When Check Point Systems first briefed me on their new midrange UTM-1 appliance, they neglected to mention that their hardware designs were first worked out by Crossbeam Systems. Actually, it turns out that they even buy the hardware through Crossbeam. It took a comment here from Crossbeam’s Chris Hoff for me to realize the true story. Today, I connected with Paul Kaspian of Check Point to straighten things out. Here’s the scoop.
- Crossbeam has two main hardware platforms – the high-end X-series and the midrange C-series. The X-series is the one with the architecture I previously praised, and about which Paul himself is “really excited.” The less remarkable C-series, however, is the one Check Point’s UTM-1 products are actually based on.
- There are three UTM-1 models. Two of them use hardware that exactly duplicates Crossbeam’s C2 and C6. The most powerful of the three – the 2050 – is based on a modified C6 design. Paul isn’t 100% sure in his recollection of what the modification was, but thinks it’s probably extra RAM.
- The hardware is actually manufactured by an unnamed Asian outfit. Crossbeam currently buys the boxes and resells them to Check Point. It is anticipated that this will change over time, and Check Point will take care of procuring its own boxes (from the same manufacturer). At least, that’s the plan if the Check Point and Crossbeam hardware specs significantly diverge.
- The Crossbeam C-Series — and hence also the new Check Point UTM-1 – are indeed classic Type 1 appliances. The biggest difference vs. generic Dell/HP/whatever servers is the density of Ethernet ports (4-8 per box, depending on model). In particular, Check Point is very proud of the work it’s done optimizing for Intel processors.*
- Notwithstanding anything above, the UTM-1 machines really are Check Point appliances. Check Point does 100% of the support, it has some administrative software pieces that are different from Crossbeam’s, etc.
*Indeed, as the focus of security processing shifts more and more to the application layer, they contend security processing is more and more like any other kind – rather than, say, low-level network processing.
What seems to be going on here is that Check Point is cannibalizing Crossbeam’s C-Series business, and Crossbeam is being gracious about giving it up while focusing on the much more differentiated and strategic X-Series. Crossbeam self-identifies as a high-end player anyway, so this all makes perfect sense. The real issue for Crossbeam going forward has little to do with whether it can squeeze a few more commodity dollars out of the midrange. Rather, it’s whether Crossbeam can hold its technical lead when the large server manufacturers finally figure out the need to create virtualization-friendly, networking-friendly, blade-based systems. The key point here is “networking-friendly”; many servers just need more data movement capability than conventional systems now provide.
Or to put it another way: The computer is a network.