Check Point Systems UTM-1 and Crossbeam Systems – resolving the confusion
When Check Point Systems first briefed me on their new midrange UTM-1 appliance, they neglected to mention that their hardware designs were first worked out by Crossbeam Systems. Actually, it turns out that they even buy the hardware through Crossbeam. It took a comment here from Crossbeam’s Chris Hoff for me to realize the true story. Today, I connected with Paul Kaspian of Check Point to straighten things out. Here’s the scoop. Read more
Categories: Check Point Software, Computing appliances, Crossbeam Systems, Hardware, Platforms, Security and anti-spam | 3 Comments |
Check Point caves in
Not long ago, I wrote of Check Point Software’s unusual appliance strategy. While a lot of their sales were on partners’ Type 1 appliances – custom boxes with standard parts — the only appliances they sold themselves were Type 2 – software-only.
However, that turns out to be wrong in two interesting ways. First, it was slightly incorrect all along; Check Point’s “Edge” product line has been Type 1 for almost five years. Second and more important, a few weeks ago Check Point announced that it was finally entering the Type 1 appliance mainstream market itself. Read more
Categories: Check Point Software, Computing appliances, Crossbeam Systems, Security and anti-spam | 3 Comments |
Appliances — my conclusions! (For now, at least)
Network World today posted my column predicting a rosy future for computing appliances. A lot of the supporting research has been posted in this blog recently; here’s what was a preliminary summary and survey of appliance vendor strategies.
Subsequent to submitting the column, I developed a simpler taxonomy of computing appliance types, namely:
Type 0: Custom hardware including proprietary ASICs or FPGAs.
Type 1: Custom assembly from off-the-shelf parts. In this model, the only unusual (but still off-the-shelf) parts are usually in the area of network acceleration (or occasionally encryption). Also, the box may be balanced differently than standard systems, in terms of compute power and/or reliability.
Type 2 (Virtual): We don’t need no stinkin’ custom hardware. In this model, the only “appliancy” features are in the areas of easy deployment, custom operating systems, and/or preconfigured hardware.
Here’s what I predict for each of them.
Categories: Check Point Software, Computing appliances, Crossbeam Systems, DBMS vendors and technologies, EMC and VMware, Virtualization | 3 Comments |
Guide to my recent research on computing appliances
My recent flurry of research into computing appliances was spurred by a column I just submitted to Network World. In that column there’s a URL – pointing to this post – promising a guide to more details on that research. Thus, here’s a set of links to my posts of the past few months on computing appliances, both here and on DBMS2.
Half or more of the computing appliance vendors I’ve looked into follow very similar hardware strategies: They use mainly standard parts; they include uncommon but off-the-shelf networking (and sometimes encryption) accelerators; and they of course optimize the mix of those parts and general hardware architecture as well. (EDIT: I actually gave names to three strategies — even if they were just “Type 0”, “Type 1”, and “Type 2” — in this overview of data warehouse appliance vendors. And in another post I considered arguments about whether one would want a data warehouse appliance at all.) Examples I’ve posted about recently include – and I quote the forthcoming column – “DATallegro and Teradata (data warehousing), Cast Iron Systems (data integration), Barracuda Networks (security/antispam), Blue Coat Systems (networking), and Juniper (security and networking).” (ANOTHER EDIT: But I think DATAllegro’s strategy has changed.)
By way of contrast, there’s also a group whose stance is more along “hardware/schmardware” lines. Sendio and Proofpoint (in most cases) don’t really do anything special at all in their boxes; what’s more, Proofpoint actually has significant software-only deployments over VMware’s virtualization layer. Kognitio and Greenplum think their software-only data warehouse offerings are appliance-equivalents too; indeed, Greenplum’s software is sold mainly bundled with Sun hardware (to the extent it’s sold at all), and Kognitio is hinting at an appliance-like offering for competitive reasons as well. Check Point Software plays both sides of the field; it offers its own kind of “virtual appliance,” but also gets many of its sales through appliance vendors. Its most interesting such partner, if not its biggest, is Crossbeam Systems, which in my opinion may very well represent the future of appliance technology.
Crossbeam Systems — the future of appliances?
Crossbeam Systems is the closest thing I’ve found to what is – at least tentatively — my vision of the appliance future. It offers a blade-based computing box that differs from standard boxes in the same direction that appliances typically do. I.e., Crossbeam systems boast beefed up networking, maybe some beefed-up reliability as well, and maybe other beefed-up security processing in the future. Then they offer a software infrastructure (virtualization, robustness, etc.) to let various pieces of software – in Crossbeam’s case, security and security-like tools – run on the box. Read more
Check Point Software’s unusual appliance strategy
Check Point Software is the traditional leader in the firewall market, having seized large market share in its early days by innovating convenient, GUI-based policy management tools. Except in niches, its competitors today are mainly networking giants Cisco and Juniper. (Juniper acquired Netscreen in 2004.) Unlike most other security software vendors, Check Point continues to focus on being a packaged software vendor (but see below). Even so, almost all Check Point software is sold either on appliances or as a “virtual appliance.” I’ll explain.
Check Point started out selling software on Sun boxes and the like. Rather than get into appliances itself, it formed partnerships with hardware vendors who’d roll its software into appliances, and soon a lot of its business came from this channel, especially via Nokia. This strategy has continued, with Crossbeam Systems joining Nokia in providing large chunks of Check Point’s overall revenue.
While not liking to disclose much in the way of revenue breakdowns, Check Point admits that appliances dominate its business at the high end of the market, where high-speed networking, extra reliability, and so on are important (especially the reliability). Appliances also dominate at the low-end, where ease of deployment is crucial. (“Custom” hardware in this case is best represented by an accelerator card called “VPN-1,” made by Silicom, Ltd.) But in the big middle, packaged software is still highly competitive, accounting for (according to outside estimates that the company doesn’t laugh at) half or so of Check Point’s business.
But here’s the thing. Relatively little of that software is still, say, a firewall you can install on a Linux server. Rather, Check Point sells many more firewall/OS bundles, which are (it is claimed) super-easy to install on random Intel-based boxes. These are the “virtual appliances.”* Is this cheaper than a tailored appliance? Well, that depends a whole lot on whether you had an extra box lying around, or whether you have a master maintenance contract with a standard box vendors, and so on. Evidently, many customers think it is, while many other customers prefer physical appliances.
*Check Point also has VMware-based virtual appliances, but so far isn’t getting much uptake of those except for demo purposes.