Broadband Developments

I had a chance to meet with Doug Gourlay, Senior Director of Cisco’s Datacenter Business Unit, to ask him about what he thinks of Infrastructure 2.0.

Very interesting response.  I have a few more segments:  Modernization of the Data Center and What Cisco thinks of the phrase “Moving up the stack”.

To view the entire Cisco event in video you can go here - Click here for the Cisco Infrastructure 2.0 event.

Enjoy the video (less than 2 mins).

Here is the press release from the Infoblox and Cisco event that I went to yesterday. I got some good video from Cisco on their ‘moving up the stack’ views and what ‘modernize your datacenter means’.. Doug Gourley was on the panel and I had a chance to talk to him after. I was impressed with Cisco guys Doug Gourley and Omar Sultan both are active bloggers at Cisco. I was impressed with their social outreach on doing some collaborative blogging together. I’ll have that video up tomorrow.

Meanwhile here’s the text from the Edge DNS solutions from Cisco that now includes Infoblox. In essence reduces the amount of hardware at the branch.. very ‘green’ solution since reduction of equipment and power are big focuses right now in enterprise infrastructure.

SANTA CLARA, CA–(MARKET WIRE)–Jan 15, 2009 — Infoblox Inc., a global leader in appliance-based platforms for highly secure, manageable and robust core network services — including domain name resolution (DNS), IP address assignment (DHCP), and IP address management (IPAM) — announced today in a live video web cast “Unleashing the Power of Dynamic Infrastructure” event that its virtual software module is now available on the Cisco Application Extension Platform (AXP) for the Cisco Integrated Services Router (ISR).

Now, enterprises can take advantage of Infoblox’s core network services, offering powerful, cost-effective and highly reliable and manageable DNS, DHCP and IPAM services on the Cisco ISR. The solution is ideal for highly distributed organizations, such as retail, healthcare and manufacturing verticals with multiple branch offices and a critical requirement for local survivability and automation of core network services at those sites.

“For robust delivery and management of core network services at the branch office, companies that have already standardized on Cisco’s ISR for branch routing can easily add Infoblox’s virtual software to the system,” said Jon Oltsik, Senior Analyst, Enterprise Strategy Group. “This can be especially prudent for organizations that consider local survivability and automation at the branch a high priority, but are strapped with requirements to reduce footprint, and operational and administrative costs.”

Further, highly reliable and automated core network services provide the essential foundation for the transition from a static network — configured largely by hand and tracked with spreadsheets — to an intelligent and dynamic infrastructure, which can automatically, fluidly and seamlessly adjust to movement of users and servers. This is critical to support advance applications like virtualization and cloud computing at the data center and branch offices.

“Driven by new system and endpoint demands as well as new IT initiatives like cloud computing and virtualization, network infrastructure will need to meet new automation and intelligence requirements,” said Infoblox Vice President of Marketing Richard Kagan. “Infoblox’s robust core network services platform in conjunction with the Cisco ISR, which provides an excellent combination of resiliency, management automation and flexibility, can provide organizations the dynamic infrastructure necessary to support their new system, end point and IT initiatives.”

“Integrating Infoblox’s technology into Cisco Integrated Services Routers can provide local survivability of essential services like DNS, DHCP and IPAM at the branch office, reduce footprint and operational costs, while optimizing the network for greater visibility and control,” said Rahul Tripathi, Director, Cisco Access Routing Technology Group. “In teaming with Infoblox, customers with millions of Cisco ISRs are provided with intelligent core network services that will help drive their transition to an even more automated and dynamic branch office offering.”
Availability

Infoblox virtual software for the Cisco ISRs is currently available from Infoblox’s global network of channel partners.

Cisco and Infoblox will showcase the joint solution at several upcoming industry events:

– “Unleashing the Power of Dynamic Infrastructure in the Data Center
and Beyond” - a live virtual meeting Thursday, Jan. 15, 2009,
featuring Cisco Senior Director Doug Gourlay, Cisco Director,
Rahul Tripathi and Infoblox CTO Stuart Bailey; to register, visit:
http://www.infoblox.com/news/event-detail.cfm?eventID=84.
– Cisco Networkers - Infoblox and Cisco are demonstrating the solution
in booth #E16 at the Cisco Networkers, January 26-29, Barcelona,
Spain; for more information, or to arrange an appointment, visit:
http://www.infoblox.com/news/events.cfm.

About Infoblox Appliances and Grid Technology

Infoblox pioneered core network services appliances and delivered a number of industry firsts, including the first appliances to integrate DNS, DHCP, and IPAM, TFTP/FTP/HTTP file delivery, NTP, and other services in hardened, easy-to-manage network appliances.

Infoblox grids link a group of member appliances into a unified, centrally managed system with unique resilience and automation functions. For example, the software for all appliances in a grid can be updated in a single operation. Parameters for DNS, DHCP, and all network services can be set at a grid-wide level. Data from all members and services can be viewed and managed from a single location. Additionally, advanced functionality, such as automated failover to and from disaster recovery sites, is built in.

For more information about Infoblox products, visit: http://www.infoblox.com/products/.

About Infoblox

Infoblox delivers highly reliable and manageable platforms for core network services like domain name resolution (DNS), IP address assignment (DHCP), IP address management (IPAM) and more. Infoblox solutions — essential for the move from static networks to dynamic infrastructure and applications — are used by over 2,700 organizations worldwide, including over 100 of the Fortune 500. The company is headquartered in Santa Clara, Calif., and operates in more than 30 countries.
Contact:

Media Contacts:
Jennifer Jasper
Infoblox
408.625.4309
Email Contact

Greg Ness wrote a post over at Seeking Alpha on Infrastructure 2.0 or Dynamic Enterprise.

Over the last three decades the network has grown to a point of exhaustion for many enterprises, with critical projects being slowed by the demands of manual IT labor, from core network services like DNS/DHCP and IPAM (IP address management) to the new dynamic processing power potentials unleashed by virtualization and cloud computing. A report last fall by Computerworld showed large enterprises already experiencing diseconomies of scale (rising per unit IP address management costs as IP addresses are added), before even more endpoint and system movement and change is enabled by new initiatives designed to reduce costs and increase efficiency.

When you combine rising (manual labor) costs on a per IP address basis with the ongoing expansion of the network (more IP addresses) within the context of a global recession you have the makings of a wake up call for vendors and CIOs: a wake up call driven by rising operations expenses, increasing outages and fixed or even declining budgets as networks become more operationally significant.

Those who embrace the power of automation will crowd out those who fail to see the implications of new demands.

As the Infrastructure 2.0 meme spreads, there are four companies that are destined to lead: Cisco, F5 Networks, Microsoft (MSFT) and Infoblox (my employer). Within a couple weeks Cisco and Infoblox will share a stage at the San Jose Fairmont to talk about the biggest revolution in networking since TCP/IP. In a few months Cisco, F5 and Infoblox will address FIRE attendees on the dynamic infrastructure revolution. I mention Microsoft because it is the leader in endpoint operating systems and has been very vocal about its virtualization and cloud solutions.

Dynamic infrastructure will unleash new potentials in the network, from connectivity intelligence (dynamic links and reporting between networks, endpoints and applications) to the rise of IT automation on a scale that few have anticipated. It will unleash new consolidation potentials for virtualized data centers and various forms of cloud computing. It will enable networks to ultimately keep up with increasing change velocities and complexity without a concomitant rise in network management expenses and manual labor risks.

Further down the road there will be even more capabilities emerging from Infrastructure 2.0 as virtualization and cloud payoffs put more pressure on brittle Infrastructure 1.0 networks.

As networking vendors fight against stable or even declining enterprise IT budgets the automation of otherwise mundane, manual tasks that are driving up the expense of the network will stand out as the critical chasm between extinction and ongoing growth. The larger the payoff promised by dynamic systems and endpoints the greater the pressure on static networks managed by kludge and CIO shell games.

For static network hardware vendors, enterprises will simply stop upgrading their networks at their former pace because they won’t have the operations budgets to properly administer the new gear. And those CIO buyers will be squeezed by increasingly eroding business cases for their strategic network projects as peer companies continue to evolve and exploit the power of new initiatives. They will experience new initiative diseconomies as they throw more bodies at more changes and outages.

This “dynamic or dead” scenario will start with core network service automation, as Oltsik predicted and will enable breakthroughs in other areas, including IF-MAP and Service-Oriented Network Architecture (SONA ala Cisco) and Data Center 3.0. This is just the beginning.

I find it interesting that its interesting that Cisco, Infoblox, and F5 have come together very quickly around this Infrastructure 2.0 meme.

Interested in Infrastructure 2.0 from Cisco then click here to register.

Network infrastructure will be transformed in coming months by new levels of automation and intelligence driven by new system and endpoint demands and new IT initiatives. Find out how you can boost network availability and flexibility while reducing TCO by transforming your static network infrastructure into a dynamic network infrastructure capable of responding quickly to the needs of more dynamic systems and endpoints. Attendees will learn about:

• Cisco’s perspective on the biggest revolution in data center networking technology since TCP/IP
• Why new initiatives, from RFID/supply chain to voip/wireless and virtualization will require dynamic infrastructure
• Why core network services automation and “connectivity intelligence” are a critical part of the evolution to Infrastructure 2.0

Speakers:
Stuart Bailey, Founder and Chief Technology Officer, Infoblox
Doug Gourlay, Senior Director, Cisco

Moderator:
Richard Kagan, VP Marketing, Infoblox

Sign up now for this announcement HERE.

Yahoo was hit by a massive DNS problem today reported by GigaOm.

Some are saying quietly that there was a DNS cache poisining that effected Yahoo’s main DNS nameservers.  Yahoo is not talking to me about this.  Of course I’m interested in this because of all the recent DNS security risks which have been well documented by the DNS industry leading company Infoblox.

I will try to dig into this and see if Dan Kaminsky has any insight into this.

DNS problems went mainstream after I started reporting about it here and then John Markoff reported about it on the NYTimes.

Some more info here

Top-line results indicate that despite the fact that most organizations are running recent versions of BIND and no longer using Microsoft DNS Servers for their external DNS servers, many organizations have not taken the necessary precautions to limit access to recursion or secure zone transfers. In addition, many still have not upgraded to the latest DNS software to protect against the recently discovered Kaminsky vulnerability and associated risk of DNS cache poisoning.

“Given the heightened awareness of DNS server vulnerabilities due to the recent Kaminsky discovery, it is surprising to see how many organizations are still leaving their DNS systems as potential victims of attack,” commented Cricket Liu, Vice President of Architecture at Infoblox and author of O’Reilly & Associates’ DNS and BIND, DNS & BIND Cookbook, and DNS on Windows Server 2003. “Even if an enterprise has gone to the trouble of patching against the Kaminsky vulnerability, there are many other aspects of configuration, like recursion and open zone transfers, that should also be secured. If not, organizations are essentially locking their door to their house, but leaving the windows wide open. Organizations clearly need to pay more attention to configurations and deployment architectures that are leaving their DNS infrastructures vulnerable to attacks and outages.”

DNS servers are essential network infrastructure that map domain names (e.g., yahoo.com) to IP addresses (e.g., 66.94.234.13), directing Internet inquiries to the appropriate location. Domain name resolution conducted by these servers is required to perform any Internet-related request, whether for Web browsing, email, ecommerce, or cloud computing. Should an enterprise or organization’s DNS systems become compromised by attacks, the results can be devastating, ranging from loss of a company’s Web presence, inability of employees to access any outside Web services, and perhaps most damaging, redirection of Web and email traffic to bogus sites, resulting in data loss, identity theft, ecommerce fraud and more.

Following are the key 2008 DNS survey results, which are based on a sample that included 5 percent of the IPv4 address space, nearly 80 million addresses.

GOOD NEWS

--  90% of name servers that run BIND run one of the most recent versions
    of BIND 9; a small but significant number of administrators continue to run
    older versions of BIND on Internet-facing name servers, putting their
    organizations at risk.

--  Only .17% still rely on Microsoft DNS Server, down from 2.7% (2007);
    usage of unsecure Microsoft DNS Servers connected to the Internet is
    vanishing.

--  Support for Sender Protection Framework (SPF) within DNS for spam
    reduction increased from 12.6% of zones sampled to 16.7%; despite the
    complexity of SPF configuration, validating email senders is increasing in
    importance and organizations are taking email fraud seriously.

BAD NEWS

--  One in four DNS servers does not perform source port randomization --
    the "patch" for "the Kaminsky vulnerability"; the effort by vendors and the
    Internet's DNS community to encourage administrators to upgrade their name
    servers after the announcement of the Kaminsky vulnerability paid off;
    however, a surprising number have not been upgraded and are very vulnerable
    to cache poisoning.

--  More than 40% of Internet name servers allow recursive queries; there
    are still millions of open recursors on the Internet, a danger both to
    themselves and others -- they are vulnerable to cache poisoning and
    Distributed Denial of Service attacks.

--  30% of DNS servers surveyed allow zone transfers to arbitrary
    requestors; this leaves servers as easy targets for denial-of-service
    attacks.

--  Only .002% of DNS zones tested support DNSSEC; administrators have not
    been convinced of its importance -- perhaps intimidated by its complexity
    -- but new mandates could mean a significant change in the near future.

MISC.

--  Usage of IPv6 name servers continues to increase from .27% to .44%;
    while enterprises are investigating IPv6 and concerned about increasingly
    scarce IPv4 address space, adoption of IPv6 is still low -- address
    scarcity isn't yet considered a serious concern and they feel no urgency to
    adopt IPv6.

Call to Action

Based on these statistics, there are some clear calls to action for organizations with external DNS servers. Instead of waiting until they are attacked, all organizations should assess their DNS infrastructure and immediately take the necessary steps to make them more reliable and secure. Infoblox provides a number of free, automated tools that enable organizations to test their DNS infrastructure and identify weaknesses and vulnerabilities.

I have to say that I really like working with Infoblox -solid company with solid products. Infoblox supports this blog and social media.  What a refreshing change from the old way of doing things. The new model is to connect with people in the community - peers and collegues.

Thanks Infoblox.

Here is a post from Greg Ness’ blog on their new bloxNews. Below is the note from Greg Ness

Infoblox Monthly eNewsletter now Online

We started bloxNews(TM) at Infoblox a couple of months ago as a way to collect and share industry developments related to core network services, IP address management as well as relevant trends in networking, security, virtualization and cloud computing. It goes out monthly to more than 10,000 readers.

Would love to hear what you think. We place a heavy content emphasis on industry news and commentary that we think are worth following. We also sprinkle in a bit of bloxTV and bloxRadio on topics like DNS, DNS security, DNSSEC and upcoming episodes on IPAM (IP address management).

I’ve been blogging recently about Infrastructure 2.0, or a dynamic infrastructure capable of keeping up with new initiatives, from RFID and consolidation to virtualization, wireless, VoIP and cloud. I think the automation of core network services (including DNS, DHCP and IPAM) will be strategic to the build-outs of dynamic infrastructure and the establishment of economies of scale. Many of these services are managed manually today, driving up network TCO while eroding availability and flexibility and security.

Without automation of these core network services enterprise networks will experience diseconomies of scale.

You can subscribe to bloxNews here.

Greg Ness from Infoblox writes a blog post on this topic.

nfoblox recently hosted a series of customer Advisory Board Meetings on the East Coast of the US and in Northern Europe.  The attendees represented a number of the biggest companies in the world - we’re talking global, household names.  Included along with discussions of large-scale deployments of DNS, DHCP, IPAM and other core network services, the group discussed the impacts (or expected impacts) of the current economic woes on IT spending and project priorities.

Several said that IT spending growth would slow from perhaps 5-7% YoY to 3-5% YoY growth.  But a reduction in growth is far short of a net reduction in spending:  The vast majority of companies said that they would not put off major IT projects, including infrastructure projects.

Infoblox Inc. today announced that Interwoven, a global leader in content management solutions, has deployed Infoblox appliances for delivery of core network services, including internal domain name resolution (DNS) and IP address assignment (DHCP).

Domain name resolution and IP address assignment services are essential for all IP networks; without them, the network and applications can grind to a halt. And, when they are not robust enough or integrated properly, application malfunctions can be the result.

The Interwoven IT team recognized this first-hand when they implemented a network access control (NAC) solution with a legacy Windows-based core network services infrastructure that did not allow for effective dynamic DNS updates, producing data inconsistency. As a result, when certain users attempted to access the network, they were erroneously instructed to scan their system and/or update their end point security software, compromising productivity and causing many end-user frustrations.

Interwoven looked at several core network services solutions and selected Infoblox as its new next-generation infrastructure.

“NAC was the driver to upgrade our entire core network services system,” said Raymond Lockley, CORE systems manager at Interwoven. “And now, our NAC solution is much more effective; since installing Infoblox, we have not had any DNS-based network connectivity issues.”

Yonas Hambissa, senior systems administrator at Interwoven, concluded, “We looked at several competitors, but only Infoblox met our security, reliability and management needs. Simple code propagation, real-time data updates, along with tools for accurate data entry, and reliable service delivery are the real advantages.”

Interwoven purchased and deployed 13 Infoblox appliances running the DNSone package with Infoblox’s unique grid technology that links the distributed appliances into a unified system for central management, one-button upgrades and resilience benefits. In addition to Interwoven’s San Jose, Calif. headquarters, Infoblox appliances are also deployed in their Australia, Singapore, Bangalore, Atlanta, Chicago, Austin, New York, Maryland and UK offices.

Infoblox Inc. today announced that the University of Minnesota has deployed Infoblox appliances for delivery ofcore network services, including internal and external domain name resolution (DNS) and IP address assignment and management (DHCP/IPAM) –essential to daily operation of its extensive network and applications,enabling access to resources such as student registration, assignments andhealth records. In addition to bolstering reliability, manageability and security of itscore network services infrastructure, ensuring nonstop delivery of DNS and DHCP services, the University has implemented a unique authentication portal enabled by Infoblox appliances that allows more than 6,500residential hall students easy, secure and authorized network access.

The previous solution for network address management services did not meetthe University’s requirements. The University requirements expanded inscope, scale and functionality, focusing on self-service and security.

Mike LeVoir, network design engineer at the University of Minnesota,commented: “The Infoblox solution met the University’s requirements ofbuilt-in reliability and features that allow delegated management withdata-entry templates for the various departments.”

“Infoblox made the process of implementing our student authenticationportal seamless. Students used to have to locate their MAC address — notnecessarily intuitive for some — and then register their device with theIT department by physically visiting one of our centers. With Infoblox,the students don’t need to know their own MAC address, nor do they have toleave their dorm rooms. What used to take 30 minutes now takes seconds,and we moved the process from something cumbersome to something muchsimpler both for students and the IT department.”

On campus, there are 6 Infoblox appliances running the Infoblox DNSonepackage that includes Infoblox’s unique grid technology. The gridtechnology links the Infoblox appliances together so they can operate as aunified system for resiliency and management advantages. An HA pair isacting as grid masters, two are delivering DHCP services, and the remainingtwo are performing DNS services as authoritative masters. Additionally,there is one at the Univ. of Washington, which via grid technology is fullyintegrated with a remote authoritative master and the local six appliances.

The University is currently using the authenticated DHCP function in campusresidence halls with plans to roll it out to the entire University. Whenlogging on to the University network, students are automatically redirectedto a captive portal where they are shown a registration page and acceptableuse policy. Once authorized, students are then assigned aUniversity-issued IP address. Previously, students had to go to a physicallab on campus and register their device(s). It was a cumbersome and timeconsuming process. Now using the portal, students simply plug in theirdevice in their dorm room, log on and they are on the network after aseamless host registration process.

I’ve been following the blogs over at F5 (note: I think that they have the formula right on social media).  This post is rising in their conversation space - discussion on Infrastructure 2.0 in response to Greg Ness’ post original post on Infrastructure 2.0 (which I posted here on Broadband Developments).

Here is the post over that F5 written by Lori MacVittie.  Kudos to F5 for creating deep conversations around contextually relevant content.

The comments are worth reading through - it’s a real conversation and relief to see deeper discussions verses the generalist blog conversations out there.

Here are my favorite snips

On the dynamic front, when you combine an intelligent application delivery controller with the ability to be orchestrated from within applications or within the OS, you get the ability to dynamically modify configuration of application delivery in real-time based on current conditions within the data center. And if you’re monitoring is intelligent enough, you can sense within seconds when an application - whether virtualized or not - has disappeared or conversely, when it’s come back on line. F5 has been supporting this kind of dynamic, flexible application infrastructure for years. It’s not really new except that its importance has suddenly skyrocketed due to exactly the scenario Greg points out using virtualization.

Even if it was, some infrastructure is already prepared to deal with that dynamism. Dynamism is just another term for agility and makes the case well for loose-coupling of security and delivery with the applications living in the infrastructure. If we just apply the lessons we’ve learned from SOA to virtualization and cloud computing and 90% of the “Big Hairy Questions” can be answered by existing technology. We just may have to change our architectures a bit to adapt to these new computing models.

Network infrastructure, specifically application delivery, has had to deal with applications coming online and going offline since their inception. It’s the nature of applications to have outages, and application delivery infrastructure, at least, already deals with those situations. It’s merely the frequency of those “outages” that is increasing, not the general concept.

But what if they change IP addresses? That would indeed make things more complex. This requires even more intelligence but again, we’ve got that covered. While the functionality necessary to handle this kind of a scenario is not “out of the box” (yet) it is certainly not that difficult to implement if the infrastructure vendor provides the right kind of integration capability. Which most do already.