A Morrisville, N.C. network security company has upped the ante with IP storage optimized chips.
NetOctave Inc., a developer of silicon-based SSL and IPsec network security solutions, announced a new product family for the IP Storage market on Monday.
The first product in the new product family, the NSP4200 Security Processor, is the first security processor optimized for the storage market, the company said. The NSP4200 utilizes NetOctave?s FlowThrough Security Architecture to deliver full-duplex 10 Gigabit Ethernet encrypted performance in storage arrays, Fibre Channel-IP (FCIP) bridges, storage routers and host bus adapters for large multi-processor servers.
Historically, security has been done on a co-processor port, according to David Mountain, marketing communications manager, NetOctave. In a situation where the percentage of secure traffic rises the overhead of routing through the processor rises as well.
In other words, network performance slows as security increases.
Mountain said the NSP4200 will find its way into storage arrays, IP/Fibre Channel bridge products, storage routers and eventually host bus adapters.
NetOctave's IP storage security technology is derived from the fruits of laboring in a past life of virtual private network security. The new FlowThrough Security Architecture accelerates large portions of the IPsec (Internet Protocol Security) protocol, which previously placed a heavy burden on the Network Processor or other processing elements in the system, the company said.
IPsec is a developing standard for security at the network or packet-processing layer of network communication. Earlier security approaches have inserted security at the Application layer of the communications model.
The new architecture incorporates packet processing, link layer adaptations for Packet over SONET and Ethernet, security association handling, and IPsec encryption/authentication functions into silicon-based products.
The NSP4200 Security Processor performs at a level of more than 5 million packets per second of IPsec protocol acceleration by combining multi-algorithm encryption/authentication, packet processing, security association (SA) management and policy lookup in a single chip.
The result, said NetOctave, is full-duplex 10 Gigabit Ethernet encrypted throughput for networked storage traffic based on protocols such as Internet Small Computer System Interface (iSCSI) and FCIP. The NSP4200?s architecture enables packet and encryption/authentication processing to be handled directly in the data path, offloading functions from the system processor or TCP/IP acceleration engine and eliminating control path overhead.
Because the NSP4200 is built to work with Programmable Network Processors (NPUs), it provides a quantum leap on security acceleration over more traditional software based systems, said Eric Mantion, senior analyst, networking technology for Cahners In-Stat Group.
"[The NSP4200] has the ability to collect statistics over time, maintain the flexibility of implementation inherent to NPUs," he said.
Mantion said the IP storage security market is ripe for the picking. "It has been a slow evolution, and up to this year, the security for IP storage was a small percentage of a small market. Now, the forecasts have shifted and it is likely to be a healthy percentage of a growing market," he said.
Mantion said the strongest competition for NetOctave will come from companies already in the security co-processor markets, but who have not yet tweaked their product to focus on IP storage.Let us know what you think about the story, e-mail Kevin Komiega, assistant news editor
FOR MORE INFORMATION:Storage security is an emerging issue iSCSI and trends in the convergence of IP networking iSCSI and trends in the convergence of IP networking