Enterasys revamps high-end Ethernet switch line

Enterasys this week is introducing a major upgrade to its Ethernet switch line in an effort to better serve converged networks, including those that are heavily virtualized.  The S-Series boasts an almost fourfold increase in switching capacity and a 10x increase in throughput over the predecessor N-Series, plus greater 10G port density. All that, plus efficient Power-over-Ethernet provisioning, should enable customers to better network VoIP, wireless LAN and assorted data center products, including those from Siemens Enterprise Communications Group, the outfit Enterasys merged with last year. In addition, the switches come with improved policy-based security features, a traditional Enterasys differentiator. The rollout also could catalyze Enterasys' share of the $19 billion Ethernet switching market, which has been essentially flat (Dell-Oro Group says the vendor's share was 1.3% in the third quarter of 2007 and 1.1% as recently as the second quarter of 2009). Analysts say it's about time Enterasys refreshed the top line.

For virtualized environments, the S-Series can be configured and policy-defined to identify virtual hosts supported by VMware, XenServer and HyperV hypervisors and assign ports, access controls and class of service parameters for each, Enterasys says. The N-Series is several years old, and though enhanced several times over that period, it still wasn't fully convergence capable. "They ran out of room on the backplane of the N," says Steve Schuchart of Current Analysis. "Different sheet metal is required – if you need S-Series capability, you need a new switch." The S-Series switching line is comprised of 1U, 3-slot, 4 -slot, and 8-slot chassis, depending on the application: a network edge access switch, distribution layer switch, a multi-terabit core router, or as a data center virtualization system. These policies can then follow the virtual server as it moves around the data center, the company says. Total switching capacity for the S-Series initially is 1.28Tbps and throughput measures 950Mpps, Enterasys says. For cloud computing, Enterasys says the S-Series can identify on-demand applications, automatically prioritize them based on user ID, and authorize and control network access.

The S-Series backplane, though, is designed to support greater than 6Tbps of capacity, the company says. The system is capable of 160Gbps per slot supporting up to 128 10G ports, 100 more than the N-Series. The N-Series topped out at 1.68Tbps and 94.5Mpps. This capacity also prepares the switch for 40/100Gbps Ethernet, expected next year. They include: • Automated provisioning of virtual and physical server connectivity; • A distributed switching and system management architecture; • Self-healing functionality, in which switching and routing applications are distributed across multiple modules in the event of a module failure; • Multiple discovery methods, such as Cisco Discovery Protocol and LLDP-MED, to identify and provision services to IP phones and wireless access points from major vendors; • And automatic upgrade, reload or rollback of firmware on each module. "One of the real potentials of the switch is that you're going to be able to put rules on there that go all the way down to Layer 7," says the telecom manager of a major American university, and a large Enterasys customer who asked not to be named. "That switch has a lot more capability when it comes to policy and rules." But a disadvantage, he says, is what Schuchart alluded to in "different sheet metal" - the S-Series modules will not work in the N-Series chassis.

The S-Series also includes many standard features that competitors might charge extra for. The S-Series also does not support virtual switching, or chassis "bonding," in which a user can combine switches into one to pool bandwidth to increase performance. The S-series is expected to compete squarely with the Catalyst 6500 and 4500s from Cisco – Enterasys claims the S-Series switches cost 20% less and are more than four times as power efficient as those products. It's akin to Cisco's Virtual Switching System 1440 capability for its Catalyst 6500 switches. The university customer says that chassis bonding feature may be added to the S-Series in a year or two.

But the code base for the switches remains the same, says the user, who adds that he expects to replace roughly half of his 127 N-Series switches with the S-Series over the next three years. "We're real excited about the product," he says. "We'd buy more if we could." Enterasys S-Series products are priced from $15,995. Enterasys is the network infrastructure division of Siemens Enterprise Communications Group.

Microsoft slates Office 2010 public beta for November

Microsoft will launch the public beta of Office 2010 next month, company CEO Steve Ballmer said on Monday. When pressed for details, a Microsoft spokeswoman said the company did not have a specific timeline beyond Ballmer's pinning the beta to next month. In a keynote that kicked off Microsoft's SharePoint Conference 2009 in Las Vegas, Ballmer announced that the public beta of Office 2010 will be made available in November.

So far, Microsoft has offered a preview of its next desktop suite only to a relatively small group of testers. Office Web Apps includes lightweight versions of Word, Excel and PowerPoint and will be made available to millions free of charge in the first half of next year, the only timetable Microsoft has set for Office 2010's ship date. It has also opened the online edition , Office Web Apps, to a similar preview. Anyone will be eligible to test drive the Office 2010 beta, said Microsoft today. Last summer, Microsoft said that it expected to distribute millions of copies of the Office 2010 public beta. However, the company declined to answer questions about whether the number of copies of the beta will be limited - as it tried to do with the Windows 7 beta earlier this year - or be available only for a limited time, as was the Windows 7 release candidate.

In April, Microsoft said that it would not offer users the chance to test Office 2010, as it had done with other editions, including Office 2007. The company quickly backtracked , saying that it had simply given "the wrong impression" about its plans. The latter move, Microsoft said in July 2006, was because "the beta 2 downloads have exceeded our goals," prompting it to "implement a cost-recovery measure." Microsoft may use a new technology, called Click-To-Run, that debuted in July with the Technical Preview, to deliver the beta of Office 2010. Click-To-Run "streams" pieces of the suite to users who begin a download, letting them start using the suite within minutes. Also unknown is whether Microsoft will charge users to download the beta, a tactic it used with the second beta of Office 2007, when it let customers try out the suite from within their browsers for free, but charged them $1.50 to download the preview. While users work with the suite, the remainder of the code is downloaded in the background. The company will also offer an advertising-supported version of Office 2010 to computer makers, who will install it on their new PCs as an alternative to the retired Microsoft Works.

Two weeks ago, Microsoft said it would use Click-To-Run to offer a limited-time trial of Office 2010 when the final bits ship next year. Dubbed Office Starter 2010, it will include scaled-back editions of Word 2010 and Excel 2010. An after-market "key," purchased either on a card at electronics retailers or online from Microsoft, will unlock the appropriate for-a-fee version, so that no additional software need be downloaded. Microsoft has not yet announced prices for Office 2010. Ballmer made the Office 2010 beta announcement at the same time he revealed some of the features of the upcoming enterprise SharePoint 2010 software. Customers will be able to upgrade from Starter to Office 2010 Home & Student, Home & Business or Professional. He said that a public beta of SharePoint 2010 would also be available to the public next month.

Gartner: Turn server heat up to 75

Data center managers should turn server temperatures up to 75 degrees Fahrenheit, and adopt more aggressive policies for IT energy measurement, Gartner says in a new report.  Five tools to prevent energy waste in the data center After conducting a Web-based survey of 130 infrastructure and operations managers, Gartner concluded that measurement and monitoring of data center energy use will remain immature through 2011. Only 7% of respondents said their top priorities include procurement of green products and pushing vendors to create more energy efficient technology. In a troubling sign, 48% of respondents have not yet considered metrics for energy management. In general, data center managers are not paying enough attention to measuring, monitoring and modeling of energy use. "Although the green IT and data center energy issue has been on the agenda for some time now, many managers feel that they have to deal with more immediate concerns before focusing attention on their suppliers' products," Rakesh Kumar, research vice president at Gartner, said in a news release. "In other words, even if more energy efficient servers or energy management tools were available, data center and IT managers are far more interested in internal projects like consolidation, rationalization and virtualization." About 63% of survey respondents expect to face data center capacity constraints in the next 18 months, and 15% said they are already using all available capacity and will have to build new data centers or refurbish existing ones within the next year.

Gartner issued four recommendations for improving energy management: • Raise the temperature at the server inlet point up to 71 to 75 degrees Fahrenheit (24 degrees Celsius), but use sensors to monitor potential hotspots. • Develop a dashboard of data center energy-efficient metrics that provides appropriate data to different levels of IT and financial management. • Use the SPECpower benchmark to evaluate the relative energy efficiency of servers. • Improve the use of the existing infrastructure through consolidation and virtualization before building out or buying new/additional data center floor space. CDW surveyed 752 IT pros in U.S. organizations for its 2009 Energy Efficient IT Report, finding that 59% are training employees to shut down equipment when they leave the office, and 46% have implemented or are implementing server virtualization. In addition to Gartner's report, a recent survey by CDW illustrates trends related to data center efficiency. The recession has helped convince IT organizations of the financial value of power-saving measures, with greater numbers implementing storage virtualization, and managing cable placement to keep under-floor cooling chambers open and thus reduce demand on cooling systems. Data center managers are finding it easier to identify energy efficient equipment because of the Environmental Protection Agency's new Energy Star program for servers.

CDW found that 43% of IT shops have implemented remote monitoring and management of their data centers, up from 29% the year before. But data centers are still missing many opportunities to save money on energy costs. "Energy reduction efforts are yielding significant results … Still, most are spending millions more on energy than necessary," CDW writes. "If the average organization surveyed were to take full advantage of energy-savings measures, IT professionals estimate they could save $1.5M annually." Follow Jon Brodkin on Twitter 

iPhone GPS app market heating up

The iPhone GPS app market unleashed by the release of the iPhone 3.0 software update is getting more interesting by the day, with several developers in an arms race to add new features to their initial offerings. My own in-car navigation box doesn't even speak street names (other than numbered freeways), and it sure makes a big difference. Taking the lead in the GPS app race is Navigon MobileNavigator, which recently added support for spoken street names-a major failing in the three apps that I previewed in a Macworld Video last month. Last week, I got to spend a little bit of time with Navigon's Johan-Till Broer, who showed me the next version of MobileNavigator, due as a free App Store update sometime in October.

The traffic update also does a better job of estimating the speeds of various roads without live traffic data. It adds live traffic to the party, downloading traffic updates over the digital cell network and rerouting you around slow spots. The end result should be that MobileNavigator will do a better job of suggesting the fastest route you should take to your destination, based on both current conditions and the time of day you're traveling. I've found Sygic Mobile Maps to be a solid app, although it feels more like a port of a standalone GPS device than a native iPhone app. Sygic, maker of the Sygic Mobile Maps GPS navigation app, recently updated its app to support spoken street names, as well as catching up with the other apps by integrating the addresses of the contacts in your iPhone's address book. However, you can't beat the price-Sygic is trying to drive sales of its updated app by reducing the price (temporarily, at least) to $40 for an app containing only United States maps and $60 for the app containing maps of all of North America.

TomTom's promised car kit for the iPhone, which promises a mount, speaker, and improved GPS reception, has yet to arrive here in the States. (Our friends at Macworld UK are reporting that the car kit is available for order on that side of the Atlantic, with shipping times listed as "two to three weeks.") As for the TomTom app, the company promises "several updates by the end of 2009," but hasn't given details. While Navigon and Sygic are not familiar names to most Americans, TomTom is a strong brand and its iPhone app has sparked a lot of interest, although the iTunes charts would suggest that it may have fallen behind Navigon in terms of sales. Presumably spoken street names and live traffic are high on the agenda. Look for a comprehensive comparison of iPhone GPS apps from Macworld in the near future. Reviewing these apps is hard, requiring a lot of driving (and a dedicated driver so the reviewer doesn't cause an accident!), and the features of the apps keep updating at a rapid pace.

In the meantime, check out my video above if you'd like to see the apps in action. From my perspective, right now Navigon MobileNavigator is the best choice available, but this game is far from over.

Dell-Perot Deal Spells Trouble for Tier-Two Outsourcers

The consolidating IT services market contracted a bit further on Monday with Dell's announcement that it will acquire Perot Systems for $3.9 billion. The fact that Dell paid nearly a 70 percent premium on Perot's stock price to seal the deal confirms "the value of integrating hardware and services for infrastructure management is clearly gaining momentum," says Peter Bendor-Samuel, CEO of outsourcing consultancy Everest Group, which counts both Perot and Dell among its clients. The Texas twosome can hardly match the scale of HP or IBM on the outsourcing front-Perot brings just $2.7 billion in services revenue to the table-but the matchup is clearly made in their image. It also suggests, he adds, that the size of outsourcing/hardware companies will continue to increase in importance.

But Dell, struggling as a hardware manufacturer at a time when infrastructure sales are slow, wants in on the outsourcing business, even if it takes several acquisitions to do it. "Perot's capabilities are focused on a few geographies and industries, which Dell will need to grow or complement with other acquisitions to attain greater scale to compete head-on with the likes of HP and IBM," says Bendor-Samuel. [ Related: Dell Perot Deal: Big Price Tag, Small Industry Impact and FAQ: What the Dell-Perot Merger Means for the IT Industry. ] Neither company is likely to be too worried about the competition at this point. While Perot operates in some high-interest industries-most notably healthcare and government services-its footprint remains relatively small. It's more likely that Dell-Perot will make inroads on smaller deals. "Dell and Perot Systems can exert pressure in this sector, and if played right, could see their market share increase in the midmarket in both products and services," says Stan Lepeak, managing director at outsourcing consultancy EquaTerra. India-based providers who've been attempting to ramp up their infrastructure offerings "must continue to find ways to grow and reach meaningful scale," says Bendor-Samuel. As such, it's the tier-two players that will be watching the Dell-Perot deal closely. Meanwhile, traditional IT services players who've yet to walk down the aisle with a hardware vendor-such as ACS, CSC and Unisys-may be wondering how wise it was to stay single. "They will be asking themselves how they can grow in the infrastructure space to meet the increased threat posed by the integrated hardware and services offerings of IBM, HP, and now Dell," Bendor-Samuel says.

While Dell may be eager to keep Perot clients-and their relatively healthy profit margins-existing customers should proceed with caution (See Five Steps to Take if Your Outsourcer is Sold.) Specifically, clients should assess any impact the deal has on non-Dell hardware options, Lepeak advises. As for integration issues, Dell and Perot may have an easier go of it than most. "Good cultural alignment, close physical proximity for key leaders, and the absence of an entrenched services business at Dell-together with the obvious convergence around the value of Perot as a hardware channel for Dell and Dell as a lead generator for Perot-should make integration much faster and less painful than is the norm for deals of this scale," says Mark Robinson, EquaTerra's chief operating officer. Those most worried about the Perot deal are Dell customers working with other outsourcers. "While growing the legacy Perot Systems' client base, Dell must use caution not to alienate hardware clients who are using other service providers for outsourcing services," says Lepeak.

You've got questions, Aardvark Mobile has answers

Aardvark has taken a different tack with search. And now the people behind Aardvark are bringing that same approach to the iPhone and iPod touch. The online service figures it's sometimes more productive to ask a question of an actual person-usually someone from within your social network-rather than brave the vagaries of a search engine and its sometimes irrelevant answers. Aardvark Mobile actually arrived in the App Store nearly a week ago.

Aardvark Mobile tackles the same problem as the Aardvark Web site-dealing with subjective searches where two people might type in the same keywords but be searching for two completely different things. "Search engines by design struggle with these types of queries," Aardvark CEO Max Ventilla said. But developer Vark.com waited until Tuesday to take the wraps off the mobile version of its social question-and-answer service. What Aardvark does is tap into your social networks and contacts on Facebook, Twitter, Gmail, and elsewhere to track down answers to questions that might otherwise flummox a search engine-things like "Where's a good place to eat in this neighborhood?" or "Where should I stay when I visit London?" With Aadvark's Web service, you'd send a message through your IM client to Aardvark; the service then figures out who in your network (and in their extended network) might be able to answer the question and asks them on your behalf. The majority of questions are answered in less than five minutes. Ventilla says that 90 percent of the questions asked via Aardvark get answered. The iPhone version of Aardvark works much the same way.

The service pings people for an answer, and sends you a push notification when there's a reply. Instead of an IM, you type a message directly into the app, tag it with the appropriate categories, and send it off to Aardvark. In previewing the app, I asked a question about affordable hotels in Central London-two responses came back within about three minutes from other Aardvark users. If you shake your mobile device when you're on the Answer tab, Aardvark Mobile looks up any unanswered questions that you may be able to provide a response for (while also producing a very alarming aardvark-like noise). "We think Aardvark is particularly well-suited to mobile, and especially the iPhone given how rich that platform is to develop for," Ventilla said. In addition to push notifications, Aardvark Mobile also taps into the iPhone's built-in location features to automatically detect your location-a feature that can help when you're asking about local hotspots. You don't have to already be using Aardvark's online service to take advantage of the mobile app.

Aardvark Mobile requires the iPhone OS 3.0. The free Aardvark Mobile app lets you set up a profile on your iPhone or iPod touch; Facebook Connect integration helps you instantly build up a network of friends who are also using the service.

IPv6: Not a Security Panacea

With only 10% of reserved IPv4 blocks remaining, the time to migrate to IPv6 will soon be upon us, yet the majority of stakeholders have yet to grasp the true security implications of this next generation protocol. While IPv6 provides enhancements like encryption, it was never designed to natively replace security at the IP layer. Many simply have deemed it an IP security savior without due consideration for its shortcomings.

The old notion that anything encrypted is secure doesn't stand much ground in today's Internet, considering the pace and sophistication in which encryptions are cracked. Unfortunately, IPsec, the IPv6 encryption standard, is viewed as the answer for all things encryption. For example, at the last Black Hat conference hacker Moxie Marlinspike revealed vulnerabilities that breaks SSL encryption and allows one to intercept traffic with a null-termination certificate. But it should be noted that:  IPsec "support" is mandatory in IPv6; usage is optional (reference RFC4301). There is a tremendous lack of IPsec traffic in the current IPv4 space due to scalability, interoperability, and transport issues. Many organizations believe that not deploying IPv6 shields them from IPv6 security vulnerabilities.

This will carry into the IPv6 space and the adoption of IPsec will be minimal. IPsec's ability to support multiple encryption algorithms greatly enhances the complexity of deploying it; a fact that is often overlooked. This is far from the truth and a major misconception. For starters, most new operating systems are being shipped with IPv6 enabled by default (a simple TCP/IP configuration check should reveal this). IPv4 based security appliances and network monitoring tools are not able to inspect nor block IPv6 based traffic. The likelihood that rogue IPv6 traffic is running on your network (from the desktop to the core) is increasingly high. The ability to tunnel IPv6 traffic over an IPv4 network using brokers without natively migrating to IPv6 is a great feature.

Which begs the question, why are so many users routing data across unknown and non-trusted IPv6 tunnel brokers? However, this same feature allows hackers to setup rogue IPv6 tunnels on non-IPv6 aware networks and carry malicious attacks at will. IPv6 tunneling should never be used for any sensitive traffic. By enabling the tunneling feature on the client (e.g. 6to4 on MAC, Teredo on Windows), you are exposing your network to open, non-authenticated, unencrypted, non-registered and remote worldwide IPv6 gateways. Whether it's patient data that transverses a healthcare WAN or Government connectivity to an IPv6 internet, tunneling should be avoided at all costs.

The rate at which users are experimenting with this feature and consequently exposing their networks to malicious gateways is alarming. The advanced network discovery feature of IPv6 allows Network Administrators to select the paths they can use to route packets. Is your security conscious head spinning yet? In theory, this is a great enhancement, however, from a Security perspective it becomes a problem. So where are the vendors that are supposed to protect us against these types of security flaws?

In the event that a local IPv6 Network is compromised, this feature will allow the attacker to trace and reach remote networks with little to no effort. The answer is, not very far along. Since there are no urgent mandates to migrate to IPv6, most are developing interoperability and compliance at the industry's pace. Like most of the industry, the vendors are still playing catch-up. So the question becomes: will the delay in IPv6 adoption give the hacker community a major advantage over industry?

As we gradually migrate to IPv6, the lack of interoperability and support at the application and appliance levels will expose loopholes. Absolutely! This will create a chaotic and reactive circle of patching, on-the-go updates and application revamp to combat attacks. There is more to IPv6 than just larger IP blocks. Regardless of your expertise in IPv4, treat your migration to IPv6 with the utmost sensitivity. The learning curve for IPv6 is extensive.

Many of the fundamental network principles like routing, DNS, QoS, Multicast and IP addressing will have to be revisited. People can't be patched as easily as Windows applications, thus staff training should start very early. Reliance on given IPv4 security features like spam control and DOS (denial of service) protection will be minimal in the IPv6 space as the Internet 'learns' and 'adjusts' to the newly allocated IP structure. Jaghori is the Chief Network & Security Architect at L-3 Communications EITS. He is a Cisco Internetwork Expert, Adjunct Professor and industry SME in IPv6, Ethical Hacking, Cloud Security and Linux. It's essential that your network security posture is of the utmost priority in the migration to IPv6. Stakeholders should take into account the many security challenges associated with IPv6 before deeming it a cure-all security solution.

Jaghori is presently authoring an IPv6 textbook and actively involved with next generation initiatives at the IEEE, IETF, and NIST. Contact him at ciscoworkz@gmail.com.