Internet Network Security Blog

Information systems and communications security vendor Thales has integrated its nShield hardware security module (HSM) with the Infoblox DNS platform to provide customers with simple deployment of Domain Name System Security Extensions (DNSSEC), a security protocol designed to protect the Internet from attacks like cache poisoning.

Adoption of DNSSEC within the enterprise has been slow, and according to Cricket Liu, VP of architecture at Infoblox, enterprises have run out of excuses to adopt the technology. The threats DNSSEC protects enterprises from are very real and getting worse. Liu says now is the time for enterprises to start deploying DNSSEC, which is where Infoblox and the Thales nShield integration can help.

"The threat of cache poisoning is very real. We've seen cache poisoning attacks out on the Internet. The consequences are very serious," Liu says. Cache poisoning (also known as DNS poisoning) is a form of attack that corrupts a domain's DNS and replaces it with another DNS, pointing potential victims to a site that looks very much like the one they're trying to reach but that has malicious ends in mind.

DNSSEC has been gathering momentum fast, but it's on such a small base that adoption is still almost non-existent. According to the sixth annual survey of the DNS infrastructure, adoption soared 340% last year. However, the number of zones that have been DNSSEC-signed is only 0.02%, and almost a quarter of them, 23%, failed validation due to expired signatures.

For a long time, businesses of all sizes have been waiting for top-level zones and root zones to deploy DNSSEC. Since the technology works only with a top-down deployment approach (starting with top-level domains such as .com, .net and .org), there was no sense in an enterprise deploying it except for internal use, says Richard Moulds, VP of product management and strategy at Thales e-Security.

"Virtually all of the top-level domains have stepped up to use DNSSEC," Moulds says.

DNSSEC has moved down the stack and is now starting to see early adoption by ISPs. ISP Comcast announced the completion of its DNSSEC deployment in early January. As the largest ISP in the United States, its adoption of DNSSEC sets a precedent that others are sure to follow, Liu says. He compares Comcast's adoption of DNSSEC to GoDaddy's full deployment of IPv6 in 2010, which caused the adoption rate of Ipv6 to explode from 1.5% to 25% of the market in a single year.

Uptake in the enterprise has been incremental so far, and some businesses (particularly those with websites that process financial transactions and those that fall under various regulatory and compliance requirements) are starting to take notice of DNSSEC. Depending on the type of business and the function of the individual enterprise's website, interest in DNSSEC can be high or low.

There are still a few hurdles to overcome in the deployment of DNSSEC, but some of them are more easily dealt with than others. For instance, not every domain name registrar yet supports DNSSEC, but Liu notes it's a simple process to move a domain name from one registrar to another. In time, support for DNSSEC could be a competitive advantage in the domain name registrar business, he believes.

As enterprises do begin to adopt DNSSEC, which Liu expects to happen more frequently this year, they will look for the easiest way to deploy it. Although IT administrators could do all the work manually, companies like Infoblox present an automated solution to the configuration problem.

When Infoblox systems are used with Thales nShield HSM, customers achieve the benefits of having all cryptographic processing and protection of critically important signing keys for validation of the integrity of DNSSEC-protected records, which Moulds says significantly reduces cache poisoning vulnerability.

"This is a big step that the Internet community has taken to strengthen DNS, which is one of the weakest elements of Internet security," Moulds says.

Learn more about Research: Physical and Logical Security Convergence by subscribing to Network Computing Pro Reports (free, registration required).

A few years ago, Brad O'Neill, then an analyst with the Taneja Group, coined the term FAN (file area network) to describe a virtualized file storage system. Organizations that build FANs that integrate multiple heterogeneous file stores presenting a single unified, optimized name space should be able to save a significant amount of time, effort and money. The collapse this month of AutoVirt is just another example of how this promising technology has never gained any traction with paying customers.

Having spent much of my career bringing order to the chaos of mismanaged SME data centers, I've been excited by the idea of FANs ever since I saw a demo of the Z-Force switch, which not only distributed files across multiple file servers but distributed data RAID-like across multiple filers so a dozen little one-drive SNAP servers could deliver 1,000 IOPs.

After all, a FAN would let me transparently migrate data from an old NAS to a new one, even as users access the data. Without a FAN, migrating several million files from one NAS system to another, especially if the new NAS is from a different vendor, is a major project involving late nights running ROBOCOPY while the users are locked out of their stuff.

Even better, a FAN can consolidate files from multiple departmental file servers to a new file store while preserving their UNCs. That way, all the embedded links in the spreadsheet from hell that accounting uses to close the quarter will still work even though we've long retired the file servers called HAN and CHEWIE. The FAN's global name space also means the FAN can spread data across multiple file stores while it looks like a single big filer.

Finally, I can run a policy engine in the FAN that puts the low-value data, like the home directories of all the folks that no longer work at FunCo, on a low-cost tier device that won't need to be backed up as frequently as the active data stores.

Despite all those advantages, sales of FAN systems have been exceptionally unsuccessful. Even if we don't count data classification/ILM vendors like Abrevity and Scentric, the graveyard of FAN companies is well populated. Several tried the hardware approach, building server/switches that sat in front of file stores--Z-Force, Attune, which was built from the ashes of Z-Force, NeoPath Networks, which was bought by Cisco and immediately shut down, and Acopia, which was acquired by F5 to create its last-man-standing ARX file virtualization platform. EMC bought Rainfinity and basically gave it to its professional services group to use during migration projects. Rainfinity's tech recently reappeared in EMC's Cloud Tiering Appliance, which FAN-like migrates data to a storage cloud. AutoVirt isn't the first FAN software vendor to go to boot hill, either. NuView's StorageX was snapped up by Brocade in one of its early attempts to diversify beyond Fibre Channel, but it lasted only about a year as a Brocade product.

In AutoVirt's short life (the company was founded in 2007), it used its reported $25 million in venture money to develop AutoMigrate, a migration tool, and AutoManage, a full-blown policy-driven FAN implementation. Unfortunately, the company never sold enough software to make money and is going to the FAN graveyard.

ESG's Steve Duplessie blogged that AutoVirt's crucial mistake was targeting Windows file servers and their data. That meant that their tools made life easy for the Windows admins, and no one in management was going to spend money for that. He may be right.

Have you considered a FAN? If so, what kept you from pulling the trigger?

Disclaimer: Josh Klein and Klavs Landberg of AutoVirt spent a few of those VC dollars to buy me meals and drinks. Brocade and EMC are clients of DeepStorage. The rest of the companies mentioned are dead.

If IT security professionals think that by securing Port 80 on their network -- the firewall port through which Web traffic passes -- that they are protected from Web application-related threats, they need to think again, according to a new report from a network security provider. The latest "Applications Usage and Risk Report" from Palo Alto Networks discloses that 35 percent of the Web applications and 51 percent of the Web traffic in enterprises does not traverse Port 80.

"There are some risky applications in there," warned Matt Keil, senior threat analyst at Palo Alto Networks, including ones that enable remote access to a computer or that enable file-sharing. "The focus on Port 80 is absolutely a requirement, but too much of a focus on it is short-sighted." The risk to enterprise networks increases as companies use more Web-based applications and as companies use more social networking apps that are delivered over the Web, such as Facebook, Keil said.

The report is based on an analysis of the actual aggregate network activity of 1,636 Palo Alto Networks customers globally. The monitoring tracks all the applications used on each network -- whether in a traditional client-server environment or, increasingly, via the Web -- the amount of bandwidth consumed, and other factors. Each of eight reports the company has published over the last four years analyzes the previous six months of network activity; the latest report covered the six months ending in November 2011.

The report showed that only 25 percent of applications and 32 percent of all traffic used Port 80 exclusively, while another 41 percent of applications and 17 percent of traffic used Port 80 sometimes but also other ports, a practice called "port hopping".

Palo Alto Networks is a provider of what is called a next-generation firewall, technology that delivers application, user and content-based security for corporate networks. The company was identified as a "leader" in a December 2011 Gartner "Magic Quadrant" report identifying key players in the next-gen firewall market, along with competitor Check Point Software Technologies. Other players identified as "challengers" in the space include Cisco Systems, McAfee and Juniper Networks.

The risk to networks of Web-based apps is driven in large part by business use of social networking sites such as Facebook and Twitter. A conclusion we also found in Rebooting the Antisocial Network.

Initially, most enterprise use of social networking was "voyeuristic," said Keil, in that employees merely viewed content on those sites. The latest report reveals more active use of social networking for posting content, downloading Facebook apps and games and installing Facebook plug-ins. This happened as companies developed business uses for Facebook, he said, citing examples of heavy equipment maker Caterpillar using Facebook to communicate with dealers, or the Ford Motor Co. loaning several of its new Focus compact cars to drivers and inviting them to post their experience with the cars on Facebook. Twitter use soared to 22 percent in the latest survey from 3 percent in the year-ago survey.

While the use of social media by its clients is likely a mix of business and employee personal use, the company is still taking on increased risk, Keil said.

"Social networking has trained the user community to be far too trusting," he said. "Cybercriminals have figured that out."

Also increasing risk is the wider adoption of file sharing on corporate networks, through such services as Box.net or Dropbox, to share files with employees working from home, for example, he said.

Palo Alto Networks was sharing the results of one analysis with a customer and noted that a number of employees were circumventing corporate security policy to run a utility called "remote desktop protocol" on a non-secured port to remotely manage servers or PCs. Keil said some of the offending employees were in the room when the presentation was being made.

"It was somewhat uncomfortable for those folks," he said.

Learn more about Rebooting The Antisocial Network by subscribing to Network Computing Pro Reports (free, registration required).

As more consumers prowl store aisles equipped with smartphones, retailers have multiple reasons to want to harness the capabilities of these user endpoints for their own benefit. Nearbuy Systems is bringing an interesting tool set to merchants that should also benefit tech-savvy shoppers with its new Captive Portal and analytics utilities.

Nearbuy Sytems is a relative newcomer to the technology world, and is interested in the sweet spot where retail can benefit from the proliferation of smartphones across the private consumer space. I've talked with Nearbuy CEO and co-founder Bryan Wargo in the past about his company's location-based mobile shopping apps (including ridiculously accurate in-store device tracking that presents various sale offers based on where a shopper is standing on the sales floor), but Nearbuy's new Captive Portal offers functionality to both large retail environments and those too small to be interested in location services.

The premise behind Nearbuy's new in-store guest wireless offering is simple. I log into the store wireless network through a simple captive portal, and as I use my smartphone while shopping, my activities are being logged. Add that data to my activities on different days or in a merchant's other branches, and trends can be gleaned. Combine my usage information with that of other shoppers in an easy-to use analytics UI, and large data sets will hopefully yield valuable information about what consumers are actually buying or not, and what websites are being used for comparison shopping from the store's own network.

Citing predictions from Forrester Research and Deloitte, Wargo believed that about 25% of all North American big-box retailers were offering free Wi-Fi access to consumers by the end of 2011. Wargo also noted that through 2014, 90% of all retail transactions are still expected to occur in-store, but with more than half of these being influenced by what multichannel consumers see on the web about their intended purchases. Considering that smartphone sales continue to skyrocket and that pending family data plans may get even more consumers into the Nearbuy target demographic, things get interesting in this unique space.

After explaining the why, Wargo took me through the how of Nearbuy's analytics framework. One of Nearbuy's major selling points is that it leverages a store's existing WLAN, whether it be a one-access-point Starbuck's or a big building supply house with many APs. Nearbuy provides an add-on captive portal appliance (or a software enhancement to existing Motorola NX appliances) in each store. The Captive Portal is shoppers' front door to free wireless in the store. They can typically log in with an email address or social media credentials, and once terms of usage are accepted, the Nearbuy-enabled consumer connectivity experience is off and running.

While Wargo says that no sensitive consumer data or credit card information is passed through or stored on Nearbuy servers, target offers and other enticements specifically aimed at store wireless users can be leveraged to get shoppers to opt in. Each store pipes a range of analytically significant data off to Nearbuy's data center for aggregation, including types of devices used, activity history, Web traffic volume, top products browsed and purchased both in store and online, dollar values of items purchased, and more.

Nearbuy Systems certainly taps an interesting opportunity with an impressive utility suite, but there are a couple of points that Wargo yielded as we discussed the merits of his new baby. Some smartphone users simply leave the Wi-Fi side of their devices off most of the time in favor of their data plans. And then there are hit-and-run consumers who simply don't want to fish their phones out of their pockets while they shop, as it can lead to more time in a store than they might really want to spend. (I consider myself to be somewhere in the middle of both of these.). Then there are the feature-phone-only folks who simply can't get online from their device. Nearbuy has nothing to offer any of these groups. Regardless of those who can't, or by choice, won't use Nearbuy-enabled wireless, Wargo knows that the retail space is certainly evolving.

Will enough merchants and consumers buy in to make Nearbuy viable? Time will tell. Meanwhile, you can get a demo of the Nearbuy System's Captive Portal and a peek at the company's analytics capabilities at http://www.youtube.com/watch?v=XG05jJIatWA

Disclaimer: Lee has no business relationship with Nearbuy Systems

Big Switch Networks, a new vendor in the nascent, but growing field of OpenFlow-based networking, has introduced an open source controller for companies that want to build applications on top of the controller in an environment where the network intelligence is in the software-based controller rather than in the physical hardware of routers and switches. Big Switch, which also has a commercial controller offering in beta release, said it is offering the open source controller, called Floodlight, to stimulate development on the OpenFlow protocol.

"We did a public open source [announcement] just because we wanted to add fuel to the fire," said Kyle Forster, co-founder of Big Switch. "By open sourcing it and being very pubic about it, this will really knock [users] over the wire to say, 'We've been playing with this for a while, let's commit a product team for this area.'"

OpenFlow is the name for the protocol behind this controller layer in a stack that comes between the data layer, made up of Ethernet and Fibre Channel switches moving data across a network, and the application layer in which software programs run. The controller layer assigns paths for data to travel in a way that is more efficient than when individual routers and switches manage traffic. OpenFlow enables what IT experts call the Software-Defined Network.

Big Switch is releasing the Apache-based open source Floodlight tool because it wants to move controller development this year from the test phase to live deployment, said Forster.

"It's going to be an exciting year. Most of the products in these tiers are still in beta and 2012 is going to be the year when a lot of them click over to the 1.0 state," he said.

Big Switch operates in the data layer, controller layer and application layer, but takes different approaches to each, Forster said. The company operates in the data plane solely in partnership with other companies, operates exclusively on its own in the controller layer, and while it is building its own apps for the application layer, it is also working with partners to develop their applications to run on top of the Big Switch controller layer.

A conference on OpenFlow in October 2011 at Stanford University provided an opportunity for Big Switch to introduce itself and for major networking vendors such as HP and Cisco Systems to explain the work they are doing on the technology. Much of the preliminary research into the OpenFlow protocol was done at Stanford.

SDN technology that is based on OpenFlow has potential to help networks run more smoothly and efficiently -- especially in cloud and virtualized environments -- because network administration is made easier and more dynamic, IT managers don't have to manually reconfigure switches and router, and if intelligence is on the software instead of in the hardware, that hardware can be "fast but dumb commodity devices," writes Greg Ferro, a consulting network architect and senior engineer/designer, in a report released this month by Information Week, a sister publication of Network Computing.

While the use case for SDN with OpenFlow is compelling, the technology is still in its infancy, Ferro writes.

"SDN and OpenFlow are little more than promises at this point; while several networking vendors support OpenFlow, and startup Big Switch Networks has an Open-Flow-based controller in a beta release, the protocol is still in its infancy. And once SDN and OpenFlow become tangible, the controllers will have to prove their capability and reliability before they can expect widespread adoption," he stated.

Learn more about OpenFlow vs. Traditional Networks by subscribing to Network Computing Pro Reports (free, registration required).

Businesses need to begin moving now to the IPv6 standard for Internet addresses from the IPv4 standard because IPv4 addresses are running out quickly, states The Internet Society (ISOC). It says while businesses that operate Web sites are more aware about the coming IPv6 standard than they were a year or so ago, they need to start planning for the transition in 2012. To accelerate the transition, the group is introducing a Web portal, called Deploy 360, to better inform companies of what they have to do to prepare.

"We're engaging the audience that we know needs the deployment information to help them move forward with their deployments, said Richard Jimmerson, a member of ISOC and director of Deploy360. "And we're working with the group of individuals who have already deployed that we consider the first adopters of the new standards in technologies."

The portal has content with advice on how to deploy IPv6, best practices from the experience of early adopters, promotion of IPv6 through social media and hosting workshops and other events to provide training, Jimmerson said.

The IPv6 standard was created by the international Internet Engineering Task Force (IETF), a standards-setting body for Internet technical standards, Because of the explosion of the Internet since the 1990s and the creation of millions of Web sites globally, the supply of IPv4 addresses is running out. The IPv6 protocol offers considerably more combinations of IP addresses.

"We all know that IPv4 was never intended for the global commercial Internet," Jimmerson said.

Vendors of domain name systems services and appliances are also providing outreach to inform customers about IPv6, but even they admit a vendor-neutral organization such as ISOC may have more credibility.

"There are certainly some people out there who view any efforts by any vendor with a degree of suspicion," said Tom Coffeen, IPv6 evangelist for Infoblox, a provider of network infrastructure automation software and hardware. "ISOC has the advantage that they're neutral and I think that they're a fairly trusted organization."

Nonetheless, Infoblox has its own public education campaign about IPv6, which it calls its Center of Excellence, in which Coffeen and other Infoblox people hold webinars, host workshops and make other appearances to inform customers of the need to prepare for IPv6. One webinar drew about 1,000 visitors and a public event in Tokyo drew 200.

The sense of urgency to adopt IPv6 is that the supply of IPv4 addresses in the Asia-Pacific regions is essentially exhausted, said Cricket Liu, vice president of infrastructure at Infoblox. The supply of IPv4 addresses in Europe is expected to run out by summer while North America has a little bit more time as its supply is expected to run out by the summer of 2013.

Large Internet companies such as Google are already deploying IPv6 as are Internet service providers and telecommunications carriers, While many more companies are going to have to purchase new equipment to deliver new Web content on IPv6, some of the equipment currently on the market supports both protocols, said Coffeen. And companies do not need to rip and replace their IPv4 networks with IPv6. Instead companies will operate a "dual stack" system where IPv4 and IPv6 networks will run in parallel.

ISOC's Jimmerson said that awareness about the need to start planning for IPv6 was raised considerably on June 8, 2011, which ISOC declared IPv6 Day.

"Awareness is increasing rapidly," Jimmerson said. "I think that it's much better this year than it has been in previous years."

Learn more about Navigating E-Banking by subscribing to Network Computing Pro Reports (free, registration required).

When evaluating which company to buy their networking equipment from, business IT buyers say their top priorities are product reliability and performance, ahead of acquisition or operating costs and well ahead of product innovation, according to a survey of IT professionals released this week.

On a scale of 1 to 5 (1 being least important and 5 most important) survey respondents were asked to indicate which of 10 purchase criteria mattered most to them. Product reliability earned an average rating of 4.7, the best of the group, followed by product performance at 4.5. Operating costs earned a 4.2 rating while acquisition costs, also known as capital expense, rated a 4.1. Product innovation earned only a 3.6 and breadth of product line was rated lowest of the group at 3.4.

The survey, IT Pro Ranking: Data Center Networking, was conducted by Information Week, and involved 510 IT professionals at companies of various sizes in different industries contacted in November 2011. In two previous reports on the survey, Network Computing looked at the competitive landscape in networking with companies such as Dell, HP and others challenging market leader Cisco Systems, and how buyers prefer industry standard equipment to new products that may be innovative but are proprietary.

When respondents were asked to rank networking vendors on how well they delivered on those criteria, the strength of Cisco became evident. Cisco earned a score of 77 percent approval, highest of the group, followed closely by IBM at 76 percent and HP and Dell tied at 75 percent, followed by Juniper Networks (74 percent), Brocade (73 percent) and Avaya (70 percent).

By drilling further down into the specific criteria, differences among the vendors emerge. When asked to rank from 1 to 5 the importance of acquisition and operating costs as factors in a purchase, Dell ranked highest as being the most affordable and Cisco ranked lowest as being the most expensive. Cisco acknowledges it's equipment is usually more expensive than others, but argues that it's a better value. In fact, Cisco earned the highest marks of the group on product reliability and performance with a 4.3 and 4.2 rating, respectively. Cisco also lead the pack on breadth of product line, flexibility in meeting your organization's needs and product innovation.

While Cisco holds a strong position in the networking equipment market, the survey also reveals that competitors such as Dell and HP are putting considerable pressure on Cisco. One other data point is that customers are more open to checking out other companies than their incumbent vendor, presumably Cisco, when contemplating new purchases.

"A pessimist would say there's nowhere to go but down" for Cisco, writes Information Week's Kurt Marko, who authored the report. "Our survey indicates the company faces headwinds in maintaining its lead."

Learn more at Who Owns The LAN by subscribing to Network Computing Pro Reports (free, registration required).

Brocade Communications Systems Inc. (BRCD) is reportedly in negotiations with a private equity firm for a potential acquisition, Reuters said this week. According to reports in the financial press, the storage and networking infrastructure vendor has been working with Qatalyst Partners, the boutique investment bank run by Frank P. Quattrone, to shop itself around for two years, including several failed acquisition attempts with companies such as Hewlett-Packard. However, an analyst who follows the company believes that such an acquisition, if it occurs, would have much less effect on users than would an acquisition by Oracle, which is another rumor going around.

"I do not think that Brocade should be acquired by a vendor, but should stay independent," says Stuart Miniman, principal research contributor at Wikibon, a Boston-area consultancy. "Moving to private equity would free Brocade from Wall Street pressures. The business is still solid and Brocade is generating a lot of cash. This could be optimized by a private equity firm," he says. Moreover, because companies similar to Brocade have already been acquired, such as Force10 Networks by Dell and 3Com by HP, there are fewer potential buyers, notes the San Jose Business Journal.

Back in June when the most recent rumors of Brocade's imminent acquisition surfaced, Dell was expected to be the buyer. It was expected that the addition of "the jewel among independent, pure-play data center networking vendors" would immediately propel Dell into the leadership tier of cloud stack and enterprise networking providers. A month later Dell instead bought Force10, an equipment vendor that specializes in high-performance computing.

In terms of Oracle, Bloomberg quoted two financial analyst firms as saying that the company could give it a networking product it currently doesn't offer to businesses and enable it to better compete with Cisco Systems Inc. IBM is also suggested as a possible suitor. On the other hand, some analysts say neither of those companies would be interested in Brocade because they already have a significant customer overlap with them.

The problem with Brocade being acquired by another vendor is that it is currently considered vendor-agnostic, selling its equipment to a variety of other networking vendors, and having it acquired by another vendor could damage some of those relationships, Miniman wrote in summer 2010. "If Brocade was to be acquired by IBM or Dell, their relationships with the other server and storage vendors would be damaged and could lead to QLogic gaining further inroads into the market which is currently dominated by Cisco and Brocade," he wrote at the time – an opinion he says he still stands by today.

Because Brocade has more than doubled its free cash flow in the past five years, it could command as much as $8 per share, a premium of 40 percent, according to Bloomberg. Moreover, the stock still trades at 7.7 times its amount of free cash flow, which is below the level of similar publicly-traded companies, which have a median of 17 times the amount of free cash flow, Bloomberg said.

Upon the rumors, the company's stock went over $6 Wednesday, which was up over 3 percent, but gradually drifted downward as the day progressed. Brocade is up more than 80 percent since it hit a 52-week low of $3.18 in early August, but it remains below its 52-week high of $7.30 in early June. Neither Brocade nor Oracle is commenting to the financial press.

Learn more about Data Center Networking by subscribing to Network Computing Pro Reports (free, registration required).

When it comes to buying new network equipment, enterprise customers prefer technology built to industry standards over products that may have innovative but proprietary features, a newly released survey shows. Although network vendors, including industry leader Cisco Systems, are introducing innovations such as multipath Ethernet and converged FibreChannel and Ethernet, buyers ranked adherence to industry standards as their highest priority in choosing a vendor.

In the end, standards trump features, according to the report IT Pro Ranking: Data Center Networking (free, registration required), which was published this week by InformationWeek Analytics. In the first of a three-part series on the survey results, InformationWeek Analytcis in conjunction with Network Computing, looked at the growing percentage of networking equipment customers willing to consider vendors other than their current vendors or to bring in an additional vendor. This news bodes ill for Cisco Systems, still the market leader but increasingly facing competition from HP, Dell, IBM and others. A third installment in the series will look at what criteria customers look at most closely when evaluating vendors.

The 510 IT professionals surveyed were asked to rate on a scale of 1 to 5 (1 being least important, 5 being most important) the importance of certain network features. Adherence to industry standards was ranked the highest with a 4.1 average rating. Proprietary technology in advance of standards was ranked the lowest with a 3.0 rating. Other factors ranked included [ease of] software and hardware upgrades (3.7), ultra-low latency (3.7), converged Fibre Channel and Ethernet (3.6), and migration path to 40 Gbit Ethernet and 100 Gbit Ethernet (3.5).

"Advanced features that vendors love to tout ... are clearly in the nice-to-have but non-essential category for most respondents," reads the report, authored by Kurt Marko.

"Some of this indifference is almost certainly due to a general wariness of proprietary features, where many cutting-edge capabilities are in flux--either the standards aren't complete or are yet to be widely adopted, " he said.

This may beg the chicken-and-egg question of how innovations become industry standards unless they're more widely adopted, but innovative technology will usually evolve into standards once it's proven in the marketplace.

Survey respondents were also asked to rank vendors based on how well they delivered on a total of 12 network technology features identified, such as adherence to standards, ultra-low latency, 40 Gbit Ethernet, 100 Gbit Ethernet, etc. Overall, Cisco ranked highest at 79%, followed by IBM and HP at 77% each, Avaya at 75%, Juniper and Brocade at 74% each and Dell bringing up the rear at 73%. The report described the relatively minor difference between best and worst as clustering and compared it to a classroom grade on a test. "Essentially, everyone gets a C or C+," Marko wrote.

The survey also asked networking technology buyers what criteria they use to evaluate vendors, which will be the subject of the third report in this series.

Learn more at IT Pro Impact: NFC and Mobile Commerce by subscribing to Network Computing Pro Reports (free, registration required).

Cisco Systems' dominance of the networking technology space remains strong but it will have to work harder to keep it that way, according to a recently released survey of IT professionals on data center networking. Increasingly, the people who buy networking equipment are considering other vendors, such as Dell, HP or IBM, as an alternative to Cisco. In addition, while Cisco is known for its networking innovations, customers prize technology that adheres to common industry standards over products offering unique features.

The survey of 510 IT professionals across a variety of industries was published this week by Information Week Analytics. In this first of a three-part series, we look at the openness of customers to adding or switching networking vendors. In part two, we'll focus on the issue of standards versus unique features, and in part three, look at what criteria customers use to compare vendors.

Notably, 71 percent of survey respondents said they have recently completed a network rearchitecting project, are planning one in the next two years, or are in the midst of one, making the latter two groups ripe for a marketing pitch from rival vendors. The same percentage of respondents that are doing or planning a project say they are considering replacing their primary vendor, their secondary vendor or adding another vendor.

When asked in the latest survey if the respondents are satisfied with their current vendor, the response bodes well for Cisco. Only 1 percent said they were "Unsatisfied" with their current vendor and 14 percent were "Somewhat Satisfied." The rest were either "Satisfied" (61 percent) or "Very Satisfied" (22 percent).

But other results indicate where rival vendors may hold sway over longtime Cisco customers. 49 percent of respondents said they were not considering switching vendors at all, a decline from 60 percent in the October survey.

Also, when asked what reasons they would have for replacing an incumbent vendor, 57 percent cited operational cost savings and 55 percent cited capital cost savings as their top considerations. Elsewhere in the survey, when respondents were asked how they would rank various vendors on their acquisition and operating costs, Cisco ranked the lowest, meaning it was considered the priciest. On a scale of 1 to 5, from "Poor" to "Excellent," Cisco earned only a 3.2 rating on acquisition costs; Dell lead the pack with a 4.0 rating, meaning it was considered the most affordable. On operating costs, Cisco earned only a 3.5 ranking, lowest of all seven vendors, although the vendors were ranked closely together in a narrow range of 3.5 to 3.9.

Besides Cisco, HP, Dell and IBM, the other vendors ranked in the survey were Juniper Networks, Brocade and Avaya.

Facing more competition, Cisco has tried to show that while its technology may be more expensive, it offers more long-term value . In a study released last October, Cisco acknowledged that its acquisition costs are higher, but put the capex premium at perhaps 25 percent to 30 percent, not the 30 percent to 50 percent that HP has claimed. Furthermore, Cisco said that the five year total cost of ownership for a Cisco network is only a 4 percent to 7 percent premium over an HP network.

"It's still a relatively small premium to pay for Cisco over HP," said Ross Fowler, VP of borderless network architecture at Cisco, arguing that Cisco offers a more intelligent network than does HP.

Whether a more intelligent network is valued more than a network that is reliable, performs well and is less costly will be discussed in the second part of this series.

Learn more at "Data Center Automation" by subscribing to Network Computing Pro Reports (free, registration required).