Internet Network Security Blog

Juniper Networks is jumping on the OpenFlow bandwagon, putting the OpenFlow source code in the Junos Software Development Kit (SDK). The company says that the OpenFlow application works within the SDK to change the control plane to create more dynamic network programmability for custom applications that run on top of the Junos operating system. 'The new levels of programmability enabled by OpenFlow simplify control of network devices and allow more rapid innovation of intelligent applications and solutions across the entire network infrastructure.'

A founding member of the Open Networking Foundation, Juniper has more than five hundred organizations in the SDK developer community. The company says its priority is making the networking infrastructure more efficient and effective for customers, and OpenFlow is an important step on the path to greater programmability.

The announcement of OpenFlow has some people in networking optimistic that we are about to see a significant change in innovation and progress on network management, writes Network Computing contributor Greg Ferro. OpenFlow is a nascent networking specification that has three key elements: a software controller, the OpenFlow protocol and a client on the network device. It’s important to comprehend that all three elements combine to create a single coherent solution.

According to a prepared statement, provided by Juniper, from Glen Hunt, principal analyst at Current Analysis, the implementation of OpenFlow enables a consistent management policy across a large number of devices, which can reduce processing requirements and simplify management, while delivering the expected application performance. 'Juniper is helping to drive this level of programmability, which will be required to support the steep ramp in network-aware application development.' He says by making OpenFlow available in its SDK, Juniper is in a leadership position to help the development community and service providers leverage network assets and intelligence to help deliver differentiated services.

Last week, a Cisco fellow said that software-defined networking, an emerging technology that moves intelligence out of switches and routers to a software controller and which is evolving in concert with the development of the OpenFlow networking standard, is seen as a potential threat to networking vendors, particularly market leader Cisco Systems. According to sister publication InformationWeek, OpenFlow-based networking would enable enterprises to replace high-end switches with lower-cost, commodity switches, which could be 70% cheaper than high-end switches such as Cisco’s.

In August, Hewlett-Packard revealed work they are doing on OpenFlow networking at HP Labs. Like Juniper, a member of the Open Network Foundation, HP says networks should be easier to manage, saying part of the reason it is this hard is that there hasn’t been enough competition to push the providers to provide better solutions.

See more on this topic by subscribing to Network Computing Pro Reports Strategy: Inside OpenFlow (subscription required).

Software-defined networking, an emerging technology that moves intelligence out of switches and routers to a software controller, is seen as a potential threat to networking vendors, particularly market leader Cisco Systems, but a Cisco fellow speaking at an SDN conference this week said the company is aware of the situation and is preparing to deal with it.

“Folks get this and how to react to it is what’s being formulated right now,” said David Meyer, prefacing his remarks as his own and not an official Cisco statement. He made the remarks responding to a question from the audience at the Open Networking Summit held at Stanford University.

Software-defined networking is a new technology in which server-based controller software maintains all the rules for the network and sends the appropriate instructions to each router or switch. This is a departure from the architecture of an Ethernet or TCP-IP network where the intelligence is based in the network hardware to route packets, give priority to some traffic over others, perform a security screen and other functions. Software-defined networking is evolving in concert with the development of the OpenFlow networking standard, a research project led by Stanford.

As sister publication Information Week reported Monday, OpenFlow-based networking would enable enterprises to replace high-end switches with lower cost, commodity switches, which could be 70 percent cheaper than high-end switches, such as Cisco’s.

“I think the people at Cisco are well aware of this phenomenon,” said Meyer. “It’s very obvious to everyone that something’s going on here and the question is how to react to it in a way that everybody can live with. When you have a big company like Cisco, you’ve got to socialize those kinds of things.” Meyer added that he was pushing people inside Cisco “to start thinking about it.”

Software-defined networking based on OpenFlow is driven by the need to design networks that match the dynamic nature of virtualized servers. In a virtualized environment, virtual machines (VMs) can be created quickly and VM workloads can be moved around from one physical server to another as needs dictate, but existing networks can limit that flexibility based on the configuration of each router or switch.

In the same way that server virtualization abstracts the operating system and the VM from the physical server, OpenFlow-based SDN abstracts the network “control plane” from the physical network hardware, said Stanford’s Guru Parulkar, chair of the first-ever Open Networking Summit. The control plane is the set of instructions that direct how packets are managed on the network.

While server and storage virtualization has enabled more automated development of new IT services and greater efficiency, the network interfaces are comparatively “pretty old and archaic,” Parulkar said. "With OpenFlow and SDN, the promise is that the networking interface will also mature to the point that you can use it in a plug-and-play way so that when you are provisioning an application or a service ... they are able to create a virtual network of their own specification,” he said.

Cisco rival HP, as well as startup Big Switch Networks, were also at the conference touting their research and product development in SDN/OpenFlow. Charles Clark, research director in HP’s Networking business, touted the idea of a hybrid switch that would support OpenFlow as well as existing network switch architecture.

Clark, who also specifically addressed campus local area networks (LANs) as distinct from data center LANs, said hybrid switches would be needed because the transition from traditional networks to OpenFlow networks will be a long one. “Campus LAN network administrators won’t tolerate a forklift upgrade, they aren’t going to replace all of their equipment,” Clark said. “Fortunately, we can evolve and move towards an SDN technology ... through an incremental plan.”

While OpenFlow/SDN is nascent technology, interest is strong, said Parulkar. More than 600 people applied to attend the Stanford summit but they only had room for 350. They were planning to hold the second annual summit a year from now but because of demand, may hold the next summit sooner, perhaps in April 2012.

See more on this topic by subscribing to Network Computing Pro Reports Strategy: Inside OpenFlow (subscription required).

Toronto-based uptime software, Inc. is adding VMware monitoring to the latest release of its IT systems management performance and capacity software for midmarket and enterprise organizations. Expected to ship later this month, up.time 6, billed as "Set it and Forget it" VMware Performance and Capacity Management, delivers enterprise-grade VMware monitoring and management to companies of all sizes for a fraction of the cost of competing solutions, says the company.

With close to a third of all workloads now running on virtual machines, customers are grappling with complexity and a lack of visibility into overall virtual system performance, says uptime. The new version provides automated real-time monitoring of VMware everything, it says. In addition to providing an attractive upgrade to its existing customers, V6 opens up new doors in large organizations where the existing monitoring tools may not be addressing VMware requirements.

In addition to the Set it and Forget it scalable VMware monitoring and reporting capabilities, V6 adds sprawl control, virtual machine power awareness, VMware capacity metrics, global VMware capacity reporting, and virtual capacity forecasting. Another attraction is the pricing: the new release offers customers 80 percent of the capabilities for 20 percent of the price of competing solutions from the Big 4 (IBM, HP, CA and BMC), says uptime. The product can also be installed in 15 minutes and a single dashboard can scale to monitor 5,000-plus servers and 20,000-plus services.

“Uptime 6 is a significant release that offers very deep visibility into the data-center and is easy-to-implement and maintain,” says Torsten Volk, senior analyst at Enterprise Management Associates. “This combination of powerful datacenter monitoring and low Capex and Opex constitutes a strong value proposition.”

He says the most significant aspect of the new release is the software’s ability to, automatically and in real-time, discover the topology of the VMware-driven datacenter, including clusters, VM-hosts, VMs, resource pools, linked clones, storage relationships, individual blades and physical power supplies, without the use of agents. “Based on the historic and real-time analysis of the collected topology data, Uptime 6 is able to trigger scripts for vCenter Orchestrator to automatically deal with VM-sprawl and resource bottlenecks.”

Analyst Dennis Callaghan, The 451 Group, is impressed by the capacity management capabilities. “Adoption of server virtualization introduces this challenge. In the old world of one app per server, capacity management really isn’t an issue. Now with multiple applications running on VMs on a single server, organizations need better metrics as to how much physical hardware and virtual server licenses they need to effectively run their applications and how much they’ll need in the future. It’s a pretty significant issue.”

When you get into performance management of VMs—a key focus of uptime’s for a while now—you need to be able to tie that data in with how much capacity you’re using and how much you’ll require—to have the same performance levels—as business conditions change, he says. Second to that—and related to that—is managing VM sprawl and reclaiming virtual resources that are no longer needed.

Callaghan believes the new release gives existing up.time customers more capabilities that they won’t have to provide themselves or get from other vendors. “And it continues to reinforce that uptime is a credible Big 4 alternative for those organizations too large to go it alone or use an SMB product but not quite large enough for a Big 4 suite.”

See more on this topic by subscribing to Network Computing Pro Reports Research: Virtualization Management (subscription required).

Tools that tell us we have an application performance problem are a dime a dozen, says Glenn O'Donnell, senior analyst, Forrester Research, Inc. "Those that tell us 'why' have proven elusive." We desperately need the tools to do more for us to answer the "Why?" questions, he says. "Complexity is exploding and even the brightest humans are losing grip with this complexity. We need innovative algorithms to sift through all of this complexity to give us the insight we can’t otherwise attain."

Based in North Carolina’s Research Triangle Park, BlueStripe Software wants to address that gap with the new release of its automated application management and transaction monitoring product, FactFinder. With v5.5, they’ve enhanced the transaction-tracking analytics to more effectively map out the multiple tiers of an application, says O'Donnell. "This is a very difficult thing to do and a few companies, including BlueStripe are finally showing some promise to give us insight to this chain of application links." There remains much more innovation ahead in this game, but we like the steps BlueStripe has taken toward this objective, he adds.

FactFinder automatically follows transactions in real-time, wherever they go – across tiers, across platforms and across architectures – even into virtual machines, private cloud, and third party services. The company says this visibility into all the interconnections and dependencies, combined with monitoring and mapping, root cause analysis, benchmarking, forecasting and planning, enables IT operations teams to more effectively manage application and transaction availability

The new transaction monitoring and performance management capabilities in v5.5 include Transaction Service Level Monitoring Dashboards that show the performance and availability status of specific transactions, Cross Machine Transaction Views that provide hop-by-hop transaction performance across the entire infrastructure, and Transaction Explorer Problem Solving Workbench, which isolates and maps individual transaction systems across the infrastructure so that users can follow performance problems across the transaction for root cause analysis.

BlueStripe COO Vic Nyman says that by monitoring transaction performance hop-by-hop, FactFinder delivers complete awareness of availability and performance for all applications and transactions. “End-to-end visibility has been sought for for years. Our approach is instantaneous – 7 seconds – when changes happen.”

In addition to reducing the mean time to resolution for critical incidents by up to 90 percent, FactFinder reduces the number of operations people required to constantly monitor an IT environment. “What used to take as many as 10 people from different silos to sort out can now be handled by one person,” says Nyman.

BlueStripe has always been different than most of its competition, says O’Donnell. “While this may be a 'dot release', it does appear to be a more significant step forward than a dot release would imply.” Transaction-based analytics are innovative, though not totally unique, but we do see BlueStripe’s approach as being a unique step forward, however, he adds.

“The way they combine transaction monitoring, server-side insight, application mapping, and a little intellectual 'magic' is very innovative. The 'magic'” is the algorithms that bring this all together. It’s magic because it is the stuff that can be hidden under the covers and left proprietary. This is always good for vendors because it makes their technology harder to emulate -- thus giving them more long-lasting competitive advantage.”

See more on this topic by subscribing to Network Computing Pro Reports Strategy: Calculating APM Costs (subscription required).

What happens when an unstoppable force meets an immovable object? In this case, the unstoppable force is the accelerating growth of the Internet combined with the imminent end of available IPv4 addresses. The current demand for Internet addresses has been averaging 250 million per year, but the ongoing growth of mobile connections is expected to surge 11%, to 5.6 billion, this year, according to Gartner. Meanwhile, the nascent machine-to-machine connectivity market--or, the "Internet of Things"--is expected to add 25 billion connections by 2015.

The immovable object is the current dominant way of connecting to the Internet, IPv4, whose time is about over. By October, the Asia-Pacific region was effectively out of IPv4 addresses, while as of April, North America was sitting on less than 90 million IPv4 addresses. There were 4.3 billion addresses available under IPv4 (32-bit); under its successor, IPv6 (128-bit), there are more than 340 undecillion addresses (340,000,000,000,000,000,000,000,000,000,000,000).

However the approaching end of IPv4 addresses doesn't seem to be of much interest right now. According to a recent survey from Nemertes Research, it's not even on the radar for almost 80% of respondents to the company's 2011-2012 benchmark, and 78% of the companies have no transition plan yet.

IPv6 has a lot more going for it than umpteen gadzillions of addresses. Recent tests by Compuware found that IPv6 Web application performance increased from 2% to 200%, averaging 80%. In addition to more efficient routing and packet processing, IPv6 provides directed data flows, simplified network configuration, support for new services and much tighter security.

However, all this may not be enough, suggests consultant Andrew Dul in a recent paper on the economics of IPv4 and IPv6. He says there are a number of barriers to IPv6 deployment, including costs, training, hardware and software, reduced reliability, and limited support. He expects the Hotelling rule to characterize this transition: "For an exhaustible resource, a transition will not occur until the price of a replacement resource exceeds the cost of the current resource."

The bottom line, says Dul, is the bottom line. Economics underpin the transition, whether we like it or not, and until the cost of IPv4 exceeds the cost of IPv6, mainstream adoption will not occur.

See more on this topic by subscribing to Network Computing Pro Reports Fundamentals: The Switch to IPv6 (subscription required).

In 1996, IBM purchased Tivoli Systems to bolster its systems and network management capabilities. Since then, the vendor has used acquisitions and internal development to create a comprehensive product line, garnered a significant following among large enterprises and emerged as a top tier supplier. "IBM is IBM. It is a significant force in the network and systems management market," says Jean-Pierre Garbani, VP at Forrester Research.

Yet, the vendor faces various challenges. Because many of its components have different foundations, the Tivoli product line has a bit of a hodgepodge feel. Also, the product’s historic foundation has not meshed well with recent market shifts. “Being a large company, IBM tends to respond slowly to market changes,” states Mary Johnston Turner, research VP, Enterprise System Management Software, at market research firm IDC. For instance, the vendor does not have much of a story to tell in the area of mobile device management.

Consequently, IBM now sits at an important crossroad. Consolidation looms on the network and system management horizon. Half a dozen vendors--BMC Software, CA, HP. IBM, Oracle and Microsoft--dominate the market, but that number could be cut in half in the coming years. Despite its size and track record, IBM’s position is somewhat tenuous. Like HP, IBM needs to determine if it wants to sell products or focus on services in the future. Network and system management has evolved dramatically since Tivoli was formed back in 1989. The IBM management software suite, which is lumped under its software group, has branched out through internal development as well as via more than a few dozen acquisitions. As a result, IBM breaks the Tivoli line into a variety of categories, such as asset management; business application management; security management; server, network and device management; service management; service provider solutions; and solutions for growing medium businesses. The product breadth is one reason why the company has garnered a significant customer base--one on which many of the world’s largest enterprises, such as Bank of America, Sears Holding and Merck & Co., rely to control their systems.

One downside of the raft of purchases is that the different tools sometimes lack an integrated feel. While they often share a common user interface, their underlying foundation operates in distinct ways, which can make management more difficult and create additional training requirements.

In addition, the management market is undergoing significant changes, some of which IBM has responded to and others where more work is needed. Autonomous areas--such as network, server and storage systems--are now being consolidated. In fact, the vendor has been a prime force in the movement to this new unified computing infrastructure. IBM has the server and storage elements needed, and has been working with Juniper Networks to deliver the networking component. The vendor has enhanced its provisioning and configuration solutions so that they operate in this new environment.

Yet, the Tivoli line is showing its age in some cases. Businesses are now turning to virtualization to maximize the use of their data center products. "Like other established suppliers, it has taken time for IBM to deliver tools for virtualized environments," says Forrester Research’s Garbani. The software supplier enhanced the Tivoli Provisioning Manager, so it now supports image federation and deployment across heterogeneous infrastructures.

Increasingly, executives use mobile devices, smartphones and tablets to tap into corporate information. At the moment, the company appears to be a few steps behind users desires. "Our customers are obviously interested on delivering QoS [quality of service] functions to their mobile endpoints," notes Matt Ellis, VP of Service Availability and Performance Management at IBM Tivoli Software. So, the company is looking at ways to embellish its story in that arena.

Its sales approach could be fine-tuned as well. "IBM seems to be focused on large-scale deployments, where Tivoli is to be bundled in as part of a comprehensive solution rather than establishing its management products themselves," says Garbani. Like HP, IBM needs to determine if its future revolves around products or services.

Since the Tivoli acquisition, IBM has been viewed as a leading network and systems management supplier. Moving forward, the product line faces significant new challenges, so it is not clear that its future will be as luminous as its past.

See more on this topic by subscribing to Network Computing Pro Reports Research: Virtualization Management (subscription required).

As more and more internet enabled devices find their way onto company networks, the task of managing IP addresses and DNS requests for these devices becomes harder and harder. Network infrastructure vendor Infoblox has released the Trinzic Multi-Grid Manager, a new appliance designed to handle large amounts of DNS and DHCP traffic.

With the increasing prevalence of tablets and smartphones, along with appliances and other devices that can connect to the internet, traditional adhoc systems of managing IP addresses are quickly becoming overwhelmed. Add to this the looming move to IPv6, with its more complex addresses, and the need for IP management tools is growing for many businesses.

According to Infoblox, the Infoblox Trinzic Multi-Grid Manager appliance works with other products in their IP management portfolio to greatly ease and scale IP requests. They claim that the appliance can support up to 3 billion DNS queries per second and 5 billion DHCP queries per day. Infoblox vice president of marketing Steve Garrison said of the Trinizic Multi-Grid Manager that it “Increases dramatically the scale and flexibility of the type of infrastructure that can be built.”

For companies that have invested in other Infoblox IP management systems, the Trinzic Multi-Grid Manager can integrate with them to provide a central management system, making it possible to allow departments and branches to manage their own IP requests while still maintaining centralized reporting and administration.

Pricing for the Trinzic Multi-Grid Manager starts at $20,895.

See more on this topic by subscribing to Network Computing Pro Reports IPv6 Security: Problem Child Or Opportunity to Improve? (subscription required).

Call me a downer, call me a cynic. I'll counter with the stock answer I give my wife when she calls me out for being skeptical: I consider myself a realist. The not-yet-draft version of IEEE 802.11ac is building up steam just off the wireless stage, and I'm here to tell my fellow wireless network administrators that now is the time to start worrying.

If the 802.11ac twinkle has yet to land in your eye, let’s start with some simple familiarization. Take what you have learned about 802.11n, with its MIMO antennas and other tricks that let the standard promise data rates to 600 Mbps; now paint it up bigger and sexier with even more technical sophistication and data rates to 1000 Mbps under .11ac. The working group has yet to ratify formal draft as I write this, but analysts are already easing into a full-court drama press about how wildly popular the new heir to the Wi-Fi throne will be even before the coronation is being planned.

Popular predictions regarding 802.11ac have millions of devices in users’ hands by 2012, and billions by 2015. Expectations are that as the IEEE does their thing in slowly working on draft versions on the way to ratification of the final standard, the Wi-Fi Alliance in parallel will be much quicker in certifying interoperability of .11ac draft products than it was for .11n when it was in draft. This is the key to the predicted device explosion. Couple that with .11ac likely being compatible with legacy .11n 5 GHz (and maybe 2.4 GHz) devices and promised data rates that boggle the mind, and it’s easy to see why we’re supposed to get excited.

But then there are those of us who live wireless networking every day who are slower to warm up to the hype. We design, install, and support wireless networks and have our own real-world perspective on the wireless networking industry and trends. Many of us have institutional knowledge that comes from having implemented every wireless and security standard since Wi-Fi become relevant, and know what it takes to get an organization and large numbers of clients onto a new generation of wireless network infrastructure. From that angle, allow me to share my worries about the .11ac storm clouds that are gathering on our collective horizon.

Many of us have had to grow our networks through the years to meet increased user demand and as society’s acceptance and expectations of wireless networking has matured. I currently upkeep 3,000 access points but can remember when the wireless side of my IT career started with a mere 4 APs. By the time .11ac becomes a consideration for me, my environment will probably be at around 3,500 access points. Let’s say each AP lists at a reasonable (for a new high-end access point) $1,500, and that I can get a steep discount to $750. I’m still looking at $2.5 million dollars in access point costs alone, not to mention labor and whatever is required in controller changes and the like.

There are arguments about not replacing APs one for one as technology gets better, but depending on the circumstances, reducing AP counts works against the promise of new super-high user throughputs in client-dense areas. So we’ll just cap this thought with the fact that, just based on how large our WLANs are becoming, upgrading today’s large wireless networks to .11ac is going to be bigtime pricey.

And then there’s the question of when to move to .11ac. I do know that high-throughput wireless is wonderful for the likes of the right kinds of video, but at the same time all the advantages of a wireless hardware set like .11ac’s Multi-User MiMO and x number of spatial streams are best realized when similarly capable clients are at the other end of a fancy AP’s transmissions. I also know that the same analysts are touting the explosive growth in mobile and handheld devices that won’t be able to fully take advantage of the full power of .11ac because of design constraints, and if for no other reason that there is only so much you can humanly do with a highly portable device. For many users, good wireless is more than good enough, and better wireless isn’t even recognized as such.

If I could upgrade all of my 10,000 daily peak simultaneous clients to robust .11ac devices that got hundreds of Mbps wireless throughput, how would I have to resize my uplinks to the core and Internet pipes? And in spaces where I have significant investment in Gigabit Ethernet to the desktop for stationary office workers, I’m finding now with .11n that, just because you can cut the cord and provide wireless connectivity to desktop workstations, it doesn’t mean that organizations want to just for the sake of going wireless. In these spaces, do I care whether someone can get 10, 100 or 500 Mbps wireless throughput on their personal tablet that they insist on using occasionally? I’m not saying that I don’t care, I just don’t know if I do.

Costs. Timing. Clients that may or may not be able to leverage the upper end of the new hardware’s performance envelope. Balancing the siren song of new and hot with questions of true need and where precious IT dollars are best spent. These considerations are nothing new in our lines of work, but I have a feeling that 802.11ac and the inevitable mania that will herald its coming are going to have many of us worrying about them sooner than we might have planned for. Now’s the time to start pondering it, before the hype surrounding .11ac gets kicked into high gear and the boss starts asking “should we be thinking about .11ac?”

Cisco is looking to carve a bigger slice out of the desktop virtualization market with new products, services and an expanded relationship with VDI powerhouse Citrix Systems. The networking company says that hundreds of customers have rolled out Citrix XenDesktop and VMware View deployments based on Cisco data center solutions. However, after just over a year of working together, that is barely scratching the surface of a hosted virtual desktop market expected to reach 70 million units, or 15 percent of enterprise desktops and laptops by 2014 (Gartner, Inc., Forecast: Hosted Virtual Desktops, Worldwide, 2010-2014).

A recent Forrester Consulting study commissioned by Dimension Data found that the number of virtual desktop deployments will grow from 27% to 46% in the next two years. According to the study, most organizations’ existing deployments touch less than 500 employees today, but they have plans to scale these deployments to thousands--and ultimately tens of thousands--of users during the next two years.

Under the new terms of the Cisco/Citrix alliance, the companies will simplify the deployment of high-definition virtual desktops and applications and improve end-user experiences over Citrix HDX-enabled Cisco networks. They also plan to partner on data center solutions that make it easier to deliver IT as a service across multiple networks and geographies. First up on their agenda is a new release of Cisco Wide Area Application Services (WAAS) optimized for Citrix XenDesktop and Citrix HDX technology in the fourth quarter of this year. Cisco says this will help customers reduce bandwidth necessary to deploy desktops virtually over wide area networks, enabling better scalability and optimal end user collaboration experiences.

Cisco also unveiled the next evolution of its Virtualization Experience Infrastructure (VXI), which was released initially last November. The company announced thin client (VXC 6215) and software appliance (VXC 4000) endpoints for high-quality voice and video in virtual desktop environments. The Linux-based 6215, expected to ship in quantity in early 2012, supports VDI, voice and video services in conjunction with Citrix XenDesktop, and VMware View. Targeted at the installed PC base, the 4000 works in conjunction with Citrix XenDesktop and VMware View on either Windows XP or Windows 7 desktops; a voice-supported version is targeted for general availability during the fourth quarter of 2011.

The company is also leveraging Identity Services Engine (ISE), which knows what type of devices are accessing the network, what information those devices can obtain, and where they are, to support virtualized environments. Cisco adds that recent innovations of its Unified Computing System (UCS) platform improve virtual desktop scalability and performance. The enhancements include doubling the fabric capacity, quadrupling bandwidth to the server, reducing latency by 40 percent and expanding the number of virtual desktops supported in a single UCS management domain by over 500 percent.

The company is also extending its Cisco Validated Designs (CVDs) – which provide a blueprint of how to design workspace solutions end-to-end and have been tested to work with vendor solutions – to Citrix XenDesktop 5.5, VMware View 5 and partners. Two new services ended to provide a single point of contact for VXI support (Cisco Allied Services for VXI), and make moving to VDI easier (Cisco Optimization for VXI Service).

See more on this topic by subscribing to Network Computing Pro Reports Research: Virtualization Management (subscription required).

Cisco Systems has released a study it commissioned that challenges HP's claim that its networking equipment is 30 percent to 50 percent less expensive than Cisco's. The study, shared on a Cisco Web cast Monday, shows that while the upfront cost of HP equipment is less, when the total cost of ownership (TCO) of the network over five years is factored in, the Cisco premium shrinks to only 4 percent to 7 percent and that the quality of Cisco network technology is worth that modest premium. The release of the report marks another round in Cisco's battle with HP over the network market that HP entered after it acquired network equipment maker 3Com in late 2009.

Cisco has tried to distinguish itself from HP, which one analyst says is the tech company best positioned to challenge Cisco’s dominance in networking, by portraying HP as offering a “good enough network” or a “basic network,” while Cisco offers a network that may be more expensive but is an “intelligent network” designed to meet the growing demands on enterprise networks to handle more traffic, more video, support mobile devices and be better protected from security threats. HP claimed market share gains against Cisco in a research report it highlighted in July.

The Cisco study, done by an independent management consulting firm that Cisco did not identify, calculated the upfront capital expense (CAPEX) and the ongoing operational expense (OPEX) of an enterprise network serving about 10,000 endpoints and compared the TCO of both a Cisco and an HP network. Cisco acknowledges HP’s claim that the upfront CAPEX of a Cisco network is higher than one from HP, but puts the Cisco premium more in the range of 25 percent to 30 percent, not the 30 percent to 50 percent HP claims.

In the Web cast, Ross Fowler, vice president of Borderless Network Architecture at Cisco, said the 30-50 percent savings claim has been touted many times by HP representatives, according to Cisco customers and partners. But when the five-year TCO is calculated, including CAPEX plus the cost of maintenance, labor, bandwidth and energy consumption, the Cisco premium shrinks to just 4 percent -- and that is just for a “basic” network, Fowler said. Furthermore, when the value of what Cisco calls “architectural features” unique to it are added in -- such as TrustSec for improved network security, EnergyWise for energy management and Medianet for intelligent distribution of rich media -- the Cisco premium rises, but still to only 7 percent.

Given the more “intelligent network” that delivers, Cisco’s Fowler argues that should be worth a modest premium. “It’s still a relatively small premium to pay for Cisco over HP so our view is that we have a very compelling economic argument,” he said.

But the study goes on to discuss other “intangibles” that, while hard to document, should be taken into consideration. Cisco argues that it’s additional design features reduce downtime and its associated costs, improve productivity and reduce the chance of a security breach. “Once you’re in the 4 percent to 7 percent premium [area], then you can start having conversations around the uptime, the user productivity and the security breaches. Even though they’re intangibles, if they’re only in the 4-7 percent range, why take the risk of going with a so-called ‘good enough network?’” Fowler said.

HP was unable to provide a response to Cisco’s latest study, but in July cited a Dell’Oro Group report that its networking market share rose to 12 percent in the first quarter of 2011 from 9.5 percent in the year ago quarter. And in August, HP shared with reporters details on the networking research its doing at HP Labs as a way to counter Cisco’s claim that HP’s “good enough network” lacks the innovation Cisco has to meet the network demands of the future.

Cisco for years has been able to charge a premium for its networking products because they have some fundamental design advantages over those of rivals, said Zeus Kerravala, principal analyst with ZK Research and previously with Yankee Group research. HP makes its networking technology with “merchant silicon,” Kerravala said, which means that its networking product features end up being similar to what everybody else is offering. Cisco, by contrast, designs its networking products with custom application-specific integrated circuits (ASICs). “They are able to get their equipment to work better and faster together. Cisco does have features on their products that nobody else has,” he said. “They tend to be versions of the standard that do more than the standard.”

HP, however, has been able to put more competitive pressure on Cisco than other rivals such as 3Com (before HP acquired it), Nortel Networks, and niche rivals such as Brocade and Juniper Networks, because HP has a substantial sales force and marketing budget, Kerravala said. It also serves the same customers and works with the same industry partners as does Cisco.

However, HP faces one significant hurdle in truly making a dent in Cisco networking dominance, he said. Industry figures show that, measured by network ports rather than revenue, Cisco’s share is in the 50-60 percent range versus HP’s 10 percent. Kerravala says an enterprise heavily invested in Cisco equipment would be reluctant to switch to an HP network because Cisco holds an incumbent’s advantage

One company he spoke with that was contemplating a move from Cisco to HP for the lower CAPEX discovered that its networking engineers were all Cisco-certified, that all the testing and management tools were Cisco and that “all of that would have to be swapped out as well,” he said. “They may get a little bit lower cost coming in the door [with HP] but ultimately it would cost them a lot more to make that swap,” Kerravala said.

See more on this topic by subscribing to Network Computing Pro Reports Strategy: Unified Computing Stack Wars (subscription required).