Our Reports

The New Secure Virtualized Network – Part 2: Streamlining Complexity

Published on: August 20, 2018

Author: John Burke, CIO & Principal Research Analyst

Large data center environments accrete layers of solutions that overlap functionally over time. Assessing the current solution set with an eye to reducing the number of solutions in use can create opportunities for operational improvements and cost reductions.

Nemertes undertook a “paper evaluation” of the network and security solutions used by XYZCo, a large organization with multiple data centers. For a set of six solutions from Checkpoint, Cisco, F5, Palo Alto Networks, and VMware, we scored solutions on a broad array of specific functions grouped into 16 functional capability areas. The areas reflect roles the solutions might play in the environment, ranging from router or load balancer to Web Application Firewall or Intrusion Prevention System.

Based on the evaluation, we determined that (on paper) XYZCo should be able to dispense with its Checkpoint and Cisco solutions and proceed with the others filling in for them.

Should testing at scale in a production-like environment bear out the vendors’ claims regarding all the needed functionality, XYZCo has other work ahead of it: doing a thorough analysis of the impact on staff and staffing; redesigning the network as needed to take advantage of the new systems; designing a new management structure and infrastructure; and assessing the impact on costs of all this change, including training costs, inventory management costs, gain of leverage with some vendors, and loss of leverage with others.

Table of Contents
  • Executive Summary
  • Too Much of a Good Thing
  • Less is More
    • A Typical Large Enterprise Case: Meet XYZCo
  • The Platforms Under Review
  • Review Methodology
  • Functional Requirements
    • Capability Area 1: Routing
    • Capability Area 2: Layer 3 Firewall
    • Capability Area 3: Layer 7 Firewall
    • Capability Area 4: Intrusion Detection System
    • Capability Area 5: Intrusion Protection System
    • Capability Area 6: Load Balancing
    • Capability Area 7: VPN Endpoint Support
    • Capability Area 8: Data Loss Prevention
    • Capability Area 9: Forward Proxy
    • Capability Area 10: Reverse Proxy
    • Capability Area 11: Network Address Translation (NAT)
    • Capability Area 12: Web Application Firewall
    • Capability Area 13: Firewall on Authenticated Identity
    • Capability Area 14: Software-Defined Networking (SDN) Ready
    • Capability Area 15: Public Cloud Integration
    • Capability Area 16: Global Policy Management
  • Scoring
    • An Example Evaluation Matrix: Load Balancing
  • Whose Cuisine Reigns Supreme? Who Gets Chopped?
  • Challenges and Concerns
    • Need for Detailed Cost Analysis
    • Potential Staff Training and Certification Requirements
    • Revisions in Network Architecture and Topology
    • Management and Orchestration Rationalization
  • Conclusions and Recommendations

You are currently viewing a preview of this content. Nemertes Clients, please log in for full access to all research content. If you are not a client, please click below to purchase access to this research report. We also invite you to become a client.


Purchase Access