Friday, September 28, 2012

Managing devices locally for a greener network

Many network environments have redundant gear that is always powered-on just waiting to be needed. Day-in and day-out this gear hums along burning electricity without providing any service other than insurance. Chalk it up as a cost of providing 99.99%-plus uptime; redundancy is a fact of life. This practice is common in many offices and labs, but most striking in data centers, which use vast amounts of electricity despite utilization rates in the single digits to low teens. Its increasing prominence as an issue can be seen in this recent New York Times article.

Work on improving data center efficiency has typically been based on improvements in cooling or lower-power processors. More recently utilization improvements have been promised with virtualization and consolidation into clouds. But these efforts aren’t keeping pace with the voracious power needs of more and more data centers and the increasingly universal demand for 100% availability for all services. We expect to be able to click at Like button at any time of day as much as we expect our call to go through from one office to another during working hours. Saving our vacation photos to the cloud is treated as critically as accessing the SAS package that is the backbone of our business.

Why the reluctance to power down backup machines instead of running them constantly? Easy. It’s the long held fear that if you turn it off, it might not turn back on. And when you are talking about powering-down multiple devices, verifying that they came back on as expected would be a tedious task that might even wipe out the savings.

Using the power of local management to reduce power consumption
Local Management from Uplogix has the potential to solve some of the issues with powering-down devices when they aren’t needed. It addresses the key considerations that keep organizations from only using the computing power they really need, when they need it:
  1. Flipping the switch
    The key to local management is deploying an intelligent device (the Local Manager, or LM) that connects directly to managed devices the same way a technician would. This console connection is independent of the network and highly reliable. The other side of the equation is integration with a managed power source. The LM can issue proper shutdown commands to the device and instruct the power strip to turn off power. At this point, power use decreases, cooling requirements go down and the green savings start going up. When it’s time to power up the device, the LM flips the switch through the power strip, boots-up and begins monitoring the device.
     
  2. Confidence that devices will come back
    It’s the fear of failure that leads to never turning off devices. With Uplogix, the LM can verify device states and report into central monitoring tools showing exactly what’s going on in the operation. If a device does not boot up correctly, Uplogix can take automated steps right out of the run book to attempt a recovery without having to bring in a technician. Recovery techniques could range from clearing modules to ROMMON recovery, reinstalling the previous configuration to the old standby – turn it on and off again. The vast majority of issues are solved using the first basic steps in the run book. For those that aren’t, technicians will be notified of the situation, and they won’t have to start at square one because the first steps will have already been tried and failed.
     
  3. Automating the process
    One of the keys to making automation truly useful is to not have to think about turning it on and off. The flexibility of the Local Management platform allows for custom rules and monitoring, so users can configure actions to their own needs. Maybe it’s a matter of off-hours, or low-usage times, or maybe looking for a minimum amount of traffic to be used as a trigger for implementing a shut-down or conversely, a power-up process when usage increases.
Don’t wait for tomorrow, get greener today
One of the exciting things about this solution is that it’s available today using core functionality of the Local Management platform. One customer case study already demonstrating this functionality would be a network test lab at a major IT installation for one of the US Armed Services. They use Uplogix to create rules and implement actions that turn off network gear late every evening and bring power on and devices back up early the next morning. These devices are also reset to a baseline configuration each morning.

This application is really not that much different from a data center where they know their peak usage times, or a corporate cloud environment that might really only be accessed during working hours. Running every device flat out all the time doesn’t make sense. And when even a single data center can draw more power than a medium-size town, implementing a relatively simple solution like turning off a switch -- with confidence that you’ll be able to turn it back on -- could have a big impact.

Thursday, September 20, 2012

Satellites, networking and really big boats

The view this week at the Monaco Yacht Show.
Uplogix might have “cut its teeth” in maritime VSAT in the energy industry with deployments on drilling platforms from the North Sea to the Gulf of Mexico to the Niger River delta and on the support vessels servicing them, but the value we bring to the yachting market is fairly similar.

For luxury yachts and cruise ships, form may not always follow function, but today's vessels aim to provide the same connectivity that passengers are familiar with on shore. Always-on internet access through stabilized satellite antennas means that a yacht has many of the same networking devices and support headaches as a branch office with the added challenges of mobility across the 70% of the earth's surface covered by water.

What luxury yacht would be complete without
it's own submersible?
This week at the Monaco Yacht Show, Uplogix has been talking with yacht owners and technology vendors about the benefits of Local Management at sea. On many luxury yachts, access is very limited and tolerance of technical issues and downtime is even tighter. No one wants to cut a trip short for a service call, or settle for slow download speeds when they are equipped for higher bandwidth. And the chance that a vessel sales with a satellite and/or networking expert on board isn't likely.

Here are some reasons for a service provider to put Local Management into a luxury yacht today:

Lower Service Costs
Troubleshooting with VSAT users in the field is challenging and expensive. Often the only resource techs have to work with is from the users on the boat. If they are unable to fix the problem over the phone, an expensive site visit becomes necessary and downtime and missed SLA’s drag on. Uplogix reduces this pain and expense with:
  • Persistent access to remote gear
    • Secure access both in- and out-of-band
    • Reduce site visits with remote diagnostics and automated remediation
    • Use of direct-access device tools remotely over an out-of-band satellite connection
  • Local storage of config and OS files
    • Remotely upgrade gear with confidence
    • Commission new deployments more rapidly
    • Switch configurations without the need to upload over the network
      A different kind of tailgate party...
  • Troubleshoot more rapidly
    • Key parameters are converted to human-readable format
    • Device information is stored for forensic evaluation
Improve Service Levels
Customers expect their gear to work when they need it. Uplogix brings unprecedented functionality to help ensure you deliver.
  • Proactive alerting
    • Devices are monitored locally every 30 seconds without sending any traffic over the satellite link
    • Receive an email or text message when specific events occur
  • Service Level Verification
    • Local monitoring of dozens of quality metrics, including voice call quality, satellite signal verification
Advanced Antenna Automation
The tight integration between Uplogix and antennas makes it possible to automate functions like blockage zone detection and retargeting to a new satellite based on pre-set thresholds.

Don't have a yacht? No problem. We don't have one either. But we're excited that our gear is deployed on them and increasing network uptime while lowering support costs. For more information, check out some of the case studies on the Uplogix website.

Thursday, September 13, 2012

Protecting your network from insider threats

A recent government report analyzed 80 cases of computer-based fraud within the banking and finance sector. The findings include six common patterns and activities of the perpetrators as well as recommendations for organizations to protect themselves.

The report was sponsored by (we're not making this up) the Department of Homeland Security Science and Technology Directorate's Homeland Security Advanced Research Projects Agency Cyber Security Division. Wow. Also contributing was the US Secret Service and the CERT Insider Threat Center of Carnegie Mellon University. Of the 80 cases, 67 were insider fraud cases, and the remaining 13 were external to the organizations harmed.

FINDINGS
  1. Criminals who executed a "low and slow" approach accomplished more damage and escaped detection for longer
    • On average 5 years went by between a subject's hiring and the start of their fraud, with detection averaging almost 32 months before they were caught.
    • This is real money too -- cases less than 32 months averaged over $380,000 and longer cases averaged about $479,000.
  2. Insiders' means were not very technically sophisticated
    • Few of the subjects were in technical roles like a database administrator
    • In more than half the cases, the insider used some form of authorized, but often expired access
  3. Fraud by managers differs substantially from fraud by non-managers in damage and duration
    • Manager fraud caused nearly twice the economic damage and was took twice as long to detect
  4. Most cases do not involve collusion
    • Only 16% of fraud involved some type of collusion, and these subjects were mostly working with outsiders
  5. Most incidents were detected through an audit, customer complaint or coworker suspicion
    • Routine auditing caught 41%, with only 6% of cases involving detection by software and systems designed to detect fraudulent activity
  6. Personally identifiable information (PII) is a prominent target of those committing fraud
    • Roughly 1/3 of cases were targeting PII, with younger, non-managers generally being the ones committing this type of fraud

RECOMMENDATIONS

So, with the analysis of the types of fraud going on, what do they suggest to avoid it? They are really pretty basic, but the key is an effective implementation.

Behavioral and/or Business Process
  • Clearly document and consistently enforce policies and controls.
  • Institute periodic security awareness training for all employees.
Monitoring and Technical
  • Include unexplained financial gain in any periodic reinvestigations of employees.
  • Log, monitor, and audit employee online actions.
  • Pay special attention to those in special positions of trust and authority with relatively easy ability to perpetrate high value crimes (e.g., accountants and managers).
  • Restrict access to PII.
  • Develop an insider incident response plan to control the damage from malicious insider activity, assist in the investigative process, and incorporate lessons learned to continually improve the plan.
How can Uplogix help?

Uplogix local management enhances enterprise security by extending role based administrative access policies to network devices and by providing detailed auditing and reporting in support of attaining and demonstrating regulatory compliance. All of these capabilities are maintained even in the event of a network outage.

 By automating many routine network management actions, we ensure that your policies are followed to the letter, each and every time. No shortcuts because an admin is in a hurry to get to lunch, no sessions left open on a device.

See how this is working today in the financial industry in the Uplogix Global Financial Institution case study.

Best practices for connecting to machine-to-machine applications

Many M2M monitoring applications
run in remote locations on low power,
increasingly with a satellite or cellular
communications link.
An increasing number of IT applications are missing one key component: the user. From monitoring product distribution in the energy industry to autonomous machines that humans interact with daily like cash machines to healthcare devices that monitor themselves and "call-in" their own maintenance requests, one of the key components of many machine-to-machine (M2M) applications is communication.

While autonomous monitoring is useful, being able to transmit the data in real-time as well as provide remote control makes many M2M applications practical. A recent article in Utility Products magazine has a good list of best practices for using cellular communications for a two-way link to remote monitor and control devices.

Uplogix uses cellular communication as one option for out-of-band connections to our Local Managers (LMs). Cellular is increasingly cost-effective and available in many locations with the added benefit of not-needing to install or maintain local infrastructure.

The Uplogix Local Management platform is often used in M2M systems to provide management and control for a variety of sophisticated multi-component devices such as satellite communications systems (modems, dish controllers and networking gear), analog supervisory control and data acquisition systems (SCADA) and digital cellular connected devices in M2M solutions (e.g. ATMs, Intelligent Power Systems and M2M gateways themselves).

Many of the recommendations in the article for choosing cellular monitoring applications have similar applications to Local Management. This makes sense, because when you think about it, with its constant monitoring and reliable automation capabilities, Uplogix is a type of machine-to-machine application. With our automation, it's really Machine Management of Machine-to-Machine systems. (We're not so sure that M^32M will catch on as a shortcut though.)

We also have the benefit of being a human-to-machine application, providing an on-site "virtual toolbox" for experts offsite to access remote gear as if they were sitting in front of it and connecting directly with their laptop.

Some of the recommendations applicable to both cellular for M2M and Uplogix are:
  • The solution should be carrier-agnostic
    You don't want to have to manage different gear at every site. In the case of Uplogix, you can expand this to not wanting different M2M management solutions for each piece of gear. With our base-level serial connections to managed devices, Uplogix can monitor and take actions for almost any piece of gear.
  • It should provide advanced wireless device management capabilities beyond simply pushing out firmware or configuration changes
    Device management is a two-way street. You want to be able to command remote devices, as well as see the impact of those changes. Uplogix can not only push out changes, but it also saves previous states, monitors the success of changes, and can automatically roll back failed changes to ensure devices continue to work. These are events that previously would have required a site visit from a technician.
     
  • M2M gateways should include advanced tools to manage and monitor connected assets
    Uplogix uses its position at the edge of the network to do more than monitor devices. We're able to conduct quality testing from the viewpoint of the end user, in the M2M world, not a human user, but other devices. We can conduct synthetic calls from one site to another and measure over 40 different quality variables to isolate issues or indicate a problem, often before it becomes detrimental. In true M2M fashion, these tests can be automated, so that they occur more often than a human would want to conduct them, as well as accurately, and as a trigger for proactive actions.
For more information on the use of Local Management for device management and control of M2M systems as well as in more traditional networks, please visit our website.

Tuesday, September 11, 2012

Going beyond keeping the lights on: a case for local management

Federal IT spending for FY 2011 was an estimated $79.4 billion.
In a recent interview, Dave Powner, one of three IT directors for the US Government Accountability Office (GAO), said about $55 billion of the $80 billion spent on federal IT goes toward steady state systems, while $25 billion goes to new development. Of that $55 billion, Powner said there is opportunity for reduction in operations and maintenance.

At Uplogix, we couldn't agree more -- whether you are talking federal or corporate networks. For years, one of the standard industry stats has come from Gartner, stating that 60% of total worldwide IT expenditures goes into IT infrastructure and operations (I&O). Gartner goes on to present 10 suggestions for achieving 10% savings in a year and 25% savings in three years. The key actions in the list supported by Local Management from Uplogix are to "Consolidate I&O" and "Push Down IT Support" through network management automation.

Free up IT staff for innovation, not repetition
Gartners says that I&O accounts for about 50% of total IT headcount, with most involved in day-to-day and tactical operational processes. When it comes to managing networks, many of these talented professionals are spending their time on routine maintenance. While there are many competitors in the network management market, they rely on the network to perform their jobs. As a result, they are limited to monitoring, dashboarding and analysis. In short, they are useful tools for IT staff, but they don't actually DO any of the tasks because of the reliance on the network.

Another Gartner stat is that about 40% of network problems can't be addressed with in-band software tools.

With Local Management, select management functionality is moved to where it is needed most -- right where users and managed devices are -- on the other side of the WAN, satellite or cellular network or inside of a lights out data center.

This lets IT groups reduce management costs, maintain service levels and ensure secure management practices in the course of day-to-day operations. Uplogix provides the configuration, performance and security management automation functions that are best performed locally.

Virtualization savings = operations cost increases?
The widespread adoption of cloud and virtualized computing in the name of cost savings will have a profound effect on the network and on IT network operations groups. Customer expectations are changing. New requirements are emerging, service levels are becoming more stringent and some time tested strategies for managing costs and ensuring adequate service levels are being invalidated. Trying to use the same old network and network management strategies and tools without Local Management will cause virtualization and cloud initiatives to fail or to incur runaway costs.

In short, virtualization savings on the infrastructure side could simply shift costs over to operations through increased network complexity and the heightened service levels needed. Network management automation like Uplogix is needed to ensure that all devices (physical and virtual) are monitored in real-time with the ability to rapidly identify failures and issues, then automatically perform recovery actions.

Finding the ROI that the GAO is looking for
Obviously, when you are talking about $80 billion of federal IT spending, there is no single solution for savings. When you look at saving money on operations and maintenance, there is a spectrum of solutions to deploy across network applications as different as research labs and battlefields to congressional offices and public service organizations.

Understanding the business case for network support is based on a risk/return calculation that takes into account the cost of downtime compared to the mix of resources spent to avoid downtime. The following chart shows that how much you spend on your resource mix doesn’t always equate to the lowest risk.


For more information
Check out the Uplogix ROI Calculator online.  It has inputs for things like the number of sites and devices managed, the current costs of managing them (both scheduled and unscheduled), as well as sliders to adjust expectations for the value delivered by Uplogix.