Nokia Corp. Wednesday rolled out an enhancement to its line of security appliances to make them more resilient, letting companies and service providers cluster as many as four appliances with load-balancing and failover capabilities.
The IP Clustering feature can be used to scale up firewall or IP VPN (Internet Protocol virtual private network) functions provided through Check Point Software Technologies Ltd. software on Nokia's security appliances. It allows as many as four boxes to work as a single entity, with a single external and a single internal IP address.
Nokia announced in December 2001 that clustering would be available in the first quarter of this year. Its plans, which now call for worldwide commercial availability in August, were pushed back by the difficulty of product development, said Dan MacDonald, vice president of marketing and product management at Nokia Internet Communications.
"It's taken longer to deliver that product at the level of quality that the market demands," MacDonald said.
The IP Clustering technology distributes packet processing among the four appliances and redistributes it to the remaining boxes in the event a system fails or is removed for maintenance. Users' VPN sessions can continue without interruption, according to Nokia.
Nokia, in Espoo, Finland, offers a range of security appliances, from the IP330 for small businesses and remote offices to the IP740 for service providers and large enterprises. All come with Nokia's IPSO (IP Security Operating System), which includes Check Point's firewall and VPN software as well as Internet Security Systems Inc. intrusion detection software, said MacDonald. Through a partner program, Nokia is adding other security functions from other third parties to the devices.
The company plans later to offer clustering for other functions and to expand clustering beyond four devices, MacDonald said.
"Clustering is such a deep process that you need to do it one application at a time," MacDonald said.
IP Clustering is an improvement upon an earlier failover technique used by Nokia called VRRP (Virtual Router Redundancy Protocol). That approach required a backup device to stand by inactive, waiting to take over in case of a failure.
"With clustering, you're able to make the two (or more) boxes all active," MacDonald said.
The clustering capability will become available worldwide in August in version 3.6 of IPSO. That version also will include disk mirroring capability, which will allow for redundant disks in a single Nokia security appliance, providing another reliability tool. The new capabilities will be available to current customers at no extra charge.