@Mitchell-Thank you for the complimentary post. I am glad to hear that you plan to make everthing open. In that case, I’m positive that UNP will be the best option for many.

A couple of things about UNP; one of the areas I’m working to innovate in is to create an open platform where essentially everything is open, including the platform as well as modules that ride along on top of it.

In my mind, that’s the best of all worlds; create an appliance-like environment but instead of an appliance the vendor puts together (software choices, and hardware), you the user can take the UNP as the starting point and if you chose to you can then fully customize it with other modules, or even create your own security and network functions. Additionally, if you as a security professional don’t like something in how the platform is constructed then that would open for customization as well.

Here’s an interesting idea; make the UNP available in some form of open source. Now anyone can innovate with UNP and completely craft their own environment or make technology that others can use, and create new modules that can be shared with others.

Also, regarding the comparison with Crossbeam, I think Rory said it well. Crossbeam has an excellent platform for operating 3rd party products on some attractive hardware. Chris Hoff, a good friend of mine, has done an excellent job with Crossbeam’s architecture and approach. One thing to note is that they focus on carrier and high end enterprise markets. Here’s a thought; UNP could actually be a good complement to what they are doing.

Thanks for the conversation all. If you like, check out some early work we are doing with UNP at http://cobia.stillsecure.com.

Also, Jon, I put up a post about your site; http://www.theconvergingnetwork.com/2007/03/jonsviewsonappliances1.html

Good work all.

• Mitchell

What would be really nice is a standardised (SOA-based) compliance framework (open-source of course) that we could build on and just add very specific tools to address our various needs.

@Osama: I think that if you had a product where the feature sets were more like plug-ins then you wouldn’t be as much at the mercy of a vendor. You may be at the mercy of the framework that you chose, but adding, changing, and managing features would be a matter of buying or creating the appropriate plug-in for your needs. You wouldn’t have to swap out the entire solution for an incremental increase in the feature set.

@Rory: “There’s one other element to appliances that always makes me worry somewhat, which is that you’re at the mercy of the vendor for security patches.” Good Point.

“whereas the stillsecure UNP product looks (again AFAICS) to be more shaping up as something they’ll provide all the base modules for…”

I’m wondering how this will shape up as well. Hopefully anyone will be able to create a mod. That would hopefully spark lots of innovation and advancement.

Fundamentally most of these appliances run some sort of Linux or BSD based OS and where there are security vulnerabilities in the bits of the OS that the vendor has installed (which end-users probably won’t have a list of) you need the vendor to provide a patch…

In terms of comparing Stillsecure Cobia with Crossbean I think that they’re taking a slightly different approach maybe more in terms of scale than anything else.

Crossbeam (AFAICS) focuses on integrating existing security products like Checkpoint Firewalls, sourcefire IDS etc and putting them alltogether in a clever form-factor with some v. clever integration, whereas the stillsecure UNP product looks (again AFAICS) to be more shaping up as something they’ll provide all the base modules for…

Isn’t that always the case? What other situation is there where you wouldn’t be at the mercy of the vendor? Are you going to reverse engineer and patch products to your liking?

“Mitchell Ashley envisions a framework entitled the Unified Networking Platform.”

Sound close to what Crossbeam are doing. I suppose their platform is propretary, maybe UNP will be open. Security products need to talk one common language, they need to be interfacable but no vendor seems to be interested, they prefer selling you their own modules and lock you down.

Another apsect of appliances I don’t like is that if they should break you are at the mercy of the reseller to provide a replacement unit which can take some time. With software you can just reinstall it on another server. In that regard solutions that come as ISO images and you can pretty much install on any hardware are pretty cool. Virtual machine images are also a neat solution in that regard.

rgds Osama Salah

First off you’re right to say that devices caught on from Cisco’s mass production of routers and switches as dedicated machines to do a single job rather than the functionality being built into their UNIX hosts – as had happened up until then.

Devices became popular because they addressed a business issue (way back in time), simple supply and demand. The reason devices are now lost is because they are seen as the easy way out. If you want to sell it, package it up and ship it out. They no longer address a business need, but we are trying to crowbar them in to our networks, whether we need them or not.

However, I can’t see why as a reseller you hate appliances. You get to pick and choose after all. You ARE the demand.

Are you sales or a techie? If you’re sales then you should be delighted at how much margin you can make on these things, the challenge of the sale is getting around the objections. You ARE the crowbar!

If you’re a techie, enjoy yourself! You’ll learn (and earn) loads in the channel, and before you know it you’ll end up at a vendor, realising why it’s so hard in the first place!

You are also correct to think that Mitchell Ashley has the right idea in pushing for a framework approach to IT. He is the smartest of cookies. We will be seeing a lot more in the open source SOA framework space in the coming months, vendors providing add on tools where neccessary. And as a vendor, I hope to be riding the new wave, not stuck at the end of the last one watching everyone else ride in to the beach.