Nokia unveils clustering for security appliances

Nokia rolled out an enhancement to its line of security appliances yesterday to make them more resilient. Companies and service...

Nokia rolled out an enhancement to its line of security appliances yesterday to make them more resilient. Companies and service providers can now cluster as many as four appliances with load-balancing and failover capabilities.

The IP Clustering feature can be used to scale up firewall or IP VPN (Internet Protocol virtual private network) functions provided through Check Point Software Technologies software on Nokia's security appliances. It allows as many as four boxes to work as a single entity, with a single external and a single internal IP address.

Nokia announced last December that clustering would be available in the first quarter of this year, but were delayed by the difficulty of product development, said Dan MacDonald, vice-president of marketing and product management at Nokia Internet Communications.

"It's taken longer to deliver that product at the level of quality that the market demands," MacDonald said.

The IP clustering technology distributes packet processing among the four appliances and redistributes it to the remaining boxes in the event a system fails or is removed for maintenance. Users' VPN sessions can continue without interruption, according to Nokia.

Nokia offers a range of security appliances, from the IP330 for small businesses and remote offices to the IP740 for service providers and large enterprises.

All come with Nokia's IPSO (IP Security Operating System), which includes Check Point's firewall and VPN software as well as Internet Security Systems intrusion detection software, said MacDonald. Nokia is adding other security functions from other third parties to the devices through a partner programme.

The company plans later to offer clustering for other functions and to expand clustering beyond four devices, MacDonald said.

"Clustering is such a deep process that you need to do it one application at a time," MacDonald said.

IP Clustering is an improvement upon an earlier failover technique used by Nokia called VRRP (Virtual Router Redundancy Protocol). That approach required a backup device to stand by inactive, waiting to take over in case of a failure.

"With clustering, you're able to make the two (or more) boxes all active," MacDonald said.

The clustering capability will become available worldwide in August in version 3.6 of IPSO. That version also will include disk-mirroring capability, which will allow for redundant disks in a single Nokia security appliance, providing another reliability tool. The new capabilities will be available to existing customers at no extra charge.

Read more on Antivirus, firewall and IDS products