In the Lippis Report, we have discussed the fundamental changes shaping a new data center network architecture. These drivers are massive virtualization, a sea change in traffic patterns that are now dominated with east-west flows on top of existing north-south traffic, ultra low latency, the emergence of cloud spec data centers, etc. As a result, data center networking attributes are changing with requirements of traffic, steering in virtualized infrastructure, avoiding manual network changes as VMs move, removing oversubscription (thanks to spanning tree), streamlining network tiers to hasten east-west traffic flows, etc. The industry is responding to these changes and requirements with new approaches to data center networking, such as the Open Networking Foundation, Cisco’s FabricPath, Juniper’s QFabric, Brocade’s VCS, Avaya’s VENA, Nicira Networks’ network virtualization software, etc. In this Lippis Report Research Note, we explore a key technology to enabling two-tier network fabrics, and that’s link aggregation and its various approaches, including Multi-Chassis Link Aggregation Group, Transparent Interconnection of Lots of Links (TRILL) and Shortest Path Bridging (SPB).
Cisco recently launched its SecureX architecture that extends perimeter-based network security to secure modern IT, recognizing the huge growth in mobile and cloud computing. SecureX is a multi-layer architecture built upon Cisco’s AnyConnect client, its global footprint in real-time threat intelligence found in SIO (Security Intelligence Operation), Cisco TrustSec, including policy servers of NAC manager and server appliances, ASA firewall and the security enforcement features of its switches and routers. SecureX is an architecture to Cisco’s network security products and service to work together in an effort to create deeper defenses and contain exploit infestation if, and when, they occur. Fundamental to SecureX is the concept of “context aware” policy across the enterprise, including remote endpoint devices, centralized policy creation with distributed security device and network enforcement. SecureX provides for innovation injection points through APIs (Application Programming Interfaces) for management and SIEM or Security Information and Event Management. In this Lippis Report Research Note, we explore SecureX with a focus on how context increases defenses and keeps IT assets safer.
The data center switching market is heating up. To address the scale issues posed by mobile and cloud computing nearly every network vendor is launching its own version of a 10/40/100 GbE fabric to connect servers and storage to the internet. At the heart of this fabric is a two-tier (Fat-Tree) network made up of leaf/ToR and spine/Core switches. Here leafs connect servers and spines connect leafs while also being interconnected in a logical mesh. The protocols to create this logical mesh are based upon IS-IS link state routing, but each vendor is taking a unique approach with Cisco using its FastPath, Alcatel-Lucent and Avaya using SPB (802.1aq Shortest Path Bridging) while Brocade VDX is based upon TRILL (Transparent Interconnection of Lots of Links). Juniper recently announced QFabric but has not detailed what it’s using for logical meshing. At the center of new data center design are leaf and spine switches. In Lippis Report Research Note 166, we detailed the latest ToR switches. In this Lippis Report Research Note 167, we dive into performance and power consumption measurements plus the use of SPB of Alcatel-Lucent’s OmniSwitch 10K, a new entry into spine/core data center switching market.
During December 6-10, 2010, the Lippis Report and Ixia conducted the industry’s first 10GbE data center switching evaluation of Top-of-Rack and Core Ethernet switches at the modern iSimCity lab in Santa Clara, CA. We evaluated Alcatel-Lucent’s OmniSwitch 10K, Arista’s 7504 Series Data Center Switch, BLADE Network Technologies’, an IBM Company, IBM BNT RackSwitch G8124 and IBM BNT RackSwitch G8264, Force10 Network’s S-Series S4810, Hitachi Cable’s Apresia 15000-64XL-PSR, Juniper Network’s EX Series EX8216 Ethernet Switch and Voltaire®’s Vantage™ 6048. We are conducting a second round of test scheduled for the week of April 4-8 at iSimCity, and it is open to all suppliers of 10GbE data center switching. We learned a lot about these products, both in the lab and out. In this Lippis Report Research Note, we dive into the Top-of-Rack 10GbE switches we tested as they represent a new generation of products that exhibit low power consumption, low latency, high performance and are all based upon new single chip designs from Broadcom, Marvell or Fulcrum Micro.
There are powerful market forces changing IT delivery. IT application delivery is becoming increasingly centralized thanks to data center server virtualization plus mobile and cloud computing. Desktops are being virtualized, too, thanks to network speeds that deliver low latency and high bandwidth, creating a thin client user experience that is indistinguishable from a thick client but at lower desktop management cost. One serious implication of this concentration of IT in data centers is that a new IT security model is needed as mobility brings greater threat exposure while virtualization changes traffic patterns and the rules of security appliance placement. In this Lippis Report Research Note, we present a new model for IT security in the virtualized mobile and cloud-computing era.
Any IT business leader knows that the single most important technology driving data center design change is server virtualization to the point that a virtual machine (VM) is now the data center building block. As server virtualization marches on until nearly every physical server has been virtualized, networking in a virtualized environment is being forced to fundamentally change too. By networking, I mean not only layer 2 and 3 forwarding but network services too, such as application controllers, WAN optimizes, firewalls, etc., which are fundamental for mission critical application performance, cost reduction and high application availability especially where service level agreements are required.
In an effort to offer a multi-vendor SIEM (Security Information and Event Management) solution, Cisco is placing its SIEM product, CS-MARS, in end-of-life and in its place, offering the industry its first SIEM ecosystem. Cisco acquired MARS six years ago in December 2004. MARS provided traditional event management and security monitoring along with limited forensic capabilities and compliance reporting. But the market demanded a broader cross-vendor SIEM solution rather than a SIEM focused primarily on Cisco products. In response Cisco has launched a SIEM ecosystem to support deep event monitoring, forensics and compliance reporting across a heterogeneous enterprise network. IT has also expanded the role of its Cisco Security Manager or CSM to support policy management and troubleshooting across a wider range of Cisco products. In this Lippis Report Research Note, we examine the new distribution of security responsibilities that now stretch across Cisco CSM and its new SIEM ecosystem with an eye toward stronger defense of IT assets.
Ethernet networking is now the single most important data center technology to assure the new IT economic model of centralized application delivery. Yes that’s right—Ethernet as the data center fabric is the stability point in data center design that will dictate if a data center or cloud facility can scale to support huge application and storage traffic loads. And if you think that Ethernet switch performance is not important then you would be as right as the engineers who designed the Tacoma Narrows Bridge. In this Lippis Report Research Note, we explain why network performance of data center Ethernet switching products matter more now than ever.
For as long as I have been following Avaya—and it’s been a decade since it was spun out of Lucent back in October of 2000—it has undergone three fundamental transitions. First, Don Peterson, Avaya’s first CEO, managed to fix Avaya’s balance sheet after Lucent saddled it with heavy debt. He also pointed the way toward IP telephony in his six years at the helm. Then came Louis D’Ambrosio, with high energy and confidence, to point Avaya in the direction of unified communications, and a software and services business model, while bringing the company private in 2007 through TPG Capital and Silver Lake Partners. In 2008, Charlie Giancarlo became chairman, while Kevin Kennedy took the helm, ushering in a new wave of innovation and nimbleness while re-engineering sales and channels plus absorbing the Nortel enterprise business. Yes, what a long, strange trip it’s been, but Avaya is now the most innovative in its history and well positioned for the post-recession business cycle. In this Lippis Report Research Note, we examine Avaya’s prospects and challenges.
A Comprehensive Approach to Corporate and Government Energy Cost Savings and Carbon Reduction
Being green is increasingly being forced upon IT business leaders from their management, government regulations and societal pressures. Ask a recent college grad what is the number one societal contribution they would like to make with their career and the answer is “make the world greener.” The workforce is changing worldwide with a sense of personal and corporate social responsibility to reduce carbon emissions, and choose sustainable materials and processes to power our lives and deliver products and services. And being green is no longer a luxury that IT leaders can choose as governments, boards of directors and presidential directives issue mandates forcing energy efficiency upon IT executives.
One significant trend that has emerged during the current business/economic cycle is that IT projects that reduce cost are winners. This savings trend is as strong as I have experienced in my twenty-five years within the IT industry. In particular, it’s propelling data center consolidation, server virtualization and mobile computing projects. As enterprises consolidate data centers and miniaturize them with virtualization, cloud-computing providers are busy offering a new lower cost IT delivery economic model. In short, a new tier of computing has emerged were endpoint devices are mobile and applications are delivered via corporate data centers and cloud computing facilities. This new model of computing that also increases convenience and productivity is lacking in one important area; network security for both mobile endpoints and the ability of data center security appliances to keep up with application demand.
Major IT Delivery Transitions IT Business Leaders Are Managing
Application owners and developers have been deploying and writing applications as if networks had no boundaries or were borderless. By “application owners” I mean IT departments chartered with IT application delivery and management. By “application developers” I mean in-house corporate software developers, independent software vendors (or ISVs) and software companies. There has always been a disconnect between applications and network architects where developers write applications to run over a network as long as there is connectivity. In addition, service-oriented architecture (SOA) based applications call for greater application componentization, which increases messaging between application components, resulting in the network having a direct impact on application performance. In essence, application owners, developers and application standard bodies assume that networks are borderless as the industry is organized around the OSI model where knowledge and skills at one layer, e.g., the network is not necessarily taken into account at another layer, i.e., the application. Therefore, the normal state of affairs is that network designers have been tasked to optimize applications to improve user experience especially when the application was not written to run over a particular kind of network. This status quo does not scale and needs to be re-thought.
Networking is entering a new phase or era. During the 1990s, new networking markets opened up, creating multi-billion dollar opportunities for the vendor community and corporate cost savings for IT business leaders. First, it was shared LANs and routing, then switched LANs, then Frame Relay to speed up WANs, then SNA over IP, then remote access via dial-up and VPN, then MPLS, then IP telephony, then Wireless LANs etc… and now, it’s video and cloud networking. You get the picture. But what we didn’t realize as we build these networks is that they are silos with disparate management systems and unique access methods resulting in operational cost overlap and, most importantly, user frustration as they transition application use from desktop, to mobile end point, to remote endpoint. In short, we built boundaries around applications in the form of networks and it is the dismantling of these borders that vendors are now starting to deliver and differentiate upon. It’s not just Cisco that communicates borderless networks, but HP Networking, Juniper, Brocade, Extreme, Avaya, Force10 and others too. Why is the industry entering a new age of borderless networking and what’s in it for IT business leaders, is explained in this Lippis Report Research Note. Read the rest of this entry »