We’re pleased to announce that GFI MAX was voted “Product of the Year” at the 2012 Network Buyers Group Gala Dinner and Awards. The award was accepted on behalf of GFI by Keri Fullwood.

“We’re very grateful to the Group for this award and we look forward to continuing to work closely with the Network Group in the years ahead to add further value to their MSP offerings through GFI MAX.” said, Jim Harrower, UK & Ireland Sales Manager for GFI MAX.

See what David Hay, Partner Development Manager for GFI MAX, has to say about the award in this short video.

We continuously develop technology in our products to meet our clients’ needs in the best way possible. Listening to our clients and understanding what they need is very important to us and to this end we have created a short survey on faxing.

Take a few minutes to tell us what you think about faxing and help us improve our offering. When you complete the survey, your details will be entered into a draw to win a GFI FaxMaker 50-user license!

Survey: http://www.surveymonkey.com/s/GFI-Fax

How does it work?

1. Click on the survey URL and tick your answers – this should only take a few minutes.
2. Once you complete the survey, you will be given the option to enter your name and email address – fill these in.
3. A draw will be held on Thursday, May 31, 2012. The selected winner will be contacted directly.*

Help us better understand your faxing needs – fill in our short survey now and enter the chance of winning a GFI FaxMaker 50-user licence now!

Competition Dates:

Monday, May 14, 2012 – Thursday, May 31, 2012.

* Terms and Conditions

• Only survey participants who complete the survey, and abiding by the Terms and Conditions, can enter the chance to win a GFI FaxMaker 50-user licence. Winners will be contacted via email.
• GFI Software employees and their families cannot take part in this competition.
• Winners will be notified via email after May 31, 2012. Failure to reply to our email notification within a week will be considered as not interested anymore and will reserve us the right to choose another winner.
• GFI is not responsible for the timeliness of the prize dispatch and will be sent once they are made available.
• Upon contacting the winner/s, if no reply is received within a week (7 days), GFI retains the right to choose another entry.
• Whilst GFI does its utmost to ensure that all prizes are delivered in a timely fashion the company does not retain responsibility for any prizes that are lost/stolen in the mail.
• GFI retains the right to cancel/change this or any promotion without notice.
• GFI’s decision is final and no correspondence will be entered into.
• Any incomplete or irrelevant entries, or entries that do not comply with these Terms and Conditions, will not be eligible to win.
• Prizes are as described and cannot be substituted for cash.

#infra2 #openflow #sdn #devops As cloud recedes, it reveals what it hid when the hype took it big: a focus on the network.

Like cloud two or three years ago, SDN and OpenFlow dominated the talk at Interop. During a show that’s (in theory at least) dedicated to networking, this should be no surprise.

Is it making networking sexy again? Yes, insomuch as we’re at least talking about networking again, which is about it considering that the network is an integral component of all the other technology and models that took the spotlight from it in the first place.

Considering recent commentary on SDN* and OpenFlow, it seems folks are still divided on OpenFlow and SDN and are trying to figure out where it fits – or if it fits – in modern data center architectures.

Of course, many of the problems that the SDN vendors state – VM mobility, the limited range of VLAN IDs, the inability to move L2/L3 networking among data centers and the inflexibility of current networking command and control -- are problems faced only by cloud providers and a handful of large, large companies with big, global data centers. In other words: a rather small number of customers.

I think Mike is pretty spot on with this prediction. Essentially, the majority of organizations will end up leveraging SDN for something more akin to network management in a hybrid network architecture, though not necessarily for the reasons he cites. It won’t necessarily be a lack of need, it’ll be a lack of need universally and the cost of such a massive disruption to the data center. 

With that in mind, we need to spend some time thinking about where SDN fits in the overall data center architecture. Routing and switching is only one part of the puzzle that is dynamic data centers, after all, and while its target problems include the dynamism inherent in on-demand provisioning of resources, alone it cannot solve this problem. Its current focus lies most often on solving how to get from point A to point B through the network when point B is a moving target – and doing so dynamically, to adjust flow in a way that’s optimal given … well, given basic networking principles like shortest path routing. Not that it will remain that way, mind you, but at the nonce that’s the way it is.

Greg Ferro sums up and explains in his typical straight-to-the-point manner the core concepts behind OpenFlow and SDN in a recent post.

OpenFlow defines a standard for sending flow rules to network devices so that the Control Plane can add them to the forwarding table for the Data Plane. These flow rules contains fields for elements such as source & destination MAC, Source & destination IP, source and destination TCP, VLAN, QoS and MPLS tags and more. The flow rules are then added to the existing forwarding table in the network device.

The forwarding table is what all routers and switches use to dispatch frame and packets to their egress ports.

OpenFlow value is realised in the Controller, and the most interesting changes are because the Controller will get new capabilities and truly granular control of the traffic flows.

Therefore, OpenFlow is neither routing or switching, it’s about forwarding.

This simple statement is central to the “big picture” when you step back and try to put SDN and OpenFlow into the perspective of where it fits in an existing, modern data center architecture because it’s designed to solve specific problems, not necessarily replace the entire network (if you’re starting from scratch, that’s likely a different story). It’s about forwarding and, in particular, it’s about forwarding in a dynamic, volatile environment such as exist in cloud computing models. Where SDN and OpenFlow appear to offer the most value to existing data centers with experiencing this problem is in the network pockets that must deal with the volatility inside the data center at the application infrastructure (server) tiers, where resource lifecycle management in large installations is likely to cause the most disruption.

The application delivery tier already includes the notion of separation of control from data plane. That’s the way it’s been for many years, though the terminology did not always exist to describe it as such. That separation has always been necessary to abstract the notion of an “application” or “service” from its implementation and allow for the implementation of reliability and availability strategies through technology like load balancing and failover to be transparent to the consumer. The end-point in the application delivery tier is static; it’s not rigid, but it is static because there’s no need for it to change dynamically. What was dynamic were the resources which have become even more dynamic today, specifically the resources that comprise the abstracted application: the various application instances (virtual machines) that make up the “application”. Elasticity is implemented in the application delivery tier, by seamlessly ensuring that consumers are able to access resources whether demand is high or low.

In modern data center models, the virtualization management systems – orchestration, automation, provisioning – are part of the equation, ensuring elasticity is possible by managing the capacity of resources in a manner commensurate with demand seen at the application delivery tier.

As resources in the application infrastructure tier are launched and shut down, as they move from physical location to physical location across the network, there is chaos. The diseconomy of scale that has long been mentioned in conjunction with virtualization and cloud computing happens here, inside the bowels of the data center. It is the network that connects the application delivery tier to the application infrastructure tier that is constantly in motion in large installations and private cloud computing environments, and it is here that SDN and OpenFlow show the most promise to achieve the operational efficiencies needed to contain costs and reduce potential errors due to overwhelmingly high volumes of changes in network configurations.

What’s missing is how that might happen. While the mechanisms and protocols used to update forwarding and routing tables on switches and routers is well-discussed, the impetus for such updates and changes is not. From where do such changes originate?

In a fully automated, self-aware data center (one that does not exist and may never do so) the mere act of provisioning a virtual machine (application) would trigger such changes. In more evolutionary data centers (which is more likely) such changes will be initiated due to provisioning system events, whether initiated automatically or at the behest of a user (in IT as a Service scenarios). Perhaps through data or options contained in existing network discovery protocols or through integration between the virtualization management systems and the SDN management plane. One of the core value propositions of SDN and OpenFlow being centralized control, one assumes that such functionality would be realized via integration between the two and not through modification and extension of existing protocols (although both methods would be capable, if we’re careful, of maintaining compatibility with non-SDN enabled networking components).

This is being referred to in some cases as the “northbound” API while the connectivity between the controller and the network components referred to as the “southbound” API.

OpenFlow, the southbound API between the controller and the switch, is getting most of the attention in the current SDN hype-fest, but the northbound API, between the controller and the data center automation system (orchestration) will yield the biggest impact for users. SDN has the potential to be extremely powerful because it provides a platform to develop new, higher level abstractions. The right abstraction can free operators from having to deal with layers of implementation detail that are not scaling well as networks increasingly need to support “Hyper-Scale” data centers. 

In this way, SDN and OpenFlow provide the means by which the diseconomy of scale and volatility inherent in cloud computing and optimized resource utilization models can be brought under control and even reversed.

Isn’t that the problem Infrastructure 2.0 has been, in part, trying to address? Early on we turned to a similar, centralized model in which IFMAP provided the controller necessary to manage changes in the underlying network. An SDN-OpenFlow based model simply replaces that central controller with another, and distributes the impact of the scale of change across all network devices by delegating responsibility for implementation to individual components upon an “event” that changes the network topology.

Dynamic infrastructure [aka Infrastructure 2.0] is an evolution of traditional network and application network solutions to be more adaptable, support integration with its environment and other foundational technologies, and to be aware of context (connectivity intelligence).

But all this is conjecture, at this point, with the only implementations truly out there still housed in academia. Whether it will make it into the data center depends on how disruptive and difficult it will be to integrate with existing network architectures. Because just like cloud, enterprises don’t rip and replace – they move cautiously in a desired direction. As in the case of cloud computing, strategies will likely revolve around hybrid architectures enabled by infrastructure integration and collaboration.

Which is what infrastructure 2.0 has been about from the beginning. 

* Everyone right now is fleshing out definitions of SDN and jockeying for position, each to their own benefit of course. How it plays out remains to be seen, but I’m guessing we’re going to see a cloud like evolution. In other words, chaos of definitions. I don’t have a clear one as of yet, so I’m content (for now) to take at face value the definition offered by ONS and pursue how – and where - that might benefit the enterprise. I don’t see that it has to be all or nothing, obviously.

Related blogs & articles:

• Searching for an SDN Definition: What Is Software-Defined Networking? 
• OpenFlow/Software-Defined Networking (SDN) 
• A change is blowing in from the North (-bound API) 
• Infrastructure 2.0 + Cloud + IT as a Service = An Architectural Parfait 
• Will DevOps Fork? 
• The World Doesn’t Care About APIs

Is your network data safe? Do you know if your network traffic is being tracked and recorded by malicious third parties? Most importantly, how would you know if your network is infected and what can you do to prevent it?

Network sniffing is one of the hardest to track and potentially dangerous forms of malicious attacks and cybercriminals use it to listen and record your network traffic – including your files. By unleashing their pack of digital bloodhounds into your system, hackers can cause untold breaches in your security and compromise your confidential data.

Our short video on network sniffing shows how this form of attack works and what is at risk when tracking technology is being used against you. Most importantly though, we show you a number of ways in which you can minimize your exposure to this type of attack, and shut down sniffers to keep your network secure.

If you want to learn how to protect yourself from networking sniffing, check out our video and let us know what you think about the topic.

We also cover a broad range of different IT related issues in our other videos, which are great for learning more about networking technologies. If you want to stay up-to-date on network security issues, then sign up to our RSS feed or email feed (on the right hand side) today and learn of the latest trends as and when they happen.

#F5TCP #interop You are now. Introducing the F5 Technical Certification Program.

Can you explain the role of the Cache-Control HTTP header? How about the operational flow of data during an SMTP authentication exchange? Are you well-versed in the anatomy of an SSL handshake and the implications of encrypting data as it flows across the network?

Can you explain the features and functionalities of protocols and technologies specific to the Transport layer?

If so, then you won’t need to study nearly as much as many of your compatriots when you take the test to become an F5 Certified™ professional.

F5 Certified™ individuals represent a new breed of technologist - capable of manipulating the entire application stack from the traditional networking knowledge all the way to advanced application-layer understanding with a unique capability to integrate the two. Never before has any company created a program designed to bridge these worlds; a capability critical to the increasingly mobile and cloud-based solutions being implemented around the world today.

The need has always existed, but with the increasing focus on the abstraction of infrastructure through cloud computing and virtualization the need is greater today than ever for basic application delivery skills. Consider that at the heart of the elasticity promised by cloud computing is load balancing, and yet there is no general course or certification program through which a basic understanding of the technology can be achieved. There are no university courses in application delivery, no well-defined learning paths for new hires, no standard skills assessments. Vendors traditionally provide training but it is focused on product, not technology or general knowledge, leaving employees with highly specific skills that are not necessarily transferrable. This makes the transition to cloud more difficult as organizations struggle with integrating disparate application delivery technologies to ensure an operationally consistent environment without compromising on security or performance.

The F5-TCP focuses on both basic application delivery knowledge as well as a learning path through its application delivery products.

Starting with a core foundation in application delivery fundamentals, F5 Certified™ individuals will be able to focus on specific application delivery tracks through a well-defined learning path that leads to application delivery mastery.

Fundamentals being what they are – fundamental – the first step is to build a strong foundation in the technologies required to deploy and manage application delivery regardless of vendor or environment. Understanding core concepts such as the entire OSI model – including the impact of transport and application layer protocols and technologies on the network – is an invaluable skill today given the increasing focus on these layers over others when moving to highly virtualized and cloud computing environments.

As technologies continue to put pressure on IT to integrate more devices, more applications, and more environments, the application delivery tier becomes more critical to the ability of organizations not just to successfully integrate the technology, but to manage it, secure it, and deliver it in an operationally efficient way. Doing that requires skills; skills that IT organizations often lack. With no strong foundation in how to leverage such technology, it makes sense that organizations are simply not seeing the benefits of application delivery they could if they were able to fully take advantage of it.

Application delivery solutions are often underutilized and not well-understood in many IT organizations. According to research by Gartner, up to three-quarters of IT organizations that have deployed advanced application delivery controllers (ADCs) use them only for basic load balancing. When faced with performance or availability challenges, these organizations often overlook the already-deployed ADC, because it was purchased to solve basic server load balancing and is typically controlled by the network operations team.

-- Gartner: Three Phases to Improve Application Delivery Teams 

F5 is excited to embark on this effort and provide not just a “BIG-IP” certification, but the fundamental skills and knowledge necessary for organizations to incorporate application delivery as a first class citizen in its data center architecture and fully realize the benefits of application delivery.

• F5 Certification Site
• More information on F5-TCP

• Back to Basics: Load balancing Virtualized Applications 
• WILS: WPO versus FEO 
• WILS: Content (Application) Switching is like VLANs for HTTP
• WILS: Layer 7 (Protocol) versus Layer 7 (Application)
• WILS: The Concise Guide to *-Load Balancing
• WILS: Network Load Balancing versus Application Load Balancing
• WILS: Application Acceleration versus Optimization 

Achieving comprehensive web security within the organization is not a trivial task. This is especially so for businesses with limited IT budgets, limited manpower, and other practical limitations. Having a good web security setup in place is a challenging feat by itself – besides all the other challenges that an IT administrator for a SMB (small and medium businesses) has to face on a daily basis. Here are the 10 main steps you need to take to achieve effective web security:

Rather than depending only on protection at the client-side web security should be handled at the edge/perimeter of the network (just like with your firewall). In this manner you are actually preventing anything malicious from reaching the endpoint – problems are tackled where any risk can be mitigated by keeping it segregated from the internal work.

One of the first steps to achieving web security is scanning of user downloads. The biggest security threat posed by browsing users is when infected files are downloaded to the network. So scan all downloads at the perimeter.

The principle of multiple layers applies to antivirus scanning. Rather than virus scanning using a single antivirus engine, a multiple engine approach is ideal. This is because any single engine can never realistically cover all threats so with multiple engines you can ensure greater coverage.This is not feasible at the endpoint for performance reasons but all downloads should be scanned at the perimeter by multiple different anti-virus engines.

Most users do not need to download and/or install files from the Internet. Allowing them access to download high risk files is an implicit security threat. Thus, as a proactive approach to web security, the IT administrator should actually implement policies which stop users from downloading these specific high risk file types.

Using a web categorization database it is important to block high risk websites and prevent access to potential threats posed by your users’ web usage.

A proactive approach to security would be to automatically block malicious websites – this ensures that users are stopped from accessing such websites in the first place rather than reacting to the malicious content (i.e. hoping the antivirus solution can detect the strain). This proactive approach nulls any risk that the specific website might present.

The costs of a successful phishing attack can be very high – with either direct financial loss (bank or credit card details), or data leakage (confidential information) which would have very large indirect costs. The implementation of an anti-phishing engine is therefore essential.

Allowing the uncontrolled use of IM (Instant Messaging) clients means introducing significant risk to the organization – and thus policies should be in place to ensure IM is only used if necessary and for reasons clearly outlined by a policy for IM use.

Despite the implementation of the above mechanisms, most of the above features rely on detection of an existing threat. Web Reputation is a prediction of the threat that a particular website might pose in the near future. The concept of reputation is that of analyzing a website to determine whether a specific site poses a potential security risk; if that would be the case, then it can be blocked before it actually becomes a threat.

Although systems can help mitigate risks, no security system is 100% safe and the responsibility of web security remains with the end user.
Educating users is paramount. The biggest risk to the organization or network is always the end user, so your strongest defense point is to educate them. Unless they understand that they need to be constantly wary when using the Internet, then they will always be a weak point. Users must have a basic understanding of the different types and methods of attack they could be exposed to whilst browsing. They need to learn to treat every link with suspicion, and be responsible for their actions rather than assuming it is solely the responsibility of the software and IT team to protect them. Tech-savvy users might also try to find ways to circumvent your web security measures, if they don’t realize that their actions could cause irreparable damage to the network and the organization.

Ultimately this is probably the toughest challenge; however the highest level of web security would have been reached if that hurdle is overcome.

With these ten steps in place, and using a web security solution that provides protection against all the above mentioned security risks at a low cost, your network can benefit from effective web security.

Now that you know what the steps are to gaining effective web security, watch our quick video which outlines five very good reasons to get down to it. It only takes one malicious link, infected download or data breach to compromise the security of your business. To help you get started, here’s some advice for you to share with your network users on five common online security traps.

Have a look at what GFI WebMonitor can do to improve your network web security system, or just download a free trial and give it a spin!

#cloud Whether it’s Hanlon or Occam or MacVittie, the razor often cuts both ways.

I am certainly not one to ignore the issue of complexity in architecture nor do I dismiss lightly the risk introduced by cloud computing through increased complexity. But I am one who will point out absurdity when I see it, and especially when that risk is unfairly attributed to technology.

Certainly the complexity introduced by attempts to integrate disparate environments, computing models, and networks will give rise to new challenges and introduce new risk. But we need to carefully consider whether the risk we discover is attributable to the technology or to simple failure by those implementing it.

Almost all of the concepts and architectures being “discovered” in conjunction with cloud computing are far from original. They are adaptations, evolutions, and maturation of existing technology and architectures. Thus, it is almost always the case that when a “risk” of cloud computing is discovered it is not peculiar to cloud computing at all, and thus likely has it roots in implementation not the technology. This is not to say there aren’t new challenges or risks associated with cloud computing, there are and will be cloud-specific risks that must be addressed (IP Identity Theft was heretofore unknown before the advent of cloud computing). But let’s not make mountains out of molehills by failing to recognize those “new” risks that actually aren’t “new” at all, but rather are simply being recognized by a wider audience due to the abundance of interest in cloud computing models.

For example, I found this article particularly apocalyptic with respect to cloud and complexity on the surface. Digging into the “simple scenario”, however, revealed that the meltdown referenced was nothing new, and certainly wasn’t a technological problem – it was another instance of lack of control, of governance, of oversight, and of communication. The risk is being attributed to technology, but is more than adequately explained by the failure of people.

The Hidden Risk of a Meltdown in the Cloud

Ford identifies a number of different possibilities. One example involves an application provider who bases its services in the cloud, such as a cloud -based advertising service.

He imagines a simple scenario in which the cloud operator distributes the service between two virtual servers, using a power balancing program to switch the load from one server to the other as conditions demand. 

However, the application provider may also have a load balancing program that distributes the customer load.

Now Ford imagines the scenario in which both load balancing programs operate with the same refresh period, say once a minute. When these periods coincide, the control loops start sending the load back and forth between the virtual servers in a positive feedback loop.

Could this happen? Yes. But consider for a moment how it could happen. I see three obvious possibilities:

1. IT has completely abdicated its responsibility to governing foundational infrastructure services like load balancing and allowed the business or developers to run amokwithout regard for existing services. 
2. IT has failed to communicate its overarching strategy and architecture with respect to high-availability and scale in inter-cloud scenarios to the rest of the IT organization, i.e. IT has failed to maintain control (governance) over infrastructure services.
3. The left hand of IT and the right hand of IT have been severed from the body of IT and geographically separated with no means to communicate. Furthermore, each hand of IT wholeheartedly believes that the other is incompetent and will fail to properly architect for high-availability and scalability, thus requiring each hand to implement such services as required to achieve high-availability.

While the third possibility might make a better “made for SyFy tech-horror” flick,  the reality is likely somewhere between 1 and 2. This particular scenario, and likely others, is not peculiar to cloud. The same lack of oversight in a traditional architecture could lead to the same catastrophic cascade described by Ford in the aforementioned article.

Given a load balancing service in the application delivery tier, and a cluster controller in the application infrastructure tier, the same cascading feedback loop could occur, causing a meltdown and inevitably downtime for the application in question.

Astute observers will conclude that an IT organization in which both a load balancing service and a cluster controller are used to scale the same application has bigger problems than duplicated services and a failed application.

This is not a failure of technology, nor is it caused by excessive complexity or lack of transparency within cloud computing environments.

It’s a failure to communicate, to control, to oversee the technical implementation of business requirements through architecture.

That’s a likely conclusion before we even start considering an inter-cloud model with two completely separate cloud providers sharing access to virtual servers deployed in one or the other – maybe both? Still, the same analysis applies – such an architecture would require willful configuration and knowledge of how to integrate the environments. Which ultimately means a failure on the part of people to communicate.

The real issue here is failure to oversee – control – the integration and use of cloud computing resources by the business and IT. There needs to be a roadmap that clearly articulates what services should be used and in what environments. There needs to be an understanding of who is responsible for what services, where they connect, with whom they share information, and by whom they will (and can be) accessed.

Maybe I’m just growing jaded – but we’ve seen this lack of roadmap and oversight before. Remember SOA? It ultimately failed to achieve the benefits promised not because the technology failed, but because the implementations were generally poorly architected and governed. A lack of oversight and planning meant duplicated services that undermined the success promised by pundits.

The same path lies ahead with cloud. Failure to plan and architect and clearly articulate proper usage and deployment of services will undoubtedly end with the same disillusioned dismissal of cloud as yet another over-hyped technology.

Like SOA, the reality of cloud is that you should never attribute to technology that which is explained by the failure of people.

Related blogs & articles:

• BFF: Complexity and Operational Risk 
• The Pythagorean Theorem of Operational Risk
• At the Intersection of Cloud and Control…
• What is a Strategic Point of Control Anyway?
• The Battle of Economy of Scale versus Control and Flexibility
• Hybrid Architectures Do Not Require Private Cloud 
• Control, choice, and cost: The Conflict in the Cloud
• Do you control your application network stack? You should.
• The Wisdom of Clouds: In Cloud Computing, a Good Network Gives You Control...

• Announcement - McAfee Has Acquired Insightix | McAfee