Tag Archives: introduced

WPA3 Wi-Fi protocol aims to improve security in 2018

The Wi-Fi Alliance introduced the next generation of Wi-Fi Protected Access — WPA3 — which aims to improve password security as well as security for IoT devices.

The industry will begin rolling out the WPA3 Wi-Fi protocol in products in 2018 and replace WPA2, meaning vendors will have to follow the security standard in order to carry the “Wi-Fi Certified” branding.

In an official announcement from CES in Las Vegas, the Wi-Fi Alliance noted that the WPA3 Wi-Fi protocol will include “four new capabilities for personal and enterprise Wi-Fi networks.”

“Two of the features will deliver robust protections even when users choose passwords that fall short of typical complexity recommendations, and will simplify the process of configuring security for devices that have limited or no display interface. Another feature will strengthen user privacy in open networks through individualized data encryption,” the Wi-Fi Alliance wrote. “Finally, a 192-bit security suite, aligned with the Commercial National Security Algorithm (CNSA) Suite from the Committee on National Security Systems, will further protect Wi-Fi networks with higher security requirements such as government, defense, and industrial.”

According to Mathy Vanhoef, a network security and applied cryptography post-doctoral candidate and one of the researchers behind the WPA2 KRACK vulnerability which took advantage of the WPA2 four-way handshake network connection process to produce a man-in-the-middle exploit. WPA3 implements a more secure handshake that should help prevent brute force password attacks.

Marc Bevand, former security engineer at Google, described in a Hacker News forum post how this type of password authenticated key exchange (PAKE) can prevent attacks online and off.

“[Offline, an attacker] can try to decrypt the packet with candidate passwords, but he does not know when he guesses the right one, because a successful decryption will reveal [values that] are indistinguishable from random data. And even if he guessed right, he would obtain [public keys], but would not be able to decrypt any further communications as the use of Diffie-Hellman makes it impossible to calculate the encryption key,” Bevand wrote. “[Online,] if he actively [man-in-the-middles] the connection and pretends to be the legitimate server, he can send his own [key and password] to the client using one guessed candidate password. If he guessed wrong … each authentication attempt gives him only one chance to test one password. If, out of frustration, the client tries to retype the password and re-auth three times, then the attacker can at most try to guess three candidate passwords. He can’t brute force many passwords.”

Additionally, experts noted that the WPA3 Wi-Fi protocol improvements to “configuring security for devices that have limited or no display interface” could help improve security on IoT devices, but not all experts, like Tom Van de Wiele, principal cyber security consultant and red-teamer at F-Secure, were optimistic about the possibility.

Intelligent Communications takes the next step with calling in Teams

In September, we introduced a new vision for intelligent communications including plans to evolve Microsoft Teams into the primary client for calling and meetings in Office 365. As part of this, we are bringing comprehensive calling and meetings capabilities into Microsoft Teams, along with data and insights from the Microsoft Graph, and a strong roadmap of innovation to empower teams to achieve more.

  Easily view your calling historyToday we are releasing new calling capabilities in Teams, providing full featured dialing capabilities, complete with call history, hold/resume, speed dial, transfer, forwarding, caller ID masking, extension dialing, multi-call handling, simultaneous ringing, voicemail, and text telephone (TTY) support. You can expect this to roll out over the next few hours and should come soon to your tenant.

To add calling in Teams for your users, the first thing you need is Phone System (formerly Cloud PBX), which is included with Office 365 E5 and available as an add-on to other Office 365 plans. From there, you can subscribe to a Calling Plan (formerly known as PSTN Calling) for any number of users in your organization.

Together, a Calling Plan and Phone System in Office 365 create a phone system for your organization, giving each user a primary phone number and letting them make and receive phone calls to and from outside of your organization. This solution also allows your organization to shift away from expensive telephony hardware and simplifying by centralizing the management of your phone system.

With the addition of calling, Teams is an even more robust hub for teamwork — the single place for your content, contacts and communications including chat, meetings and calling in a modern, collaboration experience.

Getting started with calling in Teams
To get started with calling in Teams, please review our quick start guide. You can learn more about geographic availability of Calling Plans here.  We also invite you to join us live December 18, at 9 AM PDT on Teams On Air to hear guest Marc Pottier, Principal Program Manager discuss and demo calling plans in Microsoft Teams in more detail.

Device Naming for Network Adapters in Hyper-V 2016

Not all of the features introduced with Hyper-V 2016 made a splash. One of the less-published improvements allows you to determine a virtual network adapter’s name from within the guest operating system. I don’t even see it in any official documentation, so I don’t know what to officially call it. The related settings use the term “device naming”, so we’ll call it that. Let’s see how to put it to use.

Requirements for Device Naming for Network Adapters in Hyper-V 2016

For this feature to work, you need:

  • 2016-level hypervisor: Hyper-V Server, Windows Server, Windows 10
  • Generation 2 virtual machine
  • Virtual machine with a configuration version of at least 6.2
  • Windows Server 2016 or Windows 10 guest

What is Device Naming for Hyper-V Virtual Network Adapters?

You may already be familiar with a technology called “Consistent Device Naming”. If you were hoping to use that with your virtual machines, sorry! The device naming feature utilized by Hyper-V is not the same thing. I don’t know for sure, but I’m guessing that the Hyper-V Integration Services enable this feature.

Basically, if you were expecting to see something different in the Network and Sharing Center, it won’t happen:

harn_nscenterNor in Get-NetAdapter:

harn_getnetadapter

In contrast, a physical system employing Consistent Device Naming would have automatically named the network adapters in some fashion that reflected their physical installation. For example, “SLOT 4 Port 1” would be the name of the first port of a multi-port adapter installed in the fourth PCIe slot. It may not always be easy to determine how the manufacturers numbered their slots and ports, but it helps more than “Ethernet 5”.

Anyway, you don’t get that out of Hyper-V’s device naming feature. Instead, it shows up as an advanced feature. You can see that in several ways. First, I’ll show you how to set the value.

Setting Hyper-V’s Network Device Name in PowerShell

From the management operating system or a remote PowerShell session opened to the management operating system, use Set-VMNetworkAdapter:

This enables device naming for all of the virtual adapters connected to the virtual machine named sv16g2.

If you try to enable it for a generation 1 virtual machine, you get a clear error (although sometimes it inexplicably complains about the DVD drive, but eventually it gets where it’s going):

The cmdlet doesn’t know if the guest operating system supports this feature (or even if the virtual machine has an installed operating system).

If you don’t want the default “Virtual Network Adapter” name, then you can set the name at the same time that you enable the feature:

These cmdlets all accept pipeline information as well as a number of other parameters. You can review the TechNet article that I linked in the beginning of this section. I also have some other usage examples on our omnibus networking article.

Reminder: PowerShell is the only way to set the name of a Hyper-V virtual network adapter.

Note: You must reboot the guest operating system for it to reflect the change.

Setting Hyper-V’s Network Device Name in the GUI

You can use Hyper-V Manager or Failover Cluster Manager to enable this feature. Just look at the bottom of the Advanced Features sub-tab of the network adapter’s tab. Check the Enable device naming box. If that box does not appear, you are viewing a generation 1 virtual machine.

ndn_gui

Reminder: PowerShell is the only way to set the name of a Hyper-V virtual network adapter. See the preceding section for instructions.

Note: You must reboot the guest operating system for it to reflect the change.

Viewing Hyper-V’s Network Device Name in the Guest GUI

This will only work in Windows 10/Windows Server 2016 (GUI) guests. The screenshots in this section were taken from a system that still had the default name of Network Adapter.

  1. Start in the Network Connections window. Right-click on the adapter and choose Properties:
    ndn_netadvprops
  2. When the Ethernet # Properties dialog appears, click Configure:
    ndn_netpropsconfbutton
  3. On the Microsoft Hyper-V Network Adapter Properties dialog, switch to the Advanced tab. You’re looking for the Hyper-V Network Adapter Name property. The Value holds the name that Hyper-V holds for the adapter:
    ndn_display

If the Value field is empty, then the feature is not enabled for that adapter or you have not rebooted since enabling it. If the Hyper-V Network Adapter Name property does not exist, then you are using a down-level guest operating system or a generation 1 VM.

Viewing Hyper-V’s Network Device Name in the Guest with PowerShell

As you saw in the preceding section, this field appears with the adapter’s advanced settings. Therefore, you can view it with the Get-NetAdapterAdvancedProperty cmdlet. To see all of the settings for all adapters, use that cmdlet by itself.

ndn_psall

Tab completion doesn’t work for the names, so drilling down just to that item can be a bit of a chore. The long way:

Slightly shorter way:

One of many not future-proofed-but-works-today way:

For automation purposes, you need to query the DisplayValue or the RegistryValue property. I prefer the DisplayValue. It is represented as a standard System.String. The RegistryValue is represented as a System.Array of System.String (or, String[]). It will never contain more than one entry, so dealing with the array is just an extra annoyance.

To pull that field, you could use select (an alias for Select-Object), but I wouldn’t:

ndn_psselectobject

I don’t like select in automation because it creates a custom object. Once you have that object, you then need to take an extra step to extract the value of that custom object. The reason that you used select in the first place was to extract the value. select basically causes you to do double work.

So, instead, I recommend the more .Net way of using a dot selector:

You can store the output of that line directly into a variable that will be created as a System.String type that you can immediately use anywhere that will accept a String:

Notice that I injected the Name property with a value of Ethernet. I didn’t need to do that. I did it to ensure that I only get a single response. Of course, it would fail if the VM didn’t have an adapter named Ethernet. I’m just trying to give you some ideas for your own automation tasks.

Viewing Hyper-V’s Network Device Name in the Guest with Regedit

All of the network adapters’ configurations live in the registry. It’s not exactly easy to find, though. Navigate to HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlClass{4d36e972-e325-11ce-bfc1-08002be10318}. Not sure if it’s a good thing or a bad thing, but I can identify that key on sight now. Expand that out, and you’ll find several subkeys with four-digit names. They’ll start at 0000 and count upward. One of them corresponds to the virtual network adapter. The one that you’re looking for will have a KVP named HyperVNetworkAdapterName. Its value will be what you came to see. If you want further confirmation, there will also be KVP named DriverDesc with a value of Microsoft Hyper-V Network Adapter (and possibly a number, if it’s not the first).

Barefoot Tofino chip tapped for Deep Insight network monitor

Barefoot Networks has introduced software that pinpoints anomalies in network traffic at the packet level. The new product, called Deep Insight, works on Ethernet switches powered by Barefoot Tofino, a programmable chip for the data center.

The software, unveiled this week, provides graphical reporting on network abnormalities, such as dropped packets and microbursts. The latter refers to traffic congestion that lasts for microseconds in a switch. Such delays are a problem, for example, in high-speed transactions performed by financial applications.

To use the software, network operators must first program each Barefoot Tofino chip to add to packets metadata that could include arrival time, matched rules, queue delay and switch identity. Engineers program the silicon using P4, an open source language that directs network devices on how to process packets.

Network managers choose the metadata each switch adds to packets as they travel to the application. The last switch collects the metadata and sends the package to Deep Insight, which runs on a commodity server.

The software establishes a baseline for network operations, so it can identify anomalies and display the details to network operators. To reduce the amount of unnecessary information, engineers choose the application traffic the software will analyze.

Deep Insight data drawn from Barefoot Tofino

The information Deep Insight provides includes the path taken by a packet, the rules it followed along the route, the amount of time it queued at each switch and the other packets with which it shared the queues.

Barefoot plans to eventually extend Deep Insight to open source virtual switches built on specifications developed by the Open vSwitch Project and network interface cards that support the P4 language. The company did not provide a timetable for the support.

Barefoot Tofino, which processes packets at 6.5 Tbps, is marketed as an alternative to fixed-function application-specific integrated circuits. Tofino appeals to large data centers, cloud and communication service providers, and white box switch makers that incorporate the technology into their product lines, analysts said. Examples of the latter include Edgecore Networks and WNC.

Barefoot plans to sell the Deep Insight software based on the number of packets processed each second. Barefoot has product trials underway with select customers and plans to make the software available in February.

Support for Open AI Ecosystem Grows as Amazon Web Services Joins ONNX AI Format – Microsoft Cognitive Toolkit

It’s been an exciting few months! In September we introduced the Open Neural Network Exchange (ONNX) format we created with Facebook to increase interoperability and reduce friction for developing and deploying AI. In October a number of companies that share our goals announced their support for ONNX.

Today Microsoft and Facebook are excited to share Amazon Web Services (AWS) is contributing ONNX support for Apache MXNet and joining the ONNX initiative. Amazon recognizes the benefits of the ONNX open ecosystem to enable developers working on deep learning to move between tools easily, choosing ones that are best suited for the task at hand. It’s great to have another major framework support ONNX: Caffe2, PyTorch, Microsoft Cognitive Toolkit, and now MXNet.

At Microsoft we believe bringing AI advances to all developers, on any platform, using any language, with an open AI ecosystem, will help ensure AI is more accessible and valuable to all. With ONNX and the rest of our Azure AI services, infrastructure and tools such as Azure Machine Learning and the recently announced Visual Studio Tools for AI, developers and data scientists will be able to deliver new and exciting AI innovations faster.

We invite others in the community to visit http://onnx.ai to learn more and participate in the ONNX effort. You can also get ONNX updates on Facebook and @onnxai on Twitter.

Windows Server 2016 book serves up PowerShell recipes

Microsoft introduced a number of new features in Windows Server 2016, from container support to the Nano Server deployment option. But there’s no need to cook up a script from scratch to implement these innovations when there are prepared PowerShell recipes that do the job.

Windows Server 2016 admins can automate jobs and reduce their workload if they master newer cmdlets. For IT shops that want to avoid manual intervention to arrange and manage features in the latest server OS, there are more than 100 PowerShell recipes in Windows Server 2016 Automation with PowerShell Cookbook: Second Edition by Thomas Lee that can help.

Lee provides scripts to ease the mundane processes that can trip up admins who need to be available when trouble strikes. Microsoft switched the Windows Server patching to a cumulative model in 2016, which made the monthly releases more frustrating to handle for some. Lee has a few scripts to make the process less painful. For admins who want an easier way to work with the Desired State Configuration management tool to keep certain systems tamper-proof, Lee walks through the concepts and provides PowerShell recipes to set up the deployment.

In this excerpt taken from the book’s first chapter, Lee describes PackageManagement, a PowerShell module that helps admins and developers install and manage applications from the command line:

PowerShellGet is a powerful resource for PowerShell, built on top of the core PackageManagement capabilities of PowerShell 5. It is one of many PackageManagement providers available. …

PackageManagement is a unified interface for software package management systems, a tool to manage package managers. You use the PackageManagement cmdlets to perform software discovery, installation, and inventory (SDII) tasks. PackageManagement involves working with package providers, package sources, and the software packages themselves.

Within the PackageManagement architecture, PackageManagement providers represent the various software installers that provide a means to distribute software via a standard plug-in model using the PackageManagement APIs. Each PackageManagement provider manages one or more package sources or software repositories. Providers may be publicly available or can be created within an organization to enable developers and system administrators to publish or install propriety or curated software packages.

Editor’s note: This excerpt is from Windows Server 2016 Automation with PowerShell Cookbook: Second Edition, authored by Thomas Lee, published by Packt Publishing, 2017. For updates to scripts used in the book, check the author’s PowerShell Cookbook GitHub repository.

Remediation engine to improve Nyansa Voyance network monitoring

Network analytics company Nyansa Inc. has introduced more powerful software that spotlights problems in infrastructure devices and recommends corrective actions to prevent degradation in service.

Nyansa unveiled its “remediation engine” this week as the latest addition to the company’s Voyance performance monitor for wired and wireless networks. The Nyansa Voyance system, launched last year, blends cloud-based analytics and real-time deep packet inspection with an easy-to-understand management console.

The new software — part of a Voyance upgrade — will flag the cause of trouble and recommend configuration changes to correct it. For example, the application could recommend turning off 2.4GHz radios or changing channel assignments to reduce co-channel interference on wireless access points in a specific area.

The remediation engine also calculates the benefits of the corrective action. In the example above, the software would measure the number of lost client hours avoided through the fix.

More data fed to Nyansa Voyance

Nyansa has increased the number of data sources feeding the Voyance system to improve its analytic capabilities. The latest iteration can ingest syslog data from Cisco’s Identity Services Engine, Aruba’s ClearPass and the open source network access protocol, FreeRADIUS. The three technologies provide secure access to network resources through authentication, authorization and accounting of devices.

Along with more data coming in, Voyance can send more data out. Nyansa has added RESTful APIs for sending network information to an IT workflow application, such as team messaging service Slack or IT service management system ServiceNow. The latter could, for example, generate a trouble ticket and send it to IT when Voyance finds a device configuration problem.

Being able to reach network managers before there’s an outage enables them to become more proactive in solving problems, said Zeus Kerravala, the principal analyst at ZK Research. “IT can be on top of the problem instead of always in reactive mode.”

Nyansa adds remediation engine in Voyance upgrade
Nyansa Voyance recommendations for fixing network performance troubles

To help improve IT response time further, Nyansa has made it possible for Voyance users to tag mission-critical devices attached to an IP network. The devices could include heart or infusion pumps used in healthcare or robots found on the manufacturing assembly line. Voyance would measure and track every network transaction on the machinery and alert IT workers when performance-damaging events occur.

Nyansa is providing the latest features at no additional cost to Voyance customers, which include Netflix, Tesla Motors and Uber.

The company markets Nyansa Voyance as simplifying network monitoring by replacing the multiple tools IT managers use to determine the network’s health. Enterprise Management Associates Inc., a research firm in Boulder, Colo., has found today’s IT manager has six to 10 different management tools in use at one time.

Nyansa competitors include NetScout Systems Inc.; Cisco, which offers AppDynamics; and Hewlett Packard Enterprise, which has Aruba IntroSpect.

SAVE Act attempts to bolster election security

Two senators introduced a new election security bill with the aim of providing assistance to states in order to protect against cyberattacks on voting infrastructure.

The bipartisan bill — the Securing America’s Voting Equipment (SAVE) Act — was put forward by Senators Susan Collins (R-Maine) and Martin Heinrich (D-N.M.). The aim of the bill, according to Collins, is to “assist states in protecting the integrity of their voting systems. 

“Our bill seeks to facilitate the information sharing of the threats posed to state election systems by foreign adversaries, to provide guidance to states on how to protect their systems against nefarious activity and, for states who choose to do so, to allow them to access some federal grant money to implement best practices to protect their systems,” Collins said on the Senate floor.

Collins said that she knew of “no evidence to date that actual vote tabulations were manipulated in any state” during the 2016 U.S. election, but noted that the FBI and Department of Homeland Security (DHS) found 21 states had election systems probed by Russian hackers.

“Our democracy hinges on protecting Americans’ ability to fairly choose our own leaders. We must do everything we can to protect the security and integrity of our elections,” Sen. Heinrich said in a public statement. “The SAVE Act would ensure states are better equipped to develop solutions and respond to threats posed to election systems. Until we set up stronger protections of our election systems and take the necessary steps to prevent future foreign influence campaigns, our nation’s democratic institutions will remain vulnerable.”

Requirements of the SAVE Act

According to the announcement, the SAVE Act would require the Director of National Intelligence to designate security clearance to the chief state election official — usually the secretary of state — and share all “appropriate classified information with those state officials to protect election systems from security threats.”

The SAVE Act would also classify state-run election systems as critical infrastructure and require the DHS to work with states to ensure election security.

Prior to the 2016 U.S. presidential election, the DHS offered to aid states with election security and Jeh Johnson, former secretary of Homeland Security, claimed 18 states had accepted that offer.

The SAVE Act would also call for the creation of the “Cooperative Hack the Election” program which would essentially be a bug bounty program for electronic voting systems.

The DEFCON team, which has offered to help election officials test voting equipment, did not respond to requests for comment at the time of this post.

Mike Pittenger, vice president of security strategy at Black Duck, said he thought a bug bounty program would help “build more secure voting machines, assuming the bounties are attractive,” but wanted more information on the SAVE Act.

If we are talking about vote integrity, the major shortcoming of any electronic voting system is an independent, auditable record.
Mike Pittengervice president of security strategy at Black Duck

“The other point to remember is that security is ephemeral. A secure application can become a ripe target overnight if a new vulnerability is disclosed and not remediated. We saw this with Equifax. How can we ensure that every device is updated?” Pittenger told SearchSecurity. “I do worry about designating this as critical infrastructure, however, if it requires that all states and local governments use electronic voting, even if a variety of choices are available.”

At the DEFCON conference in July, Barbara Simons, former president of the Association for Computing Machinery and president of Verified Voting, a non-partisan and non-profit organization promoting laws and regulations that support accuracy, transparency and verifiability of elections, said risk limiting audits are an essential part of ensuring election results but are very difficult with electronic voting systems and are much more effective with paper ballots.

While the SAVE Act calls for audits of election systems for states that receive federal grant money, there are no stipulations for auditing actual election results.

“If we are talking about vote integrity, the major shortcoming of any electronic voting system is an independent, auditable record. With paper voting, someone could miscount ballots or ‘stuff the ballot box.’ It’s not perfect, but when an election is over we can match the records of individuals who registered, and rescan and recount the paper ballots,” Pittenger said. “With electronic voting, we have an electronic audit trail, but any competent criminal would cover their tracks.”

SteelCentral NPM upgrades to bolster SD-WAN portfolio

Riverbed Technology Inc. has introduced enhancements to its network performance monitor and integration between its SD-WAN product and cloud-based security provider Zscaler Inc.

This week’s announcements are related because the SteelCentral NPM is used on cloud-based business applications served by the SteelConnect SD-WAN. The latter routes traffic from a company’s branch to online software, the corporate data center or the internet.

A SteelCentral NPM module called Insights integrates with SteelConnect and provides information on usage and availability of the SD-WAN. “As time goes on, we’re going to have more and more functionality from the SteelCentral side into SteelConnect and other appliances in the Riverbed portfolio,” said Milind Bhise, the senior director of product marketing at Riverbed.

SteelCentral improvements

The SteelCentral platform is best suited for large networks requiring application performance analysis across WAN connections. New features in the latest version of the SteelCentral NPM software include integration between its Aternity module and ServiceNow’s online customer service management product.

Aternity monitors the performance of applications running on the web, virtual desktops and mobile devices. The integration makes it possible for ServiceNow to generate trouble tickets automatically when performance thresholds are not met.

Other enhancements include the ability to add SteelCentral monitoring of containers without changing them. A container is an OS-level virtualization method for deploying and running applications. The feature works alongside container orchestrators, including Kubernetes and Docker Swarm.

The latest SteelCentral iteration adds log messages from network devices to application performance data to assist developers and support troubleshooting. Starting with the log data, engineers can trace application activity to locate the source of the problem. The feature eliminates the need for a separate log analytics tool, Riverbed said.

Finally, Riverbed introduced a 40 Gbps network interface card for Riverbed appliances running SteelCentral and other products. The NIC doubles the traffic flow capacity.

SteelCentral NPM console
New and improved SteelCentral NPM console

SteelConnect with Zscaler

The SteelConnect-Zscaler integration makes it possible to use the former to direct internet traffic to the cloud-based security service. Zscaler products include a secure web gateway, firewall and data loss prevention tools.

SteelConnect customers would buy Zscaler separately, but access its portal through the SD-WAN product’s console.

SD-WAN vendors are adding services to their core products to make them an all-in-one networking product for branch offices. Along with security, vendors are tacking on WAN optimization and edge routing.

Singtel taps Versa for software-defined branch service

Singtel this week introduced a managed software-defined branch service as part of a broader network functions virtualization initiative. 

The Singapore-based service provider underpins its software-defined branch service with Versa Networks’ Cloud IP Platform, a software-defined platform that targets branch networks and enables integration with virtual network functions (VNFs).

Singtel software-defined branch service supports multiple VNFs at existing or new branch offices and can be hosted on white boxes, according to a company statement.

“Enterprises can also add new functions, such as unified threat management, to the same hardware without incurring additional installation charges,” the statement said.

Singtel released its SD-WAN services in 2015, following up with cloud-based NFV in 2016.

MegaPath secures its managed SD-WAN with Fortinet

MegaPath boosted its managed SD-WAN portfolio with security from Fortinet. The integration, announced last week, adds Fortinet Security Fabric to MegaPath’s enterprise SD-WAN services. The Fortinet software segments the network, allows for centralized management and orchestration and automates threat responses.

MegaPath underpins its SD-WAN portfolio with SD-WAN technologies from a pool of different SD-WAN vendors, including VeloCloud. The service provider, based in Pleasanton, Calif., uses a multivendor approach to anchor its customized packages.

FatPipe joins the VNF game

FatPipe Networks earlier this month expanded its SD-WAN portfolio with VNF software supporting a variety of enterprise functions. The VNF platform includes SD-WAN functionality that can be integrated with routing, firewall, security, quality of service and WAN optimization, among other services.

The VNF software can be hosted on FatPipe’s own hardware and on NFV hypervisors, including OpenStack, Amazon Web Services and Microsoft Azure, according to a company statement. The VNF software is pre-installed on FatPipe’s hardware; customers can also roll out third-party VNFs, if desired, the company said.

FatPipe said its features will let enterprises access and deploy more NFV and VNF options, without the complexity that comes with using multiple vendors.

Lanner and 128 Technology move to universal CPE

White box switch vendor Lanner and routing software developer 128 Technology debuted a universal customer premises equipment (uCPE) platform that supports a variety of VNFs and SD-WAN deployments.

The companies made the announcement at the SDN NFV World Congress in The Hague, Netherlands, earlier this month.

Most SD-WAN services run on proprietary boxes installed at a customer’s site; Lanner’s white box appliance will run 128 Technology’s secure vector routing software, which uses session-oriented routing to send IP traffic over predetermined paths. Lanner struck a similar alliance with Versa Networks in 2016, offering customers a white box CPE running Versa’s SD-WAN software.