Carrier WiFi

Cluster's First Stand

Wireless LAN startup Network Chemistry Inc. is trying to apply lessons learnt in the open-source world with a dedicated intrusion detection system (IDS) aimed at protecting large 802.11 enterprise networks from attacks.

The firm claims to be the only WLAN firm to use clustering techniques commonly found in the (über-geeky) world of Linux server farms and supercomputers. Clustering, for those of you not au courant with the concept, simply involves dividing administrative tasks among a number of computers that can act as a single system. These clusters can deal with everything from load-balancing to parallel processing tasks to je ne sais quoi.

Advocates of these techniques say that they are much cheaper than bundling up all that computing power in one box and offer a high-degree of reliability, even if some of the elements of the system fail.

In Network Chemistry's case, clusters of servers are used to replicate security software across large 802.11 networks and/or multisite networks.

The idea of using multiple network nodes to guard against system failover is not exactly alien to the WiFi market. Part of the appeal of the wireless LAN switch model is that centrally controlled access points can be made to cover access holes by increasing radio signal strengh if one unit fails. In contrast, traditional standalone access points will simply leave a hole in the radio coverage if they break down.

Robert Markovich, CEO of Network Chemistry, claims that his firm is the only wireless LAN company to bring true clustering to the WiFi table, because its system divides up the heavy number crunching required in IDS systems across multiple servers.

"I don't know of anyone else that's doing it," Markovich says. "It comes out of our open-source background."

[Ed. note: Check out Network Chemistry's management team page. Is it just us, or are Markovich and CTO Christopher Waters actually one and the same person?]

The firm has developed a dedicated IDS scanner that sits in the access point network and monitors traffic. These scanners connect to Linux boxes that form the cluster, enabling users to run identical security software over multiple servers in separate sites if required. The system is managed by a Network Chemistry console in the data center.

Network Chemistry is promoting this system as a low-cost way to run a high performance, centrally managed IDS system, especially in multisite deployments. Markovich claims the system can scale up to support thousands of security sensors.

As Unstrung has reported recently, some of the startups involved in the enterprise wireless market are looking more closely at the problems of supporting large-scale corporate wireless LAN networks (see WLAN Gets Dense and Aruba Grids Up).

Clustering techniques may offer one potential answer to scaleability questions.

— Dan Jones, Site Editor, Unstrung

Be the first to post a comment regarding this story.
Sign In