Dark Horse Networking – NG ESInet Critical Infrastructure

This Avaya CONNECTED Blog
is also available as an MP3 Audio File

NG 911 is here, but what about the critical infrastructure to support it?

While communications capabilities have drastically expanded over the past several years, collaboration and data sharing with our peers have now become a part of our daily lives. This has exposed each of us to potential security risks that must be managed, while not constricting our ability to communicate. While one may think it is the endpoint or UC client responsibility, in actuality it is the underlying network that is of concern and where innovation begins.

Ed Kohler, a Distinguished Engineer at Avaya, is a prolific writer of technical philosophic and scientific subjects and has a great passion to emphasize the philosophy and evolution of those topics. I kid Ed that he is one of those guys that needs to walk around with a translator so that people from THIS planet, like myself, can understand just what the hell he is talking about, and if you find the smartest person that you know, and you introduce them to Ed, they will come back to you and say, “Hey, that Ed guy is pretty smart!”

164-EdKoehlerI have had the pleasure of interviewing Ed several times on APN, most recently at INTEROP 2013 in Las Vegas, where Avaya provided the backbone architecture for the INTEROP network using our latest Shortest Path Bridging (SPB) technology. You can view and download the APN content from that event here .

This past week, Ed talked about ‘Dark Horse’ Networking – Private Networks for the control of Data in his blog at [EdKohler.WordPress.com] where he talks about next generation virtualization demands for critical infrastructure and public safety. If you have seen the movie Scanners, and you have no fear of your head exploding, go ahead and read Ed’s blog. If you do have a bit of trepidation, I’ll do you a favor, and summarize it here.

Next Generation Emergency Services IP Networks (ESI nets) are an integral part of making NG 911 functional at the municipal level. FirstNet, the First Responder Emergency Services Network, will connect to the ESInet and extend conductivity to first responders in route to the scene. At some point in the near future, the Public Switched Telephone Network (PSTN) will not only attach callers in need of help to the ESInet, but intelligent endpoints will be able to contribute data to the communications path that has been established. Information that can be provided from the origination point can be extremely valuable not only to the dispatcher or call taker, but to the responding entity and individual.

164 HoldupWGun.pngVideo from a bank’s cameras during a robbery in progress is a good example of real time relevant data that could easily be made available to agencies. While that information can certainly be of interest to the call taker or dispatcher (the presence of an armed individual wearing a ski mask for example) it is of equal value, if not more, to the SWAT team that has responded and is establishing a perimeter.

This poses an incredibly unique, and complex, network infrastructure conundrum, as well as a security concern. While we need to connect two very disparate endpoints in very separate and distinct network and security domains, we need to maintain a level of security and protection at both ends of the network.

This is where Shortest Path Bridging comes to the rescue. A simple explanation of the SPB protocol is a network that allows configuration of the endpoint elements, and the network autonomously reconfigures itself to allow that level of communication. With those endpoints now in a very specific community of interest where only very specific traffic is expected from very specific endpoints, the security algorithms and processes can be much more optimized and flag any event that does not match a very discreet monitoring profile. Anomalies to those patterns are easily flagged for remediation and investigation. Coupling this logic with a “window of opportunity” that only is open when another specific event has occurred (the panic button was activated) further locks down communications. This new “virtual security perimeter” is not only valid within an enterprise environment, but between secure enterprise environments you to the fact that applications are no longer limited by Layer 2 scalability.

The successful deployment of a NG 911 ESInet is going to require more than just a basic level of network knowledge. Complexities insecurity models and inter-conductivity between agencies and their resources will be paramount to making collaboration and unification of public safety possible. “Dark Horse Networking” is sure to be a skill set requirements in the future, and for those looking for a specialized area of certification for a future career, this may be a viable option.

Want more Technology, News and Information from Avaya? Be sure to check out the Avaya Podcast Network landing page at http://avaya.com/APN . There you will find additional Podcasts from Industry Events such as Avaya Evolutions and INTEROP, as well as other informative series by the APN Staff.

APN Blog Banner

Thanks for stopping by and reading the Avaya CONNECTED Blog on E9-1-1, I value your opinions, so please feel free to comment below or if you prefer, you can email me privately.

Public comments, suggestions, corrections and loose change is all graciously accepted 😉
Until next week. . . dial carefully.

Be sure to follow me on Twitter @Fletch911


CacheFly LogoAPN is Powered by Cachefly
CacheFly is the world’s fastest CDN, delivering rich-media content up to 10x faster than traditional delivery methods. With a proven track record and over a decade’s worth of CDN experience, companies around the world choose the CacheFly CDN for reliable and unbeatable performance. For more information, visit www.cachefly.com

Related Articles:

Avaya and IAUG: Coming Together for a Better User Group Experience

Marilyn ShuckMarilyn Shuck serves as a Director on the IAUG Board, president of the Puget Sound Avaya Users Group, and as a UC Engineer at the University of Washington.



The combination of the Avaya Technology Forum (ATF) and the International Avaya Users Group (IAUG) flagship event, Avaya ENGAGE, is generating a lot of buzz. As IAUG members, it’s exciting for us because we’ll be there as Avaya is announcing new products and have better access to Avaya. We’re also looking forward to bringing in more technical expertise, session choice, and potential new members to IAUG.

In the past, ATF was held in February or March, and Avaya ENGAGE was in June. By the time we assembled for Avaya ENGAGE, new product lines would have been out for several months. Now, we’ll get to hear the latest announcements. Since we’re partnering with Avaya, we’ll have much more access to them, getting our questions answered, getting trained, and seeing the new products in action.

We’re also able to offer so many more sessions, some with more technical expertise. ATF has historically been a technical conference, and our IAUG attendees will have a choice of breakout sessions that will add a new dimension to the education they’ll already be receiving.

It also makes sense to hold both of these events under one umbrella. There’s some overlap between ATF attendees and Avaya ENGAGE attendees, and in organizations where travel budgets are tight or where the same person is a technical support specialist and a user, you no longer have to choose which event to attend.

Additionally, we’re excited about the possibility of introducing new members to IAUG. Some ATF attendees may not have known about our existence, but now not only will they have the chance to learn more about us but they can network with us. We can continue to share learning opportunities and even bring a whole new quality of technical users to IAUG.

Make no mistake, the foundation of the event has not changed. This is still planned with the Avaya customer in mind. However, it signals our deepening relationship by aligning all customer events.

This is going to be one of those cases where what happens in Las Vegas won’t stay in Vegas. Avaya and IAUG are aligning, and it’s going to provide valuable education and opportunities for customers, IAUG members, partners, and Avaya. The benefits of attending will resonate throughout your organization, so plan to join us in February to learn, network, and return full of ways to make the most of your Avaya implementations. You can learn more at http://engage.iaug.org.


Advanced Techniques for Writing Avaya Breeze Snap-ins Using Engagement Designer—Part Four

Welcome to the fourth in my series of videos addressing some of the more advanced Avaya Breeze™ techniques. In Part One I showed you how to catch and process errors inside a Breeze Snap-in. In Part Two I addressed Breeze Connectors. In Part Three I added multimodal communications and parallel gateways. Here in Part four, I show you how to add JavaScript functions to Breeze expressions and data processing.

To start viewing my videos from the beginning watch the introductory series.

Continue with the advanced series:

Part 1: Error Processing and Boundary Events
Part 2: Breeze Connectors
Part 3: SMS Text, Email, and Parallel Gateways
Part 4: Adding JavaScript Functions to Snap-ins

Andrew Prokop is the Director of Vertical Industries at Arrow Systems Integration. Andrew is an active blogger and his widely-read blog, SIP Adventures, discusses every imaginable topic in the world of unified communications. Follow Andrew on Twitter at @ajprokop, and read his blog, SIP Adventures.

An Exploration of End-to-End Network Segmentation Part III: Automatic Elasticity

Imagine for a moment: you’re connected to a network via a piece of string. You perform your work, you wind down for the day and you disconnect from the network. When you leave the office, that piece of string stays behind, lying exactly where you last connected—exposed. Wouldn’t you know … the very next person to walk past your office after you leave is a hacker or a malicious employee (remember many attacks start from inside your network) who can now gain access to your open, vulnerable network via your left behind string (for techies, the static VLAN port configuration exposes that service). We all know what happens with the pull of just one thread … things unravel.

Now imagine this same scenario, but instead of your network core being connected by a string, it looks like a ball of rubber bands. When you connect to your network, a rubber band attaches to you, establishing your connection. Same as before, you disconnect when you finish your work day. The difference here is that your rubber band automatically recoils back to the network core (the rubber ball), where it safely rests until you or another user/device reconnects. If a hacker walks by where you’ve just been working, your node (or network connection) is no longer accessible. Similar to native stealth, this automatic elasticity means attackers can’t hack what they can’t connect to—therefore they can’t penetrate your network without the necessary level of authentication (certificates highly recommended).

This is the premise of automatic elasticity—the third core component of end-to-end segmentation (if you missed parts I and II of this series, be sure to catch up).

The Necessity of Elasticity

So, would you rather your network be a bundle of static, inflexible and unsecure strings that anyone can pull at? Or a dynamic, agile and secure elastic that extends to deliver services and retracts to prevent hackers from seeing and touching it?

Automatic elasticity enables businesses to stretch their network services (contained in hyper-segments) to the edge of the network, only as required and only for the duration of a specific application session. As applications terminate (or end-point devices close down or disconnect), those networking services retract from the edge. It’s as simple as that.

Stretching and retracting virtual services in this manner, however, becomes exceedingly difficult for companies operating in a static configuration environment. This is what ultimately led to Target’s massive data breach in 2013. A port had been statically configured to the company’s HVAC system—it did not retract—allowing a hacker to physically gain access to the entire network through that segment. From there, the hacker was able to conduct IP topology and trace IP routes to find the server they wanted and get the information they were after.

In this case, the mistake Target made was that it had no sophisticated methodologies in place to authenticate an end user or device before extending its HVAC port. It remained static, exposed and vulnerable to an attack, which eventually happened.

Without end-to-end segmentation, the only way businesses can truly extend their virtual services is to manually configure each node to simulate their desired level of elasticity. In this case, each node would have to be manually configured to stretch, and then that configuration would have to be removed as soon as the service was finished being used. Just imagine how time-consuming and painstaking this process would be on a large scale. This is illogical.

The bottom line is that automatic elasticity drastically reduces network exposure, and also transforms internal productivity and collaboration. A network access port is no longer statically mapped to a given service or user. Today it can be you, tomorrow a video surveillance camera, the next day a contractor. Agility, flexibility, security all delivered! With the ability to expedite provisioning and dynamically extend services to authenticated end-users or devices, an employee working across the country can quickly gain access to a system to complete a task. If you’re running late to a meeting, you can be authorized to temporarily gain access to a printer in-office to ensure you stay on schedule. The use cases for automatic elasticity are infinite and truly game-changing for businesses today.

In the End

While some still feel comfortable operating within legacy limitations, what’s important is that you now understand current industry standards have evolved to meet today’s next-generation network demands and security needs—something that end-to-end segmentation does flawlessly.

We’re excited to be able to help companies finally deploy end-to-end segmentation without resource-intensive or costly roadblocks. An end-to-end segmentation solution built on hyper-segmentation, native stealth and automatic elasticity is key. To succeed, you need all three of these complementary capabilities. All three share the common goal of maximizing network security. However, they contribute towards this goal in distinctly different yet necessary ways to substantially reduce your business risk exposure with the ever increasing cyber security threats we see and hear about globally.