The flagship product offering from Rohati Systems, the Transaction Networking System (TNS) is billed as a network-based access management platform; it examines network transactions in real-time as they occur, comparing the transaction details to administrator defined access policies, and enabling or blocking the transaction based on the resulting analysis. Two products are currently offered in the line: A fixed product targeted to medium-sized data centers or departmental server farms; and a 5-slot modular chassis targeted to large data centers with 10 Gig connectivity requirements.

The key features of the Rohati appliances are their network-based implementation, and their support for Layer 7-based access control lists.

As a network platform--the TNS appliances (more below) are typically deployed in the data center in front of the applications and resources to be protected, such that individuals must access the data/applications through the TNS appliance--the vendor states that the product can handle multiple applications and protocols, including HTTP/HTTPS, CIFS (now generally available; previously available only in beta), FTP, SSH, and SIP without requiring modifications to the applications being protected or the clients requesting access. Various features of the platform enable it to be customized for deployments with specific applications; including the ability to create custom protocol proxies and rules.

Access policy granularity is provided by means of the product's ability to enforce access control policies on a transaction-by-transaction basis based on Layer 7 attributes. As such, the vendor boasts that individual transactions can be accepted or denied based on such metrics as user, machine, resource, protocol, and network attributes. An Integrated Virtual Directory feature enables the assimilation/aggregation of directory attributes (Active Directory/LDAP), and support for "Virtual Contexts" enables the device to be partitioned into multiple logical instances, each of which can be assigned to a line of business/customer and can be delegated administration-wise.

Other features of the platform include support for policies based on XACML syntax (Extensible Access Control Markup Language; import and export supported); separate policy definitions governing the logging of information for later forensics (WELF, Syslog); support for Infiniband-based interconnects in HA deployments facilitating transparent failover; both in and outbound XML APIs for integration; and support for SNMPv2, TFTP, or SSH-based management.

As mentioned above, two models of the platform are currently available: The fixed TNS100, with four 1 Gb interfaces, 16 CPU cores, and support for 256,000 connections; and the modular TNS500, a 5 slot chassis into which can be loaded combinations of Network Services Modules (NSM), Application Services Modules (ASM) and Supervisor Control Modules (SCM) linked by an Infiniband-based fabric. The TNS500 can support up to eight 10 Gig XFP interfaces, up to 132 CPU cores, and up to 6 million connections.

Also included in the product platform is the vendor's Central Management System (CMS) GUI (Windows 2003 Server, Red Hat EL 5, AS/ES 3/4, SuSE 9/10), which provides centralized management, policy creation, log collection, etc. for multiple TNS appliances.

The TNS 100 is now available; the TNS 500 is expected to be available Q1/2009. Pricing for the TNS 100 is listed at $20,000, while pricing for the TNS 500 starts at $85,000. Not all features described above may be available in current models; verify currently shipping capabilities with the vendor.

Contact Rohati Systems for further information.