Network Strategies for 2015

As we say goodbye to 2014 and review our network equipment plans for the new year, looking at replacement options is not enough.

We have to consider the currents that network technology flows in and where they are taking us.

Ignoring buying decisions and looking at the bigger picture provides an opportunity to assess what emerging companies are doing to redefine and redirect our network thinking, from the higher levels of standardisation, convergence and virtualisation down to how startups are meeting these challenges.

Here is what you should be aware of in 2015.

Standardisation

2015 will see the shifts in IT investments move towards standardised hardware and software products. The software and hardware standardisation efforts inherent in software-defined networks (SDN) and network function virtualisation (NFV) initiatives in the wide area network (WAN) will affect corporate network

Virtualisation

Existing datacentre hardware is being optimised in virtualised environments, and applications are being farmed out to public cloud providers, significantly changing the hardware equation.

Convergence

Hyperconverged infrastructure products combine compute, networking and storage resources to create all-in-one solutions. Hyperconverged appliances offer the scale-out architecture that fits the needs of most shared virtualised environments. To facilitate this, unified software packages have been adopted to converge networking functions previously allocated to dedicated hardware boxes such as WAN optimisers, packet shapers, application development controllers, application and network performance managers, load balancers and next-generation firewalls. This means storage and security are becoming intrinsic to networking topologies and, as such, will become embedded in networking hardware and software.

New challenges in 2015

The specific board-level demands to most enterprise network managers in 2015 will include:

  • Handling 100% traffic growth with the same budget as in 2014.
  • Recognising that much of that traffic growth, namely video, will be latency sensitive.
  • Ensuring the growing bring your own device (BYOD) demand for connectivity is secure and delivers quality of service (QoS) to the customers.
  • Minimising capital expenditure and go with industry-standard, bare-metal hardware to support SDN/NFV.
  • Maximising operating expenses in software and hardware deals.

This translates into key concepts around aligning networks to support business processes, shifting more traffic to Ethernet, flexible cloud deployments and better integration of security and storage capabilities. Startups present interesting next-step products to dominant suppliers in all these categories.

Aligning Network Hardware To Business Processes

When the buyer focus shifts to commoditisation, this presents a serious challenge to profit margins for premium network hardware brands such as Cisco, HP and IBM. Conversely, it presents an opportunity for nimble startups in the network hardware business, as brand loyalty is eroded and the focus shifts to supporting horizontal business processes.

Startup hardware suppliers are adopting the same hyperconvergence logic as software suppliers by integrating complementary software functionality into their boxes to facilitate core business processes. The result is hardware with better integration levels, cheaper and simpler deployments and easier scale-out capacity than their software and brand-name competitors. Instead of outsourcing functions, these network hardware startups advocate on-premise enterprise networking strategies. The message certainly whets the appetite of investors.

They are not looking for startups selling Lego blocks for DIY constructions, but rather emerging suppliers with the integrated hardware and software to handle specific business needs with faster time to value than existing value propositions on the market. Market leader VMware, with its Evo: Rail concept, has aligned all parts of its vSphere and Virtual SAN (storage area network) ecosystem with seven hardware partners (Dell, EMC, Fujitsu, Inspur – China’s dominant cloud computing and service provider, NetOne – Japanese infrastructure optimiser, HP, and SuperMicro – the US application-optimised server, workstation, blade, storage and GPU systems provider).

Startup company Scale Computing, with its HC3 platforms, presents an interesting challenge to the Evo: Rail design, aimed at small and medium-sized enterprises (SMEs), and values simplicity and fast deployment. The three HC3 platforms scale from 40 to 400 virtual machines (VMs). Scale Computing uses a customised version of Red Hat’s KVM hypervisor and leverages a block-level storage architecture as opposed to Virtual SAN’s (VSAN) object-based approach. While KVM may not have as many features as vSphere, Scale Computing is banking on the simplicity of operation along with aggressive pricing compared to the competition, and uses a scale-out architecture that can handle four nodes as the infrastructure grows.

Large enterprises should look at the startup Simplivity and its OmniCube, a hyperconverged infrastructure that delivers the economies of scale of a cloud computing model while ensuring enterprise IT performance and resiliency for virtual workloads. OmniCube has a data architecture that addresses data efficiency and global management requirements in virtualised and cloud computing environments. Its single unified stack runs on standard and hyperconverged x86 building blocks, simplifying and lowering the cost of infrastructure. Deploying a network of two or more OmniCubes creates a global federation that facilitates efficient data movement, resource sharing and scalability.

Ethernet deployments

Ethernet adoption continues to expand and startups such as Arista provide important contributions with the 10-1000Gbps Ethernet switches that target cloud service providers with purpose-built hardware. Its EOS network operating system provides single-binary system images across all platforms, maximum system uptime, stateful fault repair, zero-touch provisioning, latency analysis and a fully accessible Linux shell. With native support for VMware virtualisation and hundreds of Linux applications integrated into hardware platforms, it is designed to meet the stringent power and cooling requirements of today’s most demanding datacentres.

Cloud in a box

In the SME market, SixSq’s Nuvlabox offers a turnkey private cloud in a box. The Mac Mini-sized box includes a complete infrastructure as a service (IaaS) framework, powered by StratusLab, and a platform as a service (PaaS) powered by Slipstream. The built-in Wi-Fi provides network connectivity. With the ability to run up to eight VMs, capacity constraints are solved by adding more boxes and managing them as a single unit. Nuvlabox comes with a library of standard apps and operating system images, including different flavours of Linux and Windows and allows secure remote monitoring and application deployment from a single dashboard. To bypass the capital expenditure objection, SixSq has shifted its business model towards business-to-business licensing, where service provider customers pay rental fees for the equipment and SixSq provides ongoing maintenance and call centre support.

Network Security

Increased use of IT adds value to corporate network transactions and attracts a lot of unwelcome attention. In 2015, we expect more hackers, script kiddies, professional thieves and state-sponsored advanced persistent threat (APT) attacks to target corporate networks. But there is still a lot of low-hanging fruit to gather, such as increased employee awareness of weak passwords and phishing exploits, faster remediation of security holes and better denial of service protection measures. There is also a need for better tools and procedures to protect the enterprise network and ensure these measures meet corporate governance, risk and compliance (GRC) requirements.

One supplier aiming to address these needs is Bromium, which combines a software client on any device with a central security server. Instead of using signatures, behaviours or heuristics to identify potential threats, its vSentry client creates hardware-isolated micro‑VMs for every network-related task, such as visiting a web page, downloading a document or opening an email attachment. All micro-VMs are separated from each other and from the trusted enterprise network. Thus, malware is contained in the hardware-isolated micro-VM. Bromium’s Live Attack Visualization and Analysis (Lava) server converts each micro-VM in the enterprise into a honeypot and automates the often prolonged post-attack malware analysis process. An entire attack is automatically and instantly forwarded to the Lava console, which provides an automatic in-depth analysis of the advanced malware.

Network Storage

Video and social network communications from mobile devices with always-on technology has mushroomed data flows. In the enterprise, big data analytics relies on huge volumes of unstructured data, itself often comprised of large file formats that require secure storage and fast retrieval capacity. Network data volumes are moving from exabyte to zettabyte levels of data and higher. Most pundits and some analyst firms predict traffic and storage volumes will continue to double every two years. Next-generation storage systems include hyperscale data storage, virtualisation to improve utilisation, cloud storage for disaster recovery and lower power consumption to save costs. To enhance storage security, storage systems may incorporate data dispersal and keyless encryption to keep data secure against breaches.

The startup company Solidfire has developed a storage system built on the native ability to achieve significant scale, guarantee storage performance, and enable complete system automation. Combined with enterprise applications and deeply integrated with key management frameworks, Solidfire delivers validated products that make a next-generation datacentre deployment more cohesive, automated, and dynamically scalable.

At the high end, Insieme Networks is the driving force behind Cisco’s Application Centric Infrastructure (ACI) at the core of Cisco’s long-awaited SDN strategy. The ACI architecture leverages a mix of merchant and custom Asics, along with Cisco’s new line of Nexus 9000 switches and its Application Policy Infrastructure Controller (APIC).

Establishing business models

Startup companies in the network hardware business are not only introducing new technology perspectives, they are also exploring new business models and establishing customer relationships. Building on standardised platforms allows users to do more process management and security tasks themselves. With higher levels of personalisation and control, users can more easily explore alternative business processes and combine functions across different platforms, which translates into faster time to value. 2015 promises to be an exciting year for enterprise IT departments looking to revamp their corporate network infrastructures – they may actually meet their boards’ network targets.

Thanks to Computerweekly for the article

Data Security and Performance Management from Network Instruments

Network Instruments Data Security and Performance Management

Is your performance management solution a target for attackers? With increasingly creative exploits, it is important to stay ahead of the curve when it comes to data protection. Performance monitoring tools that do not keep pace can leave your information vulnerable.

TOTAL PERFORMANCE MANAGEMENT

The Observer® Performance Management Platform is a fully integrated solution, purpose-built to support the highest level of network security.

Its features include:

  • TLS-based 256-bit encryption for data in motion and data at rest
  • Power to keep up with line-rate during encryption
  • Network invisibility option with internal Gen2 capture card
  • Web-based interface for reduced learning curve, maximum ease of use
  • Centralized management of AAA

The Observer Platform delivers a return far above its cost, as not only a powerful monitoring solution but a wise addition to any enterprise security strategy.

Learn more by downloading the white paper

Network Instruments Data Security and Performance Management

Aligning IT with Business via Performance Management

Much of the discussion around the Observer Platform 17 release has focused on how the designs of the new user interface (UI) and other enhancements will assist network and operations teams to more easily manage service and application performance.

This performance data and analysis isn’t just of value to IT but to the overall business. The challenge for performance management solutions has been providing this intelligence in a way that can be easily accessed and understood by other IT and business teams. The Observer Platform 17 both expands useful analysis available to business groups and makes it easier to use the data with systems familiar to these groups.

Enhancement: Expanding Web Service Analytics

  • Benefit: Strengthens visibility into how users consume company web resources, specifically as it relates to a web-based app’s device parameters like OS, mobile and desktop platform details, and browser type.
  • Business Value: Knowing not just “what” but “how” customers are accessing data is pivotal to optimizing web content and quantifying the effectiveness of customer-facing web interactions.
  • In Practice Example: For the marketing team launching web initiatives, these metrics provide details on how visitors are accessing the website, and enhance their understanding of the user experience by providing response-time and error metrics. Additionally, when network-based problems occur that impact marketing web programs, they can be resolved by the network team which has access to the packets.

JDSU Network Instruments Observer 17 Platform

Enhancement: Third-Party System Integration via RESTful APIs

  • Benefit: Simplifies sharing of performance data with other groups. RESTful APIs are a programming interface that utilizes HTTP requests like GET, PUT, POST and DELETE. Using this universal access method enables any solution to connect to the Observer Platform to access data or even manage the solution remotely.
  • Business Value: Other teams in an organization can interact and view performance data and analysis from the Observer Platform from the tools and workflows that they use on a daily basis. This allows them to proactively track performance of critical business systems, and view these metrics alongside business metrics.
  • In Practice Example: A support staff for a retail chain could integrate the Observer Platform into their helpdesk system via Apex’s RESTful API to monitor points of sale (PoS) on their network. The Observer Platform could instantly alert the service desk of an anomaly or system condition that could soon negatively impact users. The early alerts, performance analysis, and access to packets allow the staff to take proactive steps to remediate the issue before it impacts the PoS and customers.

JDSU Network Instruments Observer Apex

With IT playing a key role in helping businesses to develop competitive advantages and nimbly respond to changing markets, it’s critical that network teams can facilitate the sharing of performance intelligence. This also allows IT and business teams to evaluate the success of business operations and initiatives. The new features of the Observer Platform 17 mark a significant step forward in enabling the network team and IT to more closely align with business processes and goals.

Thanks to Network Instruments for the article. 

Ixia’s new Ebook- The Network Through a New Lens: How a Visibility Architecture Sharpens the View

“Enter the Visibility Architecture”

“Buying more tools to deal with spiraling demands is counter-productive – it’s like trying to simplify a problem by increasing complexity. Visibility merits its own architecture, capable of addressing packet access and packet stream management. A visibility architecture that collects, manages, and distributes packet streams for monitoring and analysis is ideal for cost-savings, reliability, and resilience. The economic advantages of such end to-end visibility are beyond debate.

An architectural approach to visibility allows IT to respond to the immediate and long-range demands of growth, management, access, control, and cost issues. This architecture can optimize the performance and value of tools already in place, without incurring major capital and operational costs. With the ability to see into applications, a team can drill down instantly from high-level metrics to granular details, pinpoint root causes and take action at the first—or even before the first – sign of trouble – lowering Mean Time to Repair (MTTR) dramatically.

A scalable visibility architecture provides resilience and control without adding complexity. Because lack of access is a major factor in creating blind spots, a visibility architecture provides ample access for monitoring and security tools: network taps offer reliable access points, while NPBs contribute the advanced filtering, aggregation, deduplication, and other functions that make sure these tools see only traffic of interest.

Application- and session-aware capabilities contribute higher intelligence and analytical capabilities to the architecture, while policy and element management capabilities help automate processes and integrate with existing management systems. Packet-based monitoring and analysis offers the best view into the activity, health, and performance of the infrastructure. Managing a visibility architecture requires an intuitive visual/ graphical interface that is easy to use and provides prompt feedback on operations – otherwise, architecture can become just another complexity to deal with.”

Ixia Visibility Architecture

The Ixia Network Visibility Architecture encompasses network and virtual taps, as well as inline bypass switches; inline and out-of-band NPBs; application-aware and session aware monitoring, and a management layer.

Download the ebook here

Ixia The Network Through a New Lens

Thanks to Network World for the article. 

Do You Really Know What’s Lurking in Your Data Center?

Ixia Net Optics Phantom vTap

As mentioned in one of my previous blogs (Exposing The Ghost In The Virtual Machine), virtualization has been a great success story. At the same time, it holds hidden dangers that need to be managed. I want to take a couple minutes to outline those dangers and how to overcome them.

So, here are the dangers that can be hidden in a virtualized data center:

  • Potential security issues due unknown malware
  • Potential outages due to lack of proper performance data
  • Regulatory compliance issues due to lack of adequate policy tracking

According to a study commissioned by Cisco Systems, 29% of the North American organizations surveyed identified the overall state of security of virtual systems as a major concern for future server virtualization deployments. This is for good reason. Cyber criminals are employing VM-aware malware that can spread unnoticed and unchecked among VMs due to lack of visibility between machines on the same server. This allows VM-aware malware to unknowingly spread to physical servers when moving VMs or applications. Without proper visibility, these threats can gain a foothold and then flourish within your data center – and you wouldn’t even know it.

Another concern is potential outages that can result from malware or other issues within the data center (problematic software upgrades, overloaded equipment and links, and programming mistakes). Common symptoms of performance problems can include: slow traffic and devices, unnecessary bandwidth consumption, and intermittent issues that pop-up long enough to be noticed but then disappear quickly. By the time you recognize the symptoms, it’s often too late as the problems have the ability to be service affecting. Proper performance monitoring mitigates this concern by allowing IT managers to perform trend analysis and monitor single points of failure – like load balancers, cloud services, WAN optimizers, etc.

Regulatory compliance is a third fundamental concern. Much emphasis has been placed on this topic over the last several years, and while you may have everything in order on the physical components of your network, it’s often harder to square away the virtualized portion of the network. One of the main reasons is audit validation. What’s your current plan to know if you are compliant with all applicable regulations (e.g., FISMA, HIPAA, PCI, etc.)? And do you have the proper access to data in the virtualized portion of your network to prove that you are compliant? The business concern, of course, is that if one portion of your network is non-compliant then the company is non-compliant (or partially compliant, if you have some marketing spin leeway!).

The key question is how do you find the source of the hidden dangers within your virtual network? Your primary target should be the data center. According to a study by Gartner, up to 80% of the traffic in a virtualized data center never makes it to the top of the rack, where conventional monitoring practices like packet brokers and monitoring tools can capture the data. So, are you sure you know what’s happening in your data center before this point? Most data center managers don’t.

Ixia Net Optics Phantom vTapThis diagram should make it a little clearer. It shows the four key visibility points in a virtual network. Point number 1 isn’t a problem. Since the data is transferred from the equipment in one rack to another, this gives the data center administrator an opportunity to use a physical tap to access the data. But for situations 2 through 4, there is no easy access with standard taps and monitoring tools.

In the case of point number 2, there is limited visibility within the server chassis. The traffic across the backplane isn’t accessible by traditional monitoring tools.

In case number 3, the traffic passes between VMs within the same physical host. In this case, everything is handled strictly through software. So again, there is no opportunity for traditional monitoring tools and practices to help.

And in case number 4 (when VMs are moved) any access to the VM that might have been established is typically lost.

Points 2 through 4 are what we mean when we talk about the opportunity for blind spots to exist. The blind spots are where the hidden dangers lurk. Traditional monitoring tools won’t help as they don’t give you access to the data in this portion of the network.

So now we see the problem, but how do you fix it? A virtual tap is often one of the best solutions. They are cost effective pieces of software that can be installed directly into the virtual data center. They function in a similar manner as a physical tap in that they replicate traffic and forward that data on. This gives you the access points you need to forward traffic out of the data center and towards your standard monitoring gear, like packet brokers and specialized monitoring analysis tools.

One note, not all virtual taps are created equal. You probably want to make sure that the virtual tap performs some level of filtering so that the replicated traffic isn’t a complete copy of everything in your data center. Otherwise, you’ll overload the LAN. Also, you’ll want hypervisor plug-in capability to maximize your access to the virtual traffic. Lastly, consider virtual taps that have minimal performance impacts on the hypervisor or you can actually create potential performance problems. There are products on the market that perform all three functions.

Once the virtual tap(s) is inserted into you data center, you’ll have the data you need to implement proactive, instead of reactive, approaches to problem resolution and security threats. You’ll also be able to implement the same internal security and monitoring policies across your network which should help greatly with work flows, problem resolution capabilities and even costs.

Ixia makes a virtual tap product called the Ixia Phantom vTap. More information about the Ixia Phantom vTap and how it can help generate the insight needed for your business is available on the Ixia website.

Additional Resources:

Illuminating Data Center Blind Spots

Increased Visibility and Monitoring of Virtual Systems

Creating A Visibility Architecture

Thanks to Ixia for the article.