|
Page: What is the value of your recent Watchfire acquisition and how do you plan to support Watchfire's customers in the future?
Howarth: Firstly, let me clarify -- F5 did not acquire Watchfire. We purchased the assets and intellectual property of Watchfire's Appshield product in a mutually beneficial transaction, the value of which was not disclosed.
With respect to your question about customers, Watchfire will continue to service their installed base of customers with existing service contracts. F5 and Watchfire are also jointly encouraging customers wishing to address their future application security needs to transition over to F5's TrafficShield product, an industry leading application security gateway.
Howarth: Top competitors use intuitive and dynamic resource management frameworks which allow groups of resources to be assigned to groups of users in a way that reduces administrative overhead; how do you plan to stay competitive with the static, one-to-one nature of your devices?
Page: In typical usage, group-based provisioning does not apply so much to routers and firewalls, so we'll concentrate on broadband remote access and SSL VPNs.
In the broadband remote access market our customers need to enable services and access profiles for literally hundreds of thousands of customers. While some of these customers will write their own tools, we do offer a service deployment platform called the SDX to allow automated provisioning and accounting. New Internet services such as video-on-demand, IP television, or integrated voice and data, are offered over a variety of broadband access technologies, such as DSL, cable, Ethernet, ATM, Frame Relay, SONET, and fixed wireless. Working with the Juniper Networks ERX edge router, the SDX application allows subscriber managers to activate service offerings as they need them and automatically provision the network to deliver those services.
With SSL remote access, we integrate with the customer's existing directory services to allow resources to be associated with a defined group. This group would be created using, for example, standard LDAP, Active Directory, or RADIUS tools. The user can also be assigned a role, such as an administrator, within that group to have customised privileges. The strength of our support for realms (different authentication domains), roles (group and user types), and resources is one of the main reasons Juniper is the number one provider of SSL VPN solutions worldwide.
Page: What kind of growth path do you envisage in Australia?
Howarth: F5 grew 67 percent globally in our last financial year (ending October 2004) and in Australia we grew 70 percent (with 101 percent growth year-on-year 2003 to 2004 across Asia-Pacific).
In FY2005 we are experiencing even more dramatic growth rates across our entire business in Australia. There is no reason to believe that next year will be any different because of the enthusiasm for F5's products that we see in the marketplace, particularly due to our ability to integrate all of our products on a single unified high-speed platform using our Traffic Management Operating System (TMOS) and the strong market interest in our new application security product, TrafficShield.
Howarth: Any plans in the near future to release your SSL VPN products on purpose-built hardware rather than off-the-shelf hardware that is years old?
Page: We typically announce new products when they ship, so this isn't the forum for discussing what we might or might not launch in the future. But let's talk about the philosophies behind the architecture for SSL VPN products. One way to look at it is to compare our firewall architecture with SSL VPN. Our firewalls use custom-designed application specific integrated circuits (ASIC) to maximise session throughput. This was because, prior to NetScreen, everyone was building firewalls on general purpose hardware and these designs could not keep up with modern networks. Since a firewall did not need a hard-disk or other features of general purpose platforms we could strip it out.
By contrast, an SSL VPN appliance is essentially a very sophisticated Web-proxy and needs most of the hardware features of any other Web server, including a hard disk and logging sub-system in addition to network interfaces. So our current SSL VPN appliances are built on a server platform because they need most of the support that a Web server needs. These requirements wouldn't change even if we opted for custom hardware. The primary strength of our multiple-award winning (20 magazine and analyst awards since last year) SSL VPNs is the feature-rich software.
Page: Where are you most competitive in your product offerings and why?
Howarth: We are highly competitive in all our offerings. BigIP is the industry recognised leading solution for Application Traffic Management as recognised by Gartner in their Web-Enabled Application Optimisation magic quadrant.
Our Firepass SSL VPN solution has won numerous awards and accolades for its breadth of features and leadership position and continues to attract new business growth for us, while our most recent offering, Trafficshield application security, leads the market in the new product category.
Howarth: What types of compression, bulk data encryption, and other technologies do you use to ensure that users have a high-performance, low-latency experience?
Page: It depends on what products you are talking about, really. Routers support IPSec encryption and various types of compression such as compressed real time protocol (CRTP) for voice packets. Firewalls use IPSec encryption. SSL VPN concentrators use SSL encryption, of course. The server-side application acceleration products do compression for a Web farm using Web compression standards that any recent browser will support automatically.
This enhances Web server performance without any changes to the server itself. With our recent announcement that we intend to acquire Peribit we will also be able to offer specific compression and acceleration functions through these products. This unique technology is called Molecular Sequence Reduction and is derived from algorithms originally used to analyse DNA sequences. For applications this can offer performance improvements well beyond what traditional compression techniques can do.
For latency-sensitive applications our products offer quality-of-service mechanisms appropriate to their function. Some very interesting ones again come from the planned Peribit acquisition, as they offer application-based QoS to complement the network-based QoS of our other products.
Page: What are the biggest challenges facing F5 Networks over the next 12 months?
Howarth: The biggest challenge we face is no doubt managing our growth. This is a large, growing market where opportunities abound for the types of products and services we offer. As we continue to grow, we will need to recruit and develop additional high-calibre partners and employees who understand the market and how to deliver on the potential that exists.
