FRAMINGHAM, Mass. – Enterasys Networks has a storied past, springing, as it did, from the loins of Cabletron, the U.S. network giant whose revenues once surpassed US$1 billion, but then fell into disarray in the early 2000s.
Enterasys today is a fast growing private company and part of a joint venture with Siemens Enterprise Communications, giving it added depth and reach. Network World recently interviewed president and CEO Chris Crowell.
Q: You’ve been involved in this company in many capacities over many years, even heading IT at one point if I read it right.
Crowell: I’ve been with Enterasys since 2006, but I started at Cabletron in ’92 to work on their management platform. When Cabletron split the company into four parts in 2000, I was running all technical parts of Spectrum — I was CTO, I was head of IT for Spectrum, everything technical was under me – and Spectrum became Aprisma after the reorganization. As a subsidiary we stayed with Enterasys for two years and then we were sold to The Gores Group, which is a private equity firm, then The Gores Group sold us to Concord Communications, and then Concord Communications was bought by CA. One of my claims to fame is I sold Spectrum/Aprisma three times.
Enterasys looks to take on Cisco, HP in fabrics
… I joined Enterasys in 2006 after The Gores Group took the company private and brought in a management team to rebuild them. So I joined doing the same thing I was doing at Aprisma, everything technical. I had worked with the new Enterasys CEO in the past and he was all about sales and marketing and didn’t want anything to do with the technical stuff. And then about midway through 2008 Gores partnered with Siemens AG to create the joint venture of Siemens Enterprise Communications and Enterasys, Enterasys being the network part of that and Siemens Enterprise Communications being voice and unified communications and video.
We’ve been operating as a standalone operating entity within the joint venture. The way we go to market with Siemens Enterprise Communications, they are a premier partner and we’re a preferred vendor, but both of us have to support infrastructures outside of each other. So I support multiple vendors in voice and video and they support multiple vendors on the data side.
They also have a large service arm, so it is important to their business to be able to support Cisco environments, HP environments, even old Nortel environments. But we go to market together. When we go to market with a complete solution, we do very well. But we also do a lot of business outside of going to market together.
Q: Percentage of sales wise, what does Enterasys represent?
Crowell: For the total joint venture, about 12 per cent to 15 per cent.
Q: And how would you summarize the Enterasys portfolio today?
Crowell: Access switching, data center core switching and then the management platform, which includes security.
… Maintenance, professional services and education is about 20 per cent of our business. The rest is product sales, and of that 40 per cent is access switching, 40 per cent is data centre core routing/switching and then 20 per cent of that is on the management side. Looking forward 12 months, we’re about US$400 million in sales and we have more than 1,000 employees worldwide.
Q: You’ve been living in a very competitive industry for a long time. How do you position the company today?
Crowell: We have a technical differentiation and we have a company differentiation. On the technical side it is OneFabric. End-to-end visibility and control and policy management, whether you’re at access switching, wired, wireless, all the way through the data center. All open standards, but a central management platform that treats the entire system like a system, and that makes us really different.
And as a company we go to market differently. We really believe, and it’s our ethos, there’s nothing more important than our customers, and we have a different customer service support model than anybody in this space. We’re 100% in-source support. The technical support engineers work side-by-side with the actual development engineers. And so when you call us up and you get technical service, it is by far better than any other vendor.
Q: Everyone likes that word “fabric” these days, but how do you define it?
Crowell: I think the definition of fabric varies from vendor to vendor. If people specifically talk about the data centre it’s really about any-to-any connection — high performance, low latency, any-to-any connection. For us fabric is about that policy based visibility and control throughout the infrastructure. Really our model is not far off from software defined networking. It’s very similar. A centralized engine that actually creates the policy control capabilities, but then implementation is pushed down into the infrastructure. So we localize that control capability as close to the user or the application or server as possible, but there’s a centralized management platform. And that really is different, and we do it across the wired and the wireless environment.
…I’m saying our system today is as close to OpenFlow as anybody has, because the underlying technology in our switches is a flow-based architecture. We already capture flow data in the switch in real time and we make decisions on that. So for us to upload flow-based data into another format – OpenFlow — is actually quite easy. In fact, that is the heart of our differentiation, having that flow-based switching capability built into our custom ASICs that allows us to make very granular policy decisions because we’re looking at every transaction on a flow basis.
Q: What is your stance on OpenFlow?
Crowell: It still has a lot of growing to do. There are implementations that are working today, but it’s not there yet. But SDN is not a new concept. Cabletron had something called SecureFast, which was an SDN model where all the policy, all the control was implemented and offloaded into a federated application, but it had issues of scale. It worked great in smaller environments, but you start to get scale issues in very large environments. The difference today is we create the policy centrally but implement it locally. That’s been a very scalable model for us.
Q: “Locally” meaning in every switch?
Crowell: In every switch. But the differentiated capabilities for us is that unified control mechanism that we can implement at a very granular level. There are 40 to 50 attributes we can use to make policy decisions. On who you are, what you’re doing, where you’re doing it from, what time of day you’re doing it, what type device you’re doing it from, etc.
Q: What kind of opportunity does BYOD represent for you?
Crowell: For certain environments, we were already doing many pieces of this. So our recent release, Mobile IAM, brought a lot of things together, created new reporting capabilities, new visibility capabilities, some new automation and some open APIs so we could integrate with other applications, like MDM applications. So that’s really what the Mobile IAM release was about.
But opportunities depend on the vertical market. There are certain verticals where doing device profiling and managing what users are doing what on the network and when is extremely important, and then there are other environments where they want everything wide open.
Take higher education. One institution could grant full access, let everybody do whatever they want, even gaming, because they want to attract students. But another institution may want to say, “OK, if you’re gaming, you get this quality of service. If you’re accessing the institution applications, then you get this prioritization.” Health care is another great example. You want doctors to get certain access at certain times of the day from certain locations, and then you don’t, right?
And what if you lost your tablet? Well, that’s why you have re-authentication built in so every five minutes, every hour or every day, whatever you choose, you’ve got to re-authenticate, so somebody can’t go wild on the network.
Q: At the core it’s all about identity?
Crowell: For the Mobile IAM solution, that’s exactly what we’re doing. It doesn’t matter if it’s a user. It could be a security camera, it could be a printer, but how we implement Mobile IAM is specific to that environment. If you bring a smart phone or a tablet into the environment, I want to be able to discover it. I want to be able to profile that and then I want to be able to give you a certain level of capabilities to access corporate networks to do certain things.
Some will just implement the visibility part of it, while others will implement the control part too. The visibility part is extremely important because I want to know what you’re doing and when you’re doing it in certain environments.
I’ll give you an example. Anderson County Schools in Kentucky is one of our customers that implemented this solution. They actually allow students to take tests on their laptops in the classroom. Well, the test is on the server in their data centre so you need them to be able to access that, but you don’t want them to be able to access the Internet during the test. But the teacher in that same room, you want to allow them to have complete access. So there it’s user based, role based, and time of day access to the infrastructure.
Q: Do you offer any virtual switching products?
Crowell: We have virtual switching capabilities in our switches today, so two switches, four switches, eight switches can look like a single virtual switch. We also have a virtual controller in the wireless environment, so it can run in a VMware environment. You don’t need purpose built appliances. So we do virtual switching capabilities. We also tie virtual switch environments from VMware or Microsoft and Citrix to our data center managers through an application that marries the physical switch infrastructure and the virtual switch infrastructure. We’re not going to get into the business of virtualized environments like VMware or Citrix or Microsoft.
Q: Given you’re dealing with customers that have a lot of installed base from other network players, what’s your avenue in?
Crowell: One of the things we talk about with OneFabric is you don’t have to adopt it all at once. You can get the benefit of many of the pieces without doing it all at once. So you can appreciate we have many installations that are mixed environments, where Cisco could be in the core or Juniper. We also have shops where we are the core and you have somebody else at the access layer. So you can do this piecemeal. This Mobile IAM solution was specifically designed to redefine the access layer for the bring-your-own-device environment.
Q: Are you competing mainly with Cisco?
Crowell: At the smart access layer we compete most often with Aruba, not Cisco, but I would say we see Cisco most often. Someone once asked me, “Can you win against Cisco?” Of course. If we didn’t win against Cisco we wouldn’t be in business. But beyond Cisco, for a while there HP was everywhere, but we don’t see HP that much anymore. And we see Juniper more in the enterprise.
(From Network World U.S.)