Voice+Data Sep 2012

DON'T FEAR THE REAPER HOW TO DEAL WITH END-OF-LIFE I.T. BYOD: THE NEXT Y2K? INFORMATION SECURITY TIPS FOR SMBs

SEPTEMBER 2012 VOL.11 N O .7 PP255003/05951

BIG NEWS

GO TO PAGE 35

8

30

20

18

©iStockphoto.com/Trout55

©iStockphoto.com/Ivan Bliznetsov

©iStockphoto.com/Baran Özdemir

contents

16

Regulars

Articles

4

8

Don’t fear the reaper

IT vendors rarely offer support for their products forever. Stephen Withers looks at the issues that arise when a vendor discontinues support for a technology your company relies on.

6

This is the end Talk from the top

14 From the analysts' table 16 @work Case studies featuring technology from BMC Software, Opengear, Avaya Australia, Quest Software and Azzurri Communications.

24 Only as good as your last breach

It only takes one data breach for your customers to lose faith in you. This is particularly alarming for SMBs, which have

26

Building blocks

become the preferred target of cybercriminals.

The latest products and services driving convergence.

34 In my opinion 35 BIG NEWS

30 Intelligence in cabling infrastructure

ITSM is a critical part for the operation of a data centre. Managed connectivity can provide a higher level of visibility into the physical network layer, to improve infrastructure management.

On the Cover: ©iStockphoto.com/Ivan Bliznetsov

NOW in DIGITAL! www.VoiceandData.com.au

Your copy of Voice+Data is now available as an online eMag.

http://www.voiceanddata.com.au/latest_issues 3 // SEPTEMBER 2012

Some thoughts

THIS IS THE END A.B.N. 22 152 305 336 www.westwick-farrow.com.au Head Office Cnr. Fox Valley Road & Kiogle Street, (Locked Bag 1289) Wahroonga 2076 Australia Ph +61 2 9487 2700 Fax +61 2 9489 1265 Editor Andrew Collins acollins@westwick-farrow.com.au

Andrew Collins Editor acollins@westwick-farrow.com.au

Contributing Editor Merri Mack mmack@voiceanddata.com.au Chief Editor Janette Woodhouse Publisher Geoff Hird ghird@westwick-farrow.com.au Art Director/Production Manager Julie Wright

T

his is this last issue of Voice+Data. All things end. As the Grim Reaper himself said in the 1991 film Bill & Ted’s Bogus Journey, “You might be a king or a little street sweeper, but sooner or later you dance with the Reaper.” Now, Voice+Data’s time has come. The Grim Reaper has arrived, and when he leaves, he will take this magazine with him. But as this month’s cover suggests, you needn’t fear the Reaper. Although Voice+Data is ending, its spirit will continue on in another guise. Let me explain. Voice+Data was initially intended to address the key elements in the title: voice communications, data networks and the combination of the two (ie, voice over IP). As time went on, and the industry changed, the magazine’s focus grew to include all sorts of general IT topics outside of voice and data, including data storage, information security, enterprise software, virtualisation, the cloud, data centre cabling and many more. Earlier this year, after conducting several reader surveys (which attracted more responses than you can point a scythe at), we at Westwick-Farrow Media sat down, had a good hard think and decided it was time to retool a couple of our magazines, including Voice+Data. So, following this issue, Voice+Data will be succeeded by a brand new IT magazine (and website) called Technology Decisions. As the title suggests, Technology Decisions will help IT leaders with the day-to-day decisions that come with running an IT department. It will focus on the big issues that face IT management, like cloud, big data, compliance, virtualisation, software development and more.

4 // SEPTEMBER 2012

Anthony Caruana will edit the new magazine. Anthony has a pretty good idea of what’s involved in running an IT department: he’s the CIO of a Melbourne private school and has worked in enterprise IT for nigh on 20 years. You’ll also see some familiar faces in the magazine. I’ll be contributing to the mag, and will also head up the website, which will carry all the content from the mag plus much more. Check it out at www.TechnologyDecisions.com.au from mid-October onwards. The hands-on aspects of implementing IT and communications - like cabling, data centre outfitting and so on - will be absorbed into Voice+Data’s sister magazine, Electrical Solutions, which will be renamed as ECD (Electrical+Comms+Data) Solutions. If you’re currently subscribed to Voice+Data, you’ll automatically receive a free subscription to Technology Decisions. The first issue should land on your desk in late October, so keep your eyes open. Similarly, those already subscribed to Electrical Solutions will automatically receive a free subscription to ECD Solutions. If you want to receive either Technology Decisions or ECD Solutions, but don’t have a subscription to the current version of that magazine, simply head on over to http://www.westwick-farrow.com.au/subscribe/default.asp?origin=sub and sign up. And finally: thanks to all those proofreaders, subeditors, contributors, designers and sales staff who have helped put Voice+Data together over the years. More importantly, thanks to all the readers who have picked up a copy of the magazine and to those who have written in to share their stories. So long, and thanks for all the fish.

Art/Production Tanya Scarselletti, Nettie Teuma, Colleen Sam Circulation Manager Sue Lavery circulation@westwick-farrow.com.au Copy Control Mitchie Mullins, copy@westwick-farrow.com.au Advertising Sales NSW, QLD Liz Wilson Ph 0403 528 558 lwilson@westwick-farrow.com.au VIC, SA, WA Lachlan Rainey Ph 0402 157 167 lrainey@westwick-farrow.com.au New Zealand Gemma Burr Ph 0800 44 2529 gburr@westwick-farrow.com.au USA Huson International Media East Coast Ph +1 212 268 3344 West Coast Ph +1 408 879 6666 ralph@husonusa.com UK Huson International Media Ph +44 1932 56 4999 gerryb@husonmedia.com Asia Lachlan Rainey Ph +61 (0) 402 157 167 lrainey@westwick-farrow.com.au If you have any queries regarding our privacy policy please email privacy@westwick-farrow. com.au Subscriptions: For unregistered readers, price on application. Printed and bound by Webstar +61 2 9748 0020 Print Post Approved PP 255003/05951 ISSN No. 1446 - 2230

March 2012 total CAB audited circulation (Aust + NZ) 6782 readers (76% personally requested) All material published in this magazine is published in good faith and every care is taken to accurately relay information provided to us. Readers are advised by the publishers to ensure that all necessary safety devices and precautions are installed and safe working procedures adopted before the use of any equipment found or purchased through the information we provide. Further, all performance criteria was provided by the representative company concerned and any dispute should be referred to them. Information indicating that products are made in Australia or New Zealand is supplied by the source company. Westwick-Farrow Pty Ltd does not quantify the amount of local content or the accuracy of the statement made by the source.

Talk from the top

THINKING ON THE WAVES Merri Mack

Matthew Baumgartner is the CIO of Servcorp, a provider of premium virtual and serviced office space. Servcorp’s geographic spread extends over 21 countries, 52 cities and 131 locations. With multiple tax regimes, multiple currencies and many different languages, sophisticated systems are needed to run the business successfully.

T

he CIO role covers two key areas of responsibility - technology strategy and people management - both of which Baumgartner takes very seriously. He creates and manages the technology vision for Servcorp with the executive team, provides international platform roadmaps and fosters strategic relationships with partners. Baumgartner said, “A key challenge is striking the right balance of investment in the CIO role. On one hand you have disruptive innovation that will yield longer term benefits and on the other you have the requirement to improve what’s in front of you now.” The people management aspect of the gig involves defining clear measurements for success for individuals and the group, as well as advancing the careers of the company’s 100+ IT personnel. According to Baumgartner, "The real focus is developing and positioning them for their next role by cultivating a culture of excellence and selfimprovement. When they win, we win." “One of the stretch goals we like to have team members set as part of their personal development plans is to speak at a well-known technology conference such as Microsoft’s TechEd. If they are only attending the conference they will be expected to redeliver the key insights gained back to their teams. This way they are also developing skills such as public speaking. They don’t just attend a conference, they go to extend their skills,” Baumgartner said. “I enjoy being surrounded by incredibly smart, motivated people that enjoy being challenged. I love watching people grow and get better at what they do. We hold the bar pretty high for our teams, which means we have an amazing pool of talent to draw on. “We know that we have done our job properly if our team members are getting poached by Microsoft, Google or Cisco. “Servcorp is really starting to get recognised as a top place to work and we have people knocking on our door to replace those we lose. Recently, a partner who was working on a project with Servcorp said it was one of the best projects they had ever worked on.”

6 // SEPTEMBER 2012

"On one hand you have disruptive innovation that will yield longer term benefits and on the other you have the requirement to improve what’s in front of you now." - Matthew Baumgartner

After his first stint working at Servcorp as a unified communications architect, Baumgartner took a role in integrator land at Getronics, working as a consultant in a converged communications practice that specialised in Cisco voice and data solutions. The practice was successful, going from revenues of approximately $800,000 a year to approximately $45 million in four years. “The practice was initially led by a real visionary, Stuart Hendry, who believed good people attract good people. “The practice we built was recognised by Cisco, winning the ‘Global Technology Excellence Partner of the Year’ award in 2006, and then again the following year, winning the ‘Solutions Partner of the year Asia Pacific award,” said Baumgartner. Back at Servcorp in 2008, he worked as general manager of Office Squared, a spin-off company that built a software application suite that could monetise Cisco technology assets for commercial real estate providers. After a realignment of Servcorp’s core focus, the Office Squared technology team was absorbed back into Servcorp, with the goal of modernising Servcorp’s core technology platform. Baumgartner is an advocate of activity-based work, whereby all necessary participants - such as marketing, finance, sales and technology - work as a cross-functional team, in common space, for the duration of a project. “It pretty exciting stuff, where there’s no room for the traditional functional silos,” he said. Developing and refining a portfolio of skills to be effective in his present role are part of Baumgartner’s short-term vision. Blessed with a great family, he believes in balancing family life with exercise and contributing to society. One of his passions is surfing, either with mates or just sitting out on the ocean by himself, thinking.

Matthew Baumgartner has been the CIO at Servcorp since the beginning of 2012. He was previously the Head of Business Technology at Servcorp, and has had other senior IT roles at the company.

www.VoiceandData.com.au

©iStockphoto.com/Ivan Bliznetsov

End of life kit

DON’T FEAR THE REAPER HOW TO PLAN FOR THE END OF LIFE OF YOUR IT KIT Stephen Withers

Diamonds might be forever, but IT is not. Technologies and products that were once hot are now as dated as Joan Collins’ shoulder pads, Red Symons’ Skyhooks make-up or Warwick Capper’s footy shorts. While the aforementioned treasures may be lost to us forever, it is possible to plan for the end of life (EOL) of your IT kit.

P

erhaps the only known copy of a historically important document is a WordStar file on a 5.25″ diskette. Maybe an AutoCAD drawing stored on a SyQuest cartridge could help prove that you developed a certain design feature ahead of a competitor. You might need a way to migrate an old, yet essential application to a more cost-effective platform, or to modernise so it can feed data to a tablet app. And while it’s relatively easy to get into the cloud, have you thought about how you’d get out again? Let’s take a look at some of the issues involved.

and blocking new threats, although it won’t do so as efficiently as a properly developed patch. He drew an analogy with the way taking aspirin can remove pain even if it doesn’t cure the underlying issue. If an operating system vendor EOLs a product, its continuing use means trusting a security vendor, Forsyth observed.

Security What happens when a vendor brings down the curtain on a piece of software before you’re ready to stop using it? The functionality might be adequate - if not, you would already have found a replacement - but what about ongoing security? A prime example is Windows XP - the venerable and (at least in some circles) well-regarded operating system will reach the end of its extended support period on 8 April 2014. But from what we hear, some large and small businesses aren’t planning to complete their migration to Windows 7 or 8 by then. Leaving aside any discussion of whether that’s sensible, the problem is that there’s no guarantee that the Bad Guys will start ignoring XP. If they think there will be enough systems to be worth attacking, they will continue to research vulnerabilities. Indeed, a smart move might be to keep any remaining XP vulnerabilities up their collective sleeve until April 2014, as Microsoft won’t then provide a protective patch. Sophos director Rob Forsyth notes that security vendors delay EOLing - end-of-lifing, aka discontinuing - their products for as long as possible, often by as much as five years after the end of support for the OS they run on. This does provide customers with a way of detecting

www.VoiceandData.com.au

"There’s no guarantee that the Bad Guys will start ignoring [ W i n d o w s ] X P. If they think there will be enough systems to be worth attacking, they will continue to research vulnerabilities."

This is also an issue for users of Mac OS X, as Apple doesn’t even say how long it will provide security patches for non-current operating systems. Custom and practice has been to support one version behind whatever’s current, but that hasn’t been explicitly stated. The problem is that backward compatibility of new OS X releases tends to be limited. Coupled with the now annual pace of OS upgrades, this makes it increasingly common to find a Mac that has plenty of life left in the hardware but is unable to run a currently supported version of the operating system. Voice+Data sought comment from Apple for this article, but a spokesperson declined, saying “We’re very much about looking to the future.” Our approaches to Microsoft were also politely rebuffed: “They don’t want to participate in this opportunity,” said a spokesperson. Mobile devices are also affected. The upgrade path for iOS has been reasonably good, but a lot of Android phones are still running the OS they shipped with, whether that’s because of incompatibilities with newer versions or because the vendors or carriers chose not to offer updates. That wouldn’t be a corporate issue, if not for the spread of BYOD (bring your own devices) - the practice of supporting employees’ mobile devices on the corporate network. Forsyth suggests BYOD policies should require employees to install appropriate security software (antimalware, remote wipe and encryption) before the devices are used for work and pointed out that the Sophos product offers the same centralised management for Android (right back to version 2.2), iOS, Windows Mobile/Phone and BlackBerry as it does for desktop operating systems.

9 // SEPTEMBER 2012

©iStockphoto.com/Ivan Bliznetsov

End of life kit litigation) that now only exist in a stockpile of archive tapes. “LTO is a good standard,” he said, but backward compatibility is only retained for two generations, and “large OEMs will always be keen to move a client forward to the next generation.” Another example is that certain medical records must be held for 30 years, and in previous decades they were commonly entrusted to magneto-optical storage, and such drives are now rare. Kroll Ontrack also has software that can extract individual messages from an email backup, which is more efficient than restoring the entire database. But “we still get requests for [recovering] 5.25″ floppies,” said Briscoe.

Storage Migrating from one generation of storage is getting easier, given the increasing tendency to keep corporate data on centrally managed storage rather than individual users’ hard drives or external devices. It might not be a simple or quick job to copy all the data when you install a new disk array or tape library, but it’s easier than rounding up all the floppies or thumb drives sitting in desk drawers around the organisation. The problem comes when you suddenly discover that you need some information that only exists on obsolete media that can’t be read by your current hardware. Perhaps you have some old LTO-2 tapes that you didn’t copy before upgrading to LTO-5 drives. That’s where companies such as Kroll Ontrack come in. Kroll Ontrack’s General Manager for Asia Pacific, Adrian Briscoe, explained that recovering data from old media is an everyday job at the company. Not only does the company maintain a huge stock of outdated storage hardware at its branches around the world, it also has licences for a wide variety of software - it’s not enough to merely read the data from the device, the right backup software or other application is needed to make sense of it. A typical scenario is a sudden need to read old emails (eg, because of pending or actual

10 // SEPTEMBER 2012

His suggestions include: • Identify your important data and know where it resides (eg, down to the individual tape level), as it’s not easy to create an index after the event. • Establish an archiving policy, and ensure that important data is deduplicated and then moved to new media whenever hardware is upgraded, or at least to a type of storage that can be affordably accessed. • Establish and enforce a retention policy so data is not kept longer than necessary - if you no longer have it, you don’t have to worry about retrieving it. Just be careful to comply with any relevant laws or regulations.

Custom software One of the trickier parts of migrating away from obsolete or outmoded hardware involves porting any custom software. Much the same problem faces software vendors when a platform they have been supporting falls out of favour. Moving away from a mainframe presents “a conundrum”, according to Bruce Craig, Country General Manager for Australia & New Zealand at Micro Focus, because custom applications are “the lifeblood of the business” - if they didn’t provide something unique, they would have been replaced by packaged software long ago. “You need to differentiate the application from the hardware,” he said. Mainframe hardware and supporting services “have become extremely expensive” (though that’s mainly in comparison with other platforms that have become so cheap), and customer touchpoints have moved further from the application (eg, the widespread use of tablets). There are plenty of programs written in COBOL, PL/1, Natural and other languages that are still as valid as ever, he suggested. In particular, COBOL

www.VoiceandData.com.au

©iStockphoto.com/Ivan Bliznetsov

End of life kit

applications are “incredibly stable,” said Craig, “they work, they don’t break” and all that may be needed is to move them to a cheaper platform. He pointed to a recent migration of mainframe applications by the Insurance Commission of Western Australia. The software had been developed over three decades, and no commercial packages provided equivalent functionality. Other examples of migrations using Micro Focus products (which include a range of mainframe development tools as well as the compilers for which the company is probably best known) include the B&NCS banking system originally developed by Australian company FNS and now owned by Tata, as well as applications from PeopleSoft (now part of Oracle), Mincom and Amdocs. Organisations often combine the task of moving an application from a mainframe and adding a web services wrapper allowing its functionality to be consumed by web or mobile apps. Eliminating mainframe costs can trim operating costs by millions, freeing up budget for new projects such as mobile apps, a process Craig called “self-funded innovation”. Furthermore, such migrations typically have a payback period of 12 months, which makes the projects acceptable to boards. And even if you’re not yet ready to move production applications off a mainframe, Craig pointed out that offloading

12 // SEPTEMBER 2012

"There’s always a risk, however slight, that a provider will bring a service to an end, go out of business or fall into the hands of an unacceptable owner."

development and testing to a lower cost platform can often save around 50% of mainframe capacity and improve productivity thanks to the ability to use better tools.

Cloud There’s “a rapid acceleration to cloud services”, according to Liam Fraser, General Manager, Cloud Services, Optus Business, but there’s a need “to go in with eyes open”. Apart from having to decide whether it is the right technology and if its potential benefits can be realised, it’s also important to think about how you will be able to unwind from a particular service or provider. There’s always a risk, however slight, that a provider will bring a service to an end, go out of business or fall into the hands of an unacceptable owner (eg, a rival or a member of a rival alliance, or an overseas company that presents sovereignty issues). Or maybe down the track another provider will offer better terms. In a situation where an organisation’s applications are running in a set of virtual machines, all the relevant files can, in theory, be moved elsewhere, Fraser observed, but this requires IT and contract management skills. Optus Business uses vCloud Director, making it relatively easy to extract the files either across a network or on physical media. He advocates consultative relationships with suppliers, because if you want regular backup or mirroring of your data to a destination outside your provider, “that’s not likely to be achieved as an off-the-shelf function”. Similarly, if the migration of an obsolete system to the cloud was proposed, “we would consult very closely with our customer”, Fraser said, as in some circumstances it could be an excessively risky move. But his company can provide consulting services for customers planning to run applications in public or private clouds, whether those applications are old and obsolete or being deployed for the first time by that organisation. Optus offers a range of services covering infrastructure as a service (under the PowerOn brand, and available as a fully hosted service or managed - and possibly owned - by Optus but physically located on the customer’s premises) and software as a service (OfficeApps - initially rebranded Google Apps with local support, but with other applications planned). And at a regional level, parent company SingTel has “a rich ecosystem” of software as a service covering various vertical and horizontal applications - “it’s a very broad story,” he said. A successful move to the cloud “takes a considered and methodical approach,” said Fraser.

www.VoiceandData.com.au

Exper t systems to power a smarter planet. With intelligence being infused into the systems, processes and physical objects we interact with every day, our planet is becoming smarter before our eyes. Less visible, but equally important, are the leaps in intelligence being achieved by the computing systems at the heart of this progress. This is about far more than processing speed; it’s about intelligent architectures that allow us to build expertise directly into our computing systems—expertise that can support today’s cloud services and big data requirements. Case in point: a new class of computers called “expert integrated systems,” designed with scale-in architecture and built-in expertise. Combined, these ideas will radically simplify enterprise computing. Expert integrated systems scale in, driving performance more intelligently—not by adding processors, but by tightly integrating the processor with the memory, storage, networking, virtualisation, management and middleware layers above it. And unlike today’s “converged” IT solutions, these systems don’t just integrate IT components, they integrate expertise—as embodied by something we at IBM® call “patterns”.

Patterns distill the collective knowledge related to a specific field or task. They balance and coordinate the complex array of resources required to deliver vital capabilities—ranging from sophisticated services like business analytics and cloud environments to bedrock IT functions like application deployment and database provisioning. Recently, IBM introduced the world’s first family of systems with integrated expertise, IBM PureSystems™. Testing shows that the scale-in architecture of PureSystems can support twice the peak application load of previous-generation IBM systems. We can now get systems up and running in as little as four hours—and, using patterns, we’ve been able to cut months off application deployment times. Over 100 software vendors like SAP and Infor are already using PureSystems’ open design to develop their own unique patterns. We expect the library of patterns to grow as our clients begin to explore the possibilities of this approach. Let’s build a smarter planet. ibm.com/au/puresystems/

TRADEMARKS: IBM, the IBM logo, ibm.com, Smarter Planet and the planet icon are trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. A current list of IBM trademarks is available on the Web at “Copyright and trademark information” at www.ibm.com/legal/copytrade.shtml. Other product, company or service names may be trademarks or service marks of others. © Copyright IBM Australia Limited 2012. ABN 79 000 024 733. © Copyright IBM Corporation 2012. All rights Reserved. IBMCCA1393/EIS/VD/FPC

from the Employee monitoring on the rise Andrew Walls, Research Vice President, Gartner

Sixty per cent of corporations are expected to implement formal programs for monitoring external social media for security breaches and incidents by 2015, according to Gartner. Many organisations already engage in monitoring as part of brand management and marketing, but Gartner believes less than 10% currently use these same techniques as part of their security monitoring program. According to Andrew Walls, Research Vice President for Gartner, the impact of IT consumerisation, cloud services and social media renders the traditional approach of monitoring internal infrastructure for security incidents inadequate for guiding decisions regarding the security of enterprise information and work processes. “Given that employees with legitimate access to enterprise information assets are involved in most security violations, security monitoring must focus on employee actions and behaviour wherever the employees pursue business-related interactions on digital systems, whether inside or outside of the enterprise IT environment,” Walls added. Security organisations are beginning to see value in the capture and analysis of social media content, not just for internal security surveillance but also

14 // SEPTEMBER 2012

to enable detection of shifting threats that impinge on the organisation, such as physical threats to facilities or logical attacks by ‘hacktivists’ - loosely defined as politically motivated hackers. Early detection of shifting risks enables the organisation to vary its security posture to match and minimise negative impacts. The popularity of consumer cloud services, such as Facebook, YouTube and LinkedIn, provides new targets for security monitoring that can both mitigate and create risk, but Gartner warns surveillance of user activity in these services generates additional ethical and legal risks and must be managed carefully to comply with standards. “There are times when information can assist in risk mitigation for an organisation, such as employees posting videos of inappropriate activities within corporate facilities,” Walls said. “However, there are other times when accessing the information can generate serious liabilities, such as a manager reviewing an employee’s Facebook profile to determine the employee’s religion or sexual orientation in violation of equal employment opportunity and privacy regulations.” Gartner also warns that while automated, covert monitoring of computer use by staff suspected of serious policy violations can produce hard evidence of inappropriate or illegal behaviours, it might also violate privacy laws. Gartner said organisations should be aware of the laws that restrict the legality of interception of communications or covert monitoring of human activity, such as Australia’s Telecommunications (Interception) Amendment Bill 2006.

Chinese contact centre market to overtake Australia by 2017 Lu Shui Shan, Research Associate, ICT Practice, Asia Pacific, Frost & Sullivan

The Chinese contact centre market positioned itself in third place in the Asia Pacific region in terms of revenue in 2010 and will overtake Australia as the second largest market by 2017, according to Frost & Sullivan. The Chinese contact centre market reported a total revenue of US$116.8 million in 2010 and will be worth US$255 million by 2017. System upgrading and expansion activities from existing customers will contribute most of the revenue in the next three years. Lu Shui Shan, Research Associate, ICT Practice, Asia Pacific, Frost & Sullivan, said, “Another driver is the increasing awareness and adoption rate of advanced applications such as workforce management, speech technology and other multimedia applications. “The increasing demand of other UC (unified communications) solutions will also drive the market in the long run. Furthermore, local vendors use relatively low pricing to attract a larger number of customers.” Banking and finance, telecommunications and government make up the top three industries driving this growth in the Chinese contact centre market. Together, they took up more than 60% of the market in 2010.

www.VoiceandData.com.au

©iStockphoto.com/René Mansi

analysts' table SAP’s NSW Trade & Investment deal a proof point for cloud Dr Steve Hodgkinson, Research Director IT Asia/Pacific, Ovum

The success or failure of a recent agreement between NSW Trade & Investment and SAP, which will see the government department deploy SAP’s Business ByDesign SaaS (software as a service) ERP solution, will be an indicator of the future of cloud services in Australia, according to Ovum. SAP recently announced that its cloud-based ERP solution was selected by the NSW state government’s Trade & Investment department following a public tendering process. Dr Steve Hodgkinson, Research Director IT Asia/Pacific at Ovum, said the project is “charting new territory in government use of cloud services in Australia”. “NSW Trade & Investment is to be admired for embracing a new model for public sector ICT procurement. The hope is that the multitenant architecture and configurability of the SaaS solution will enable the many agencies within the Trade & Investment portfolio to use it as an efficient and flexible shared service. “If this hope is realised it will be an important proof point for the efficacy of the cloud services model as an alternative to more traditional in-house shared ICT services arrangements.” The deal is SAP’s largest Business

www.VoiceandData.com.au

ByDesign implantation to date and the vendor’s first cloud platform win in the Australian public sector. “Many eyes, therefore, will be on this project and SAP will need to put its best foot forward. Cloud sceptics will be eager to see it fail. Cloud proponents, on the other hand, will be keen to see both SAP and the agency succeed in taking a major step into the future of public sector ICT-enabled innovation.” Hodgkinson said the timing of the project is good for several reasons. “Firstly, the benefits and risks of the cloud model are becoming better understood - and the department has gone into this project with a pragmatic, strategic, approach and with its ‘eyes open’. Secondly, the maturity of cloud services is evolving rapidly, particularly with regard to the management of the data sovereignty, record keeping and security requirements necessary to obtain the trust of risk-averse government executives and procurement officers. “Thirdly, the crisis of confidence in the ICT capabilities of agencies, particularly in a shared services context, shows no sign of improving. Recent budget cuts mean that it is now difficult for agency executives to pretend that either the ICT status quo or traditional underinvested in-house approaches to application consolidation and sharing are sustainable. “Confidence in cloud services, in contrast, is growing rapidly. The promise that cloud services might actually be better, faster, less expensive and less risky than previous ICT projects … is an attractive and timely proposition.”

industry movements Free air cooling data centre Metronode, a subsidiary of Leighton Contractors, has opened what it terms a “large-scale, energy-efficient data centre” in Derrimut, Victoria. The facility uses direct free air cooling and modular plant systems to help increase power utilisation efficiency. The on-site rainwater retention and harvesting, and a site monitoring system, provide further environmental enhancements at the facility. Peter McGrath, Executive General Manager, Leighton Telecommunications, said: “This facility offers a power utilisation efficiency (PUE) of less than 1.2, compared to traditional data centres which can run in excess of 2.2." The site covers more than 25,000 square metres. The facility can be scaled to support up to 12 MW of IT load, with more than 3000 equipment racks.

Optus 4G in Sydney and Perth Optus has expanded the availability of 4G business services to Sydney and Perth. Customers will be able to utilise USB mobile broadband and mobile Wi-Fi hotspots in the two cities. Günther Ottendorfer, Managing Director, Optus Networks, said, “Building on our first 4G services in Newcastle earlier this year, business customers in Sydney and Perth can now get faster speeds, greater capacity and quicker response times on their 4G mobile broadband services - ahead of our wider consumer 4G launch.” Customers can access the 4G network through two means: the Optus 4G USB and the Optus 4G mobile Wi-Fi modem. Both devices use dual mode 4G/3G HSPA technology, enabling them to operate across the 1800, 2100 and 900 MHz spectrum bands. This allows customers to access 4G connectivity where it is available and to switch to Optus’s 3G network where it is not. Optus claims its 3G network reaches more than 97% of the Australian population.

15 // SEPTEMBER 2012

@work

CUTTING THE ADMINISTRATIVE COSTS OF DATA CENTRE GROWTH

T

elecoms and managed hosting provider Macquarie Telecom has deployed server and network automation in its new $60 million Intellicentre 2 data centre to manage, and reduce, the costs of rapid ongoing growth. Macquarie Telecom’s hosting business has grown 20 to 30% per year over the last four years due to rapid acquisition of new customers and infrastructure. The company’s Sydney-based data centres, including its Tier III flagship Intellicentre 2 (IC2), serve enterprise clients from a broad and growing range of industries, Australia wide. James Mystakidis, General Manager of Hosting Operations, Macquarie Telecom, said that demand for the company’s data and managed hosting services has risen as enterprise customers aim to expand into the cloud. “We expect business requirements for more intelligent and secure hosting services to accelerate further in the next few years, creating a need for Macquarie Telecom to ensure cost-effective growth management while retaining its top-tier levels of service.” To ensure this cost-efficiency of growth without compromising the calibre of its services, Macquarie Telecom undertook an audit of its existing operations using a combination of the IT Infrastructure Library (ITIL) and Cobit frameworks, which formally mapped Macquarie’s IT operations. This allowed the company to identify gaps and clearly articulate to the business what needed to be done to take the company’s hosting operations to the next level.

"Macquarie Telecom's patch management service was popular with its customers but cumbersome to provide, as it was based on a largely manual process with potential opportunity for error."

“The audit process revealed that there were no formal toolsets to manage or automate network and server operations, suggesting Macquarie Telecom needed to automate the management of the network and servers,” said Mystakidis. The company identified that a management tool “would be necessary to complement the $60m investment in state-of-the-art hardware and software which went into our newest Intellicentre 2 data centre”, he said. Previously, most of the server and network management was conducted manually with the support of several custom scripts, meaning that growth was accompanied by rising operating costs. Macquarie Telecom’s patch management service was popular with its customers but cumbersome to provide, as it was based on a largely manual process with potential opportunity for error. To help manage these costs, Macquarie Telecom has deployed BMC’s Atrium Orchestrator and BladeLogic Server and Network Automation. The solution allowed Macquarie Telecom to entirely automate patch management, freeing up operations’ staff time, no longer requiring personnel for patching, and reducing the opportunity for error. The company is also using BladeLogic to provision services within the cloud for patch and managed services. According to Mystakidis, the solution “has allowed us to ensure rapid and sustainable growth without significant increases to operational expenditure”. “The fully automated patching system complements Macquarie Telecom’s existing Management Tools for data and world-class customer service Hub, keeping our quality of service on par with accelerated growth and the technical advances it also entails. “[The] solution provided a cohesive fit with our investment in bringing other areas of Intellicentre 2 to the highest standard worldwide.” Macquarie Telecom’s original calculations of a twoyear payback period for the solution have already been met, within a shorter time span. Automation has severed that direct link between cost and growth, allowing savings to be achieved as the company prepares for continued acceleration in data centre and hosting growth. BMC Software Contact info and more items like this at wf.net.au/R057

16 // SEPTEMBER 2012

www.VoiceandData.com.au

@work

index 20



 Cutting the administrative 18 costs of data centre growth 16

Network upgrade a stepping stone to eHealth

20

 Keeping an eye on the weather with 3G

 Automating cloud delivery 22  Quadrupling bandwidth with fibre allows SIP, with systems monitoring video, EFTPOS services

Network upgrade a stepping stone to eHealth

Sydney Adventist Hospital (SAH) has upgraded its network to support growth and deliver around-the-clock connectivity to doctors and other staff. Sydney Adventist Hospital is a not-forprofit facility of the South Pacific Division of the Seventh-day Adventist Church, located in sunny Wahroonga, New South Wales. The acute-care private hospital has 358 licensed overnight beds and treats around 50,000 inpatients and 170,000 outpatients each year. The emergency department (ED) admits around 20,000 patients annually, making it the busiest ED of any private hospital in NSW. SAH relies on its network being always available, so that doctors and other staff can access patient records and medical images any time of the day or night. The hospital

18 // SEPTEMBER 2012

runs its local area network on Avaya Ethernet Routing Switch 8600 modular core switches and ERS stackable switches. It uses a Virtual Private Network Gateway 3050 to give staff remote access to critical resources, and switch clustering to provide multiple links to all parts of the network. SAH planned to replace paper-based patient records with electronic health records and network-enable its biomedical and clinical equipment. The hospital was also capturing and uploading data in real time for use by clinicians and medical staff with smartphone and tablet devices, all of which put pressure on its existing network infrastructure. “We’re also expanding our facilities,” said Chris Williams, Chief Information Officer, Sydney Adventist Hospital. “By 2014, we

will have several new buildings, with 200 additional inpatient beds and 12 operating theatres, as well as a new arrivals area, an integrated cancer centre and a teaching facility for healthcare professionals. We needed to update the network to ensure clinicians and other staff across multiple locations had access to patient records whenever required.” To prepare for this growth and meet the increasing demand for bandwidth, SAH deployed around 5500 ethernet ports using Avaya Ethernet Routing Switch 4500 and 5000 Series switches. It is also upgrading its network with two Virtual Services Platform 9000 core switches. “The solution provides our medical staff with network access around the clock and is really resilient,” said Williams. “The increased network speeds also allow hospital staff to quickly transfer diagnostic images to remote locations, and patients benefit from the wireless internet access.” IT staff can also upgrade core network switches without scheduling downtime, while ‘plug and play’ provisioning allows deskphone users who are new or moving locations to be set up in minutes, without manual configuration. “These capabilities significantly reduce time to service and increase uptime, as there’s no outage required for switch upgrades and replacements, or in the event of a switch failure,” said Williams. “We can now provide internet connectivity to more doctors and other hospital staff than ever before,” said Williams.

Avaya Australia Pty Ltd Contact info and more items like this at wf.net.au/R018

www.VoiceandData.com.au

Advertisement

Funding to develop your innovation in clean technology? That’s smart.

If you’re a business with a smart innovation that could lead to energy efficient solutions that reduce greenhouse gas emissions, you could be eligible for a grant under the Australian Government’s Clean Technology Innovation Program.

Be smart. Go clean.

Visit australia.gov.au/CleanTechnology or call 13 28 46 Authorised by the Australian Government, Capital Hill, Canberra. Printed by Webstar Print, Unit 1/ 83 Derby Street, Silverwater, NSW, 2128

@work Keeping an eye on the weather with 3G As part of the $1.95 billion upgrade to Queensland’s Ipswich Motorway, more than 40 communication cabinets were installed to enable fibre connectivity between speed signs, variable message displays and traffic monitoring systems. To help monitor the cabinets, the Origin Alliance installed technology from Opengear. The Origin Alliance, which comprises the Queensland Department of Transport and Main Roads, SMEC Austral, Abigroup Contractors, Seymour Whyte, Fulton Hogan and Parsons Brinckerhoff, selected Brisbane-based company Opengear to provide the solution. Opengear provided ‘always up’ network connectivity to support intrusion detection (cabinet sensors) and flood monitoring (water level and leak detectors). The solution included ACM5004-G cellularenabled Remote Infrastructure Management (RIM) gateways, operating on Telstra’s Next G network, for physical monitoring of communication cabinets and video surveillance of sections of the motorway. The always up network connectivity is effective even if fibre connectivity or power is cut. It generates alerts if someone enters the cabinets, creates alarms

in the event of a power failure, and monitors and stores footage from solar-powered video cameras (so traffic engineers can view the road for accidents). During heavy 2012 summer rains, site engineers were able to remotely monitor flood levels near a large storage shed by a creek, which contained $3 million of equipment, and avoid a repeat of the previous year’s flooding, which had completely inundated the shed. Origin Alliance engineers attached the RIM gateway to water sensors. If the sensors were triggered, they would be alerted to move equipment before water reached it. “Going into Christmas, there were predictions of lots of water, so we were protecting against localised flooding,” said Project Engineer Paul Lynch. “Although the creek did rise significantly, actually triggering the first sensor, we were able to keep a close eye on the water level to ensure that it did not present a serious threat to the shed. Fortunately, the water did not rise further, so we didn’t have to remove the equipment.” Opengear Contact info and more items like this at wf.net.au/Q825

Automating cloud delivery with systems monitoring Hostworks, an Australian web hosting company, has implemented a systems monitoring and infrastructure management tool to help improve delivery of its Elastic (Cloud) Computing Platform (ECP). The company provides large websites to highprofile corporate customers including Australia Post, Grays Online, Network TEN, SEEK, Ticketek and Vodafone. In 2008, Hostworks started its Future Service Delivery (FSD) program. This involved a review and change of processes and procedures, reinvestment in core systems and investment in new automation tools to better service its customers and facilitate growth. The program involved fundamental changes to its systems management environment and provided the impetus for the company to seek a way to monitor its ECP. ECP can rapidly deploy additional environments as demand grows, as well as scale back when necessary. ECP helps Hostworks automate its systems management and keep tight control of the computing environment. Adrian Britton, Hostworks’ General Manager

20 // SEPTEMBER 2012

Technology, Strategy and Innovation, said, “At the time, we were looking for a monitoring solution that could integrate with our current environment.” T h e co m p a n y i m p l e m e n t e d Q u e s t Management Xtensions (QMX) - Operations Manager to monitor its ECP. QMX formed a component of the monitoring layer of ECP. This layer comprised two components - the utility, or base, workload and the on-demand computing platform component. With the solution, Hostworks was able to achieve monitoring and alerting, and was able to proactively address issues before they impacted the organisation. They could manage the entire

infrastructure with a single tool. Britton said the solution “played a key part in helping us monitor the fundamental changes taking place in our systems management environment”. QMX lets Hostworks monitor its ECP in real time to improve online service delivery for its customers. ECP is able to automatically gauge and respond to any peaks in online activity. It is designed to handle unpredictable workloads, which decreases the risk of error. Britton said, “When our customers are planning big events that drive traffic to their websites, there is no real way to predict the exact increase. “As an example, SBS came to us to deliver online coverage of the World Cup 2010. As the audience grew, we were able to provision additional machines as needed - thanks in part to QMX - to ensure optimum service delivery for viewers.” Quest Software Pty Ltd Contact info and more items like this at wf.net.au/R025

www.VoiceandData.com.au

Early Bird Offer!

Save $500

Register before 14 September 2012

The World’s Most Important Gathering of CIOs and Senior IT Executives Focus. Connect. Lead. As an IT leader, you have a unique opportunity to change the way your enterprise engages stakeholders, drives effectiveness and achieves results. At Gartner Symposium/ITxpo 2012, you’ll acquire deep new insight into every IT topic that matters to your organization, including cloud, social, mobile and information. • In-depth coverage of the hottest trends and topics in IT and business • 200+ analyst sessions, workshops and roundtables • Networking with more than 1400 of your peers, including 400+ CIOs • Over 50 knowledgable solution providers, all in one place

Guest Keynote Speakers Success Through Simplicity: Apps for Everyone Dom Sagolla Co-creator of Twitter A Real Fighter Private Damien Thomlinson Australian veteran of the Afghan war

For more information and to view the latest agenda visit: gartner.com/au/symposium 3 ways to register | Web: gartner.com/au/symposium | Email: apac.registration@gartner.com | Phone: +61 2 8569 7622

NEW White Papers

now available online!

Power quality With equipment and energy costs rising, it’s hard to stress enough the importance of power quality. Power quality issues can hamper production processes, damage costly equipment and lower productivity. This eBook features articles on power quality challenges, managing and reporting problems, improving efficiencies and reducing costs. Download now.

Global networks for M2M M2M has a relatively short history, having been around since 2000 when it became apparent that communication between machines carrying out similar functions would be a good idea. It has since broadened into communication between dissimilar devices, examples being medicine and mining. This eBook explains more about this technology.

Business impact of application performance problems Issues with the performance of business-critical applications can cause deterioration of an organisation’s business performance. Slow applications that support key business processes can cause revenue loss and a decline in customer satisfaction and employee productivity. To ensure you’re informed, be sure to read this white paper.

The evolution of VoIP and the emergence of unified communications as a service Redefining your existing communications, automating business processes and unifying them all into 21st-century communications technology is bound to create a set of challenges. In this white paper we discuss the emergence of UCaaS and help you decide which UC model is right for you.

For these and more White Paper downloads, visit www.VoiceandData.com.au/white_papers

@work Quadrupling bandwidth with fibre allows SIP, video, EFTPOS services Stationery wholesaler Jasco has implemented a ful ly managed WAN featuring a fibre service with 100 Mbps port capacity. The service offers four times the bandwidth of the company’s previous network, with quality of service (QoS) for future integration of voice and IP EFTPOS services. Jasco is a distributor and wholesaler of scholastic and commercial stationery in Australia, with sales offices in each state and warehouses located in Sydney, Adelaide and Perth. Sister company Eckersley’s is a retailer of high-end art and craft supplies with 25 stores across Australia. The company had plans for its online presence and wanted to upgrade its existing ERP system, but the existing ADSL network was more than five years old and not fast enough to handle and support online transactions. In addition, the existing network was not scalable, hindering future growth plans for the company. Andrew Hislop, IT Manager, Jasco, said the company’s existing network was creating a number of challenges. “Prioritisation of critical applications like the ERP and POS systems were not possible on the network, and our security solution was unmanaged and spread over a number of devices, which was simply not suitable to service an online business. In addition, internet and backup links at the NZ sites were not integrated into the existing WAN.” There was also increasing pressure from the business to gain more visibility of day-to-day usage trends and overall service performance, in order to plan ahead for future requirements. Jasco employed a fully managed WAN from Azzurri. It features a fibre service with 100 Mbps port capacity for future growth into key sites with a managed Palo Alto Networks firewall. “We now have a scalable network which is enabling IT to drive transformation in our business,” said Hislop. The new service gives four times the bandwidth than the company’s previous network. It features QoS to help future integration of voice and IP EFTPOS services, in order to drive cost savings, and simpler management of the voice and data estate. The solution’s management portal allows Jasco to access network statistics on demand such as daily and weekly usage statistics, usage by protocol and application type, and round trip times between servers and users. Hislop said the next phase would be to roll out additional costsaving projects on the back of the upgraded WAN, such as SIP voice and videoconferencing. Azzurri Communications Contact info and more items like this at wf.net.au/R043

22 // SEPTEMBER 2012

www.VoiceandData.com.au

SMB infosec tips

©iStockphoto.com/budiadiliansyah pardomuan

ONLY AS GOOD AS YOUR LAST BREACH Michael McKinnon

There is no shortage of news stories about internet security breaches. While the breaches at big name companies are the ones that tend to make headlines, small to medium-sized businesses (SMBs) are becoming the preferred target of cybercriminals since they are less likely to have strong security in place.

A

ccording to the Verizon 2012 Data Breach Investigations Report, in 2011 there were almost 12 times as many breaches at organisations with between 11 and 100 employees than at those with between 101 and 1000 employees, with cybercriminals choosing highvolume, low-risk attacks against weaker targets. Although the risks are increasing, many businesses are still jeopardising their business - and business reputation - by relying on inadequate internet security that doesn’t keep pace with constantly evolving online threats. An attack on your business could cause irreparable damage, from lost productivity and sales to a trashed brand image. According to the AVG SMB Market Landscape Report 2011, the average cost of a security breach is US$6370. This does not take into account intangible costs like sullied reputation, loss of future business, customer trust, goodwill and flight to competitors. The potential impact of security flaws on customer perceptions - and business reputation - was borne out in the Ponemon Institute’s 2012 Consumer Study on Data Breach Notification. It found 83% of respondents believe organisations that fail to protect their personal information are untrustworthy. It also showed customer loyalty is at risk following a security breach notification. In response to being notified of a breach by an organisation, 15% said they would end their relationship, 39% said they would consider doing so and 62% said the notification decreased their trust and confidence in the organisation. The effects of a damaged reputation live on long after the headlines

24 // SEPTEMBER 2012

have died down. Many will recall the big breaches of 2011 and 2012: • The online theft of 6.5 million user passwords from LinkedIn. • More than 1.5 million Australian user accounts compromised after an attack on Sony’s global PlayStation network. • A lost unencrypted US Space Agency laptop, containing codes that control the International Space Station, was one of 5408 computer security ‘incidents’ that resulted in unauthorised access to NASA systems or installation of malicious software in the previous two years. Yet, despite the NASA experience, internet security is not rocket science. AVG found at least 70% of the targeted cyber intrusions commonly seen in the last year could have been easily prevented if businesses had implemented basic mitigation strategies. Verizon went even further in its 2012 Data Breach Investigations Report, saying almost every breach - 97% - was avoidable through simple or intermediate controls! Nor are breaches restricted to the big names in the corporate world. With many large businesses now tooled up to respond quickly to cyberthreats, including employing chief security officers (CSOs), cybercriminals have turned their efforts to SMBs. The Australian Business Assessment of Computer Use Security (ABACUS) survey from the Australian Institute of Criminology suggested a high proportion of SMBs are taking unnecessary business security risks: fewer than 1 in 10 SMBs were automatically updating their computers. You can buy insurance to recoup some of the recovery costs from a breach but you can’t buy your reputation. So what is needed

www.VoiceandData.com.au

to protect your operation - and its image - from cyberthreats? A whole-of-business approach is necessary to constantly monitor new and emerging threats from all online channels. Businesses need to treat internet security the same way as corporate governance and brand protection. This is a boardroom issue, not simply a technology debate. No company should be operating without stringent online safety precautions in place, particularly when effective measures are readily available. Having automatically updated, always-on antivirus and internet software running across all company computers and employees’ mobile devices is a must. While businesses are adopting social networking as a promotional and marketing opportunity to engage customers, precautions such as web link scanning are needed to protect against associated online threats. If those precautions are absent, businesses will be left scrambling to salvage their image and reputation following an attack.

Practical steps At the end of the day, cybersecurity is about managing both risk and reputation. Here are 11 tips to help SMBs do just that: 1. Install internet security software - According to the AVG Community Powered Threat Report, 99% of malware is delivered via the web; 90% from popular websites. More than 70% of websites with malicious code are legitimate sites that cybercriminals have infected. More than 85% of all email is spam and more than 80% of those spam emails contain malicious links. Internet security software protects you from identity theft, spyware, viruses and other malicious software. 2. Update - A disturbing number of major security threats target holes that were patched years ago, because many businesses simply don’t keep their software up to date. Keep protection updated for all computers and mobile computing devices that are brought in or taken home by staff and contractors. 3. Automate - Ensure backups occur automatically and frequently. Don’t turn automatic updates off. 4. Promote strong password management - Use passwords that are not easy to guess, are as long as possible (at least 10 characters) and which include a combination of upper and lowercase letters, numbers and symbols. User accounts need strong passwords, yet the most common password is ‘123456’, according to a Sydney Morning Herald report on the hacking of Hotmail accounts in 2009. 5. Scan first, ask questions later - As a first line of defence in social networking activity, use ‘scan before you click’ technology to ensure shared links and files are checked and safe. 6. Educate - Even with the best security software installed on all devices, you still need to educate staff about risks. Implement a robust online security policy

www.VoiceandData.com.au

"83% of [survey] respondents believe organisations that fail to protect their personal information are untrustworthy."

and provide staff with written security guidelines to keep them and your business network safe. Don’t assume everyone is tech savvy. Those Nigerian and Lotto win scam emails still exist because so many people still fall victim to them. 7. Police - Beef up your security policy and enforce your robust internal policy with regular security audits. 8. Create a DMZ (de-militarised zone) - If you need to provide visitors with internet access, invest in networking equipment that provides a DMZ that will give your visitors restricted access so they can’t infect your systems, install software or log into your files. 9. Be antisocial to cybercrims - Social networking sites are not just a marketer’s new best friend; they are also the cybercriminal’s new playground. AVG research shows the top 50 social networking sites have 20,000 compromised pages containing web threats or illegal content that could harm your computer or lead to personal data. More than half of those pages were on Facebook and a third on YouTube. 10. Cover all bases - including Mac. You need proper protection for every operating system platform used by your business. The Mac and Linux/FreeBSD operating system platforms can be compromised just as easily as the Windows platform. In 2011, AVG saw a significant increase in Mac-related malware. In our experience, a platform only needs to have 10% market share to become sufficiently worthwhile to malware authors so it’s no surprise that with the number of Mac users rising, cybercriminals will now think it’s worth the effort to develop malware for that environment. Cross-platform threats also exist, as many Microsoft Word viruses work on both PC and Mac for instance. While the bad guys will target security flaws in most of the major browsers as they become aware of them, they more often target security lapses in operating systems and other utility software like Adobe Acrobat Reader, Adobe Flash and Apple iTunes. 11. Mobilise mobile device protection - A lot of malicious web-based content is specifically designed to attack smartphones and tablets, which can also be hacked over shared Wi-Fi networks. All mobile devices should be password protected and have security software installed that automatically combats viruses and malware, actively checks web pages in real time, tracks lost or stolen devices and can remotely wipe them. Michael McKinnon is Security Advisor at AVG (AU/NZ), the distributor of AVG Technologies’ AVG internet and mobile security software in Australasia. He is passionate about security and fights on the ‘front line’ in the war against cybercrime, educating and empowering businesses and consumers to stay safe online - no matter how tech-savvy they may be.

25 // SEPTEMBER 2012

building blocks THE PRODUCTS & SERVICES DRIVING CONVERGENCE

security MANAGED SECURITY SERVICE The global infrastructure of the Blue Coat Cloud Service utilises a meshed network in which all points of presence are interconnected, allowing users to connect with any individual point of presence as they move around the world. This unique mesh network delivers high availability for the Blue Coat Cloud Service and enables security without compromising performance, Blue Coat Systems claims. The Blue Coat Cloud Service delivers robust threat protection that is backed by the Blue Coat WebPulse collaborative defence. The WebPulse defence receives more than one billion real-time requests daily from 75 million users worldwide, providing deep visibility into the web ecosystem and malnets (malware networks). By identifying and tracking malnets, the WebPulse defence can block attacks at their source, before they launch. Using this and other advanced analysis techniques, the WebPulse defence blocks 3.3 million threats per day. The Blue Coat Cloud Service further enhances enterprise-grade protection service with the availability of CustomerView, a portal that gives users a customisable, centralised view of all customers utilising the service. CustomerView enables users to: create customisable service offerings for granular content, application and access policy creation; access reporting on web behaviour to identify potentially infected end-user systems; and troubleshoot. Users can also easily manage customer billing and renewals through CustomerView. Blue Coat Systems Inc Contact info and more items like this at wf.net.au/Q930

ANTIVIRUS MANAGEMENT FEATURE FOR REMOTE PC MONITORING LogMeIn has released an update to its IT automation and management product, LogMeIn Central, that makes it easy to monitor and manage hundreds of versions of antivirus software through a single, centralised interface. The new capabilities, which include support for antivirus software offerings like Norton, AVG, McAfee, Kaspersky and Microsoft Security Essentials, give IT professionals the ability to monitor antivirus installations, run full threat scans and receive virus threat detections on any number of remote PCs under management. As a result, these users can manage all antivirus installations - regardless of brand preference - from a single tool. LogMeIn’s Anti-Virus Management feature is designed to let IT professionals verify antivirus software is installed and enabled on remote PCs and servers. They can check virus definitions and update if necessary, and confirm real-time protection is on (and turn it on if needed). Users can also initiate a full scan if needed, as well as view a threat log with viruses found on remote computers. The product allows users to secure PCs and servers running Windows 7, Windows XP, Windows Vista, Windows Server 2003 and Windows Server 2008. LogMeIn Australia Pty Ltd Contact info and more items like this at wf.net.au/R011

SECURE PRINTING PROGRAM The Kyocera Net Policy Manager (KNPM) is an economical and simple way for organisations to reduce document costs, introduce secure printing and adopt a sustainable printing strategy. KNPM allows users to send a document to print and then collect it at any time, from whichever Kyocera printer or multifunction device they prefer. This increases office productivity by avoiding busy devices, preventing documents from being collected in error, and also adds security by the use of a swipe card or PIN login for secure document release. KNPM offers the choice to automatically enforce economical print options users often forget. These include options such as EcoPrint (toner-save), monochrome printing and double-sided output. KNPM allows different policies to be applied to different departments or different users. For instance, managers and the sales department could be given the option to print in colour, while general administration staff could be limited to monochrome, saving on printing and copying costs. Swipe or proximity cards make the process of authentication simple. No skills or training are required. Stored documents can be printed once a user presents their card. Authentication also enables ‘scan to me’, which automatically sends scanned documents to the logged-in user’s inbox. Kyocera Australia Contact info and more items like this at wf.net.au/Q929

26 // SEPTEMBER 2012

SECURITY ARCHITECTURE Triton provides enterprises with the deep protection, forensics and visibility necessary to understand which individuals are subject to attacks, cybercrime tactics and methods, attack communications and destinations, and what data is being targeted. The real-time, inline ACE (Advanced Classification Engine) security engine has 10 new defences that stop data theft and loss. These include detecting criminal encrypted uploads; advanced malware payloads and commandand-control recognition; optical character recognition (OCR) of text within images for data-in-motion; drip (stateful) DLP detection; password file theft detection; and geolocation awareness. The product provides spear phishing protection with cloud sandboxing. Cybercriminals frequently target specific users with spear phishing email attacks. Many of these attacks load malware and threats onto websites after initial email gateway security inspection. Cloud sandboxing capability identifies suspicious links in emails for real-time analysis. Once email recipients click on an embedded URL, the product analyses the website content and browser code in real time, in a cloud environment, to help ensure safety in any location. A malware threat dashboard profiles security incidents and provides forensics. It reports severity levels and includes the ability to export incidents to SIEM solutions. Websense Australia Pty Ltd Contact info and more items like this at wf.net.au/Q607

www.VoiceandData.com.au

BUILDING BLOCKS UNIFIED STORE SOLUTION Citrix has announced the availability of CloudGateway 2, its unified store solution. Featuring MDX mobile technology, the product offers a single unified point of control for all mobile, web, SaaS and Windows apps and data, across any mix of corporate and personal devices. MDX technology features four primary components, including an app vault to separate enterprise and personal apps and data, secure mobile browser technology and a micro VPN. The technology provides full control for IT while enabling flexibility and mobility for users. The product enables companies to use ShareFile, Citrix’s cloudbased file sharing and sync service. Due to the service’s mobile application management capabilities and integration, employees will be able to access their files on whichever device they choose. The latest version of Citrix Receiver has also been announced. Adding MDX support to this software client, in combination with CloudGateway 2, will provide employees with reliable access to their apps and data from any device. Citrix Systems Asia Pacific Pty Ltd Contact info and more items like this at wf.net.au/Q965

www.VoiceandData.com.au

CABINET ACCESS CONTROL AND MONITORING SYSTEMS InfraSolution is designed to allow cabinet control and monitoring of door handles, including temperature and humidity for up to 200 cabinets over either LAN or WAN environments. The web-based GUI (graphic user interface) management software allows up to eight simultaneous users to access and control different cabinets. Only authorised employees can gain access and only as specified by the administrator to individual enclosures in specific time windows. There are two InfraSolution ‘out of the box’ options: the InfraBox 820 and the InfraBox 840. The 820 package includes two (front/rear) SmartCard electromagnetic rack handles/cable harnesses and two SmartCards. The InfraBox 840 package has all the 820 features plus an additional 8 x RJ45 expansion ports that allow the user to control or monitor SmartPDUs and other smart products via a Cat6 cable. Typically, users can monitor PDUs’ amperage as well as remotely switching power sockets on and off via IP using the same GUI software. The products also have two RJ11 ports that provide an interface for digital temperature and humidity sensors. The SmartCard handle is designed for use with either inductive, mechanical or optical door opening/closing sensors and the SmartCards themselves can either be HID or Mifare compatible. The handle has a built-in digital temperature sensor and is supplied with mechanical keys for security backup. The system is available on all S2005-style doors, in single and multipoint configurations and as either left- or right-hand hinged. MFB Products Pty Ltd Contact info and more items like this at wf.net.au/Q958

27 // SEPTEMBER 2012

BUILDING BLOCKS 10 MB AND 1 GB ETHERNET TESTER

MOBILE APPLICATION DEVELOPMENT BlinkMobile has announced the launch of its international language version of the Blink Mobility Platform. The Mobile Enterprise Application Platform (MEAP) is a cloud-based solution that enables enterprise-sized organisations to design, build, deploy and manage mobile services for internal and external users. BlinkMobile partners and customers will be able to create mobile-enabled applications and HTML5-based web apps in their own language and character set. International languages support includes full local language support for the gathering and processing of content via web services and other methods; display of all application structures and data in any language and/or script to any device that supports UTF8 (almost all current mobile devices and browsers); full local language support in BlinkForms (BlinkMobile’s extensive electronic forms solution) including labels, menus and data; and full local language support within Data Suitcases (used for disconnected operations and offline storage of working data). Blink Mobile Technologies Contact info and more items like this at wf.net.au/Q617

Available to rent, the JDSU SmartClass 10 Mb and 1 Gb Ethernet Tester for copper and fibre is an entry-level tester suitable for service installation, turn-up and maintenance technicians supporting metro and enterprise ethernet networks. Assessment of carrier ethernet services and active ethernet (point-topoint) access deployment, traffic generation and QoS verification can all be done from this handy, compact machine. Multiple streams testing allow simultaneous measurement to verify integrity of services from eight sources. Users can verify if the network transports frames with the expected priority and bandwidth, or whether they reach a destination at all by examining frame loss, throughput and identifiers per stream with this JDSU tester. Features include: complete upstream and downstream testing; physical layer integrity verification; automated RFC2544 preset determines bandwidth; graphical test reporting; asymmetric RFC testing. TechRentals Contact info and more items like this at wf.net.au/Q857

28 // SEPTEMBER 2012

IP-BASED PROTECTION The IP Intelligence service is a cloud-based solution that enables organisations to safeguard their infrastructures by detecting and stopping access from IP addresses associated with malicious activity. Leveraging a list of threat sources and high-risk IP addresses, the service delivers contextual awareness and analysis of IP requests to identify threats from multiple sources across the internet. The service draws on the expertise of a global threat-sensor network and IP address database to detect malicious activity, and can offer protection throughout the application delivery infrastructure with F5’s unified BIG-IP architecture. The service denies access to IP addresses known to be infected with malware, in contact with malware distribution points and with low reputations. Active IP addresses offering or distributing malware, shell code, rootkits, worms or viruses are denied access. The service leverages data from multiple sources to effectively gather real-time IP threat information and block connections with those addresses. The service reveals both inbound and outbound communication with malicious IP addresses to enable granular threat reporting and automated blocking, helping IT teams create more effective security policies to protect their infrastructures. F5 Networks Australia Contact info and more items like this at wf.net.au/Q615

CARBON TRACKING TOOL Pronto Software has launched a carbon tracking application that allows users to monitor carbon consumption and output across a range of business operations and sectors. The technology is included in the latest release of the company’s integrated ERP and BI solution, Pronto Xi. The carbon tracking functionality is intended to help Australian businesses understand how their business operations consume energy and produces carbon output. The ERP-centric carbon tracking software revolves around offering business users the capability to track and monitor costs and efficiencies across various operations within their business. This capability provides transparency for managers to identify how their operations contribute to carbon output. The carbon tracking solution involves the capturing of activity data, the calculation of emissions and the presentation of results. Once implemented, it records activity data during normal business operations. Business-specific operations can be integrated by using infrastructure tools. Pronto Software Pty Ltd Contact info and more items like this at wf.net.au/Q610

www.VoiceandData.com.au

BUILDING BLOCKS INTEGRATION AND MANAGEMENT SERVICES HP has expanded its IT Performance Suite of software with Service Integration and Management services. Designed in response to the trend of 'supplier sprawl,' where enterprises use multiple external suppliers for their cloud-based services, HP's Service Integration and Management offering aims to enable enterprises to integrate, manage and govern complex multivendor environments to optimise the IT supply chain, improve service performance and reduce risks and costs. The offering uses a standard IT architecture and integration model for all services, improving visibility into multivendor environments by providing enterprises with a single view into multisourced services, including cloud services, whether provisioned internally by IT or externally by non-IT business groups. The Management Roadmap Service helps an enterprise simplify management of its multiple suppliers to reduce the risks and costs associated with compliance regulations. It provides an overall topology of IT services and includes information about all suppliers, including internal IT groups and external service providers. Once implemented, all suppliers are standardised on the same operating model so they can be held accountable for service level agreements. With real-time visibility into business service performance, as well as the performance of relevant suppliers (eg, critical service providers), an enterprise can proactively monitor its service delivery and identify required processes to improve management and performance of its multiple supplier environments. Hewlett-Packard Australia Pty Ltd Contact info and more items like this at wf.net.au/M901

UNINTERRUPTABLE POWER Eaton Corporation has announced the launch of 9E UPS power quality solution, suitable for Australian SMEs who require an energy-efficient, highly reliable and compact power solution for their data centre and other applications demanding consistent power protection. The product features a transformer-free design with sophisticated sensing and control circuitry to achieve up to 98% efficiency rating and provide maximum load protection in its advanced high-efficiency mode. It provides surge suppression for the load, detects the location of faults and takes appropriate action. It switches to doubleconversion operation in less than 4 ms. The company’s Hot Sync technology makes it possible to parallel up to four UPSs to increase availability or add capacity. This enables load sharing without any communication line, thus eliminating the potential for a single point of failure. The product consumes up to 35% less floor space than similar units and its 600 mm wide UPS cabinet enables seamless ‘in row’ integration with IT racks. A large LCD graphically displays UPS status and offers easy access to measurements, controls and settings, while the Eaton Mini-Slot connectivity card enables users to monitor, manage and remotely shutdown UPSs across the network. The company’s Intelligent Power Software Suite incorporates two important applications for ensuring quality power and uptime: monitoring and management of power devices across the network combined with automatic, graceful shutdown when faced with an extended power outage. The product is available in ratings from 80 to 200 kVA. Eaton Industries Pty Ltd Contact info and more items like this at wf.net.au/Q944

www.VoiceandData.com.au

29 // SEPTEMBER 2012

Intelligent cabling

INTELLIGENCE IN CABLING INFRASTRUCTURE

Thorsten Punke

IT service management (ITSM) is a critical part for the operation of a data centre (DC) facility. ITSM usually relies on information collected from switches, cabinets, KVMs, UPSs and other devices. A managed connectivity approach can be considered as the next step in the evolution of intelligent infrastructure management systems.

P

hysical layer management - also known as ‘intelligent patching’ - is grounded in the need for automated documentation of physical patching adds, moves and changes. However, in today’s increasingly virtualised world, these systems have to evolve to provide more of a ‘managed connectivity’ approach, in order to give the same level of visibility of the physical network layer as what exists for the higher layers in office networks, data centres and co-location environments. Increasing volumes of data, and demands for more efficient use of financial and IT resources, mean that today’s networking professionals are being asked to deliver network services that are not only ‘always on’, but that also respond with agility to rapidly changing business needs. These increasingly complex networks demand: • Efficient management of a virtualised infrastructure, through investment in virtualisation management software. • Excellent IT process control through implementation of best practice frameworks such as ITIL (Information Technology Infrastructure Library). • A highly integrated approach to all aspects of network management to enable users to get the most out of their data centre infrastructure management (DCIM) and network management (NMS) software. • Improving the overall security of connections. Investment in virtualisation, from the data

30 // SEPTEMBER 2012

centre to the desktop, and enhancement of inhouse capabilities with cloud-based services, can increase flexibility and efficiency, but at the cost of a more fluid and less tangible operational environment. This environment requires a high level of process control and clear visibility of network assets and their workload to give IT professionals the control that is essential to run an efficient enterprise network or data centre. While most elements of the network can be managed in this way, there has been one element that has lagged behind in terms of process automation and network visibility - the physical layer.

Data centre optimisation By delivering physical layer data to data centre infrastructure management (DCIM) software, a managed connectivity solution helps to speed up the provisioning of data centre equipment, while improving rack density and making more efficient use of ‘white’ space. In addition, co-location data centre owners are able to provide added levels of assurance to their customers via automated physical asset and data location reporting. Data centre space is expensive, and the construction and expansion of data centres is complicated and resource intensive. To make the most efficient use of financial and skilled resources, it is essential that data centre owners get the most from existing rack space and existing floor space. Within a rack, a managed connectivity system can help to identify unuti-

www.VoiceandData.com.au

©iStockphoto.com/Baran Özdemir

lised switch and server ports, thereby improving computing density per rack. It can also help to identify the physical location of unused rack space, along with the availability of suitable connection capacity to service that space. By helping to maximise the density within each rack, a managed connectivity system can free up expensive floor space for further expansion, delaying the need for additional facility investment. For co-location data centre owners and providers of cloud-based data-centre services, one of the biggest concerns that their customers have is the security and location of their critical data. By integrating managed connectivity into the data centre physical structure, they now have ‘real time’ physical data on the connections between servers that can be mapped to their physical location. This information can be used to assure customers of the physical location of their data, aid compliance with international data storage regulations and provide security alerts should any unauthorised physical connections occur.

This approach opens up the possibility of applications being developed that, for example, can help to improve: • the speed of commissioning of equipment by linking real-time knowledge of physical connections to active equipment port information • space utilisation by linking physical connection data to site location information • rack utilisation by linking energy loading, connectivity capacity and location data • security by linking facility security system information with IT connection data These are just a few examples of the valueadded applications that can be developed by linking the physical connection data to other management applications.

Hardware technology "To make the most efficient use of financial and skilled resources, it is essential that data centre owners get the most from existing rack space and existing floor space."

There are several ways to provide the intelligence. The most common involves running a copper conductor in each patch cord. On the patch panel side is the contact array, which feeds information to a centralised database through an analyser. RFID is another option, but practically never had a breakthrough. A recent development embeds a chipset into the actual connectors. When a plug is inserted into an equivalent connector, the data from the chip, along with port and panel data, is passed to a controller and is then sent to a centralised database. In the end, these systems all feed a database with information about the connections, which is then used for IT services. This chipset method can offer more functionality than the previous technologies, which deliver only the basic information. Managed connectivity solutions enable higher network availability, while lowering network costs, by integrating full visibility of the physical layer into existing network management applications all the way from the data centre to the desktop. It is important to understand that managed connectivity is one part to fulfil ITIL or any other IT service requirement.

Integration Managed connectivity systems can integrate with network management and data centre infrastructure management software via open application interfaces and software development systems. They can add physical connection and location information to existing logical information and improve the utilisation of existing management software investment and networking assets.

www.VoiceandData.com.au

Thorsten Punke is Head of Marketing ANZ for Enterprise Networks, a TE Connectivity Division. He has 15 years’ experience with areas such as copper, fibre, testing and active technology. Before joining the ANZ team, he worked as a global program manager for Office Networks and for Data Centre in the Europe, Middle East and Africa region.

31 // SEPTEMBER 2012

BUILDING BLOCKS MODULAR TEST PLATFORM The VeEx UX400 is a modular platform for transport, carrier ethernet, mobile backhaul and legacy testing. Its hardware and software architecture has been designed to be versatile and flexible, to optimise configurations to meet users’ specific needs; from transport applications, at rates ranging from DS1/E1 to OC-768/STM-256/OTU3, to carrier and ethernet transportation applications, from 10M to 40GE/100 GE and beyond. It supports 40G, 100/40GE, 10G, 1G, PDH test interfaces, without having to change modules, and has dual ports for bidirectional network monitoring. Its modular architecture allows for up to six independent test modules and up to six concurrent tests, or combination of tests. It also allows simultaneous remote and local users to share the platform and run independent tests, maximising the use of resources. A robust, portable chassis (less than 10 kg, including battery pack) offers test capabilities ranging from DS1/E1 to 10 GE and beyond, allowing any combination of field exchangeable, test modules, tailored for each particular application or set of requirements. A built-in GPS and atomic clock is provided for system clock synchronisation, eg, to provide an accurate timing reference when an office clock is not available (eg, mobile station) and to verify the accuracy of a received network clock. It has a 10.4″ TFT colour LCD with touch panel and intuitive GUI. Other features include: ethernet from 10-T to 100GE; generates ±150 ppm clock to stress both ethernet and SDH networks; Jitter and Wander analysis, up to STM-1e rates; SyncE and IEEE 1588v2 support with Wander analysis; pulse mask analysis on PDH signals; fast and efficient test result transfer to USB memory stick or FTP upload; battery operation at all rates. TelecomTest Solutions Contact info and more items like this at wf.net.au/Q723

CLOUD SOFTWARE FOR BUSINESS APPLICATIONS To maximise flexibility and minimise costs, user organisations are increasingly looking for a range of cloud-based options including open standard-based integrated system platforms providing virtualisation, multitenancy, advanced automation and facilitated operations as well as compatibility with public cloud environments. Oracle has announced the release of its Exalogic Elastic Cloud Software 2.0, which has been optimised for running business applications. The product helps to eliminate application and middleware deployment risk with one-click automated deployment of complex, multitier business applications. Customers are said to experience up to 10x performance gains for Oracle Applications, Java-based applications and other business applications as well as up to 6x faster application provisioning to help customers quickly respond to changing market needs. Built on open, industry-standard technologies, the product supports virtualisation of mission-critical business applications with near native performance vs physical servers through Oracle VM integration. It provides a high-speed communication (I/O) fabric, Oracle Exabus, which ties the system’s components together. It delivers elasticity at the application level through integrated application-to-disk management with Oracle Enterprise Manager 12c. It supports consolidation of multiple applications on the same system as a private cloud, while eliminating security risks through complete application isolation. Oracle Traffic Director, a built-in Application Delivery Controller, securely manages and routes large volumes of application traffic with high performance.

AUTOMATIC POWER TRANSFER SWITCH FOR NETWORK EQUIPMENT Data centres require power source redundancy in order to ensure that critical services are always up and running. Many modern devices include internal redundant power supplies with primary and secondary power inlets. However, most legacy devices can only be powered from a single power source. The Western Telematic PTS series automatic power transfer switches from provide redundant AC power switching for single corded devices. The series features two power inlets, allowing the unit to automatically switch to a secondary, backup power source in the event that the primary source fails. Two models are available: the PTS-4EE15-2F provides four 10 A C13 power outlets, while the PTS9CM20-2 provides eight C13 outlets and one 20 A C19 outlet. Both models provide fast, reliable asynchronous power switching, LED indicators that show the active power source, easy installation and require only 1U rack space. Interworld Electronics & Computer Industries

Oracle Corporation Australia Pty Ltd Contact info and more items like this at wf.net.au/Q972

32 // SEPTEMBER 2012

Contact info and more items like this at wf.net.au/Q921

www.VoiceandData.com.au

BUILDING BLOCKS DATA CENTRE INFRASTRUCTURE MANAGEMENT

HELP DESK SOFTWARE

The StruxureWare Data Centre Operation v7.2 Data Centre Infrastructure Management (DCIM) software identifies underutilised servers, enabling the optimisation of IT equipment within the data centre. Updates to the platform include the addition of IT Power Control and the inclusion of the Cisco UCS Manager Plug-in. The software helps customers optimise the IT layer of the data centre by focusing on actual IT power consumption, rather than nameplate ratings, and by reducing the power and cooling required to support the IT layer. The platform also provides a report on top power consumers, presenting data centre managers with a list of servers that are likely candidates for upgrades, load sharing or retirement, as well as a report on underutilised and non-utilised servers, helping reduce server sprawl. Server usage chargeback enables businesses to capture and assign IT costs to individual departments for accurate billing support down to the physical or virtual server level. IT asset auto-discovery saves time and increases accuracy of managed asset inventory. Auto-association automatically associates discovered IT devices with the inventory, based on properties such as make, model and IP address.

Help desk software is an essential component of running an effective IT organisation. SolarWinds Web Help Desk is a cross-platform, web-based solution that allows IT professionals to remove complexity from their IT service processes and to improve service to their end users through practical, flexible tools. Users can easily perform help desk ticketing support and management operations from a single, centralised web console, purpose-built for IT processes and organisations. Change management operations can be automated with the customisable change management functionality. The product simplifies asset management for both hardware and software assets through a centralised IT asset repository. The extensive KnowledgeBase Engine can be leveraged for capturing and sharing ITSM best practices and solutions. By automating and simplifying tasks, the product helps IT teams overcome the everyday challenges of managing IT operations and supporting virtually unlimited numbers of end users. It makes both first time and enterprise-level automation simple and reduces complexity for help desk management, IT service management, IT asset management, inventory and desktop management, compliance management and knowledge management.

Schneider Electric Aust Pty Limited

SolarWinds Software

Contact info and more items like this at wf.net.au/Q616

Contact info and more items like this at wf.net.au/Q918

THINK IP SURVEILLANCE THINK D-LINK Key IP Camera Features*

Key benefits of D-Link's end-to-end video surveillance solution include:  completely integrated and proven

 single source of support

 certified with leading video surveillance

 full line of latest IP cameras and switches

software

 price performance leading IP storage

• 1/2.7" 2 Megapixel CMOS progressive sensor • Real-time H.264, MPEG-4 and Motion JPEG compression • Full HD resolution up to 1920 x 1080 • Built-in removable IR LED to support dark environments with 0 lux illumination • Power over Ethernet (PoE) • Motion detection • Tamper detection • ePTZ • Micro SD Card slot • 2-way audio support • 3GPP mobile surveillance • IPv6, 802.1x, QoS, CoS • ONVIF compliant *DCS-6113

Wireless Tech (Australia) Pty Ltd +61 2 8741 5080 | sales@wirelesstech.com.au

www.VoiceandData.com.au

33 // SEPTEMBER 2012

In my opinion

BYOD: THE NEXT Y2K?

Carl Jefferys

We all recall the commotion surrounding the Y2K bug at the turn of the last century. Now, many vendors are using the concept of BYOD (bring your own devices) to scare organisations into buying new products. What many IT managers don’t realise is that they may already have the tools to control this influx of wireless devices.

P

ersonal devices connected via Wi-Fi are surging, yes, but product peddlers have positioned BYOD as Armageddon 2.0. Wildeyed Crackberry-turned-iAddict users are making enterprises reassess their wireless strategies. But in reality, what most businesses really want to do with BYOD is simple: find an easy way to bring known devices onto the network, apply policies to these devices, extend wired security and design to the wireless network and easily add wireless capacity to networks. Understandably, some organisations (those with strict compliance requirements) need highly customised security policies in place. But despite the BYOD hype claiming that everyone needs all the customisation and then some, very few companies in the mid-tier segment really want to implement every bell and whistle, because they don’t have time, skilled staff or budget - they often also don’t see the need. BYO BYOD Many organisations may already have the right network components to address their BYOD basics without having to purchase more network equipment: • Authentication - You already securely authenticate users against your database servers for some networking functions. • Network security - Many organisations have already invested time and energy designing proper network segmentation and security with VLANs, ACLs (access control lists), firewalls and content filters. • Role-based access policies - You know who people are and where they belong on the network; now it’s time to use that information to make sure everyone gets the right access and nothing else. • Visibility - There are many devices in the network that can monitor who’s on your network and what they’re doing. A smart Wi-Fi system provides this information at the edge. Existing Wi-Fi features Wi-Fi features that have been around before the BYOD bell started ringing will help most organisations overcome BYOD fears and despair. Dynamic pre-shared keys (DPSKs) are a unique feature for organisations that aren’t ready to wade into the deep end of Wi-Fi BYOD security with 802.1X. Traditionally, WPA2-Personal uses a shared PSK for

34 // SEPTEMBER 2012

"Many organisations may already have the right network components to address their BYOD basics without having to purchase more network equipment."

the entire network. There are several known security and manageability problems with these shared keys. However, with DPSK, a unique, secure key is created for each user or device. By pairing each user/device with an individualised PSK credential, the key/device/ user combination can receive a unique policy and can be managed and monitored individually. It’s the Goldilocks principle! DPSK is a suitable fit for the BYOD craze, especially for companies caught between the less palatable extremes of 802.1X and traditional passphrases. Features that automate device provisioning can also be beneficial for BYOD. Some, when combined with DPSKs or 802.1X, can offer a secure onboarding tool that allows users to self-provision devices without IT intervention. In a typical workflow, users connect to a provisioning network, securely log in with their domain credential and the provisioning tool autoconfigures their device with the appropriate network profile and its associated privileges. The device reconnects to the proper network and the user receives access, based on the role-based policies in place on the Wi-Fi system - or obtained from a user database. IT stay out of the onboarding loop and yet they retain full control over the user/device access. And in most systems, administrators gain visibility to see device-specific settings, which user registered the device, what type of device it is and plenty more. For enterprises that want additional device-specific policies, most vendors have integrated software that profiles new devices using OS fingerprinting techniques. These solutions are less intimidating than fullblown NAC and MDM (mobile device management) approaches, but they solve the real problems for a majority of organisations. If the WLAN is designed properly and provides reliable RF functionality, users stay connected and productive. And that is exactly how BYOD should be. With more than 30 years’ experience in the IT&T industry, Carl Jefferys is ANZ Ruckus Wireless Country Manager. He has held senior management roles at NEC and Macquarie Telecom as well as engineering and sales positions with Amalgamated Wireless Australia (AWA), Control Data, Datacraft and Lucent. He has worked for start-ups, vendors and telcos.

www.VoiceandData.com.au

A big THANKS to all our valued readers! You have helped create TWO fantastic new magazines After analysing the results of over 1000 READER SURVEYS completed earlier this year, we are excited to announce a major transformation for longstanding brands Voice+Data and Electrical Solutions. The new titles (and their respective websites) reflect the changes in technology markets in recent times and will better service YOUR business information needs.

Voice+Data morphs into Technology Decisions • Content shifts to pure IT • Cloud; security; big data; storage; compliance; mobility;

virtualisation & more • More opinion, analysts, peer talk, case studies & articles • New focus on software, both in magazine and online Launch issue: Oct/Nov 2012 Website launch: mid October

Electrical Solutions expands with more comms+data content and becomes ECD Solutions (Electrical+Comms+Data) • 30% increase in circulation • Comms+Data; Efficiency+Renewables; Automation+Security and Electrical Distribution • New perfect bound format with heavy cover and section dividers • More products, case studies and articles • Regular content on regulations, compliance, training and business tips Launch issue: Nov/Dec 2012 Website launch: early November

NOTE: Current subscriptions will continue, but if you want to receive BOTH magazines, or update your magazine and/or online preferences, simply go to www.VoiceandData.com.au/subscribe BEFORE Oct 16.