/ciol/media/agency_attachments/c0E28gS06GM3VmrXNw5G.png)
Follow UsReading, UK: Stonesoft, an innovative provider of integrated network security and business continuity solutions, has developed and patented a new technique which allows for the maintenance of a separate data structure for synchronised information during clustering of security gateways (firewalls).
This innovation, says company, will make life easier and more cost-effective for IT professionals deploying the next generation of firewall and VPN technology.
Stonesoft’s latest patent is called ‘Handling State Information in a Network Element Cluster’ and was officially granted US patent number: US 7,146,421 on 5th December 2006.
Clustering of security gateways is a mature technology that improves both reliability and performance. In a cluster, each gateway handles an appropriate share of connections. The normal operation of a cluster must account for nodes coming online and going offline. This churn requires intelligent mechanisms capable of moving connections from one node to another. In certain situations it is also possible that packets belonging to one connection or several connections related to each other are handled by different nodes of the cluster.
In order to get this handling right, connection information must be synchronised across the nodes. Generally, this information is replicated from each node to other nodes periodically. Each node then appends the synchronised information to its own, active state information.
Stonesoft’s new patented invention improves on this method by maintaining a separate data structure in which the synchronised information from othernodes is stored.
The synchronised information is only appended to the active state table information when needed. For example, this might happen when one or more nodes in the cluster go to offline state, the operation of some nodes is suddenly disrupted or there is communication that concerns more than one node.
“This invention will allow our customers to minimise the size of active state tables, which in turn allows for a more efficient usage of hardware resources,” said Ilkka Hiidenheimo, chief executive officer of Stonesoft. “Synchronisation can be performed more reliably and security gateway performance is improved by decreasing the amount of time-critical
operations with the active state information while preserving the benefits of clustering. With this patent, Stonesoft has once again established its position at the forefront of security innovation.”
Stonesoft´s StoneGate solution has already received a number of patents to date, both in the US and in Europe.