SD-N and SD-WAN Come Together to Offer Agile Cloud Services

Distributed organizations face both internal and external challenges as they look to evolve their wide-area networks. How do they seamlessly extend their network virtualization all the way to branch/remote locations? And how do they provide the agility needed to accommodate the transition to Cloud and SaaS deployments? Today, I’m happy to share details of an integrated solution that solves both challenges.

Network virtualization and software-defined networking (SDN) in the data center and campus LANs, at least as a concept, is now widely accepted. Perhaps the level of implementation still lags initial expectations, but most organizations either have something in place or are in planning stages. Many still focus on the data center, but the most adventurous are extending out into the campus. Organizations are finding clear benefits in transitioning to a software-defined data center, while the use cases for extending SDN into the campus have initially been somewhat more nuanced and difficult to quantify. Emerging use cases will likely fuel this growth.

Obviously, the network is more than just the data center LAN, or even the combined data center/campus LAN. It is the entire end-to-end network, inclusive of branch office locations. Once SDN moves beyond being a pure data center play, out into the broader network, then the genie is out of the bottle and the WAN becomes a consideration. Now the WAN needs to support network virtualization, end-to-end segmentation, programmability, orchestration—in short, pretty much everything that the traditional WAN is not. This is the expanding internal network challenge.

The external challenge for locations over the WAN is to find an enterprise-class way to leverage the flexibility of DSL and 4G/LTE broadband technologies as a cost-effective supplement or alternative to traditional premium-priced Carrier-grade MPLS wide-area networks. The balance is to maintain the premium service provider features—like optimization, encapsulation, encryption, and the QoS required to support mission-critical applications—while not further over-taxing their already-stretched resources.

In speaking with Mike Fratto, a research director at Current Analysis covering the Enterprise Networking and Data Center Technology markets, he commented, “Cloud-first and hybrid cloud strategies by enterprises deploying applications or relying on SaaS services impact user productivity when WAN performance degrades. Managing inter-data center, branch and remote office WAN connections to maximize application performance is a full-time job for enterprise IT.”

Now, however, organizations can confidently extend network virtualization and their software-defined networking solutions over the WAN while at the same time taking advantage of all of the latest and greatest connectivity options. Last week, Avaya and FatPipe Networks jointly announced a relationship that delivers a next-generation software-defined WAN (SD-WAN) initiative. Now, enterprises can have their cake and eat it too: extend virtualization end-to-end across the network, inclusive of the WAN, which can itself combine any form of connectivity technology and support the full suite of value-adding WAN services.

Both parties bring clear differentiation to their respective sides of the equation. Avaya has pioneered fabric-based network virtualization and FatPipe has pioneered the evolution to SD-WAN. But the real value comes from the integration of the two. FatPipe is unique in being able to specifically interface with an Avaya fabric-enabled SDN Fx solution. They perform deep packet inspection of the Fabric Extend (which itself encapsulates Shortest Path Bridging’s MAC-in-MAC encapsulated packets) and can interpret IP parameters and apply WAN services.

So using FatPipe, organizations can mix and match technologies from one or more suppliers, dynamically build flexible topologies, and implement any combination of comprehensive services. They have the ability to selectively apply these services to the different technologies and topologies. For example, they can encrypt a raw IP link while leaving a Carrier-based circuit in the clear. Cloud-based and SaaS offerings can be effortlessly and fully integrated. All of this can be easily managed and provisioned, including the distribution of a unified edge policy, all from a centralized orchestration platform with north-bound hooks. A FatPipe-powered WAN can seamlessly support the full range of Avaya SDN Fx network virtualization capabilities.

Fratto said, “Interconnecting network fabrics across the WAN isn’t as simple as encapsulating in IP and routing over the WAN. FatPipe and Avaya worked to solve thorny issues with supporting large IP packets without causing fragmentation, applying consistent access, performance, and application policies from the LAN to the WAN, and enabling troubleshooting and monitoring tools in FatPipe’s EnterpriseView® and the Avaya Fabric Orchestrator. The integration and ongoing partnership ensures reliable SD-WAN connectivity for mission-critical applications and continued management using existing enterprise workflows.”

This joint Avaya and FatPipe solution delivers end-to-end support for network-wide software-defined networking. Stay tuned for further details and success stories soon to come!


Related Articles:

Avaya Oceana: Riding the Next Wave in Customer Experience

Earlier this month, the CFI Group, which issues the annual American Customer Satisfaction Index, issued the Contact Center Satisfaction Index (CCSI). Here are some of the key findings:

  • The index shows a four-point decrease in customer satisfaction from 2015 to 2016, sliding to the lowest score in the nine-year history of the report.
  • Difficulties are driven by the ability (or lack of) to quickly and effectively solve customer issues: Only 52% of contacts were resolved on the first contact and a third could not successfully self-serve through the IVR system.
  • Millennials have higher expectations for service than those 45+ perhaps largely due to their sense of immediacy and highly digital, multi-modal nature.

Bottom line: The CCSI news isn’t good regarding contact centers’ ability to deliver an excellent experience. And that results in reduced revenues for your business as customers go elsewhere to satisfy their needs.

From our point of view … the timing couldn’t be better. Here’s why: Avaya Oceana just went generally available.

As long-time leaders in customer experience technologies, we know there are two critical points of opposition underlying the findings of the recent CCSI report. One is that consumer technologies and customer expectations change at an ever-increasing pace—even more so for millennials—your next generation of disposable income. This change is so rapid that some business technologies can be nearly obsolete before fully implemented. Second, because of this rapid pace of change, enterprises often hesitate to commit to new technologies that may disrupt a precariously-built, but functional operation—many of which resemble a Jenga stack whereby if one piece is touched the whole shebang comes tumbling down.

There’s a third factor that’s worth mentioning: traditional contact center technologies have been rigid, highly complex solutions, making changes to deployed systems difficult at best. Over time, what may be left as a result are ancient artifacts of routing patterns, complex integrations, and more that—at minimum—slow responses to potentially already frustrated customers.

Avaya Oceana to the rescue! Oceana simplifies that with a flexible, software-based solution that can negate those opposing forces. Suddenly, aligning customer needs and business strategies is as easy as drag and drop, so changes can be made without the traditional hold-your-breath-and-see-what-happens approach that causes migraines and drives significant resource requirements. The easy-to-use, self-adjusting system knows how—and in many cases, why—the customer is reaching out, managing proactive, self service and assisted service as a single thread.

Intelligence gleaned via Oceanalytics can be automatically applied and visually reported to those who need to know, who can also make immediate changes in the workflow pattern without esoteric programming requirements.

What’s more? Since Avaya Oceana is built on Avaya Breeze™ Platform, companies have massive flexibility to quickly customize their approach to customer experience—again with simplicity and ease through the development tools or pre-made Snap-ins from the Avaya Snapp Store.

The end game? To deliver the best experience possible every time in the course of a transaction or in the relationship overall.

While much of the magic of Oceana is behind the scenes, essentially, the solution enables companies to fully realize the omnichannel experience that many talk about and few truly deliver.

Experience is everything—Avaya Oceana enables proactive, persistent, contextual highly personalized experiences. The kind of experience even a millennial could love.

Watch the Avaya Oceana video.

How Wi-Fi Location-Based Services Can Step Up Your Public Safety Game

My first job out of college was working on Sonar Systems for the U.S. Navy. Modern sonar systems passively listen in the ocean to identify targets by the sounds they make. To the Sonar System everything is a target. Targets are classified as unknown, hostile or friendly. Target classification is determined by noise signatures, behavior, heuristics, etc.

Wi-Fi location-based solutions provide similar capabilities as a sonar system. As part of normal operations, a mobile device will probe the network looking for Wireless Access Points (WAPs). Probing helps the device identify and acquire service from the WLAN. When the device is connected to the network, it continues to probe, enabling the device to effectively roam between WAPs. Essentially Wi-Fi enabled devices are projecting energy into the air similar to a ship projecting sound into the ocean.

WAPs listen and respond to the probe messages as part of service delivery. Listening also provides a mechanism to track these devices. A Wi-Fi device probe message includes the Media Access Control (MAC) address of the device, a globally unique identifier. Since most devices probe the network several times a minute, it’s possible to identify the location of a device every few seconds. Therefore, a Wi-Fi location-based solution can identify the location of every wireless device in range of the WLAN.

Wi-Fi location-based services are usually discussed in the realm of suppliers trying to improve customer engagement. However, as Avaya Chief Technologist of SDA Jean Turgeon points out in his recent blog on public safety, there’s an epidemic of man-created tragedies, where people are targeted for harm by other people. Providing safety for the public when a member of the public wants to harm other members of the public is a tough task. Finding a potential antagonist in the crowd is similar to finding the potentially hostile ship in the ocean of ships. Wi-Fi Location-Based Services (WLBS) offer an additional data set that can be used to help identify potential hostiles, and help first responders identify where the friendlies are located.

WLBS uses the signals received by multiple WAPs to triangulate the location of the probing device. In the Avaya solution, performing WLBS is as simple as telling the WAPs to send distance information to an Avaya Breeze™ snap-in that performs the calculation.

Wi-Fi Location-Based Services

The triangulation process provides the ability to identify all of the targets in the WLAN ocean. The next step is to sort the targets. However, rather than classifying as friendly or hostile, the first objective is to sort out known from unknown device owners. Device ownership can be determined in a number of ways, for instance:

  • Connections to the corporate network

    . Employees, contractors, etc. who provide credentials to access the corporate network will have device ownership uniquely identified. Though a single employee may have multiple devices (laptop, phone, tablet) identified to their persona at one time, a device will have a single owner.

  • Device resident apps, such as loyalty apps

    . Apps that provide coupons, track transaction points, etc. can be set up to identify the owner when the app connects to the network.

  • Uniquely identifiable splash page logins

    . Gaining access to a guest network often requires acknowledging appropriate usage parameters on a splash page. The splash page can be set up to require uniquely identifiable information, such as an email address, to gain access.

Therefore, it’s possible to have uniquely identifiable information about the owner of every device that’s connected to your WLAN. Devices that aren’t connected to the network would have unknown owners. However, if the solution maintains an historical database, it may be possible to classify a device if the MAC address has ever been associated to an owner. The current owner may not be the same as the historical, but it’s a starting point.

Now that a mechanism to identify device owners has been established, rules for addressing unknown devices can be generated. The easiest to visualize is the guest-out-of-bounds rule. Most public buildings (civil center, library, court house, school, etc.) consist of areas that are open to the public and areas that are restricted to certain personnel.

When a non-employee’s device is detected in a restricted area, WLBS raises an alert to be processed up-stream. For instance, the feed from the CCTV camera covering the area identified by WLBS could be directed to the security guards computer monitor. The security guard could find the closest member of the security team by looking at a dynamic floor plan display with indicators showing the location of all security personnel (based on their known devices). A message could be sent to closest security person to go to the area and perform a credential check. As the non-employee moves through the area, his position would be updated by the WLBS solution to continue to track the individual. The CCTV and WLBS displays could be routed to the mobile security guard to provide current situational information.

WLBS is dependent on the person of interest having a device with an active Wi-Fi antenna. If the non-employee above is simply lost, they won’t bother to turn off their device. On the other hand, if the person intends harm, they may go to airplane mode. In this case, the security system is relying on more traditional detection methods.

WLBS also has value when looking at people at a macro level. One of the man-created tragedies is the active shooter scenario. In many disaster scenarios, the best course of action is to flee. However, in the active shooter scenario, the best course of action is often to hide. Take a school or shopping mall, people are going to hide all over the place. One of the tasks of first responders is to find where all of the friendlies are hiding without causing the friendlies to expose themselves unnecessarily. WLBS would show where all of the devices are, which provides a good indicator of where people are hiding. So as the first responders are pursuing the hostiles, they would have data to help them understand if the hostiles are heading towards friendlies. Perhaps, the friendlies can be evacuated before a hostile reaches them or the hostiles can be driven to a safer location.

WLBS provides a stealthy way to identify where people are. It isn’t a fool-proof solution. Unlike a ship in the ocean, a person can decide to be silent and thus untraceable. However, in many situations, WLBS will provide valuable information about the location and movement of people. Even if the hostile defeats Wi-Fi tracking, WLBS still provides information about the friendlies. In this case, tracking hostiles may require other technology such as CCTV. (Satellites are used to track ships also.)

The best part of a WLBS solution is that it runs on the WLAN that organizations must deploy to participate in the 21st century. Location data is available on enterprise class WAPs—it’s simply a matter of collecting and acting on the data. With Avaya’s 9100 WLAN, data analysis and workflow development is a Breeze.

As Consumer Tech Remakes the Workplace, a Thoughtful Security Strategy Is the Best Defense

I think we’d all agree the business landscape has changed dramatically over the past two decades. Think back to the last time you wrote a paper memo or sent a card inviting a colleague to a meeting. It’s been a long while.

For the most part, we’ve enthusiastically embraced this technology revolution in business, but recently it’s evolved to a point where consumer technology is now reshaping the workplace. In this blog series, we’ll discuss this phenomenon, how it’s made us more vulnerable to cyber-attacks and what measures and solutions we can employ to protect against security breaches.

Think about it. We carry multiple devices to stay connected both professionally and personally. These devices have become our modern day Filofaxes or Franklin Planners. So much so, that we’ve blurred the lines between these two worlds—once separate and distinct. We have one calendar, one set of contacts, one laptop and, for many of us, our social networks are a mix of work and play.

So when we hear about the latest cyber-attack or hack, the question we always ask ourselves is, “Can I be affected?”

The fact is our growing dependence on consumer technology puts our companies and us at higher risk to become victims. We become more vulnerable with every new tech toy, gadget or app we place at our fingertips … and we’re not talking just smartphones. Look at Smart TV (connected to the Internet), home automation devices (e.g., Nest or Hues), even the cars we drive. Everything is becoming connected, delivering real-time information to our smart devices, whenever and wherever we are.

Our demands have also extended to where we use these smart devices. We want connectivity in Starbucks, a shopping mall, a sports stadium … we want to remain in touch, irrespective of location. This presents a challenge for many, but especially for our CIOs who not only have to secure corporate information but also weigh potential exposure as a result of our hyper-connected world.

Also consider the increasing number of employees working from remote locations … the CIO, who once had total visibility of what we’re doing and using during business hours, now has only a glimpse of what’s deployed in our homes or coffee shops. And let’s not forget collaboration tools and apps that allow for real-time connectivity and electronic file sharing between anyone with internet access, from anywhere and from any device. While these capabilities have enabled us to work smarter and more efficiently, with those benefits comes the increased risk of enterprise security issues and data breaches.

For most organizations, it’s not a question of if a security breach is going to occur, it’s when will it occur. And when a company is attacked, so too are the people affiliated with it (think customers, employees, vendors and partners).

Perhaps we need to consider how hackers go about their work to understand why the decisions we make (or don’t make) today could have immediate and devastating consequences.

For starters, hackers look to identify a point of entry that will allow them to establish a command and control base. Remember if it has a processor, memory and connectivity, it’s a target. All the examples I cited above fall into this criteria.

Once they’ve established a control point, they explore their surroundings. Imagine for a moment a hacker gaining access to your home automation, then having the ability to eavesdrop on all your communications: banking services, business services, media content … potentially watching your every move. Now all your personal and business activities are compromised. It’s a frightening thought, right? But it’s one that can be proactively addressed.

There are two common methodologies for eliminating or greatly minimizing security breaches. The easiest is to say “No, you can’t do that” (seldom effective). We recommend a more thoughtful, practical, and deliberate approach that involves both active and passive security measures.

The Avaya approach is complementary to your existing security measures, not a rip and replace approach but one that supports your business operations. Whilst other solutions will address vulnerabilities on the devices, or only allow certain traffic to pass a specific point in the network, Avaya adds to your security posture by eliminating the ability of the hacker to move around your network at will. This is commonly referred to as lateral movement, and with the use of Avaya SDN Fx hyper-segmentation capability, we’re able to prevent this exploration. We have more than 16 million service identifiers to use—it’s like trying to find a needle in a haystack.

If you can’t see it, then you can’t hack it! Avaya also has the ability to run these services in stealth mode, the ability to convey these services in a manner that is quiet and careful in order not to be seen or heard.

This provides you with security that’s based upon the services you support on your network, not focused on the routes that traffic may pass through. This dynamic approach to security is elastic in nature: as the demands for your network change, the ability to expand and contract these services follows the natural rhythm of your network. (Avaya Chief Technologist for SDA Jean Turgeon wrote a three-part blog series exploring these three core pillars. Read about hyper-segmentation, native stealth and automatic elasticity.)

In addition to this, we expand our capability to the edge of the work, the access layer. Here through the use of standards-based approaches, we’ll examine not only the device coming onto the network, the credentials it’s presenting, its location, but we’ll also examine its behavior on the network—its digital fingerprint.

Through years of experience in real-time apps, we’ve been able to capture, identify, quantify and then react to a whole range of activities. The same is also true for the emerging world of the IoT (Internet of Things) and the explosion in connected devices. Through the innovative use of Avaya Breeze™, we’re able to blend the worlds of infrastructure and apps, keeping a watchful eye on everything that passes through the network, and when something does catch our eye, having the ability to react, in real-time, to circumvent that anomaly.

The Avaya capability plugs the gaps that so many hackers exploit, and through our use of innovative technologies, we allow the network infrastructure to support the business in a dynamic, elastic, and secure manner, giving business the agility to use what it needs, when it wants to, and where it wants to use it.