Friday, November 20, 2015

Speeds of the Data Center: What's Out There & What's Coming

The term “data center” is something many people are familiar with.  Data centers by nature tend to be hungry for bandwidth and are demanding more throughput than ever before.  It wasn't long ago that the vast majority of network engineers couldn't even imagine filling a 10 GbE link.  The tables have indeed turned with the introduction of cloud computing and virtualization, and bandwidth has seen the demand increased tenfold.

Providers are starting to make the switch over to 100 GbE on their backbone connections to support the workloads that their customers are demanding.  In the data center itself, most are seeing that 100 GbE and, in a lot of cases, even 40 GbE is overkill for the workloads they are currently serving up.

So, looking at the various speeds available today and what is coming in the very near future, you might be left wondering how come there are not more options available.  Today, 10 and 40 GbE speeds are available and widely used in the edge data center.  So, where does this 25 GbE come in? 

Let's take a look at how essentially 25 GbE is derived.  Today's 100 GbE network devices utilize four channels of 25 GbE each.  The effects of using just a single channel are multifold on device and environment sizing.  This will decrease the amount of heat that the device will give off and in turn decrease the amount of power and cooling required.  This allows for a much more cost-effective upgrade in the data center when 10 GbE is not enough and 40 GbE is way too much.  Down the road, this can be extremely beneficial when network operators realize that they need to double or even triple their current speeds.

The IEEE standard for 25 GbE is not set to be recognized as a standard until sometime in 2016.  Its arrival is being anxiously awaited.  Until that time, manufacturers will not be quick to develop products that support those speeds as their profitability would be low.  It’s all about the Benjamins!

Since the adoption of the 40 GbE and 100 GbE standards by the IEEE just a few short years back, it has spawned focus groups to begin development of 400 GbE and even Terabit Ethernet.  Seeing how the edge network is rapidly growing, the demand for these faster speeds will only continue to gain momentum.

There is a lot to look forward to in the coming years in the world of Ethernet, especially if you are a speed junkie.  The beauty behind this push is enterprises will want choices and will in turn push manufactures to produce 25/50/100 GbE NICs, assuring your data pipe will remain flowing like a well-oiled machine!

Wednesday, November 11, 2015

Fixing the Weak Link: The Human Element in Network Security

We’ve all heard the age-old adage, “you’re only as strong as your weakest link.” Although the phrase originated in organized team sports, we use it in business as well. An Enterprise will experience success or failure based on the sum of the whole and, if a certain team or team member isn’t pulling his / her weight, failure is imminent. This statement also applies to network security.

We deploy network security devices in an attempt to secure our network. We place firewalls at the Internet edge and datacenter edge. We have intrusion detection and intrusion prevention hardware or software components running alongside these firewalls to inspect for malicious traffic patterns. We filter our user’s web content to try and prevent access to malicious web sites or code. We run endpoint security software that does anything from scan for viruses to sandboxing applications. We implement multi-factor authentication. Some of us are finally inspecting application traffic and identifying the malicious traffic running over allowed ports. Fewer still are taking the application whitelisting approach and defining what CAN run on a device and blocking everything else. All of this is done with the best of intentions and that is to create the most secure network environment that we can to protect against attacks and attempts to access the data or systems we hold sacred.

And yet, we’re all failing. We’re failing because we’re addressing areas of perceived strength and ignoring the weakest link. “Our latest vulnerability assessment shows that we’re at risk because we have several unpatched servers and one of our web servers is vulnerable to a cross-site scripting attack.” Because of this vulnerability assessment, we now have approval to spend time and money to resolve these vulnerabilities. Unfortunately, this vulnerability assessment doesn’t show that Pat in our finance department has no idea what a phishing email looks like and has just clicked on the link in the “reset your password” email, logging into the company’s online banking portal for a 5th time to reset the password for the account that we use to process payroll each week… unsuccessfully, I might add.  Pat’s phone call to the help desk goes something like this: 

“Hey, are we having Internet problems? I can’t seem to get our online banking page to load.”

Help desk guru responds with “I can’t see any issues with our Internet. Seems to be working fine for me, so try it again in a few minutes. Maybe reboot your computer.”

By now, the fraudulent wire transfer of this week’s payroll has already been started using Pat’s credentials that were typed into the fake password reset form from the emailed link.  Pat is able to log into the account, post reboot, because Pat uses the favorite that was created in Firefox rather than clicking on the link in the email.

This story illustrates one of the many ways that an attacker can get what they want by exploiting the weakest link. At present, we view our network security systems, our firewalls, our IPS, our WAF, and our AV systems as our strongest links because they are configurable and do what we want them to do. People are the variables and are, inherently, our weakest links.  But they don’t have to be.

Some of the most secure networks, and ones that are the biggest targets by attackers, I might add, do not appear to have those perceived weak links. The people are still there, as are the weak links, but they are being educated constantly on the ever-changing threat landscape. Their employers perform routine Security Awareness Training. They perform in-house testing to reinforce that training and then do more training. Rinse and repeat.

They create policies that lock down the network and only allow those things which are necessary to perform core business functions. At the end of the day, your business exists to make widgets or provide a service to consumers. Unless your business IS Facebook or Twitter, what reason could you possibly have for being on those pages during the course of normal business. Obviously, there are exceptions to every rule, but it seems that we, as entitled members of society, have decided that we are all the exception and should have the right to access what we want, when we want, from wherever we want, even if it’s technically not relevant to the task or job function for which we are employed to perform.

If you truly want to protect your network, investing in the technology used to do so is only half of the battle. Education, policy creation and enforcement, and regular testing for new emerging threat types are the weak links that need to be addressed. Let’s face facts - we’re behind the curve when it comes to protecting ourselves from attackers simply because we are always in a reactive mode. If we can effectively educate our users and reinforce the fact that our business network is used to conduct BUSINESS, that’s going to shorten the curve exponentially. As a business owner, network manager, CIO, or whatever your title might happen to be, you may not be able to implement the necessary changes to make this happen in your organization, but I’ll bet you can exert some sort of influence over them. You wouldn’t be reading this if you couldn’t.

*The thoughts and opinions in this blog post are my own and do not reflect the thoughts and opinions of Great Lakes Computer or any of its vendors, clients, or partners.

-Chris C

Chris C has over 15 years of experience designing, implementing, documenting, and supporting networks and infrastructure from SMB through Enterprise level in a multitude of verticals. Currently Sr. Network Engineer at Great Lakes Computer focused on designing and implementing secure network solutions in the datacenter and service provider space. 

Thursday, November 5, 2015

What We Can Learn from Japanese Efficiency in IT

I personally don’t use Twitter very much, but yesterday I was tempted to create a “hashtag” topic to see if it would gain traction and begin trending. What was that topic? #spoiledbyjapan.

I’ve recently returned from a short trip to Nagoya for my brother’s wedding, and I’m still aglow from the experience. This was my first trip to Japan, and I’m already hoping I will have another opportunity to return. I think the best single word I can come up with is “satisfying.” You know that feeling you get when you peel off the plastic protective layer from a new smartphone, or when a box fits exactly into another box? That’s what a lot of Japan feels like. Where there is an opportunity for something to work efficiently and effortlessly, they are the undisputed masters of implementation. Visual attentiveness to detail is of the utmost importance, and all of Japan’s citizens seemed to contribute to that same robotic mantra of proficiency and cleanliness.

You can imagine my chagrin when I returned back to the United States and visited a popular chain clothing store in a shopping mall. There were plenty of clothes on the floor that had fallen off racks, unfolded jeans and shirts hastily strewn on shelves and tables, and large dust bunnies visible to the naked eye everywhere. It was an absurd and frustrating wakeup from my Japanese dreamland of all things visually appealing. Needless to say, I walked out without buying anything. 

We all know that pictures are worth a thousand words, and think of the phrases that come to mind when you see this picture – regardless of whether you understand what’s going on here, or not:

  • The persons responsible for this do not care about how it looks, as long as it works.
  • The persons responsible do not properly manage their time to make something right. 
  • The persons responsible for this do not know what they are doing.
Now, take a look at this picture:
What are you thinking now?
  • The persons responsible for this understand that others that see this will appreciate efficiency, even if they don’t understand how it works.
  • The persons responsible for this take pride in their work.
  • The persons responsible for this take time to make things correct.
Now, put on your C-level hat and ask yourself which you would rather have in your datacenter. Try to stop yourself from the same excuses – we have all heard them before. I’ve also been in Information Technology for a long time, and I can guess what you are thinking.
“It requires downtime and overtime to keep a datacenter organized. It is not cost efficient to make things ‘look nice.’”
Not correct. Though it can be an arduous task to “clean up” a datacenter cabling rack from the state of Picture one to Picture two, that does mean it is inevitable to return to the previous state. It requires a consistent mantra of disciplined attention across your team. If there is something new to be added or removed, it takes far less time to make that single thing right, than it would be to take a shortcut mentality and allow them to continue. Once one person sees that it’s OK to take a shortcut, others will likely follow suit. This is essentially how things get slowly disorganized. Remember, laziness pays off now… but hard work now pays off later. 
Unfortunately, I didn’t get to visit any datacenters in my trip to the far East, but it’s a safe bet that they would look like Picture 2. Organization eliminates errors caused by disorganization, and in this industry, you simply can’t afford to have it any other way. It requires discipline and attention to detail across all members of your team. When everyone subscribes and contributes, everyone wins together. 

-Jason S.
Jason S. has been in Infrastructure Technology consulting for 17 years, and has an extensive background in various methods of business application delivery, hardware and virtualization, storage infrastructures, and enterprise communication processes.  In his spare time he reads tabletop game instruction manuals and chases his lifelong dream of finding the perfect guacamole recipe. He is married with two children and hopes to move to the Ozark Plateau someday.