The Internet started as a government-funded military network but evolved into an open environment for the exchange of ideas, many of which were about how to make the Internet itself a better network. Various standards bodies and working groups gather together to codify the gathered intellect of all those involved and set the rules on how we proceed. Engineers at companies like Cisco, Juniper and Microsoft work together in these various forums because for a lot of this technology to work, everybody has to do it the same way. Commercial advantage is sacrificed ideally because of the shared vision of an internet for all, and in reality because companies understand that no network feature exclusive to one vendor will last long in the harsh light of the Internet.

There is, of course, an over-riding organisation: the Internet Engineering Task Force (IETF). This is the body that accepts and publishes proposals on new methods and approaches, even if they are not yet implemented in any real hardware. Many of these are adopted almost immediately and vendors build support for them in their software. Nobody sues anybody else, we all just kind of get on with it. You may not realise, but this was the starting point for technologies such as MPLS, Private IP addressing and SIP.

Of course there are times when something a bit more rigorous is needed, such as wireless networking standards, and these are handled by the relevant international standards body, usually the IEEE. The IEEE has one famous working group: “802.3″ – catch, huh? This group defines the physical and transmission standards for Ethernet and they are currently looking at a way to make 400gbps into a real world thing. Once it is done, it’ll pretty much be available for everyone to have a crack at. At no cost.

I would be foolish not to admit that patents do crop up as early developers license out their ideas but on the most part it is quite civilised in how it all works. For example, Xerox originally owned the Ethernet patent, but handed it over to 802.3 when they began to publish their work.

In short, in the technology world we have been given much for free, and when you realise how much is given to us by the propeller heads of the Internet, it makes the patent squabbles all look rather childish.

This blog first appeared in Comms Dealer magazine.

The post Playing with the grown ups… appeared first on Virtual 1.

Indeed one gang in China is so successful it has not only been named as one of the top threat’s by the USA, it is reputed to have prevented a multibillion acquisition by Coca Cola of a Chinese drinks manufacturer. Legitimate or not, that is quite some clout.

Worse still, the stories come at a time when businesses are becoming ever more culpable for not protecting their customer’s data properly – note the £250k fine handed out to Sony in the UK after their PlayStation Network was hacked and millions of users’ data was made available online. Whilst this has been one of the biggest fines, Sony has not been alone in being found culpable. And the fines aren’t down to simple non-compliance: if a business deemed to have been negligent with customer data, or with its own security – even within the boundaries of compliance – then the same fate applies.

Put bluntly, the message to businesses is clear: if your network is compromised, the fault is yours and you will be made to pay. Of course that is to say nothing of the damage to brand, customer confidence and potential sales that a highly publicised network breach can cause – let’s not forget that hackers are anything but modest about their achievements, even if fraud was not the prime motivator.

It is unsurprising then that poll after poll of CIOs and CTOs is revealing that network security and data protection are now one of the biggest concerns. Case in point, a recent a poll by TechTarget completed in January this year revealed that data protection is the top priority for more than 50% businesses in the UK. 2013 is the Year of Security.

Of course, the demands of network security have changed dramatically over the past 24 months. Not only has the number of remote workers seen a considerable rise, but those workers are often accessing the network through their own devices, such as smart phones or tablets, ie devices that the company does not own and therefore over which it has no control. At the same time businesses have begun a serious adoption of cloud-based services – both public and private – providing another new risk of compromise to be addressed.

So what does this mean for the Channel?

Well, I believe that these business woes are actually good news. Why? Because for those resellers in the Channel who are savvy enough, this network security issue opens up a whole new potential revenue stream, another value add product to help differentiate a proposition for prospects or to upsell to existing customers to help make them more ‘sticky’ – and, of course, more profitable.

But there is a danger here for the Channel too. We must not be naïve enough to think that the answer to all security concerns is to “plug a firewall in and hey presto!” As security risks have diversified, so there has been a corresponding diversification in the types of security products available to businesses to help them protect themselves. But selecting the right solution from the sheer breadth and depth of products available can be likened to negotiating minefield – something to be done very carefully and preferably by someone who knows that they are doing. And thus the second key opportunity for the Channel presents itself: businesses need a trusted partner to help them understand the new security landscape and the best solutions available for the specific security needs – and resellers are in an ideal position to fill this role.

A final point to consider is this: much of the time, security comes down to people, not devices. The hackers in China have seen success not because they are expert at breaking firewalls but because they use personal information gained through social media to create emails that look and feel authentic to the recipient – who then has no compunction about clicking the malware links contained within the email.

This means that – for all the products and solutions – effective security demands stringent adherence on the part of users to company policy and company culture surrounding the protection of data, which is best achieved through the education of employees as to the potential dangers.  All the security software in the world can be undone by a thoughtless click on a link – a fact of which your customers are all too aware.

This article first appeared in Comms Business.

The post Network security: new threats, new opportunities. appeared first on Virtual 1.

Twenty-odd years ago, you may be surprised to learn that the internet was not the cohesive organism it is today. Instead, it was formed of lots of pieces of network each using their own packet-switching methods and causing lots of headaches for engineers. Fortunately, those with impressive brains – and even more impressive foresight – realised the potential of the internet could never be reached with such a piecemeal approach.  So they gave themselves a couple of years to migrate everything over to one, universal protocol – TCP/IP – and the Internet was never the same again.

Twenty years on and we are in a similar situation, this time with IPv6. Now, you may consider that I am banging the drum a bit on this one (I am), but I can’t overstate the need, the urgency or the importance of migrating to IPv6.

In Asia, the old IPv4 addressing space has already run out and Europe isn’t far behind. Ok, we won’t run out this month, it may not even be this year, but the IPv4 supply is still plummeting.

Unlike the Y2K issues we had 13 years ago, there isn’t a fixed date in the calendar after which, it will all go away. Even if your provider has a large number of addresses (most of the big carriers have some surplus) the point is that other, Tier 2 service providers are running out. And that means their customers – like those businesses already facing this in Asia – will be on IPv6.  So if you want to access their businesses, guess what? You need to be on IPv6 too. It’s a domino effect.

We just have to face up to the fact that IPv6 isn’t knocking on the door. Instead it is inside your house, drinking your beer in the kitchen with its friends like Google, Facebook and Amazon. It isn’t going to leave, so you might as well go and have that conversation you have been avoiding.

This blog first appeared in Comms Dealer magazine.

IPv6 isn’t that scary, in fact it is time to join the party.

The post Time to join the IPv6 party! appeared first on Virtual 1.

The datacentre holds a great responsibility.

So it is important to remember that not all datacentres are equal. I had a conversation recently with a former colleague, now a Sales Director. He was querying a cost we had provided for some Co-location. “Yours is higher than my other quote” he said. This surprised me.

“Really? And we have quoted like-for-like?” I asked. “Yes” he said. Then added, with a look of triumph “And it’s a Tier 1 datacentre. Yours is only Tier 3”.

It is true to say that if something –or someone – is ranked at 1, it is generally agreed to be the best. The winner. Top dog. We see this universally, from sports through to politics through to music, even in our own industry where Tier 1 networks are deemed as having the best global coverage.

So it would be a fair and indeed natural assumption that the same applied in the world of datacentres. But of course, it doesn’t, else this would be a short article. In fact Tier 1, as I explained to my colleague, is the lowest Tier and Tier 4 is the highest.

The Tiering is designed as to cover a wide range of infrastructure issues, including:

• Power availability
• Cabling infrastructure diversity and management
• Cooling system redundancy
• Service Continuity
• Geographical environment
• Physical security measures

The aim is to assess the security and availability which a datacentre will offer for businesses’ data. A very brief overview, in the table below, gives an idea of what can be expected from each Tier

The idea is that resellers can assess which Tier of datacentre is going to provide and facilities and – most importantly – the availability appropriate to the needs of their client. Unfortunately the world of datacentres is a bit of a mess when it comes to applying this Tiering.

For a start, the criteria for these tiers isn’t based on just one standard, but is common to two: the Uptime Institute (TUI Tier Classification System) and the Telecommunications Industry Association standard TIA 942 ‘Telecommunications Infrastructure for Data Centers’.

Superficially, as the above table suggests, the standards appear to complement each other. Indeed, the TIA is very open about the fact that it drew heavily on the decade-old TUI standard when it created and released its own in 2005.  However, the TUI has not been so forthcoming; actually it has been especially vocal over the past two years that the standards are not the same, going so far as to describe them as “functionally disconnected” both in a press release and on their own website, and releasing a whitepaper ‘The Uptime Tier Classification System – Comparisons with TIA 942’.

So what is the difference?

Rather than of criteria, it is one of approach. The TIA is accredited by ANSI, an American Standards body, and is itself the US Telecoms Trade Association; unsurprisingly, this mindset is apparent in the very prescriptive approach it takes, looking for specific components, capabilities and infrastructure. Putting it bluntly, it is a checklist approach, the datacentre either has a component or it doesn’t.

The TUI on the other hand is a commercial organisation that prides itself on anticipating the needs of businesses. It looks at function and outcome, benchmarking on what the datacentre is able to deliver, rather than how. It has particular focus on evaluating datacentres by their capability to allow maintenance and to withstand a fault, which, it claims, means that datacentres they accredited are more likely to be able to deliver high availability.

In short, the standards are different, neither one endorses the other and accreditation at any level by one does not guarantee accreditation by the other at the same level. A prime example of this is the fact that whilst several companies in the UK assert they are Tier 4 accredited, the TUI only recognises one of those accreditations.

A further complication arises from the fact that many datacentres do not actually seek formal accreditation from either ANSI (adhering to TIA 942) or the Uptime Institute. There is in effect an accepted practice of declaring a datacentre that generally meets the high-level requirements for a given tier level, though without having pursued a formal recognition. This isn’t ideal but does at least allow for a rough categorisation by the end customer when choosing a facility.

So what is the lesson? Firstly, ensure you understand the needs of your customer and recommend a datacentre at the appropriate Tier to those needs. Tier 4 may be the highest tier but when you consider the difference between Tier 3 and Tier 4 comes down to 0.013% difference in availability, is this really necessary for your client?  You need ensure the investment is worthwhile for your customers.

Next, ensure you understand by whom the datacentre has been accredited. It may well make a difference to the way you approach building your solution. The TIA and the TUI websites both have detailed information about who is accredited, how and to what level. If your chosen datacentre isn’t formally accredited, be sure that the datacentre genuinely meets its tier criteria.

Finally, never take a datacentre on face value. Visit the datacentre and view its facilities – most datacentres probably straddle the line between tiers – especially true of Tiers 2 and 3. Speak to the people who are running and managing the datacentre, they will be in the best position to advise you on how effectively their datacentre can answer the needs of your customer.

This article first appeared in the February issue of Comms Business magazine.

The post Why no.1 isn’t always the best. appeared first on Virtual 1.

So what is Q-in-Q? Well the IETF (Internet Engineering Task Force – uh rah) refers to it as “IEEE 802.1ad” which just goes to show you that there’s still some imagination to naming things.  Q-in-Q is all about the VLANs, or more specifically it’s about two VLANs per connection: the inner VLAN and the outer VLAN.

When you buy an Ethernet access from tail provider X you have a variety of options for deploying services over it. You can use it as a single point to point connection from your location to the remote site but what if you want to put multiple services on the link – such as Internet and WAN? The easiest way is to split the Ethernet circuit up into virtual LAN connections each with its own IP address and interface on the customer’s router.

This is all well and good if you only have a few customers and you’re happy to provide multiple point to point circuits between your core network and the customer’s remote site, but what if you take hundreds or even thousands of connections into your core POPs? Well most tail providers will provide you with resilient aggregation circuits into their network, these circuits (typically 1Gb or 10Gb) are designed to carry several customer connections each so you may end up with one customer site in say Oxford entering the core network over the same bit of fibre as a completely different customer’s site in Cambridge.

How are these customers differentiated on this bit of fibre? That’s right, VLANs. The tail provider treats each customer connection as if it were a different service on the same bit of fibre. This naturally raises a problem: if the provider is using VLANs then what happens when the customer wants to use VLANs to provide multiple services?

In the old days network operators would ask the tail provider to add additional VLANs, this usually takes at least 5 days and depending on the provider can increase the monthly cost of the circuit not very flexible and not much fun for the accounts department.

Using Q-in-Q allows any VLANs the customer uses on the link to be added behind the provider VLAN; this means from the provider’s point of view they are providing a single connection to the exchange but from the network operator’s point of view there are multiple connections each of which they are free to turn up or tear down at a moment’s notice.

At Virtual1 we order all our circuits to be built this way, that way when you want to upgrade from a standard internet service to MPLS with Centralised Firewall and SIP we can switch these services on without the lengthy wait time or the associated cost. This is all about flexibility: it’s your circuit and we’ll build it your way.

The post Rich on… Q-in-Q appeared first on Virtual 1.

As is customary at this time of year, the great and good amongst our industry pundits are readily predicting trends for the 12 months ahead. Garner head up their list with mobile, cloud and the “Internet of Things” which is all very fashionable, will probably make some great headlines, and is frankly too vague to be of any use right now.

But peer a bit further down the list and you’ll start seeing the trends which are a lot more relevant for your customers – and a lot more imminent. Things like Analytics.

Businesses are existing – perhaps surviving would be a better word – in a time of extreme accounting and accountability, where everything comes under scrutiny and demands justification: your customers are not immune to this. As the cloud becomes a consolidated part of most businesses’ infrastructure, the need to underpin all the hype with some good, old-fashioned and very unsexy service performance analysis just can’t be over emphasised.

Monitoring is essential. Any cloud provider will happily tell you that the cloud is only ever as good as the connectivity between the customer and the service, so the ability to measure service performance is crucial. But monitoring can provide you and your customers with so much more – network trends, fraud alerts, the ability to proactively manage – not firefight – the network. And of course a decent monitoring solution will allow you to view your datacentre too, meaning you can analyse the performance of your entire estate – and give your customers the information and data they need to justify their investment to their own stakeholders.

And so we come back to resolutions. It is actually a centuries-old tradition, dating back to the Romans, who looked to Janus (after whom January is named) to help them make better decisions in the coming year. Janus, of course was the god with two faces, one looking to the past and one to the future, giving him full insight. With that in mind, perhaps choosing to undertake network monitoring is a fitting Resolution after all.

The post New Year Resolutions appeared first on Virtual 1.

But the truth is that the idea of convergence is still shining brightly as ever and it’s not the growth in SIP adoption, but instead the development of Clever Connectivity that is the cause. This is because the nature of has changed – it no longer means just voice and data over one network, it means everything – voice, WAN, internet, the lot – down a single pipe.

This will revolutionise the way in which networks are built – making them simpler to monitor and manage and significantly more cost effective to run. But of course there are cons as well. Like what happens if your network goes down. If everything is run over separate circuits then you might lose your internet, or your WAN, or your voice, but not all at the same time; if everything is converged, you risk a complete blackout.

And this is why the issue of resiliency has become so important.

A truly resilient network isn’t easy – or indeed cheap – to achieve but do it right and the results are genuinely seamless. Case in point, I rang a customer a couple of weeks ago. “I’m ringing to advise you that your network and phone lines have gone down.” “Have they?” he replied, “I hadn’t noticed.”

At Virtual1, we have seen significant growth in demand for fully resilient networks – and I am talking about the type that delivers 100% availability, under SLA, with no room for error. So, what are the rules for building a resilient network? It depends – as always – on the individual customer but here are some rules of thumb:

• The first rule, the most important, and the rule most frequently broken: don’t just replicate the circuits. This can be a fatal error – the same fault could take out both your primary network and your backup
• Insist on using different providers for each circuit, so that you don’t get caught if the provider has an issue with their network.  You should also insist on a stringent SLA from at least one of these providers
• Ensure your routers are configured correctly to improve failover from one circuit to another.
• Use different access technologies – such as a combination of Ethernet and EFM – as these will use equipment which is separate, even if it is in the same exchange. In fact, EFM has an added advantage: it is built using multiple copper pairs between the NTEs and the Exchange – should one pair fail it will cause an outage, but if that pair is then unplugged, service will resume but at a slower speed.
• Ensure that your back up circuits will be able to cope with the demands placed on the network. For example, if you are expecting to run voice over your back up network, you must use EFM or Ethernet circuits – DSL won’t be able to cope.

Another point worth mentioning is that the issues of network resiliency, uptime and downtime have become perhaps inextricably entwined with datacentre availability – chiefly because of businesses migrating many of their mission critical applications to private clouds. If that is the case, you should also consider the following:

• Ensure your chosen datacentre is connected with multiple Tier 1 providers, so that if one provider has an issue, you can still access your cloud/data via another provider
• You should also ensure that the datacentre has diverse network connectivity – ie that the fibre access to the building is separate for each provider
• Be very clear about what your supplier SLAs refer to. As a general rule, network SLAs will only refer to the network connectivity, whilst datacentre SLAs will refer to the datacentre as a whole including connectivity in and out of the building. However this is not set in stone – some SLAs may only refer to the actual datacentre – referencing power, environmental controls etc – but not the network itself. Make sure the whole of your solution is covered to the level your customers need.

Follow these rules and, with a bit of decent planning you’ll find that, in the best of British spirit, your customers will be able to carry on, regardless…

This article first appeared in Comms Business online magazine Janaury 2013.

The post Carry on, regardless… appeared first on Virtual 1.

Well, all I can promise is that I’ll do my very best not to break the unwritten rules of tradition and to that end I’m going to wheel out the Olympics in the form of these two chaps.

What you can see here is that there is simply too much athlete to fit through the available doorway.

Happily this puts me in mind of Quality of Service (or QOS for short) and I think keeps me well within the bounds of tradition.

QOS is something that we engineers spend a lot of time contemplating and building on our core and customer networks. It’s designed to prioritise one type of traffic over another and the most common use is to ensure applications like voice and video take priority over emails and web browsing. Why? Because voice and video are very latency and loss-sensitive:  all packets must arrive in a timely fashion, in the right order and without any delay or loss, or the communication will breakdown.

If it takes too long for packets to get from one phone to the other then conversations can fall apart and before you know it everyone has to suffix each sentence with “over”, over.

If some of the packets get lost or arrive out of order then our voice breaks up or starts sounding like a voice synthesiser as the phone desperately tries to work out what the packet should have looked like and come up with its own. Bzzzzzz.

So how does QOS help? QOS is – in its most basic form – a series of queues that are applied to both ends of the circuits which look at the traffic flowing through the pipe. In periods of congestion, it will queue up less important or latency tolerant traffic while allowing the higher priority or sensitive traffic first. This means that it may take a few more milliseconds for your webpage to load or your e-mail to arrive but you won’t notice because you’re currently on the phone to Bob from order admin about that massive deal you’ve just won.

Setting up QOS is often considered a bit of a dark art and to some extent it is, I’m afraid I cannot debunk a rumour that is largely true. There are a variety of “auto QOS” offerings out there and they do a reasonable job but they kind of miss the point, or the real benefit of QOS,  which is that you can choose which programmes have priority over each other, in order to give priority to the applications which are the most important to your/your customers’ business. So to make QOS really work for you and keep your customers happy, you need to work with both the end customer to understand their requirements and the provider to ensure they tailor their QOS offering to the customer’s traffic profile.

Over and out.

The post Rich on… QoS appeared first on Virtual 1.