NC-1100 / NC-2000

NetContinuum offers proxy appliances that provide protection and acceleration for Web applications. The 2U rack mount appliances are offered with single (NC-1100) or dual redundant (NC-2000) power supplies; and each offering is further subdivided into an Application Firewall (NC-1100/2000 AF) or Application Gateway (NC-1100/2000 AG) version. The Application Firewalls provide protective capabilities for Web applications; while the Application Gateways include all of the protective capabilities of the Application Firewalls and additionally provide performance acceleration capabilities through such features as caching, compression, etc.

Key to the functionality of the appliances is their ability to function as full proxies; the deployment mode recommended by the vendor whenever possible (the appliance can also be deployed in one-arm or bridge-mode configurations). As a full proxy, the appliance fully terminates TCP sessions; offloading TCP session management from the host servers (who can then receive an additional performance benefit via TCP connection pooling to the NC appliances) and managing them directly within the appliance. The appliances are able to leverage this termination to fully inspect and control session traffic. Capabilities include:

- Application of security mechanisms: Such as a stateful network firewall with protection from port scans, SYN floods, and the ability to implement network access rules; application cloaking (such information as Web server, application server, operating system, patches, etc. is hidden from outsiders); user authentication (including support for client certificates, basic HTTP Web authentication and source IP based authentication) including ACLs per URL; form data protection; cookie protection; automatic private data (credit card number, SSN, etc.) identification and masking/blocking; and protection from SQL/CMD injection attacks

- Content-based services: Including URL translation and rate controls; HTTP normalization; and FTP server protection, including the ability to SSL protect FTP traffic

- Acceleration services: Including SSL decryption/reencryption; Web content caching; TCP connection pooling to the host servers; GZIP compression (in the appliance; allowing it to be offloaded from the servers); load balancing (round robin, weighted round robin, and least requested are provided; with out of service redirections, and sticky connections available); and Layer 7 content switching (by status-code, response-header, client-IP, method, HTTP-version, URI, parameter, pathinfo, and header values)

Each of the appliances includes dual 10/100/1000 Ethernet ports for traffic, and a separate 10/100/1000 port for out of band management (via an SSH/SSL connection). A Linux/Windows GUI is provided, as is a CLI; a serial port facilitates local console-based management.

Also available as a separately licensed software add-on to the Application Controllers is the Web Services Security Edition, which adds XML and SOAP communication recognition and protective capabilities to the nodes. The vendor lists XML Schema 1.0, WSDL 1.1, SOAP 1.1/1.2, and WSI Basic Profile as among the standards understood by the add-on; and notes XML parameter tampering protection, WS-I profile validation, recursive element protection, WSDL address translation, access control for SOAP, and authentication of Web Services as some of the additional services and features provided.

New to the NC appliances is the vendor's Web Access Management (WAM) module, which the vendor notes provides basic authentication and authorization capabilities working in conjunction with policies stored on LDAP, RADIUS, Active Directory, or on internal databases. Two-factor authentication (certificates and username/passwords) are supported; and the module includes a full PKI infrastructure and can act as a Certificate Authority. With WAM, authentications are logged by the NC and the authentication data is forwarded to the original application in the HTML header. Integration with CA SiteMinder is also supported for larger implementations.

The NC appliances are available now; pricing starts at $33,000 dependent upon software and platform options. The above-mentioned Web Access Management module is included with the price of the underlying Application Controller for a limited time.

Visit the NetContinuum Web site for further information.