Network Evolution MAY Final

BUILDING THE INFRASTRUCTURE TO ENABLE THE CHANGING FACE OF IT

M A Y 2 0 1 5 \ V O L . 6 \ N 0 . 4

N ET W O R K M A N A G E M E N T

Single Pane of Glass or Single Glass of Pain?

T H E S U B N ET

Getting Hands On with VMware NSX

k

k

I N F O G R A P H I C S

Pulse Check

k

L AY E R 4 -7

Need for Network Orchestration Builds, but Tools Come Up Short

E D I T O R S D E S K

Networkings Latest Humblebrag: 802.11ac Wave 2

k

k I N F O G R A P H I C SData Mine

k

FULL SPEED AHEADYouve waited for them. Theyre here.

The first 802.11ac Wave 2 access points have hit the market, maxing out 11acs

potential with multi-gigabit speeds.

2 N E T W O R K E V O L U T I O N, M A Y 2 0 1 5

802.11ac

DATA MINE

LAYER 4-7

PULSE CHECK

NETWORK MANAGEMENT

THE SUBNET

EDITORS DESK | JESSICA SCARPATI

Networkings Latest Humblebrag: 802.11ac Wave 2

Are you familiar with humblebrag?Its a term that signifies false modestya

boast poorly masquerading as self-depreca-tionwhich enjoyed its moment in the sun a few years ago when a TV writer coined the term and later compiled Twitters best humblebrags in a book. The act of humble-bragging isnt a new social phenomenon, but the level of obnoxiousness it evokes has been amplified by social media.

Youve surely rolled your eyes at com-ments or tweets like these before: Im always getting stopped for speeding just because I drive an expensive sports car. So unfair! Ugh, I didnt even brush my hair

today and I still got hit on at the bus stop. I can eat a whole pizza every day and not gain any weight. How weird is that?!

But long before we were subjected to Ashley Judd lamenting about how tortu-ous it is to be nominated for an Emmy, net-working had its own humblebrag moment. In fact, I would argue, networking has a humblebrag moment every few years.

Stop me if youve heard this one before: What would we even do with so much bandwidth?!

Its a refrain we often hear right before a new standard comes out that will double, triple or otherwise multiply the capacity

Whenever a newstandard bumpsup bandwidth, wewonder how wellever fill up thatpipeand its notlong before weeat our words.Here we go again.


802.11ac

DATA MINE

LAYER 4-7

PULSE CHECK

NETWORK MANAGEMENT

THE SUBNET

on wired or wireless networks. And like clockwork, IT pros eat those words a few years later when the latest killer app comes along that consumes most of their available bandwidth. Even the data center engineers at Google underestimated how quickly video traffic would saturate their network.

And here we are again as the first 802.11ac Wave 2 access points hit the market. This second and final phase of the latest Wi-Fi standard claims it can hit a theoretical maximum of nearly 7 Gbps. While its a speed we can expect to see only in tightly controlled lab environments, no doubt Wave 2 will make multi-gigabit speeds a re-ality in enterprise wireless LANs.

Its an intriguing notion for most network engineers, but without the benefit of hind-sight, its difficult for them to imagine how they could possibly take full advantage of

such throughput. For most enterprises, Wave 2 sounds like

overkill today. And for many that have al-ready overhauled their networks to support Wave 1, spending thousands more on Wave 2 is out of the question. But it wont be long before the next big bandwidth-hogging ap-plication comes along, and it will catapult the need for Wave 2s capacity gains to the forefront.

As we explore in our cover story in this is-sue of Network Evolution (Making Waves: Preparing for the Next Phase of 11ac), en-terprises preparing to take the plunge will need to think about how Wave 2 affects their architecture beyond access points and switches.

Also in this issue, we look at whether the single pane of glass approach to network management is still the preferred model


802.11ac

DATA MINE

LAYER 4-7

PULSE CHECK

NETWORK MANAGEMENT

THE SUBNET

with increasingly abstracted IT environ-ments that use cloud and virtualization technologies (Single Pane of Glass or Sin-gle Glass of Pain?). We also dive into how the emerging world of Layer 4-7 orchestra-tion aims to simplify and automate the less-than-glamorous tasks of network service provisioning and lifecycle management (Need for Network Orchestration Builds, But Tools Come Up Short).

Finally, in this edition of The Subnet, one network engineer in the middle of testing VMwares NSX platform shares his experiences with network virtualiza-tion (Getting Hands On with VMware NSX). n

Jessica Scarpati

Networking Media GroupFeatures and E-zine Editor


At long last, 802.11ac Wave 2 access points are here,ushering in the age of multi-gigabit Wi-Fi. What does it meanfor network architectures? And will Wave 1 adopters be left in the dust?

As an increasing number of enterprises upgrade their overtaxed Wi-Fi networks with 802.11ac technology, they are discov-ering wireless speeds that are capable of meeting their demand for several years.

Its a welcome realization for many net-working professionals who were unsure whether to hold off on deploying the first generation of 802.11ac, known as Wave 1, or

802.11ac

Making Waves: Preparing for the Next Phase of 11ac

BY ANTONE GONSALVES

DATA MINE

LAYER 4-7

PULSE CHECK

NETWORK MANAGEMENT

THE SUBNET

802.11AC


DATA MINE

LAYER 4-7

PULSE CHECK

NETWORK MANAGEMENT

THE SUBNET

802.11AC

wait for the widespread commercial release of the second generation of 802.11ac prod-ucts. Wave 2 access points, which have just started to trickle into the market, will offer up to five times more bandwidth than Wave 1 and be able to support up to four times as many simultaneous connections on a given access point (AP).

But with great bandwidth comes great responsibility.

Nearly all 802.11ac implementations to-day are based on the Wave 1 specification, which doesnt typically require widespread network infrastructure changes. However, the sec-ond phase of the technology, called Wave 2, may require enterprises to rethink their network architecture.

At the forefront will be the need for greater capacity in the access layer to avoid bottlenecks between an AP and the first switch to which it connects. Its not just about bigger pipes, however. Wave 2 will make 802.11ac the first wireless standard to use multi-user MIMO, which adds support for more mobile devices on a wireless LAN (WLAN), augmented by wider channels and standardized beamforming techniques to improve speed.

But introducing those features to a net-work may require IT pros to adjust their network design. Additionally, many Wave 2-based networks will require a cabling up-grade and need to accommodate new power over Ethernet requirements.

Fortunately for most enterprises, the Gigabit Wi-Fi capability of Wave 1 will sat-isfy their needsand prevent any dramatic

30%of controller-based access

points shipped in Q4 2014 support 802.11ac.

Source: Worldwide Quarterly WLAN Tracker, IDC, March 2015


DATA MINE

LAYER 4-7

PULSE CHECK

NETWORK MANAGEMENT

THE SUBNET

changes to their networksfor a few years.

Were really not seeing anything ap-proaching that gig bandwidth, even with 802.11ac access points, says Joseph Rog-ers, associate director of network engi-neering at the University of South Florida (USF) in Tampa, which began deploying Wave 1 APs last year.

802.11ac Takes the LeadUpgrades from the previous 802.11n stan-dard started earnestly last year after the IEEE ratified the latest technology. The biggest draw for enterprises has been faster wireless speeds and the ability to support eight spatial streams per AP, an important feature as more laptop-toting users add smartphones and tablets to the arsenal of

devices they use on enterprise WLANs.This year, the number of shipments of

802.11ac APs will surpass those of 802.11n, according to market researcher IDC. Thats a huge turnaround from 2014, when ship-ments of the older technology were more than five times greater.

In 2015, we do believe that 11ac will far out-ship 11n, says IDC analyst Rohit Mehra. Thats the ramp-up that we are seeing for 11ac.

Last month, Ruckus Wireless was the first vendor to announce an AP that na-tively supports Wave 2, and more vendors are expected to follow in the months ahead. The second iteration of the standard has a theoretical maximum throughput of almost 7 Gbps in the 160 MHz channel, up from a theoretical maximum of 1.3 Gbps in the 80 MHz channel in Wave 1.

802.11AC


DATA MINE

LAYER 4-7

PULSE CHECK

NETWORK MANAGEMENT

THE SUBNET

While the promise of higher speeds and support for more users is attractive, it will come at a cost. Enterprises that adopt Wave 2 devices will need to consider the implica-tions across the whole network. For exam-ple, Wave 2 access points will need 30 watts of power over Ethernet versus the 15 watts many enterprises currently have in their access layer.

In addition, the Cat5e and Cat6 cabling used in most enterprises today may have to be upgraded to Cat6a to handle faster speeds. Two vendor alliances and the IEEE, however, are working on specifications for supporting 2.5 and 5 Gigabit Ethernet (GbE) over Cat5e and Cat6, which are cur-rently certified to support 1 GbE for up to 100 meters. Cat6a, more commonly found in data centers, is certified to support 10 GbE for up to 100 meters.

But with many organizations having recently upgraded to 802.11ac Wave 1, its un-likely those that have made significant invest-ments will jump into Wave 2 soon. IT pros who have already adopted Wave 1 say that, fortunately, they expect their current archi-tectures to serve them well for quite a while.

Schools a Hotbed for 11acAmong those knee deep in upgrading to 802.11ac Wave 1 are colleges and universi-tieswhere students are slow to praise, but quick to gripe, when wireless connections are too sluggish for streaming video, shar-ing photos on social networks and down-loading coursework.

For us, [receiving] no complaints is a good thing, says Trevor Beach, a net-work engineer at West Chester University

802.11AC


DATA MINE

LAYER 4-7

PULSE CHECK

NETWORK MANAGEMENT

THE SUBNET

(WCU) of Pennsylvania, which recently rolled out 802.11ac.

Wave 1 of the latest Wi-Fi standard has a theoretical maximum speed more than double that of 802.11n. Actual speeds for the technologies in the real world are con-siderably less, but the order of magnitude of throughput between the new and the old standard is about the same.

Last fall, the University of South Florida, which serves 31,000 undergraduates, re-placed 1,400 legacy access points in student housing with 802.11ac models from Cisco. The APs that were tossed were eight years old.

It was way past due, says USFs Rogers of the upgrade.

The new APs have a maximum uplink speed of 1 Gbps, which is 10 times the 100 Mbps speed of the older devices. However,

Rogers was surprised to discover that ar-eas with the most traffic peaked at only 90 Mbps to 100 Mbps.

Traffic from all 1,400 access points aver-aged only 2.5 Gbps, which is far below the capacity of the 10 GbE switches from Cisco and Brocade that the university installed along with the access points. He expects the current technology to meet the universitys needs for the next three to five years. Thats because the majority of smartphones and tablets in use today do not support 802.11ac. Only 15% of the devices online at USF use the latest Wi-Fi standard.

Organizations using 802.11ac Wave 1 to-day say the most important advantage of upgrading is the higher number of mobile devices that can be handled by each AP. The standard operates in the less-congested 5 GHz band and supports more 20 MHz

802.11AC


DATA MINE

LAYER 4-7

PULSE CHECK

NETWORK MANAGEMENT

THE SUBNET

channels for connecting a greater number of devices to a network, but the actual vol-ume of devices a given network can handle depends on an individual design. Each 802.11ac Wave 1 access point at WCU can handle roughly three times as many de-vices as 802.11n APs, estimates Beach.

Its definitely faster than the 802.11n ac-cess points, but in the end, the bigger ben-efit is in the ability to handle more clients, Beach says. The older access points just couldnt handle the client base that these new ones can.

Wave 2 introduces multi-user MIMO and more antennae, which allow an AP to behave more like a switch by enabling it to communicate with several radios at once. The catch, however, is that client de-vices must also support multi-user MIMO to take full advantage of it. The previous

generation of Wi-Fi, 802.11n, introduced single-user MIMO, in which an AP behaves more like a hub that can only talk to one client at a time.

The Cost of Upgrading to 11acMore than half of networking professionals say mobile devices have an extremely or very high impact on network capacity and performance, according to a May 2014 sur-vey by 451 Research.

Organizations like research labs that need to send hundreds of megabits per sec-ond of data from a single device have the option of doing that by taking advantage of 802.11acs ability to use 80 MHz or 160 MHz channels. Such high frequencies sup-port fewer devices, so they are seldom used in organizations looking to get as many

802.11AC

1 1 N E T W O R K E V O L U T I O N, M A Y 2 0 1 5

DATA MINE

LAYER 4-7

PULSE CHECK

NETWORK MANAGEMENT

THE SUBNET

people online as possible.The Kelsey-Seybold Clinic has 20 facili-

ties in the Houston metropolitan area. It rolled out about a hundred 802.11ac APs in clinical areas that never had a wireless network, says Martin Littmann, the clinics CTO and CISO. The deployment made it possible for doctors to more easily upload medical images to patients electronic re-cords and to use computers on carts during patient visits or outpatient procedures.

The clinic started to roll out new ac-cess points after upgrading its two Aruba wireless controllers in mid-2014. Such an upgrade can cost between $30,000 and $50,000, Littmann says.

The doctor-run healthcare provider has more than 300 older access points in its waiting rooms. Because each new AP would cost about $600, the clinic is unlikely to do

802.11AC

Cloud-based WLANs let IT focus on bigger pictureAs wireless networks grow more sophisticated, some IT pros find a cloud-managed model improves their operational efficiency.

Albany State University in Georgia uses 430 of Ciscos cloud-managed Mer-

aki APs; about a quarter support 802.11ac. The controller is in Ciscos cloud.

Pricing for on-premises and cloud-based controllers is similar, says

Noore Ghunaym, infrastructure services manager at Albany State. The

cloud-based one is easier to use, he says, enabling Albany State to cut the

equivalent of a part-time position for WLAN management and maintenance.

Two-thirds of the APs at the Pulaski County Special School District in Ar-

kansas use 802.11ac. But that figure is rising to support an initiative to issue

every student an iPad.

The deployment with Aerohive Networks will cost $6 million to $8 mil-

lion, which includes the price of 10 GbE switches and cabling, says Will Reid,

Pulaskis chief technology officer.

Reid wanted to avoid needing a management appliance at each

schoolsaving $12,000 to $15,000 apieceand to remove the burden of

maintaining them.

When you work for a school district, youre always being asked to do

more with less, he says. n


DATA MINE

LAYER 4-7

PULSE CHECK

NETWORK MANAGEMENT

THE SUBNET

another upgrade for three or four years.One of the principles of a physician-owned

business is to use a piece of equipment until its dead and then make sure its dead before you throw it away, Littmann says.

On an average day, 20% of the WLANs bandwidth is used for clinical pur-poses while the remainder is split between personal devices used by employees and patients.

In a lot of wireless en-vironments, you find a whole lot of bandwidth being given out for free and a much smaller amount actually being consumed by the en-terprise for production

work, Littmann says.In the summer of 2014, Aruba customer

WCU installed a thousand 802.11ac APs, roughly doubling the number on campus. The majority was installed in student hous-ing that never had Wi-Fi.

The cost of the 802.11ac implementation, including routers, switches and cabling, topped $1 million, says Joseph Sincavage, WCUs director of networking and tele-communications. About a year before, the university of almost 14,000 undergraduate students had upgraded its LAN from 100 Mbps to 10 Gbps.

The school has a 3 gigabit link to the pub-lic Internet and is planning to upgrade it soon to 10 gigabits.

Were almost filling that pipe, Beach says of the current connection. Were getting close. n

802.11AC

Whats in your WLAN?Which wireless standards have you deployed?Respondents could select multiple answers.

802.11a

802.11b

802.11g

802.11n

802.11ac

Source: Wireless LAN buyers survey, TechTarget, March 2015, N=176

27%

27%

45%

57%

26%


802.11ac

DATA MINE

LAYER 4-7

PULSE CHECK

NETWORK MANAGEMENT

THE SUBNET

Data Mine

802.11ac

DATA MINE

LAYER 4-7

PULSE CHECK

NETWORK MANAGEMENT

THE SUBNET

Source: Network infrastructure buyers survey, TechTarget, March 2015, N=128


Source: 2015 Mobile and IoT Security Strategies and Vendor Leadership: North American Enterprise Survey, Infonetics Research, March 2015, N=187

k Open networking efforts begin to bare fruitBare-metal switches are expected to account for 26% of port shipments by 2019, up from 11% in 2014.

k What do you look for in campus LAN switches?Respondents could select more than one answer.

51%

48%

36%

33%

23%

23%

Application and traffic awareness

Ability to function in a distributed core

Ability to function in a fabric or virtual chassis

IPv6 support

Support for shortest-path routing

SDN support

42percent

of enterprise IT pros expect to see

wearable devices, such as smart

watches or fitness trackers, connecting

to their wireless LANs by 2016.

PM

2014 201926%11%


Software-defined data centers and cloud computing are driving a need for tools that can automate provisioningand lifecycle management forLayer 4-7 network services.

Networks have developed a middle-child syndrome over the years.

Ever since the first server virtualization platforms allowed systems administrators to easily spin up or decommission virtual machines (VMs) within minutes, the data center solidified its place as the golden child, representing agility and efficiency in infrastructure. It paved the way for cloud computing, putting more pressure on IT to

Layer 4-7

Need for Network Orchestration Builds, but Tools Come Up Short

BY JESSICA SCARPATI

DATA MINE

LAYER 4-7

PULSE CHECK

NETWORK MANAGEMENT

THE SUBNET

802.11ac


802.11ac

DATA MINE

PULSE CHECK

NETWORK MANAGEMENT

THE SUBNET

LAYER 4-7

be responsive to dynamic environments. While virtualization soon seeped into

other parts of IT like storage and desktops, the network was largely ignored. Although Layer 4-7 appliance vendors released vir-tualized versions of their productsvirtual firewalls, virtual load balancers, virtual WAN optimization controllers and so forththeir primary focus was on reducing expenses, not improving agility. Network-ing as a whole remained frozen in hardware governed by static architectures, and most attempts to innovate focused on moving bits faster.

Software-defined networking (SDN) and network virtualization finally caught up, however, adding more flexibility and programmability to switching and rout-ing. Now enterprises and service provid-ers steeped in cloud and software-defined

data centers are eager to see these plat-forms climb up the stack to tie in Layer 4-7. Theyre hungry for orchestration tools that can automate the deployment and manage-ment of those services with minimal hu-man intervention.

Its becoming close to table stakes, says Rick Drescher, managing director of tech-nical services at Savills Studley, a commer-cial real estate advisory firm in New York that helps businesses lease data center space. For companies that are really lever-aging a software-defined data center, that level of orchestration on firewalls, virtual switches, virtual routers and virtual load balancers is becoming something that they absolutely have to have.

Theres just one problem: The commer-cial products and open-source alternatives available today just scratch the surface in


802.11ac

DATA MINE

PULSE CHECK

NETWORK MANAGEMENT

THE SUBNET

LAYER 4-7

terms of bringing these capabilities to life.These cloud orchestration platforms

are really good at taking Layer 4-7 ser-vices templates and applying them to vir-tual appliances to spin things up quickly, says Shamus McGillicuddy, a senior ana-lyst at Enterprise Management Associates (EMA). But theyre not necessarily doing everything else you need to do in order to manage them, troubleshoot them, monitor them, make sure that each instance of your Layer 4-7 service is configured properly and so on.

A recent EMA survey asking IT pros about their greatest barriers to software-defined data centers found that trouble-shooting and monitoring across physical and virtual networking was the third-big-gest perceived challenge, while integrat-ing provisioning across physical and virtual

networking ranked fourth. Those are two areas where sophisticated orchestration tools can help out, McGillicuddy says.

Meanwhile, Ciscos recent acquisition of Embrane, which had been the most visible independent vendor in this space, signals that incumbent vendors are recognizing the importance of these capabilities.

People arent even necessarily aware of whether or not they need this. Theyre go-ing to need it, but they dont know that yet, McGillicuddy says.

What Does Layer 4-7 Orchestration Entail?Like a conductor cueing the violins to come in a few beats after the trumpets, orches-tration platforms automate and coordinate the steps necessary to provision, configure


802.11ac

DATA MINE

PULSE CHECK

NETWORK MANAGEMENT

THE SUBNET

LAYER 4-7

and manage IT services. Orchestration has traditionally been

associated with cloud servers. But in the world of Layer 4-7 services, the idea is that anytime a server admin does anything to an applicationlaunches it on a new VM, decommissions that VM, or moves the VM to a different server rack or another data center entirelyan orchestration plat-form would dutifully follow up with all the necessary configuration changes in virtual appliances associated with it. Ideally, it would also integrate all of those appliances management platforms to perform other housekeeping tasks like tracking licenses, monitoring availability and initiating troubleshooting.

Automated provisioning and lifecycle management may not sound especially revolutionaryuntil you consider just how

dynamic the modern data center is.In the world of private cloud, where ev-

erything is theoretically and serially mov-ing around, you dont have these 4-to-7 appliances sitting in one spot anymore, says Andre Kindness, a principal analyst at Forrester Research.

Enterprise environments are getting more complex as they either become un-wieldy or because a company is growing like crazy with acquisitions, says Savills Studleys Drescher. He recently worked with a client that makes one acquisition per quarter, on average; almost 30% of its change-control processes are a direct re-sult of those acquisitions. Orchestration tools would minimize some of the burden and risks that accompany these otherwise manual processes in highly virtualized environments.


802.11ac

DATA MINE

PULSE CHECK

NETWORK MANAGEMENT

THE SUBNET

LAYER 4-7

The amount of human error thats go-ing to be introduced into a system like this continues to grow as the system gets

more complicated, Dre-scher says. So the more you can automate things like switching VLANs around or updating fire-wall changes dynamically, the more youre going to get out of your IT infra-structure and the less prone youre going to be to downtime.

And while much of the focus on Layer 4-7 orches-tration has been around data centers, Kindness says, the wide area net-work (WAN) may stand

to benefit the most. The move away from hub-and-spoke designswith fewer branch offices now reaching out to the data center for all network serviceshas created a need for distributed enterprises to simplify the way Layer 4-7 services are now deployed.

Instead of doing something like you see with airlineswhere you fly from one city to a hub and then youre forced to get on another flightwhat were moving to [on the WAN] is much more like a freeway sys-tem where you get to choose from multiple paths, Kindness says. But since you dont have one spot [acting as] your control cen-ter, your Layer 4 to Layer 7 services that were typically in the data center need to be dispersed everywhere.

Its an exciting prospect for Markus Voegele, a senior system and design en-gineer at Lufthansa Systems, a managed

Top five network virtualization usesWhich network virtualization capabili-ties are most important to you?

Respondents could select multiple answers.

Monitoring a virtual environment

Layer 2-3 network virtualization

Switching within the virtual stack

Application awareness in virtual networks

Virtualized Layer 4-7 network services


55%

48%

38%

26%

50%


802.11ac

DATA MINE

PULSE CHECK

NETWORK MANAGEMENT

THE SUBNET

LAYER 4-7

service provider and wholly owned subsid-iary within Lufthansa Group that serves the German companys flagship airline along with more than 300 other airline customers.

Employees at one of Lufthansas larger offices on Long Island, N.Y., have a video conference twice a month with their col-leagues in Frankfurt. In a traditional network architecture, any policies and ap-pliances used to optimize that traffic would

have to be staticmeaning, once a policy is set, its al-ways onor would have to be manually reconfigured by Voegele and his team in Kelsterbach, Germany.

Hoping for a more effi-cient approach, Voegele is testing Ciscos Application

Policy Infrastructure Controller Enter-prise Module (APIC EM), which functions as a centralized controller for provision-ing, configuring, monitoring and manag-ing application-level network policies in Ciscos Application Centric Infrastructure (ACI) fabric. In addition to supporting Cis-cos built-in Intelligent WAN and network monitoring applications, the controller also integrates with Citrixs NetScaler load balancer.

Voegele would like to use APIC to pro-vide the local IT administrator in the Long Island office with on-demand, but limited, control over the network connection dur-ing video conferencing sessions to optimize traffic.

I do not often say the word awesome, but if this turns out to work as designed by Cisco, this will be awesome, he says.

I do not often say the word awesome, but if this turns out to work as designed by

Cisco, this will be awesome.

Markus Voegele, Lufthansa Systems


802.11ac

DATA MINE

PULSE CHECK

NETWORK MANAGEMENT

THE SUBNET

LAYER 4-7

Other Drivers: Clouds and ConsumersThe need to orchestrate Layer 4-7 services is becoming increasingly vital for enter-prises that rely heavily on the cloud. Thats because many are eager to take advantage of the ongoing price wars among cloud pro-viders and migrate their workloads to the lowest bidder, Drescher says.

Additionally, factors like the cost of elec-tricity can drive a private cloud migration. The Pacific Northwest is home to a lot of re-newable energy, with rates as low as 3 cents per kilowatt-hour, Drescher explains. Com-pare that to New York City, where 17 cents per kilowatt-hour is considered a good deal, he says.

If you only need your data center to be near your users [in New York] during the peak of the daybecause thats when la-tency mattersand if you can shift it over

to someplace cheaper at night, that could save a customer a few hundred thousand dollars on electricity bills over the course of the year, Drescher says. Orchestration is super important to make sure that works [because] the complexity of doing it manu-ally is not something that many places have the appetite for.

The push for more dynamic, automated networks is also driven by the consumer market as companies try to react to cus-tomer demands in real time, Kindness says.

Global supermarket chain Tesco has hy-per-personalized the experience at some gas stations the company operates. While customers fill their tanks, a small device uses facial recognition software to deduce their age and gender; a nearby monitor then plays specific advertisements for that demographic, Kindness says.


802.11ac

DATA MINE

PULSE CHECK

NETWORK MANAGEMENT

THE SUBNET

LAYER 4-7

Similarly, a retailer in Asia uses sensors to identify clothing items customers bring into a dressing room and then adjusts the music played while they try on the clothes, he says. Preppy clothes, for example, may trigger pop music while hip-hop fashion may initiate rap music.

These specific companies arent using SDN or network virtualization, but theyre looking to do something because the cur-rent resources are strapped, Kindness says.

Businesses are pushing services and responsibilities closer to the customer. As such, networkings Layer 4 through 7 services are getting dispersed in either an appliance, software or service form at the remote location, he adds. Everything isnt being done at the same time, so the business needs SDN to spin up and down

services and find the best resources based on whats occurring at the remote site.

Figuring Out the Best ApproachLike much of SDN and network virtualiza-tion, vendors approaches to Layer 4-7 or-chestration are splintered.

At this point, the predominant model revolves around Cisco and VMwarewith their ACI and NSX architectures, respec-tivelyand the ecosystems they have built up with various Layer 4-7 vendors.

Last August, VMware announced a part-nership with F5 that provides integration between NSX and F5s BIG-IQ orchestra-tion platform. This followed a partnership VMware had struck with Palo Alto Net-works in late 2013 that enabled NSX us-ers to automatically provision Palo Altos


802.11ac

DATA MINE

PULSE CHECK

NETWORK MANAGEMENT

THE SUBNET

LAYER 4-7

virtual firewalls in overlay networks. Because services are mapped to a VM

an identityand not to a physical location like an IP address, NSX can be configured to ensure any VMware-based or supported third-party services automatically queue

up, turn off or move around according to real-time network conditions, says Chris King, vice president of product marketing at VMware.

Wherever the infrastructure decides to put my workload, all the correct Layer 4-7 services follow it, King says.

Prior to Ciscos recent acquisition of Em-brane, the two vendors entered a partner-ship in 2014 when Cisco added Embrane to its ACI ecosystem. It was a turning point for Embrane, which pivoted its strategy from providing a platform that orches-trated its own brand of Layer 4-7 services to facilitating Layer 4-7 orchestration and lifecycle management for third-party ser-vices like Citrixs NetScaler.

Some Layer 4-7 appliance vendors have tried to stake their own claim in this mar-ket. Last May, load-balancing vendor Kemp

Networking plays biggest role in SDN investmentsWhich teams in your IT department influence SDN purchasing decisions?


Network operations

Server operations

Virtualization managers

Application developers

80

60

40

20

%0

Source: Software-defined networking buyers survey, TechTarget, March 2015, N=371

43%40%

23%

81%


802.11ac

DATA MINE

PULSE CHECK

NETWORK MANAGEMENT

THE SUBNET

LAYER 4-7

Technologies enabled administrators to insert Layer 4-7 services from any vendor through a single platform on a bare-metal server. Meanwhile, startups like Avi Net-works, which came out of stealth mode last December, announced a controller that provisions, orchestrates and manages Layer 4-7 services.

In the world of open source, Open-Stacks networking project Neutron has been working on APIs for load-balanc-ing-as-a-service and firewall-as-a-service extensions.

Experts say enterprises will most likely align their orchestration plans with their main network virtualization vendor and their affiliated ecosystems, making it a Cisco-versus-VMware game. But industry

watchers are skeptical of how successful the partnership model will be.

Thats a lot of wrangling that needs to go on thereits politics and money, Kind-ness says. Im not a big fan of partnerships because what happens after a while is that everybody tries to cater to everybody. It be-comes a very complex, one-inch deep and mile-wide solution that doesnt work very well.

EMAs McGillicuddy also sees room for improvement. The current integrations focus on turning Layer 4-7 services on and off, but they glaze over everything in be-tween, he says.

That is just a service insertion pointthat is not a lifecycle management solu-tion, McGillicuddy says. n


Pulse Checkk Whats driving your VoIP investment?We asked IT pros purchasing voice over IP infrastructure to weigh in.


k IT infrastructure downtime, by the numbers

k Out with the old, in with the cloud

Source: The Cost of Server, Application, and Network Downtime, Infonetics Research, January 2015, N=205

Source: Unified communications and collaboration buyers survey, TechTarget, March 2015, N=182

802.11ac

DATA MINE

LAYER 4-7

PULSE CHECK

NETWORK MANAGEMENT

THE SUBNET

67%

47%

40%

32%

28%

20%

Reduce telecom expenses

Improve operational efficiency

Part of SIP trunking project

Development of IP-phone-based applications

Call center improvements

Click-to-call applications

4 Average number of

degradations suffered a month

6 Average number of hours an outage or degradation lasts

2 Average number of outages suffered

a monthSource: Predicts 2015: Enterprise Networking and Network Services, Gartner, December 2014

By the end of 2018, more than

40%of Cisco CCIE data center

network certifications issued in 2014 will be replaced by cloud

infrastructure architect certifications.


802.11ac

DATA MINE

LAYER 4-7

PULSE CHECK

THE SUBNET

NETWORK MANAGEMENT

Vendors claim that their network management and monitoring tools can do it all, but with virtualization and clouds obscuring visibility, is that still true?

The modern network has become the backbone for all IT infrastructure. Along the way, it evolved into a multi-headed beastone that must be tamed to ensure the network is capable of supporting nearly any form of data, including application, cloud, compute, storage, video and voice traffic.

But some networking professionals say the fabled weapon of choiceone network

Network Management

Single Pane of Glass or Single Glass of Pain?

BY SEAN M. KERNER


802.11ac

DATA MINE

LAYER 4-7

PULSE CHECK

THE SUBNET

management tool to rule them allis still more myth than reality. And in some sense, thats OK.

Thats because the need to understand multiple realms of technology means that the idea of a single tool for all network management functions is not something that entirely works for many organizations.

Some vendors talk about the holy grail of network management being a single pane of glass for visibility and control, but its not an idea that IT pros like Ant Lefebvre buy into.

Every tool has its purpose, but no tool can do everything, says Lefebvre, senior systems engineer at Middlesex Hospital in Middletown, Conn. The single pane of glass is really a single glass of pain.

Christian Renaud, a senior analyst at the 451 Group, agrees with the notion that

there is no single tool that fits all needs for network management, and enter-prises continue to grapple with the conse-quences of that. Networking professionals rated network visibility as their number one problem and the top issue that keeps them awake at night in a recent 451 Group survey.

Networks are considered a mission- critical resource in nearly every indus-try. In the case of Middlesex Hospital, the network is truly vital and plays a key role in how physicians and medical practitio-ners save lives. Having sufficient visibility and control over all the moving parts is essential.

Middlesexs facilities include one major hospital, two emergency departments and approximately 30 off-site locations. There is a data center in the hospital, and there is

NETWORK MANAGEMENT


802.11ac

DATA MINE

LAYER 4-7

PULSE CHECK

THE SUBNET

also an off-site facility for disaster recovery purposes where some applications are also hosted. Overall, Lefebvre estimates that he must manage 500 networking devices, which encompass switches, routers and other network infrastructure.

Middlesex Hospital also has deployed Wi-Fi extensively to enable voice over WLAN (VoWLAN), which doctors and nurses use to communicate. All told, Lefeb-vre has approximately 3,000 users that he has to keep happy.

The thing that makes it tricky is the amount of downtime were allowed to have in a hospital environmentwhich is none, Lefebvre says. In a hospital envi-ronment, there is critical stuff that is on the network [and] that is relying on the network, and any downtime is perceived as terrible.

New Challenges in Network ManagementSome vendor sales representatives might pitch the idea that there is, in fact, one net-work management tool to solve all chal-lenges. But thats not quite how network management works in the real world.

Rick Drescher is often asked about what tool should be used to manage the network. In his role as managing director of the criti-cal facilities group at Savills Studley, a com-mercial real estate advisory firm in New York City, he helps many enterprises fig-ure out their data center needs. Network management is a concern for many clients, and the biggest challenge is that the net-work isnt a single entity anymore in an IT environment.

A lot of people use the term network management software as the umbrella for

NETWORK MANAGEMENT


802.11ac

DATA MINE

LAYER 4-7

PULSE CHECK

THE SUBNET

seeing and viewing every-thing in an organizations IT deployment, Drescher explains. The traditional network management plat-form is not going to give you that visibility.

A number of trendsin-cluding virtualization and the convergence of storage, networking and computehas shifted enterprises network management re-quirements. But while most network managers have a good handle on the basics like Ciscos NetFlow pro-tocol, Drescher notes, they often struggle to fully un-derstand how other factors

like virtual machines and storage volume will affect network management.

With the added complexity of software-defined networking (SDN) and cloud com-puting, the challenge of network visibility is further compounded. Simply having vis-ibility into routers and switches doesnt provide a full picture of what is going on in a network.

There is no vendor that can say that they support every single virtualization startup or SDN overlay vendor and can see into all those pieces, says 451 Groups Renaud. Network performance is the aggregate of many pieces and not just any one subset.

Software alone isnt enough to manage a network faced with these demands, Dre-scher says. Outsourcing network moni-toring to a cloud provider works best for

NETWORK MANAGEMENT

Management intelligence: Finding order in chaos What are your top challenges when using network log data as a source of management intelligence?

Respondents could select multiple answers. Source: Log Analytics for Network Operations Management, Enterprise Management Associates, December 2014, N=192

Knowing what to look for

Cost of tools

Correlating log data to performance metrics

Writing new filters to find what is important

Keeping up with storage needs

51%

38%

37%

36%

36%


802.11ac

DATA MINE

LAYER 4-7

PULSE CHECK

NETWORK MANAGEMENT

THE SUBNET

businesses with smaller networks that dont have much data to export, he says. Enterprises with a large number of ports and devices need to have a device physically attached to the network to be able to grab all of the data.

It was a lesson Drescher learned after a project intended to outsource network monitoring to the cloud failed because he didnt have full visibility into the en-vironment. There were recurring, giant greyed-out areas in the bandwidth reports,

indicating data from the network wasnt making it to the data collector at the cloud providers location.

We did not have an on-premises piece of hard-ware on site to collect the data, Drescher says.

Choosing the Right Set of ToolsIf there isnt a single platform, then what tools are in play for this era of network management? The quick answer: There is no shortage of options.At Middlesex Hos-pital, Lefebvre uses a lot of different moni-toring tools that trigger alerts if a service is interrupted and theres an issue that needs to be addressed.

We have a menagerie of tools. Some of them we spin up and leave alone, then oth-ers we actively manage, he says.

Although Lefebvre doesnt have one cen-tralized dashboard for all of his network management tasks, he does use Splunk to provide a centralized view for trouble-shooting network management issues. Splunk functions as a central correlation engine for his log data, which can then be searched.

NETWORK MANAGEMENT

We have a menagerie of tools. Some of them we spin

up and leave alone, then oth ers we actively manage.

Ant Lefebvre, Middlesex Hospital


802.11ac

DATA MINE

LAYER 4-7

PULSE CHECK

NETWORK MANAGEMENT

THE SUBNET

So if something happens that isnt part of normal day-to-day operations, we can search in Splunk to see where the issue is, Lefebvre says. Its a Swiss Army knife tool for me to [use to] investigate when some-one says, Hey, go look at this.

Lefebvre also uses ExtraHops wire-data analytics hardware for getting the nec-essary information from the network. It comes in handy, he says, because when IT disruptions or outages pop up, the first thing application vendors do during the

NETWORK MANAGEMENT

Whats inside your tool box? How many tools do you use for network monitoring and troubleshooting? 1 to 3 tools 4 to 5 tools 6 to 10 tools 11 to 15 tools 16 to 20 tools more than 20 tools

40

30

20

10

%0

Source: Managing Networks in the Age of Cloud, SDN and Big Data: Network Management Megatrends 2014, Enterprise Management Associates, April 2014, N=246

10%8%

2%

34%30%

16%

n Small businesses (250-999 employees) n Medium-sized businesses (1,000-4,999 employees) n Large enterprises (5,000+)

9%11%

15%16%

21%

28%

14%

4% 6%

18%

30%28%


802.11ac

DATA MINE

LAYER 4-7

PULSE CHECK

NETWORK MANAGEMENT

THE SUBNET

troubleshooting process is point a finger at the network. With the ExtraHop tool, Lefe-bvre says he is able to obtain visibility into the network to understand the issue, refute those vendors and help keep the network running smoothly.

Additionally, he uses WhatsUp Gold as a ping monitoring tool that lets Middle-sex Hospital know when devices go down, along with a platform from PathSolutions to monitor bandwidth use.

And despite so many new challenges in network management, some old-school methods are still best. The most fundamen-tal part of network management has always been knowing exactly what networking equipment is in place. And for as long as there have been networks, one of the most common ways to track network devices has been the use of a spreadsheet. Thats still

true today.In his work with enterprises, Drescher

says he still sees many hands-on network-ing professionals track network assets in a spreadsheet.

Lefebvre acknowledges that even amid all his collection of specialized network management tools, he too uses a spread-sheetin his case, Google Docs in the cloudbut he also has a few other tools to help keep track of the locations of his physical networking gear. He has all of his switches listed in SecureCRT, an SSH client.

At the Core: Solving Business ProblemsGiven that the single-pane-of-glass tool ap-proach isnt likely the best approach, what should network managers actually do?

NETWORK MANAGEMENT


802.11ac

DATA MINE

LAYER 4-7

PULSE CHECK

NETWORK MANAGEMENT

THE SUBNET

Drescher suggests that networking profes-sionals first need to take a step back to un-derstand what it is they are actually trying to manage.

The reason why network management fails is that people dont have a good grasp of their entire environment before they go out to deploy, he says.

According to 451 Groups Renaud, it is important that both enterprises and the vendors that support them understand that modern network management is about more than just protocols, speeds and feeds. Rather, it needs to be treated for what it isa discipline built on solving business problems.

From a features perspective, Renaud em-phasizes that network management tools must have visibility into virtualized envi-ronments and the cloud.

If the network operations person is measured by network uptime, its critical to make sure the visibility and management tools can see the virtualized and cloud traf-ficor else youre being given all the re-sponsibility and none of the authority, Renaud says.

For Lefebvre at Middlesex Hospital, keeping the network always up is about us-ing whatever tools make sense for the spe-cific problem hes trying to solve.

Even more important, the network is designed in such a way that even without a single pane of glass for network manage-ment, service disruptions are minimized when there is a problem.

We have tried to develop a redundant network, Lefebvre says, so if there is a failure, something else picks it up and the network doesnt go down. n

NETWORK MANAGEMENT


THE SUBNET | Q&A | JESSICA SCARPATI

Getting Hands On with VMware NSX

Eager to build networks that were more agile and programmable, cloud providers were among the first to adopt software-defined networking (SDN) and network virtualization. In this edition of The Subnet, we dive into the experiences of one of them. Jason Rieger, principal net-work and security architect at Texas-based cloud provider FireHost Inc., has been test-ing VMwares NSX platform with the hope of putting it into production environments later this year.

What are you working on lately?Whats been on my plate for upwards of the

past year or so pretty hardcore has been software-defined networking and network virtualization. I spent the greater part of the last two years researching every vendor under the sun. Theyre a new take on an old paradigm. They offer a lot of the benefits that networking professionals have, for many years, been asking for. And, hey, now is the time.

Specifically, in regards to network vir-tualization, it is a re-architecture of our secure cloud hosting environment. Fire-Host is a secure cloud hosting provider, so we offer a purpose-built and highly secure infrastructure as a service offering to our

n Jason Riegern Principal Network

and Security Architect

n FireHost Inc.n Richardson, Texas

802.11ac

DATA MINE

LAYER 4-7

PULSE CHECK

NETWORK MANAGEMENT

THE SUBNET


802.11ac

DATA MINE

LAYER 4-7

PULSE CHECK

NETWORK MANAGEMENT

THE SUBNET

customers, and that requires a very scal-able, secure and high-performing environ-ment for those tenant workloads to run on. Ive been working over the past year with another of our architectsfrom the com-pute and storage side, and me from the net-working and security sideand weve been engineering and developing this new gen-eration for cloud architecture where net-work virtualization is a key player.

Why did you go with NSX? VMwares heritage is not networking, so what made you confident it was the right fit?I get asked that all the time: Why NSX over ACI? Why over Nuage Networks or Junipers Contrail acquisition? Well, [the vetting process] was difficult. It was far-reaching. It required a lot of due diligence and getting to know the producttrials,

tribulations and what have you. So it re-quired a lot of research with the vendor itself, getting to [talk to people at] product manager levels and having a clear under-standing of where their short-term road-map as well as their long-term roadmap was concerned.

We chose NSX for a few major reasons. We are a VMware vSphere hypervisor shop. We are not a multi-hypervisor shop cur-rently. Whether thatll change in the future, whos to say? But we are a vSphere envi-ronment today, so we knew that we would get a lot of economies of scale, as well as better integration because we use their hy-pervisor. Thats not to say other vendors dont support VMware vSphere; they do. But what we [liked about VMware] was the concept of in-kernel firewalling and secu-rity services. And thats one of the things,


802.11ac

DATA MINE

LAYER 4-7

PULSE CHECK

NETWORK MANAGEMENT

THE SUBNET

since were in that business, that attracted usme in particularto the VMware NSX platform.

It is a network security platform on which we can build and where third parties can write code and interact with the APIs that VMware provides on that platform to enhance [its] security servicesand thats what were looking to do. We provide a very highly secure cloud environment today, but this will allow us to enhance those security offerings even further, as well as deliver them more quickly than ever.

The last thing I would cite as a reason for committing to NSX over some other technologies is that its the most robust solution available today. A lot of the other vendors are just starting or are certainly behind in the game, and were ready to go now.

What can you achieve with network virtualization that you cant with legacy network architectures?There are several pain points associated with our existing architecture when it comes to the networking side of things, such as the way we configure tenant isola-tion. Network virtualization will allow us to do that in a different way that is more scal-able as the company grows.

It will use the current capabilities of the underlying physical network hardware coupled with capabilities that are available in software from a firewalling standpoint. Its a hybrid approach, utilizing VLANs that are configured in the underlying physical network. In conjunction with that, we le-verage software-based firewalling in the hy-pervisor to achieve isolation at a software level, so we have you covered both ways. If


802.11ac

DATA MINE

LAYER 4-7

PULSE CHECK

NETWORK MANAGEMENT

THE SUBNET

theres a failure in the software, youve got the underlying VLAN configuration in the hardware delivering the isolation.

Operationally speaking, its also easier to manage when its all in software, hence this attraction to software-defined net-working and network virtualization. Thats because one of the key things SDN does is decouple the hardware from software and takes things like firewall policies out from

your underlying routers and switches. It puts that into software applications and usually a central-ized controller to deliver those policies to the places where the customers data actually travels. Youre running a network envi-ronment thats built and

operated and exists inside of software, and the underlying hardware environmentthe routers and switchesthey dont really know whats going on in the software en-vironment. Theyre just there to forward packets. So it creates a very, very good sepa-ration of church and state, and it allows for faster development cycles.

How did you develop the job skills needed to implement this?My first exposure to virtualizationand it was server virtualization, obviouslywas back in the early 2000s, around 2001 or 2002. VMware wasnt a big name back then, and they had among the first hyper-visors out there. It was VMware ESX and GSX back then, and then there was Citrixs XenServer. I started to dabble in server consolidation, which was a big thing in that

One of the key things SDN does is decouple the hard-

ware from software and takes things like firewall

policies out from your underlying routers and switches.

Jason Rieger, FireHost Inc.


802.11ac

DATA MINE

LAYER 4-7

PULSE CHECK

NETWORK MANAGEMENT

THE SUBNET

timeframe, in which enterprises were look-ing to get more out of less hardware. They were consolidating physical hardware sys-tems, doing physical to virtual migrations. They were taking, say, 10 physical servers and turning them into 10 VMs on one phys-ical server. So server consolidation was a big part of what brought me into server vir-tualization back then.

Then after server virtualization came the foundation of what would eventually become network functions virtualization on the timeline. It comes before network virtualization, which is where we are now. In the mid-2000s, you started to see more virtual network appliances and functions. All this means is you take a physical switch or a physical router, and you port the code into a virtual machine so that its no longer a physical device; its a virtual appliance

that does the same thing it was doing when it was a piece of hardwarethings like rout-ers, switches and firewalls. So I started do-ing that and I said, Hey, I dont need all these physical switches or, This router here is a good candidate for virtualization, so I converted it into a virtualized router.

How did you get into IT and, specifically, networking?I didnt study anything technology based in college. I actually have a bachelors degree in marketing. I went to work for a mortgage servicing firm, but I didnt last there very long at all.

A buddy of mine worked for Perot Sys-tems and said, Hey, come on board, so I did. And I did the lowliest of the low when anybody enters the technology realm for the first time: I loaded backup tapes on a


802.11ac

DATA MINE

LAYER 4-7

PULSE CHECK

NETWORK MANAGEMENT

THE SUBNET

graveyard shift. That didnt last too longI could only physically do that for about six months. So then I moved into a helpdesk role for the National Car Rental and Alamo Car Rental contracts for Perot Systems. From there, I increased my skill set in ev-erythingin Microsoft and Cisco technolo-giesbut still didnt know where I wanted to be. Thats when I first entered the em-ployee development program at Perot Sys-tems, and thats where I got introduced to networking.

I just found it fascinatinghow these electrical signals get from PC to PC, how it actually makes sense after its sent, and how something could interpret an elec-trical signal on a piece of copper after it arrives.

One more before we finish: If you lived in the Game of Thrones universe, which family would you belong to?You know, my wife watches this intently and I do catch it, so I know the families. I think it would be the Lannisters.

Thats a bold choice. Care to explain?Correct me if I am wrong in my interpreta-tion of this family: ruthless?

Well, yesIm ruthless in my passion for what I do. Nobody really gets in my way when I want to either learn something or if I believe something should be implemented, de-ployed or you name it, so Im a Lannister in that sense of the word. n


CONTRIBUTORS

ANTONE GONSALVES is news director for TechTargets Networking Media Group. He has deep and wide expe-rience in tech journalism. Since the mid-1990s, he has worked for UBMs InformationWeek, TechWeb and Computer Reseller News. He has also written for PC Week, CSO.com and CruxialCIO, in addition to covering start-ups for Bloomberg News. He started his journalism career at United Press International, working as a reporter and editor in California, Florida, Kansas and Texas.

SEAN M. KERNER is an IT consultant, technology enthu-siast and tinkerer, and has been known to spend his spare time immersed in the study of the Klingon lan-guage and satellite pictures of Area 51. He has pulled Token Ring, configured NetWare and has compiled his own Linux kernel. He consults to industry and media organizations on technology issues.

JESSICA SCARPATI is features and e-zine editor of Network Evolution in TechTargets Networking Media Group. Scarpati was previously the site editor for SearchCloudProvider and the senior news writer for the Networking Media Group. Prior to joining TechTarget, she worked as a reporter for several newspapers in the Boston Metro area.

COVER ART: AKINDO/ISTOCK

Network Evolution is a SearchNetworking.com e-publication.

Kate Gerwig, Editorial Director

Jessica Scarpati, Features and E-zine Editor

Kara Gattine, Executive Managing Editor

Chuck Moozakis, Executive Editor

Antone Gonsalves, News Director

Brenda L. Horrigan, Associate Managing Editor

Gina Narcisi, Senior News Writer

Linda Koury, Director of Online Design

Neva Maniscalco, Graphic Designer

FOR SALES INQUIRIES, PLEASE CONTACT:

Doug Olender, Senior Vice President/Group Publisher [email protected]

TechTarget, 275 Grove Street, Newton, MA 024662015 TechTarget Inc. No part of this publication may be transmitted or reproduced in any form or by any means without written permission from the publisher. TechTar-get reprints are available through The YGS Group.

About TechTarget: TechTarget publishes media for information technology profes-sionals. More than 100 focused websites enable quick access to a deep store of news, advice and analysis about the technologies, products and processes crucial to your job. Our live and virtual events give you direct access to independent expert commentary and advice. At IT Knowledge Exchange, our social community, you can get advice and share solutions with peers and experts.

@WEBSITE

Visit us EMAIL

Contact us

STAY CONNECTEDFollow

@NetworkingTT today.

Network Evolution MAY Final

Documents

Transcript of Network Evolution MAY Final