Category Archives: Networking

Fighting Modern Threats with Next Gen Firewalls

Listen to GreenPages’ network expert, Bobby Mazzotti, discuss how next gen firewalls go beyond basic threat management to deliver advanced intrusion protection capabilities and provide companies with superior visibility and control of their network. By inspecting traffic packets coming in from the host, next gen firewalls provide the extra layer of security necessary to protect businesses from modern threats such as ransomware and backdoor trojans. Check out the video below to learn more:

As a vendor agnostic solutions provider, GreenPages is in a perfect position to help you evaluate and deploy the best tech depending on your unique business goals. Please reach out to us or your account manager to get started.

By Jake Cryan, Digital Marketing Specialist

VMware NSX vs. Cisco ACI: Where Are We Now?

Just over a year and a half ago, GreenPages posted a video  and of Nick Phelps (below) and held a webinar discussing how it’s not VMware NSX vs. Cisco ACI, but the synergistic benefits of running both VMware NSX and Cisco ACI simultaneously which was, at the time, a bit “science-fiction-y.” Fast forward to present day and the tech world has had plenty of time to test how these two products work together. Check out Nick’s update on why using both technologies together can create “a beautiful orchestra of automation!”  

As a vendor agnostic solutions provider, GreenPages is in a perfect position to help you evaluate and deploy the best tech depending on your unique business goals. Please reach out to us or your account manager to get started.

By Jake Cryan, Digital Marketing Specialist

 

Eight Crucial Strategies for Strengthening Network Security

strengthening network security Strengthening Network Security

Strengthening network security is vital to your organization. Check out the tips below to ensure you are well protected.

Leave no host forgotten, know your hosts (all of them)

Any and every device capable of wired or wireless access with an IP address should be known in your environment. This goes beyond desktops, laptops, servers, printers, IP phones, and mobile devices. The “Internet of Things” presents a larger potential footprint of hosts including environmental monitoring and control devices, security cameras, and even things like vending machines. IoT devices all run operating systems that have the potential to be compromised by hackers and used as a platform for performing reconnaissance of your network for more valuable assets. Ensure inventory lists are valid by performing routing network scans to identify unknown devices.

Understand your users’ behavior

Knowing the culture and habits of users, like when and where they work, is important for establishing baseline behavior patterns. Also, the types of work they do online such as researching, downloading software, and uploading files will vary greatly by industry. For example, users at a law firm are not going to have the same internet usage behavior as users at a software development company. Even within an organization, there will be differences between administrative and technical engineering user behavior. Knowing the behavior of your users will make it easier to identify what is normal versus abnormal network traffic.

Understand what talks to what and why

The network traffic patterns in your organization should represent the usage of critical business applications that users need to do their job. Understanding these traffic flows is critical to building effective security policies for ACLs, stateful firewall policies, and deep packet inspection rules on network security devices. This applies to traffic within your internal private networks, what is allowed in from the outside, and especially the type of traffic allowed to leave your organization.

Control what is running on your hosts

The more applications and services running on a host, the more potential for exposure to software vulnerabilities.  Software updates are important for bug fixes and new features but security related fixes to applications are critical. Limit the types of applications users may install to reputable software vendors that take security updates seriously. Staying current with operating system security updates is even more important. Situations when legacy applications require older EOL operating systems to run on your network should be monitored very closely and if possible should be segmented to dedicated VLANs.

Know your data & control your data

Understand the data that is critical to your business and classify that data into different levels of sensitivity. You must ensure that encryption is used when transmitting highly sensitive data across the network as well as limit access to sensitive data to only those who require it. It is important to implement effective logging on all devices that store and transmit sensitive data and perform routine checks of your backup solutions to ensure the integrity of critical data backups.

Monitor and control your perimeter (egress too!!)

The network perimeter of your organization includes Internet and WAN connections but also wireless access points. All three of these perimeter pathways need to be protected with the highest levels of access restrictions.  Next-generation security appliances should be deployed on all perimeter segments to provide deep packet inspection, content filtering, and malicious URL inspection. Centralized logging of network and security devices using a security information event management (SIEM) solution is vital for analysis and correlation of logging data.

Train your users: they are your weakest link and your best defense

Deliver routine end-user security awareness training to keep users up to date on ways to recognize suspicious email content and websites. Perform routine experimental phishing campaigns to determine how well users are able to identify suspicious emails. Review policies with users on how to manage sensitive data. Make sure users are aware of non-technical methods used by hackers such as social engineering tactics to extract information about your organization.

Implement strong authentication controls

Use multifactor authentication for wireless and VPN remote access whenever possible. Restrict the usage of local user accounts and require complex passwords that must be changed regularly. Implement 802.1x security on wireless LANs as well as wired network connections that are accessible to common areas in your facility.

Utilizing the tips above can go a long way in strengthening network security, reach out to your account manager or contact us to find out more about strategies to strengthen your network.

By Kevin Dresser, Solutions Architect

Network Troubleshooting your Parallels Desktop VM

Today we can’t imagine our life without information technology. Access to all this data wouldn’t be possible the actual network connection. Almost all the modern devices nowadays have a way to connect to the the network. Your Mac and Parallels Desktop virtual machine are no exception! There are several network modes in Parallels Desktop which we covered is one […]

The post Network Troubleshooting your Parallels Desktop VM appeared first on Parallels Blog.

VMware NSX and Cisco ACI: NSX Now Supported on ACI (We Were Right!)

In May of 2015, we did a video around VMware NSX vs. Cisco ACI. As part of that video, we made the prediction that VMware NSX and Cisco ACI would not be an either/or discussion in the future (I also did a webinar on the topic that you can download here). At the time, the common question we were getting from clients was if they should be using NSX or ACI. My opinion was that Cisco ACI quite well complimented the feature sets of VMware NSX and that one could really support the other.

Now let’s fast forward to last month (February 2016) to Cisco Live Berlin where an announcement was made that supported just that idea. In  sessions at the conference, they talked about a number of overlay networks in Cisco ACI and specifically mentioned VMware NSX. So what are these use cases? I’m planning on doing a series of videos to explore the topic further. The next video will discuss heavily utilizing Cisco ACI with an overlay of VMware NSX. After that, we’ll look at the opposite – more heavily leveraging the feature sets of NSX on top of the fabric automation feature sets that exist in ACI.

VMware NSX and Cisco ACI: NSX Now Supported on ACI

Watch on GreenPages’ YouTube channel

 

Download Nick’s on-demand webinar, VMware NSX vs. Cisco ACI: When to Use Each, When to Use Both

 

By Nick Phelps, Moonrock Consulting, a GreenPages Alliance Partner

Cisco strengthens China operations with Inspur joint venture

Cisco corporateCisco Systems is to form a joint venture with Chinese server maker Inspur, selling networking and cloud computing products in China. Cisco and Inspur will jointly invest $100 million in the project.

The partnership comes in the face of mutual suspicion between the US and Chinese government amid claims and counter claims of state sponsored cyber security threats.

In June Cisco was forced to remove several of its senior executives in China, amid reports of falling sales slide and Chinese government fears about the foreign ownership of networking equipment.

Cisco’s China sales fell 20 per cent on the previous year in the quarter ending on April 25 at a time when its global revenue gained 5.1 per cent. As its share of the Chinese router market fell from 21.2 per cent to 9.4 per cent the lost sales went to local rival Huawei Technologies, according to Bernstein Research.

Direct selling became more challenging, The Wall Street Journal has reported, after US National Security Agency whistleblower Edward Snowden said the NSA put surveillance tools in US technology products sold overseas.

US-Chinese technology company partnerships are growing in number and Microsoft announced on Thursday an alliance with Baidu and the Chinese state-owned private investment firm Tsinghua Unigroup on cloud technology. Last week Dell unveiled plans to invest $125 billion over five years in China. Earlier this year, IBM pledged to help develop China’s advanced chip industry with a ‘Made with China’ strategy, while chipmakers Intel and Qualcomm are developing chips with smaller Chinese companies.

Chinese President Xi Jinping’s arrived in Seattle this morning on a state visit to the US.

Chinese officials have said the partnerships will follow the pattern of car manufacturing agreements in the past, with foreign technology firms granted market access in return for shared technology and co-operation with Chinese industry.

The Second Wave of Wireless: MU-MIMO, More Data & Bigger Pipes

There have been some big changes around Wave 2 Wireless Technologies. Most of these were discussed out at Cisco Live, which I was lucky enough to attend. A new technology called MU-MIMO has been introduced. It means multiple user, multiple input, multiple output. MU-MIMO allows us to dynamically allocate space allowing multiple users to do multiple transitions and getting more data and more sessions moving at the same time. We’re also soon going to have 2.3 gigabit/second threshold. We will be moving tons more data through the wireless space! This is going to require bigger pipes to backhaul all of this information. Check out my short video below where I discuss these topics in more detail!

 

 

Are you interested in learning more about the next wave of wireless technologies? Email us at socialmedia@greenpages.com

 

 

By Dan Allen, Architect

Part 2: Cisco Live 2015 Recap – AWS Direct Connect, VIRL Facelift & More!

It was another great Cisco Live event this year! My colleague Dan Allen wrote a post summarizing the key takeaways he got out of the event. I wanted to add in some of my own to supplement his. As you probably know, it was John Chambers last Cisco Live event as CEO – which makes it especially cool that I got this picture taken with him!

cisco live

Expanded DevNet Zone

Last year Cisco introduced the DevNet zone which was focused on giving people hands on access to Cisco’s most ground breaking technology that could be construed as science fiction unless they opened their toy box and let people see and touch what they’ve been hiding in it. This year we got to play with Internet of Things development environments, API driven SDN solutions, virtual network simulation toolkits and drone technologies hosted by the co-founder of iRobot. Last year, it was 4 little booths in between two restrooms with giveaways to get people to come in. This year, it consumed a whole section of the convention center with over 20 booths, 6 interactive labs and different exhibits and guest speakers delivering presentations on the future of technology.

Programmability and automation were a part of every session no matter what the topic was

It didn’t matter if you were attending entry-level or advanced breakout sessions, IT management track courses or developer workshops; everything you attended at Cisco Live this year had something to do with automation, programmability, cloud connectivity or application awareness. This was very different from any of the 8 Cisco Live events I’ve attended throughout my career. If you’re a technologist and have any doubt in your mind that this is where the industry is headed, you’d better start learning new skills because, like it or not, our customers and the customers of our customers are, or will soon be, believers and consumers of these technologies and consumption models.

Cisco and Amazon TEAM up to BEEF up AWS Direct Connect

AWS Direct Connect is a part of Amazon’s APN Partner program that consists of ISP’s that provide WAN circuits directly connected to AWS datacenters. That means if you’re a Level3 or AT&T MPLS customer and you have 10 offices and 2 datacenters on that MPLS network, Amazon AWS can now become another site on that private WAN. That’s HUGE! Just look at a small portion of their ISP partner list:

  • AT&T
  • Cinenet
  • Datapipe
  • Equinix, Inc.
  • FiberLight
  • Fiber Internet Center
  • First Communications
  • Global Capacity
  • Global Switch
  • Global Telecom & Technology, Inc. (GTT)
  • Interxion
  • InterCloud
  • Level 3 Communications, Inc.
  • Lightower
  • Masergy
  • Maxis
  • Megaport
  • MTN Business
  • NTT Communications Corporation
  • Sinnet
  • Sohonet
  • Switch SUPERNAP
  • Tata Communications
  • tw telecom
  • Verizon
  • Vocus
  • XO Communications

 

Combine that with a CSR1000v and an ASAv and you have a public cloud that can be managed and utilized exactly like a physical colo that is completely transparent to both your network teams and users.

ASAv in AWS

This little announcement slipped under the radar when it was made a week before Cisco Live but was definitely front and center in the Cisco Solutions Theater in the world of solutions. The ASA1000v has been Cisco’s only answer to a full featured virtual security appliance for the past two years or so. The only problem is that it required the Nexus1000v with which the industry as a whole has been reluctant to embrace (particularly in the public cloud space). Well good news, the ASAv doesn’t require the Nexus 1000v and, therefore, has opened the doors for the likes of Amazon AWS and Microsoft Azure to let us make use of an all Cisco Internet and WAN edge within an AWS Virtual Private Cloud (VPC). This means you can manage the edge of your AWS VPC the same way you manage the edge of your datacenters and offices. The ASAv supports everything an ASA supports which will soon include the full FirePower feature set. Have you ever tried building a VPN tunnel to an ASA at a customer’s datacenter from the AWS VPC Customer Gateway? I have – not the best experience. Well, not any more – it’s pretty cool!

ACI was big this year, but not as big as last year

I was expecting more of the same from last year on this one. Just about everywhere you looked last year, you saw something about ACI. This year was a more targeted effort both with the breakout session and in the Cisco Solutions Theater. I’m not saying it didn’t get a lot of attention, just not as much as last year and certainly not more. This shouldn’t come as too big of a surprise for anyone used to Cisco’s marketing and positioning tactics, however. Last year was geared toward awareness of the new technology and this year was more geared toward the application of the technology across very specific use cases and advances in it’s capabilities. The honeymoon is clearly over and everyone was focused on how to live every-day life with ACI being a part of it.

APIC can interact with ASA and other non-Cisco devices

The ACI APIC is slowly getting more and more abilities related to northbound programmatic interaction with other Cisco and non-Cisco appliances. For example, it can now instantiate policies and other configuration elements of ASA, Fortigate, F5 and Radware appliances as part of its policy driven infrastructures.

iWAN almost officially tested and supported on CSR1000v

As of next month, the iWAN suite of technologies will be officially tested and supported on the CSR1000v platform which means all of that functionality will now be available in public cloud environments. More to come on iWAN in another post.

CSR1000v

The CSR1000v (Cloud Services Router) is Cisco’s answer to a virtual router. Until now, it’s been sort of an “Oh ya? We can do that too” sort of project. Now it’s a full-fledged product with a dedicated product team. It’s supported across just about every public cloud provider and in every Cisco Powered Cloud partner (Cirrity, Peak 10, etc.).

Additionally, I managed to get the product team to pull back the covers on the roadmap a bit and reveal what Dynamic Multipoint VPN (DMVPN) will be supported on the CSR1000v soon along with a number of other ISR/ASR features which will make a truly seamless WAN that includes your public cloud resources.

Non-Cisco Cloud News – Azure Virtual Network now supports custom gateways

A big challenge in real adoption of non-Microsoft application workloads in Azure has been the inability to use anything but Azure’s gateway services at the edge of your Azure Virtual Network. Well, Cisco let the cat out of the bag on this one as Cisco CSR’s and ASR’s will soon be supported as gateway devices in Azure VN. For me, this really brings Azure into focus when selecting a public cloud partner.

APIC-EM has more uses than ever

Cisco Application Policy Infrastructure Controller Enterprise Module (rolls right off the tongue right?), or APIC-EM, is Cisco’s answer to an SDN controller. It’s part of Cisco’s ONE software portfolio and has more uses than ever. Don’t confuse the APIC-EM with the ACI APIC, however. The ACI APIC is the controller and central point of interaction for Cisco’s ACI solution and runs on Cisco C-Series servers. The APIC-EM, however, is truly an open source SDN controller that is free and can run as a VM and interact with just about anything that has an API. That’s right.

VIRL got a facelift

Cisco’s Virtual Internet Routing Lab (VIRL) is getting some real attention. It’s an application that was unveiled to Cisco DevNet partners last year that lets you virtually build Cisco networks with VM’s running real IOS and NX-OS code to simulate a design and test it’s functionality. As a partner, this is huge as we can virtually replicate customer environments as a proof of concept or troubleshooting tool. It’s getting more development support within Cisco.

 

A lot of crucial information and updates came out of this event. If you would like to discuss any in more detail, feel free to reach out!

 

By Nick Phelps, Principal Architect

Nokia eyes the cloud infrastructure market with OpenStack, VMware-based servers

Nokia is offering up its own blade servers to the telco world

Nokia is offering up its own blade servers to the telco world

Nokia Networks revealed its AirFrame datacentre solutions this week, high-density blade servers running a combination of OpenStack and VMware software and designed to support Nokia’s virtualised network services for telcos.

“We are taking on the IT-telco convergence with a new solution to challenge the traditional IT approach of the datacentre,” said Marc Rouanne, executive vice president, Mobile Broadband at Nokia Networks.

“This newest solution brings telcos carrier-grade high availability, security-focused reliability as well as low latency, while leveraging the company’s deep networks expertise and strong business with operators to address an increasingly cloud-focused market valued in the tens of billions of euros.”

The servers, which come pre-integrated with Nokia’s own switches, are based on Intel’s x86 chips and run OpenStack as well as VMware, and can be managed using Nokia’s purpose-built cloud management solution. The platforms are ETSI NFV / OPNFV-certified, so they can run Nokia’s own VNFs as well as those developed by certified third parties.

The company’s orchestration software can also manage the split between both virtualised and network legacy functions in either centralised or distributed network architectures.

Phil Twist, vice president of Portfolio Marketing at Nokia Networks told BCN the company designed the servers specifically for the telco world, adding things like iNICs and accelerators to handle the security, encryption, virtual routing, digital signal processing (acceleration for radio) that otherwise would tie up processor capacity in a telco network.

But he also said the servers could be leveraged for standing up its own cloud services, or for the wider scale-out market.

“Our immediate ambition is clear: to offer a better alternative for the build-out of telco clouds optimized for that world.  But of course operators have other in-house IT requirements which could be hosted on this same cloud, and indeed they could then offer cloud services to their enterprise customers on this same cloud,” he explained.

“We could potentially build our own cloud to host SaaS propositions to our customers, or in theory potentially offer the servers for enterprise applications but that’s not our initial focus,” he added.

Though Twist didn’t confirm whether this was indeed Nokia’s first big move towards the broader IT infrastructure market outside networking, the announcement does mean the company will be brought into much closer competition with both familiar (Ericsson, Cisco) and less familiar (HP) incumbents offering their own OpenStack-integrated cloud kit.

Updating Your Network Infrastructure for Modern Devices

Today the world of IT infrastructures is changing. This is due to the way companies communicate and the way they send and receive data within their networks, and the development of cloud computing and virtualised servers has re-shaped the way we share information with one another.

Cloud computing is a scalable and reliable cloud based environment which utilises remote servers to host and store all of our information. Just some of the benefits of cloud computing include improved accessibility, reduced spending on maintaining localised servers, a streamlining of processes and much more flexibility for businesses and organisations. (To find out more about how cloud computing works and how it can benefit your business, visit PC Mag online.)

Networking and Secure Infrastructures

With the increased accessibility of using servers in the cloud, it’s never been more important for network security. A greater number of people and an increasing number of new devices, including mobile devices will request access to modern day business networks. From laptops and contemporary tablet devices, Blackberries and smart phones, to desktop computers and other digital devices, one single business will have a lot of different data handlers to consider.

With new devices, are increased levels of complexity when it comes to traffic patterns, and as expected there are more security threats when more devices request to access your network. With this in mind, today’s IT infrastructure needs to be updated in order to cope with the increasing amount of data flowing over the IT network. (For more information on networking, visit Logicalis, an international IT solutions provider.)

The Importance of Accessibility

What’s most important to understand is the importance of welcoming such changes to your IT network. Virtualisation can improve the way businesses send and receive information, both internally and externally, and can also help organisations of all sizes cut down on costs in the long-run. Cloud servers can also provided added security with data backup and the development of virtualised computing can reduce planned downtime by up to 90%.

With the growth and development of modern devices it’s now more important than ever to ensure that you have increased accessibility for all business devices. Finding the right IT solutions provider for your business can help you support next-generation technology whilst encouraging better communication between key people in your company. 

Read more on how virtualisation and cloud servers could be redefining the roles of IT within a business on the Logicalis blog