Posts Tagged ‘Network’

Network Virtualization at AT&T Yields Services

September 18th, 2014

AT&T Inc. T +0.20% says that by year-end it will begin to roll out the first services based on its new virtual network, which is controlled mostly by software rather than hardware.

Beyond lowering costs and speeding the deployment of services, the shift makes it possible for customers to manage their telecom services on their own, in real time, over the cloud.

AT&T said Tuesday that it had been testing the service at the University of Texas at Austin and that it will be available commercially in the city of Austin by year’s end.

Beginning next year AT&T will roll out on-demand services for businesses in Houston, San Antonio, Los Angeles, San Francisco and Dallas, said Roman Pacewicz, AT&T senior vice president of marketing and global strategy.

In creating these services, AT&T is redesigning its network to be more software-centric rather than hardware-centric, enabling the company to more easily automate service delivery to customers.

The effort marks the first service made available through the telecom provider’s move to virtualize hardware in its public network, which it announced in February.

Virtualization began years ago with mainframes but grew in popularity over the past decade with server virtualization and the ability to put several server operating systems on one physical machine. Server virtualization helped pave the way for modern data centers and many kinds of cloud computing.

Many people believe that the impact of network virtualization will be just as great, making it possible to reconfigure networks online with a few clicks instead of today’s laborious manual process.

AT&T’s ability to more easily manipulate network equipment using software means that business customers can get new service in just a couple of days instead of 60 to 90 days, said John Donovan, senior executive vice president of AT&T architecture, technology and operations. And now, in minutes, customers will be able to increase bandwidth, which once took 30 to 45 days, he added.

—Rachael King

Support for Microsoft MSFT -0.51% Windows Server to End

A large number of businesses still run Microsoft Windows Server 2003, and it’s unlikely that all of them will have upgraded before Microsoft Corp. ends support on July 14, 2015, say analysts. Companies that don’t upgrade increase their cybersecurity risks because the company will no longer issue security updates and these systems will be more vulnerable to hackers.

Businesses world-wide run an estimated 23.8 million physical and virtual instances of Windows Server 2003, according to data released by Microsoft in July 2014. Analysts say the technology is more prevalent in industries such as health care, utilities and government.

“Microsoft does not plan to extend support for Windows Server 2003 and encourages customers who currently run Windows Server 2003 and have not yet begun migration planning to do so immediately,” said Vivecka Budden, a Microsoft spokeswoman.

“In general, everyone has been slow to migrate,” said Rob Helm, vice president of research at Directions on Microsoft consulting firm.

The problem in industries such as health care and utilities is that companies run legacy apps written by vendors who still require Windows Server 2003.

For now, analysts are recommending that companies work out their risk of exposure and make plans to first migrate those applications that will be most difficult.

Companies should make plans to harden servers that can’t be updated. That might entail putting those systems on an isolated network, where they’d be less prone to outside attack, Mr. Helm said.


Exabeam Raises $10 Million For Network-Tracking Security Software

June 11th, 2014

Security software developer Exabeam has raised $10 million in a Series A round of financing to protect businesses from the latest kinds of hack attacks.

These days, businesses are being targeted by a more savvy kind of attacker, according to Exabeam chief executive Nir Polak. Rather than simply try to penetrate a network using brute force, today’s secret data espionage warriors mimic real users — sometimes corporate partners, sometimes colleagues — to infiltrate a network using hijacked identities. Once inside, these hackers (under the guise of a real employee or partner) are free to wander around networks at will.

Exabeam’s software services track employees’ activities on a network using existing log data to create profiles of how a typical user interacts with different aspects of the network. When an employee does something that appears anomalous, the same security-tracking program can flag the behavior for a company’s crack team of white hat network defenders.

It’s fundamentally different from the way most people approach security, says Polak. “Typically, somebody builds a bigger fence and somebody will build a better way to go around it,” he says. Exabeam is trying to stop the attackers without the fence.

The software, engineered by the team behind the security company Imperva, was interesting enough to attract investment from Norwest Venture Partners, Aspect Ventures and angel investor Shlomo Kramer who has a track record of founding, funding and growing successful security companies, such as Check Point, Imperva, Palo Alto Networks and Trusteer.

For investors like Theresia Gouw, who previously worked as a partner at Accel before launching her own investment shop Aspect Ventures, the Exabeam deal reunited her with Polak and Kramer after their work together at Imperva, and it gave her the opportunity to work with Norwest’s Matt Howard. “Matt is someone whose security portfolio I have always admired, but was we both tend to like to do the early rounds we hadn’t been able to work together before now, since Aspect Ventures’ model is to partner in Series A rounds,” Gouw wrote in an email.

Howard, an investor in security companies like FireEye, MobileIron, 41st Parameter, and Shape Security also leapt at the chance to work with the Imperva team. “Exabeam brings a different approach to a very noisy industry full of alarms, loggers, SIEMs, and firewalls,” he wrote in an email. “It leverages existing logs and a machine-learning technology to home in on attacker behavior. The team has proven high tech and security experience, with veterans of Imperva and Sumo Logic, and I believe their approach has the potential to both simplify and improve security.”

As a result of their investments, both Howard and Gouw will join the Exabeam board of directors, which includes founders Polak and Gil, as well as Kramer.

“Organizations are losing the battle against cyberattacks, and the industry is in need of an effective approach to reverse the asymmetric advantage favoring hackers,” Polak said. “Our investors have an impressive history of building transformative companies, and their confidence in Exabeam’s big data security analytics will help us solve the most persistent and important challenge in the security industry – stopping data breaches in their tracks.”


Google launches Andromeda, a software defined network underlying its cloud

April 3rd, 2014

The Andromeda virtualized network that underlies some of Google’s services is now available to certain customers of Google’s Compute Engine with more zones coming on in the coming months.

Updated throughout with new information from Google.

For everyone saying that software-defined networking is a pipe dream, Google is about to prove you wrong. The search engine giant and cloud provider said it has made its Andromeda software-defined network platform available in two of its Compute Engine zones, with the rest of its zones transitioning to Andromeda in the coming weeks.

So for companies using Google’s us-central1-b and europe-west1-a zones today, they can take advantage of what is truly a virtualized environment.

The basic promise behind this is that it virtualizes the network and, thus, it can scale. In the cloud, being able to scale a network means that you add agility while lowering operational costs. There are plenty of debates on how one implements software-defined networks but the implementation is something Amazon, Facebook and other large cloud and webscale companies are working on.

Google has been at the forefront of the software-defined networking revolution, first implementing an Open Flow-based software-defined network to support communications back in 2012. Now it is going live with Andromeda, the underlying software-defined networking architecture that will enable Google’s services to scale better, more cheaply and quickly. It has the added benefit of making the network faster, as well.
What is Andromeda?

Google describes Andromeda as its newly integrated networking stack with the diagram below and via a blog post:

Andromeda’s goal is to expose the raw performance of the underlying network while simultaneously exposing network function virtualization (NFV). We expose the same in-network processing that enables our internal services to scale while remaining extensible and isolated to end users. This functionality includes distributed denial of service (DDoS) protection, transparent service load balancing, access control lists, and firewalls.

Andromeda is the enabler behind Google’s SDN efforts, so a better question isn’t what is it, but what does it allow Google or the end customer of Compute Engine to do. It’s like the hypervisor for a server, destined to become a commodity. Google has built load-balancing, security and firewall services on top of Andromeda that it can now offer to customers in an on-demand fashion. And as that customer uses more compute, the networking required to support the services on that additional compute expand with it.

No one has to plug new cables into ports or manually add firewalls to new VMs via a dashboard. Andromeda also has improved the networking performance, according to Amit Vahdat, a distinguished engineer at Google who presented on Andromeda last month at the Open Networking Summit and wrote today’s blog post.

Another interesting new service SDN and Andromeda enables is oxymoronic, isolated, multi-tenancy. Basically, by controlling the network flows Google can make sure traffic from one customer’s VMs stay within a defined cloud, isolating the customer’s data and compute jobs without restricting them to physical machines. One can also use such a network to migrate virtual machines in the case of maintenance or downtime. Those services are not available yet to Compute Engine customers yet, but they are possible.

Vahdat is working to make them not only available to Compute engine customers, but in the case of VM migration, automatic. The customer should have to do anything. He explained that Google is already isolating certain jobs on its hardware using Andromeda and will make that available to customers in time. When asked if Google planned to open source any of the software that makes up Andromeda, he said the best way to get the functionality is through Google’s cloud offerings.

As for the architecture of Andromeda, Vahdat explained that portions of it use Open Flow, but he was clear that SDN doesn’t require Open Flow. He also said that the underlying gear wasn’t all replaced to build this functionality, and that everything was done in software. But this wasn’t a trivial undertaking and he said companies aren’t likely to be able to build this type of infrastructure alone. For Google that’s sort of the point — if customers want this flexibility they should try Compute Engine.

Overall, this a pretty significant announcement for Google’s customers, although the current Andromeda network only supports IPv4 today, and its also a technical and economic advantage for Google over providers who don’t have the same underlying technology. Google can now allocate network resources easily and cheaply to deliver faster compute and data transfer rates between virtual machines. That makes its cloud faster, allocates its resources more efficiently and eliminates the networking bottlenecks that have slowed down the promise of virtualization.

We’ll discuss Andromeda and more, onstage with Urs Hölzle, SVP of Technical Infrastructure & a Google Fellow at our Structure Conference in June.


Get Adobe Flash player