Tag Archives: Network

The Network Edge: Stretching the Boundaries of SD-WAN | IT Infrastructure Advice, Discussion, Community

The advent of SD-WAN has dramatically disrupted the enterprise networking landscape in the last five years. Industry experts and analysts opine that it is unlike anything they have seen in decades in the networking arena. Leading SD-WAN solutions have enabled dramatic real-time application performance improvements, simplicity, and automation for implementation and management of wide-area networks, and optimized cloud access.

However, SD-WAN technology is still evolving. New functionalities and integrations are being added at a rapid pace. The boundaries of SD-WAN are now stretching deeper and broader beyond just the WAN edge into the “Network Edge.” The Network Edge is enabling the next wave of network transformation by absorbing new functions including compute, analytics, security, and multi-cloud, that are all critical to supporting enterprise locations where business is conducted.

In SD-WAN implementations organizations deploy an edge device at the branch, and edge devices close to their workloads – the public cloud, and the data center – to create a mesh of connections between locations with direct access to the cloud that avoids backhaul to the corporate data center. Optionally, they can place a virtual edge device in the cloud, to provide additional control and optimization for IaaS hosted applications. SD-WAN is managed from a central console using templates and automation. This approach to network design and simplified management is vital to the evolution of the WAN from a traditional hub and spoke that was difficult to configure, especially at scale, and limited in how it served applications in the cloud.

Given where SD-WAN resides strategically in the network and its management capabilities, SD-WAN has become the platform of choice for the evolution of the network edge. Let’s look at how the edge is developing and how advanced SD-WAN solutions make this evolution possible.

The need for edge compute services

The “branch” has evolved beyond the traditionally understood branch office confined by four walls. The Internet of Things (IoT) and mobility are redefining the branch which can now be an agricultural field with machines and devices that interact with each other. This new paradigm has increased requirements for edge services. This has created the option for the edge to go deeper into the branch office and cross over the LAN boundary to support IoT device traffic. This approach needs an advanced SD-WAN platform that is capable of delivering compute services at the edge. With edge compute, one major challenge is how to manage deployment and configuration of services. Advanced SD-WAN solutions such as VMware SD-WAN provide a virtualization infrastructure for hosting the services and centralized management of the platforms so that edge compute services can easily be delivered. 

The need for quick access to broadband

While transport independence is a hallmark of SD-WAN, easy access to broadband is a growing requirement of the edge. There is an emerging approach that could leverage 5G for a low latency connection and on-demand control. It will be possible to deploy 5G in a very short time compared to landlines, making it ideal for use cases such as pop-up stores and temporary field sites. 5G will be versatile, too. Organizations will be able to specify on the fly what type of throughput and network characteristics they want. Once that is done, the right link configuration is automatically applied to deliver the specified connection. 5G would allow advanced SD-WAN platforms to consider the network underlay as not just one underlay, but a configurable underlay. It is programmable so organizations can ask for the specifications they need with regard to bandwidth and traffic handling. The ability to run an overlay with the intelligence of SD-WAN counting on the underlay intelligence of 5G is revolutionary. This approach is focused using 5G as a transport mechanism for enterprise data, not 5G consumer phones.

The need for multi-region networks

Continuing with the evolution of how applications are accessed, one can see a need to span telco networks to serve the needs of global corporations. This will be achieved by using a federation of VMware SD-WAN Gateways to create an over the top (OTT) service that can interoperate gateway to gateway connecting independent telco networks. For example, if one telco network doesn’t reach a geography where the corporation has a presence, then the organization can use the federated gateways to link to other telco networks. These federated gateways extend the telco’s network beyond the facilities that they own, creating a global virtual WAN in a telco-to-telco federation.

The need for a service delivery platform

The next piece of the SD-WAN evolution is SD-WAN as a platform. There are many services that organizations need to run at their branch offices. However, they have a concern about device sprawl and ease of management of these services. Deploying a service as a virtual network function (VNF) eliminates the need for separate hardware at the branch office location. Again advanced SD-WAN solutions such as VMware SD-WAN provide an NFV infrastructure for this, making deployment and management easy. This allows organizations to deliver additional services from the edge platform. Network analytics is a popular choice for this type of service. Companies can take analytics from the edge SD-WAN platform and correlate them with analytics from other devices such as servers, end-user devices, switches, and routers, to check for anomalous behavior and discover the root cause. This can be used to reduce the time to resolve network performance issues greatly. With SD-WAN as a platform, organizations can deploy virtualized functions and manage them from the same console.

The need for a hybrid and multi-cloud

The final evolution in access to applications that SD-WAN needs to support is hybrid and multi-cloud integration. As organizations continue to increase their use of the cloud to host applications and use SaaS applications, direct access with high performance is critical. Applications that are hosted in the public cloud or if the organization is using SaaS applications can use advanced cloud-hosted multi-tenanted SD-WAN gateways to direct traffic to these applications. The gateway does the traffic steering and provides optimizations between it and the edge device.

There are some instances where part of the application resides in the data center and part resides in the cloud, creating a hybrid cloud model. In this case, SD-WAN needs to create optimized connections to both locations and handle traffic steering appropriately. Furthermore, some organizations utilize multiple clouds for hosting the applications, so the SD-WAN solution needs to provide optimized connections to each of the clouds and manage traffic to and between them.

The vision for the edge

These evolutionary areas are where we see SD-WAN headed, and we call this direction the new Network Edge because it’s beyond the traditional SD-WAN functions. It includes edge computing, fast deployment of intelligent high-speed connections, SD-WAN as a broader service delivery platform, connecting multiple networks, and integrating with hybrid and multi-cloud models. These are all aspects of features that go beyond the definition of today’s SD-WAN and enable the evolution of the WAN.


Source link

What is Network Agility? | IT Infrastructure Advice, Discussion, Community

As I was reviewing the results of the Sirkin Research/LiveAction survey titled: Top Trends Transforming Network Operations, one specific question caught my eye. When asked to choose a top business goal for 2019, over one-third (34 percent) of IT decision-maker respondents answered that it was to “improve network agility.” This particular answer was the number one choice.

Thus, it must be important to many organizations. Yet it left me wondering, what does “network agility” truly mean? Agile software development is an easy enough concept to grasp. But as it relates to the network, I honestly wasn’t sure what makes one necessarily agile. After all, it sounds rather vague and potentially could mean different things to different people. After a bit of research, however, I discovered that network agility is rather well defined and consists of four key components. Let’s go over how to properly define network agility and its core components while also providing real-world examples of how one can implement network agility into any production network.

Network agility can be defined as the speed at which a network can adapt to change while maintaining resiliency, security, and management simplicity. Much of how network agility is accomplished today includes the use of modern architectures and technologies such as software-defined/intent-based networking, artificial intelligence (AI), analytics, and advanced automation. Within this construct, network agility is comprised of the following categories:

Network automation: One way to increase network agility is to leverage automation for the handling of processes that were previously performed manually. Automation can be used to assist with overall network performance and efficiency. Improvements can be made using intelligent data flow mechanisms. These mechanisms use network telemetry data, health probes, and AI to analyze application data flows and the various paths they can be sent over. Automation can then leverage the analytics processed through the AI to choose the most efficient path based on the criticality of each individual data flow.

Deployment speed and scalability: From a deployment standpoint, both speed to deployment and scalability are key areas that are addressed through network agility.  The use of zero-touch provisioning and centralized control-plane architectures are two examples where speed of provisioning new network segments and services can be enhanced. Then looking at scalability, automation can once again be put to use alongside virtualization. Automation can be used to create and deploy pre-defined network templates that can be deployed with just a few clicks. The result is the deployment of a network using virtual network appliances and network functions that are deployed with uniform network policies throughout the private LAN and into the public cloud.

Network visibility: The best way to maintain long-term network agility is by having the proper level of visibility into a network from a data flow perspective. Deep data insights provide a granular view of the end-to-end operational health of a network. This level of visibility allows network architects to understand better what will happen when changes to network flows are disrupted, change, or are added to. Legacy network monitoring tools such as SNMP, traceroute, and ping are no longer enough if your goal is to build an agile network. Instead, modern network analytics platforms that source streaming network telemetry data and analyze it using AI is a far better choice.

Streamlined information security: Lastly, no network can be considered “agile” unless the underlying security processes are both robust and streamlined. Adding the multiple – yet critically important – layers of network security into a network has become a huge management burden in many organizations. Network agility processes and tools help to eliminate this time sink through centralized control, software-defined segmentation, and access control/management. It can also be accomplished by using intelligent identification intelligence and automated security policy enforcement of identified end devices.

Source link

Why the Network Is Central to IoT Security | IT Infrastructure Advice, Discussion, Community

In a large school district, there was a digital sign for a snack area that no one had thought about for months. Eventually, the snack area was removed, yet the sign was still plugged into the district’s network. For months, it turns out, the sign had been compromised by attackers and was communicating with 100 different countries.   

The case highlights the problematic nature of the Internet of Things (IoT) and the ingenious ways bad actors are taking advantage of the fast-growing attack surface created by IoT. It also shows that security must adapt to this new reality if enterprise networks and sensitive data are to remain protected.

The challenge around IoT security will only grow. Worldwide spending on IoT is expected to hit $745 billion this year and blow past $1 trillion in 2022. For enterprises deploying IoT devices, security remains the top technical issue as those looking to compromise the devices are often sophisticated nation-states or organized crime organizations.

The myriad IoT devices come with an almost equal number of challenges.

Read the rest of this article on Dark Reading

Source link

NCCM Does Not Equal Network Automation | IT Infrastructure Advice, Discussion, Community

Today’s complex network infrastructures include a multitude of edge devices such as switches, routers, firewalls, load balancers, and more. Effective management of the network in a holistic manner is crucial for business continuity. Regardless of the network size, configuration changes to infrastructure components based on business and technical requirements is inevitable. Due to exponential growth in the frequency of network changes and the challenges faced by network teams to stay on top of all the issues in the network environment, organizations naturally focus on deploying or leveraging traditional Network Configuration and Change Management (NCCM) tools to solve immediate configuration drift and compliance issues.   

It is a common perception in many organizations to equate NCCM to network automation. The reality is that NCCM is an important, but small part of a broader end-to-end network automation process. Traditional NCCM process focuses on defining static standards in text files and application of configuration changes via CLI, which results in limited compliance checking. However, the ongoing issue for most organizations is the manual and arduous nature of the procedure even though they often use purpose-built NCCM point solutions that provide specific functionalities.

The traditional way of ‘automating’ NCCM represents only 10 to 20 percent of the total effort involved in network management activities. In other words, NCCM activities do not address 80 to 90 percent of true network automation that supports business process management, intent-based networking, automated compliance monitoring, advanced analytics and more spanning complex, multi-domain and multi-vendor environments.

Statistics validate the need for end-to-end network automation processes to mitigate the costs associated with human error and network outages.

  • Gartner analyst Andrew Lerner states that downtime, at the low end, can be as much as $140,000 per hour, $300,000 per hour on average, and as much as $540,000 per hour at the higher end.

  • 80 percent of unplanned outages are a result of misconfigurations due to human errors caused by manual config changes.

  • 22 percent of data center outages are directly a result of human errors from manual network changes, and that the average cost of the data center outage is approximately $740k.

Managing the network is challenging as business continuity depends on network availability. Network complexity continues to grow exponentially as organizations transition to the modern network. D&B estimates that 59 percent of Fortune 500 companies experience at least 1.6 hours of downtime per week, resulting in catastrophic consequences for a company that relies on its network as a core part of its business function.

As many organizations start their network automation journey with NCCM, it is important to utilize a tool that can also be leveraged to automate the additional 80 percent of network management activities and tasks to achieve end-to-end network automation. The solution should be able to scale as the network complexity grows and requirements change over time. Without that, disparate management tools will result in a skills gap (lack of expertise across multiple tools) and lack of end-to-end network visibility.

NCCM will remain a largely manual process, like CLI command executions for pre and post-checks, followed by ‘stare and compare’ of the results, and configuration rollback if required. These activities done manually often use stale configuration data during the maintenance windows, resulting in failed execution and rescheduling of the previously completed activities. Also, CLI/Python driven device configuration and syntactically complex attributes of the network configuration files will lead to frequent human errors. While ensuring network compliance is a priority for network administrators, it is an activity that can’t be executed rapidly and successfully without automation.

Modern network automation requires a more dynamic approach because the network and services being managed are software-defined. One must be able to define standards that contain rules, procedures, and policies that are adopted to formalize a consistent and repeatable process. A process that keeps records of current device configurations, tracks changes made to these configurations, evaluates the results of requested changes before implementation, checks network stability post-implementation, and saves configuration backups based on criteria such as device type, user role, function, network topology and more.

In addition, it is essential that the automation around device compliance is being performed leveraging network data as the source of truth in order to ensure configuration drift issues are resolved in real-time. Lastly, it is also vital to implement RBAC policies that define who in the organization can make changes, and how to recover quickly from failed network changes. Simplifying network management by replacing manual processes with automation to monitor and control the change process and ensure real-time compliance and remediation are essential steps in driving towards end-to-end network automation.

Source link

Five Ways to Improve IoT Network Performance | IT Infrastructure Advice, Discussion, Community

Internet of Things (IoT) networks are popping up just about everywhere, allowing business, industrial and home users to control and/or monitor a wide range of smart devices. As with any network technology, speed and responsiveness are essential for accurate and reliable IoT device operation. While reaching these goals can be elusive, the following five tips should help you establish an IoT network that always operates at or near peak performance.

1. Move to the edge

The best way to improve IoT network performance is to adopt edge computing, the concept of processing information on or near individual IoT devices, said Vishnu Nallani vice president and head of innovation at IT services firm Qentelli.

Edge computing is effective because it forces most bandwidth-hogging processes to run directly on the IoT devices, thereby reducing the need to send information back and forth to centralized servers for processing, Nallani noted. “This also helps in utilizing network bandwidth to only pass information that has to be passed between devices or to a centralized location, thus avoiding IoT network congestion.”

Nallani added that edge computing can also improve response times limited by network latency and bandwidth.

2. Consider using SD-WAN technology

A software-defined wide area network (SD-WAN) is the best way to improve IoT network performance, claimed Marc Sollars, CTO of Teneo, an international C-suite advisory firm. “It chooses the fastest path from all available connectivity options; it can eliminate WAN congestion and/or outages; and it’s designed to run over any type of network connectivity, making it easy to adjust the network in an outage,” he explained.

Traditional WAN links often lack the network intelligence necessary to move IoT data across the network in the most optimal manner. SD-WAN combines two or more WAN links with artificial intelligence (AI), allowing data to travel over the best path toward its final destination. “It identifies critical IoT data, prioritizes it and chooses the fastest path from all connectivity options,” Sollars said. SD-WAN also automatically detects congestion and outages on network links and instantly routes traffic around them, he added.

3. Plan carefully and test thoroughly

Understanding and modeling an organization’s network traffic requirements is crucial to ensuring optimal service for IoT devices, observed Sameer Dixit, vice president of telecom testing firm Spirent and director of the Spirent SecurityLabs. The old adage that you can’t manage what you can’t see holds true for IoT. “Smart organizations will start by understanding the true requirements and impact of IoT devices before going live with them,” he explained. “Almost without exception, the real performance impact will be different than what might have been expected based on manufacturer specifications”

Visibility and understanding is key to making effective decisions. By testing the needs and impact of IoT devices, organizations can be prepared to optimize the network and avoid difficulties or disasters, Dixit noted.

4. Use network segmentation

Network segmentation is by far the most important, yet often overlooked, strategy for IoT deployments, observed Ray Watson, vice president of innovation at Masergy, a software defined networking services company. “Segmentation has huge benefits in three areas: data analytics, network predictability and security,” he added. The approach ensures that each network is configured to address its own unique requirements.

By separating all IoT traffic from an enterprise’s production traffic, or even from a corporate guest Wi-Fi network, enterprises can also ensure that exploits or weaknesses contained in the IoT network won’t spill over into day to day production traffic. Network segmentation also limits an enterprise’s exposure to Shodan searches conducted via a search engine that’s designed to find and exploit specific online devices and device types. “As surprising as this sounds, there are millions of IoT devices that can be seen with a simple Shodan search,” Watson said.  “Placing IoT on totally different subnets will minimize the chances for cyber attackers to use these devices for lateral movement.”

5. Prepare for Adaptive Contention Window (ACW) technology

Most current IoT networks are based on heterogeneous resource-constrained computing devices. Unfortunately, due to the distributed contention of connected nodes, network performance often suffers, noted Milan Sutaria, senior associate at Syska Hennessy, one of the largest U.S.-based engineering design firms. “This is primarily caused by transport layer congestion,” he explained. “The shared and distributed access to the network resource in the wireless network creates media access control (MAC) layer collisions when the network is overloaded.”

The Adaptive Contention Window (ACW) is a proposed model that aims to resolve this issue. “The ACW model reduces MAC layer overhead by using active queue size at the network node level and improves TCP performance,” Sutaria said. “Utilizing this model, the TCP congestion window is dynamically adjusted based on the MAC contention window.” Additionally, by adjusting the MAC ACW, the proposed model promises to effectively distribute access to network resources and assure improved network throughput.

The downside: ACW isn’t yet available and isn’t expected to arrive for quite some time.


Source link