Big Blue is adding another level to its policy-based management technology - one that works at the application layer.
IBM claims its application-driven network initiative will more closely tie policy management and security to a company's business processes. Plus, the initiative gives centralised control of net management, reduces maintenance costs and improves overall performance.
Common policy engine
Last week, IBM announced a key part of its plan - the common policy engine. This software sits on network gear and helps implement quality-of-service (QoS) and secu-rity decisions, based not just on IP addresses and ports, as is currently done, but also on the type of application being accessed. This way a user perusing ESPN.com doesn't get the same priority as, say, a person accessing crucial financial data.
The common policy engine will be bundled into IBM's 2210 Multiprotocol Router, 2212 Access Utility, 2216 Mutliaccess Connector and Network Utility devices in June; later the technology will extend to IBM Ethernet and ATM switches.
The common policy engine has a patented rapid-classification algorithm that gives a 25-fold boost to the speed of IBM hardware when processing IP packets. When evaluating incoming traffic, the policy engine will access Lightweight Directory Access Protocol security and prioritisation profiles contained on the device.
If an end user queries the network for data or application access, a common policy engine-enabled router will decide if the network's resources should be made available, and if so, how much.
The router will make this decision without having to access a dedicated policy server, such as a Windows NT box.
Eliminating this step speeds network performance and cuts the number of policy servers required - usually one policy server is needed for every five routers. With a single central policy server, such as an S/390, equipped with the engine, users could save hundreds of thousands of dollars annually. With the common policy engine, all policy setting can be performed from a central point using, for example, Tivoli's Global Enterprise Manager on an S/390.
The common policy engine enforces policies for virtual pri- vate network (VPN) tunnelling; Differentiated Services, which prioritises traffic based on packet headers; and Resource Reservation Protocol, which pre-allocates bandwidth to certain types of traffic.