Evolution of Disaggregated Switching: Bringing Whitebox to the Masses

For years, hyper-scale technology companies like Google have flexed their IT muscles and considerable buying power to create highly specialized operating environments with equally optimized cost structures. In the networking space, this has given birth to the concept of white box switching.

White box switching refers to the ability to use generic, off-the-shelf switching and routing hardware, in the forwarding plane of a software-defined network. White box switches are really just that—blank standard hardware. (Source: SDx Central)

As with many innovations that have arisen from the hyper-scale space, white box switching isn’t readily consumable by the broader market. IT departments that are already challenged with simply keeping the lights on in their existing environments can’t afford to create operational teams and practices for developing open source tools and integrating operating systems onto bare metal hardware. Furthermore, the current business model for network switches today consists of Original Device Manufacturers (ODMs) selling to vendors that in turn create integrated products. As a result, ODMs have very little support capacity. So, “support” in a white box world relies heavily on the user community.

Despite the challenges, the model is very attractive. Going direct to the manufacturers allows customers to reduce capital costs. Then, it’s a matter of finding a Network Operating System (NOS) that meets their needs both technically and operationally.

To that end, several NOS vendors have come on the scene in recent years. Companies like Big Switch, Cumulus, IP Infusion and Pica8 provide software that runs on bare metal switches conforming to requirements set out by Open Compute Projects (OCPs) and Open Network Install Environment (ONIE). Of course, there’s still that little matter of support.

Enter brite-box…

Brite-box switching is shorthand for branded white-box switching. The key tenants of a brite-box switch are disaggregation (hardware and software/OS can be decoupled), reduced capital cost (i.e., white-box economics), commercial software (versus roll your own), and the option to receive service/support from a single supplier. (Source: Andrew Lerner, Gartner)

The brite-box market has emerged via traditional networking vendors partnering with the aforementioned NOS vendors. The networking vendors generally bring the value of an established supply chain, strong professional services, and a mature support organization. They sell standard hardware with their own brand affixed at a lower markup than usual and pre-loaded with your choice of NOS. They also offer experienced professional services to help integrate these new platforms into your environment. Finally, they offer support on the hardware, as it does carry their brand, however, software support is still the domain of the NOS vendor. As these vendors tend to be more nascent, they have limited support capabilities generally comprised of user forums and outsourced call centers. So, the weak link in the chain is in the area most prone to support issues.

Where are the NOS offers from established networking vendors? That’s the very question we asked here at Avaya. With the entire market looking to reap the benefits of disaggregation, the primary obstacle seems to be the lack of a mature NOS with Enterprise class support behind it. That’s precisely what Avaya is announcing today. We’ve decoupled our mature, widely proven Network Operating System software from our branded hardware and created an opportunity for specialty solutions providers to take advantage of the white box consumption model without disrupting their operational environment. It’s yet another proof point of Avaya truly transforming itself into a software and services company.

This new initiative enables solution providers to buy off-the-shelf hardware from certified manufacturers. These manufacturers pre-load the Avaya NOS, which has been deployed globally for nearly two decades and across millions of ports. So, when a switch is shipped, the solution provider as well as the end customer has the peace of mind that they’re getting a platform tested against over 100,000 scenarios collected through years of live deployment experience. Furthermore, the first line of support is Avaya. The solution provider makes one call to our world-renowned support organization that has years of experience and direct access to the software development team. If the issue is isolated to hardware, a warm hand-off takes place to the manufacturer for repairs, replacements, etc. No finger pointing. No frustration. No sacrifice from the current model.

The whole experience should sound somewhat familiar, as it closely resembles buying branded switches today. That’s the point. Disaggregation should be a welcome change in the industry. Vendors shed the overhead of hardware that provides no differentiation for their product. So, why aren’t more vendors moving in this direction? That’s a question we haven’t been able to answer.

Avaya Network Operating System software will be offered exclusively through systems integrators certified in the program and qualifying for direct purchases with approved ODMs. Visit Avaya.com for more information on Avaya’s disaggregated model. For more information on becoming a certified partner or locating a partner in your market, contact Avaya.

Related Articles:

Less Maintenance, More Innovation: How to (Finally) Fill the IT Skills Gap

If you take a good look at how the business ecosystem is evolving, you’ll find that it’s being redefined by five key market trends:

You’d be hard pressed to find research that doesn’t indicate the takeover of these five megatrends.

Forrester, for instance, predicts that machine learning and automation will replace 7% of all U.S. jobs by 2025. According to the Economist Intelligence Unit, almost 80% of companies identified digital transformation as their top strategic priority last year. Gartner believes that 70% of all newly deployed apps will run on open source databases by 2018; meanwhile, research continues to show that some 20 to 30 billion objects could be connected to the IoT by 2020.

As these technologies shape our smart digital world, so too do they raise the stakes in terms of customer expectations. Next-generation consumers demand nothing short of a sophisticated digital experience marked by greater quality, agility, speed and contextualization.

The Need to Transform NOW

Driven by these trends, organizations have no choice but to consider how they can adapt to grow and thrive. Competitors are moving at rapid new paces and blazing unforeseen trails. We’re seeing this disruption industry-wide, from companies like Uber and Lyft that have revolutionized the taxi industry (taxi trips have fallen by as much as 30% in cities like L.A.) to Airbnb, which turned the hospitality industry on its head by introducing the concept of an end-to-end digital homestay experience.

Look around and you’ll see just how much your own industry is changing. Do you realize how much new ground is ready to be broken? How much unexplored territory there is to seize? The organizations that thrive will be the first to not only see the possibilities, but successfully execute them. To do so, however, companies must undergo some level of transformation—and IT must be a central part of that transformation.

Elevating IT to Accelerate Business

To enable business to move at a pace that maintains a competitive edge, leaders must ask themselves how they’re empowering their IT staff. As it currently stands, something needs to be done about today’s IT skills gap. What we’re seeing is too many departments tied down to costly, archaic systems that hinder performance and productivity. There are too many people doing the same things and expecting different results. In a world where IT maintenance and innovation must be expertly balanced, teams are working to keep the lights on and not spending enough time learning new technologies and strategies or becoming part of the solution. This has been an ongoing problem that needs to be talked about less and acted on more.

The bottom line is that organizations will only truly accelerate in the digital era if IT spends enough time on strategic initiatives. Consider that 60% of top-performing companies engage IT to gather ideas for innovation, and 49% collect ideas through business unit workshops facilitated by IT. Without question, IT should be factored as a critical part of business innovation.

So, how can businesses free their IT teams to begin innovating? The right technology here is key—specifically, it has to be a combination of business process automation over an automated, end-to-end, meshed networking architecture. Let’s first focus on networking—this open, agile and integrated platform liberates IT by substantially reducing the level of complexity associated with traditional network maintenance, allowing teams to spend more time on high-level strategic initiatives. I’d like to take a look at how such a platform helps fill the IT skills gap from a traditional networking standpoint and outline some of the security benefits this architecture can bring.

Networking

Traditional legacy architecture, often referred to as “client-server” is becoming near obsolete thanks to the proliferation of automation and M2M. But before we jump too quickly, you may remember the resistance from peer-to-peer communication where IT in fact won the battle and for the most part didn’t allow it—simply put, the legacy architecture couldn’t sustain it. As manual processes continue to be replaced by smarter, automated processes, it’s imperative that organizations start thinking differently in terms of networking.

This may mean, for example, seamlessly integrating AI and machine learning into their communications strategy to engage customers with flexible new touch points. This will also likely require the integration of services from several vendors with different capabilities, versus one single provider, hence the importance of having an open ecosystem with standards as much as possible.

Regardless of how organizations go about it, the fact is that they must begin moving their networks in a new direction if they wish to progress at the pace their business needs to. Fully-meshed, end-to-end architecture offers an open ecosystem in which businesses can begin freely automating, integrating and reinventing traditional processes without a high level of complexity. This time freedom enables IT to begin reimagining business outcomes. The use of open, integrated, future-proof technology opens new doors of opportunity to do so.

Security

With billions of IoT devices directly communicating and sharing data, organizations are now operating in an essentially borderless network—or as I like to call it, the everywhere perimeter. While this everywhere perimeter enables organizations to operate with unmatched agility and ease, it can also destroy companies if left unprotected. As one can imagine, the strategy and technology needed to protect a virtually borderless network look drastically different than those protected by a traditional firewall or legacy network architecture (Static VLANs, ACLs). This is exactly why IT needs to flex its strategic muscles and identify a stronger security approach, one that safeguards the organization with a near impenetrable network that significantly minimizes security risks and reduces exposure.

An end-to-end meshed networking architecture lets organizations quickly and securely enable services across the network anywhere they are consumed (i.e., personal mobile device, Wi-Fi hotspot, corporate campus). This is done through end-to-end network segmentation, which is widely considered to be the holy grail of network security today. Comprised of three core components—hyper-segmentation, native stealth and automated elasticity—this solution ensures organizations have the necessary framework for next-generation cybersecurity defense. By minimizing security risks in this way, organizations can ensure they are maximizing the value of IT. Lay the foundation right first, then focus on business process workflow automation. Doing the opposite or simply ignoring the foundation will cause pain and slow down your business transformation while making it extremely difficult to maximize the benefits of, for example, IOT.

In the end, every important business initiative requires time. Organizations won’t be able to reinvent themselves if their IT department has none to spare.

2017 Avaya Customer Innovation Awards Honor Five Companies Leading the Way in Digital Transformation

Every year, Avaya and IAUG recognize a handful of customers who are innovators. These customers are recognized with Customer Innovation Awards. Last year’s award winners included a number of technology firms. This year’s five award winners, recognized on stage at Avaya Engage in Las Vegas, include three customers in the financial services sector, a leading global retailer, and a leader in the film production industry.

Each of these customers is benefiting from the latest Avaya solutions to meet business goals—whether the goals are growth, customer experience, cost management, or risk mitigation.

BECU

BECU, which began life 80 years ago as the Boeing Employee Credit Union, today is the fourth largest credit union in the US, with over $12 billion in assets and over a million credit union members. In 2016, BECU embarked on a digital transformation journey focused on the customer experience. BECU relies on Avaya Elite Multichannel running on an Avaya Pod Fx™ infrastructure.

BECU engineer Rick Webb says, “BECU is rapidly expanding and needed a technology partner that could support that expansion and keep our members happy. The Avaya Elite Multichannel infrastructure does just that, while providing increased flexibility and allowing BECU to better meet the expectations of our more than 1 million members.”

Green Shield Canada (GSC)

Green Shield Canada (GSC) is a one of the leading health and dental benefit carriers in Canada, with over 850 employees across seven locations. Starting last year, GSC is deploying the Avaya Equinox™ Experience and seeing strong results. Competing with larger players in its industry, GSC sees strong collaboration among its workforce as a key ingredient for success.

Jim Mastronardi, GSC Director for Enterprise Infrastructure says, “Green Shield Canada has over 850 employees across seven offices in Canada—from Montreal to Vancouver. We saw an opportunity to explore technology upgrades that would enhance company-wide communications and bring our teams across Canada closer together. With just a single training session, employees have hit the ground running with the Avaya Equinox tools. The video conferencing option has provided a solution to overbooked meeting rooms, and the instant messaging feature is already cutting down on the number of emails being sent.”

Scotiabank

Scotiabank prides itself on “being a technology company providing financial services.” As a long-time Avaya customer—and a beta customer for Avaya Oceana™ and Avaya Oceanalytics™—Scotiabank is on a digital transformation journey to better serve bank customers worldwide. Scotiabank contact centers located in Canada and the Caribbean & Latin America region have benefited from a next-gen centralized architecture leveraging the latest Avaya solutions to better serve customers.

Scotiabank has already developed and deployed Avaya Oceana and Avaya Breeze™ apps, and continues to innovate in an ongoing drive to improve customer service and meet customer needs in a competitive market. The success of Scotiabank’s transformation program has enabled the bank to move with greater agility, improved reliability, and speed to market. This has changed the framework for deployment from months/years to days/weeks while improving the overall ROI/TCO.

The Crossing Studios

The Crossing Studios is one of Vancouver’s largest and fastest growing full-service studios and production facilities for film. The firm caters to companies like Fox, Nickelodeon, Showtime, and Netflix. The Crossing Studios were unhappy with the stability and quality of the disparate systems previously in place across their seven studio locations. In 2016, The Crossing Studios deployed a Powered by Avaya IP Office solution offered by local provider Unity Connected Solutions.

Powered by Avaya IP Office has improved stability, reduced TCO and provided the advanced features that the business needs to serve a very demanding film industry client base, including high scale audio conferencing, extensive web collaboration, and rich multi-vendor HD video conferencing. CTO Mark Herrman says, “We needed something that would support our rapid growth, support our clients, and support our bottom line. Thanks to IP Office and the hosted cloud model, we’re able to keep pace with dynamic, fast-moving film productions, staying as flexible as our clients need us to be.” Estimated savings are in the six figures for the first year alone.

Walgreens

Walgreens is using custom Avaya Snap-ins to bring centralized contact center reporting capabilities to local branch sites, for compliance purposes and to help improve the overall customer experience. Avaya Professional Services were instrumental with the deployment, which relies on an Avaya Pod Fx infrastructure.

These companies are each leaders in their respective industries. As part of their digital transformation journeys, they recognize that when it comes to selecting a trusted technology advisor, “experience is everything.” #ExperienceAvaya.

APTs Part 4: How Do You Detect an Advanced Persistent Threat in Your Network?

Here in part four of my APT series, we’re looking at how to detect Advanced Persistent Threats in your network. The key is to know what to look for and how to spot it.

Look for patterns of behavior that are unusual from a historical standpoint. Some things to look for are unusual patterns of session activity. Port scanning and the use of discovery methods should be monitored as well. Look for unusual TCP connections, particularly lateral or outbound encrypted connections.

Remember that there is a theory to all types of intrusion. An attacker needs to compromise the perimeter. Unless the attacker is very lucky, they will not be where they need or want to be. This means that a series of lateral and northbound moves will be required to establish a foothold. In order for any information to leave your organization there has to be an outbound exfiltration channel. This is another area where APTs have to diverge from the normal behavior of a user.

Here’s what to look for:

  • Logon Activity:

    Logons to new or unusual systems can be a flag. New or unusual session types are also a flag to watch for, particularly outbound encrypted sessions or unusual time of day or location. Watch for jumps in activity or velocity.

  • Program execution:

    Look for new or unusual program executions at unusual times of the day or from unusual locations. Execution of the program from a privileged account status rather than a normal user account should also be alarming.

  • File access:

    Look for unusually high volume access to file servers or unusual file access patterns. Also be sure to monitor cloud-based sharing uploads as these are a very good way to hide in the flurry of other activity.

  • Network activity:

    New IP addresses or secondary addresses can be a flag. Unusual DNS queries should be looked into, particularly those with a bad or no reputation. Look for the correlation between the above points and new or unusual network connection activity. Many C2 channels are established in this fashion.

  • Database access:

    Most users do not have access to the database directly. But also look for manipulated applications calls doing sensitive table access, modifications or deletions. Be sure to lock down the database environment by disabling many of the added options that most modern databases provide. An application proxy service should be implemented to prevent direct access in a general fashion.

     

    The goal is to arrive at a risk score based on the aggregate of the above. This involves the session serialization of hosts as they access resources. The problem with us as humans is this: if we’re barraged with tons of data and forced to do the picking out of significant data, we are woefully inefficient. First of all, we have a propensity for missing certain data sets. How often have you heard the saying, “Another set of eyes”? Never manually analyze data alone, always have another set of eyes go over it.

     

    At Avaya we’ve developed a shortest path bridging networking fabric we refer to as SDN Fx™ Architecture that is based on three basic self-complimentary security principles:

    • Hyper-segmentation: This is a new term that we’ve coined to indicate the primary deltas of this new approach to traditional network micro-segmentation. First, hyper-segments are extremely dynamic and lend themselves well to automation and dynamic service chaining, as is often required with software-defined networks. Second, they are not based on IP routing and therefore do not require traditional route policies or access control lists to constrict access to the micro-segment. These two traits create a service that is well suited for security automation.
    • Stealth: Due to the fact that SDN Fx is not based on IP, it is dark from an IP discovery perspective. Many of the topological aspects to the network, which are of key importance to APTs, simply cannot be discovered by traditional port scanning and discovery techniques. So the hyper-segment holds the user or intruder in a narrow and dark community that has little or no communications capability with the outside world, except through well-defined security analytic inspection points.
    • Elasticity: Because we are not dependent on IP routing to establish service paths, we can extend or retract certain secure hyper-segments based on authentication and proper authorization. Just as easily however, SDN FX can retract a hyper-segment, perhaps based on an alert from security analytics that something is amiss with the suspect system. There may even be the desire to redirect them into Honey pot environments where a whole network can be replicated in SDN Fx for little or no cost from a networking perspective.

In the End

Hardly a day goes by without hearing about a data breach somewhere in the world. To combat these breaches, it’s imperative to understand how APTs work and how you can detect them. Remember—prevention is ideal, but detection is a must!

With this blog series, I hope I’ve helped you see how to limit the impact of APTs on your enterprise. If you missed a blog post, here’s the whole series:

APTs Part 1: Protection Against Advanced Persistent Threats to Your Data

APTs Part 2: How the Advanced Persistent Threat Works

APTs Part 3: Prevention is Ideal, But Detection is a Must

APTs Part 4: How Do You Detect an Advanced Persistent Threat in Your Network?