced last December that clustering would be available in
the first quarter of this year, but were delayed by the difficulty
of product development, said Dan MacDonald, vice-president of
marketing and product management at Nokia Internet Communications.
"It's taken longer to deliver that product at the level of quality
that the market demands," MacDonald said.
The IP clustering technology distributes packet processing among
the four appliances and redistributes it to the remaining boxes in
the event a system fails or is removed for maintenance. Users' VPN
sessions can continue without interruption, according to
Nokia.
Nokia offers a range of security appliances, from the IP330 for
small businesses and remote offices to the IP740 for service
providers and large enterprises.
All come with Nokia's IPSO (IP Security Operating System), which
includes Check Point's firewall and VPN software as well as
Internet Security Systems intrusion detection software, said
MacDonald. Nokia is adding other security functions from other
third parties to the devices through a partner programme.
The company plans later to offer clustering for other functions and
to expand clustering beyond four devices, MacDonald said.
"Clustering is such a deep process that you need to do it one
application at a time," MacDonald said.
IP Clustering is an improvement upon an earlier failover technique
used by Nokia called VRRP (Virtual Router Redundancy Protocol).
That approach required a backup device to stand by inactive,
waiting to take over in case of a failure.
"With clustering, you're able to make the two (or more) boxes all
active," MacDonald said.
The clustering capability will become available worldwide in August
in version 3.6 of IPSO. That version also will include
disk-mirroring capability, which will allow for redundant disks in
a single Nokia security appliance, providing another reliability
tool. The new capabilities will be available to existing customers
at no extra charge.