Feeds

Pertino uncloaks, fires 'cloud network engine' at Cisco

If you take the work out of network, what you have left is net

Security for virtualized datacentres

Plucky startup Pertino Networks has taken aim at Cisco's Meraki with the release of its new network-as-a-service, ummm, service.

What Pertino is up to takes a bit of imagination. Imagine first that your email was your network address and out there on the cloud, and that some magical big virtual switch knew all of the devices you have and the web services you access over various networks.

Then imagine further that this big virtual switch managed all the links between those devices and your services regardless of the underlying physical networks you used for transport. This, in essence, is what the just-uncloaked startup Pertino's founders have not only envisioned but actually claim to have built.

The problem that Pertino is trying to solve is one we all wrestle with every day: how do you securely and transparently link users and their myriad devices to internal applications that are running behind the corporate firewall and, increasingly, also behind the home firewall?

The answer is what Pertino calls its "Cloud Network Engine", and what it does is completely mask all of the IP addressing, DHCP setting, DNS functionality, and all of the other networking goop that goes into linking one device to another on networks.

It is hard to believe, isn't it?

"We have been using LANs for a long time now, and that's great, but as soon as you go outside of the building, it gets really complicated," Todd Krautkremer, vice president of marketing, tells El Reg. "The network outside of the office is becoming as big and impactful and critical as the one inside, and linking to the LAN from the outside is difficult and expensive and it really doesn't attach to cloud services well. Everything in IT has changed and networks have not kept up."

What the cloud network engine concocted by Pertino does is create a personal address space for you out on the cloud (many clouds distributed globally, as it turns out, like a content distribution network). This personal address space "is like a LAN in the cloud," as Krautkremer explains it, and the engine abstracts away IPv6 addresses and other features of the underlying networks you use to link from your device to the internal corporate network.

Like other software-defined networking architectures, Pertino is breaking the control plane from the data plane in what amounts to a virtual super-switch, which allows for add-on services and traffic shaping. But rather than doing it on a collection of physical switches and an external controller for them, it uses the cloud like a big switch.

This is similar in concept to what Cisco Systems' Meraki, acquired just last November for $1.2bn, had created for Wi-Fi and wired networks.

Pertino is being pretty coy about how this cloud network engine was built, but it uses a mix of Java, Python, and C to create the data and control planes in the virtual switch, and has a NoSQL-style data store behind it to keep track of all of the devices and network settings between you and the applications you are trying to reach inside of a firewall.

Conceptual view of the Pertino cloud network engine

Conceptual view of the Pertino cloud network engine

The Pertino cloud network engine can run on any cloud that supports the Linux-Apache-MySQL stack with Python, and the goal of the design is such that this big virtual switch will be running on enough public clouds that Pertino can guarantee access times of 50 milliseconds or under from any major population center to applications running inside the corporate firewall.

The Pertino cloudy switch is currently running on Amazon Web Services, Rackspace Cloud, Linode (a smaller hosting provider based in New Jersey), and a few other clouds, and has multiple carrier feeds between these clouds to move traffic from one cloud to another as the cloud network engine routes traffic from devices back to internal corporate networks. And eventually it will be useful for linking clouds to each other, as well.

Cloud Network Engine has been in beta for the past three months and has been deployed by more than 250 companies, some of them with as many as 500 devices on their aggregated personal address spaces – an analog to a personal VLAN, sort of.

The current iteration of the Pertino code allows for up to 64,000 devices to be used in the same address space, so you could create a giant corporate virtual network and then invite end users to link their devices into it for access to applications. Krautkremer says that this is an arbitrary limit that was set in the Cloud Network Engine database just to set some sort of cap to limit how crazy the initial networks could get.

The Cloud Network Engine is really a network virtualization overlay that rides on top of the network transport layers and the broadband and wireless networks access layers of carriers service providers that then hosts this virtual data plane and control plane out in the clouds.

The data plane does encryption, address translation, flow routing, packet capture, and policy enforcement, while the control plane manages the actual network policies and certificates, address space, and glues together multiple networks and provides multi-tenant security for various address spaces. Various services, such as security, WAN optimization, identity, and so forth, run atop this layer, and user management and network management and orchestration run side-by-side at the top of the Pertino stack.

Using the Pertino service, you set up a virtual cloud network for your devices, and you can link from any place that has a network connection of any type. You can remote into your office desktop or a server to access that device (instead of using LogMeIn or similar services) or back up files to your PC or a corporate server so designated. You can obviously also use Pertino to gain access to applications running on the corporate networks.

With its uncloaking, Pertino is launching the Personal Edition of the Cloud Network Engine, which allows up to three people to have up to three devices each on a shared address space. This Personal Edition can scale up to 250 users – each with a maximum of three devices from which to access the address space and therefore the applications that are linked to it – at a cost of $10 per user per month.

The Personal Edition costs $10 per user per month and scales up to 250 users, with a maximum of 250 users on a single address space. At the moment, Windows 7 and 8 desktops are supported as are servers running Windows Server 2008 R2; Mac OS X machines will be supported by the middle of this year, and iOS and Android devices will be supported with the virty cloud switch.

While the plans are not being divulged with Tuesday's announcement, Krautkremer says that the full-on version – possibly to be called the Enterprise Edition, but maybe not – will have more features (such as integration with Microsoft Active Directory or LDAP servers) and higher capacity. This Enterprise Edition should be ready about six months after the service is generally available. The date for generally availability for the Personal and Professional levels has not yet been set – it looks like Cisco's acquisition of Meraki has spurred Pertino to action – but it is expected sometime in the second half of this year.

Pertino was founded in 2011 and it based on Los Gatos, California. It has four cofounders. Craig Elliott, a former hotshot salesman at Apple and the former CEO at Packeteer, is CEO. Scott Hankins, who used to build robots for NASA and who ran the deep-packet inspection team at Packeteer, is CTO. Andrew Mastracci, who wrote code for Blue Coat, Tellabs, and Packeteer, is architect, and Michael Cartsonis, who had management roles at Blue Coat and Mercury Interactive, is vice president of product and business development.

Steve Campbell, who was the cofounder and former CEO of Stratacom (eaten by Cisco) and Rob Ryan, cofounder and former CEO of Ascend Communications (eaten by Lucent) were angel investors in Pertino. In April 2012, Norwest Venture Partners and Lightspeed Venture Partners kicked in $8.9m in Series A funding to give Pertino the fuel to develop the Cloud Network Engine.

If Dell, the man, was not so busy trying to raise billions of bucks so he could buy Dell, the company, off Wall Street, this is exactly the kind of company that a software-and-service lovin' Dell might want to acquire. Ditto for HP, IBM, Oracle, and any other network player, for that matter. ®

Providing a secure and efficient Helpdesk

More from The Register

next story
Docker's app containers are coming to Windows Server, says Microsoft
MS chases app deployment speeds already enjoyed by Linux devs
IBM storage revenues sink: 'We are disappointed,' says CEO
Time to put the storage biz up for sale?
'Hmm, why CAN'T I run a water pipe through that rack of media servers?'
Leaving Las Vegas for Armenia kludging and Dubai dune bashing
Facebook slurps 'paste sites' for STOLEN passwords, sprinkles on hash and salt
Zuck's ad empire DOESN'T see details in plain text. Phew!
Windows 10: Forget Cloudobile, put Security and Privacy First
But - dammit - It would be insane to say 'don't collect, because NSA'
Symantec backs out of Backup Exec: Plans to can appliance in Jan
Will still provide support to existing customers
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
Three 1TB solid state scorchers up for grabs
Big SSDs can be expensive but think big and think free because you could be the lucky winner of one of three 1TB Samsung SSD 840 EVO drives that we’re giving away worth over £300 apiece.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.