Tag Archives: Infrastructure

Achieving QoS in a Hybrid Cloud Implementation | IT Infrastructure Advice, Discussion, Community

Quality of service, or QoS, is important when mixing real-time and bulk traffic. Add big data applications and the challenge grows. Let’s look at strategies that we can use to protect real-time traffic in a hybrid cloud environment where end-to-end QoS may not be possible.

I define a hybrid cloud as a combination of an enterprise on-premises cloud system and a remote, vendor-provided cloud system. The on-premises systems typically support either infrastructure or platform delivered in the as-a-service model, while the vendor systems could provide a variety of services (infrastructure, platform, data center, or software). In a hybrid cloud, applications might have components located on premises or externally. An application that has real-time communications requirements between sites should be prioritized over non-real-time traffic.

You may also have a software service, such as VoIP, that has real-time components. Somehow, you must connect your voice endpoints within the enterprise to the voice control system service. Call control services typically have less critical timing constraints than real-time streams going to conference calling services located in a cloud provider’s infrastructure.

No QoS over the Internet

QoS is normally used to prioritize different types of traffic, relative to each other. The process involves classifying traffic by marking packets with either a class-of-service (CoS) or Differentiated Services Code Point (DSCP) identifier. Once packets are marked, the network uses the embedded CoS/DSCP identifier to perform rate limiting and prioritization for forwarding. Time-sensitive packets get transmitted before less-time-sensitive packets. A QoS design typically has four, eight, or 12 different classes.

Read the rest of the article on NoJitter.

Keep up to date on the latest hybrid cloud technology innovations by attending the infrastructure track of this year’s Interop conference. 

Source link

4 Critical Elements Impacting Network Visibility Today | IT Infrastructure Advice, Discussion, Community

As transformational technologies like SD-WAN, virtualization, and IoT are increasingly adopted, it’s safe to say that networks have never been more complex. And in today’s digital economy, businesses rely on their networks more than ever. Granular visibility is the one thing underpinning every complex, business-enabling network.

Simply put, network visibility is the ability to capture and see traffic and applications traveling across complex WAN and LAN links. This data is often extracted by network TAPs and distributed to various analytics, monitoring, and security tools through network packet brokers. To maintain vital business functions and ensure positive user experiences, every organization must establish a network visibility strategy and be ready to adjust it as their networks continue to grow and change over time.

Here are four key areas you need to examine when building your network visibility strategy.

Technical elements: Network design, management, monitoring, performance, and security are highly technical functions, the responsibility for which often rests entirely with IT. You need deep expertise to determine which visibility platform and tools your network requires. The scope, scale, and functionality of the technical foundation you use will impact the entire organization and should involve broader input from other departments responsible for compliance, HR, legal and more. Without it, you might lose communication and cooperative management between these teams, leading to security and network performance problems. At best, this could cause performance issues, or worse, severe oversubscription, downtime, and lost revenue. When building the networking toolset and technical framework to support your organization’s critical IT infrastructure, be sure yours is not the only voice in the conversation.

Financial elements: It can be easy to rationalize a smaller budget for visibility architectures. Resource constraints often seem to make decisions for us. That said, one clear case for avoiding the minimalist approach to network visibility is security. The costs of repairing catastrophic damage caused data breaches far outweigh the price of proactively preparing for and protecting against cyber-attacks.

Depending on sophistication and severity, a single breach could shut down a business for good. According to recent reports, the 2017 Equifax breach affected 147.9 million consumers, cost the company $87.9 Million in expenses and $3.5 Billion in market capitalization.

This is an extreme example, but the news is full of similar stories, which further emphasizes the importance of a strong visibility strategy that bolsters security. Apart from security, there are plenty of financial factors that might impact your network visibility architecture. Stack rank your priorities, justify each and weigh them against the budget realities you’re dealing with. A detailed appraisal of these elements will help you better plan and implement your visibility strategy, and ask for additional funding as needed.

Political elements: Organizational politics vary widely between companies. Smaller organizations generally have managers performing a broad scope of duties, while large enterprises tend to be more siloed. For instance, companies with large networks have dedicated teams managing switches, security, infrastructure, applications, and so on.

When developing a visibility strategy, many stakeholders may be involved in the IT portion of the plan, but who pays for what and who takes responsibility when things go wrong? Multiple siloed teams can work collaboratively using an independent network TAP as the foundation of your visibility strategy. This simplifies management across demarcation lines because TAPs touch the switch as well as the connected tools.

As such, each team can manage its own purview without impinging on or impacting other groups, providing greater flexibility to reorganize budget and responsibility according to function.

Legal elements: IT managers must adhere to a broad range of rules for network security, data access, and privacy. Regulations like GDPR require various protections for network users both inside and outside the organization, with stiff penalties for non-compliance.

Unauthorized distribution or malicious use of information creates enormous liability. This is why examining regulatory risks is such an imperative part of developing your network visibility strategy. Are you able to see which traffic might be malicious or what data you may be mismanaging? Are your security and privacy policies up to code? Do your monitoring and security tools receive the level of insight necessary to protect data as it travels throughout the network, detect malicious activity, and prevent breaches?

Do yourself a favor, ask and answer these questions early and often. Returning to “business as usual” after a data breach or privacy incident can be tremendously expensive, time-consuming, and painful.

Hindsight is 20/20

The only way to develop an effective network visibility strategy is to understand and incorporate the technical, financial, political, and legal aspects impacting your network operations. Examine these areas carefully, and reexamine them frequently to avoid the many performance and security pitfalls you’re sure to encounter and to achieve the level of visibility today’s complex networks require.


Source link

Risky Business: Eliminate the Dangers of Wi-Fi with Cellular-Equipped Laptops | IT Infrastructure Advice, Discussion, Community

The initial spread of public Wi-Fi hotspots was a welcome computing advancement that changed how we work and play. It meant that no matter where we were or how we got there – café, hotel, airport, train, plane or automobile – we were no longer cut off from the latest financial spreadsheet or episode of Mr. Robot. Unfortunately, over the years a danger has emerged regarding the use of public Wi-Fi – cyberattacks – that have led many businesses to restrict or eliminate its use in employee laptops in favor of a more secure technology: cellular.

The cyber risks posed by public Wi-Fi hotspots are well documented:

  • Unsecured or unencrypted hotspots open the door to cyber attackers who can easily steal credentials, intercept communications, or infect devices with malicious code.
  • Laptops and other devices that use Virtual Private Networks (VPNs) can extend security from the hotspot to an enterprise’s private network, but the Wi-Fi hotspot itself is still vulnerable, which means the laptop or another device, as well as ultimately the enterprise’s VPN itself, can still be attacked.
  • Even the latest solution for secure mobile connectivity, creating a personal Wi-Fi hotspot using a cellular-connected smartphone or tablet, is vulnerable. Although the mobile device’s cellular connection is secure, the connection from the laptop to the Wi-Fi hotspot may still be subject to attack.

But the biggest shock for Wi-Fi users is that even being near a public Wi-Fi hotspot can be dangerous if the mobile device’s Wi-Fi connection is turned on – even if the device is not logged on through the hotspot! Using inexpensive hardware and software tools, attackers can use this method to sniff or intercept traffic to spread malware or gain access to email, instant messages, or VoIP conversations.

As a result of these risks, businesses are increasingly restricting their employees from using public Wi-Fi hotspots. A survey conducted by independent market research firm Vanson Bourne found that nearly 70 percent of responding organizations in France, Germany, the UK, and the U.S. said they forbid mobile workers from using free Wi-Fi hotspots some or all the time. Another 15 percent said they planned to do so in the future.

Beyond simply banning the use of public Wi-Fi hotspots, some employers, particularly in financial services and other highly regulated industries, require employees to use more secure laptops – or even ban the use of laptops entirely – when traveling, especially in parts of Asia where internet security is very challenging.

The secure cellular solution

A much more secure alternative to using Wi-Fi hotspots is to equip laptops with cellular connectivity instead. In order to operate cellular networks, mobile operators must agree to comply with government laws and regulations regarding customer confidentiality. In addition, most cellular contracts include an obligation on the part of the mobile operator that they provide their customers with a secure network. Given these regulations and contractual obligations, mobile operators have built their cellular networks to be as secure as possible, with multiple layers of defense.

For example, cellular connections with carrier networks have the following characteristics:

  • Every device logging onto a cellular network identifies itself and must be authorized to join the network.
  • Every data transmission is encrypted, making the data unreadable in the event it is intercepted.
  • Cryptographic operations, secure authentication protocols and built-in algorithms protect the air interface between the laptop and base station and between the base station and security-enabled gateway. This means the entire communication loop is protected.

In addition to these mobile operator cybersecurity defenses, enterprises can implement defenses of their own with cellular-connected laptops. For example, technologies now exist that enable enterprise customers to monitor cellular connections to their networks, allowing them to screen these connections for compliance with their security policies.

Equally important, cellular services are now easier to use and more cost-effective than ever. Cellular providers have now begun offering short-term access to their networks (hourly, daily, weekly, monthly, etc.), providing enterprises new internet access strategies that don’t rely on Wi-Fi. These strategies include pay-per-use data rates, which may benefit low-volume users, and unlimited LTE access for a defined period of time, which may benefit users that periodically need to download large files or stream media. For example, Microsoft’s new pay-as-you-go cellular data plans for Windows 10 devices enables traveling employees to have the access they need, when they need it, without the company having to commit to a long-term contract with a single carrier.

In addition, the worldwide availability of cellular connectivity means mobile workers will have access to a cellular network just about anywhere they travel. And evolving regulations continue to make this even easier. In the EU, for example, residents can now travel freely across country borders without incurring the steep roaming charges they used to face. This is a huge benefit for businesses that want their employees to use cellular instead of Wi-Fi for laptop data connectivity.

Given the high financial and reputational damage caused by hacks, ransomware, and other cyberattacks, it is no surprise that companies today rank cyber threats their second biggest concern. By using cellular-equipped laptops, businesses can make their organizations more secure while increasing employee productivity with fast, global wireless connectivity.


Source link

The Scourge of Global Internet Outages Continues | IT Infrastructure Advice, Discussion, Community

Last year, it seemed that nobody escaped the onslaught of outages. Google, Comcast, Route 53, AWS, GitHub, DE-CIX—one by one, these outages reduced the number of services available to users.

Major outages for the year included:

  • February 22: Multiple global financial trading sites reported outages or slowdowns on the Dow’s worst daily point drop to date.
  • March 1: GitHub weathered a massive DDoS attack that not only disrupted its service, but also caused collateral damage to other services.
  • March 2: AWS experienced another due to a power outage in Ashburn, VA.
  • May 31: AWS had yet another due to an ISP problem power outage that impacted AWS US-east-2.
  • April 13: A DE-CIX switch in Frankfurt, Germany, took down a large portion of the Internet for a major world economy.
  • April 24: AWS had multiple service outages, one involving the hijacking of its DNS service, Route 53.
  • June 29: Comcast claimed the most victims, with its fiber-cut outage cutting off or slowing down service for millions of Internet users—even beyond its customer base.
  • September 3: Facebook and Facebook-owned WhatsApp and Instagram all suffering outages, despite being hosted on different clouds.
  • November 12: One of the biggest outages of the year occurred when Google traffic was dropped and re-routed through Russia and China.

Many other services, such as Amazon, Slack, Twitter, Facebook went dark at some point, due to a network or application issue.

A recurring problem that will persist

If only last year were an anomaly. Unfortunately, it was not. Two years ago, Amazon, Comcast, Twitter and Netflix were effectively taken off the Internet for multiple hours by a DDoS attack because they all relied on a single DNS provider – Dyn, in their case.

Can it happen again? According to the 2018 ThousandEyes Global DNS Performance Report, 68 percent of the top 50 companies in the Fortune 500 and 72 percent of companies on the Financial Times Stock Exchange 100 are still at risk. Two years after the Dyn DDoS attack, you’d think digital companies would have learned their lesson, but apparently not so.

According to the report, many of the biggest companies on the planet – as well as 44 percent of the top 25 SaaS providers – don’t have a fallback DNS option. That means that a single outage or DDoS attack could completely take their businesses off the Internet.

Without DNS, there is no digital experience. It’s the least appreciated aspect of delivering online user experience, and the most overlooked chink in an enterprise’s armor.

Even digitally mature organizations can get DNS wrong by not following best practices around resiliency. It’s also a complex topic that most networking professionals haven’t spent enough time to understand.

The DNS expert community is select, but the need for awareness of DNS has grown as more businesses than ever rely on digital experiences in their revenue generation. According to Gartner, CIOs report that 37 percent of their revenues will be have a digital footprint by 2020. If DNS is the first step in every digital experience, then not getting that step right can be incredibly costly.

As for the lack of enterprise DNS resiliency, consider this analogy. Most IT professionals would never consider building a data center without backup power or redundant telecom or Internet connections. Further, most know that redundant connectivity isn’t truly redundant unless there is diversity of physical cable routes and facilities. But too many are just using a single DNS service. If that DNS service is lost, it doesn’t matter how much you spend on your CDN, your data center, or your cloud hosting. Your brand will be offline, and you’ll be scrambling.


Source link

Low-Power WANs Energize High-Priority Applications | IT Infrastructure Advice, Discussion, Community

While 5G networks will reshape wireless communications and support new applications, not all enterprises and municipalities feel the need for speed. These entities have wide-area applications that need only tens or 100s of kilobits to get the job done.

Enter Low-Power Wide-Area Networks (LPWAN). They’re generally described as a type of wireless WAN designed to allow data transfer between far-flung devices with long-life batteries and a central site.

Entities that employ sensor-equipped devices, for example, to transmit small amounts of data from pipelines, utility locations, and meters across wide-areas have embraced LPWANs. That’s chiefly because these offerings are more affordable than higher-speed alternatives and allow for long-lifetime, no to low-maintenance networks.

LPWANs are essentially a slice of a wireless service provider’s cellular bandwidth. Some early providers used non-cellular networks to offer them. They are offered as service with the wireless operator often providing a managed service option to prospective customers. Some applications use licensed spectrum while others work better with unlicensed spectrum.

Interest in LPWAN services spans vertical industries. They include oil and gas, agriculture, healthcare, logistics, transportation, and manufacturing.

A fine forecast

Of the 50 billion devices estimated to be connected to the Internet of Things (IoT) by the end of 2021, it is expected that upwards of 60 percent of these devices will be connected with LPWANs, according to a 2018 global forecast from Markets and Markets.

One expert has explained U.S. wireless provider interest in LPWANs. “Service providers have invested in cellular technologies for the past 30-plus years,” said Stefan Pongratz, senior director at Dell’Oro Group, a Redwood City, CA.-based research and consulting firm. “And they are now in a unique position to capture new revenue from a diverse set of IoT use cases with minimal incremental mobile infrastructure investments.”

LPWANs: Menu options increase

LPWANs are available using many technologies. In the last year, Verizon and AT&T have both introduced LPWAN services. T-Mobile is also in the mix as is Sprint. Two of the technologies are LTE-M and Narrow Band-IOT (NB-IOT).

“The business case using cellular technologies, such as NB-IoT and LTE-M, is extremely compelling,” said Dell’Oro’s Pongratz. “Our analysis suggests the incremental investment in mobile radio access network and core infrastructure will yield around 30x of potential growth for the carriers by the end of the forecast period.”

In the early days of LPWANs (before cellular options existed), pioneers used unlicensed, non-cellular bands to provide the transport and connectivity for these services. They have gained ground largely outside the U.S.

Each player has its own circle of partners and supporters, among them telecom companies and industrial kingpins.

LoRa: LoRa is a wireless data communications technology (protocol and architecture) – the patent for which is owned by Semtech. It uses unlicensed radio frequency bands. LoRaWANs are already available from operators including Orange.

LoRaWAN is available in many countries across the globe, in some cases nationwide. Semtech founded the LoRa Alliance. The company and its partners embraced an open approach.

The Alliance: The companies pushing LoRa WANs are many with far more than wireless operators allied to advance the data communications protocol for LP WANs.

Formed in 2015, the alliance boasts more than 500 members worldwide that focus on interoperability and more. They include Semtech, Cisco, IBM, Google, ZTE, Alibaba, Duracell, STM Microelectronics, and Comcast. The group does include service providers from Europe and Asia.

Sigfox: Sigfox uses ultra-narrowband technology for its LPWAN. Unlike others, Sigfox has worked with one network operator after another (one in each country) to deploy as much LPWAN coverage as is possible. The Sigfox SIG believes this approach lets it focus on providing as much Sigfox availability as possible globally.

Weightless: A group of companies makes up Weightless, a non-profit which backs a technology bearing the same name. Like LoRa and Sigfox, it’s in the non-cellular LPWAN category.

The group, called Weightless Special Interest Group (SIG), has already developed a trio of offerings to meet differing needs of LPWAN use cases.

Weightless-N supports one-way communications while Weightless-P supports two-way communications (and can use licensed spectrum). Weightless-W also has two-way communications for longer ranges than Weightless-P.

The Road Ahead

With seemingly all road leading to 5G, businesses spread across vertical industries will continue to find wireless worth through use of low-power wide-area network services in the U.S. and abroad to support applications that require data rates of tens to 100s of kilobits.

LPWANs are poised for greater popularity as the need to connect a fast-growing array of basic devices and sensors to the Internet intensifies. Expect low price, low-power, and low data rates WANs to define a larger slice of the IoT world.


Source link