UNP = Unecessary New Paradigm?
[I have a backlog of blog posts due to my 2 weeks on the road. Excuse my trip into last week.]
During our UTM Smackdown panel @ RSA, Alan Shimel from StillSecure
kept hinting (okay, yelling) about StillSecure’s upcoming product
announcement regarding their bringing a UTM solution to market.
Firstly, I think that’s great, because as I agreed, the natural
evolution of (Enterprise) UTM includes the integration of functionality such as NAC, VA/VM, etc., and StillSecure’s
products are top-notch, so I expect another excellent product from the
boys from Colorado.
I also know that Alan and Mitchell really know
their market well and do a fantastic job with product management and
marketing within this space. But Alan/Mitchell’s announcement has me puzzled because there’s some serious amount
of verbiage being tossed about here that’s ignoring a whole lot of reality that even the best marketing distortion field can’t obfuscate.
I found it interesting on Alan’s blog
that actually what he meant to say is that StillSecure intends to bring
a “new” type of product to market that isn’t described as UTM at all –
in fact, Mitchell Ashley (StillSecure’s CTO – and hopefully he won’t
get mad when I call him a friend) is attempting to define both a new paradigm and market segment that they call Unified Network
Platform, or UNP. See here for Mitchell’s whitepaper and description of UNP.
UNP should not, however, be confused with UPN, the television network that brought you such hits as “Moesha.“
UNP is defined as "…a new paradigm for addressing the needs of network and security functions. Breaking the mold of the proprietary vendor hardware appliance solution, UNP provides an open platform architecture consisting of open software and general purpose hardware, enabling the convergenceof network applications."
The Model is illustrated graphically by this diagram which looks surprisingly similar to the Carrier Grade Linux group’s model and almost identical to the Crossbeam X-Series architecture:
Clever marketing, for sure, but as I pointed out to Alan at the
Smackdown, short of the new title, neither the model nor the approach
is new at all. In many aspects of how Alan described his new product line, it’s exactly what we do @ Crossbeam. I was intrigued, for sure.
Apart from some semantic issues surrounding the use of open source
to the exclusion of COTS and swearing off any potential benefits of optimized hardware, Mitchell’s definition of UNP attempts to
re-brand concepts and a technology approach that’s quite familiar to me.
The model as defined by Mitchell seems to lay claim to an operational and technology integration
model that has been defined already as the foundation for Next
Generation Networks (NGN) that is at the core of the designs
IMS/converged network working groups (and VMWare’s virtual appliance
model for that matter) and call it UNP.
I really don’t get the novelty here.
Virtualization? Check. Software is the key? Check. "Proprietary" hardware versus OTS hardware?
Who gives a crap!? If the cost of a product and its positioning within the network is justified by the performance, scale, availability of software choice as defined by the user and the appropriate reduction of risk, then it seems to me that the only people who need to make the argument complaining about "proprietary" hardware are those that don’t have any…
I agree that the advance of OTS hardware and multi-core technology is yielding amazing value for the dollar spent and much of the hardware solutions today are commoditized at birth, but I maintain that there is a point of diminishing returns at which even today’s multi-core processors experience limits of memory and I/O (not to mention the ability of the software itself to take advantage of) that is specific to the market into which solutions are designed to operate.
You’ll get no argument from me that software is the secret sauce in the
security space and even in Crossbeam’s case, the hardware is a means to
an end, so if integrating FPGA’s and optimized network processing
hardware provides for hyper-performance of standard Intel reference
designs, ‘splain to me how that’s a bad thing?
I suggest that UNP is an interesting perspective and sheds light
on the “convergence” of security functionality and virtual appliances
for the SME/SMB market, but new it ain’t, and this sort of solution does not fly in the large enterprise, service provider or mobile operator. It’s also a little odd and
naive to suggest that this is a “network” platform approach that will
rival dedicated networking functions at anything but the SME/SMB level.
Now, I’m not trying to assail Mitchell’s efforts or creativity here,
nor am I suggesting that this is not an interesting way to try and
distance StillSecure from the other 1000 me-too FW, nee IPS nee
small-office UTM fray, but there’s also a danger in trying to create
distinction in an already acronym-burdened industry and come off
looking like your doing something completely new.
I had a point-by-point response to Mitchell’s summary points of his whitepaper, but as I reviewed it I realized that this would come across as one of those enormous Hoff posts — not to mention it read as a Crossbeam versus StillSecure manifesto…and given that Alan’s into his kinder, gentler stage, I reckoned I’d give it a go, too.
…we’ll see how long that lasts.
/Hoff
Chris- nice post. Mitchell and I would be interesting in talking to you more about this. Lets try and catch up
alan
Will do. As I said, not intended to be a shot across the bow, but I'm confused if ultimately we're getting closer to agreeing on things!?
If that happens, I'll just give up and retire.
CHris
Everyone is in agreement. Kumbaya! There is big UTM (or whatever you want to call it) and small UTM (or whatever you want to call it). The requirements are generally the same, but the scale is TOTALLY different. Thus different hardward architectures will be required. So everyone is right. Hallelujah.
But Alan's thing does have an interesting nuance that he'd kill me if I divulged here. So the great unwashed will need to wait another week to find out.
I think that was one of the positive outcomes of the Smackdown…I won't take credit for getting anyone to the realization of the point you make above (it's only what I've been saying for the last 1.5 years… 😉 but I'm glad that we can agree.
So since I'm one of the great unwashed (I just bathe in the glow of your gloriousness, Mike) I can't wait to see/hear what the boys have in store.
I am legitimately concerned about the points I raised in the post, but I look forward to learning more.
/Hoff
Chris – Some very thoughtful comments on your post about UNP. (The sign gave me a good chuckle too.)
I posted about this and as Alan suggested we need to catch up with you and talk about your questions and how it applies to Crossbeam customers.
But all this talk about bathing is creeping me out a bit. I'll leave that part of the conversation to you and Mike to work out. 🙂
– Mitchell
post : http://www.theconvergingnetwork.com/2007/02/unp_n…
(re-paste of the comment I made on Mitchell's blog)
Thanks for responding this way, Mitchell, because I truly am trying to grasp the distinctions you are trying to make with UNP.
I think we're actually agreeing on most things with the issue (as Mike pointed out) for departure being scale and the market application.
Also, I think we really need to delve deeper into the definition of "proprietary hardware" because today, labeling FPGA's as "proprietary" from a hardware perspective doesn't mean a thing when the functionality is re-purposable from a software perspective.
I look forward to more discussions.
Chris