Archive for the Category

Last week at the OpenStack Summit in Sydney, Australia, networking vendor Juniper announced a number of new capabilities to its Contrail Cloud platform to help telcos realize the benefits of migrating to a cloud architecture faster.  Network service providers are under tremendous pressure to keep up with cloud providers requiring them to modernize their environments.  However, many of the technologies they need today, such as Network Functions Virtualization (NFV), are either immature, do not interoperate with other vendors or require new skills to deploy.

At the event, Juniper announced a number of updates to Contrail Cloud as well as a reference architecture and professional services to help their telco customers overcome these obstacles.  When Juniper acquired Contrail about five years ago, one of its strengths was that it’s an open product and Juniper kept it that way.

For those not familiar with Contrail Cloud, it’s a cloud platform designed for service providers to run NFV services on instead of having to deploy dedicated appliances like firewalls, routers and VPN concentrators. The product also allows for service chaining so different network services can take different paths through the network.  For example, traffic coming in from unsecured locations may need to pass through an IPS, firewall and router where traffic emanating from a secure location might only need to be sent to the router.  Historically all traffic would have to pass through all devices and now telco can create multiple service chains. This can greatly improve performance, security and provisioning times for businesses that use the services of that particular telco.

There were four elements to the Juniper announcement:

  • AppFormix Integration. Juniper acquired NFV service assurance vendor AppFormix in 2016. The product helps Juniper customers understand how the NFV based services are performing so they can be tuned and tweaked.  The problem was that the data would have to be exported out of Contrail and imported into AppFormix slowing down the process of understanding what the data means.  Now the product is part of Contrail Cloud and the integrated product can collect data in real time and use machine learning to discover new insights faster.  The information can then be used to fine tune the services.  Long term this should be fully automated but I expect telcos to take a crawl-walk-run approach where they’ll first use the data to inform them of what changes to make and then automate down the line when a comfort level is reached.
  • Increased collaboration with Red Hat. Juniper has had a relationship with Red Hat for years but has expanded it. Cloud Contrail is now integrated with Red Hat’s highly scalable OpenStack infrastructure as a service (IaaS) solution and the open, massively scalable Ceph storage product.  The Red Hat – Contrail integration eliminates many of the integration and interoperability problems that arise when products from two vendors are brought together.  Telcos need to move into cloud solutions faster and this can shorten deployment times by months.
  • Pre-Validated Virtualized Network Functions. Appliances may have been resource inefficient but they were straightforward to deploy.  The vendor would ensure that the hardware and software on the appliance was finely tuned to the needs of the function.  As things have gotten more open and virtualized, resource efficiency has gone through the roof.  Also, service providers are free to use a variety of hardware solutions, including white box which should lead to lower cost services available faster.  The problem is the complexity in getting things to work together.  Juniper now offers a pre-validated version of Contrail Cloud with a vetted hardware and software compatibility list.  Juniper includes validated versions that work with its own vSRX virtual firewall and Affirmed Networks Mobile Content Cloud virtual evolved packet core (vEPC) with more third party solutions on the roadmap.  The joint offering with Affirmed will be of particular value to mobile operators that are looking to move to a distributed cloud architecture.
  • Contrail Cloud Managed Service Offering. For telcos that do not have the skills or do not want to run cloud platform, Juniper is now offering an end to end managed service where it will build and operate the cloud infrastructure on behalf of its customer. This includes 24×7 solution support and high touch professional services designed to ensure that the customers that adopt Contrail Cloud are getting full value out of the product.

Businesses of all sizes rely on their telcos to provide the network and mobile services required to let them compete effectively.  Telcos must now embrace cloud architectures so they can roll out new services faster, with greater security and at lower prices while maintaining or increasing their level of profitability.  Juniper’s Contrail Cloud offerings takes much of the complexity out of the equation ensuring that teclos can meet the increasing demands of their business customers.

My kids have an expression that goes “Easy-peasy-lemon-squeezy” to describe something that’s fast and easy to do. Things like beating their dad at a video game and a number of other tasks people do would fall into this category. The opposite of easy-peasy-lemon-squeezy is something that is complex and difficult and I can think of no better example than maintaining a high quality of experience for real time or bandwidth intensive applications over broadband.

The migration from MPLS to broadband is well underway as businesses look to cut the cost of the WAN with an eye towards eventually migrating to a software defined WAN (SD-WAN). The concept of using broadband for business is sound as broadband speeds have steadily increased over the past decade and there are so many flavors of it (cable, Ethernet, cellular, etc) that businesses will almost certainly be able to move the primary and secondary link to broadband. Broadband is typically a fraction of the cost of MPLS so there are big savings to be had for the company that is successful with a broadband WAN.

Prior to the Thanksgiving break, Check Point Software posted this blog alerting security professionals to the dangers of something called “web shells”. While web shells have been around for a few years it seems the awareness of what they are and how they operate is still relatively low so I thought I would take the time to explain what the threat is.

Web shells are scripts or executable software that can be uploaded to an unprotected server and then opened from a browser to give cyber criminals a web based interface to run system commands.  A web shell can be thought of as a backdoor into the system that can be run from a browser.  For any particular web server, the web shell script must be in the same programming language that the server is running on.  Examples of this are php, asp, jsp, perl, Ruby, Python or Unix. So if a server is running Python, the web shell must also be in Python.

Earlier this year the most recent ZK Research – Tech Target Network Purchase Intention Study was conducted.  The survey revealed that securing mobile devices represents the top security challenge for businesses.  The survey also showed that 25% of businesses now want to purchase security using an “as a service” model to simplify the deployment and on going management of security technology.

Check Point Software now can kill both of these birds with a single stone.  Earlier this year, Check Point acquired an Israeli based security company called Lacoon for $8 million.

Lacoon enhances Check Point’s mobile security and BYOD solution, Capsule, which is an alternative mobile device management (MDM) and mobile enterprise management (MEM) offering. Capsule offers core MDM capabilities such as remote wipe but also advanced features such as malware protection, segregation of business and personal data, mobile DLP and other features critical for scalable BYOD.

IT security is a fascinating topic because it tends to oscillate between being critically important to the most important thing IT and business leaders are working on. Right now, because of the high profile breaches such as Target and Bank of America, it’s fair to say it’s the top initiative for most companies. The most recent ZK Research IT priority survey shows that security remains the top IT priority again for 2015 as it was for 2014 and for 2013. The difficulty for security professionals is that security has evolved rapidly over the past five years. Securing the perimeter is obviously a core task of security teams but it’s the only point need securing. Security needs to extend past the edge of the network.

Perimeter firewalls do a great job today, and all the vendors offer a top-quality products and perform well in both protecting businesses from letting in bad traffic and also keeping sensitive traffic from leaving the organization.

The job for today’s IT security teams is becoming more and more difficult. Applications are moving to the cloud, infrastructure is rapidly becoming virtualized, and endpoints are largely the property of the worker. Add in the fact that businesses are rapidly becoming digital organizations where the reliance of IT is at an all-time high, and it’s easy to see why a security breach today is exponentially more damaging than just a few years ago.

However, despite the evolution of servers, networks, and storage, security really hasn’t kept pace and evolved along with the rest of IT. Security is fighting the good fight, but they’re working with archaic tools. We live in a digital, mobile world but most security tools were designed for an era of static IT. No matter how smart the team is and how hard they work, security teams can’t keep up because the security technology hasn’t evolved.

Insight and Influence Through Social Media
ZK Research: Home
RSS Feed
ZK Research is proudly powered by WordPress | Entries (RSS) | Comments (RSS) | Custom Theme by The Website Taylor