Control and supervision technology developed for the intelligence community now available to service providers.

by Alex Goldman ISP-Planet Managing Editor [September 15, 2006]

Sunnyvale, Calif.-based CloudShield Technologies is announcing its Content Control Suite (CCS) product for ISPs. The new CCS product works with content devices you're familiar with, such as traffic shapers, to provide an even more granular, subscriber by subscriber control over applications used on the network.

"Our initial focus was on the Federal Government," explains Dan McBride, CloudShield director of marketing. "We now have products for the commercial market."

So you have employees from the intelligence community? "We have people with security clearances," says Vikash Varma, CloudShield president of worldwide sales, marketing, & field operations. "It's a great market, very lucrative. Of course, you face a tough evaluation process. But once you're in, you're in. The downside is that you cannot talk about it."

Controlling the network
But the company is, of course, eager to talk about the new product. Telecommunications convergence is requiring service providers to understand both the application being served and the device being used. You want to serve a more lightweight application to a PDA, but a desktop or laptop could handle more features.

CloudShield claims that by providing network control in one device, a device that includes a firewall and can examine traffic at every level of the OSI model, it is giving service providers an unprecedented level of control over their own networks.

"Obviously, service providers have attempted to do this in the past. The need for this product is not news to service providers," says Varma. "But most devices just look in layer 4, and most are hard coded into ASICs, so there's little you can do if conditions change. You need your device to be programmable."

CCS, says McBride, does four things to traffic: Measures it, Classifies it, Controls it, and Secures it (MCCS).

In order to be carrier grade, McBride adds, the solution must be compatible with a wide array of connectivity options, including 10 gigabit Ethernet, SONET, and SDH.

The CSS solution interfaces with an ISP's other software, such as OSS/BSS, authentication, and CRM applications.

CSS takes advantage of data sets describing spam and viruses from commercial providers such as Kaspersky and from open source providers such and Snort.org. It is compatible with any other data set that a service provider may wish to use.

The solution is designed to be adaptable and is modular. CCS modules include:

• Traffic Measurement
• Content Billing
• VoIP Tracking and Reporting
• Signature Detection
• Traffic Control

The goal is to eliminate unnecessary bandwidth costs and deliver valuable applications to subscribers. In addition, there's the opportunity to make more money from existing resources.

Charging for applications
In its presentation, CloudShield points out that although a lot of money is being made on the internet, very little of that money flows to the service provider. On the other hand, more sophisticated, streaming applications, as well as P2P, are placing ever greater stress on oversubscribed networks.

Varma says that adding bandwidth only increases your share of the world's P2P market. "Next generation P2P systems find the highest bandwidth source. Therefore, when a service provider increases bandwidth, your customers move to the top of the list. If you throw bandwidth at the problem, you attract more P2P traffic. It's a bit like throwing fuel on the fire."

Caching also fails to solve the problem. "There have been efforts to cache traffic, and this helps in little ways," says Varma. "But ultimately, you need the ability to enforce control on policies."

We point to Ed Whitacre's statement in a now-famous BusinessWeek interview in which, when asked about Google and other new competitors (the interviewer called them "upstarts"), he replied:

How do you think they're going to get to customers? Through a broadband pipe. Cable companies have them. We have them. Now what they would like to do is use my pipes free, but I ain't going to let them do that because we have spent this capital and we have to have a return on it. So there's going to have to be some mechanism for these people who use these pipes to pay for the portion they're using. Why should they be allowed to use my pipes?

The Internet can't be free in that sense, because we and the cable companies have made an investment and for a Google or Yahoo! or Vonage or anybody to expect to use these pipes [for] free is nuts!

We ask whether the service providers of the future will charge money to Google.

Varma replies carefully, saying, "if it's not good for subscribers, it's not good for service providers. It will only happen when it benefits the end user."

He adds that the CloudShield product enforces policies, but does not write them.

Nevertheless, we ask, couldn't your product be used by, say, Comcast, to ensure that its own VoIP works better than Vonage?

"Yes," Varma replies, "the service provider could allocate a portion of their network to their own VoIP. The service provider could prioritize their own VoIP."

"If Vonage wants to guarantee a level of service across networks they do not control, they can work with the network provider on that," says McBride. "The service provider can do usage-based billing, parental control, and application-specific bandwidth on demand."

We point out that AT&T's U-Verse system is 25 Mbps of which 19 Mbps are reserved for IPTV (see DSL Prime: AT&T Could Deliver More). Varma and McBride are quick to note that CloudShield's system enables better bandwidth allocation. "Heavy handed policies are available now," says McBride. "We can provide much more fine-grained control."

Of course, we point out, service providers do still need to upgrade their networks, and are doing so. McBride says that having better traffic control can postpone the need to upgrade.

Varma adds that the box is designed to be deployed at the core of the network rather than the edge. "Deploying thousands of boxes is a great story for some manufacturers, but that's not our story."

"With CSS, you don't sacrifice granularity by moving the box into the network," says McBride. "One argument for deploying boxes at the edge has, traditionally, been granularity."

Pricing and availability
CCS is available now. A CCS solution could cost less than $100,000 per insertion point, the company says, versus over $150,000 for a combination of IDS, P2P controller, and DDoS protection. In addition, by using one vendor, CloudShield says, ISPs reduce operational costs by a half or even two thirds. Of course, exact pricing varies depending on network architecture and options selected.

—End