Back in the mid-late-nineties there were one global market leader in the firewall/vpn market: CheckPoint. There were some other players as well (Gauntlet, Raptor, Watchguard), while the big players, Cisco and Microsoft had no solutions at the time.

CheckPoint's solution was a software solution that injected a firewall driver between the ip stack and the nic drivers, and could because of this also protect the ip stack of the OS it was running on. It supported several platforms such as SunOS, Aix, HPUX and Windows NT. CheckPoint's development at the time was mainly targeting SunOS and it was back then the preferred platform.

I did my first CheckPoint training and installs back in '96. These were however on HPUX due to current vendor ties of my employer. In the years coming I was involved in quite a few installs in both small and large businesses. Most of them were in the process of getting an internet connection while some of them needed firewalls internally or for vpn's to business partners. With CheckPoint you had a nice GUI, an inspect language for defining new protocols (based on content of the data stream), application proxies, and a very good log viewer. CheckPoint was king of the hill, functionality wise. But there were annoying issues with licensing and the process for acquiring access to 3des licenses/software was quite awkward. The price model was also of the more expensive type.

Cisco had bought firewalling technology back in '95 that they had been developing further and tried adjusting the command set be similar to IOS. I attended Cisco Pix training in 1999 after Cisco had some campaigns where they had shown off their Pix firewall and declared it ready for business. Cisco's main argument was performance, but they also used other tricks in their marketing. The cisco Pix was also priced cheaper than CheckPoint, and for small customers it didn't really matter so much what product they chose as both would solve their core need of seperating/protecting networks.

We did however get a request from a larger customer in the financial sector who had decided to go for the Cisco Pix. We had installed CheckPoint at several similar environments before, but it's always hard to estimate how much time you're going to use as each environment is unique. In that particular case I think it's safe to say that we did get everything working in the end, but we probably used five times as many hours of setting it up than we would if we had used CheckPoint. One of the comments that came up during troubleshooting these Cisco issues was that you can compare Cisco with a Rhino: "They can have a slow start with products or arrive late to the table, but once they're gaining some speed you can't stop them." And at that point Cisco's product wasn't as mature as we had wanted it to be.

During this same period (late nineties-2001) we also used Axent Raptor Firewall for quite a few customers. Raptor was a product that had a very slick management interface, that would allow relatively complex environments to be configured easily. It was one of the earliest MMC applications that I came in touch with. This technology was later bought and brought to failure by Symantec who replaced the MMC interface with a java based one.

CheckPoint have however done little to their enterprise pricing other than that they have included more and more functionality into their package. For the SOHO market they launched appliance boxes through their daughter company Sofaware that were reasonably priced.

Several other competitors were also joining this field and most of them have taken a slice of the cake. Cisco also launced a new and much improved technology in 2005 with their ASA series to a fraction of the price that CheckPoint demands. Microsoft also launced MS Proxy server (later known as ISA), but it's functionality and performance wasn't covering the same area as CheckPoint and was often used to bring complementary functionality alongside with a "standard" firewall.

There is no doubt that CheckPoint have lost customers during these past 10 years (especially in the non-enterprise market), but they have also got new ones. In the SMB market they have lost a quite huge part of their share. For big environments, CheckPoint still have a large market share due to their still superior management software, even though their pricing haven't changed much (even with the new price model launced 3 weeks ago). According to themself, 100% of fortune 100 and 98% of fortune 500 are using a checkpoint security solution (they now also have many other products than firewalls). Other than having a good product line it has also helped that they have had many partners providing supplementary and/or prepackaged solutions. So it is possible after all to survive a Rhino, but you probably can't do it without some good products, partners, marketing, focus and timing. Having good products still wasn't good enough to keep SMB customers though, where price often is a more important factor than functionality as long as cheaper competing products are "good enough".

So how does VMware fit into this picture? Well, VMware is facing a similar situation now as there are several players that have just entered their core market. Citrix XenServer is the product that currently seems to beat VMware on raw performance, while Microsoft Hyper-V seems to be the most important comptetitor in the long term. In this game, Microsoft has taken the role as the Rhino and they have put some tremendous effort in order to get into the hypervisor game (and they missed their own deadline by a few years). Until now, VMware has shown to have smart roadmap in order to face the competition by being first to the table both with new technology and by bringing free products to the market (first Player, then Server and now last year ESXi was launched). We have seen Microsoft preaching the importance of the functionality that will be available in Hyper-V R2 since 2006, and they are repeating this at every opportunity now.

Even though Citrix have had fairly good technology since 2007, it seems that the mainstream wide adoption of XenServer isn't coming too quickly, even though they also include live migration for free in the version that will be available in two weeks. Citrix have over the years bought many types of products, but there's only one product package (that changes name every leap year) that people associate with Citrix. I still think that we'll see some adoption of XenServer in the product area that Citrix know best: Server based computing for end users (XenApp & XenDesktop).

Citrix and Microsoft have been both close partners and competitors for quite some time, and on the virtualization side, they are cooperating to bring functionality to each others hypervisor while competing with VMware.

In the months to come we will probably see a lot of marketing and technical sessions from MS showcasing Hyper-V R2 and in the meantime it will be exciting to see VMware launch vS^H^H the next version of Virtual Infrastructure with lots of new bells and whistles. While no marketing stunts can compete with the stunt of giving something away for free, VMware aren't doing so bad either. Their focus on Fusion for OSX has IMHO been a ground where they have showed excellent marketing skills, making them the current market leader also on OSX. I guess that it has been a good drill for the upcoming era of new products being launched. I'm surely looking forward to an exciting time ahead.