Internet Network Security Blog

While the networking giants – Cisco Systems, Brocade and Juniper Networks – battle it out for domination of the emerging fabric networking segment, a host of new competitors are nipping at their heels. Both other networking companies, like Avaya, Enterasys and Alcatel-Lucent, as well as computer companies edging into the networking space, like HP and Dell, are among those joining the fray.

One analyst says the rivalry is so strong because each is offering a largely proprietary approach to fabric and each wants to be the first to dominate the market. Juniper’s QFabric, for instance, is criticized as an expensive vendor lock-in play, still more a marketing plan than an actual product, though Juniper disagrees.

Fabric computing refers to networking technology in which a series of switches are controlled by network intelligence to be operated as one virtual switch, creating multiple paths for data to take through those switches. Particularly, fabric enables “east-west” traffic between and among switches and servers on the same network layer, in addition to the traditional “north-south” path between the core, aggregation and access layers.

While vendors differ on their technology and approach to market, maximizing east-west traffic “would be the single lighthouse they’re all trying to row to,” says Zeus Keravalla, principal analyst with ZK research.

Fabric is essential to handling the massive increases in data workloads created by the explosion of virtualization and cloud computing. Fabric generally is based on one of two underlying technologies, shortest path bridging, a standard approved by the Institute of Electrical and Electronics Engineers (IEEE), and Transparent Interconnect of Lots of Links (TRILL), a standard approved by the Internet Engineering Task Force (IETF).

But because fabric is relatively new, it’s hard to adequately compare different vendor offerings. Dell’Oro Group, a research firm that specializes in the networking space, doesn’t yet track sales or market share numbers for fabric computing. “The industry really hasn't been comfortable defining what really is and isn't a fabric and how to count them,” says senior director Alan Weckel.

Juniper has sought to distinguish itself from other vendors with technology it calls QFabric, unveiled in February 2011. QFabric has three basic components: the QFX 3500 line of 10 gigabits per second (Gbps) Top-of-Rack (ToR) switches, which began shipping in March 2011; an appliance called a Fabric Interconnect that links all the ToR switches; and Fabric Director, a server-based controller for the combined network that gives it that 'one virtual switch' capability.

Since that introduction more than a year ago, Juniper has faced criticism from competitors and some analysts that with QFabric, as Keravalla put it “their marketing was well ahead of product.” Cisco also posted a video on You Tube making fun of Juniper’s inability to deliver QFabric, comparing Juniper to a pizza delivery service.

Juniper’s problem with QFabric is that it is a big change, requiring a substantial financial commitment for a customer to adopt it, says Eric Hanselman, networking research director for 451 Group.“It’s a more complicated arrangement now,” he says, compared to other fabric architectures. While QFabric delivers significantly lower latency than other fabric solutions, it’s a more involved installation than those of competitors. “You’ve got to be willing to make the jump to this non-conventional way of building a switch infrastructure.”

But Juniper explains that QFabric is not an all-or-nothing proposition, nor is its adoption as weak as critics say.

The QFX 3500 switches began shipping in March but the Interconnect and Fabric Director components didn’t become available until late September of last year, says Dhritiman Dasgupta, senior director of product marketing at Juniper. The switches can operate as standalone switches, but it is only when combined with the Interconnect and Fabric Director that it becomes a QFabric installation -- a fabric of up to 6,144 ports. That being the case, QFabric as a whole has only been available for about two full quarters.

Because a customer can add QFX 3500 switches to their data center and then add the other components to make it QFabric, “it provides a very nice migration path,” says Dasgupta.

“We don’t come in and say you have to buy this 6,000-port fabric to prepare for this very large environment,” adds Denise Shiffman, a VP of product marketing at Juniper. “When you hit a certain amount of [switch] density you can move that into ... the fabric, and grow that fabric incrementally.”

And despite critics’ claims that QFabric is all pitch and no close, it does have some paying, and named, customers, she says. Juniper lists Sabey Data Centers, a hosting service provider, and the Bank of Canada, as users of QFabric, plus others that are confidential. Shiffman acknowledges that these are partial deployments of QFabric and not in production environments. The company also has several customers running just the QFX switches for now, “[though] they see it as an on-ramp to the rest of the QFabric family,” she says.

Nonetheless, once you go full QFabric, it’s hard to go another way, notes Jason Folet, VP of data center and enterprise networking at Brocade. “Where you might see Juniper QFabric as being a highly proprietary interconnect ... we try to remain as open standards-based as possible.”

Brocade, like industry leader Cisco, bases its fabric technology on TRILL, and began shipping its VDX line of switches in late 2010 and early 2011. Its secret sauce is 'virtual cluster switching', which provides the ability to connect a number of VDX switches into whatever arrangement the customer chooses.“The customer can effectively flatten their network by combining access and aggregation into this one cluster switch layer,” Folet explains. Fabric flattens the hierarchy of three layers -- core aggregation and access -- that is the architecture of client-server networks of old.

Lastly, Cisco aims to maintain its networking lead in the fabric era with its Cisco Unified Fabric “vision,” says Shashi Kiran, senior director of Cisco Data Center Solutions. The Unified Fabric strategy combines Cisco Nexus switches and MDS SAN switches with its NX-OS operating system and FabricPath, its variation on the TRILL standard also supported by Brocade. FabricPath has been deployed by over 1,000 customers worldwide, the company says. The key to Cisco’s Unified Fabric vision is “architectural flexibility,” explains Kiran.

“The underlying infrastructure customers invest in has to be adaptable enough to accommodate heterogeneous workloads and diverse business requirements,” he states, be those in traditional enterprises, Web 2.0 environments, Big Data operations, or the cloud or service provider markets.

The shortest path bridging (SBN) protocol is actually the more “mature” of the prevailing fabric standards, says ZK Research’s Keravalla, and is the technology behind fabric technology from vendors such as Alcatel-Lucent, Avaya and Huawei.

It’s because fabric is just emerging widely that companies are vying against each other for buyer attention, says the 451 Group’s Hanselman. “They are still fundamentally proprietary,” he says. “The reason why they are all whaling away at each other is because they want their customers to commit to their proprietary fabric.”

To separate the hype and marketing buzz from the actually available, reliable and affordable fabric solution, Keravalla suggests they take a cue from their compute vendors on how to choose. The traditional way of looking at network infrastructure has been to look at things like backplane capacity and overall port density. Now in some ways, that doesn’t matter because all the available options are all pretty fast; perhaps server-to-server latency would be a better yardstick.

However Keravalla wonders how best to measure the comparative merits of fabric offerings. “I just think we’re a little too early in it right now to have any kind of good best practice,” he says.

Learn more about Research: 2012 Network Computing Salary Survey by subscribing to Network Computing Pro Reports (free, registration required).

LAS VEGAS: With 8,500 customers and partners in attendance, IBM kicked off this week's Impact – SOA and WebSphere-related – conference, with a number of PureSystems announcements, as well as a major escalation in its mobility capabilities. The annual event which focuses on a Service-Oriented Architecture and IBM's WebSphere software for SOA, showcased new offerings to make it easier to create the "patterns of expertise"software capability that debuted a couple of weeks ago with the PureSystems family of expert integrated systems. The company also unveiled Mobile Foundation, software and services targeted at enterprise mobile environments, based on its Worklight acquisition.

All of these announcements – more than two dozen – come down to three core focuses, says Marie Wieck, General Manager, IBM Application and Integration Middleware: expert integrated systems, mobile enterprise, and WebSphere platform-based business integration software. “We're breaking down the barriers between the data center and IT.”

PureSystems' patterns of expertise are designed to streamline the set-up and management of hardware and software resources. IBM announced a Virtual Pattern Kit to enable clients and business partners to convert technology expertise into reusable, downloadable packages of their own that can be embedded directly into the PureSystems machines to automate a wide range of manual and administrative IT tasks.

In addition, the company announced both clients and partners will be able to access PureSystems through the IBM SmartCloud to create and test their patterns. IBM says this will help organizations radically simplify data center operations, and capitalize on the massive cost savings and efficiency gains PureSystems delivers.

IBM is also introducing several new patterns, including a pattern that gives clients the ability to foster collaboration, expertise location and sharing among their employees, IBM Business Process Manager, and a pattern that drives deployment of IBM Cognos Business Intelligence applications in 20-minutes.

Unveiled on April 11, PureSystems is IBM's response to the converged infrastructure (HP) or unified systems (Cisco) approaches of its peers, adding a new middleware layer that aims to automate both infrastructure and applications, offering workflows from IBM itself, from its third-party partners, and offering IT the ability to define its own workflows. The first two products in the family, PureFlex, which integrates server, storage and networking into one package,; and PureApplication, which automates software based on the patterns and processes of IBM’s own work with customers and partners, are expected to ship this quarter in both Intel and Power-based configurations.

There's also an interesting storage role in the PureSystems roll-out, notes analyst David Hill. All in all, managing physical storage resources better yields an economic cost benefit in better (dare we say optimal) use of storage assets; that ties in nicely to the change of IT economics goal of IBM PureSystems.

Building on its recent acquisition of Worklight, the Mobile Foundation (V5.0) is a portfolio of software and services designed to help organizations capitalize on the proliferation of mobile environments -- including laptops, smartphones and tablets. IBM says this market represents a $22B opportunity that will surge to $36B by 2015.

IBM announced the acquisition of Worklight, a privately held Israeli-based provider of mobile software for smartphones and tablets, at the end of January. According to a recent IBM survey of more than 3,000 CIOs, 75% identified mobility solutions as one of their top spending priorities. In fact, for the first time ever, shipments of smartphones exceeded total PC shipments in 2011. The company added that the world's top 20 communications service providers use IBM technology to run their applications, while more than one billion mobile phone subscribers are touched by IBM software every day.

Another IBM survey of more than 700 CIOs found that 75% said they are embracing a mobile strategy because a flexible workplace delivers a 20% improvement in employee productivity. The CIOs said they are significantly reducing the cost of doing business by decreasing dependence on email, improving social collaboration and adopting cloud technologies to reach mobile workers.

Core capabilities in Mobile Foundation include building on IBM WebSphere Cast Iron to connect mobile applications to a variety of cloud and back-end systems, a new set of development and integration tools from IBM Worklight, new software from IBM Endpoint Manager to address the Bring Your Own Device explosion, and a new set of services, such as the IBM Quick Win Pilot. And new capabilities in the IBM DataPower appliances to quickly and securely expose enterprise data and services to mobile devices.

Rob Enderle, principal analyst, Enderle Group, says PureSystems is the first real attempt to integrate an expert system into a product. “This appears to address one of the big problems with new technology, no one has time to learn it, and by going down a path of integrating expert help into the offering, once administrators get comfortable with the tool, implementing this and future like products should become far easier and far less daunting.” He believes this builds on what is becoming an IBM competitive advantage highlighted by Watson, and that is increasingly intelligent systems.

“I believe IBM’s [PureSystems] solutions may really strike a nerve among its enterprise customers,” says Charles King, principal analyst, Pund-IT, Inc. “Basically, the company has taken the kinds of systems which typically require high degrees of customization/integration (and still do if IBM competitors are building them) and turned them into standard SKUs. That should vastly simplify both configuration and deployment processes.”

In addition, King says the unified management platform promises to ease efforts required of data center staff. “I’m also impressed by the degree to which PureSystems 'patterns' leverage assets and skills provided by IBM’s ISV partners.” In essence, the company is taking an approach that’s nearly diametrically opposite of the direction competitors like Oracle are heading with highly integrated, highly homogenous vertical stacks, he says.

“With the acquisition of Mobile Foundation, IBM is repeating a BMC best practice and bringing in a cross-platform offering with the people who understand this business,” says Enderle. Since they (Worklight) don’t have clients of their own anymore, they have the advantage of being client agnostic, which could be incredibly important to IT executives who neither have control over what employees bring in nor do they want to get into pissing contests between competing vendors.

“IBM is able to stand above this and, unlike the folks that build handsets, deal equally with all of them. Given that IT doesn’t really want any responsibility for the handsets, but does have to provide centralized access to them, this IBM offering should be compelling to potential IT buyers.” King thinks IBM’s new Foundation for Mobile Computing is probably a riskier wager in that it’s making a sizable bet that mobility in the enterprise will fundamentally alter the traditional telecom market. “It could be right, and given IBM’s penetration among enterprise customers (which is far more profound than anything the company attained in the telecom space), IBM could do very well here by providing clients foundational mobility management technologies.

“The changes rumbling through the workplace and among consumers due to adoption of mobile devices including smart phones and tablets looks to me to be a tectonic shift akin to the arrival of PCs in the late 80s and early 90s. The new Foundation for Mobile Computing suggests that, just as it did before, IBM intends to take a stand at the epicenter of this technological earthquake.”

Learn more about Fundamentals: 5 Options for Mobile App Development by subscribing to Network Computing Pro Reports (free, registration required).

Though it’s the new and emerging cyberthreats such as those launched by way of social media tools that might be giving federal government IT security administrators the willies of late, perhaps more striking is their concerns over safeguarding against malicious hacktivism. It figures more prominently than potential cyberattacks being launched by foreign governments.

Ed Moyles, a founding partner of SecurityCurve in Amherst, N.H., and co-author of the new InformationWeek “Federal Cybersecurity: The New Threat Landscape” report, admits that caught him off-guard.

“From a threat standpoint, folks are pretty concerned about foreign governments, but they’re also concerned about the hacktivism thing,” he says. “We’ve heard about hacktivism as it relates to a lot of core services and we’ve seen groups like Anonymous and LulzSec (figure prominently in the media), but in the back of my mind I thought that would very much play second fiddle by a wide margin to the foreign actors; countries like China and Iran for instance, that might be actively targeting our federal systems.”

That said, an InformationWeek survey of 106 federal IT professionals on the cybersecurity threats facing their agencies and their strategies for dealing with them, in general, finds the majority feeling optimistic for their chances to stave off a cyberattack. Which in and of itself is interesting when considering the tough fiscal climate in Washington.

“The one area where, generally, a lot of organizations are ill-prepared is in coordinated, well-funded, sophisticated, low-noise targeted attacks, both against key systems of the federal government, but also against critical infrastructure,” Moyles says. “Industry-wide the real sophisticated attackers … it’s very hard to defend against them.

“That’s one of the biggest threat areas: the really well-funded foreign government actor who might want to leverage attacks against infrastructure.”

In terms of how and what might be sacrificed by federal IT managers to achieve targeted goals at a time when budgets are flat or declining -- more than half of agencies plan to increase cybersecurity spending in fiscal year 2013 – it remains unclear.“That’s a good question,” he says. “If you look at cybersecurity both on the offensive and defensive side, we’re seeing additional requests for funding … but the money has to come from somewhere.”

That too should sound alarm bells in light of a recent Enterprise Strategies Group survey that finds three out of four U.S.-based companies anticipate being hit by a cyberattack of some sort for the second or third time.

Meanwhile, of cybersecurity initiatives that rank high with government IT managers, continuous monitoring stands out, says Moyles, while noting other top priorities that include upgrading standard defenses and improving the security of agency-issued mobile devices. But the trouble is much of it is being done without rhyme or reason.

“You need to do (continuous monitoring) in a way that ties it back to the risk(s) that your agency faces,” he explains. “That might be a little bit different from what folks are doing on the ground. The folks that are implementing these continuous monitoring programs are either just ‘checking the box’ because they have to; or they’re looking at what they can get access to from a data standpoint, but they’re collecting those metrics because they can and not because they’re actually meaningful for their program.”

When asked to rate their level of readiness to defend against new and emerging threats, survey respondents cite social media (28% are completely or somewhat unprepared) and unsecured mobile devices (18% are completely or somewhat unprepared) as prime concerns. Par for the course with the Wild West nature of social media, but mobile devices ranking as high as it did also struck Moyles as odd.

“I thought mobile and bring-your-own-device (BYOD) would be less of an issue within the federal space since culturally that particular sector is more in the model of using resources provisioned for you by the folks whose job it is to secure the technology,” he continues. “I was surprised to learn that’s not the case. The consumerization (of IT) that’s happening in the rest of the industry is happening in the federal space too.”

Overall, Moyles adds the most important takeaway from the survey data is agencies’ emphasis on continuous monitoring.

“The fact that it’s not just about checking the box so you can say you’re doing it. The point is to get to some kind of awareness of risk,” he says. “The people I spoke to … we’re pretty adamant about the fact that just monitoring something just because you can isn’t valuable. It’s about tying it back to the risk.”

Moyles says he reached out to professionals working in the private sector regarding useful metrics for continuous monitoring and he found a willingness in the private sector to work closely with public sector counterparts to carve out a solution for government agencies.

“Folks on the federal side that might not be used to working with people in the private sector that can really drive some value from what’s going on in the private sector metrics community,” he notes. “That was news to me. I think a lot of folks in the federal space might not necessarily realize this.”

In other words, in the near term there are a lot of federal IT managers that are wasting their energy spending time seeing what data they can gather, though it isn’t tied to any clear and present danger.

“As a general call to action across the federal space, maybe it makes sense to spend some time gauging where agencies are from a risk standpoint before they really go too far down the continuous monitoring road,” he remarks. “The pressure (from above) is for the opposite however.”

Learn more about Research: Federal Government Cybersecurity Survey by subscribing to Network Computing Pro Reports (free, registration required).

VMware has confirmed that some of their source code to their ESX server has been leaked. Queue the dramatic music and breathlessly worded missives claiming the sky is falling and your VMware environment will only be secure if you buy someone's stuff. There's no need to panic. Clearly having their source code leaked is bad for VMware, but that doesn't mean it's bad for you. Most likely if you are using virtualization, you have VMware. If a security problem is found via the leaked source code, it may affect your current version or it may not. Either way, let's not panic. There are likely going to be other hurdles that an attacker will have to leap over to leverage a vulnerability in a hypervisor or even management system.

Before you freak out (or if you are dealing with someone who is curious, concerned, or freaking out over the leaked source code), ask the following:

Are your hypervisors available from outside the data center in an uncontrolled manner?
Put it another way, can anyone connect to the hypervisor through HTTP/HTTPS, SSH, or telnet? If the answer is yes, you have done a bad thing and you should be banished from the data center for life and made to answer level 1 helpdesk phone calls.

Most likely the answer is no. Why would you make your hypervisor available outside the confines of where it resides? There is no reason to. Sure, you might be able to access vSphere over an IPsec or SSL VPN from Starbucks, but hopefully you have that locked down pretty well. Ideally, you don't even allow that.

The point is that before an attacker can do damage, they have to have access to the target. It's pretty unlikely that organizations are putting their bare ESX servers on the Internet or even on the internal network. If you are, you get what you get and you only have one place to point that finger of blame.

Are your applications on VMs running code so buggy that an attacker could break through to the underlying OS?
If the answer is yes, your programmers should be banished from writing any code that will run on a server and made to sling Microsoft VBasic for Office. While bugs and vulnerabilities in code occur, you hopefully have taken the proper steps to mitigate the damage. These can include making sure you have a software development lifecycle that addresses problems, you have security checks built into your SDLC, you use, where possible, development methods that are less prone to mistakes, and that your services are running with minimal privileges and limited access to the OS.An attack vector through an application has a multitude of dependencies to be successful. I am not saying it's impossible, but if there are vulnerabilities that big in your outward-facing servers, you were in trouble regardless. Go fix those problems first.

Are your VMware admins irresponsible miscreants who can't be trusted to run your operations?
If the answer is yes, whoever hired them should be fired, along with the miscreants, now. Right now. Run, don't walk to HR and can 'em. If you can't trust your employees to act responsibly, then you have bigger problems than some leaked software and any potential vulnerability that may arise from it.

There should only be a handful of ways that an attacker can even get access to your hypervisors, including physical access. Your IT department should be aware of the problems that bringing in laptops, USB keys, and other devices into the data center (or anywhere) could carry malware with them.

Are your VMware hosts running versions dating back to the 2003-2005 time frame?
If the answer is yes, then go find a crowbar, pry open your wallet, and cough up the dollars for new software. Or go install a free alternative like VMware ESXi, VirtualBox, or Xen. Running 8-year-old software is just not a good idea for anyone, anywhere, or anytime.

I don't want to downplay the significance of leaked software and the potential advantage that it gives a savvy attacker, but access to the source code doesn't mean it's game over, either. Think of the context within which your VMware hypervisors run. A well-run data center should be resilient to attack regardless of what the attacker knows. You have plenty of security tools and processes that can address nearly every situation and lessen the likelihood of a successful attack.

PS: I don't think cloud/hosting providers that rely on VMware's software are at great risk either. Hopefully they have robust security programs in place to protect against attackers that are both external as well as paying customers.

For the third installment of our examination of the current state of the virtualization market, after licensing and VMware competition, we take a closer look at the new virtualization paradigm in town, 'software defined networking', also known as 'network virtualization'. Names aside, it’s a technology that promises to be the next big thing for IT organizations, networking vendors and virtualization vendors alike.

In reality, the hype behind Software Defined Networking (SDN) started roughly a year ago with the creation of the Open Network Foundation (ONF), which was founded in 2011 by Deutsche Telekom, Facebook, Google, Microsoft, Verizon, and Yahoo! as a nonprofit organization. The goal was to rethink networking, and quickly bring to market standards and solutions.

ONF is promoting the OpenFlow communications protocol as the heart of a SDN. OpenFlow was released as an industry standard at Interop Las Vegas 2011, and has since found its way into many vendors’ physical Ethernet routers and switches, virtual switches, and access points. Development of the OpenFlow standard is now managed by the ONF.

What makes SDN Important?
In a software-defined network, switches and routers take some form of direction from a centralized software management element. In the context of OpenFlow, the control plane is abstracted from the data forwarding plane. A centralized controller, which maintains a real-time, holistic view of the network, defines network paths as 'flows' and distributes this flow data to individual switches and routers. With these flows, the controller coordinates the forwarding of data across all network devices, enabling the automation and granularly managed dynamic provisioning necessary in virtualized environments and cloud networks.

SDN is certainly maturing, notes Eric Hanselman, research director for networks at The 451 Group. "People are actually starting to apply software-defined networking broadly, and OpenFlow [specifically], to solve some real-world problems," he says. "There are real applications where SDN provides some specific benefit.”

The Near Term
In a speech given at the October 2011 Open Networking Summit at Stanford University, Jonathan Heiliger, who helped found ONF and recently resigned as Facebook's VP of technical operations, said that the migration toward software-defined networks will move faster than carriers' migration to IP (Internet Protocol) in the late 1990s. He claims that vendors and network administrators are starting to embrace SDN, driven by the need for network operators to have more control over their infrastructures and be able to customize them more for their own needs.

Heilgler thinks that just as the telecommunications industry once moved to IP from specialized systems such as ATM (Asynchronous Transfer Mode), it will adopt SDN in place of unique network architectures for each vendor. Adopting a common standard for SDN will help vendors to compete, just as IP did, but it will also help carriers deploy new services and even allow their enterprise customers to implement services between their own sites over the carrier network, he said.

Because of those motivations, the migration to SDN will take less time than the gradual move to IP, which took several years, Heiliger said. But it won't begin for another 18 to 24 months, he added. The entire software stack for SDN needs to mature first, he said.Heiliger explained that with OpenFlow a programmable controller is in charge of determining routes and priorities throughout a network. The controller implements the network configuration and settings via flow tables that reside on the switches in the network. OpenFlow is the common protocol for communication between controllers and switches from various vendors.

However, Heiliger also pointed out that the proprietary firmware in networking gear today constrains network operators, forcing them to integrate each vendor's technology into the network. "If I want to have a network management system, I have to figure out how to program my network management system to access the Cisco box versus a Juniper box, versus some other third-party box," he said.

Likewise, the firmware in networking gear today constrains network operators, forcing them to build 'wrappers' in their management software for devices from different vendors, he said. For example, to make sure a packet traverses the network with a certain quality of service, administrators need to make sure that the variables on a wide variety of gear are set correctly. They should be able to have that packet sent in the desired way without regard for the underlying network, he said.

"I don't want to have to worry about it. I want another intelligent piece of software to have to worry about it," Heiliger said.

More SDN choices on the horizon
The ONF doesn’t have the only game in town. Other vendors and IT businesses are looking to work together to establish SDN products. VMware, one of the leaders in virtualization technologies, doesn’t want to miss out on the potentially huge market that SDN offers and has recently teamed up with Stanford and Berkeley to create an industry consortium around SDNs, called the Open Networking Research Center. That consortium includes CableLabs, Cisco, Ericsson, Google, Hewlett-Packard, Huawei, Intel, Juniper, NEC, NTT Docomo and Texas Instruments as its founding sponsors. That ensures that VMware will have the technical support, collaboration and vendor interactions to create alternatives to OpenFlow.

VMware’s movement into the SDN market clearly shows that the vendor is interested in developing the software, standards and relationships to create SDN products, which will transform into a virtualization based ideology, perhaps with the moniker of Virtual Networking Platforms. Alternatives and competition will prove to be important in the SDN market, since it will fuel adoption, innovation and create more choices for customers.

What VMware is to virtualization, Cisco Systems is to networking, and it has its own plans for network virtualization, including a 'spin-in' called Insieme, an internal startup that would develop SDN technology. It has received $100 million in funding and could receive up to $750 million.

Learn more about IT Pro Impact: VDI in the Cloud by subscribing to Network Computing Pro Reports (free, registration required).

The Network Professional Association will honor the achievements of two of their peers at next month's Interop event in Las Vegas. Professor Tadao Saito, CTO Toyota, is receiving the Best Networking Professional – Career Achievement Award for his lifetime work in a variety of areas related to digital communication and computer networks, and Ravikanth Chaganti is getting the Top of the Mark – Volunteer Award for his efforts in the Bangalore, India IT community.

NPA was established in 1991 to promote professionalism in the networking community, with more than 19,000 members in over 50 countries, says Richard Kelley, Chairman of the Awards for Professionalism, and Vice-Chair of the association. He says the award to Tadao Saito is significant.

“We consider this a global hall of fame award. It represents the highest award in the industry.”

Kelley says Saito was selected because of his work in the communications and computer industries. Chaganti is being recognized for his significant contributions volunteering in the Asian region.

Saito is considered a pioneer, inventor, researcher and innovator, whose achievements include the invention of digital switching that laid the foundation for all digital communications, including voice communications and the Internet. He earned his first patent in 1964 on digital time division switching networks, and invented both Time-Space-Time and Space-Time-Space time division switches which are the core technology for time division (TDM) telephone switching systems globally used since 1975. In addition to being the Japanese representative for the International Federation for Information Processing (IFIP) General Assembly and Technical Committee 6 (Communication Systems), Saito is a life fellow of the IEEE and honorary member and life fellow of the IEICE.

With more than a decade of experience in the IT industry, Chaganti is a valued volunteer in the Bangalore IT community, and was instrumental in making the Bangalore IT Pro user group (http://bitpro.in) a success. The Dell Inc. staffer joined the user group in 2009 and became one of the four leads. A Microsoft Windows PowerShell MVP for the last two years, he has authored several technical articles, along with two very successful free e-guides, and a regular blogger (http://www.ravichaganti.com).

The annual NPA Awards for Professionalism program, sponsored in conjunction with Interop, Microsoft, GITCA, Cisco Press, Windows IT Pro and Agile IT, was launched at Interop Las Vegas in 2002. The association will be exhibiting at Interop, recruiting members and beginning the evaluation process for next year's set of awardees. For more information, visit here.

Learn more about Research: 2012 IT Salary Survey: Executives by subscribing to Network Computing Pro Reports (free, registration required).

Dell is previewing news it will be making at the Interop Las Vegas 2012 networking convention next month by introducing its first 40-gigabit Ethernet (GbE)-enabled blade server switch. This will be the centerpiece of its Virtual Network Architecture (VNA) portfolio of products for virtualizing, automating and orchestrating networking functions in its version of software-defined networking (SDN). In fact, Dell is also announcing interoperability of VNA with technology from Big Switch Networks, which makes a controller that delivers instructions to switches and routers in an SDN environment.

The Dell Force10 MXL 10/40GbE blade switch, the latest member of the Dell PowerEdge M1000e blade family, features what the company calls “Ethernet stacking technology,” which enables six switching modules within one enclosure or multiple enclosures to be managed as one logical device. The blade switch also speeds up east-west switching -- in which data flows from one virtual machine to another, within a physical server or between them -- by avoiding the path in which data moves out of the server, through a top-of-rack switch, to get to another server, says Arpit Joshipura the head of networking product management and marketing at Dell, who held a similar position at Force10 Networks until it was acquired by Dell in 2011.

The VNA portfolio has its origins in Force10, he says, and was unveiled by Dell, along with the M1000 blade line and other new products, in February. While Big Switch Networks offers a network controller that is key to SDN, VNA is a broader SDN solution, including virtual network and fabric management, automation, orchestration and policy control.

The VNA environment also extends to the virtual network programming level where it interoperates with the Dell Advanced Infrastructure Manager (AIM) product, but also with Oracle Enterprise Manager. And on the network services side, VNA supports WAN optimization, firewalls and load balancers from companies such as SilverPeak, F5 Networks and SonicWall, which Dell acquired in March.

“This is how a workload-aware network will look like in the future,” says Joshipura.

Although 40GbE products are just now gaining traction in the networking equipment market, Dell has taken an early lead: In the fourth quarter of 2011, it was the 40GbE market share leader ahead of IBM and Extreme Networks, according to Dell’Oro Group research.

Dell also announced the new Dell Fabric Manager product for configuring, managing and monitoring Dell Distributed Core deployments in data centers. It also introduced version 5.0 of the Open Manage Network Manager, a single network management console for Dell networking platforms in branch, campus and data center networks.

Learn more about Fundamentals: Understanding Flat Networks by subscribing to Network Computing Pro Reports (free, registration required).

Broadcom has introduced a new line of 100 gigabits per second Ethernet (GbE) switch processors that allow end users to reprogram them to add new functionality to the switch and support new protocols as they come along. The BCM88030 network processor unit (NPU) can be deployed in switches in the Internet backhaul layer after traffic is aggregated from the access layer, be it at the base station of a wireless network or where multiple end points on an ISP’s wired network come together at “the on-ramp to the Internet, if you will,” says Nicolas Tausanovitch, senior product line manager at the company's infrastructure and networking group.

Internet backhaul switches are being asked to handle exponentially more traffic than that on typical data center or enterprise networks, he says. While those networks are gradually transitioning from 1GbE connectivity to 10GbE, to 40GbE and eventually 100GbE, most service provider and Internet backhaul networks are going to completely skip over the 40GbE step. A forecast from Infonetics Research predicts a compound annual growth rate (CAGR) of 170% in the number of 100 gigabits per second (Gbps) ports deployed through 2016.

Infonetics released a survey in January of service providers and their 40G/100G deployment plans. It showed that the top three reasons operators are deploying higher-speed 40G/100G equipment are to lower the cost per bit for new transmission, gain superior performance and to lower incremental equipment costs. Also, most respondents indicated that 40G, if they are deploying it, is only a short-term solution and that they will move the majority of installations to 100G once those products are more widely available.

NPUs from Broadcom and other vendors already feature programmability so that functionality can be added and new protocols can be supported as they are developed. A “fixed-function” device would be too expensive to replace with one with new features, says Tausanovitch. But what’s new with the BCM88030 is that it includes a microcode development environment, which is essentially a software development kit, so the end user can reprogram the processor.

“In the past ... if a customer needed to change the functionality, they could ask us to customize the software and provide it to them. But the tools that we used were not at all user friendly,” he says. “What we offer here is the ability to have a programmable device that users can reprogram to address new protocols.”

The BCM88030 family features 64 custom processors running at 1GHz, delivering what Broadcom says is more than twice the throughput of any other NPU on the market. The 100Gbps processor can be mixed in with 1Gbps and 10Gbps processor in a network line card as the customer sees fit. The new processor eliminates costly external components, dramatically reducing system cost and power consumption by up to 80% per port.Network traffic growth is driven by many factors including the transition of wireless carrier networks to 3G and 4G speeds, dramatic growth in the number and capacity of end point devices such as smartphones and tablet computers, demand for greater bandwidth for consumer Internet users for video streaming as well the need for enterprise cloud computing.

Last November Brocade claimed the world's largest single-site deployment of 100GbE in a research institute, Janelia Farm Research Campus, improving efficiency by 50%. Two months ago Cisco introduced 100GbE capabilities on its Nexus 7000 switch line for data center and service provider networks

Broadcom cites industry research that by 2015, 1 million minutes of video content will traverse the network every second, that between 2011 and 2015, global mobile data traffic will increase 18-fold, and that the number of devices connected to IP networks will become two times larger than the world’s population by 2015.

While service provider networks need a 10-fold increase in speed from 10Gbps to 100Gbps, service provider network resources aren’t growing at the same rate, says Tausanovitch. “They’re not getting an order of magnitude more rack space in the service provider central office, and they’re certainly not getting an order of magnitude more budget or 10 times more power, so the service providers are being squeezed.”

According to news reports, other NPU vendors that have introduced 100Gbps processors include Xelerated, of Sweden, which announced production of its HX family of processors in September 2011. PMC-Sierra introduced a 100Gbps processor in January 2011. Alcatel-Lucent, meanwhile, introduced a 400Gbps NPU in June of last year.

Learn more about Strategy: LTE: Huge Technology, Huge Challenges by subscribing to Network Computing Pro Reports (free, registration required).

Kemp Technologies is unveiling the successor to its flagship LoadMaster 5500, the newest addition to its family of load balancers and application delivery controllers. The LoadMaster 5300 appliance delivers faster processing, throughput and double the concurrent connections while continuing the Yaphank, N.Y.-based company’s focus on combining performance and price for small and medium-sized enterprises.

Jonathan Braunhut, Kemp’s chief scientist, says the LoadMaster 5300 was designed based on feedback from users. “Our customers have really shaped this product.” One notable feature, he says, is the two 10-gigabit ports that come standard. The 5300 is also smaller than its predecessor, with its more compact 1U rack space footprint.

The new appliance features several performance improvements over the 5500, among them a 10% increase in requests per second, a 45% improvement of max balancer throughput at 8.8Gbps, and double the number of Layer 4/Layer 7 concurrent connections. The LoadMaster 5300 also uses significantly less power, and comes with standard dual power supplies – redundant and hot-swap.

Braunhut says keeping support costs down and reducing the complexity of deployment has been a key focus since Kemp’s inception in 2000; the LoadMaster 5300 comes with a year of support. He says the SME market has been traditionally underserved, and there’s also been some demand from departments within Fortune 500 companies – some large enterprises are deploying Kemp’s LoadMaster appliances for application-specific scenarios. For example, the 5300 increases optimization for Microsoft Lync and Microsoft Exchange.

He says Kemp is often confronted by enterprises that have already made significant investments in more complex products such as those from F5 Networks, but that there are many organizations that don’t have the staff required to deploy bigger solutions.

Tracy Corbo, principal research analyst at Enterprise Management Associates, says Kemp serves enterprises that are looking to strike a balance between great functionality and affordability. “The price point is ideal for SMEs.

“Something like F5 is really feature-rich,” she adds. “We’re all so tech savvy we tend to over purchase.” And while it’s important not to compromise feature set for price, the IT departments of most organizations are resource-constrained, she says. “They really need something that can be deployed quickly and do the job without breaking the IT budget.”

Corbo says Kemp’s LoadMaster 5300 scales well and enables the company to push up market as IP traffic continues to grow. “It’s nice to find a product that’s feature rich at this price point.”

In January Brocade introduced an application delivery controller, the ADX 12.4, that enables service providers to build customized versions of network applications using the open-source Perl programming language to deliver networking capabilities unique to their needs. A couple of months earlier application delivery and security specialist Radware broke 'new ground' in virtualized application deliveryby leveraging the concept of a virtual ADC (vADC) resource pool across both single and multiple data centers, transforming physical ADCs from "units" or devices into services, regardless of the underlying computing resources.

The new LoadMaster 5300 will be shipping at the end of April and is priced at $15,990.

Learn more about Buyer's Guide: Cloud Storage, Backup and Synchronization Vendor Responses by subscribing to Network Computing Pro Reports (free, registration required).

Big data is a term getting bandied about a lot these days for the phenomenon of information that keeps growing in organizations, thanks in part to the growth in social media. According to InformationWeek’s Research: The Big Data Management Challenge survey of technology professionals, regardless of industry, the five top data drivers are financial transactions, email, imaging data, Web logs and Internet text and documents.

“If you’re creating large data sets, you have no choice but to embrace big data management,” says Michael Biddick, CEO of Fusion PPT, and author of the IW report.

“Without the right tools and architectures, your business won’t be able to effectively use the information it has collected.” The two main benefits of big data management are being able to standardize procedures and services, and the ability to organize data in a way so it can be searched, browsed, navigated, analyzed and visualized, according to survey respondents.

However, big data management has its challenges: 57% of respondents also noted that budget constraints are the main barrier in preventing them from taking action. Biddick points out that storage alone can quickly consume an enterprise budget and most data centers double their storage capacity requirements every two to three years. “To manage big data, companies need to figure out the right mix of policies and technologies to balance access, performance with capacity, security and short and long-term costs,’’ he says.

And what even constitutes big data is not easy to define, Biddick says. There are four elements that are required for a data set: the size—he says 30 TB is a good starting point; second is the type of data, whether structured, unstructured or semi-structured; third is latency, since big data changes rapidly and new data sets that result need to be analyzed quickly; and the fourth is data complexity. The characteristics of complex data, says Biddick, include large single-log files, sparse data and inconsistent data.

According to a recent study by the Enterprise Strategy Group--which defines big data as data sets that exceed the boundaries and sizes of normal processing capabilities, forcing organizations to take a non-traditional approach--the cure can be almost as painful as the problem. Managing big data is an issue because the platforms are expensive and require new server and storage purchases, training in new technologies, building up an analytics toolset, and finding people with the expertise in dealing with it.

Another study from Infineta Systems, a provider of WAN optimization systems for big traffic, found that data center-to-data center connectivity is a "silent killer" for big data deployments. And a third recent study from IDC, IDC Predictions 2012: Competing for 2020, said big data analytics technologies will be one of the driving forces for IT spending through 2020.One of the challenges of big data is real-time processing, especially in dynamic data environments such as financial trading and social media, Biddick says. “Many queries are difficult to pre-compute and too intense to compute in real time on a single machine. Traditionally, you have to do an approximation to keep the cost of such a query down.” He says that Storm, open-source software from BackType, which Twitter bought last summer, does distributed real-time processing of information that enables Twitter users to track trends and figure out how many unique people see a tweet.

“Storm’s architecture uses distributed remote procedure calls so as you run a processing topology, it implements the RPC function and waits for RPC invocations,’’ notes Biddick. “An RPC invocation is a message containing the parameters of the RPC request and information telling Storm where to send the results. The topology picks up messages, does the necessary computations in parallel on several machines and returns the results to the request originator.”

He says Storm’s distributed, fault-tolerant approach operates at a higher level of abstraction than message queues. Yahoo’s S4 and Amazon Web Services take similar approaches, Biddick adds. And AWS is developing a stream processing capability that it says will process more than two million records per second at launch and eventually will scale to handle more than 100 times that traffic. The company describes the platform as providing near-real-time, highly available and reliable data processing.

Another issue companies need to think about is not only storage of big data, but the ability to access it—and quickly. “Before thinking about big data architectures, make sure your data policies are clear and accepted throughout the organization,’’ advises Biddick. “They must define the types of data that will be stored, for how long, how quickly you need to access it, and how it will be accessed. These policies will form the basis of storage governance and help define your technology requirements.”

Without this foundation, he cautions, companies will end up throwing storage dollars at problems and end up with a depleted budget, underutilized technology and an inability to plan for future growth. “Big data management,’’ says Biddick, “is challenging enough without worrying about whether you’re managing the right data set.”

Learn more about Research: The Big Data Management Challenge by subscribing to Network Computing Pro Reports (free, registration required).