Skyport Systems, a startup founded by veterans from Cisco, Juniper and Arista, is coming out of stealth mode Tuesday to introduce a secure server that carriers can use to deploy managed services to customers as well as support their own OSS/BSS systems.

Skyport Systems 's pitch is that the servers currently used to support critical (and lucrative) managed services to enterprises and to run mission-critical OSS and BSS software, are not fit for purpose. "My Xbox is more secure," proclaims Skyport Corporate VP Douglas Gourlay.

So, in an attempt to simplify the extensive hardware and software configuration processes required to deploy secure servers on networks, the Skyport team has developed a solution called SkySecure. A key proposition is ease of deployment: Previously, explains Gourlay, vendors offered secure servers such as Secure AIX from IBM and Trusted Solaris from Sun Microsystems. But network operators were slow to deploy those servers because they were too difficult to use. "It takes a very long time, it takes a lot of people, it's very expensive," claims Gourlay, formerly of Cisco Systems Inc. (Nasdaq: CSCO) and Arista Networks Inc. (See Skyport Systems Delivers Secured Infrastructure to Protect Critical Applications.)

Figure 1: Under the Hood The SkySecure server is built on secure Intel hardware. Source: Skyport.

Skyport's approach has been to develop a server "that's got all the elements of security by default," Gourlay says. Skyport secures all the steps of the supply chain, with secure hardware elements and a server that tests and evaluates itself every time it boots up. The server runs virtual machines on top of Security-Enhanced Linux (SELinux): "This is a server designed to catch and contain malware and rootkits," states the vendor in its promotional materials.

Each workload running on the server gets its own, private zero-trust firewall. "It doesn't trust the outside or the workload on the inside," Gourlay says. The firewall checks to be sure that the workload is only doing what it's supposed to do.

A built-in Traffic Intelligence Report logs every transaction, from the first time the server boots in manufacturing to the certificate of destruction.

SkySecure's architecture is an alternative to software agents and network changes, providing full-stack monitoring and policy and verifications that systems haven't been modified by outside entities, according to the vendor.

"Deploying secure computing systems today requires assembling over a dozen point products that were not designed to work together -- resulting in systems that are never properly protected," the vendor states. The company cites a Gartner report that says "enterprises are overly dependent on blocking and prevention mechanisms that are decreasingly effective against advanced attacks."

Skyport's technology is available as a combination of hardware and software. SkySecure Server hardware uses Intel Trusted Execution Technology to underpin the SELinux implementation, while the system also includes application-layer protection around each workload on the server and a secure data warehouse function that provides verification, a policy store, audit log, certificate management and visibility into all traffic flows and application interaction across workloads.

SkySecure will be available next month, priced at $2,500 per month for a server that hosts 12 to 16 workloads: Gourlay claims that's about a third of the price of Amazon.com Inc. (Nasdaq: AMZN) secure web hosting or boutique secure cloud offerings. Service providers can use the servers as customer premises equipment (allowing channel partners to participate in shared revenue opportunities) or for internal functions.

Want to know more about network security? This will be just one of the many topics covered at Light Reading's second Big Telecom Event on June 9-10 in Chicago. Get yourself registered today or get left behind!

Initial customers of the server are technology licensing and development specialist Rambus, which is using the technology to secure product design data, and a "large bank," according to Gourlay.

SkySecure isn't for every application -- just for the 1-2% that require maximum security and which can "really, really ruin your day if they get compromised," Gourlay says. Initial applications that Skyport expects to be deployed on its servers include network services such as DNS, IP address management and Microsoft's Active Directory.

Skyport has 55 employees and hopes to increase its headcount to between 75 and 100 by year end. The company has secured two rounds of funding -- a $7 million A round from Sutter Mill Ventures and a $30 million B round led by Index Ventures and Intel Capital. In addition to Gourlay, the leadership team includes a number of executives with IP networking backgrounds: CEO Stefan Dyckenhoff is a former GM of routing and switching for Juniper; CTO Michael Beesley was formerly of Juniper and Cisco; VP of engineering Will Eatherton was a VP of engineering at Juniper; and chief architect Rob Rodgers also has Cisco and Juniper on his CV.

— Mitch Wagner, , West Coast Bureau Chief, Light Reading. Got a tip about SDN or NFV? Send it to [email protected].