Tuesday, March 24, 2009

Need for Third party certification

Are there any third party certifications for the load balancers/ADCs?

I came across Tolly group which conducts tests when the vendor
equests them. That too, Tolly group just concentrates on a given set
of tests and will not cover entire box and features wide. And there is
Gartner group classifying the lbs into magic quadrants based on the
feature set but does not depend on the test results.

The LB market lacks a genuine third party certification like NSS for
Intrusion prevention systems.

LBs are now ADCs, with lot of more complex jobs to do. These days,
ADCs are pitched against application firewalls and protocol anomoly
detection systems. These products (application firewall and IDP)
always go for third party certification. These certifications gives
confidence to the customer that these products are effective against
zero day attacks, known vulnerabilities or exploits. Since, ADC are
also entering that segment, they need third party certifications.
These ADCs are front ending the servers and these devices
themselves should not be vulnerable to attacks. These third party
will also certify how hardend is the ADC OS and its
proxy/applications.

I suggest either the vendors go with groups like NSS Labs or ask
Tolly group to come out with complete set of test cases for ADCs.

The third party certifications will help the customers to choose
the best ADC based on the performance and test results rather
than carried away with the feature rich marketing terminology.
Posted by at
Labels:

1 comment:

Anonymous said...

There are a range of things that vendors now a days do reach the customer & please them. There are Tolly's, certifications from application evndors like oracle, sharepoint...., technological alliances etc. But at the end what matters more to some customer that are bound to standards & compliances is whether the vendor is listed in Gartner or not & in what segment. For those who dont bother about such IDC's play with prices.

Coming to security perspective, like tolly does it in ADC, NSS does for security. For security products what matters is - if a product is NSS tested & approved or not. Certification may or may not be a concern. When it comes to ADC, performance is what matters.

November 20, 2009 at 2:29 AM

Post a Comment

Subscribe to: Post Comments (Atom)