Though obscured by the economic downturn, enterprise networking is in the early stages of transformation, spurred by IP virtual private networks, data center consolidation, new security architectures and the still-nebulous promise of Web services. In the midst of a recession, visions of IP VPNs linking remote users, business partners, corporate data centers and network resources such as storage and application servers have already underpinned investments in hosts of startups working on appliances to replace existing software platforms.
The 800-pound gorilla Cisco may take its time to respond to the changes, but there are already rumors it could acquire a company working on datacenter virtualization, such as Inkra, and it's only a matter of time before niche players like Blue Coat (formerly CacheFlow), F5 and NetScreen begin to investigate mergers as well as strategic acquisitions.
WorldCom's financial uncertainty and concerns about AT&T's longevity have accelerated the transition from frame relay VPNs – essentially circuits leased from service providers – to IP-based VPNs. The impetus, accentuated in the current economic climate, is lower operating costs. But IP VPNs are not without their downside. VPNs pose security risks and don't always scale particularly well. Large VPNs may become very cumbersome to manage and maintain, counteracting much of the cost benefits. Throughput over existing VPN devices can be held up by the Triple-DES encryption process, a vulnerability some startups have already to begun to exploit.
The first response from equipment vendors has been to beef up security features on their equipment or reposition their technology to tap demand for security features. Witness NetScreen's $40 million acquisition of intrusion detection software maker OneSecure, or CacheFlow's face-lift to Blue Coat, focused on Web security gateways. Nortel is understood to be close to launching a blueprint for security across its enterprise networking portfolio – from its Alteon content switches to its TDM-based PBX – that will at least pinpoint weak spots in networks.Technology
The next questions for equipment vendors are, what will VPNs connect, and what applications will run over them? It is becoming increasingly clear that voice over IP will be part of the traffic running over VPNs, but what about Web services? Since it is unclear what will actually constitute Web services, few companies can make strategic decisions on platforms at this point. What is clear, however, is that content processing – now performed by Layer 4-7 switches, like Cisco's ArrowPoint and Nortel's Alteon box – will need to be more tightly integrated with security gear and network processing. Application-layer security will also be crucial.
The growth of VPNs overlaps with another trend in enterprise computing: consolidation of data centers. As enterprises try to rationalize the facilities that proliferated during the height of the dot-com bubble, a few startups – Inkra, Nauticus, Redline, WinCom and Array – have developed appliances that consolidate independent datacenter gear such as load balancers, firewalls and secure socket layer acceleration. Others, such as Neoteris, have developed intranet appliances that replace VPNs. Apart from lowering equipment costs, much of the management headache involved in administering multiple network elements is alleviated.Strategy
The perennial choice of build-versus-buy associated with new technology again rears its head. There are several reasons why most large vendors may tend to build. For one thing, given the state of the economy, there's limited urgency at this point, and the companies likely to put themselves on the block are those that anticipate difficulty in securing funding – hardly ideal candidates. Second, it's no easy task to reconcile a hardware-based approach – favored by the startups and companies like NetScreen – with the software-based approach that companies like Check Point and SonicWall have taken, or to integrate the new gear in a management system like Cisco's Internet Operating System.
On the other hand, NetScreen and F5 have already indicated that they will integrate more functions into their boxes, and Intel says it plans to release a security processor at some point next year. NetScreen says it anticipates its ASICs will natively support intrusion detection toward the end of next year. In other words, the trend toward consolidation of multiple network functions on a single box with integrated security is starting to become visible. Valuations are clearly not excessive, and rather than invest precious cash in research and development, companies like Cisco can acquire a promising startup for stock, and leverage the investments that venture capitalists have already made.
The two possible scenarios are strategic acquisitions by Cisco and other networking equipment players, such as Alcatel and Siemens, and mergers between niche players. At this stage, Nortel is unlikely to participate in M&A activity, since acquisitions are likely to be politically divisive and the company doesn't have much in the way of currency.
Rumors have already been floated about Cisco acquiring Inkra, which raised $30.1m in second-round funding at the end of August, drawing Morgenthaler as the lead investor. The startup has worked on virtualization of data center infrastructure – a parallel to grid computing and storage virtualization – using software modules on top of a proprietary hardware platform for multiple network functions.
How will software companies like Check Point, Internet Security Systems and SonicWall respond? For one thing, it's clear that a hardware approach has its merits, as NetScreen's performance illustrates – the company's sales growth has consistently outpaced industry growth rates. On the other hand, software is more flexible and easier to upgrade. One response is to put more software onto a box. Symantec recently rolled out a gateway appliance incorporating antivirus, firewall, VPN and intrusion detection technologies, although it's aimed at the low end of the market, where scalability is less of a concern. It's not unlikely that Check Point will do the same with its partner Nokia Internet Communications. Another alternative is to hold out until Intel develops a security processor, or until Tarari, an Intel spinoff that recently raised $13 million, releases its content-processing chips. Still, companies like Fortinet with application-layer processing ASICs may prove attractive.
Given the immaturity of VPNs, is a merger between niche players imminent? Not necessarily. But the pace will more likely be dictated by how aggressively end-to-end players like Cisco and Nortel attack the market. For the moment, NetScreen is probably reluctant to hitch up with F5 or Blue Coat, since both would be weaker partners.
the451 (www.the451.com) is an analyst firm that provides timely, detailed and independent analysis of news in technology, communications and media. To evaluate the service click here.