From the blog.

Managing Digital Racket
The more I tune out, the less I miss it. But that has presented me with some complex choices for a nuanced approach to curb
Complexity – My Friend, My Enemy
Over my years of network engineering, I've learned that the fewer features you can implement while still achieving a business goal, the better. Why? Fewer

News Analysis: CloudGenix, LightCyber, VMware, Meru

1,062 Words. Plan about 7 minute(s) to read this.

This week, Greg and I decided to do a review of some of the briefings we received via an audio recording. We published the audio on the Packet Pushers Community Show feed, which you can subscribe to specifically on iTunes or access via the Packet Pushers Fat Pipe iTunes feed.

Here’s a summary of my take on these briefings.

CloudGenix

The SD-WAN space continues to swell with entrants. CloudGenix is selling a controller-based WAN overlay. The controller lives in the cloud, while x86 systems live in your data center and branch offices. The branch and DC systems are not virtual machines (unless I missed something), but are actual servers dedicated to run the CloudGenix software. Tunnels connect each CloudGenix endpoint to each other one, forming a mesh overlay (CloudGenix “ION Fabric”) on top of whatever physical WAN you’ve already got. The “SD” part is that the controller determines best path for a given application based on policy that’s placed into the system by the business.

There are a few primary benefits to SD-WAN as I see it.

  • Transport agnosticism. LTE, MPLS, Internet, or a mix of those – put whatever you like underneath the overlay. The controller sorts out what best path is at any given time.
  • Segmentation. Most SD-WAN solutions that I’ve been briefed on thus far offer segmentation, so that you can control what users are allowed to access from where.
  • Ease of management. WANs routing, especially when public and private paths are mixed, can be complex to administrate. SD-WAN solutions abstract the physical layer away, and handle packet forwarding without operator intervention. Note – this doesn’t mean that the underlying physical WAN doesn’t have to be managed anymore. It does. But like a data center overlay/underlay pairing, once the underlay is in place, the configuration should not require much tinkering. The tinkering can be pushed up into the overlay layer.
  • Analytics. SD-WAN solutions are in position to see all traffic traversing the WAN. To enforce policy, the SD-WAN endpoints need to be able to identify the traffic. Implicitly, there’s lots of valuable data there that can generate analytics for the business. How much data is traversing the WAN? What does that data look like? Which users from what locations are accessing application X? Etc. What is the actual application transaction time? (I.e. not just RTT between endpoints, but the amount of time it takes to complete all the steps of a complex transaction such as retrieving a web page.)

TL;DR – CloudGenix is a startup worth watching in the SD-WAN space. Definitely.

LightCyber

LightCyber is a security company that specializes in identifying machines that have been breached. The big idea is that IDS/IPS systems, malware detection engines, anti-virus suites, firewall policies, etc. will not prevent all attacks. Some bad stuff is going to make it through even the most well-crafted and maintained defense-in-depth strategy. On the assumption that a breach has happened, how do you find the breached machines so that the situation can be addressed? This is what LightCyber is all about.

LightCyber uses probes and detection engines to monitor network traffic via network taps or spans. Or via your visibility fabric, if you’ve got one of those. Then using a variety of detection techniques, the solution zooms in on systems in your network that are compromised. You get an alert that contains action items – stuff to go deal with – not an endless list of events that probably aren’t all that important in grand scheme of things.

For example, in the demo they showed me, a Windows machine was determined to be part of a command & control network and exfiltrating data (shipping private company information outside the company to some point on the Internet). Other items about the system were pointed out. The resulting data points to a problem (i.e. compromised system) and lists as much information as possible about the problem. LightCyber can take steps to contain the issue, but it won’t completely resolve the problem. That’s up to humans. But the point is that LightCyber is sending humans information about real problems. Not imagined threats or potential concerns. If LightCyber sends you an alert, there is definitely an issue to go fix, the way they pitch the product. They claim that rather than multiplied thousands of events logged like you get from the average IDS/IPS, you might get a half-dozen or fewer alerts in a day on a large network.

From my experience as a security practitioner, LightCyber sounds like something I would beg to have. Of course, I’m a healthy cynic. How well does it work, really? If it’s everything they say it is, that makes it quite valuable. Picking the signal from the noise is the bane of my security experience, usually only possible during a forensic investigation when I knew what I was looking for. I just had to find it. LightCyber finds the stuff you don’t know you’re looking for and brings it to your attention.

VMware

VMware announced all sorts of stuff around vSphere 6, SDDC, and other initiatives over the last few weeks. One of the news items I latched onto was the ability in vSphere 6 to do so-called long-distance vMotion, tolerating a latency of 100ms. I’m still looking for the use-case here. Other than doing a one-time whole DC migration, I’ve got nothing so far. Help me out with this. What’s your use case for moving VMs essentially cross-country? It’s a big undertaking with a lot of networking magic required to support it. And let’s not overlook the simple “speed of light” problem. Moving lots of data over a long distance will take time, due in part to lengthy acknowledgements. A vMotion runs over TCP/8000, so latency is going to matter. TCP is acknowledged.

I’m sure you’ll tell me what I’m missing about the usefulness of this particular capability.

Meru

Meru launched their Cloud XPress offering, which is a turnkey wireless solution for the SMB space that you can lease via subscription if you like. 802.11ac access points with 2×2 stream capability, and overall simple to install. This solution competes with Aerohive and Cisco Meraki. Meru claims fabulous performance from their APs. Certainly a solution worth investigating if you’re in the market for a straightforward wireless infrastructure. Just line your requirements up ahead of time and test the solution before committing.