PUBLICATIONLICENSEDBYTHEINTERNATIONALMEDIAPRODUCTIONZONE,DUBAITECHNOLOGYANDMEDIAFREEZONEAUTHORITY
www.networkworldme.com | Issue 150 | September 2011
Network security essentials Key strategies, concepts and tools
PLUS:
NEXT GEN FIREWALLS | DESKTOP VIRTUALISATION | M2M COMMUNICATIONS | SIEM
make calls
grow countries –––– One quarter of the world’s population is making calls thanks to Ericsson.
inside
ISSUE 150 | SEPTEMBER 2011
COVER STORY
BITS 06
Ericsson partners with Pacific Controls
07
HP simplifies virtual infrastructure deployments
08
Global Knowledge sets up new HQ in Egypt
10
Brocade caters to cloud customers
14
IPv6 adoption slow in Africa
IN ACTION 16
Speed delivery: Lebanon Online has deployed a Web caching solution to reduce bandwidth costs and enhance end-user experience
18
Network security essentials
ILLUSTRATION: DAN MATUTINA http://twistedfork.me
Key strategies, concepts and tools
FEATURE 22
Demystifying next-gen firewalls: The market is slowly drifting toward application-aware firewall with intrusion prevention and filtering
26
Why SIEM is more important than ever: IT environments are growing more distributed, complex and difficult to manage, making the role of SIEM more important than ever.
OPINION
NEW PRODUCTS
38
48
Competing in the mobile Internet era
TEST 42
Palo Alto PA-5060 is one fast firewall
A guide to some of the new products in the market
LAYER 8 50
All the news that’s fit for nothing
QUICK FINDER Page 6-26 Ericsson, Zain KSA, HP, Huawei, Global Knowledge, Honeywell, Brocade, Alcatel-Lucent, Astaro, Motorola Mobility, Google, Blue Coat, CA, Sophos, McAfee, Enterasys Networks, SonicWall, Fortinet, help AG,
Stay Connected
Follow us on
twitter.com/networkworldme
Page 26-48 NetApp, CommVault, Huawei, Palo Alto, Dell, Ericsson, Yealink, Cisco, Molex, OCZ
facebook.com/NetworkWorldMiddleEast
FROM THE EDITOR
Publisher Dominic De Sousa
The moving target
I
COO Nadeem Hood Managing Director Richard Judd richard@cpidubai.com +971 4 440 9126
s perimeter security dead? For almost two decades,
the predominant security model has been focused on hardening the perimeter, with a firewall defending
your network. Now with the torrent of smartphones and tablets entering the corporate networks and
given the collaborative nature of the business, we are moving to a world without network boundaries, which is forcing
IT managers to think about network security in a different way. We instinctively trust insiders and distrust outsiders and the security model in most organisations reflects that
– a fortified perimeter with a soft inside. But, studies after
studies show that nearly half of the security breaches were the result of users abusing their rights to the sensitive data. In this age of cloud computing, telecommuting and remote
access, most companies are slowly getting used to the fact that their sensitive data is moving over networks that are often not their own, beyond the controls of corporate firewalls. It is
becoming accepted wisdom among IT managers that it is almost impossible to protect your network boundaries because you no longer know where they are or where your security holes are. Security experts say those companies that take a step back, review risks and
identify their crown jewels and develop a plan to deal with foreseeable problems stand
in good stead. Probably, the biggest shift in network security today is the focus on data;
it’s no longer sufficient to protect just your hardware but you must consider the sensitive
information that resides in those. It is also imperative to educate users about safer network behaviour. In most cases, companies spend on expensive security tools and solutions and
forget the all important part of educating the users. Often the weakest link in security is not technology, but the people who use it. And remember this oft-repeated advice: trust no-one when it comes to security and treat every device like a suspect.
Sales Director Rajashree R Kumar raj@cpidubai.com +971 4 440 9131 EDITORIAL Dave Reeder dave@cpidubai.com +971 4 440 9106 Senior Editor Jeevan Thankappan jeevan@cpidubai.com +971 4 440 9109 ADVERTISING Sales Manager Sean Rutherford sean@cpidubai.com +971 4 440 9136 CIRCULATION Database and Circulation Manager Rajeesh M rajeesh@cpidubai.com +971 4 440 9147 PRODUCTION AND DESIGN Production Manager James P Tharian james@cpidubai.com +971 4 440 9146 Art Director Kamil Roxas kamil@cpidubai.com +971 4 440 9112 Designer Froilan A. Cosgafa IV froilan@cpidubai.com +971 4 440 9107 Photographer Cris Mejorada cris@cpidubai.com +971 4 440 9108 DIGITAL www.networkworldme.com Digital Services Manager Tristan Troy Maagma Web Developers Jerus King Bation Erik Briones Jefferson de Joya Louie Alma online@cpidubai.com +971 4 440 9100
Jeevan Thankappan Senior Editor jeevan@cpidubai.com
Published by
www.networkworldme.com | Issue 150 | September 2011
1013 Centre Road, New Castle County, Wilmington, Delaware, USA
Branch Office PO Box 13700 Dubai, UAE
If you’d like to receive your own copy of NWME every month. Just log on and request a subscription: www.networkworldme.com
PUBLICATIONLICENSEDBYTHEINTERNATIONALMEDIAPRODUCTIONZONE,DUBAITECHNOLOGYANDMEDIAFREEZONEAUTHORITY
NOT YOUR COPY?
Tel: +971 4 440 9100 Fax: +971 4 447 2409 Printed by Printwell Printing Press LLC Regional partner of
Network security essentials Key strategies, concepts and tools
PLUS:
4 Network World Middle East September 2011
NEXT GEN FIREWALLS | DESKTOP VIRTUALISATION | M2M COMMUNICATIONS | SIEM
www.networkworldme.com
© Copyright 2011 CPI All rights reserved While the publishers have made every effort to ensure the accuracy of all information in this magazine, they will not be held responsible for any errors therein.
bits Ericsson partners with Pacific Controls Ericsson and Pacific Controls have signed a Memorandum of Understanding (MoU) to jointly develop ICT enabled smart solutions for vertical industry sectors. With the combined efforts and experience of both companies, Ericsson and Pacific Controls will enable customers to offer smarter services and products to their end-users. The agreement calls for Ericsson and Pacific Controls to jointly cater to the business needs of sectors such Energy, Utilities and certain areas of Government. With Ericsson as the global leading provider of telecommunication technology and services and its consulting and systems integration capabilities combined with Pacific Controls’ expertise in the fields of energy
Zain KSA goes all IP Zain Saudi Arabia (Zain KSA), a mobile operator in the Kingdom of Saudi Arabia, has selected Alcatel-Lucent’s IP/MPLSbased mobile backhaul solution to respond to the sharp increase in bandwidth requirements, and to keep pace with subscribers’ demands. Saudi Arabia is widely recognised as the largest telecommunications market in the Middle East region, with growth in this sector currently estimated at about 30% per annum. A recent report by the Riyadh-based Economics Studies House, commissioned by the MTN Group, showed that the penetration rate of mobile phones in Saudi Arabia could grow from the current 32% to 60% by 2014, with over 20 million subscribers. The report noted that this would not only require a rapid rollout of capacity to service almost 13 million new lines over the coming nine years, but would also require dramatic increases in network coverage and service availability to meet demand in the Kingdom. The Alcatel-Lucent solution offers a 6 Network World Middle East September 2011
Anders Lindblad, President, Ericsson Middle East and North East
management, remote monitoring, controlling and M2M (Machine-to-Machine) applications,
customers will be able to cut their costs, increase their revenues and enhance their overall productivity. In addition to adding value to customers’ business and introducing initiatives to provide optimum benefits to end-users, the one year agreement is also in line with Ericsson’s 50 Billion Connected Devices by 2020 vision. Anders Lindblad, President, Ericsson Region Middle East and North East Africa, said: “Offering customized solutions to enhance our customers’ business needs is one of Ericsson’s main objectives. This collaboration will enhance our customers’ productivity and reduce operational costs, and enrich the lives of their end users.”
converged, scalable, multi-access Alcatel-Lucent on this important and all-IP network allowing network evolution project dynamic service creation and designed not only to improve delivery at the lowest cost per the customer experience with bit while enabling broadband a reliable and stable network, accessibility to all Zain KSA but also to take our customers subscribers, delivering service to the next level of mobility innovation, streamlining and beyond,” said Dr. Saad network operations and Al Barrak, Zain KSA CEO & generating new revenues for Managing Director. “Through the operator. As part of the our competitive vendor Alcatel-Lucent’s High Leverage selection process, Alcatel-Lucent Dr. Saad Al Barrak, Zain KSA CEO & Network architecture, the demonstrated that they are Managing Director solution will offer to Zain an ready to deliver innovative, costincreased capacity at lower cost while providing effective, state-of-the art technology and deliver the necessary service reliability and quality financial value to Zain KSA.” of experience that subscribers expect, while As part of this project, Alcatel-Lucent is it will strengthen the ability of Zain KSA to deploying its 7750 Service Router (SR) and 7705 offer its customers the best possible quality Service Aggregation Router (SAR) along with of experience and also prepare its network the Alcatel-Lucent 5620 Service Aware Manager infrastructure to immediately launch next (SAM) and the Alcatel-Lucent 5650 Control generation communication and data services. Plane Assurance Manager (CPAM). The Alcatel“Zain KSA looks forward to working with Lucent IP portfolio will make it possible for Zain KSA to deliver scalable, evolvable, cost-efficient and fully managed IP-based transport able to growth in blade adapt to the expected increase in core traffic server shipments for years to come and to the advances brought in Q2 about by the introduction of fourth-generation mobile technology.
8.2%
www.networkworldme.com
HP simplifies virtual infrastructure deployments
Alaa Al-Shimy, Enterprise Servers, Storage and Networking Director, HP Middle East
HP has unveiled HP VirtualSystem for VMware, an optimised, turnkey solution that gives organisations a virtualised infrastructure that speeds implementation and provides a foundation for cloud computing. As virtualisation has gained adoption, multi-tier network architectures, virtual
sprawl, inflexible storage, unpredictable workloads and security concerns have increased complexity and limited broad deployment. To help midsize to large organisations address these challenges, HP VirtualSystem for VMware includes virtualised HP Networking solutions, HP Converged Storage, HP BladeSystem servers, HP Insight software with on-site installation services. HP says with Virtual System, users can accelerate virtual machine mobility by up to 40% while doubling throughput and reducing network recovery time by more than 500 times with the new HP FlexFabric virtualised networking solution. “Virtualisation has become mainstream for clients, but there are obstacles to broad deployment,” said Alaa Al-Shimy, Enterprise Servers, Storage and Networking Director, HP Middle East. “With HP VirtualSystem for VMware, clients can simplify and scale their virtualisation deployments to provide a clear path to the cloud.”
Huawei expands switching portfolio Huawei Enterprise has rolled out latest switching hardware devices that its company claims will transform the way in which IT networks are designed to benefit business operations in the long run. Huawei’s new switch X7 series: S1700, S2700, S3700, S6700 and S7700 provide fullfeatured networking technology to a wide range of businesses from SMBs to larger size companies. The latest switch series, says Huawei, will support and simplify large and complex projects including the deployment of Local Area Networks (LAN) for campuses as well as Data centres, using its innovative switching technology. With increased performance thanks to a faster wire-speed network throughput and reduced power consumption by 10%, Huawei’s latest X7 Switch series are
also designed for easy installation and maintenance. In addition, its state-of-theart architectural design runs on a common operating system via Huawei’s patented technology Versatile Routing Platform (VRP), allowing businesses to optimize the operational cost of their IT assets. “We are moving into a world where features including Voice over IP, videosharing and social media networking applications are dominant tools that businesses typically need to communicate with one another,” said Dr. Liu Qi, President, Enterprise Middle East. “The increasing use of such applications has intensified the network traffic flow of every organisation and requires that switching technologies are more reliable, flexible and perform better in terms of connectivity.” www.networkworldme.com
Server shipments, revenue grow in Q2 Worldwide server shipments in the second quarter of 2011 grew 8% year on year, while revenue moved upward 19.5% year on year, according to Gartner. “The second quarter produced solid growth on a yearly basis, as the recovery that started in 2010 continues to eke out slow improvements,” said Jeffrey Hewitt, research vice president at Gartner. “All regions showed yearly growth in both shipments and vendor revenue, although in both measures the market is again below the pre-downturn levels we saw in the corresponding quarter of 2008.” “x86 servers forged ahead and grew 8.4% in units for the quarter and 17.7 percent in revenue. RISC/ Itanium Unix servers declined 8.5% in shipments but showed a revenue increase of 4.3% compared with the same quarter last year. The ‘other’ CPU category, which is primarily mainframes, showed a strong growth of 48.8%,” Hewitt said. All of the top five global vendors had revenue increases for the second quarter of 2011. HP continued to lead the worldwide server market based on revenue. The company posted over $3.9 billion in server vendor revenue, accounting for 29.8% of the server market based on revenue. This share was down 2.2 percent year on year. In server shipments, HP remained the worldwide leader in the second quarter of 2011 with a year-on-year shipment increase of 11.7%. This growth was driven by increases in HP’s ProLiant brand. HP’s worldwide server shipment share was 30.8%, representing a 1.0 percent increase in share from the same quarter in 2010. Of the top five vendors in server shipments worldwide, all but Dell posted increases in units for the second quarter of 2011. September 2011 Network World Middle East 7
bits Global Knowledge sets up new HQ in Egypt IT and business skills training provider Global Knowledge has relocated of its Cairo office and training centre to Sheraton Heliopolis from Korba Heliopolis. The company’s new headquarters house additional classrooms and offers a state of the art learning environment. Global Knowledge’s investment in its Egypt operations comes at a time when recent political events have resulted in an uncertain economic climate, with other companies freezing or decreasing investment in the country. The company says relocation and expansion reflects its long standing dedication to Egypt and growing the Egyptian IT training market. Global Knowledge’s MD of Egypt and North Africa Maged Thabet said, “We’re extremely pleased to be relocating to our new Sheraton headquarters, giving us additional classroom space and state of the art facilities. It is a strong reflection of Global Knowledge’s unwavering commitment to Egypt and our valuable customers here. We’re certain our new facilities will further maximise the value and return customers receive from our training.” With its new facilities, Global Knowledge says it has enhanced the value for class attendees by providing even more classrooms
Global Knowledge’s MD of Egypt and North Africa Maged Thabet
and completely upgrading them and its testing centre. The company’s new six floor office features 24 classrooms and labs, fully equipped with the latest computers and network infrastructure. Its testing center also offers the latest infrastructure, vendor software and testing equipment to simplify the testing and certification process. In total, Global Knowledge offers over 1,500 courses in Egypt from basic network troubleshooting to advanced level certifications from leading vendors in the IT industry.
Telecom Egypt turns on 40G cable network Telecom Egypt and Alcatel-Lucent have announced that the TE-NORTH Cable System, provisioned with 40 Gigabit per second (40G) wavelengths across the Mediterranean, is in service. TE-NORTH is the first Mediterranean cable network to provide commercial service using this newest 40G technology. 8 Network World Middle East September 2011
The 3600km system connects Abu Talat, Egypt, to Marseille, France, with a branch to Pentaskhinos, Cyprus and also includes other branching units for further expansions in the Mediterranean basin. The introduction of this advanced technology, essentially doubles the original design capacity of the system from 10 Terabits per second to over 20 Terabits per www.networkworldme.com
Honeywell completes EMS acquisition Honeywell has completed its acquisition of EMS Technologies, for approximately $491 million. EMS is a leading provider of connectivity solutions for mobile networking, rugged mobile computers and satellite communications. The acquisition will enhance Honeywell’s existing capabilities in rugged mobile computing technologies within its Automation and Control Solutions business (ACS) and satellite communications within its Aerospace business. EMS’s Global Resource Management (GRM) division provides highly ruggedised mobile computing products and services for use in transportation, logistics, and workforce management settings as well as secure satellite-based asset tracking and messaging technology for search and rescue, warehousing, and field force automation environments. Through its Aviation division, EMS provides terminals, antennas, in-cabin network devices, rugged data storage, and surveillance applications predominantly for use on aircraft and in other data gathering objectives.
second (Tb/s), equivalent to the transfer of over 32,000 HD movies in 60 seconds. TE-NORTH’s expanded design capacity enables Telecom Egypt to meet the growing demand of their customers and the region on this important international telecommunications route. By boosting connectivity across the Mediterranean basin, the 40G technology enhances Telecom Egypt’s ability to serve global operators whose international services transit Egypt and rely on Egypt to hub the services in the Middle East, Asia and Africa region.
Finally, IT management software that shows you everything you need to see >
How much power and cooling should I plan for next year?
>
>
How many replacement batteries will I need to budget for?
>
Where should I place the next server?
Does the generator have enough fuel to power an extended outage?
Only APC InfraStruxure Management Suite connects IT and facilities for higher availability and efficiency Finally, the power to see what facilities sees As an IT or data centre manager, you work hard to proactively avoid and manage availability risks while concurrently working toward greater operational and energy efficiency. Doing your job well means saving lost money and lost time. Until now, though, you’ve been seeing only half the picture. Historically, your view of your data centre architecture has been limited to the IT space. Today, InfraStruxureTM Management Suite software, which comprises InfraStruxure Central and InfraStruxure Operations, lets you see across your entire data centre architecture. Now, get the big picture you need to protect availability and realise greater efficiency. So now you can monitor interdependent devices that may be outside the data centre but can significantly affect your availability and efficiency.
Integrated management from rack to row to room to building The software’s open, standards-based platform gives you this end-to-end view. You can determine by reading the meter, for example, whether the building’s total power capacity can handle the addition of more IT equipment. Or you could look at your generator through Modbus to see if it has enough fuel to power an extended outage. You also could monitor chillers and breakers—all through the IT management system! In short, you gain better control and management of your data centre’s availability and efficiency at all times. With this clear view, you now can better align your IT equipment to your business needs.
A healthy and green data centre With InfraStruxure Management Suite, you can view your current and historic PUE/DCiE, enabling you to identify exactly where energy is spent and what the associated costs are. Using real-time data enables you to predict how changes will affect your day-to-day operations and energy use and, by extension, your budget and future operations.
InfraStruxure Management Suite is an integral part of the APC by Schneider ElectricTM InfraStruxure solution— the industry’s one-of-a-kind scalable, adaptable, and ‘on-demand’ data centre architecture. InfraStruxure is the only end-to-end data centre solution that’s easy to deploy. From concept to commissioning, you can scale your infrastructure quickly to your business strategy and adapt simply to ever-changing IT technologies. InfraStruxure Management Suite integrates with multiple systems, including: > PowerLogicTM ION-E power management > TACTM building management > Microsoft® System Centre Operations Manager > Microsoft System Centre Virtual Machine Manager > IBM®/Tivoli
Three steps to WIN an iPad! 1. Bring this ad and your business card to the APC by Schneider Electric booth at Gitex 2011, Hall 1, Stand E1-40. 2. Take the four-step tour and receive a FREE bag. 3. Enter the lucky draw to win an iPad – we’re giving away one a day for five days!*
For more information on solutions: Visit www.apc.com/promo and enter Key Code 95144t Call +9714 7099690 (Arabic) / +9714 7099691 (English) Fax +9714 7099650
©2011 Schneider Electric. All Rights Reserved. Schneider Electric, APC, InRow, and InfraStruxure are trademarks owned by Schneider Electric Industries SAS or its affiliated companies. All other trademarks are property of their respective owners. IBM and the IBM logo are trademarks or registered trademarks of International Business Machines Corporations in the United States, other countries, or both. • 998-3822_GB APC Middle East – PO Box 53852 – Dubai – United Arab Emirates. *Conditions apply. Promotion giveaways are at the discretion of APC. Details and conditions for the lucky draw available at the APC by Schneider Electric booth.
bits HP releases federated storage system As part of its Converged Storage portfolio, Hewlett-Packard (HP) has released new federated storage software, Peer Motion, which enables admins to transparently move application workloads between disk systems in virtualised and cloud computing environments. HP also unveiled a new storage array line, the P10000 3PAR Storage System, which is aimed at supporting public and private clouds with twice the capacity and port count of previous HP products. The Peer Motion software allows applications and data to be moved between any HP-branded storage systems as well as systems from its subsidiaries: 3Par and LeftHand, according to Craig Nunes, director of marketing for HP Storage. Similar to VMware’s vMotion software, Peer Motion allows live migration of data on storage systems supporting virtual machines with no application downtime. Peer Motion is aimed at several data centre needs, Nunes said, including the balancing of workloads where an application outgrows its forecasted requirements and must be redistributed across storage systems. The software can also be used in bringing new
Walid Gomaa, Storage Business Unit and Sales Manager, HP Middle East
storage systems on line when older ones are retired, and for thin provisioning of storage in virtual environments. “Legacy storage systems architected 20 years ago were never designed for the dynamic IT-as-a-Service world, forcing organisations to use expensive and inefficient bolt-on virtualisation approaches,” said Walid Gomaa, Storage Business Unit and Sales Manager, HP Middle East. “The true peer-based storage federation in HP Converged Storage solutions can handle the inherent unpredictability of always-on, multitenant environments while reducing expense, management overhead and risk to service levels.”
Brocade caters to cloud customers Brocade has unveiled an infrastructure procurement model designed for cloud computing, along with additions to its new VDX data centre switch line. Brocade rolled out a subscription-based acquisition option that allows customers to acquire network capacity on demand as required by fluctuating business demands. Brocade Network Subscription is optimised to address cloud-based IT environments, Brocade says. Brocade Network Subscription is designed to allow customers to scale capacity up and 10 Network World Middle East September 2011
down according to actual network utilization with no capital outlay. Customers pay for their network infrastructure on a monthly basis, and can return equipment to Brocade when capacity demands are not as high. Network Subscription is not a managed Infrastructure-as-a-Service offering; essentially, it’s an option for customers who need more flexible procurement, lease or rental alternatives to control network capital expenses or who have tight budget constraints. www.networkworldme.com
Storage shipments keep surging: IDC Enterprises and service providers spent more money on storage in the second quarter, emboldened by growing IT budgets, according to the research company IDC. The boost in storage has come along with investments in cloud computing and data - centre virtualisation, IDC analyst Liz Conner said. Companies are updating their storage systems for the era of “big data,” to deal with huge and growing volumes of information, she said. The total market for disk storage systems grew just over 10% from last year’s second quarter to reach almost $7.5 billion in revenue, IDC said in its Worldwide Quarterly Disk Storage Systems Tracker. IDC defines disk storage systems as collections of three or more drives, either in or outside servers. External disk storage grew 12.2% year over year to slightly more than $5.6 billion in factory revenue, IDC said. The revenue gains came on top of strong results from last year’s second quarter, when the industry was recovering from the recession of 2008-2009, Conner said. The total amount of capacity delivered also continued to rise, with total disk storage systems shipped in the quarter representing 5,353 petabytes of capacity, up 46.7% from a year earlier. In the second quarter of 2010, there were 3,645 petabytes sold, a 54.6% increase. Sales increased across all major product categories, including NAS (networkattached storage) and all types of SANs (storage-area networks). The total market for non-mainframe networked storage systems, including NAS and iSCSI (Internet SCSI) SANs, grew 15.0% from a year earlier to $4.8 billion in revenue, IDC reported. EMC led that market with 31.9% of total revenue, followed by NetApp with a 15.0% share.
CIO Round Table Rethinking storage strategies
Network World Middle East and NetApp invite you to participate in an exclusive roundtable discussion on 20th September, 2011. You will join your C-level peers and industry experts in an open and informal discussion on enterprise storage strategies Data growth remains one of the biggest challenges for IT. Managing double-digit growth in data with shrinking IT budgets is a daunting task facing many CIOs. With storage capacity exploding at a rate of almost 60% per year, IT executives are forced to rethink what type of storage system is best suited for their data. What are the keys to handling such colossal growth in data generation in times like these? How do we harness virtualisation and cloud computing strategies to deliver an optimal information infrastructure and capacity – in a timely and secure manner? Sign up today to join this exclusive discussion. Share your views and concerns with your peers and industry experts and, in the process, gain insights into more effectively securing the future of your business!
Take our short survey on enterprise storage By answering just a few questions, you can help us guage your storage needs. To thank you, we will send you a free subscription to Network World Middle East and the results once they are compiled.
http://www.networkworldme.com/ms/ netapp/roundtable.php
Date: 20th September, 2011 Venue: The Address, Dubai Marina Time: 10 am to 12 noon (Lunch will be served)
Go to: http://www.networkworldme.com/ ms/netapp/survey.php
(Note: This is a closed-door group discussion of 10-15 people- there is no audience. Open to pre-selected CIO/Heads of IT/ Networking and data centre managers only)
Brought to you by:
www.networkworldme.com
September 2011 Network World Middle East 11
bits GOOD
BAD
UGLY
LTE to drive the growth of mobile broadband According to Frost & Sullivan, as the demand for mobile broadband services continues to explode, the service providers have shown preference for moving towards faster data networks. With LTE technology offering lower operating costs for mobile data transfer, the mobile operators worldwide are progressively committing themselves to LTE network deployments as a path for moving towards Fourth Generation (4G) services. With recent LTE launches in Europe and the US, the device and service ecosystem will is expected to mature and LTE will gain further momentum in other markets across the globe, particularly in Asia Pacific and Middle East.
Good
IE will drop under 50% share by mid-2012 Microsoft’s Internet Explorer (IE) will lose its place as the majority browser next summer, according to statistics published today by Web metrics company Net Applications. If the pace of IE’s decline over the last 12 months continues, IE will drop under the 50% mark in June 2012. In August, IE lost about seven-tenths of a percentage point in usage share, falling to 55.3%, a new low for the once-dominant browser. In the last year, IE has dropped 6.9 points. But Microsoft continued today to stress the success of IE9, the edition launched last March, particularly on Windows 7.
Bad
Mobile apps fail big time at security A study from digital security Ugly company viaForensics paints a stark picture of the vulnerability of smartphone user data. viaForensics evaluated 100 popular consumer apps running on Android and iOS, and found that 76% store usernames, while 10% store passwords as plain text. Those 10% included popular sites such as LinkedIn, Skype, and Hushmail. And while only 10% of applications store both username and passwords as plain text, leaving them vulnerable to hacks, even the 76% who store only usernames that way are vulnerable. 12 Network World Middle East September 2011
Astaro releases Security Gateway version 8.2 Astaro, a Sophos company and Unified Threat Management (UTM) provider, has released the version 8.2 of the Astaro Security Gateway (ASG). Chief amongst the over 60 new features or enhancements in version 8.2 are Application Control (Next Generation Firewall), Interactive Web Reporting and a new authentication agent. These new features and enhancements dramatically improve network performance while providing increased visibility and control over the network. “As technology changes, so too must the tools organisations use to control their networks,” said Jan Hichert, senior vice president, network security, Sophos. “With version 8.2 we once again ensure our customers can face current and future network and security challenges by offering the next generation of firewall technology Application Control.” The Astaro Security Gateway version 8.2 includes over 60 other enhancements or new features. These include, support for 3G/ UMTS USB modems, Form Hardening for Web Application Security, Web Filtering Safe Search Enforcement, enhanced virtualisation support, SNMP v3, weighted balancing for WAN Uplink
Mr. Jan Hichert, senior vice president, network security, Sophos
and server load balancing, group in-group support for network groups, SSID to Access Point assignment, rebootless reconfiguration of Access points and more. In addition to the new features available in version 8.2 of the ASG, the newest edition of the flagship Unified Threat Management solution now includes a technical preview of Astaro’s upcoming Log Management product that is integrated into the Astaro Security Gateway and available for all users to try for free.
Alcatel-Lucent aims to fix network issues Alcatel-Lucent has introduced a set of services to proactively analyse performance in fixed networks, identify potential problems and take action to minimise their impact. As operators move more services to their IP-based networks, they also become more reliant on good network performance. It can mean the difference between retaining a loyal subscriber or losing them to a competitor, according to Alcatel-Lucent. To help operators stay one step ahead, Alcatel-Lucent offers the Proactive Services Suite. So far, the suite has been used to monitor wireless networks, but Alcatel-Lucent is now expanding that to include fixed networks based www.networkworldme.com
on IP, IMS (IP Multimedia Subsystem) and optical networks, as well. The company also will be introducing support for equipment from other vendors by the end of this year, it said in a statement. Key elements include proactive care and network analysis. Proactive care monitors fault data in near real-time and compares it against a set of health criteria, based on that it provides reports and recommendations on how to address an issue before it starts affecting users. The network analysis uses algorithms developed by Bell Labs to identify network trends and outage conditions before they impact services
Information Security...
paramount @ssuring Value
Paramount Computer Systems FZ LLC Dubai T: +9714 391 8600 F: +9714 391 8608
Abu Dhabi T: +9712 672 4288 F: +9712 674 5520
puja@pcsuae.com
Qatar T: +974 455 1641 F: +974 455 1827
Kuwait T: +965 2247 1409 F: +965 545 6303
Bahrain T: +973 17727 177 F: +973 17728 444
www.paramountassure.com
bits IPv6 adoption slow in Africa Africa’s lack of legacy systems was expected to help it lead the world in adopting IPv6, but as it stands only Mauritius and Namibia have fully embraced the latest version of the protocol. “AfriNIC will be allocating IPv4 for the next two years, meaning people are not in urgency mode compared to other regions. Organisations are still in their comfort zone,” said Adiel Akplogan, CEO of AfriNIC, the regional Internet registrar. Most hardware shipped to the region can support both IPv4 and IPv6, which Akplogan says is helpful to operators in the region. AfriNIC is working to raise awareness of the benefits of IPv6 adoption, but is changing its message about the two protocols to de-emphasize concerns about the diminishing supply of IPv4 addresses. “AfriNIC is shifting focus from insisting that IPv4 resources are depleting to educating organisations on the benefits of IPv6,
especially in mobile data,” Akplogan said. The new version of the Internet Protocol is expected to benefit the region because every gadget can be allocated an IP address. Currently, not all devices have IP addresses, so their visibility online is low. AfriNIC has been working with governments and the private sector to encourage IPv6 adoption, but one challenge is the lack of African content on sites that support IPv6. Where available, content relevant to Africa is largely hosted abroad, on sites that are still using IPv4. “The opportunity to grow IPv6 was definitely bigger in Africa because of lack of legacy systems, but Africa is largely a consumer of online content. If the content is running on IPv6, then we will be forced to adopt, if not, we continue running on IPv4,” said Michuki Mwangi, senior regional development manager at ISOC.
Google to buy Motorola Mobility Google has announced that it plans to buy Motorola Mobility for $12.5bn (around £7.6bn), subject to regulatory approval. Motorola Mobility exclusively ships phones and its Xoom tablet with Google’s Android operating system. The deal will mean that Google now has a hardware manufacturer to work with closely to develop Android, said Carolina Milanesi, research vice president at Gartner. The acquisition of Motorola Mobility will enable Google to “supercharge the Android ecosystem and enhance competition in mobile computing,” according to a news release. The deal will not affect how Android is developed, and the operating system will remain open, Google said. The company will run Motorola Mobility as a separate business, Google said. 14 Network World Middle East September 2011
Larry Page, CEO of Google, said, “Motorola Mobility’s total commitment to Android has created a natural fit for our two companies. Together, we will create amazing user experiences that supercharge the entire Android ecosystem for the benefit of consumers, partners and developers. I look forward to welcoming Motorolans to our family of Googlers.” www.networkworldme.com
Virtualisation is on the rise
The adoption of server virtualisation continues to accelerate as organisations of all sizes consolidate physical servers in an effort to rein in costs, improve application management and streamline IT operations, according to CommVault’s annual virtualisation survey. With those benefits comes a myriad of data protection challenges as users discover that legacy platforms are incapable of keeping up with the scale, scope and performance requirements of the virtual world. In order to keep pace with the data management needs of the virtualised data centre, organisations are re-evaluating protection strategies in search of a better way to protect, manage and recover their environments, the survey reveals. The survey, which polled Simpana software customers worldwide, reveal the major factors driving this continued adoption of server virtualisation technologies, as well as the top data protection challenges associated with protecting virtualised environments. Overall, the adoption of server virtualisation has increased year on year with 34% of the 388 survey respondents stating their server environments were 75% - 100% virtualised. VMware continues to own the lion s share of the market vis-à-vis Microsoft and Citrix with 85% of those polled listing VMware as their hypervisor platform of choice.
in action: lebanon online
Speed delivery The Internet service provider (ISP) Lebanon Online has deployed a Web caching solution to reduce bandwidth costs and enhance end-user experience.
T
he newly installed platform from Blue Coat enables Lebanon Online to substantially reduce operational expenses by cutting bandwidth spend, manage sizeable increases in network traffic and subscriber growth, enhance Web security and optimize and enhance the delivery of rich Web 2.0 content, large files and video. Lebanon Online expects the return on its investment in CacheFlow appliances to be less than six months, based upon bandwidth savings alone. “With prohibitively high bandwidth costs in the region and limited capacity to meet our user demands, the CacheFlow appliance is the best solution to reduce infrastructure costs by reducing bandwidth consumption,” said Hussein Turkieh, company engineer and IT Manager, Lebanon Online. “We are extremely impressed with the results from the CacheFlow appliance. We found that we could save 50% on our international bandwidth, which provided a rapid return on investment. In addition, our users noticed considerable improvement in the speed and performance of Web applications
and content.” CacheFlow appliances alleviate the bind that service providers face: scaling to serve explosive customer demand for rich Web 2.0 media, especially video content, while containing costs and meeting high end-user expectations for a fast and interactive Web experience. Through the use of next-generation content caching technologies, including the Blue Coat CachePulse cloud service, CacheFlow appliances efficiently cache and serve Web content to provide significant, sustained bandwidth savings. CacheFlow appliances allow ISPs, such as Lebanon Online, to significantly reduce bandwidth consumption, while improving the Web experience which results in happier, more loyal subscribers and greater competitive differentiation. Lebanon Online is also formulating a valueadded services strategy where it can provide additional, potentially chargeable services to its customers, including parental controls and a ‘clean Internet’ security service to further leverage the capabilities of Blue Coat solutions.
AUST deploys app acceleration solution Ajman University of Science and Technology (AUST), a private institution of higher education in the United Arab Emirates, has deployed Blue Coat ProxySG and PacketShaper appliances to accelerate the delivery of important content and applications while protecting against Web-based threats. AUST faces constantly growing Internet demand from 8,000 students and staff as well as demands placed by new services, such as a sophisticated e-learning system and an online library, that add to the university’s overall bandwidth requirements. “To operate within the bounds of our network capacity, it became imperative for us to have visibility into Web traffic
16 Network World Middle East September 2011
and then be able to intelligently manage it,” said Mohammed Salman, IT director, AUST. “We found that Blue Coat solutions provided precise, yet flexible controls, a high level of Web security and considerable Internet bandwidth savings while also enhancing the Internet experience for our students and staff.” AUST deployed PacketShaper appliances to discover and categorize applications on the network, measure network application performance, guarantee quality of service (QoS) for priority applications and mitigate the network impact of non-business applications and content. The university also deployed Blue Coat ProxySG appliances at its
www.networkworldme.com
Internet gateway to provide comprehensive, real-time protection against Web-based malware and other malicious content without compromising network performance. Ajman University of Science and Technology (AUST) Network was founded in 1988, as a private institution of higher education. Today it is a multi-campus, multi-discipline cutting-edge university that employs the latest technology. It has more than 600 academic and administrative staff and an additional 350 support staff. AUST selected the Blue Coat solution after an exhaustive vendor evaluation. Systems integrator GBM Dubai managed the implementation and training.
advertorial
Simply connected The new campus network
freedom the business needs to innovate and survive in the next-generation workplace, while technology leaders can have the control and economics they demand. We believe this evolution is possible because our customers are already safely managing personal devices on their networks, simplifying the network infrastructure, and using wireless as their primary network access method.
T
he challenge of the new business network is expectations: Expectations of solving long-standing challenges, expectations of greater profitability and productivity, and expectations that interactions across the ecosystem of your business will be digital and accessible from anywhere on the device of my choice. Mobility is dramatically changing user behaviour and expectations of digital interactions. While business leaders and cube dwellers alike push for the freedom to adopt new applications and devices, IT must control access to applications, corporate data, and the economics of supporting new and legacy systems. From an IT strategy perspective, mobility could be viewed as yet another layer of complexity that IT must attempt to handle. Alternatively, could the onslaught of mobile devices, multiple user groups, and a network designed to connect employee PCs present an opportunity to simplify and future proof the infrastructure? At Juniper, we believe users can have the
Control Users and Applications, not Devices and Networks The proliferation of network connected end user devices hungry for content-rich applications is a trend far from hitting the top of its curve. Attempting to manage and control security on multiple user devices running a range of operating systems and security protocols is a path to increased complexity, end user noncompliance, more risks, and higher costs for the enterprise. The new network requires a omprehensive security solution managed and delivered at the connection level, capable of remote data wiping, access rights management, and full enforcement of security policies on any device, anywhere, anytime. Device-Agnostic, End to End Security How will you safely enable iPads today? What about the next hot device? As devices and services change, the business network should be able to offer the same, easy method of secure access. A simple single client which works on all types of devices will provide a fast and secure method for enabling new devices with no extra work. In
www.networkworldme.com
addition you will need to manage security and access controls by user, regardless of how many devices and what network they use to connect to interact with your company. Juniper Networks Junos Pulse allows IT to manage security without having to control the device, while Juniper Networks Unified Access Control and SRX Series Services Gateways deliver end to end security across the enterprise. Wireless Access Becomes Primary On-Ramp The Wi-Fi networks deployed in buildings today were meant for casual wireless use, but they are now becoming the main on-ramp to the business network. Employees and guests expect the same experience on wireless as they have experienced with wired Ethernet. As more devices and people rely on this network, the expectations and need for the wireless network to perform in order to deliver a solid application experience continue to rise. Juniper Wireless LAN Provides Nonstop Performance Juniper Networks WLA Series Wireless LAN Access Points provide indoor or outdoor 802.11a/b/g/n connectivity for a variety of situations and installation sizes. All WLA Series products provide the bandwidth controls and performance to service demanding mobility applications, such as voice and video over wireless. EX Series Simplifies the Wired Network Juniper Networks EX Series Ethernet Switches with unique Virtual Chassis technology simplify the network by creating a single managed entity. At each layer of the network, Juniper can streamline and consolidate legacy architecture into a simpler form. The Juniper Networks vision for the new campus network is the only comprehensive network architecture that provides all of the accessibility, security, and simplicity required by the new era of mobility in one open and scalable package.
September 2011 Network World Middle East 17
feature | network security IN ASSOCIATION WITH
Network security essentials Key concepts and strategies for building an effective network security model
N
etwork security problems are part of daily IT life these days. There are myriad issues, from patching Windows machines to stopping worms and protecting your assets from nasty insider threats. Study after study of late finds more security managers are seeing advanced threats, but few have the support and technology to deal with them. This year is turning out to be even worse for getting hacked than last year with most large 18 Network World Middle East September 2011
companies reporting this to be worse than last in terms of suffering at least one network intrusion of their user machines, office network or servers. Network security today faces a wide array of challenges, from botnets and malware to inside threats, rendering the old perimeter defense model obsolete. The old network security model worked like this: put your assets in a secure location, build a wall and use a gate to control who goes in and out. www.networkworldme.com
While this model worked pretty well for computer networks in the 90s, it is no longer valid in today’s world of social media, iPads, memory sticks and BlackBerrys. In other words, in an increasingly federated, network-based IT environment, perimeter security is insufficient to protect a company’s secrets. “Not even the smallest of companies will not be best served when relying on just perimeter security. For a long time companies were focused on building
IN ASSOCIATION WITH
this impenetrable wall of security around their organisations. This often results in defining extremely technical rule sets to cover almost any attack vectors. Due to internal and external business pressures, companies are required to become more open, collaborative and dynamic to allow it to meet its stakeholders’ requirements,” says Franz Erasmus, Practice Manager, Information Security – CA Technologies Middle East & North Africa. Companies relying on perimeter security are now faced with a new set of problems; how to define these new set of technical rules and expectations in a daily, hourly and more frequently at the event level? Clearly this type of security is becoming highly impractical if not impossible to protect a company’s resources and secrets, he adds. James Lyne, Director of Technology Strategy, Sophos, agrees that perimeter security alone is not going to be sufficient to deal with today’s threat landscape. “SophosLabs now sees on average over 150,000 malware samples every day and a new infected web page every few seconds. The velocity of content generation and the prevalence of low volume, targeted attacks are placing increasing pressure on content based security technologies. More and more context is required to make effective decisions, such as the reputation of a file, its URL or perhaps the behaviour of the item when running.” He points out that users also have a greater tendency to roam today, often not routing their traffic back to the office network - they of course continue to require protection in this scenario demonstrating the importance of persistent endpoint protection. Equally, users will enter your network with consumerised or untrusted devices, such as smartphones, where you do not have the option of an endpoint deployment. These use cases are among the many which demonstrate the importance of both the network and endpoint layers.
and the organisations priorities must come first. Information and resources should be available freely but securely to all the users.” Increasingly, companies are shifting their security model from location-centric to information-centric, which will likely take a while before becoming the predominant security model. In the meantime, most companies end up with a hybrid model of both location- and information-centric elements. The perimeter is still important, but is increasingly just one of the layers of protection and is supplemented by strong user authentication, application controls and user-centric logging and auditing. Franz Erasmus, Practice Manager, Information Security – CA Technologies Middle East & North Africa
Rethinking priorities The biggest business challenge today, in the minds of many security experts, is the
Defense in depth, the use of multiple layers and different classes of protection technology provide the most effective strategy. This concept, which is far from new, has never really been adopted widely due to the high cost of adopting individual best-of-breed solutions. Changing face of security Now with the perimeter being permeated by dozens of connections to the outside world, and mobile devices and users regularly crossing the perimeter, companies are forced to make security ubiquitous throughout the network. “This is a must to protect the company from both external and internal threats. What is important to keep in mind is that the level of security should be proportionally applied to the resources protected and threat involved,” says Erasmus. Steven Huang , Director of Solutions and Marketing, Huawei Enterprise Business, adds that before applying network security controls, it is essential that organisations have a thorough understanding of both their network and critical assets. “Security controls should not impede business continuity www.networkworldme.com
stealthy online infiltration by attackers to steal valuable proprietary information. The reality, they say, is that these so-called “advanced persistent threats” are so rampant and unrelenting they are forcing IT to rethink network security. They state bluntly that focusing on fortifying perimeter is a losing battle. What kind of defense model do you need then? “Defense-in-depth, but increasingly defense-in-width is proving to be a very effective security model to deploy. Defensein-depth traditionally looked at protecting resources by providing additional security measure in layers. Should one measure fail a second measure will be able to still secure the resource, whilst slowing the threat,” says Erasmus. Lyne from Sophos echoes a similar September 2011 Network World Middle East 19
feature | network security IN ASSOCIATION WITH
opinion: “Defense in depth, the use of multiple layers and different classes of protection technology provide the most effective strategy. This concept, which is far from new, has never really been adopted widely due to the high cost of adopting individual best-ofbreed solutions. However, it is still the best way to deal with the unknown, since building a high net increases the chances of catching a targeted attacker. Organisations should look to security vendors to provide a wide array of security controls spanning the endpoint and the network. Critically however, these controls must be sufficiently simple to be realistically usable.” Cloud Security Security-as-a-Service or cloud-based security service is catching on as technology managers find them to provide more flexibility than they found when running their own network and security equipment. “Whether you are an IT manager, or a security specialist, chances are you are rethinking assumptions about what security solutions to buy, how to implement them, and even how to manage them. Your existing requirement is to sustain or, better still, enhance protection against malware, spyware, spam, and the myriad other intrusions and vulnerabilities that threaten precious information and systems. Your new requirement is for more efficiency and more seamless protection, with less thought and effort. The definitive solution to this dilemma is easier and safer than you think: Security-as-a-Service,” says Essam Ahmed, Regional Presales Manager, McAfee. He adds that regardless of whether you have the benefit of extensive security expertise in-house, this proven managed service approach can help you maintain and even increase protection, while minimising costs. It is a safe bet today for all sizes of organisations. Huang from Huawei says these cloudbased services include protection against web and email threats, monitoring of inbound and outbound network traffic, and assessing 20 Network World Middle East September 2011
Whether you are an IT manager, or a security specialist, chances are you are rethinking assumptions about what security solutions to buy, how to implement them, and even how to manage them.
James Lyne, Sophos
Essam Ahmed, Regional Presales Manager, McAfee
Steven Huang, Head of Solutions and Marketing, Enterprise Business ME, Huawei
www.networkworldme.com
an externally facing website for potential vulnerabilities. He cautions that though Security-asa-Service is still growing, it still needs a lot of work to be done to make the model successful; it’s a market in transition.
Whither network security? With new attack methods evolving, network security strategy should also change rapidly to keep pace. Now the question is, will network security remain an important element of IT architecture or will the focus switch to application and data-level security? Asli Aktas, Regional Director of Enterasys Networks says network security will remain a key architectural component of a defense in depth approach. “Yes the focus is on applications and data but it needs to be supported by the network infrastructure,” she says. Erasmus agrees that network security will remain an element of IT architecture as long as there are private and public networks to protect. “Most certainly we are seeing renewed focus on application and data security, but this should not be seen as a silver bullet to securing the organisation. In fact companies are best served with security initiatives that are collaborative and complimenting to the overall security posture of the organisation,” he sums it up.
The One Choice for PCI Compliance
FORTNET’S END TO END PCI SOLUTIONS REDUCE RISKS, OVERALL TCO AND NETWORK COMPLEXITY. TALK TO THE PCI EXPERTS.
Fortinet Middle East Office 1208, Al Thuraya Tower 2 Dubai Internet City, U.A.E. Tel: +971 4 446 1797 Fax: +971 4 426 4698
www.fortinet.com www.networkworldme.com
September 2011 Network World Middle East 21
feature | NGFW IN ASSOCIATION WITH
Demystifying next-gen firewalls The market is slowing drifting toward application-aware firewall with intrusion prevention and filtering
T
he traditional port-based enterprise firewall, now looking less like a guard and more like a pit stop for Internet applications racing in through the often open ports 80 and 443, is slowly losing out to a new generation of brawny, fast, intelligent firewalls. The so called next-generation firewall (NGFW) describes an enterprise firewall/ VPN that has the muscle to efficiently perform intrusion prevention sweeps of traffic, as well as have awareness about the applications moving through it in order to enforce policies based on allowed identity-based application 22 Network World Middle East September 2011
usage. It’s supposed to have the brains to use information such as Internet reputation analysis to help with malware filtering or integrate with Active Directory. But how long will it take for the NGFW transition to truly arrive? Part of the challenge is nailing down a clear definition of what NGFW is. Gartner, which has its own definition of the gear, acknowledges “some vendors have application control, some are more advanced in IPS,” adding, “The majority of the enterprise firewall vendors are at the early www.networkworldme.com
stages of this.” The terminology issue is made more confused by the term Unified Threat Management (UTM), a phrase coined by IDC, which says UTM has roughly the same meaning as NGFW. But Gartner argues UTM should apply to security equipment used by small-to-midsized businesses, while NGFW is supposed to be for the enterprise, defined as 1,000 employees and up. But despite this clash of idioms and the existence of only a tiny installed base using a presumed NGFW, security vendors
IN ASSOCIATION WITH
do appear to recognise that demand for consolidated multi-purpose enterprise security appliances is likely to rise. The market trends are moving in that direction, says Bashar Bashaireh, Regional Director of Fortinet Middle East, who explains some of the factors driving the adoption of NGFWs. “One adoption driver is the opportunity to see network activity and bandwidth consumption more clearly. The way how the employees are using network have an impact on security and productivity, so it is very important to know which applications are used by whom. It is possible to control applications and associated bandwidth needs and priorities via a NGFW. Additionally, some NGFWs can act like dataloss prevention tools to block usage based on keywords and other definers.” Why do you need a NGFW? Vendors say legacy firewalls can’t keep with the everchanging threat landscape and the focus needs to be on application control as threats are getting more complex. “For firewalls that rely primarily on IP addresses, ports and protocols for classification purposes, the result is the inability to reliably distinguish network traffic associated with applications being used for legitimate business activities from that associated with applications being used for other reasons. Traditional network security solutions, such as stateful firewalls, do not have the sophistication and the power to closely scrutinize all traffic and to sort the good from the bad in this environment. Stateful firewalls can only perform stateful packet inspection (SPI). To them, all protocols sent over a port are created equal. The result: application chaos,” explains Florian Malecki, EMEA Senior Product Marketing Manager at SonicWALL. In comparison to a “conventional firewall” that mainly looks at IP network ranges, the NGFW way of doing things in application control does represent a new technology for most customers. “Another key benefit of a next-generation firewall is
Bashar Bashaireh, Regional Director of Fortinet Middle East
want to make the transition from a traditional firewall to a next-generation firewall? Bashaireh says it starts with a decidedly different way of thinking about security goals associated with a firewall, especially in terms of establishing application-aware controls over employees as they access the Internet, the Web and social networking sites. “For a traditional firewall approach the focus is on IP addresses and ports whereas for next generation firewall the focus is on users and applications.” The need to have more businessoriented features on security gateways like firewalls is not really new and industry dynamics force vendors to add the capabilities of point products to their offering. So probably evolution from portbased firewall to smarter products is driven by the need for a more comprehensive protection, a simpler configuration and management, and an improvement of the users’ productivity, he adds.
One adoption driver is the opportunity to see network activity and bandwidth consumption more clearly. The way how the employees are using network have an impact on security and productivity, so it is very important to know which applications are used by whom. that it allows IT security to be more business driven and aligned with the business. Maybe some applications or functions in specific applications are acceptable for some departments in a company, while they should be disallowed for others. The classical example is Facebook. Any company which is adopting new media for marketing will have users that need to access Facebook, while the normal employee should not have. A next generation firewall allows this type of granular control, which supports the business,” says Nicolai Solling, Director of Technology Services, help AG Middle East. What should enterprises expect if they www.networkworldme.com
The old way of talking about traditional port-based firewalls, with system administrators discussing the “language of protocols,” is inadequate. Companies need to adopt a more business-focused vocabulary, related to application use, that’s common to the CIO, CFO and CEO. That’s because the new generation of fast, intelligent firewalls are application-aware, enabling enterprises to establish and enforce identity-based application usage policies for employees. Most vendors acknowledge migrating from a traditional firewall to a NGFW is not trivial, “You have to migrate rules and policy, and staff will require training,” says Solling. September 2011 Network World Middle East 23
feature | NGFW IN ASSOCIATION WITH
Some companies opt to gradually shift to NGFWs by running both traditional and nextgeneration firewalls in tandem. “Customers have started to use an application-aware NGFW to some extent, and they often maintain their traditional firewall rules while incorporating application-based controls over time. But it is generally a temporary procedure used mainly during the migration and maturation phase, and the cohabitation of the two approaches will probably not exceed the global adhesion to the complete content security concept, no matter how security gateways are named or will be named,” says Bashaireh. Is NGFW superior to UTMs? Malecki says UTM and NGFW are two different approaches even though they are very similar. “We can qualify the UTM concept as the predecessor of NGFW with various security services being available from the same platform. While NGFW will be deployed in data centre to deliver high performance of deep packet inspection and application firewalling, UTM is typically
Florian Malecki, EMEA Senior Product Marketing Manager, SonicWALL
Nicolai Solling, Director of Technology Services, help AG Middle East
deployed at a small office or branch office level to include security services such as anti-spam, content filtering, etc,” he says. Bashaireh adds a different perspective: “Next-Generation Firewall is a subset of the existing UTM market, or even the evolution of the firewall market. For a simple high level view of a rapidly changing industry, namely speaking gateway security appliances, next -generation firewalls that are IPS and application aware are encompassed by UTM.” Next-Generation Firewalls are generally described as firewalls that tightly integrate Intrusion Prevention Systems (IPS), as well as provide Application Control and Virtual Private Networks (VPN) capabilities. However, the majority of these nextgeneration firewalls are limited in their capacity, he adds. While the NGFW wave is at least three years old, Gartner acknowledges that actual use is still very low today, even less than 1%. Looking ahead, Gartner optimistically predicts NGFW adoption will grow to 35% by 2014. As vendors continue to evolve their NGFW offerings, it should ideally become your primary firewall.
Is there a NGFW in your future?
NWME in association with Palo Alto did an editorial survey of 200 IT decision makers to gauge the adoption levels of NGFW. Key findings: Which statement best reflects your opinion of Next-Generation Firewalls?
What do you expect if you want to make a transition from traditional firewall to a Next-Gen Firewall?
36%
4.5%
20% 41%
3%
Do you think a Next-Gen Firewall with consolidated security functions such as IPS or anti-malware filtering, can be cost effective over buying separate equipment for separate security functions?
3% 5%
87.5% 16% 84%
Every vendor claims they have one, and now I am totally confused because they all sound the same
Application awareness capability
My current firewall is worthless, so I am anxious to make that transition
Integrated intrusion prevention system
The value proposition is clear - visibility and control of all applications, users and content
Opportunity to see network activity and bandwidth consumption
What is the Next Generation Firewall?
All of the above
24 Network World Middle East September 2011
www.networkworldme.com
No, I am not comfortable with the idea of wholly one-vendor, one device-approach Yes, as it simplifies management and operations
We find the best solutions globally to help you locally
FVC delivers the technologies to free your business Technology overload, marketing hype, business demands. It’s hard to balance what’s possible against what’s essential. We believe your priority should be implementing transformative products and technologies that impact your business at once - from telepresence to network traffic management, security to WAN optimisation. And we’ve wide experience of implementation and training across the region. Let us be your partner of choice for tomorrow.
www.networkworldme.com
September 2011 Network World Middle East 25
feature | SIEM
Why SIEM is more important than ever IT environments are growing ever more distributed, complex and difficult to manage, making the role of security information and event management (SIEM) technology more important than ever. Here’s why.
C
ompliance: Almost every business is bound by some sort of regulation, such as PCI-DSS, HIPAA and Sarbanes-Oxley (SOX). Attaining and maintaining compliance with these regulations is a daunting task. SIEM technologies can address compliance requirements both directly and indirectly. Virtually every regulatory mandate requires some form of log management to maintain an audit trail of activity. SIEMs provide a mechanism to rapidly and easily deploy a log collection infrastructure that directly supports this requirement, and allows both instant access to recent log data, as well as archival and retrieval of older log data. Alerting and correlation capabilities also satisfy routine log data review requirements, an otherwise tedious and daunting task when done manually. In addition, SIEM reporting capabilities provide audit support to verify that certain requirements are being met. Most SIEM vendors supply packaged reports that directly map to specific compliance regulations. These can be run with minimal configuration, and will aggregate and generate reports from across the enterprise to meet audit requirements. 26 Network World Middle East September 2011
Operations support: The size and complexity of today’s enterprises is growing exponentially, along with the number of IT personnel to support them. Operations are often split among different groups such as the Network Operations Centre (NOC), the Security Operations Centre (SOC), the server team, desktop team, etc., each with their own tools to monitor and respond to events. This makes information sharing and collaboration difficult when problems occur. A SIEM can pull data from disparate systems into a single pane of glass, allowing for efficient cross-team collaboration in www.networkworldme.com
extremely large enterprises. Zero-day threat detection: New attack vectors and vulnerabilities are discovered every day. Firewalls, IDS/IPS and AV solutions all look for malicious activity at various points within the IT infrastructure, from the perimeter to endpoints. However, many of these solutions are not equipped to detect zeroday attacks. A SIEM can detect activity associated with an attack rather than the attack itself. For instance, a wellcrafted spear-phishing attack using a zero-day exploit has a high likelihood of making it through spam filters, firewalls and antivirus software, and being opened
www.networkworldme.com
September 2011 Network World Middle East 27
feature | SIEM
by a target user. A SIEM can be configured to detect activity surrounding such an attack. For example, a PDF exploit generally causes the Adobe Reader process to crash. Shortly thereafter, a new process will launch that either listens for an incoming network connection or initiates an outbound connection to the attacker. Many SIEMs offer enhanced endpoint monitoring capabilities that keep track of processes starting and stopping and network connections opening and closing. By correlating process activity and network connections from host machines a SIEM can detect attacks, without ever having to inspect packets or payloads. While IDS/IPS and AV do what they do well, a SIEM provides a safety net that can catch malicious activities that slip through traditional defenses.
Advanced persistent threats: APTs have been in the news a lot, with many experts claiming they were responsible for the high-profile breaches at RSA, Lockheed Martin and others. An APT is generally defined as a sophisticated attack that targets a specific piece of data or infrastructure, using a combination of attack vectors and methods, simple or advanced, to elude detection. In response, many organisations have implemented a defense in depth strategy around their critical assets using firewalls and IDS/IPS at the perimeter, two-factor authentication, internal firewalls, network segmentation, HIDS, AV, etc. All of these devices generate a huge amount of data, which is difficult to monitor. A security team cannot realistically have eight dashboards open and correlate events among several components fast enough to keep up with the packets traversing the network. SIEM technologies bring all of these controls together into a single engine, capable of continuous real-time monitoring and correlation across the breadth and depth 28 Network World Middle East September 2011
Virtually every regulatory mandate requires some form of log management to maintain an audit trail of activity. SIEMs provide a mechanism to rapidly and easily deploy a log collection infrastructure that directly supports this requirement, and allows both instant access to recent log data, as well as archival and retrieval of older log data. of the enterprise. But what if an attack is not detected by the SIEM? After a host is compromised, the attacker must still locate the target data and extract it. Some SIEM correlation engines are able to monitor for a threshold of unique values. For example, a rule that looks for a certain number of unsuccessful access attempts on port 445 (or ports 137, 138 and 139 if NetBIOS is used) from the same host within a short time frame would identify a scan for shared folders. A similar rule looking for standard database ports would indicate a scan for databases listening on the network. Through the integration of whitelisting with SIEM, it becomes trivial to identify which hosts and accounts are attempting to access data that they shouldn’t be accessing. Meanwhile, implementing File Integrity Monitoring with a SIEM can correlate data being accessed with outbound network traffic from the same host to detect data leakage. If a FIM event shows that the critical data was accessed along with a thumb drive being plugged into the same host that was accessing the critical data, an alarm can be generated to notify security personnel of a potential breach.
Forensics: A forensics investigation can be a long, drawn-out process. Not only must a forensics analyst interpret log data to determine what actually happened, the analyst must preserve the data in a way that makes it admissible in a court of law. By storing and protecting historical logs, www.networkworldme.com
and providing tools to quickly navigate and correlate the data, SIEM technologies allow for rapid, thorough and courtadmissible forensics investigations. Since log data represents the digital fingerprints of all activity that occurs across IT infrastructures, it can be mined to detect security, operations and regulatory compliance problems. Consequently, SIEM technology, with its ability to automate log monitoring, correlation, pattern recognition, alerting and forensic investigations, is emerging as a central nervous system for gathering and generating IT intelligence.
SenSage unlocks SIEM data SenSage, which makes security information and event management (SIEM) products, is opening up its platform to share data it gathers with business intelligence tools so they can be used to make better decisions. SenSage is upgrading its software to support a variety of APIs including Open Database Connectivity and Java Database Connectivity as well as open APIs like SNMP. It also supports some proprietary APIs including Check Point Software’s LEA. The company has also launched an online community portal called Open Security Intelligence for security practitioners to share best practices. The goal is to help prevent successful exploits from spreading and to block similar exploits that come along later. SenSage is represented in the Middle East through the security solutions provider Nanjgel.
StorageAdvisor
MIDDLE EAST
STACKING YOUR DATA Automating the data store with tiering technology
in association with www.networkworldme.com
June 2011 Network World Middle East 29
feature | storage
Stacking your data Automating the data store with tiering technology
F
undamentally, the reason we even consider tiering is simple: cost - the opportunity for savings by placing less “valuable” information on lower-cost storage. Tiering means moving data among various types of storage media as demand for it rises or falls. Moving older or less frequently accessed data to slower, less expensive storage such as SATA drives or even tape can reduce hardware costs, while putting the most frequently accessed or most important data on faster, more expensive Fibre Channel drives or even solid-state drives (SSD) boosts performance. “Matching the performance needs and lifecycle requirements of data to the different types of available storage media has always been a bit of a headache. The goal is to make sure that data is on the right media, at the right time, for the right cost. The reality, however, is that it can be
30 Network World Middle East September 2011
difficult to know what type of media will best address a particular need, and it can be hard to adjust storage allocation and data placement as those needs change,” says Martin Molnar, Regional Sales Director of NetApp. Administrators and end users often compromise by choosing faster, more capable storage than they really need. As a consequence the faster—and more expensive—storage tends to be oversubscribed, and that increases storage costs and potentially robs performance from applications that need it. Flashmemory-based, solid-state drives (SSDs) and other forms of media have brought this problem to the fore. Flash-based media can complete 25 to 100 times more random read operations per second than even the fastest rotating media, but that performance comes at a premium of 15 to 20 times higher cost per gigabyte. This has created a strong need to reserve www.networkworldme.com
the use of Flash-based media for “hot” data—active data in high demand—as a way to maximise the benefits from those investments. Molnar says this is exactly where automated storage tiering fits in. Automated storage tiering is intended to identify and promote hot data to higherperformance storage media automatically, while leaving cold data in lower cost media. Automated data tiering, automates not just the movement of data, but also the task of monitoring how data is being used and determining which data should be on which type of storage. Such automated tiering isn’t yet in the mainstream because few vendors offer the technology and it hasn’t been proved to work in very high-end, transaction-intensive environments. Also, it’s typically used only within a single vendor’s arrays or file system
or supports only a limited number of storage protocols or topologies. But for organisations with simpler needs, the automated tiering tools available today are more than good enough. Steve Bailey, Regional Operations Director of CommVault, says automated tiered storage can help business operate more efficiently in many number of ways – reducing costs, consolidating space, improving energy efficiency, to name a few. “Performance has always come at a high price in the world of enterprise storage. However, with automated tiered storage, organisations can take advantage of the diversity within their storage infrastructure and manage everything from a single, NAS platform. By utilising a hardware-based storage architecture businesses can benefit from ground-breaking speed and scalability in data management while simplifying the overall process of designing, building and managing their enterprise storage infrastructure,“ he says. On the flip side, tiered storage can increase latency and have an adverse impact on performance. How can enterprises get best of both worlds - scalable capacity and scalable performance? “ A key consideration in an automated storage tiering strategy is the number of tiers that are needed. The decision to introduce a distinct media type, in fact, should be based not only on the particular specifications of that media but on its overall impact on performance, cost and efficiency goals. Although there may be clear price/performance differences among the various technologies, this does not mean that more physical tiers are necessarily better. There can actually be a system performance penalty as more tiers are added. This is because data movement across tiers consumes disk-drive I/O operations and other system resources which are precious commodities from a storage performance perspective,” says Molnar.
using them? * Does it, or will it, support sub-LUN (Logical Unit Number) tiering? * Does the vendor provide a growth path for further automation?
Martin Molnar, Regional Sales Director of NetApp
Performance has always come at a high price in the world of enterprise storage. However, with automated tiered storage, organisations can take advantage of the diversity within their storage infrastructure and manage everything from a single, NAS platform Ready, set, implement? Think your organisation is ready to tap into the benefits of automated data-tiering technologies? Consider these issues first: * Does it provide the mix of file- and block-level tiering you require? * Can you override the automatic tiering for performance or data-retrieval reasons? * Does it support features such as thin provisioning or de-duplication if you’re www.networkworldme.com
Storage administrators have long been able to move data between tiers, but they had to manually initiate the process, or at least classify their data and create tiering policies upfront. While some policy creation is still required, the latest crop of automation products is designed to reduce or eliminate the need for staffers to monitor storage systems and find the specific files, volumes or blocks that need retiering and manually move them. IT managers must first look at which criteria the software can consider (such as how often data is accessed) and whether it can evaluate and move individual blocks or files rather than just larger volumes or LUNs. Since as little as 10% of the blocks in a volume may be active enough to justify a move to faster, more expensive storage, you’ll save money if you can move just those, especially if you’re moving to expensive SSDs. Other factors to consider include how quickly the software can detect and react to changes in data usage, and whether administrators can override the automated tiering if it interferes with application performance. Administrators can also use it to predict when certain data (such as accounting files for the quarterly close) will be needed, so the tiering software can update it ahead of time. Finally, administrators need to decide how comfortable they are ceding control to an automated tool. While IT shops have struggled for years to implement ILM, several users of automated data tiering say they’re realising significant benefits with software that’s currently available. September 2011 Network World Middle East 31
feature | storage
Storage cost of desktop virtualisation If you are about to start considering a virtual desktop infrastructure (VDI) project, be advised: You need to really understand what your storage costs will be up front.
U
nexpectedly high storage costs have delayed or derailed VDI projects more than any other single issue. To avoid that problem, and accurately understand the ROI value of your project before you begin, make sure you understand the implications of these three storage issues:
Problem
1
Evolution of your cost/ GB for storage When you move from physical to virtual desktops, you are at the same time moving
32 Network World Middle East September 2011
is going to raise the cost per GB of storage a minimum of 30x if youre looking at SATA based storage, and as much as 100x if you’re looking at FC-based storage that supports critical centralised storage functionality like high performance caches, sharing, multi-path I/O, and disk-based snapshots. You can’t create the centralised data store you need for VDI projects without using enterprise-class storage technology. Therefore, you will need to factor in the necessary additional costs when budgeting for your VDI storage platform.
How VDI increases your need for storage As if paying a lot more per GB for your storage isn’t bad enough, you are also going to need more of it. If your administrators use their experience configuring storage on physical servers to estimate their requirements in VDI environments, you will generally be surprised to find that you need to purchase 30-50% more storage to meet your performance requirements. Why does this happen? Basically, the I/O patterns generated in VDI environments, where you may have 50-70 virtual desktops, each with their own individual I/O streams, running on a single physical server, end up being significantly more random and significantly more write-intensive than they are in physical environments as you write them down through the hypervisor and out to disk. Spinning disk performs at its worst in very random, very write- intensive environments, with the slowdown being worse the more random and writeintensive they are. For a given performance requirement (e.g. I/O per second or IOPS), the storage configuration that met your needs on a dedicated application server will appear to run at least 50% slower in
Problem
2
from a distributed to a centralised storage environment. Chances are very good that most of the storage devices attached to your current physical desktops are IDEbased storage. Your centralised storage, however, will be based on enterprise-class storage, not only because you will need that to support the scalability you require, but for a number of other operational reasons that have to do with performance, high availability, recoverability, and manageability. IDE-based storage is widely available for roughly 10 cents/GB through retail outlets like Fry’s. Enterprise-class storage www.networkworldme.com
Your complete source for performance and value!
Oct 9 - 13, 2011 Stand No. B1-15, Hall 1
Office No. Q4–252, P.O. Box 121456, Sharjah, Tel: +971 6 557 9397, Fax: +971 6 557 9398, Email: info@multinetfze.com
feature | storage
a VDI environment, and often much more. As administrators add more hardware (e.g. more disk spindles, solid state disk, etc.) to get back to their original performance target, the costs mount. You may meet your performance goals before you run out of storage budget, or you may not, but either way, you end up spending a lot more on storage than you probably originally planned. More storage increases your storage administration costs If you’re like most IT shops, at least part of the reason you’re looking at VDI is to decrease the management and administrative costs associated with tasks like patch management, upgrades, and enforcing some level of standardisation in the desktop tool sets. Moving to a centrally-managed environment where virtual desktops are served out on demand can make a huge impact here, but storage administration is almost always an area where costs increase. Realise that you’re moving from a physical desktop environment where you probably weren’t managing storage much (if at all) to one where you now have IT resources in a centralised location managing that same capacity on enterprise-class storage. There is no doubt that there are benefits to that in terms of meeting performance requirements, enforcing security, and providing recovery for perhaps critical corporate assets, but
Moving to a centrally-managed environment where virtual desktops are served out on demand can make a huge impact, but storage administration is almost always an area where costs increase.
Problem
3
there is clearly an additional cost here where there may have been none before. On top of this, you will be incurring additional management overhead against a baseline storage capacity that can easily be 30-50% larger than it was before (when you weren’t managing it). Backup is a case in point. You probably weren’t backing up your desktop storage before, and it’s unlikely that end users were backing it up either. By centralising it, you can ensure that it is regularly backed up by skilled administrators. You might have had 10TB that you weren’t backing up before, and now may have 13-15TB being backed up. You’ll need to factor in the additional costs of this secondary storage required to support data protection operations. How can I afford VDI?
Easing the juggling act with client virtualisation In January, CDW released the Client Virtualisation Straw Poll which found that 90% of businesses are considering or implementing at least one form of client virtualisation. Despite the initial complexities of implementation, the payoffs are worth the effort and can lead to reduced costs, improved security and an enhanced ability to deploy new applications to users quickly and efficiently.
34 Network World Middle East September 2011
www.networkworldme.com
At this point it should be pretty clear that you are going to have to do some significant thinking about how you manage storage in your VDI environments if you are going to keep costs under control. Once you have storage under the central control of skilled administrators, there are a number of technologies you can bring to bear to reduce your overall storage requirements. These include, but are not limited to, virtual storage architectures that increase the IOPS per disk spindle by 3x - 10x, storage capacity optimisation technologies like thin provisioning and data deduplication that can save up to 90% on capacity requirements, scalable snapshots technologies that enable the high performance sharing of common data, and the use of storage tiering to craft the most cost-effective combination of storage technologies to meet performance requirements. Understanding how best to leverage these storage technologies to minimise the size of the storage configurations needed to meet your VDI performance requirements is the best way to keep your overall storage costs down. And that can go a long way to re-balancing the cost structure so that VDI projects can return a positive ROI.
TelecomWorld MIDDLE EAST
M2M and the promise of 4G
Fourth-generation Long-Term Evolution (LTE) cell technology will be a boon for machine-to-machine (M2M) technology, providing the bandwidth needed to help us realise the promise of everything becoming connected.
IN ASSOCIATION WITH www.networkworldme.com
September 2011 Network World Middle East 35
feature | M2M
M2M and the promise of 4G Fourth-generation Long-Term Evolution (LTE) cell technology will be a boon for machine-to-machine (M2M) technology, providing the bandwidth needed to help us realise the promise of everything becoming connected.
T
he trick will be figuring out where and how to use 4G to complement existing 2G and 3G M2M networks, many of which are performing just fine. One early leap in the development and deployment of M2M technologies involved 2G networks and the move from analog to digital. According to Beecham Research, “over 90% of existing wireless M2M modules, excluding e-readers and similar consumer devices, operate on 2G networks.” There are several reasons for this market penetration: 2G is “cheap”; it delivers enough bandwidth for many tasks; 2G networks are the most widely deployed worldwide and support a large variety of embedded, reliable, low-cost components. 2G is sufficient for applications that have low bandwidth requirements and are cost-sensitive. Automatic meter readers for the Smart Grid, many home security systems and basic telematics service are examples of perfectly acceptable 2G applications. But one challenge for the operators is that it’s more expense to move a bit of information over 2G than 3G and 4G. So as 36 Network World Middle East September 2011
operators are looking to make more efficient use of their spectrum, 2G is less than ideal. After 2G is, of course, 3G. 3G has actually given us a glimpse of what 4G is going to look like, because we know where 3G leaves end users desiring more. 3G opened new doors in M2M, with its ability to provide more data at faster rates, support for video and its capacity to send large packets and files. On the consumer side 3G technology is standard in most products, including e-readers, tablets, PC cards and dongles. On the B-to-B side we’ve seen larger amounts of data transmitted as more complex applications continue to come online across industries. Examples of applications include remote patient monitoring, remote industrial equipment management and monitoring of sensor networks. Because 3G offers a vast increase in the speed over 2G, developers are able to produce interesting and richer applications www.networkworldme.com
that require more data. For these applications, the incremental cost of moving from 2G to 3G is easily justified. 3G can simply do things that 2G can’t. Entering the world of 4G and LTE is a different matter, because in this instance, some existing 3G applications may just be “made better.” And better is sometimes not worth the additional cost to the consumer. Where does 4G promise to excel? What are some of the barriers to transition? These are common questions for curious observers. In the final analysis we will
Entering the world of 4G and LTE is a different matter, because in this instance, some existing 3G applications may just be “made better”. And better is sometimes not worth the additional cost to the consumer.
probably see a future (three years out) that has a place for 2G, 3G and 4G. There are a couple of significant drivers that will come to play as the operators go through their capital replacement cycles. One of the most important considerations involves more efficient use of spectrum. Spectrum is a limited resource and costs billions of dollars. If you look at the impact of products like the iPhone that can literally overtax a network, you can see that being able to get more data through the same resource will be a significant driver for operators to upgrade to the latest technologies. For companies deploying M2M solutions, many technology decisions begin at the device side with an assessment of the form factors of equipment involved in a deployment. 4G involves more complicated devices. There’s more engineering embedded in them, and in short, they take up more space. There may be devices that simply can’t be engineered around the space that a 4G solution requires because of their form factor -- as long as 2G networks are around, that is. Another issue is how long the 2G networks will remain active. This is not a simple question, but relies on a number of factors: whether the 2G network is fully depreciated, the cost to operate the network, assurance of supply agreements
(think of utilities and their meter deployments) and, as mentioned, the requirement to make efficient use of the limited spectrum. With the historical context of 2G and 3G established, what does this world look like and who is going to play in it? Well, that depends on where you’re standing. Let’s start in the home. An LTE-enabled connected household may sport some features we’d all like to see. Imagine transmitting video from your 4G-enabled camera to the cloud and having it appear on your grandmother’s TV. Home healthcare and senior management with video and patient data will be important as the population continues to age. LTE technology will provide the bandwidth to provide smooth video-to-video communication, and this same bandwidth will enable robust social networking and wireless gaming. LTE will extend into mobile entertainment on demand, and could have a profound effect on how Hollywood and the television networks decide to deliver their content. Security is an obvious area and utilizes some of the same features found in the connected car or in the entertainment sector. Real-time video access to monitoring systems anywhere is an easy extension of what’s already happening with surveillance today. But what are the enhanced applications? M2M connected healthcare is another area where LTE will enhance current applications and provide an opportunity for the development of new and needed solutions. This market is still nascent and complicated, with ecosystem issues such as liability, payer and regulatory issues, but the promise of M2M-enabled LTE solutions is too important to ignore. Some research suggests the market for telemedicine devices and services will generate $3.6 billion in annual revenue within five years (Health Data Management, October 2009). Utilities are another important area www.networkworldme.com
where existing M2M applications will be enhanced and new applications will be developed with the advent of LTE. The M2M utilities vertical is expected to grow at a compound annual rate of 42% over the next several years. There is an ongoing dialogue concerning the Smart Grid, which seems to focus primarily on meter reading. As discussed, much of this is served by 2G solutions. The backbone of this grid will lie in management and control, which will serve to create greater efficiencies and “greener” energies. LTE will affect Supervisory Control and Data Acquisition (SCADA) -- systems used to monitor and control transmission and distribution equipment, field engineering, the automated meter infrastructure and inventory management. One of the key advantages of LTE-enabled M2M solutions will lie in reducing the high costs of data collection and on-site services and remotely managing and tweaking power generation and T&D facilities for maximum efficiency based on increased access to more robust data. As happens when any new technology comes to the market, there are opportunities from incumbents as well as new entrants. The move to 4G is no different. Factors that may propel or hold back adoption or development include: • Availability and cost of modems • Device form factor requirements • Useful life of legacy devices versus replacement costs • Availability of other technologies • Ubiquity of network coverage • New service pricing models • Speed of market adoption for new technologies • Legislation It is likely that as LTE becomes the new standard and reaches a point of ubiquity, the older technologies will eventually be phased out and replaced. The ultimate promise of M2M and LTE will be a world in which connectivity is expected and demanded. That day is coming soon. September 2011 Network World Middle East 37
opinion
The mobile Internet is an inevitable choice for the global telecom industry as it seeks to undergo a deep transformation.
A
t the centre of it are QoE and value innovation, coupled with device-pipe-cloud connection and user information as two core aspects. With mobile Internet becoming widespread, operators must shift toward it as quickly as possible while protecting and optimising the value of pipes – which is not an option but the only way. Therefore, to succeed, operators must discern and follow core user experience and value demand and meet user requirements through new technologies and new business models. The core competitiveness model of the mobile Internet is made up of the device, pipe and cloud and aims to maximise user 38 Network World Middle East September 2011
value quickly and optimize QoE.
Device-pipe-cloud connection: Through the device-pipe-cloud connection, user experience is delivered end to end, as is user value. For example, a video service requires good smart devices, client software that is visual and easy to use with a neat design, and the traffic flow from cloud (application platform) through pipe (networks at all levels) to device to stay above the minimum threshold for the video service. As the QoS system needs to guarantee the absence of jitter, delay, or distortion, this requires that a businessbased architecture be designed, standards set, and key technologies developed endwww.networkworldme.com
to-end from device through pipe to cloud. On the Internet, the pipe, device and cloud are operated by different players, so it is difficult to get the three seamlessly connected. For example, Google’s search traffic growth is hampered by bandwidth and the iPhone supports Wi-Fi by preference due to insufficient 3G network capability. Worldwide, 3G networks did not see much uptake for more than five years due to high costs and a shortage of smart devices. User information: Business innovation based on QoE and user value is the competitive essence of a business. This requires an in-depth analysis and
advertorial Select growing mainstream services that have not reached the “sweet spot”. A decision-making team of domestic and foreign experts can be set up to identify business opportunities with the greatest growth potential, seek cooperation closely with the capital market and industry experts, and build a development and investment alliance or partnership.
understanding of information about users’ historical behavior, consumption, and social relationships. In addition, it calls for an interactive mechanism to stimulate users’ potential needs, and an intelligent simulation of business and services that meet user value and experience requirements according to constraints then and there.
New thinking about mobile Internet With the rise of the mobile Internet, telecom operators’ top priority now is to analyse their business model and develop new business ideas as quickly as possible. First of all, telecom operators need to understand and follow the mobile Internet’s business model, breaking away from the business thinking that every element must be profitable. Therefore, in the network architecture and operating cost structure, operators need to change the telecom operation model in a revolutionary manner. Secondly, operators need to follow principles governing the development of the mobile Internet. When the S curve of the mobile Internet reaches the lower inflection point, the evolution cycle gets longer. Before the profit model takes shape, the number of users needs to cross the critical point, conforming to Metcalfe’s law that the value of a telecom network is proportional to the square of the number of users connected to the system. For example, when Facebook had one million users, the website was estimated to be worth USD5 million, namely each user’s estimated value was USD5. When the number of users rose to 500 million, its estimated value exceeded USD60 billion and each user was estimated to be worth USD120. Therefore, before reaching the breakeven point, the operator needs to evaluate and manage the value of the mobile Internet from the perspective of VC/PE instead of the traditional approach based on operating revenue. Finally, operators should be user-centric and build their core competitiveness
Ihab Ghattas, Assistant President - Middle East, Huawei
Introduce management consulting to stimulate innovation and achieve transformation in organisation and management. By innovating the mechanism and model for business/service management, essential competitiveness
With the rise of the mobile Internet, telecom operators’ top priority now is to analyse their business model and develop new business ideas as quickly as possible on innovative service design and key technology architecture based on user value and experience.
How operators can foray into mobile Internet Given the preceding analysis of the core competitiveness model and business model for the mobile Internet, telecom operators who consider a foray into the mobile Internet market should take the following strategies. Make use of internal and external advantages. Operators can fully exert their advantages in capital, channels, and customer groups. They can take the strategy of M&A and seek strategic cooperation with professionals and partners in service design and innovation, platform architecture, Internet marketing, and the business model. Also, they can step up cooperation with government, leveraging their advantages in credibility, security, reliability, and controllability to improve information services for society through mobile Internet. www.networkworldme.com
in business operation can be built, and an innovative, cooperative, and open culture created in the organization.
Set up a user experience center. The center aims to further dig into potential user requirements, step up research into targeted marketing, and improve service/ experience design capability and value innovation capability. Mobile Internet is all about innovation based on QoE and value. The soaring development of mobile Internet is not only profoundly affecting and changing people’s lives, but also has brought unprecedented opportunities to the Internet and mobile communications, the two industries themselves. This market will constantly evolve for the next few years and as it evolves, it will impact businesses and individuals whereby the consumption of content will be indelibly shaped by its imminent ubiquity. About the author: Ihab Ghattas is the Assistant PresidentMiddle East, Huawei
September 2011 Network World Middle East 39
feature | LTE
locations and relate these back to the enterprise as a rebate of sorts. If LTE is to actually meet these goals, it needs to be able to ensure coverage indoors and deliver reliability backed up by Service Level Agreements (SLAs). Without indoor coverage and SLAs, LTE can never meet the needs of critical applications, like those used by hospitals. Finally, the enterprise needs LTE to work for them, not just for the carriers. This means privatised LTE networks that exist much like a restricted wireless LAN, where data stays on-site and doesn’t make the trip back to the carrier’s hub, reducing the risk of security breaches and driving costs down. So what does this mean for LTE?
LTE indoors and out
Driving LTE into the enterprise In order to woo enterprises, LTE must exhibit more than just enhanced browsing and social networking.
T
he wide adoption of mobile social networking is driving a change in mobile usage, from voice calls and texts to content creation and consumption, at least in the consumer world. But for businesses, being able to use a smartphone to upload videos to Facebook isn’t enough for IT decision-makers to go build a mobile strategy based on privatised LTE (Long Term Evolution), the leading 4G standard. In order to woo enterprises, LTE must exhibit more than just enhanced browsing and social networking. Businesses want 40 Network World Middle East September 2011
one of three things from 4G: - To satisfy customer demand for mobile browsing in high-traffic public venues, like stadiums, airports and convention centres. - To improve operational efficiency, by replacing wired desks with mobile phones/workstations or by mobilising critical enterprise applications, like patient or security monitoring tools. - To create a new revenue stream by generating revenue from every guest/ visitor/employee served by a local enterprise LTE network -- this obviously requires new core network functions that can “count” data usage of users in specific www.networkworldme.com
The past few years have shown that the bulk of cellular data usage is coming not from outdoors, but indoors. This trend will continue with LTE, especially as the enterprise begins to look at the service as a parallel network to existing connectivity solutions. LTE does, however, need help to penetrate indoors for the enterprise. To reach equivalent WLAN performance from indoor LTE, enterprises need to take one of two approaches (possibly subsidised by carriers looking to push LTE adoption): - A femtocell or picocell array that would provide additional coverage indoors. While cost-effective, these technologies cannot provide a guaranteed SLA and don’t offer consistent coverage throughout larger facilities. - A distributed antenna system (DAS) provides more “blanket” coverage indoors but is not exactly inexpensive. This is changing, however, as more DAS providers examine new ways to leverage existing technologies to extend LTE coverage, which will drive down the cost.
LTE and SLAs
SLAs are common enough in IT, covering everything from email to voice services. Cellular services, however, are treated
www.networkworldme.com
September 2011 Network World Middle East 41
feature | LTE
much differently. Because of the consumercentric nature of wireless services, SLAs have not been seen as important. With LTE capable of acting as a missioncritical network, these agreements must be comparable to those from other service providers. Running an enterprise IT backbone on a network sans SLA is essentially a pink-slip-in-waiting for any IT executive, so for widespread adoption in the business, SLAs must become commonplace. That’s not to say that the SLA needs to be free. Businesses are willing to pay for benefits above and beyond the consumer world. For example, a three-second download speed enhancement might seem trivial to consumers. But for the enterprise, this efficiency spread across a network could represent significant productivity gains, hence their willingness to pay more for it.
LTE as a private network
The final step for LTE in the business world is to function as a truly “private” network. This means communications within a given area is not transmitted back to a central hub, but rather lives within the enterprises’ confines. The reasoning for this is threefold: - A private, in-building LTE network can function as a strong backup to fixed networks, and this capability is already being explored at both the enterprise and consumer level. - Demand is growing for more mobile, enterprise-class applications, from realtime security surveillance applications to high-bandwidth productivity applications, such as WebEx, Skype and IPBX apps, as well as enterprise-specific LTE devices, like Cisco’s Cius tablet. - The ability to bypass LTE “bottlenecks” by remaining on the in-building network means that no matter how congested the macro-level network becomes, the enterprise LTE grid remains accessible. In the WiMax world, private network examples already exist through providers like Alvarion, but WiMax lacks the 42 Network World Middle East September 2011
Ericsson named as leader in LTE magic quadrant Ericsson has been positioned in the “Leaders” quadrant of Gartner’s recently published Magic Quadrant for LTE. Gartner evaluated end-to-end vendors of LTE equipment (radio and core) based on their ability to execute and completeness of vision in the LTE market. To date, seven of the top 10 operators ranked by revenue have selected LTE vendor for their network. Ericsson has signed commercial contracts with six of these seven operators. Ericsson is the prime driver of open standards and has had the most significant impact on the LTE specifications released to date. Ericsson expects to hold 25 percent of all essential patents for LTE, making it the largest patent holder in the industry.
routing to and from the enterprise’s IP network without traversing the mobile operator’s core network. The industry is developing new standards, such as Selected IP Traffic Offload (SIPTO) and Local IP Access (LIPA), to allow Internet traffic to flow from the enterprise’s local LTE network directly to the Internet, bypassing the operator’s core network. Future releases of LTE will also include various offload mechanisms like those mentioned above, that will enable private networks. Beyond M2M and offload mechanisms, the final component is carrier buy-in -- the carriers of the world need to see revenue from providing private LTE networks as value-adds. For example, a Charlottebased Fortune 500 company wants a private LTE network. In an ideal future, the
The final step for LTE in the business world is to function as a truly “private” network. This means communications within a given area is not transmitted back to a central hub, but rather lives within the enterprises’ confines. application and user pool to really drive adoption forward. For LTE, “killer” enterprise applications are coming, and soon. So, how can a private LTE network be realised? From a technology perspective, part of the solution lies in machine-tomachine (M2M) communications. M2M language allows networked devices to communicate with one another, as well as with users (M2U) and from user-to-user (U2U), without having to send data back into the carrier core. This offers enterprise shops better control over data traffic, gives them more options in wireless and, perhaps most important, allows the business to improve efficiency and justify the ROI of LTE, particularly when it comes to highperformance enterprise applications. Additionally, LTE must enable traffic www.networkworldme.com
enterprise would negotiate with a single carrier for a certain volume of subscribers over a specific period of time. The carrier would then provide the technology and bandwidth for the private LTE network on an exclusive basis, much like the businessclass broadband model. What does the future hold for LTE in the business world? For LTE to go beyond a lastresort business tool, it needs equal coverage both indoors and outdoors, a strong SLA and the ability to support private LTE networks. Despite the possibilities, the roadblocks outlined can kill the business potential before it even gains steam. The good news, however, is that carriers are already exploring these challenges in preparation for an enterprise push. Be prepared: In the next five years, the business question will evolve from, “Should we adopt LTE?” to, “What do we want LTE to do for us?”
www.networkworldme.com
September 2011 Network World Middle East 43
interview | Dell
Up the value chain Dell CEO Michael Dell talks about his company’s new direction and its plans to serve a diverse midmarket NWME: Dell says it has become an enterprise solutions provider. That’s a big shift from being a box seller and a fast adopter of new technology. Why is Dell making this change and what are you trying to accomplish? Dell: Throughout the latter part of the ‘90s and early 2000s, we started creating more and more powerful enterprise products, and as we sold those products into the data center, it became clear to us that customers wanted more than products. We started to build a bigger business services capability and to verticalise the business. It was most prevalent in the public sector -- because it was a business of verticals, with education and health care and the defense and civilian aspects of the federal government. As we were doing that, it became clear we needed to go faster. So we bought Perot Systems, and for the last year or so we’ve been pretty aggressively investing both organically and inorganically in accelerating our solutions momentum. The reason is that we found that it works really well. I think the reason it works is that we’re solving the real problem that the customer has -- and getting into the real opportunities in a bigger way.
NWME: How were you approaching customers before? Dell: Five years ago we would say: Hey, we’ve got shiny boxes. And the customer would sort of say: Well, don’t really care, I’m 44 Network World Middle East September 2011
We started to build a bigger business services capability and to verticalise the business... as we were doing that, it became clear we needed to go faster.
busy, leave me alone. What do you actually know about my problem? And can you help me solve this problem I have? I’m trying to build a next-generation supply chain. I’m trying to make my sales force more productive. I want to get better outcomes for my students or my patients. If you know something about that in the vertical that I’m in, then I want to talk to you. If you don’t, go away and leave me alone. Building that capability requires new skills, new capabilities, new intellectual property, some of which we can grow organically, some of which we have been acquiring. I think it also changes the frame of reference of the opportunities for Dell, because now we look at the entire $2.7 trillion IT industry and say: That’s actually the entire space that we’re going after. We’re not confined to this box or that box. If you look at what we’re doing today, certainly you can find some places where we’re highly advanced -- like in health care www.networkworldme.com
IT, where we’re number one in the world. We’re doing health information systems and evidence-based medicine systems, electronic medical records and claims adjudication systems, affiliated physician systems, and really entire solutions that help care providers ultimately deliver better outcomes for patients. That’s actually what they want to do. They don’t want shiny boxes, although shiny boxes may be part of the solution. We’ve changed the conversation, and that is producing a steady stream of improving results financially. Our GAAP earnings in the last year have more than doubled. That’s a good thing. We like that. People seem to like that.
NWME: You mentioned vertical solutions; Dell has also talked about a big focus on providing horizontal solutions that go across midsize companies of all kinds. What sorts of solutions are really catching on with those customers right now? Dell: Among all the solutions, you’d say roughly 80 percent of them are horizontal and 20 percent of them are vertical. To the extent you can create the horizontal solutions first, you can sell them to everybody, and there’s more demand. Things like virtualisation -- no great surprise there. What does the next-generation data centre look like? How do I implement cloud computing? What does the mobile client look like? What about IT security, migration to the cloud? There are pretty big horizontal solutions
that are highly repeatable activities. You can almost apply factorylike thinking in terms of how you deploy them -- efficiently for customers, with a very high degree of predictability that’s going to be successful and implemented on time. It’s just not that hard to do over and over again.
NWME: Obviously, you’re not the only company to lead with services and solutions. Compared with IBM and HP, is the only difference in your target audience, or are there other differences? Dell: I think [the market segment] is one difference. The other difference is that we don’t have the legacy of an installed base of proprietary stuff, which is why we’ve taken this open approach. If you look at our approach in the data center to orchestration, to systems management, it’s a very open approach. Dell has always been a leader in standards, and I think customers know and appreciate that. It’s a great position for us to continue to carve out. It’s pretty different than our competitors.
NWME: And where does Perot fit into that mix? How do you see using Perot to address the needs of that small/midsize market versus the way services normally work with these big companies? Dell: In the large company sector, you have companies with thousands, tens of thousands of people. That’s actually where Perot did most of its business. You didn’t see as many of the superbig global companies in their portfolio, though they had some. And then they had a lot of public sector, particularly health care. About half their business was health care, which is a tremendously decentralised industry. Our approach today is very consistent with that. Our challenge with the cloud and with remote-based services is -- how do you bring these services to smaller organisations? And we’ve also been acquiring some interesting new capabilities there. www.networkworldme.com
September 2011 Network World Middle East 45
test
Palo Alto PA-5060 is one fast firewall
Palo Alto’s new firewall delivered performance ten times faster and came close to its rated capacity of 20Gbps in firewall-only mode, according to our testing
O
f course, there is always a trade-off between security and performance. In the case of Palo Alto’s PA-5060, it all depends on what features you turn on and off. Palo Alto has shaken up the firewall market with its “application aware” feature, and we found that this next-generation capability carries no performance penalty. The PA-5060 does application-layer inspection by default. On the other hand - and this is a pretty big caveat - UTM rates were nowhere near the device’s stated 20Gbps limit. Performance was far lower with any UTM feature enabled than when the PA-5060 operated in firewall-only mode. Regardless of which UTM features we enabled - intrusion prevention, antispyware, 46 Network World Middle East September 2011
antivirus, or any combination of these results were essentially the same as if we’d turned on just one such feature. Simply put, there’s no extra performance cost, beyond the initial sharp drop in rates, for layering on multiple types of traffic inspection. Rates also fell when the device handled SSL traffic. And when decrypting SSL traffic, the system’s four 10-gigabit Ethernet interfaces ran at rates that would make Fast Ethernet aficionados smile. Some of this is to be expected. All security devices slow down when handling SSL traffic, and we’ve seen far bigger drops, in percentage terms, when enabling UTM features. Overall, we’d characterise the PA-5060 as a capable performer. While it offers many unique application-inspection capabilities, www.networkworldme.com
it doesn’t quite do away with the perennial question about security-vs.-performance tradeoffs.
Web Metrics Forwarding rate was the primary metric in our tests. We used both mixed and static HTTP loads to measure rates under various configurations, along with separate tests to assess performance for SSL traffic. We also verified the PA-5060’s TCP connection capacity and connection setup rate. The forwarding rate tests clearly show that the PA-5060, which can be equipped with up to four 10-Gbit/s interfaces, runs at least ten times faster than earlier Palo Alto models. In a test involving heavy Web traffic with a mix of content types and object sizes, the
PA-5060 moved data at around 17Gbps when configured as a firewall. That’s a bit under the system’s 20Gbps rated capacity, which isn’t altogether surprising since such data-sheet numbers often are obtained using best-case conditions such as a single large object requested over and over. In contrast, the traffic load we used involved a mix of text, images and binary content of various sizes - just the sort of Web traffic often seen on enterprise networks. The 17Gbps rate we saw in testing is probably a more meaningful predictor of performance on production networks.
UTM’s performance penalty As with most other security devices, rates fall sharply if various UTM functions - such as antispyware, antivirus, and intrusion prevention capabilities - are enabled. Again using the same mixed Web load, we saw rates drop from 17Gbps to around 5.3G or 5.4Gbps. The good news is that rates held steady regardless of the number of UTM functions in use. So, it doesn’t matter whether the PA-5060 does antispyware, antivirus, intrusion prevention, or any combination of these. One way of boosting forwarding rates is to disable server response inspection, which checks traffic flowing from servers to clients. Disabling this feature caused rates to nearly triple, to 13.7Gbps. This setting is mainly useful when the firewall sits in front of data centres or other server farms. Enterprise network managers deploying firewalls to protect clients will want to keep server inspection enabled (which is the default setting). Speed Bump: SSL Handling SSL encryption is compute-intensive. Even with dedicated silicon for the task, the PA-5060, like virtually all other high-end firewalls, is a far slower performer when handling SSL traffic. The PA-5060 generally moved traffic at around 7.5G to 7.6Gbps in every test case. We initially suspected that the nearly identical rates were caused by some limit in our test gear. But back-to-back tests of the Spirent Avalanche equipment without
Overall, we’d characterise the PA-5060 as a capable performer. While it offers many unique applicationinspection capabilities, it doesn’t quite do away with the perennial question about security-vs-performance tradeoffs. the PA-5060 in line moved traffic at around 8.6Gbps, faster than the firewall. So the test gear wasn’t the bottleneck. (See our test methodology.) Rates for SSL traffic are higher than those for cleartext traffic, except in the firewallonly test case. This suggests the PA-5060 does less inspection of SSL traffic by default. Palo Alto’s engineers confirmed this, but only for the particular traffic generated by Spirent Avalanche; in this case, the PA-5060 simply classified the traffic as type “SSL” and did no further inspection. Palo Alto says there are cases where the PA-5060 can detect certain attacks hidden in SSL traffic, but we did not attempt to verify that claim. The PA-5060 does support decryption of SSL traffic for deeper inspection, but that feature comes with a heavy performance cost. When doing SSL decryption, rates fell to 986Mbps when the PA-5060 acted as a firewall, and just 108Mbps with all UTM features enabled. Both numbers are a long way off from the 17-Gbps rates we saw in the cleartext tests, or even the 7.5-Gbps rates in the SSL tests without decryption. If higher-speed decryption of SSL is required, network managers might consider a purpose-built appliance such as those from Netronome and other vendors. TCP Connection Testing While traffic rates are undoubtedly useful in characterising firewall performance, they’re not the only metrics that matter. We also conducted separate tests to determine how many concurrent connections the PA-5060 could handle, and how quickly it could set up and tear down those connections. In the TCP connection capacity tests, we configured Spirent Avalanche to build up successively larger connection counts by www.networkworldme.com
having each existing connection make one new HTTP request every 60 seconds. The largest number of concurrent connections the PA-5060 handled without errors was 3,620,979. While 3.6 million is a huge number, it’s also less than the device’s rated capacity of 4 million. After testing concluded, Palo Alto said it had identified a bug in the software version we tested, and that a release scheduled for release by press time would allow the firewall to handle four million concurrent connections. We did not test the new software. In a related test, we also examined the maximum rate at which the firewall would set up and tear down new connections. Here, we configured Spirent Avalanche to use HTTP version 1.0, forcing each HTTP request to set up a new TCP connection. When handling this load, the PA-5060 handled 44,120 connections per second error-free when using all four of the device’s 10-gigabit Ethernet interfaces. In tests involving two interfaces and an earlier version of the Palo Alto software, we observed error-free rates of nearly 47,000 connections per second. Either rate is very high and will probably be more than sufficient for the majority of enterprise users. While there’s room for improvement in the PA-5060’s performance, especially when it comes to UTM performance and SSL decryption, we’re encouraged by these results. The PA-5060 is already far faster than the PA-4020 tested earlier, and it’s still one of the few firewalls with true application-layer inspection capabilities. With some optimisations to UTM and SSL performance, it may do away with security/ performance tradeoffs once and for all. For more product reviews, log on to:
www.networkworldme.com
September 2011 Network World Middle East 47
toolshed tools & gadgets
Dell unveils next-gen EqualLogic arrays Dell has refreshed its midrange line of EqualLogic storage arrays, which are aimed at small-to-midsize businesses and remote corporate offices. The new PS4100 and PS6100 storage area networks (SANs) are follow-ons to the PS4000 and PS6000 boxes. The new arrays offer a 50% increase in density by offering the use of 2.5-in drives, and allow users to choose to use solid state drives. Because all PS-series arrays are managed by the same software, the various models can be combined
and viewed through a single interface. The 2U (3.5-in high) PS4100 array has up to 21.6TB capacity with 2.5in drives and 36TB with 3.5-in drives. The PS6100 array comes in a 2U enclosure with both 2.5-in or 3.5-in drives, and also be purchased in a 4U enclosure that can increase maximum capacity to 72TB. A full 42U rack of PS6100s can hold up to 1.2PB of data. The arrays support not only 7200rpm SATA drives, but also 10,000rpm and 15,000rpm SAS drives, along with 400GB SSDs.
Yealink to launch enhanced videophone Yealink is set to release an enhanced version of its popular VP2009 videophone featuring higher quality HD audio, accelerated touch screen response and a host of new business functions. Set to be launched to Middle Eastern resellers at Gitex, the new VP2009 Elite incorporates major hardware and software upgrades, including a new HD sound box, increased bandwidth and higher capacity Ti Davinci chipset. These have yielded significant improvements in performance and functionality such as a four-fold increase in the speed of response of its seven inch TFT-LCD touch screen. The Elite, which will be distributed across Middle Eastern territories by
48 Network World Middle East September 2011
Yealink’s preferred distributor, Dubaibased Ben International, offers seamless Broadsoft compatibility. It also provides a range of new business features such as BLF, intercom, three-way conferencing and 20 Direct Station Selection (DSS) keys with status lights. In addition capacity of the CMOS sensor camera has been raised from 300k to 2m. pixels and new applications introduced for video devices such as door-phones and IP cameras.
www.networkworldme.com
OCZ releases its first hybrid drive OCZ has introduced its first hybrid drive, the RevoDrive Hybrid, which combines 100GB of NAND flash memory with a 1TB hard disk drive along with a high-speed PCI Express (PCIe) interface. OCZ has separated itself from the only other competitor in the hybrid drive market, Seagate, by offering 25 times more NAND flash capacity and a vastly faster interface. The company also claims the drive can achieve up to a 910MB/sec sequential read rate, or 120,000 I/O per second (IOPS) using 4K random writes for high transactional workloads. By comparison, Seagate’s hybrid drive offers an average read rate of 83.7MB/sec. and a burst rate of 213MB/sec. The drive is targeted for use in workstations and for people working with high bandwidth applications like video production, as well as gamers. OCZ claims the RevoDrive Hybrid is the first “real” available hybrid drive because it’s using enough SSD “truly provide the performance of an SSD with the capacity of HDD.” The new RevoDrive Hybrid comes bundled with OCZ’s Dataplex caching software which dynamically manages the use of the 100GB of NAND flash so that the most frequently used “hot” data stays on the SSD, while the less frequently used data remains on the larger capacity hard drive.
Molex debuts shielded jacks Molex Premise Networks has announced the release of PowerCat 6A side entry shielded jacks. This new side entry jack is said to be ideal for use in work area outlet applications with limited back box space and trunking applications. The jack also incorporates time saving installation features such as a springloaded cable clamp feature and will be compatible with the Molex 4-pair termination tool and standard termination tool. The PowerCat 6A jack is specifically designed for high speed 10 Gigabit Ethernet applications, with typical applications including data centres, storage area networks, server farms, riser backbones, and beyond. The PowerCat 6A end-to-end solution consists of Category 6A shielded patch panels, both straight and angled, cable, patch cords and the both the new die-cast Datagate side entry and regular shielded 6A jack. The PowerCat 6A solution is the ideal enterprise structured cabling choice for business enterprises looking to secure network performance for the future.
Cisco’s go-anywhere router The Cisco Integrated Services Router 819 Machine-toMachine Gateway, available immediately, is the smallest member of the ISR family of branch and remote-office routers and is designed to withstand outdoor environments with extreme
temperatures. Target markets for the device include truck fleets, tollbooths and ATMs (automated teller machines). The ISR 819 can also serve as a conventional router in a remote office, said Inbar Lasser-Raab, senior director of marketing for borderless networks. Unlike most routers, the 819 relies primarily on cellular data to reach the Internet. This opens up more possible uses for the router, including moving vehicles. The router weighs only 2.3 pounds (1 kilogram) and is thicker but
www.networkworldme.com
smaller than a tablet. To ensure communication in isolated locations, the ISR 819 is equipped for 3G connectivity. It is available with both GSM (Global System for Mobile Communications) and CDMA (Code-Division Multiple Access) technology and has room for two SIM (Subscriber Identity Module) cards, so users can set up service with two different mobile operators for redundancy. Cisco is also eyeing 4G capability next year, though most machine-to-machine (M2M) applications aren’t bandwidth-hungry.
September 2011 Network World Middle East 49
layer 8 You can play Doom Cisco counterfeiter in Germany gets 30-months in jail T he classic video game Doom can now be bought and played in Germany after a 17-year ban on the program. The German government agency that controls such things, the Federal Department for Media Harmful to Young Persons (Bundesprufstelle) had banned the video game 1994 saying it was “likely to harm youth.” The game was treated like porn in Germany and could be had in adult stores. According to published reports the restrictions on Doom and Doom II were allowed to end on August 31 after a meeting with the Bundesprufstelle and the owner of Doom, Bethesda Softworks. iD Software which created Doom was bought by Bethesda. From the BBC: “Bethesda argued that the game’s crude graphics had been surpassed by many modern titles and, as a result, the violence it depicted had far less of an impact. In a document detailing its reasons, the Bundesprufstelle said its original decision was not solely based on the graphic quality of the game, although it noted that most mobile phones now supported far more realistic images. The rules have been relaxed because officials believe that Doom is now only of artistic and scientific interest and will not appeal to youngsters. However, one version of the game remains on the index because it features Nazi symbols on some levels.”
Wireless ‘tattoo’ monitors your health R
esearchers are touting a wireless skin-thin, microelectronic tattoo as an alternative to hard-wired electrodes for healthcare tests or monitoring and ultimately new applications such as electronic bandages. Researchers say they have created a new class of microelectronics they call an epidermal electronic system (EES) which utilizes miniature serpentine-shaped sensors, light-emitting diodes, tiny transmitters and receivers and networks of wire filaments into an ultra-thin material that sticks to your skin like a stick-on tattoo. The EES device is 50-microns thick--thinner than the diameter of a human hair-and integrated onto the polyester backing. It was developed by researchers from the University of Illinois at Urbana-Champaign, Northwestern University, Tufts University, the Institute of High Performance Computing in Singapore, and Dalian University of Technology in China. 50 Network World Middle East September 2011
T
he Department of Justice today said Donald Cone of Frederick, Maryland, US, was sentenced to 30 months in prison for his role in a sophisticated conspiracy to import and sell counterfeit Cisco network equipment. A federal jury convicted Cone -- who was also ordered to pay $143,300 in restitution -- and a co-conspirator, Chun-Yu Zhao in May 2011 after a three-week trial. Zhao will be sentenced on Sept. 9, 2011. The DoJ said that according to the evidence introduced at trial, Zhao, Cone and Zhao’s family members in China operated a largescale counterfeit computer networking equipment business under the names of JDC Networking Inc. and Han Tong Technology (Hong Kong) Limited. JDC Networking Inc., located in Virginia, altered Cisco products by using pirated software, and created labels and packaging in order to mislead consumers into believing the products it sold were genuine Cisco products, the DoJ stated.
Thwarting copper theft T
he US Department of Energy and its Oak Ridge National Laboratory have built a security system that is aimed at thwarting at least some of the copper thefts that plague utilities and other large facilities. Specifically, “ORNL, DOE, the utility and several subcontractors installed a comprehensive perimeter security system consisting of energy efficient lighting, surveillance cameras that operate in a high voltage environment and an anti-cut, anti-climb fence system with integral intrusion detection cable. The complete system protects a perimeter area of 3600 linear feet.” “This security system will deter future vandalism attempts, allow security officers to conduct surveillance remotely and will automatically alert security officers of an attempt to breach the perimeter so the officers can enact a proper response,” said project manager Brigham Thomas of ORNL’s Global Nuclear Security Technology Division in a release. The security system installation, calibration and performance testing were completed in early 2011. Since the implementation, the substation has not reported any security issues
www.networkworldme.com
www.eset.com/me Dubai:+9714 3754052
This summer
Stay Cool
on the Internet Don‘t get burned with viruses, hacker attacks or social engineering scams. w no y r T for
frE
E
ESET Smart Security 4
The faster, lighter PC protection
HUAWEI AR G3 Access Router
Multi-core support for superior access performance.
To experience Huawei AR G3 Access Router visit us at GITEX 2011
52 Network World Middle East September 2011
www.networkworldme.com