Avoiding Network Outages: When the Cost of Doing Nothing is Everything

Avoiding Network Outages

What does downtime mean to you? Time, productivity, money? Likely, you’re nodding at all three — and you’re not alone. According to Aberdeen Group, the average downtime costs a company $2,700 per minute, usually an avoidable cost when caused by a network issue.

Minimize networking issues (thus preventing avoidable downtime) through these three best practices:

Best Practice No. 3: Perform periodic network audits to identify potential issues.

Most people think about a company’s network like plumbing. It’s there, and it’s important, but unless it’s failing, it doesn’t get much attention. To make sure your network’s pipes don’t bust, regularly perform audits and correct small problems before they become big ones.

A simple audit can identify performance issues caused by physical or logical configuration errors, and provide a baseline for future comparison to de-risk configuration changes.

Best Practice No. 2: Update your network diagram regularly.

Prepare and maintain an up-to-date network diagram to isolate an outage and speed resolution by illustrating the relationships among pieces of equipment.

Rigorous configuration change control processes can then help ensure that system changes and refinements don’t inadvertently trigger outages.

Best Practice No. 1: Upgrade to a next-generation, Fabric-based network.

Customers often ask me about the cost of improving their networking infrastructure. What I tell them is that the cost of doing nothing is, in nearly all cases, substantially higher.

Old, legacy networking architectures require manual configuration changes in numerous locations across the network, making them more vulnerable to human error.

Compare this to a next-generation, Fabric-based network like Avaya SDN Fx™, which essentially eliminates human error by automatically configuring distribution and core switches. Since configuration occurs only at the edge, there’s far less potential for human error.

According to an Avaya analysis, if you have equipment that’s more than 11 years old, there’s a 36 percent chance it will fail in the next 24 months, according to a 2014 analysis by Avaya. That’s more than a one in three chance of failure. I wouldn’t bet on those odds – would you?

Want more information on avoiding outages? Download the Avaya white paper, “The Essential Guide to Avoiding Network Outages.”

Avoiding Networking Outages Infographic

Related Articles:

Secure IoT Deployments with Avaya SDN Fx™ Architecture Solutions

Let’s look at how to deploy the IoT in a safe and sane manner—a top-of-mind business challenge. Before diving into the technology, let’s remember why secure IoT deployments are so important. The Yahoo breach is a lesson learned: Yahoo CEO Marissa Mayer lost $12M in bonuses over the Yahoo data breach and Yahoo paid $16M to investigate the breach and cover legal expenses as of March 2, 1017. It’s clear that the cost of not building a safe infrastructure is much more than the cost to build one.

Software Defined Networking (SDN) is sometimes over-hyped. At a base level, separating the control plane from the data plane makes sense (if one understands the definitions of a data plane and control plane). In a practical sense, it means the network infrastructure doesn’t need to be managed on a node-by-node basis (i.e., logging into network devices on each end of the cable to make complementary changes to configure a network link). This is where SDN can be over-hyped. The SDN solution automates the process of making the changes to each end of the cable, making the network easier to manage. But, it doesn’t reduce the complexity, increase the resiliency (other than reduce outages due to typing errors), or make it easier to troubleshoot or expand.

Avaya SDN FxTM Architecture is based on fabric, not network technology. The architecture was designed to be managed as an entity of subcomponents and not a bunch of nodes that are interconnected to create a larger entity. In other words, it’s like designing something to manage a forest, as opposed to managing the trees. Would you really want to manage a forest one tree at a time?

How SDN Fx Architecture Benefits the IoT

Although the SDN Fx network architecture wasn’t specifically designed for the IoT, it works well for providing a solid foundation to deploy IoT solutions. These are the key components of the SDN Fx Architecture that benefit the IoT:

Avaya Fabric Connect is Avaya’s implementation of Shortest Path Bridging (SPB/IEEE 802.1aq). SPB replaces the traditional network stack, greatly simplifying network configuration, management and security. Three key benefits of Fabric Connect apply directly to IoT deployment use case:

  • Hyper-Segmentation: SPB supports 16 million+ network segments. In theory, every IoT device on a network could have its own segment. More realistically, every device type can have its own segment. For instance, HVAC could be one network, security cameras could be on another, employees on a third, guests on a fourth, etc. It’s worth noting that the NSA sees segmenting IoT networks as a key to limiting exposure of IoT deployments. (In my next blog, I’ll examine how Avaya solutions provide security between devices on the same segment.)
  • Automatic Elasticity: Services in SPB are provisioned at the edge without touching the core of the network. This makes it very straightforward to provision network services for the hundreds or thousands of IoT devices that the business wants up and running yesterday. Plus, edge provisioning makes moving devices simple. When a device is disconnected from the network, the network service to that port is disabled and eliminates open holes in the network security. When the device is connected to the same or different port, the device is authenticated and services are automatically configured for the port.
  • Native Stealth: SPB operates at the Ethernet, not the IP layer. For example, if a would-be hacker gains access to one segment of a traditional network, they can go IP-snooping to discover the network architecture. A traditional network is only as secure as the least secure segment/component. With Fabric Connect, if a security loophole is overlooked in a less important network project, there isn’t a back door to access the rest of the network and the corporate data.

Avaya Fabric Extend provides the ability to extend an SPB fabric across a non-fabric network, such as IP core, between campuses over Multiprotocol Label Switching (MPLS), or out to the cloud over WAN. IoT deployments enable the phased adoption of SDN Fx so that IoT projects can gain the values above, without ripping and replacing significant network infrastructure or affecting non-IoT workloads.

Avaya Fabric Attach automates the elasticity of the SPB fabric for IoT devices and other devices supporting Automatic Attachment (IEEE 802.1Qcj). Fabric Attach allows the device to signal the network that it needs in order to connect to a service. If the device is authorized, the service is automatically provisioned. When the device is disconnected, the service is terminated. If the device is moved to a different network port, the service will be provisioned automatically to the new port. This makes deploying and moving Fabric Attach-enabled devices very simple. For a real-world example, see how Axis Communications is starting to deploy Fabric Attach in their IoT devices.

Avaya Open Networking Adapters—an Open Network Adapter is a small device that sits in-line with an IoT device to provide programmable security for IoT devices that lack adequate network security. One component of the solution is Fabric Attach, which provides automated service provisioning and mobility to devices that don’t have the auto-attach capability. (I’ll explore more about the power of Open Networking Adapters in an upcoming blog.)

The Avaya Identity Engines Portfolio provides powerful tools for managing user and device access to a network, commonly referred to as Authentication, Authorization, and Accounting. In the IoT use case, Identity Engines authenticate a device by MAC address or MAC address group and use predefined policies for the device type to dynamically configure services. For instance, a camera could be assigned to Video VLAN 30 and provisioned for multicast, while a phone would be authenticated, assigned to VLAN 20, and configured for SIP communications. This provides security for unauthorized devices joining the network and provides automatic segmentation based on device type and service requirements.

I’m not sure if there ever was a time when network design and implementation was static, but there was a time when the devices connected to the network could be predicted: servers, printers, storage, PCs, etc. With IoT, IT is being asked to design networks for devices that haven’t been thought of yet. The old network technologies were designed for mobility by work order, and IT was able to list the number of device types that wouldn’t work on the network. SDN Fx provides a true software-defined network and not software-defined automation on old network constructs. A fabric network has the intrinsic flexibility and security required for tomorrow’s IoT projects, today.

In my recent blogs about the IoT, I’ve looked at how the IoT enables Digital Transformation and examined a business-first approach to IoT technology adoption. Next in this blog series, I’ll explore the newest component of the SDN Fx solution for the IoT, the Avaya Surge™ Solution.

Aiming Towards an Unfettered and Secure IoT

Last week, we heard bold claims by a networking vendor that they could make the Internet of Things (IoT) safe because they “own” the network. One of the ways they plan to do this is to certify products to take advantage of network security capabilities.

As a player in the networking space that is addressing IoT security, Avaya agrees “that there aren’t enough people on Earth to run the network the way it’s being run today, when you look at the scale of IoT.”

But, we strongly disagree on a number of other claims and respectfully offer these counterpoints:

  • One Pipe, One Gatekeeper:

    Their point of view shouldn’t be surprising—they are a vendor that has long relied on proprietary approaches designed to keep out the competition. The plan to certify devices to run on their network is yet another cog in the wheel whereby they soundly eliminate competitors and increase their revenue instead of allowing the market to decide who has the better approach to securing IoT. This brings us to our next point.

  • Innovation: Supporting or Suffocating?

    Does a single vendor governing who and what has access to the network encourage innovation or does it stifle it? While the concept of whitelisting is generally good, it requires a significant level of execution to be effective without hindering innovation. The sheer scale of the IoT means that it’s likely billions of devices will ultimately be connected. Each type needs to be certified, demonstrating compliance to a standard that gives them permission to onboard. Not impossible, but this is not the domain of a single vendor. In addition, as the market continues to trend towards more flexible networks and elasticity enabling greater innovation, the one-vendor-owns-the-network approach is rigid and exclusionary. The ecosystem for devices becomes extremely limited.

  • Say Bye-Bye to Your Legacy Equipment:

    While newer devices may be able to incorporate new standards and technology, there are still many, many legacy devices in operation that don’t have that level of intelligence. Many of these devices are regulated and would require significant back porting to support the operating systems they run. Requiring a forklift to remove non-compliant legacy devices is a huge moneymaker for some vendor—something we’ve seen them do in the past. But, for the company that needs to change their entire legacy operation, it may mean closing the doors due to a prohibitively expensive demand to update. Alternatively, they will be forced to manually manage the whitelists for legacy devices—an extremely cumbersome process.

An Alternative Approach

Avaya has already taken ground-breaking steps in securing IoT—steps that are much less costly and cumbersome, and support the innovation that IoT stands for by its very nature. Let me elaborate:

  • Automatic Onboarding, Configuration and Management:

    While the competition suggests that its approach will include not only “IoT onboarding and management capabilities, it will go beyond security to include automation of other tasks like network configuration that administrators would otherwise have to do.” Hello there. Let me introduce myself. This is fundamental to Avaya SDN Fx™. More than 800 Avaya customers are already enjoying the unique simplicity delivered through automation to the edge found in Avaya Networking. However, it’s still networking. Fundamentally, IoT needs to be separate from the network. While interaction between the solutions may offer benefits, any IoT solution needs to be capable of providing unique value regardless of the network underneath.

  • Keep What You Have, Use What You Want:

    IoT is gazillions of unique endpoints like medical imaging equipment, video devices, specialty printers, and more. Thus, you must protect 100% of your devices for a secure network. To manage this, and to secure legacy devices and a broad ecosystem of devices, Avaya built the Open Network Adapter—a small adapter about the size of a deck of cards enabled with an Open vSwitch. The Open Network Adapter allows these special devices to automatically connect to the network with a granular security profile based on their individual communication characteristics. Once fitted with the adapter, a session can be automatically set up, torn down and re-established—even if moved to a new location. This ensures that devices always have the proper security and can be tracked for both logistics and analytics purposes.

  • Securing the Future and Making Whitelisting Practical:

    Avaya’s SDN Fx IoT solution takes a different approach by providing proxy capabilities for devices to protect existing investments. This lets budgets be focused on innovations that are important to the business strategy. The SDN Fx IoT solution is based on the concept of intelligent profiling to dynamically understand the expected conversation patterns of whitelisted devices. This is important, as devices can be spoofed or hacked. Many IoT devices are in public domains where people may have physical access. They are often implemented by non-IT personnel and may not be secured to the level an enterprise expects. Gaining permission for whitelisting the device is a low threshold most will be willing to accept. From there, IT is free to characterize the traffic patterns of the devices and dynamically narrow the security profiles to a very refined set of flows within the whitelist.

  • Hyper-Segmentation for Hyper-Secure Networks:

    For those looking to evolve their defenses beyond an overlay solution and fully integrate their end-to-end security, Avaya’s SDN Fx provides a perfect complement to the IoT solution with automated connection into hyper-segments directly from the Open Network Adapter. Recently, we announced the hyper-segmentation capabilities of Avaya Networking. This end-to-end segmentation creates isolated traffic lanes within the network that limit where a hacker can go. They can’t get to the core and wreak havoc with sensitive data and operations. With hyper-segmentation, you get on the on-ramp to a dedicated toll road, where you are the only car on the road. Your isolated road leads directly to your destination, with no off-ramps. No one can see you, and you can’t see anyone else. But more importantly you can’t get off at any other destination than your own.

Avaya has already done much of the work needed for securing IoT that the other networking vendor is proposing, although we’ve left out those aspects that are not in the best interests of customers and innovation. While they are trying to make this about the network, the network has yet to stop many of the recently publicized breaches.

Any IoT device has the potential to be compromised whether remotely or physically, so end-to-end security is absolutely necessary, but absolutely should not be an old school, proprietary approach. Instead, it starts with micro-segmenting between applications and extends that level of separation and obfuscation out to the device and cloud edges. Anything less is like a football player taking the field with full pads but no helmet. Most hits will be absorbed, but the ones that aren’t can be the most damaging.

World’s Largest Surveillance Camera Provider Awards Avaya Technology Partner of the Year

You need more than just sophisticated surveillance video cameras to catch it all. Although cameras are an important part of the equation, the quality of your surveillance video is only as good as the quality of the network infrastructure that it runs over.

Blurry video, lapses in video footage and delays in pulling up video footage: all of these major complications can result from a poor underlying network … and cause serious security lapses. According to a 2014 report from ZK Research, 70 percent of surveillance issues can be attributed to less than rock-solid network quality.

Axis Communications, the global leader in network video, recognizes the importance the network plays in delivering high-quality and secure surveillance. At its 10th annual Axis Connect & Converge Conference, Axis − the world’s No. 1 provider of surveillance cameras − named Avaya its 2015 Technology Partner of the Year.

Avaya offers a network optimized for video surveillance. Leveraging Fabric Connect, an Avaya network uses Shortest Path Bridging (SPB), which eliminates the need for multiple protocols and enables simple endpoint provisioning. This gives the network greater scalability, performance and simplicity than traditional IP network offerings, leading to more flexible and reliable support for Axis video surveillance cameras.

When a spotty network means spotty surveillance, customers look for reliability. An always-on network means safer hospitals, cities and even schools, such as in the case of joint Avaya and Axis customer Holland Hall. Due to increasing calls for safety for students and faculty, Holland Hall implemented a new video surveillance system with 50 Axis cameras and an Axis video management system (VMS), with the capacity to add more cameras as needed.

“We just dropped in our IP video surveillance system and it works without impacting our student network,” said Henry Finch, the school’s director of IT. “We can spin up whatever we need on the security side knowing we don’t need to wait until after school.”

To learn more about how video surveillance is made easy with Avaya, click here.