Internet Protocol

NFV Orchestration Without Network Visibility: OS MANO Needs Operational Improvements

By Juha Holkkola

Open Source (OS) Management and Orchestrations (MANO) is a European Telecommunications Standards Institute (ETSI) initiative that aims to develop a Network Function Virtualization (NFV) MANO software stack, aligned with ETSI NFV. The main goal of MANO is to simplify the onboarding of virtual network components in telco cloud data centers. The initiative has gained impressive momentum among leading Communication Service Providers (CSPs) around the world as part of their NFV programs.

A major limitation of the initial MANO releases was that they only supported one data center. That of course is not acceptable for production NFV, because regulations alone require a distributed infrastructure to ensure service continuity. While there has been much debate as to why CSPs have been slow to roll out NFV into production, the limitations of the initial OS MANO releases have not come up that often.

In October 2016, the OS MANO community addressed the continuity issue with its new RELEASE ONE. More specifically, the latest version of the OS MANO allows the NFV infrastructure and, consequently, the Virtualized Network Functions (VNF) to be distributed across multiple sites. The new OS MANO functionalities making this possible include:

  • Multisite Support allowing a single OS MANO deployment to manage and orchestrate VNFs across multiple data centers.
  • Network Creation via Graphical User-Interface or automatically by a Service Orchestrator.
  • The ability to manage IP parameters such as security groups, IPv4 / IPv6 ranges, gateways, DNS, and other configurations for VNFs.

While these features enable centralized orchestration of highly available network fabrics that span across multiple data centers, the problem is that the OS MANO framework has no mechanism for managing these attributes properly. It is simply assumed that they will come from somewhere — either manually or magically appearing in the service orchestrator — which to me does not represent the level of rigor that is required when designing automated service architectures of tomorrow.

Since any workflow is only as efficient as its slowest phase, leaving undefined manual steps in the NFV orchestration process is likely to create multiple operational and scalability issues down the road. In the case of OS MANO RELEASE ONE, at least the following problems are easy to foresee:

  1. Agility. Automating the assignment of logical networks and IP parameters is mandatory to reap the full benefits of end-to-end service automation. Two possible approaches would be to either retrieve this information from a centralized network Configuration and Management Database (CMDB) by the Service Orchestrator, or alternatively by pushing the networks and IP parameters directly into their place. Either way, to ensure the integrity of the configured data and to automate this part of the workflow, the logical networks and IP parameters must be managed within a unified system.
  2. Manageability. As the NFV network fabrics span across multiple data centers, the CSPs running these environments need unified real-time visibility into all the tenant networks across all sites. As the multisite model in OS MANO assumes that each data center runs its own dedicated cloud stack for NFV-I, the unified visibility can only be achieved on a layer that sits atop the NFV-Is. Therefore, this is something that either OS MANO should do — or alternatively, there can be a separate layer for the authoritative management of all networks and IP parameters.
  3. Administrative Security. The problem with the current OS MANO framework is that it leaves the door open for engineers to manage the network assignments and IP parameters in any way they see fit. An ad hoc approach would typically involve a number of spreadsheets with configurations like security groups in them, which may be rather problematic from the security and regulation compliance perspective since it can easily lead to not having proper authorization and audit trail mechanisms in place.

In fairness to OS MANO, most CSPs still continue to mostly experiment with NFV. It is therefore likely that these operational issues are yet to surface in most telco cloud environments. That said, we have already seen these issues emerge at early NFV adopters, creating unnecessary bottlenecks when the NFV environment is handed over to operations. Therefore, my suggestion to the Open Source MANO community is to establish a best practice for addressing these issues before we reach a point at which they start slowing down the NFV production.

Written by Juha Holkkola, CEO of FusionLayer, Inc.

Follow CircleID on Twitter

More under: Access Providers, Broadband, Cloud Computing, Data Center, DNS, Internet Protocol, IP Addressing, IPv6, Mobile, Telecom

Read more here:: feeds.circleid.com/cid_sections/blogs?format=xml

Majority of Android VPNs can’t be trusted to make users more secure

By Dan Goodin

(credit: Ron Amadeo)

Over the past half-decade, a growing number of ordinary people have come to regard virtual private networking software as an essential protection against all-too-easy attacks that intercept sensitive data or inject malicious code into incoming traffic. Now, a comprehensive study of almost 300 VPN apps downloaded by millions of Android users from Google’s official Play Market finds that the vast majority of them can’t be fully trusted. Some of them don’t work at all.

According to a research paper that analyzed the source-code and network behavior of 283 VPN apps for Android:

  • 18 percent didn’t encrypt traffic at all, a failure that left users wide open to man-in-the-middle attacks when connected to Wi-Fi hotspots or other types of unsecured networks
  • 16 percent injected code into users’ Web traffic to accomplish a variety of objectives, such as image transcoding, which is often intended to make graphic files load more quickly. Two of the apps injected JavaScript code that delivered ads and tracked user behavior. JavaScript is a powerful programming language that can easily be used maliciously
  • 84 percent leaked traffic based on the next-generation IPv6 internet protocol, and 66 percent don’t stop the spilling of domain name system-related data, again leaving that data vulnerable to monitoring or manipulation
  • Of the 67 percent of VPN products that specifically listed enhanced privacy as a benefit, 75 percent of them used third-party tracking libraries to monitor users’ online activities. 82 percent required user permissions to sensitive resources such as user accounts and text messages
  • 38 percent contained code that was classified as malicious by VirusTotal, a Google-owned service that aggregates the scanning capabilities of more than 100 antivirus tools
  • Four of the apps installed digital certificates that caused the apps to intercept and decrypt transport layer security traffic sent between the phones and encrypted websites

The researchers—from Australia’s Commonwealth Scientific and Industrial Research Organization, the University of South Wales, and the University of California at Berkeley—wrote in their report:

Read 3 remaining paragraphs | Comments

Read more here:: feeds.arstechnica.com/arstechnica/index?format=xml

Building, Home Automation and Environmental Monitoring to See Earliest Adoption of IoT Technology

By IoT – Internet of Things

According to a new survey from CompuCom Systems, Inc. (“CompuCom”), a leading technology infrastructure services company, 31 percent of IT professionals predict the home/building automation and environmental monitoring market to see the earliest adoption of IoT technology. This is followed by infrastructure management (19 percent), medical/healthcare systems (19 percent), transport systems (12 percent), industrial applications (12 percent) and smart grids/large-scale deployments (seven percent). The online poll collected responses from 377 IT professionals across multiple industries from September 15 – November 8, 2016.

IoT refers to the rapidly expanding network of objects that have an Internet Protocol (IP) address – from home appliances to environmental monitors to manufacturing equipment – and the communication between these objects and other internet-enabled devices and systems. According to research firm Gartner, there will be almost 21 billion IoT devices in use by 2020, and more than half of major new business processes and systems will incorporate some element of IoT.

“IoT is quickly moving from conception to reality, with proven use cases that are disruptive for organizations across the globe,” noted Will Winn, Senior Vice President of IoT Solutions, CompuCom. “As organizations across a wide range of industries continue to recognize its potential, they’ll need expertise to address key IT issues such as security, integration and domain expertise managing business requirements.”

Respondents to the CompuCom poll answered the question, “Which sector do you think will see the earliest adoption of IoT?

Building/home automation and environmental monitoring – 31%
Infrastructure management – 19%
Medical/healthcare systems – 19%
Transport systems – 12%
Industrial applications – 12%
Smart Grids/large-scale deployments – 7%
Total votes: 377

CompuCom is accelerating its presence in the automation space, with the recent acquisition of the IoT business of Extensys, a top provider of IoT technology, and the integration of its core team. CompuCom also recently partnered with intelligent automation leader Arago to integrate Arago’s problem-solving artificial intelligence solution, HIRO, into all of CompuCom’s managed services solutions for the data center – enabling incidents to be diagnosed and remediated more quickly, efficiently and with greater certainty.

To find out more, please visit www.compucom.com.

The post Building, Home Automation and Environmental Monitoring to See Earliest Adoption of IoT Technology appeared first on IoT – Internet of Things.

Read more here:: iot.do/feed

2016 IEEE World Forum on IoT to Feature Keynotes by Vint Cerf, Geoff Mulligan, Pindar Wong, and Paul Mockapetris

By IoT – Internet of Things

IEEE, the world’s largest professional organization advancing technology for humanity, has announced that Vint Cerf, Paul Mockapetris, Geoff Mulligan, and Pindar Wong will keynote the 3rd annual IEEE World Forum on IoT. Early registration ends on November 22 for the WF-IoT held December 12-14, 2016, in Reston, Virginia, USA. This event’s theme is Smart Innovation for Vibrant Ecosystems.

The IEEE WF-IoT attracts hundreds of technologists from around the world to learn and collaborate on nurturing and cultivating IoT technologies and applications for the benefit of society. Sponsored by ARM, Comcast, DarkMatter, LoRa Alliance, the Nigerian Communications Commission, and others, this year’s event will feature more than 100 technical sessions, workshops, panels, and presentations, including keynotes from:

  • Vinton G. Cerf, Google Vice President and Chief Internet Evangelist and IEEE Fellow. Widely known as one of the “Fathers of the Internet,” Cerf is the codesigner of the TCP/IP protocols and the architecture of the Internet. His WF-IoT 2015 keynote, “IoT – The Internet Evolution,” explored topics such as how IoT requires fundamentally new approaches to interoperability and human-device interaction.
  • Geoff Mulligan, LoRA Alliance Chairman, IEEE WF-IoT 2016 Conference Chair, and IEEE Member. Previously Founder and Chairman of the Internet Protocol for Smart Objects (IPSO) Alliance, Mulligan was instrumental in the design of the IPv6 protocol and created 6LoWPAN.
  • Pindar Wong, VefiFi Chairman. A blockchain and Bitcoin pioneer, Wong co-founded Hong Kong’s first licensed ISP in 1993 and was ICANN’s first vice-chairman. His keynote will focus on “Calculating Consensus Reality for an Internet of Trust.”
  • Paul Mockapetris, Threatstop Chief Scientist and member, IEEE. Best known as the creator of the Domain Name System (DNS), Mockapetris also wrote the first implementation of SMTP, the Internet’s mail protocol. Mockapetris has served as chairs of an ICANN Strategic Panel and IETF, and is a member of the Internet Hall of Fame. In 2003, he received the IEEE Internet Award.

The IEEE WF-IoT program will cover a wide variety of topics, including protocols, security and privacy, design best practices, societal impacts, analytics and applications such as health care, automotive, and smart buildings.

“The 3rd annual IEEE World Forum on Internet of Things is an opportunity to learn from, and network with, the people are who are pioneering many of the ways that IoT will benefit societies,” Mulligan said. “The 100-plus presentations, panels, and workshops run the gamut from high-level tutorials to deep-dive technical discussions, providing actionable insights for every level of expertise and interest. This is a must-attend event for anyone who’s serious about using IoT to enable a better world for everyone, everywhere.”

To find out more please visit www.ieee.org.

The post 2016 IEEE World Forum on IoT to Feature Keynotes by Vint Cerf, Geoff Mulligan, Pindar Wong, and Paul Mockapetris appeared first on IoT – Internet of Things.

Read more here:: iot.do/feed

Thread Group aims its IoT mesh network at enterprises

By Stephen Lawson

The still-fragmented internet of things is slowly converging on protocols that may someday work in both homes and enterprises.

The latest move to standardize how IoT devices talk to each other is a push by the Thread Group into industrial and commercial systems. Its Thread protocol, with roots in Alphabet’s Nest division, defines a low-power wireless mesh network. The organization hopes Thread will bring systems with proprietary network technologies into the Internet Protocol world, letting companies leverage their existing IP skills and technologies.

To read this article in full or to leave a comment, please click here

Read more here:: www.networkworld.com/category/lan-wan/index.rss

Thread Group aims its IoT mesh network at enterprises

By Stephen Lawson

The still-fragmented internet of things is slowly converging on protocols that may someday work in both homes and enterprises.

The latest move to standardize how IoT devices talk to each other is a push by the Thread Group into industrial and commercial systems. Its Thread protocol, with roots in Alphabet’s Nest division, defines a low-power wireless mesh network. The organization hopes Thread will bring systems with proprietary network technologies into the Internet Protocol world, letting companies leverage their existing IP skills and technologies.

To read this article in full or to leave a comment, please click here

Read more here:: feeds.pcworld.com/pcworld/latestnews

Cisco says it’ll make IoT safe because it owns the network

By Stephen Lawson

Cisco Systems is making a play for the fundamental process of putting IoT devices online, promising greater ease of use and security as enterprises prepare to deploy potentially millions of connected objects.

Thanks to a dominant position in Internet Protocol networks, Cisco can do what no other company can: Change networks that were not designed for IoT in order to pave the way for a proliferation of devices, said Rowan Trollope, senior vice president and general manager of the IoT & Applications Group.

“The internet as we know it today, and the network that you operate, will not work for the internet of things,” Trollope said in a keynote presentation at the Cisco Partner Summit in San Francisco on Tuesday. “We can solve that problem because we own the network.”

To read this article in full or to leave a comment, please click here

Read more here:: feeds.pcworld.com/pcworld/latestnews

Cisco says it’ll make IoT safe because it owns the network

By Stephen Lawson

Cisco Systems is making a play for the fundamental process of putting IoT devices online, promising greater ease of use and security as enterprises prepare to deploy potentially millions of connected objects.

Thanks to a dominant position in Internet Protocol networks, Cisco can do what no other company can: Change networks that were not designed for IoT in order to pave the way for a proliferation of devices, said Rowan Trollope, senior vice president and general manager of the IoT & Applications Group.

“The internet as we know it today, and the network that you operate, will not work for the internet of things,” Trollope said in a keynote presentation at the Cisco Partner Summit in San Francisco on Tuesday. “We can solve that problem because we own the network.”

To read this article in full or to leave a comment, please click here

Read more here:: www.networkworld.com/category/lan-wan/index.rss

ICANN Meeting Survival Guide

Amrita Choudhury (left) and other ICANN meeting participants at ICANN55 in Marrakech.

As a three-time ICANN Fellow myself, the upcoming ICANN57 in Hyderabad, India will be the fourth ICANN Public Meeting that I’ve attended in person.

If ICANN57 is your first ICANN Meeting, I want to take this opportunity to give you a few pieces of advice:

  • First, make sure to attend the pre-ICANN webinar and the Newcomers Session. These will give you a quick crash course on key discussion topics and common acronyms used at ICANN Public Meetings.
  • Figure out what sessions you should attend by visiting the ICANN Information Booth. The staff at the booth can help you out with your queries about the meeting, especially on which sessions to attend and the location of each session.
  • Raise your questions at the ICANN Public Forum, as the ICANN Board members and community leaders will be there to answer your queries
  • And most importantly, bring a jacket and wear comfortable shoes – the rooms can get quite cold and you’ll be walking a lot!

While ICANN Meetings can be challenging to a newcomer, given the complexity of ICANN as an organization, attending and participating is a great way to learn and get involved. My first meeting experience was at ICANN41 in Singapore, where I attended as an ICANN Fellow. The meeting opened up the world of ICANN to me, and gave me an overview of the roles played by the different stakeholder groups within ICANN.

It was at my second meeting (ICANN42 in Dakar), where I also attended as an ICANN Fellow, that I got a better understanding of the common ICANN discussion topics, such as Internationalized Domain Names (IDNs), the New generic Top-Level Domains (gTLDs) Program and Internet Protocol version 6 (IPv6).

At my third ICANN Meeting (again, as an ICANN Fellow) at ICANN55 in Marrakech, I was already an experienced ICANN community member who follows ICANN updates closely. It provided me with the opportunity to catch up with old friends, exchange perspectives with community leaders and forge new relationships.

Attending the three meetings as an ICANN Fellow was an enlightening experience. I was given the opportunity to be part of the global community, to discuss issues related to the Internet world of names and numbers. It also encouraged me to become an ICANN Ambassador, which allows me to spread awareness about ICANN and Internet governance to the different stakeholders and communities in India. And along the way, I’ve made a lot of new friends.

I am looking forward to attending ICANN57 in Hyderabad, India, which is sure to be a memorable meeting. Not only because it is in my home country, India, but also because it is the first meeting since the expiration of the contract between ICANN and National Telecommunications and Information Administration (NTIA). Hyderabad is also a great travel destination, with many historical and cultural sites worth visiting. So do take some time to check them out.

96

Normal
0

false
false
false

EN-US
ZH-CN
X-NONE

/* Style Definitions */
table.MsoNormalTable
{mso-style-name:”Table Normal”;
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-priority:99;
mso-style-parent:””;
mso-padding-alt:0cm 5.4pt 0cm 5.4pt;
mso-para-margin:0cm;
mso-para-margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:12.0pt;
font-family:Calibri;
mso-ascii-font-family:Calibri;
mso-ascii-theme-font:minor-latin;
mso-hansi-font-family:Calibri;
mso-hansi-theme-font:minor-latin;}

I look forward to meeting you at ICANN57!

Read more here:: www.icann.org/news/blog.rss