Internet Network Security Blog

Brocade introduced a new application delivery controller that enables service providers to manage application delivery in a way that servers or end-point devices no longer can. A key feature of the Brocade ADX 12.4 is what the company calls an OpenScript Engine, which enables enterprise service providers to build customized versions of network applications using the open-source Perl programming language in order to deliver networking capabilities unique to their needs.

The ADX 12.4 is designed to address a shift in the role of networks in delivering applications. Because of the proliferation of various end-point devices to which applications are delivered, no one optimization will suffice. For service providers such as ISPs, that range of devices includes laptops, smartphones, tablets, gaming consoles and Internet-enabled TVs. Because applications are also delivered via the cloud, traditional server-based application controls also come up short.

The OpenScript Engine feature in ADX 12.4 is a Perl-based platform for customizing applications for a service provider's unique needs, such as improving network infrastructure, security, acceleration or monitoring. Brocade is a supporter of the Comprehensive Perl Archive Network (CPAN), a community of app developers who share extensive libraries of scripts that have already been created. A developer trying to accomplish one task may find the work of someone else in the community who already solved the problem so efforts aren't duplicated.

Although other application delivery vendors also offer scripting engines, Brocade's support of Perl is laudable because it's a well-known and widely used scripting language, said Sam Barnett, directing analyst for data center and cloud research at the research firm Infonetics. He is also a veteran of the networking industry, running startups that worked with Brocade and Foundry Networks, which Brocade acquired in 2008.

A particularly impressive feature of the OpenScript Engine, Barnett said, is the Application Performance Estimator, which, as its name implies, predicts how an application will run on a network, as it's currently configured, before the application is actually deployed.

"The service provider community didn't really know what a new application or service delivery platform was going to do on the network because they didn't really understand how it was going to be used," he said. "This [Estimator] gives you ... a really good understanding of where your pain points are going to be before you introduce something completely unknown onto your network."

ADX 12.4 also streamlines the transition the IPv4-based network to the IPv6 network. It will help maintain service parity on both networks, which in a typical situation will run in parallel. IPv6 is a new standard for assigning Internet Protocol addresses because the worldwide supply of IPv4 address is running out.

Learn more about Strategy: OpenFlow vs. Traditional Networks by subscribing to Network Computing Pro Reports (free, registration required).

Riverbed Technology introduces Cascade 9.5, an upgraded version of its network management tool that aggregates information from a number of Riverbed network appliances -- physical and virtual -- into a single management console. Among the new features of Cascade 9.5 is Virtual Cascade Shark, the virtual version of Riverbed's physical appliance, which sees into the virtual switching layer within a virtual machine environment in a way the physical Shark appliance cannot, said Riverbed.

The new version of Cascade comes just two months after the WAN optimization market leader released a major upgrade to the RiOS 7--the software that powers its line of Steelhead application acceleration appliances--and Steelhead Mobile client software adding optimizations for video, disaster recovery applications, ICA over SSL and enterprise applications as we as and IPv6.

The new features include tight integration with Riverbed's Stingray traffic manager and F5's BipIP so that Cascade can perform multi-segment analysis correlating individual connections to a virtual IP (VIP) address associated with connections to hosts in a server pool. With multi-segment analysis, IT can correlate traffic issues like dropped packets, delay and other issues with an end user session. Without such correlation, monitoring application performance across the load balancer is difficult. Other load balancers are supported, but the configuration in Stingray is a manual process.

The need to manage the growth and increasing complexity of networks is driving demand for network performance management technology that can monitor traffic, identify possible bottlenecks and intervene to clear them up. As use of IT grows in enterprises so does demand on IT to deliver more capacity and speed over the WAN and to be able to prioritize traffic. For example, video gets priority over a simple e-mail, but a VoIP call gets priority over video if the video in question is something frivolous on You Tube.

The data center is undergoing a radical transformation. Data centers are being consolidated as virtualization technology is more widely adopted. Network pipelines need to expand to handle more traffic, particularly high-bandwidth video. And as applications are increasingly being distributed over the Web, more attention has to be paid to how well the network delivers those apps.

Wrap all of this with a virtualization layer, and application performance management and monitoring gets difficult. Virtual Cascade Shark, which currently runs only on VMware ESX hypervisors, is a virtualize version of Cascade offering visibility into traffic flows between virtual machines in a hypervisor. Cascade Virtual Shark pricing starts at $1,200. The Cascade Shark appliance now integrates with intelligent taps from companies like Gigamon, cTap, and VSS relying on their timestamps for latency measurements.

All of that is happening at the same time and the network administrators are pushed to understand the applications that run over the network and how well they are performing. While virtualization has greatly improved the efficiency of data centers by increasing server utilization, it has created "another blind spot for network managers," said Jim Frey, managing research director at Enterprise Management Associates (EMA).

"There could be traffic that goes on inside a hypervisor between multiple virtual machines and unless you have a means for gaining visibility into that hypervisor, you have no way to understand what's happening in terms of the traffic between those VMs," Frey said.

Other Riverbed management appliances that interact with Cascade 9.5 include its Stingray application delivery controller -- which the company said is more commonly known and a load balancer -- the Whitewater cloud storage gateway and the Steelhead wide area network (WA) optimization appliance.

Steelhead appliances could sit on the network at various branch offices and send WAN performance data to be aggregated by another Steelhead appliance in the data center with the results then presented in the Cascade management console, it said.

The network performance management solutions market is "pretty healthy and growing," said EMA's Frey, with startups seeing revenue growth of 20 percent to 40 percent or more annually and even more mature firms -- publicly traded companies like Riverbed and NetScout Systems -- reporting low double-digit revenue increases.

Learn more about Strategy: OpenFlow vs. Traditional Networks by subscribing to Network Computing Pro Reports (free, registration required).

These five configurations are the first thing a network administrator should apply to a newly-provisioned switch or router. Although these may seem like common sense, 90 percent of devices I see are missing at least one of these settings, and about 75 percent are missing two or more. Use this checklist as an action item to verify your existing devices have these settings, at a minimum, and integrate these in to any templates or provisioning documents you use. You'll appreciate the results of the consistency this adds to your network management and monitoring.

Define a default gateway or default route
Let's start with the fantastically easy one; a management IP and default gateway. Obviously, you can't manage a device across the network unless it has, at bare minimum, a management IP address. Instead of harping on the obvious, instead take note that many times when edge devices are provisioned, an IP address is configured, but the default gateway or default route is forgotten or omitted.

What happens when this configuration is missing? Those edge switches will hum along happily until one of three things happens:

1. Your management tool is installed or moved to a different subnet
2. You try to manage the switch from a different network or subnet.
3. You begin adding other VLANs or subnets to the switch.

Without a default gateway or route off of the network the switch is using, traffic may reach the switch, but it won't find its way back off that network. You won't believe how many edge are in the wild with this grievous omission, often resulting in the switch becoming unmanaged, by virtue of the management tools not able to see it.

Cisco & HP Networking:
# ip default-gateway
# ip route 0.0.0.0 0.0.0.0

Set the time
If I could ask administrators to set only one configuration out of the box, after the basic IP settings, I'd ask for this – the correct time. Correct time on a switch is vital when troubleshooting the device. A string of log entries dated 1/1/90 are useless to network administrators troubleshooting a problem.

The three most popular ways to set time on a device are 1) manual time settings, 2) TimeP or NTP and 3) SNTP. You should really have a time server in your environment, to keep the network all in sync. If you don't have a time server now, you can very easily add it. In Windows Server environments, a few clicks will have you up and running with SNTP in less than 5 minutes. You can also use public (Internet-hosted) time servers, although you shouldn't put yourself in a position to force each switch to call out over the Internet for time. As a last resort, set the time manually if you must; but by all means, set it somehow.

Cisco:
# ntp server
# clock timezone
# show clock

HP Networking:
# ip timep manual
# timesync timep
# clock timezone
Or
# sntp server
# sntp unicast
# timsync sntp
# show time

Enable neighbor discovery
Neighbor discovery protocols are essential for network administrators and management tools to accurately construct a view of the network topology. Each manufacturer has its own supported mix of neighbor discovery protocols, loosely based on how standards-focused that vendor is, and how much they want to pay in royalties to use proprietary protocols. The two most widely used are LLDP (Link Layer Discovery Protocol), an IEEE standard, and CDP (Cisco Discovery Protocol). Support varies by brand and at times even by model or firmware versions. What you may see in some devices is LLDP supported for listening and talking, but only the only CDP support is for listening. Others may offer equal capabilities for both protocols.

Enabling all supported neighbor discovery methods is highly recommended. The information it provides lets you immediately locate neighboring switches and even media endpoints such as phones and access points that use LLDP-MED, an extension of LLDP. Not only can you see where these devices are connected, you can get details of the device type, its hostname, IP address and even see what port it's connected to on the other end. In a similar fashion, your network monitoring and management tools will use these protocols to crawl the network, discover new devices and correctly identify and show inter-switch links.

Cisco: CDP is enabled by default, Enable LLDP
# lldp run
# show lldp neighbors <+ optional details>

HP Networking: LLDP is enabled by default. Enable CDP receive only support
# show lldp info remote <+ optional details>
# show cdp neighbors <+ optional details>

Configure logging and traps
Notifications of events on the network are a critical component of monitoring, troubleshooting and real-time alerting. Most switches offer two primary means of sending this data to a central repository; logging events via syslog and trap events via SNMP. Configuration of both is simple, and usually varies minimally from switch to switch, and even brand to brand.

Most organizations have a syslog server or a management tool configured to receive SNMP traps. If yours doesn't have such an application, I'd strongly encourage you to use this opportunity to investigate your options. If you don't have budget or time, look around your existing management tools, and you'll likely find something you can use already in production. If not, there are a variety of free syslog and SNMP tools; just make sure you download free tools from a source you trust.

Cisco & HP Networking:
# logging
# snmp-server host

Add custom SNMP communities
SNMP (Simple Network Management Protocol) is used to manage or monitor all types of devices in a network, including switches, servers, and even desktops. SNMP allows us to define different community strings that are mapped to different access rights. Most simply we have a read-only string, and a read-write string. The read-only string lets monitoring tools see and gather information from the device, whereas the read-write string allows management tools to make modifications and configuration changes to the device. By default, switches most often have either no pre-defined strings, or they use a combination of public and private.

For some readers, you may feel this should be included with the full management configuration (defining local users or RADIUS/TACACS authentication, enabling secure management with SSH and HTTPS), but I define it as one of the recommended out-of-the-box settings. Within an organization, you likely have only a set or two of custom SNMP community strings, and these strings aren't going to change from the time you order the switch, unbox it and then deploy it. Initial omission of the strings is usually an oversight, or network admins consciously leave it out, and figure they'll go back and add it later. Your management tools should already be set to talk to your devices using your custom SNMP strings, so go ahead and start off on the right foot by setting it early on the device. Remember, they are case-sensitive, and you'll avoid the frustration of typos if you include these in a template or at least copy-paste from a base text document. Incorrect SNMP strings are frustrating, especially in larger environments. Correct strings will let your device be seen and managed immediately by all your management and monitoring applications.

Cisco:
# snmp-server community ro
# snmp-server community rw
# show snmp

HP Networking:
# snmp-server community operator restricted
# snmp-server community manager unrestricted
# show snmp-server

There are many other configurations recommended in a production environment, including secure encrypted management and file transfers, and SNMPv3 in certain networks. These 5 settings are a quick-start to ensuring consistent management of your infrastructure devices across the enterprise.

Learn more about IT PRO Report: Data Center Networking (free, registration required).

Thinking back on the 1987 movie "Spaceballs", I picture a comical Dark Helmet standing on the bridge of his ship. In my mind, he holds a smartphone and contemplates the latest buzz on mobile network speeds, fresh from the International Telecommunications Union. As he ponders the 100 Mbps data speeds soon to be delivered by his preferred carrier, he utters the order "Prepare for ludicrous speed" and the ship IMT-Advanced warps off to hyperspace at an impossibly crazy velocity. Speeds in the mobile data world are about to get quite exciting.

To read the various analyses of what the International Telecommunications Union (ITU) has recently approved in its IMT-Advanced announcement is to be schooled on what 3G and 4G really are, and are not, as well as getting a look at where mobile wireless is heading. And where it's heading is impressive.

Where a present-day good 3G connection will yield a respectable few Mbps connectivity (if you’re not moving), IMT-Advanced will make 3G feel like a dial-up modem. Current LTE networks that claim 4G-ness measure and market their speeds in the double-digit Mbps, but there is a lot of variability across carriers and conditions required to get to top speeds.

Regardless of the current marketing campaigns and the decent speeds that the carriers are giving us on their "4G" networks, the ITU says that we have yet to see true 4G networks by their technical definition. To really be 4G, a network must deliver speeds of 100 Mbps when in motion at vehicle speeds and 1 Gbps (yes, Gig speeds from mobile networks) when not moving. Marketing being what it is, nothing we have in the US from LTE or WiMax comes close to these lofty requirements despite of all of the 4G hype taking root. So far, 4G isn't really 4G. But when we get there, it will be ludicrous.

So what did the ITU do for the mobile network space during their meeting in Switzerland that commands so much interest? The communications governing body approved two technologies, LTE-Advanced and WiMax 2, as the path forward to mind-blowing mobile networks under the heading of IMT-Advanced. Now that the declaration has been made, development and manufacturing can proceed. Though it will likely take a couple-few years for IMT-Advanced network and handset build-out, it stands to reason that IMT-Advanced will stay on people's minds as they contemplate their future mobile strategies.

All guesses about how IMT-Advanced will truly impact the mobile network space are on the table. As more individuals and businesses alike make mobile data a priority, carriers today are using strategies like data plan terms and WiFi offload to prevent network saturation, which also gets interesting through the lens of IMT-Advanced. Though network speed is easy to get excited about, you can’t get blazingly fast without modulation and antenna techniques that make for better cells and higher capacity for everyone, even legacy non-IMT –Advanced users. Higher speeds and better cells mean better general traffic-handling capability, which has to have some impact on how service plans will be structured.

There is little doubt that IMT-Advanced will certainly come to be recognized as a disruptive technology and will likely challenge notions of traditional networking in many areas yet to see broadband. Testing with early IMT-Advanced components is already well under way in Europe and China, and Internet videos showing beta efforts and results for IMT-Advanced are simply captivating if you follow mobile network development.

Gigabit mobile broadband? Even Dark Helmet would approve.

At the time this was written, I was not being paid by any vendors or organizations mentioned.

In all the technical discussions about network routers, switches, throughput, packets and the alphabet soup of acronyms that apply, it may be easy to forget that network downtime can have life or death consequences. For two NetFlow users, the requirements for the network monitoring technology were less dire, but the results were still compelling.

Jhune Rosario is the network systems administrator for Puget Sound Blood Center, which operates 17 sites where blood is drawn from donors and 51 hospitals that use that blood supply to treat patients. Some of those sites are a three-hour drive from Puget Sound, but have only a T1 line connecting them, so the implications of that connection going down are significant.

"Recently I met a family whose son had leukemia and they had to do almost two transfusions a week. If they don't get that transfusion, that child could be in a very difficult situation," Rosario said.

The child could be waiting for blood but with the network down, lab technicians can't confirm whether a donor in, say, Bellingham, Wash., is the right blood type for the patient, he said.

While Puget Sound is a nonprofit without the budget to replace a T1 line with a 10 gigabit per second (Gbps) connection, it has benefited from adopting NetFlow technology to monitor its network and proactively troubleshoot problems before they cause an outage. Puget Sound Blood Center, which uses NetFlow technology from Lancope, has saved $22,680 in costs for each hour of network downtime it suffered.

The blood center is one of several examples Lancope cited in a recent report on "The State of NetFlow."

NetFlow is a network protocol developed by Cisco Systems in 1996 to collect IP traffic information and provide visibility into a network. IT professionals monitoring their networks with NetFlow can see where situations like network congestion or a mis-configured switch are occurring and intervene to fix those problems. Variations of the NetFlow are now widely used in networking gear from such companies as Alcatel-Lucent, Cisco, HP's 3Com, Huawei Technology. Other flow based technologies like SFlow are used by Juniper and Extreme networks. The IETF's IP Flow Information Export (IP-FIX) standardizes the flow reporting protocol, but has yet to see wide spread adoption.Puget Sound Blood Center has seen network uptime improve since introducing NetFlow, Rosario said. "On our old system we always had to react to a situation," he said. "Now our help desk can see that the system is running slow, then they can proactively look up that information and alert the folks who can start solving the issue."

The problem was different at Grafisch Lyceum-Rotterdam (GSR), a university in the Netherlands. The university was hampered by existing firewall technology and an embedded intrusion detection and intrusion prevention system (IDS/IPS) that could only inspect a portion of network traffic and did not provide visibility into the school's high-speed internal and virtual network. Using Lancope's StealthWatch NetFlow technology, GSR gained wider visibility into its Internet gateway traffic and the internal and virtual network. GSR also reported faster time to resolution for network problems and a 75 percent cost savings compared to what they had before.

For AirTran Airways, the network challenge was maintaining Payment Card Industry (PCI) compliance across a widely distributed network serving about 10,000 end users. Because it's billed as a low-cost airline, AirTran needed a cost-effective and scalable network monitoring system to enable employees to take credit cards from wherever possible--at any gate, ticket counter or kiosk. Its deployment of StealthWatch enabled the airline to improve PCI compliance, increase network visibility and better identify and address anomalies to improve network security.

A recent Lancope-sponsored study by Enterprise Management Associates found that the most popular current uses of flow data are traffic monitoring (76 percent) and security monitoring (61 percent). Other key findings include: 47 percent of respondents leverage flow data for understanding services consumption; 46 percent use flow data for planning/engineering; 96 percent say they expect to maintain or expand their use of flow data over the next 12 to 18 months; and NetFlow is the most popular type of flow data, used by 70 percent of respondents.

Learn more about Strategy: OpenFlow vs. Traditional Networks by subscribing to Network Computing Pro Reports (free, registration required).

Sales of 10 gigabit per second (Gbps) Ethernet Switches are expected to reach $13 billion by 2016 and will constitute nearly half of a total $28 billion Ethernet Switch market by then, a forecast from the research firm Dell'Oro Group states. And even as data center operators upgrade from 1 Gigabit Ethernet (GbE) Switches to 10GbE in order to handle exponentially larger volumes of network data traffic, sales of even faster 40GbE and 100GbE switches will also be picking up as well.

By 2016 sales of 40 and 100GbE products will amount to $3 billion, Dell'Oro said in its five-year forecast for the Ethernet Switch market. The company, which is focused exclusively on networking and telecommunications equipment market research, expects the strongest growth in 10GbE Ethernet in 2013 and 2014 as enterprise data centers invest in the technology for server access through a mix of connectivity options for blade and rack-mounted servers.

Growth in 10GbE deployments will be driven by continued adoption of virtualization, meaning servers will be running at higher utilization rates than do non-virtualized servers, said Alan Weckel, senior director at Dell'Oro Group. Another driver is expected to be the expected server refresh cycle prompted by the release of Intel's new Romley microprocessor platform, which will provide the faster server throughput that is needed for virtualization.

"Romley comes out in the first half of 2012, so 2012 is going to be the time that enterprises go through qualification tests of the new servers and new switches. The hockey stick up is [in] 2013," Weckel said.

Vendors in this burgeoning market include Alcatel-Lucent, Avaya, Brocade, Cisco Systems, Extreme Networks, Dell, HP, IBM, and Juniper Networks, but Weckel declined to say which specific vendors Dell'Oro thinks will benefit more from 10GbE sales than others.

Vendors are seeing the same pick-up that Dell'Oro sees.

"This is the year of 10 gig," said Arpit Joshipura, chief marketing officer for Force 10 Networks, which was acquired by Dell in August 2011. "All of a sudden, this year we will see a lot more 10 gigabit deployments and it's already starting to happen in our customer base."

Joshipura, who came to Dell from Force 10, said Force 10 developed the first 10GbE switches about 10 years ago and would have hoped the technology would have caught on sooner but is nonetheless happy that sales are picking up. However, while the rate of growth of 10GbE switch sales is strong, Dell still sells far more 1GbE switches than 10GbE ones. Based on unit sales, he estimated 90 percent of sales are of the previous generation 1GbE products.

Likewise, Cisco Systems sees strong growth in the 10GbE market and crossed the 10 million unit sales mark in December 2011, said Shashi Kiran, senior director of data center and enterprise networking at Cisco.

Kiran said Cisco currently enjoys a 76 percent share of the 10GbE market and that, although the majority of their sales are also still of 1GbE products, the growth rate for 10GbE is higher. He also said that as more 10GbE switches are deployed, Cisco is acting proactively to see what other points on a network may appear as "choke points" for the faster 10GbE traffic.

Kiran also said unit sales of 10GbE products are driven by declining prices, which makes it easier for customers to justify purchasing 10GbE to replace 1GbE on their networks.

Dell'Oro's Weckel provided some specifics: Across all vendors, the average selling price of a 10GbE product was $388 per port in 2011, down from $818 per port in 2008.

Learn more about IT PRO Report: Data Center Networking by subscribing to Network Computing Pro Reports (free, registration required).

Network equipment vendor Enterasys is tackling the growing problem of managing wired and wireless devices with the latest addition to its suite of fabric network management technology, the OneFabric Edge Architecture. The combined wired-wireless management fabric relieves a number of network management headaches, especially in situations where the wired network is often managed by one vendor and the wireless network by another, says the company.

"Wired is a pain in the butt now," said Craig Mathias, a principal analyst at Farpoint Group. With wireless devices ubiquitous in the workplace, he wonders why anyone would use a wired network.

For now, though, wired and wireless networks have to work together and need to be merged. "The idea of thinking of the network as a single unified entity ... is one of the key emerging themes that I think you're going to see a lot of emphasis on over the next couple of years," Mathias said.

The OneFabric Edge features an end-to-end integration of the wireless local area network (WLAN) and the wired infrastructure and integrates Enterasys' security and management features with application-aware capabilities that aid compliance and service level agreements (SLAs). The product introduces what Enterasys calls the Wireless Services Engine (WiSE), a WLAN controller for application services, which the company said gives customers greater flexibility for deploying edge access in virtual, physical and cloud environments.

Lastly, the OneFabric Edge introduces the K-Series modular switch, which provides visibility into network traffic to determine location, identification, and overall management capabilities of the converged wired and wireless network. Enterasys says the K-Series switch helps manage environments in which employees bring their own wireless devices into work to run on the corporate network.

Both the Enterasys data center fabric and edge fabric systems are jointly managed by the OneFabric Control Center management console.

While applauding Enterasys' innovation, Mathias said it faces considerable competition in the data center fabric space from companies such as Cisco Systems, Juniper Networks, Brocade and others -- as well as in the edge network space.Although network and edge fabric technology from those and other vendors is catching on, a recent survey of the people who buy networking equipment showed some caution about embracing new technology too soon. Information Week analytics released a survey earlier this month that showed that IT buyers favored products built to industry standards over those with the latest innovation, including network fabrics.

The report noted "a general wariness of proprietary features, where many cutting-edge capabilities are in flux--either the standards aren't complete or are yet to be widely adopted."

Those kinds of reservations are warranted, but Enterasy says its approach to fabric computing is different from that of competitors, noting that it uses an open architecture based on networking standards and that its fabric offerings are compatible with other vendors' legacy systems, something fabric competitors can't always say.

The difference between Enterasys and competitors is also based on different definitions of the term "fabric," added Mark Townsend, director of solutions architecture for Enterasys. Enterasys endorses the research firm Gartner's definition of a network fabric as "taking a collection of resources, such as a network, and to unify those under a single control plane to deliver an application," he said.

Other vendors define fabric in terms of a "topology," he added, referring to the multi-path connections between switches and routers designed to make networks run faster, more efficiently and to be flatter.

"If you look at our competition, they are looking at fabric as a topology and the topologies that they are talking about are based on proprietary protocols," Townsend said.

While buyers may be wary of fabric technology, this happens all the time when new technology is introduced, particularly in networking, said Mathias. "There's always a degree of risk when you shift from the old modes of thought to the new modes of thought," he said, adding that vendors need to better educate prospective customers to overcome their reservations.

Learn more about Optimize Your Mobile Infrastructure by subscribing to Network Computing Pro Reports (free, registration required).

Intel, which played a key role in the creation of the InfiniBand high-speed networking standard a decade ago, has come full circle and bought the IB assets of Qlogic, one of the two remaining companies still actively pushing this technology. While $125 million is chump change for a company that netted $3.4 billion in profits last quarter, Intel says the acquisition will enhance its networking portfolio and provide scalable high-performance computing (HPC) fabric technology as well as support the company's vision of innovating on fabric architectures to achieve ExaFLOP/s performance by 2018. At a hundred times faster than today's fastest supercomputers, it's an aggressive move, seeking to accelerate performance to a quintillion computer operations per second.

The InfiniBand specification defines a low-latency, high-bandwidth input/output architecture used to interconnect servers, communications infrastructure equipment, storage and embedded systems. It is a true fabric architecture that leverages switched, point-to-point channels with data transfers today at up to 120 gigabits per second, both in chassis backplane applications as well as through external copper and optical fiber connections.

Last year the InfiniBand Trade Association reported the technology is seeing continued growth on the TOP500 list of supercomputing sites. InfiniBand connects the majority of the top 100 with 61 percent, the top 200 with 58 percent and the top 300 with 51 percent. The total number of InfiniBand-connected CPU cores on the TOP500 list has grown 65 percent, from 1.4 million in Nov. 2009 to 2.3 million in Nov. 2010.

IDC says the HPC market was worth $19 billion in 2010, up 10 percent, and expected to see 7 percent growth through 2015. While Ethernet remains the leader, the research company predicts InfiniBand will continue to take market share from proprietary interconnects.

Supercomputing is the key to the deal, says Intel. While the percentage of HPC CPU shipments will drop from 15 percent to 12 percent between 2010-2015, it still represents a sizable chunk of the total market. However, next year the top 100 supercomputing CPU (total addressable market) will reach 1 million units, double in 2015, and reach 8 million units by 2019.

Intel says InfiniBand was seen as the missing piece to developing a scalable fabric by 2018. The acquisition also rounds out the company's Ethernet portfolio, it says. HPC is one of thetwo key pillars of growth within Intel's data center business, along with cloud.

The other company remaining in the IB market is Mellanox Technologies), which along with Qlogic, has been an Intel partner. Oracle uses InfiniBand technology in its database appliances and bought a 10.2 percent share of Mellanox in late 2010.

The Qlogic deal, which is is expected to close this quarter, involves the product lines of and certain assets related to its InfiniBand business. A significant number of the employees associated with this business are expected to join Intel's network and communications unit.

Learn more about OpenFlow vs Traditional Networks by subscribing to Network Computing Pro Reports (free, registration required).

Arguing that multiple point appliances intended to secure a network only add to complexity without providing the intended protection, F5 Networks is introducing what it calls a Data Center Firewall to combine multiple security solutions into one appliance. The appliance, called BIG-IP model 11050 and carrying a starting price of $129,995, delivers such security features as dynamic threat defense, DDoS protection, protocol security, SSL termination and a network firewall.

"The current environment just doesn't scale, it doesn't extend and it doesn't respond. We think this model is broken and it's very, very real in our customer base today," said Mark Vondemkamp, director of product management for F5.

ICSA Labs, an industry accreditation body for network firewall solution, certified the F5 BIG-IP product family as a secure socket layer (SSL), transport layer security (TLS) and virtual private network (VPN) compliant appliance line.

The appliance is designed to respond to some of the latest types of attacks on networks, Vondemkamp said, such as dedicated denial of service (DDoS) attacks where web sites are pinged millions of times to bring them down. Lately this has been done for political reasons such as the attacks on sites targeted in the wake of the WikiLeaks document dumps of U.S. State Department cables in 2011.

F5 has also seen a rise in the number of blended threats on the Internet, combining a DDoS attack with an application-level attack. Lastly, the BIG-IP appliance protects against zero day attacks, in which a vulnerability in a software program, such as Microsoft or Adobe, is discovered before a patch for it can be developed and deployed.

The array of point solutions to address these threats -- network firewalls, DDoS appliances, domain name server (DNS) appliances, web application firewalls and load balancers -- are difficult to manage, can be a drag on network performance, and can result in multiple points of failure, said Vandemkamp.

"The traditional approach needs to be replaced by a unified security architecture," he said.

F5, in the leaders quadrant in the Gartner research "Magic Quadrant" analysis of SSL and VPN security vendors, released in December 2011, shares top spot with Cisco Systems and Juniper Networks, while competitor Citrix Systems is identified as a viable "challenger."

However, in its analysis of vendors, Gartner faults F5 for lacking an Internet Protocol Security (IPsec) capability in its products. IPsec is a protocol for securing IP communications by authenticating and encrypting each IP packet in a communications session."F5 faces an uphill contest with vendors that offer both SSL and IPsec, and should reconsider whether to build or acquire client-based IPsec support," Gartner reported.

That aside, the F5 approach of combining different point solutions into one powerful data center firewall is a viable approach, said Jeff Wilson, a principal security analyst at Infonetics research.

Even though the typical enterprise data center may not be as much of a target of a malicious DDoS attack as would a financial institution or a government agency, data centers are still high-value assets that need enhanced protection for today's threats, Wilson said.

"Since data centers typically process a lot of traffic, have high bandwidth connections and have a lot of high-capacity gear, when attacks are aimed at them they tend to be very fast attacks, but the typical firewall isn't designed to handle a DDoS attack," he said. "The scale of the attacks is really what's at issue in a data center."

F5 compared its BIG-IP 11050 to the Juniper SRX 3400 on throughput, connections per second and the number of concurrent connections it can support. Wilson says that's because Juniper has a significant foothold in the data center and, like F5 and other network security vendors, is trying to expand its presence in those data centers. He identified HP's Tipping Point and CheckPoint as among other vendors going up against F5.

Learn more about Data Encryption by subscribing to Network Computing Pro Reports (free, registration required).

Migration to Windows 8 won't be a shoo-in, with a number of issues remaining to be addressed before Microsoft can expect the majority of its users to migrate to the new version of the operating system. A new survey from Information Week Analytics, Research: Windows 8, finds that the migration strategy appears to be predicated upon people migrating from Windows 7 to Windows 8, when it has already been clear that a significant minority of existing users are still running Windows XP – which demonstrates the sort of problem that Microsoft is facing. The new OS is scheduled to come out in beta in February and for final shipment in the second half of the year.

According to the survey of 973 business technology professionals, 90 percent of them still have Windows XP, and 81 percent of them have Windows 7. Just over half, 52 percent, plan to upgrade, while 48 percent will not. Of those planning to upgrade, 82 percent will be upgrading from Windows 7 and 54 percent will be upgrading from Windows XP. Half plan to stay with Windows XP, while 30 percent plan to stick with Windows XP. And even those who do plan to upgrade, 28 percent, the largest percentage, have not yet established a timetable for when they will be upgrading. Moreover, 21 percent said they do not plan to deploy Windows 8 on mobile devices.

Issues cited by the survey respondents included having to redesign applications in order to support the new Metro tile-based touch user interface, the requirement for touch devices and monitors to take advantage of the new interface, Windows 8 compatibility among different browsers, and the requirement to develop back-end systems that can service a variety of devices.

Barriers to upgrades cited by respondents include other IT projects with higher priorities, compatibility issues, testing requirements, a lack of business drivers or ROI, training requirements, lack of staff, lack of money, and the fact that they're still in the process of migrating to Windows 7.

Another survey, Information Week's 2012 forecast found the prospects are good for Windows 8 Server, and not so bright for Win Mobile. At the end of 2011, 63 percent of respondents said they'll run Windows 8 on at least 50 percent of their servers. Only 30 percent of respondents say they'll run the phone/tablet version on that fraction of these devices, which was considered surprisingly high.

Migrating from Windows 7 to Windows 8 is supposed to be seamless, but migrating from Windows XP to Windows 8 will be another issue, since like the migration to Windows 7, it will require a clean install. "Essentially, you have to save your data, do the install, and migrate your data in," says analyst Roger Kay, owner of Endpoint Technologies Associates Inc. Moreover, Windows XP users may find they need more memory or processing power to support Windows 8.

"If a system is more than two or three years old, it might not have the processing power to make Windows 8 work correctly," says Charles King, principal analyst for Pund-IT Inc.

However, users who migrate from Windows 7 may see improvements, says Rob Enderle, principal analyst for the Enderle Group. While Windows 8 has the same memory requirements as Windows 7, it is less resource intensive. "The cheapest systems that run Windows 7 or Vista should be as fast or faster with Windows 8," he says. Systems should have at least 2 gigabytes of memory, though Kay suggests that 4 gigabytes would be better.

Learn more about Research: Windows 8 by subscribing to Network Computing Pro Reports (free, registration required).