Cisco upgrade puts more network control in IT's hands

Cisco Systems has announced that it is upgrading the lower-end model of the two brains sold with its widely used Catalyst 6500 switches, adding new technology that is designed to give network managers greater application control and deep packet inspection capabilities.

The new version of Cisco's Supervisor Engine 32 module includes integrated add-on technology called the Programmable Intelligent Services Accelerator (PISA).

PISA could help IT staffers gain more visibility into their systems so they could prioritise, limit or block access to applications on corporate networks, senior manager of network systems at Cisco, John Yen, said.

That would enable companies to ensure that important applications, such as voice-over-IP systems, get priority over lesser ones, Yen said. It also will let them prevent end users from launching Internet radio or other unauthorized applications that use up precious network bandwidth.

The PISA technology will also function at multigigabit-per-second speeds, enabling IT staffers to check data packets more closely in order to protect their systems against viruses, worms and zero-day attacks, Yen said.

Cisco user PDL BioPharma is evaluating the PISA-equipped Supervisor Engine 32 for likely deployment at a new US headquarters early next year, global network and security architect at the pharmaceutical company, aid Luis Chanu, said.

"PISA looks really good, since it does deep packet inspection and marks traffic at the edge of the network," Chanu said, based on seeing the technology in action at a Cisco lab. "Doing that in hardware is a big plus, since doing it in software could slow down the switch."

Software-based application intelligence also didn't let companies specify which of their applications were the highest priority for network bandwidth, Chanu said.

PDL currently is based in Fremont, California. Its new facility in Redwood Shores would have Cisco VOIP connections and Gigabit Ethernet cabling to each desktop to provide videoconferencing capabilities, Chanu said. He noted that PISA could prioritise a videoconferencing stream over a data stream but not over a voice stream.

PISA adds intelligence to networks to help IT staffers deal with the unpredictable traffic flows, , an analyst at Yankee Group Research, said. "There are other vendors that talk about adding intelligence to the network, but most are application- or security-oriented. Cisco does both."

An analyst at the Lippis Report, Nick Lippis, said the PISA technology was the first to put the application and security functions in an access switch at the network edge instead of at the core.

"Applications classification at the edge is huge," Lippis said, describing that as the most compute-intensive function for network security. With PISA, Cisco can offload that function from firewalls and take over the filtering of exploit signatures from intrusion-prevention systems, he added.

Various vendors provided some of the functions that Cisco is offering with PISA, but they required putting in a separate appliance in every wiring closet, Lippis said.

The new supervisor engine is available in two versions, both available in June for $US28,000 each. One version has eight Gigabit Ethernet uplinks, while the other includes a pair of 10 Gigabit Ethernet uplinks.

Cisco also announced a router that extends its 7200 Series product line with faster performance at lower power-consumption levels than existing models support. The new router, called the 7201, is priced at $US24,000 and is available now. It was suited for WAN and metro-area network applications for large corporate users and network service providers, Cisco officials said.