Pertino uncloaks, fires 'cloud network engine' at Cisco
If you take the work out of network, what you have left is net
Plucky startup Pertino Networks has taken aim at Cisco's Meraki with the release of its new network-as-a-service, ummm, service.
What Pertino is up to takes a bit of imagination. Imagine first that your email was your network address and out there on the cloud, and that some magical big virtual switch knew all of the devices you have and the web services you access over various networks.
Then imagine further that this big virtual switch managed all the links between those devices and your services regardless of the underlying physical networks you used for transport. This, in essence, is what the just-uncloaked startup Pertino's founders have not only envisioned but actually claim to have built.
The problem that Pertino is trying to solve is one we all wrestle with every day: how do you securely and transparently link users and their myriad devices to internal applications that are running behind the corporate firewall and, increasingly, also behind the home firewall?
The answer is what Pertino calls its "Cloud Network Engine", and what it does is completely mask all of the IP addressing, DHCP setting, DNS functionality, and all of the other networking goop that goes into linking one device to another on networks.
It is hard to believe, isn't it?
"We have been using LANs for a long time now, and that's great, but as soon as you go outside of the building, it gets really complicated," Todd Krautkremer, vice president of marketing, tells El Reg. "The network outside of the office is becoming as big and impactful and critical as the one inside, and linking to the LAN from the outside is difficult and expensive and it really doesn't attach to cloud services well. Everything in IT has changed and networks have not kept up."
What the cloud network engine concocted by Pertino does is create a personal address space for you out on the cloud (many clouds distributed globally, as it turns out, like a content distribution network). This personal address space "is like a LAN in the cloud," as Krautkremer explains it, and the engine abstracts away IPv6 addresses and other features of the underlying networks you use to link from your device to the internal corporate network.
Like other software-defined networking architectures, Pertino is breaking the control plane from the data plane in what amounts to a virtual super-switch, which allows for add-on services and traffic shaping. But rather than doing it on a collection of physical switches and an external controller for them, it uses the cloud like a big switch.
This is similar in concept to what Cisco Systems' Meraki, acquired just last November for $1.2bn, had created for Wi-Fi and wired networks.
Pertino is being pretty coy about how this cloud network engine was built, but it uses a mix of Java, Python, and C to create the data and control planes in the virtual switch, and has a NoSQL-style data store behind it to keep track of all of the devices and network settings between you and the applications you are trying to reach inside of a firewall.
Conceptual view of the Pertino cloud network engine
The Pertino cloud network engine can run on any cloud that supports the Linux-Apache-MySQL stack with Python, and the goal of the design is such that this big virtual switch will be running on enough public clouds that Pertino can guarantee access times of 50 milliseconds or under from any major population center to applications running inside the corporate firewall.
The Pertino cloudy switch is currently running on Amazon Web Services, Rackspace Cloud, Linode (a smaller hosting provider based in New Jersey), and a few other clouds, and has multiple carrier feeds between these clouds to move traffic from one cloud to another as the cloud network engine routes traffic from devices back to internal corporate networks. And eventually it will be useful for linking clouds to each other, as well.
Cloud Network Engine has been in beta for the past three months and has been deployed by more than 250 companies, some of them with as many as 500 devices on their aggregated personal address spaces – an analog to a personal VLAN, sort of.
The current iteration of the Pertino code allows for up to 64,000 devices to be used in the same address space, so you could create a giant corporate virtual network and then invite end users to link their devices into it for access to applications. Krautkremer says that this is an arbitrary limit that was set in the Cloud Network Engine database just to set some sort of cap to limit how crazy the initial networks could get.
The Cloud Network Engine is really a network virtualization overlay that rides on top of the network transport layers and the broadband and wireless networks access layers of carriers service providers that then hosts this virtual data plane and control plane out in the clouds.
The data plane does encryption, address translation, flow routing, packet capture, and policy enforcement, while the control plane manages the actual network policies and certificates, address space, and glues together multiple networks and provides multi-tenant security for various address spaces. Various services, such as security, WAN optimization, identity, and so forth, run atop this layer, and user management and network management and orchestration run side-by-side at the top of the Pertino stack.
Using the Pertino service, you set up a virtual cloud network for your devices, and you can link from any place that has a network connection of any type. You can remote into your office desktop or a server to access that device (instead of using LogMeIn or similar services) or back up files to your PC or a corporate server so designated. You can obviously also use Pertino to gain access to applications running on the corporate networks.
With its uncloaking, Pertino is launching the Personal Edition of the Cloud Network Engine, which allows up to three people to have up to three devices each on a shared address space. This Personal Edition can scale up to 250 users – each with a maximum of three devices from which to access the address space and therefore the applications that are linked to it – at a cost of $10 per user per month.
The Personal Edition costs $10 per user per month and scales up to 250 users, with a maximum of 250 users on a single address space. At the moment, Windows 7 and 8 desktops are supported as are servers running Windows Server 2008 R2; Mac OS X machines will be supported by the middle of this year, and iOS and Android devices will be supported with the virty cloud switch.
While the plans are not being divulged with Tuesday's announcement, Krautkremer says that the full-on version – possibly to be called the Enterprise Edition, but maybe not – will have more features (such as integration with Microsoft Active Directory or LDAP servers) and higher capacity. This Enterprise Edition should be ready about six months after the service is generally available. The date for generally availability for the Personal and Professional levels has not yet been set – it looks like Cisco's acquisition of Meraki has spurred Pertino to action – but it is expected sometime in the second half of this year.
Pertino was founded in 2011 and it based on Los Gatos, California. It has four cofounders. Craig Elliott, a former hotshot salesman at Apple and the former CEO at Packeteer, is CEO. Scott Hankins, who used to build robots for NASA and who ran the deep-packet inspection team at Packeteer, is CTO. Andrew Mastracci, who wrote code for Blue Coat, Tellabs, and Packeteer, is architect, and Michael Cartsonis, who had management roles at Blue Coat and Mercury Interactive, is vice president of product and business development.
Steve Campbell, who was the cofounder and former CEO of Stratacom (eaten by Cisco) and Rob Ryan, cofounder and former CEO of Ascend Communications (eaten by Lucent) were angel investors in Pertino. In April 2012, Norwest Venture Partners and Lightspeed Venture Partners kicked in $8.9m in Series A funding to give Pertino the fuel to develop the Cloud Network Engine.
If Dell, the man, was not so busy trying to raise billions of bucks so he could buy Dell, the company, off Wall Street, this is exactly the kind of company that a software-and-service lovin' Dell might want to acquire. Ditto for HP, IBM, Oracle, and any other network player, for that matter. ®
Sponsored: Network DDoS protection