PUBLICATION & RESEARCH LIBRARY

Authors: NSS Labs

Publish Date: October 10, 2018

Enterprises demand a lot of their data centers, which makes their performance and availability paramount. Infrastructure and application architectures are designed to work in concert with each other, and if any component is incorrectly sized or configured, this has the potential to disrupt or impact applications for employees or customers. Network security technology is essential in a data center architecture, providing connectivity and in some cases traffic inspection or special handling to protect critical assets in the data center.

Data center network security (DCNS) is a term used to describe a class of devices that provide network security for the data center. There are several device types in this category; the data center firewall (DCFW) and the data center intrusion prevention system (DCIPS) are the most well-known, each having been deployed for a number of years. A third type of device combines the capabilities of the DCFW and DCIPS and is referred to as a data center security gateway (DCSG).

When considering a data center network security device, performance metrics become critical. The volume of traffic will be significantly higher than for a device that is intended to protect end users within the corporate network perimeter. Data center network security devices handle traffic for potentially hundreds of thousands of users who are accessing large applications in a server farm. Application traffic generates many connections and transactions per request, which places a high demand on a network security device’s ability to set-up many connections quickly, hold many connections open, and achieve high throughput rates.