I was thinking about security over the last month or two; it comes to mind pretty often when working in technology and when listening to news coverage of technology. But that’s not my topic today. I got a bit distracted.
You see, when I was very young, my mother would lose her glasses regularly. While her vision wasn’t quite as bad as mine is now, she was still very challenged without the glasses. And she’d always say the same thing when she misplaced them: “Robert, help me find my glasses and I’ll help you look for them.” Read More »
Tags: #ciscochampion, VoIP_phone_systems
2014 will be a pivotal year for Enterprise Security professionals. Large scale Denial of Service ( DoS ) and Distributed Denial of Service attacks ( DDoS ) have been increasing over the years, which is nothing new. As technology evolves, including faster machines and cheaper bandwidth, attacks will also evolve just as fast if not a little faster. What is alarming is the dramatic increase in the size of these DoS and DDoS attacks over the last year. These attacks are nothing to sneeze at, and in fact, are down right scary. Most of these attacks can cripple even the biggest of Enterprises due to their sheer size. This will require Enterprise Security professionals to take a serious look at their security plans for 2014.
2013 saw the largest DDoS attack on record, with the 300gbps attack on the Anti-Spam site Spamhaus. 2014 has also started off quickly with a large NTP reflection attack. Jaeson Schultz has a great article on this topic, available here. This isn’t the start of the year the Enterprise Security professional wants to see. But it’s a real threat, and any Enterprise needs to have plans in place to handle this type of situation so can keep service available for their clients.
How Enterprise Security professional handle this type of nightmare can lead to some sleepless nights. With the amount Read More »
Tags: #ciscochampion, DDoS, Denial of Service attack, distributed denial of service, enterprise class security, NTP
What is Cisco Instant Access?
Cisco Instant Access is a concept that was launched at Cisco Live Orlando last year. For those of you familiar with the Nexus product line, think Fabric Extender (FEX). The first customers are starting to implement this concept now. The whole point of Instant Access is explained with the picture below.
To the left is the traditional network with multiple access switches located in closets, uplinked to the distribution layer or straight to the core in a collapsed core design. Every access switch is a point of management which needs configuration, software maintenance and feature compatibility with other access switches. Read More »
Tags: #ciscochampion, Catalyst 6500, Catalyst 6807-XL, Catalyst 6880-X
More and more enterprises are managing distributed infrastructures and applications that need to share data. This data sharing can be viewed as data flows that connect (and flow through) multiple applications. Applications are partly managed on-premise, and partly in (multiple) off-premise clouds. Cloud infrastructures need to elastically scale over multiple data centers and software defined networking (SDN) is providing more network flexibility and dynamism. With the advent of the Internet of Things (IoT) the need to share data between applications, sensors, infrastructure and people (specifically on the edge) will only increase. This raises fundamental questions on how we develop scalable distributed systems: How to manage the flow of events (data flows)? How to facilitate a frictionless integration of new components into the distributed systems and the various data flows in a scalable manner? What primitives do we need, to support the variety of protocols? A term that is often mentioned within this context is Reactive Programming, a programming paradigm focusing on data flows and the automated propagation of change. The reactive programming trend is partly fueled by event driven architectures and standards such as for example XMPP, RabbitMQ, MQTT, DDS.
One way to think about distributed systems (complementary to the reactive programming paradigm) is through the concept of a shared (distributed) data fabric (akin to the shared memory model concept). An example of such a shared data fabric is Tuple spaces, developed in the 1980’s. You can view the data fabric as a collection of (distributed) nodes that provides a uniform data layer to the applications. The data fabric would be a basic building block, on which you can build for example a messaging service by having applications (consumers) putting data in the fabric, and other applications (subscribers) getting the data from the fabric. Similarly such a data fabric can function as a cache, where a producer (for example a database) would put data into the fabric but associates this to a certain policy (e.g. remove after 1 hour, or remove if exceeding certain storage conditions). The concept of a data fabric enables applications to be developed and deployed independently from each other (zero-knowledge) as they only communicate via the data fabric publishing and subscribing to messages in an asynchronous and data driven way.
The goal of the fabric is to offer an infrastructure platform to develop and connect applications without applications having to (independently) implement sets of basic primitives like security, guaranteed delivery, routing of messages, data consistency, availability, etc… and free up time of the developer to focus on the core functionality of the application. This implies that the distributed data fabric is not only a simple data store or messaging bus, but has a set of primitives to support easier and more agile application development.
Such a fabric should be deployable on servers and other devices like for example routers and switches (potentially building on top of a Fog infrastructure). The fabric should be distributed and scalable: adding new nodes should re-balance the fabric. The fabric can span multiple storage media (in-memory, flash, SSD, HDD, …). Storage is transparent to the application (developer), and applications should be able to determine (as a policy) what level of storage they require for certain data. Policies are a fundamental aspect of the data fabric. Some other examples of policies are: (1) time (length) data should remain in the fabric, (2) what type of applications can access particular data in the fabric (security), (3) data locality, the fabric is distributed, but sometimes we know in advance that data produced by one application will be consumed by another that is relative close to the producer.
It is unlikely that there will be one protocol or transportation layer for all applications and infrastructures. The data fabric should therefore be capable to support multiple protocols and transportation layers, and support mappings of well-known data store standards (such as object-relational mapping)
The data fabric can be queried, to enable discovery and correlation of data by applications, and support widely used processing paradigms, such as map-reduce enabling applications to bring processing to the data nodes.
It is unrealistic to assume that there will be one data fabric. Instead there will be multiple data fabrics managed by multiple companies and entities (similar to the network). Data fabrics should therefore be connected with each other through gateways creating a “fabric of fabrics” were needed.
This distributed data fabric can be viewed as a set interconnected nodes. For large data fabrics (many nodes) it will not be possible to connect each node with all other nodes without sacrificing performance or scalability, instead a connection overlay and smart routing algorithms are needed (for example a distributed hash tables) to ensure scalability and performance of this distributed data fabric. The data fabric can be further optimized by coupling this fabric (and its logical connection overlay) to the underlying (virtual) network infrastructure and exploit this knowledge to further optimize the data fabric to power IoT, Cloud and SDN infrastructures.
Special thanks to Gary Berger and Roque Gagliano for their discussions and insights on this subject.
Tags: application centric infrastructure, cloud, Corporate Technology Group, CTG, data fabric, distributed systems, IoT, SDN
As Cisco is sharing its Internet of Everything ( IoE ) vision today at CES 2014, it makes me reflect on what the future of this technology will look like. We’re in such a connected society now, with more information available to us than ever before. I ask myself, “Will being more connected, with even more information at our disposal be something our society could benefit from?” After evaluating this concept, my opinion is a resounding yes.
Imagine a world where you can have everyday items “speak” to you without having to initiate the action. Our lives are so busy now that having important information alerted to us without needing to query it ourselves is a huge idea. Here are some immediate thoughts on how the Internet of Everything could help solve everyday problems.
How many of us have gotten into our car late for some sort of appointment, and while driving, realized we didn’t have enough gas to get where we needed to go? Having a sensor in the car alert you that you’re low on gas would be a time/stress saver. In my house creating weekly grocery lists can be cumbersome. Going through cabinets one by one seeing what’s needed, and putting them down on the list. Of course, this always happens right when you’re ready to leave for the grocery store. Imagine going up to your refrigerator and having it email you a list of items needed. That’s huge, and can save you from having to run back to the store more than once because you forgot that important dinner item! Read More »
Tags: #ciscochampion, #IoE, connected car, Connected Home