B1 Top of Rack Security Switch and NFV Platform

Good, Better, Best

The “next big thing” in the Virtualization of In-Rack Security

The B1 is at the center of two major trends:

1) moving security services close to the servers being protected
2) the virtualization and consolidation of security services.

The graphic and text below present how these two major trends generated the three phases of top-of-rack security – Multiple Physical Appliances, Virtualization Appliances, and B1 Security Switch

Good

Multiple Physical Appliances
  • Provides security services to servers installed in a rack
  • Best of breed solutions
  • Stealing rack space from servers
  • Highest hardware tax
  • Limited network flexibility and increased deployment cost

Better

Virtualized Appliances
  • Consolidation of Network Services
  • Reduced CAPEX for network service deployment
  • Stealing rack space from servers
  • Server and network domain typically handled by two different organizations
  • Duplicated infrastructure adds cost and decreases power and cooling requirements
In the initial Physical Appliances phase, a hardware device was purchased and installed for each security application. For example, a Firewall system, IDS system and a WAF system could exist at the top of the rack providing security services for the rack. The good news was that the applications running on the servers in the rack were more secure. The bad news was a loss of 3U of rack space to just security services.

While each of the physical security appliances came in a 1U rack-mount server, the actual internal hardware tended to require much less space. Thus, the next phase of Virtualized Appliances was born. A high-end Intel server with dual sockets and lots of cores replaced the multiple physical application devices. The security applications ran on Virtual Machines (VMs) within a single system.

The security VM strategy saved rack space and cost. The example configuration with a Firewall, IDS, and WAF applications goes from 3U to 1U. This provides space for two more revenue-producing server in the rack.

The B1 provides the “next big thing” in top-of-rack security by consolidating the top-of-rack switch with the virtual application server. The B1 is an incredibly dense solution that combines a 480Gig switch with an Intel compute environment of up to 24 cores. With the B1 top-of-rack security is provided in the same rack space as the switch. Thus, the example security configuration with a Firewall, IDS, and WAF application that consumed 3U of rack space in the Physical Appliances phase to 1U in the Virtual Appliance phase now fits into the top-of-rack switch location. This frees all the slots below the top-of-rack switch for revenue producing servers.