Stories by Joel Snyder

Thin clients can't be cracked or hacked; they don't have fans or disks to fail; they don't need to be patched nearly as often as Windows; they don't draw much power; and they don't cost a whole lot of money to buy or maintain.

The Cisco UCS Express family is a new set of blades that add high-performance general-purpose Intel server capabilities to the ISR G2 series of routers.

The Cisco CSR 1000V router is designed for enterprise network managers who want to have a little piece of their Cisco infrastructure in the cloud.

When we tested four next-gen firewalls strictly on performance, we found that the products could forward packets at impressive rates, but throughput dropped when advanced security features were turned on. We now dive deep into application identification and control - the defining features of next-gen firewalls - to find out what works and what doesn't.

Knowing what's happening on your network is a pre-requisite to controlling the traffic. We call that visibility because it combines all of the information the firewall knows, including session and application information, traffic volumes, and rate information, into a way to "see" into your network -- to give you visibility.

We tested next generation firewalls by looking at seven separate areas that we felt would be important to network managers trying to deploy these products in enterprise networks.

Palo Alto Networks has bet everything on being a next-generation firewall. Without the next-generation hook, Palo Alto has little chance at breaking into the established world of firewalls, and they've done a good job at defining the category on their own terms.

If one of the main advantages of a next-generation firewall is application and protocol identification and control, then SSL decryption is a basic requirement. We looked at the SSL decryption capabilities of the next-generation firewalls to see how well they would be able to discover applications, protocols, and URLs hidden within encrypted connections.

Enterprise firewalls must have policies to control traffic, ability to create site-to-site VPNs using standards-based IPsec, translate addresses and port numbers (NAT) when needed, and apply basic bandwidth management to traffic. They must also support features such as high availability (active/passive or active/active), virtual LANs, Ethernet link aggregation, and global management systems.

URL filtering has become a "checkbox" feature on most Unified Threat Management firewalls, and no wonder: it doesn't require a lot of imagination to do it right, and it's hard to really differentiate yourself or do a bad job of it.

We tested the intrusion prevention capabilities of each of the next-generation firewalls to determine how well they work and how the IPS integrates with system management.

If you're tempted to think of Cisco's Unified Computing System (UCS) as just another blade server — don't. In fact, if you just want a bunch of blades for your computer room, don't call Cisco — Dell, HP, and IBM all offer simpler and more cost-effective options.

As with any server product, there are lots of ways to configure UCS, including different levels of CPU, memory and storage. Cisco has a 29-page document to help you get it right, and 29 pages are not overkill. To get an idea of what this might cost, we configured two separate systems: one with 40 dual-socket blades, and another with 80 of the same blades.

Twelve leading NAC products put to the test

As the most important supplier of network infrastructure to enterprises, Cisco's NAC products are a natural point of curiosity for network managers. Unfortunately, though, Cisco's approach to NAC has been riddled with in-fighting, false starts, delayed product releases, and a good dose of chaos and confusion.