Innovative Technologies

Things that are likely to affect the way forward.

Graham Adler — Sun, 04 Mar 2012 14:25:31 +0000

Over a period of time I have been watching with interest, the progression that IT has taken into the cloud space. IT has realized that its huge server farms were underutilized to the point of negligence. Business footed the bill for hardware that mostly sat idle. This led to the phenomenon known as virtualization in which a single computer can handle multiple operating systems and effectively be many times more efficient at utilizing the IT budget. This spawned a whole new paradigm which caused a rethink on the way business leveraged IT resources. Large companies such as Amazon, Google, Microsoft and VMWare built cloud offerings. Gmail is mail in the cloud. Amazon Elastic Cloud is able to provide business with “burst” capability allowing for capacity to be added as and when required, all with the simple swipe of a credit card. This new capability has begun to challenge traditional IT offerings in unprecedented ways as business saw a way to regain some flexibility and agility that the service offerings IT had lacked. It is this agility and flexibility that I want to address in this post. Why, after all, would business want so desperately to escape the tried and tested, controlled environment that IT was offering?

In my view, business was in itself undergoing inflection points and having to move quickly to ensure that it maintained its competitive edge under difficult market conditions. As such, it is proving to be counterproductive to request services from IT.

So I got to thinking: What are these requirements that are driving business to look outside of their IT investment?

Collaboration

Business is moving quickly toward device agnosticism. The requirement for this is due to an overwhelming drive for collaboration. This means that IT needs to support any and all devices on a Bring Your Own Device (BYOD) basis. This complicates the issue and often compromises security as applications that expose regulated data are rolled out in cloud offerings so that they can be accessible. The value to business is that they have access to data on any platform in a format of their choosing. My feeling is that bespoke thick client applications will make way for thin browser based applications that are platform independent.

Transport

The downside of all this connecting is that transport becomes important. IP version 4 is passé; there are no more publicly accessible ranges for distribution. As such new IPv6 networks will need to be expedited. The networks will consume ever more bandwidth as we create ever more data. This means that access to data in the cloud, whether private or public cloud will be critical.

Internet of Things

So in the words of Dr Seuss: “These things will not bite you” and “want to have fun”, “And they ran to us fast”” Would you like to shake hands With Thing One and Thing 2?”

If Dr Seuss had it correct: We will not be bitten, have fun and will communicate with other things at speed. The thinking here is that ubiquitous computing will connect diverse “things” such as your refrigerator to your iPad/Phone grocery list which will mean that I will never unintentionally buy milk when we have three quarters of a gallon left. Smart tags will allow for intelligent purchasing and indeed if set up correctly, I could collect my pre-packed groceries on my way home without having to trundle through the store. Impulse buying will be dead. Or, maybe not.

Big Data

The end result is huge amounts of data that in isolation consume disk space. Hidden within and intrinsic to that data is knowledge. Unlocking this knowledge is what will make this data extremely valuable. In the bigger scheme, the internet of things will produce the data of things and the miners of that data will have knowledge of very many things. It is the correlation of this information and the interrelation of disparate data that will unlock this value. As such, it will become increasingly difficult to convince business to move all this valuable data that to the cloud. That does not preclude business from doing the mining themselves, nor does it prevent people from liberally sprinkling their data in public forums. Eight year old Facebook is a typical example and is on the brink of a Five Billion dollar IPO that is said to be four times larger than Google’s, so there is value in having information on 845 million users. What can be gathered from this wealth of information forms one of the corporate codes of conduct tenets of Google: Don’t be Evil.

So how big is BIG? According to IDC’s Digital Universe report the data created globally on an annual basis will leap from 1.2 zettabytes this year to 35 zettabytes in 2020 (one zettabyte is equal to one billion terabytes). According to the report, the sharpest growth in storage capacity will come from new organizations described as “content depots.” IDC estimates storage consumption from these organizations will grow at a compound annual growth rate of 91.8% through 2012. Examples of content depots include the usual cloud suspects: Google, Amazon, Flickr, and YouTube.

Caution and commonsense need to be applied to the hype around cloud and big data. A logical structured approach will allow companies to mine this information but that points us back to the conundrum that got us here in the first place – un-agile IT. I think that business has unintentionally moved chunks of potentially valuable data into the cloud and will find it impossible to recall that leaked information.

As the age old motto says: Caveat Emptor – Let the buyer beware. I think a new motto should be coined: Caveat Nimbulae – Be careful of the cloud.

Next-Generation Firewalls: Why?

Mike Lutgen — Wed, 04 Jan 2012 01:43:02 +0000

Beginning with the Stateful Inspection firewall in the early 90′s, security software and appliances have become increasingly more complex and diverse to the point where there are now generally 4-5 devices between users and the internet, many times even more. These devices range from firewalls, intrusion detection systems, intrusion protection systems, URL filters, data leakage prevention/protection, gateway antivirus, and more, all of which are required to keep a specific part of your users and/or information protected. Managing and keeping licensing/support on this myriad of devices becoming increasingly difficult with each addition unless a separate team is designated for each, creating yet another problem-the finger pointing when there is a problem on the network. Tracking down problems has become next to impossible and the addition of each of these devices creates more and more latency in your network, which creates problems for everyone.

Enter the UTM appliance. UTM or Unified Threat Managment appliances started appearing around 2004 and were the industry’s answer to the management and licensing issue. The idea is to take all of these different appliances and softwares and combine them into one easy to manage appliance made by one vendor. The trade-off that we quickly learned about is that although the device does everything under the sun, it does none of them well. Spreading a single vendor’s development team, which once covered one type of security appliance, across many different areas and engines created a product type that left much to be desired. For this reason, UTM appliances generally only were used by the small to medium business, where there are only a few IT professionals and the easier management and support cost savings benefited them. The biggest problem with the UTM is that vendors spent way too much energy building separate engines for everything that it did. This prevented them from doing almost any inspection in hardware (ASICs, FPGAs, etc.) and required them to do all of it in software and created enormous latency and lag every time any feature was enabled. By the time half of the UTM features were enabled throughput was dropped down to 5% of rated performance and latency was so high that any program even slightly latency-sensitive would not function through the firewall.

One single engine. This is one of the main principals behind the Next-Generation Firewall. Palo Alto Networks was the first to release a NGFW and has set the standard that, in my opinion, has yet to be matched or beaten. The idea that Nir Zuk, Founder of Palo Alto Networks, started with was to build one device that could do everything that multiple devices could do and more, without the drawbacks of UTM appliances. The single engine architecture, known as Single Pass Parallel Processing (SP3) in Palo Alto Networks terminology, is what gives this type of firewall the edge over UTM appliances as a whole. Because of this architecture, there is one single signature set and the singular engine can offload specific tasks into hardware, utilizing both FPGAs (Field-Programmable Gate Arrays), to match threats at lightening speed, and ASICs (Application Specific Integrated Circuit), to allow it to switch without forcing laggy software to intervene.

Some of the other major features that distinguish a NGFW from other firewalls is the ability to identify and control (QoS, disable certain functionality) applications on your network as well as the specific users that are using those applications. Some additional great features of the Palo Alto Networks Solution are: on-box reporting that is second to none, botnet identification, and the latest addition, Wildfire. Wildfire allows you to configure the firewall to send copies of files downloaded on your network to a Palo Alto Networks’ private cloud to be executed and monitored. If it is determined to be causing problems with the machines it was executed on, it will be added to threat signatures and pushed down to all Palo Alto Networks’ customers within 24 hours, and eventually within 60 minutes.

The NGFW phenomenon has spread like wildfire (forgive the pun) across the firewall vendors, everyone seemingly racing to create their version of what a Next-Generation Firewall is to them. Each one has slight differences although they share several common themes, they identify applications, users, and allow you to apply policy to them, as well as combining many different features into one appliance. Palo Alto Networks seems to still be on top of the pile when it comes to features and functionality in my opinion and the recent Magic Quadrant from Gartner seems to indicate that as well. It is located here.

If you are curious about other things to look for when buying a Next-Generation Firewall, or any firewall for that matter, Palo Alto Networks has created a couple of booklets outlining main things to look for and differentiators. I believe that they have done a good job of outlining why specific features are necessary and giving credit where credit is due, as opposed to just generating propaganda as we have seen vendors do many times in the past. I have linked to them below.

Next-Generation Firewalls for Dummies

Modern Malware for Dummies

Hello World

Mike Lutgen — Sat, 15 Oct 2011 22:51:56 +0000

Hello Everyone,

I wanted to introduce myself to all of you and give everyone an idea of my history. My name is Mike Lutgen, and my main focus at N’compass is on the networking side of the house in our integration practice. I come from the Applied Communications of Minnesota merger and have worked for them since October of 2009. In my time with Applied Communications/N’compass I have been able to get my hands on a lot of new and exciting technologies, and I’ve really had a great time with them; so much so that they’ve even dubbed me “The Technologist” at the office.

Prior to working for Applied Communications, I worked for another Minneapolis-based firm where I specialized in Windows systems, primarily Server, Exchange, Sharepoint, and a couple of others. I feel that having specialized in the systems side and now specializing in the networking side gives me a great perspective on how new technologies fit into the picture that is your environment and what kinds of risks and benefits they open us up to, on both the systems side and the networking side.

My main purpose with this blog is to share exciting new technologies with all of you and give any expertise that I have to allow you to make a good decision for your situation. I aspire to be a knowledgeable resource that you can count on to be unbiased and fair and help you out in any way that I can. Though these posts will mainly be about products that we (N’compass) sell (mainly because if I feel that if it is a technology disruptive and solid enough to mention, we should be selling it), but I will absolutely do my best to point out all of the positives and negatives of each of the solutions.

Normally my posts will not be in letter format, but I thought it was fitting for this one. I do post on another blog, mostly break/fix stuff, but also how-to’s and some other information that I find generally informative. Feel free to check it out at blog.lukkynetworks.com.

Mike