Tag Archives: Networks

Juniper Mist roadmap includes SD-WAN, security integrations

Juniper Networks plans to broaden the reach of its cloud-based Mist AI engine from access points and switches to security and SD-WAN products on the wired and wireless LAN.

The vendor plans to finish by the middle of next year integrations between Juniper Mist and cloud-based versions of Sky Advanced Threat Prevention (ATP) and Contrail Service Orchestration (CSO). The former is Juniper’s malware detection service, and the latter is the management software for the company’s Contrail SD-WAN.

“[The integration] is something which has just started, so it’s beyond the design board,” said Sujai Hajela, who heads the Juniper company Mist. Hajela was CEO of Mist before Juniper acquired it this year.

Juniper bought Mist in an attempt to catch up with Cisco and Aruba, a Hewlett Packard Enterprise company, in the wired and wireless LAN market. Both companies are market leaders, according to Gartner’s latest Magic Quadrant report.

Before Mist, Juniper partnered with other vendors to combine wireless LAN technology with its campus switches. Today, Juniper has a wired and wireless portfolio with cloud-based analytics and management tools competitive with products from Cisco and Aruba. The latter two vendors introduced their cloud offerings in June.

Juniper Mist integration use cases

Hajela expects to formally release the Mist, CSO and Sky ATP integrations by early in the first half of 2020. At that time, the Mist AI engine will provide correlations on data drawn from access points (APs), Juniper’s EX campus switches, Contrail SD-WAN and Sky ATP.

The product integrations will let Mist’s AI engine solve a broader set of network problems on Juniper-based networks. Instead of stopping at APs and EX switches, the software could discover other bottlenecks, such as congestion on a LAN circuit managed through the Contrail SD-WAN.

With Sky ATP data, Mist could identify devices on the network that are infected with malware, giving IT staff the option of quarantining the group or booting them off the grid.

Pricing

Juniper plans to offer future Mist AI capabilities through a tiered pricing model. A standard tier, for example, would provide state information on network operations while a higher-priced tier would include advanced remediation of problems. Another level could consist of location-based services for retailers or asset management in a hospital.

“We’re going to provide you with a single, full vertical stack of software, and [let] you decide,” Hajela said during a recent interview.

Vendors focusing on installed base

Juniper’s Mist acquisition gives the vendor a wireless product it can sell to companies using the vendor’s networking gear. In 2018, Juniper ranked sixth in the global market for campus switching, according to Gartner.

However, some Juniper customers are keeping an open mind when it comes to their wireless LAN. The University of Washington is watching all the leading networking vendors as it draws up plans to transition to next-generation wireless technology, particularly Wi-Fi 6 and 5G.

The emerging technologies are disruptive enough to require significant changes to Washington’s campus network. “There’s just a huge point of change — of brand-new architectures — happening in the next year,” said David Morton, director of networks and telecommunications at the school.

Today, Washington’s wireless LAN comprises between 17,000 and 18,000 Aruba APs. The university manages the network with HPE and Aruba software and runs the campus’s wired network on Juniper switches.

Go to Original Article
Author:

Sigfox network provides cheap, efficient connectivity for IoT

Forget 5G. The key to implementing IoT applications may lie in “zero G.”

Broadband networks like 5G (or 2G, 3G, 4G) can quickly send large amounts of data for streaming applications. But the networks are overly powerful for IoT devices, which produce and transmit small bits of data and don’t need to operate in real time. Scale IoT devices to the millions, and the ideal network for carrying lots of IoT-generated data may be the Sigfox “0G” network.

The Sigfox 0G network enables companies to connect IoT devices at a fraction of the cost and power consumption needed by broadband networks, according to Ajay Rane, vice president of business development for Sigfox, which is based in Labège, France.

A network like this has many uses for Industry 4.0 applications, including supply chain and logistics, industrial IoT (IIoT), smart cities and smart buildings, Rane said.

“[The Sigfox 0G network] can’t do high-speed data, but it works well for the market that we’re targeting,” he said. “We’re not about to replace cellular or any other technology; we have a spot at the bottom of the pyramid of IoT technologies and there are a lot of devices at the bottom of that pyramid which require low power, low cost connectivity.”

The Sigfox network is a Low Power Wide Area Network (LPWAN) that connects devices over large distances without consuming a lot of power. IoT sensors send data through the Sigfox network to a gateway called a Sigfox base station, which posts the messages to the Sigfox cloud at least every 10 minutes. The Sigfox cloud then pushes the messages to client applications.

Keeping the costs low

Asset tracking applications implemented as LPWAN network availability has increased in the last 18 months, and Sigfox has been able to deliver immediate ROI because it’s simpler to implement and the device cost is comparatively low, according to Adarsh Krishnan, principle analyst at ABI Research, which is based in Oyster Bay, New York. Krishnan covers IoT connectivity and LPWAN technologies.

“When you bring the cost of individual asset trackers down to that level, an enterprise looking to deploy these in large volumes can justify such an investment, and Sigfox has devices that can last many years and track across multiple regions,” he said.  “The initial capital investment is much lower because the cost of connectivity itself is very low, and then the cost of devices becomes low because you’re sending very small amounts of data infrequently, which lowers the device cost because you’re optimizing battery use on the devices.”

Battery costs are some of the biggest expenses in asset tracking applications, Krishnan explained, and it can break a business justification to continually replace batteries or pay maintenance costs on thousands of devices.

As IIoT applications become more feasible, other LPWAN options such as LoRa, and other connectivity methods such as cellular networks are also emerging, according to Krishnan. However, the Sigfox network connectivity capacity of just 12 bytes of data maximum and no more than 140 messages per day makes it attractive for IIoT applications.

“Their idea is less is more and they’re addressing very specific use cases within what we call massive IoT use cases, where the data requirements are very small with small packets of data being transmitted from the devices less frequently,” he said. “It’s not real-time tracking — the data transmission may be every half hour — so battery or power efficiency becomes the biggest requirement in some of these use cases.”

Sigfox enables supply chain track-and-trace

Safecube, a startup firm based in Lyon, France that provides supply chain track-and-trace applications, was able to scale its business globally after connecting to the Sigfox network.

Safecube’s service enables shippers to have direct, near real-time access to data about a shipment’s location and condition through IoT sensors that transmit data on the Sigfox network. The network’s growth in coverage in the last two years is the main reason why Safecube uses it, according to Waël Cheaib, Safecube CEO.

“Now the network covers between 60 and 70 countries in the world, so they can say that they have global footprint,” Cheaib said. “They’ve been also developing a technical feature that allows truckers to work worldwide. Until recently, it was not possible for any low power network to have something working in Europe, the U.S., South America and Africa.”

The Sigfox network is suited to Safecube’s application because the data needs to be precise about things such as shipment location, but it’s not a lot of data, Cheaib explained. The network also has to work globally.

“In order to send this information, you don’t need a 5G network. You need a network that is designed to communicate small loads of data, so there are very limited connectivity costs,” he said. “The other resources that are available are long range networks — 2G, 3G, 4G, 5G, which are very costly. But Sigfox is the only low-power network that’s able to provide a global solution.”

Go to Original Article
Author:

F5 Networks updates NGINX Application Platform, other tools

F5 Networks has added and tweaked a handful of tools in an effort to help DevOps, NetOps and SecOps teams work together to deliver applications.

F5 Networks has been working on the updates since acquiring NGINX and its NGINX Application Platform in May. The suite includes NGINX Plus for load balancing and application delivery, NGINX Web Application Firewall for security, NGINX Unit to run application code and NGINX Controller to monitor and manage the platform.

The F5 Networks updates include the following changes to NGINX Application Platform and other tools:

Open source projects: F5 Networks hopes to accelerate the development of NGINX open source technologies, including upcoming HTTP/3 capabilities in NGINX Open Source. It has also worked on improving proxying and network capabilities in the NGINX Unit application server.

NGINX Application Platform: There are four new versions of products that build on NGINX Open Source, which were designed to consolidate 13 tools into one software platform, according to F5 Networks. The new versions of products include improved security and observability features in NGINX Plus, a new developer portal and API importing in the NGINX Controller API Management Module, improved analytics and configuration management in the NGINX Controller Load Balancing Module and the addition of custom resource definitions in NGINX Kubernetes Ingress Controller.

Arm and NS1: Arm and NGINX created Arm Neoverse-based tools for a range application and runs on Amazon EC2 A1 instances in the AWS Cloud. NGINX also introduced a new certified module that integrates NS1 global server load balancing with NGINX Plus.

Go to Original Article
Author:

Juniper-Ericsson partnership aimed at 5G market

Juniper Networks has partnered with Ericsson to offer carriers a collection of products for moving 4G and 5G traffic from a cell site to the network core. The deal marks an important win for Juniper, which is filling the void left by the nearly dead partnership between rival Cisco and Ericsson.

The Juniper-Ericsson alliance combines routers and software from both companies to build an optical transport for a mobile network that carriers can manage through a single software console, according to the vendors. The partners’ combined routers include Juniper’s MX and PTX series and Ericsson’s 6000 hardware.

Juniper and Ericsson have partnered on technology for almost 20 years. But the latest deal is a “significant win” for Juniper, because it improves the company’s chances of winning deals, as service providers build out their network infrastructure to deliver 5G wireless services to consumers and businesses, said Rajesh Ghai, an analyst at IDC.

For example, the partnership could provide Juniper with access to the many service providers that use Ericsson’s radio access technology to connect customers’ mobile devices to the carriers’ core networks, Ghai said. Ericsson has a 40% share of the radio access market.

Also, of the three top carrier suppliers, Ericsson is the only one without an extensive routing portfolio — a void Juniper can fill. The other two suppliers are Nokia and Huawei.

“It was critical that Juniper get aligned with Ericsson,” Ghai said. “It remains to be seen how exclusive Ericsson can keep the relationship.”

Meanwhile, Juniper’s biggest rival, Cisco, is more focused on selling its routers directly to service providers, rather than through Ericsson, Ghai said. Also, Cisco and Ericsson compete with products for the packet core, which has created “suspicion between the two partners.”

Cisco and Ericsson announced a wide-ranging partnership in 2015, but financial troubles pushed Ericsson into an extensive reorganization that prevented the company from following through on the deal. Nevertheless, Cisco has never declared the partnership dead, despite its failure to reach sales goals.

“Where we need to partner with Ericsson, we will continue to do that. And where we’re working directly with SPs [service providers], we’ll continue to do that,” said Sumeet Arora, general manager of service provider network systems at Cisco.

Juniper, Ericsson combined products for service providers

The Juniper-Ericsson partnership includes Juniper’s MX Series 5G Universal Routing Platform and its PTX Series Packet Transport Routers. The hardware supports mobile infrastructure for 10 Gb, 100 Gb and 400 Gb optical transport.

Juniper has aimed the MX at the service provider’s WAN edge, which could include routing traffic from a cell site onto the service provider’s core network. The PTX Series can handle traffic on the service provider’s backbone. Juniper has also designed the hardware to handle internet peering and data center interconnects.

Juniper’s MX and PTX routers are interoperable with Ericsson’s Router 6000 mobile backhaul and fronthaul portfolio. A wireless backhaul router connects mobile device traffic to a network node, such as the internet or a proprietary network. A fronthaul device sits at the access layer of the network and aggregates traffic from IoT devices.

Other hardware covered in the partnership includes Ericsson’s MINI-LINK microwave radio backhaul device. The partners are also offering software such as Juniper’s firewall, called the SRX Series Services Gateway, and Ericsson’s management and orchestration technology for controlling all the partners’ products.

In general, analysts do not expect service providers to take 5G infrastructure technology into production until next year, with businesses unlikely to buy 5G services until 2020 at the earliest. Industry observers expect IoT to be an initial driver of the 5G commercial market.

Misconfigured Tor sites leave public IP addresses exposed

The Tor network’s degree of anonymity has come under increased questioning over recent years, and new research found public IP addresses can be connected to misconfigured Tor sites.

Yonathan Klijnsma, lead threat researcher at RiskIQ, a cyber threat intelligence company based in San Francisco, said he found out about the misconfigured Tor sites when crawling the web to associate SSL certificates with the host IP address for the site.

Klijnsma found misconfigured Tor servers that were listening to requests on public IP addresses instead of on the localhost IP address, 127.0.0.1, which is the default address for traffic originating on the same system. Tor servers must listen only on localhost in order to preserve the anonymity users expect from the Tor network and to keep anonymized Tor network traffic off of the public internet.

If correctly configured, an SSL certificate for a Tor site would only be associated with the dark web onion address of that site. But if a misconfigured Tor site listens on a public IP address, the certificate will also become associated with that address. However, it is unclear whether the issue is widespread.

Klijnsma did not respond to requests for comment at the time of this post.

Klijnsma began tweeting about the issue in July in order to make Tor administrators and users aware that sites they expected to be anonymous may not be. And he has even gotten pushback on his research.

Klijnsma’s research isn’t the first to find ways to deanonymize Tor. Researchers previously found that domain-name-system monitoring could be used to identify Tor users. And the FBI notably chose not to disclose a Tor vulnerability it used to find a suspect in a child porn case, leading to the case being dismissed.

Talari SD-WAN targets mobile with Meta Networks integration

Talari Networks’ customers can now combine their software-defined WAN service with a network-as-a-service platform from Meta Networks.

The platform offered by Meta Networks, an Israel-based NaaS startup, targets remote and mobile users who need to access data center and cloud applications. While SD-WAN technology offers remote connectivity to an extent, it is limited in its flexibility to connect individual remote and mobile BYOD users, as most can’t deploy a physical or virtual SD-WAN appliance. With Talari’s support for Meta Networks’ NaaS software, Talari customers located outside the software-defined WAN perimeter can connect using one of Meta’s multiple points of presence (POP) worldwide.

With the platform, user devices connect to the closest Meta POP to access corporate resources. Instead of applying policies based on site location, Meta Networks takes a user-centric approach by specifying policies and application authentication based on individual user permissions. Network administrators, for example, can create policies that deny mobile users access to certain websites or cloud applications.

The integrated offering is now available for Talari SD-WAN customers.

Versa Networks adds managed SD-WAN partner

Versa Networks added another service provider to its managed SD-WAN partner list. California Telecom, headquartered in Chino, Calif., joins existing Versa Networks partners CenturyLink, China Telecom Global, Comcast Business and Verizon in adding managed SD-WAN services to its portfolio.

California Telecom customers can choose from three available purchasing options: SD-WAN standard, SD-WAN advanced and SD-WAN secured. Load balancing, automated failover, error correction and circuit monitoring, among other features, are included in all three options. Customers can add additional features, such as firewalls, antivirus and content filtering and advanced routing.

“We spent over a year looking for an SD-WAN platform we could integrate into our existing MPLS infrastructure that could offer all the features that were being promoted in the industry,” said Jim Gurol, California Telecom’s CEO, in a statement. Versa’s Cloud IP Platform paired well with California Telecom’s infrastructure, he added, allowing the service provider to go to market immediately.

Customers can deploy California Telecom’s managed SD-WAN service to create various WAN designs, including hybrid MPLS, cloud-based SD-WAN and security-focused models, Gurol said.

SD-WAN adoption impeded by available options

Enterprises are investigating SD-WAN, but the technology is still being adopted relatively slowly, according to a report conducted by Sapio Research at the request of Teneo, a consulting firm and technology integrator.

While almost half of the 200 senior IT and networking managers surveyed said they were investigating SD-WAN in some form, only 20% said they’ve deployed the technology. A third of the respondents hadn’t yet evaluated SD-WAN technology. Part of the reason for SD-WAN’s slow adoption is the large number of available SD-WAN options and variants, according to Marc Sollars, CTO of Teneo, based in Dulles, Va.

“Many firms are clearly putting a toe in the water on SD-WAN or doing a proof of concept, but it’s still very hard to say when this test phase will start to translate into enterprise-level implementations,” Sollars said in a statement. “In many ways, the broad range of choice that SD-WAN brings is what’s causing companies to hesitate over their decisions.”

Respondents indicated the primary driver to consider SD-WAN deployment is to help address the growing complexity of network infrastructure and performance tasks. Cutting network costs and better infrastructure management followed behind.

Cambium Networks certified in Express Wi-Fi by Facebook program

Wi-Fi vendor Cambium Networks, based in Rolling Meadows, Ill., has been certified in a Facebook Wi-Fi program that looks to expand internet connectivity to underserved locations around the world. Express Wi-Fi by Facebook works with carriers, internet service providers and local entrepreneurs to provide affordable internet access in public yet remote places.

Currently, Express Wi-Fi by Facebook is live in India, Nigeria, Kenya, Tanzania and Indonesia. The program allows access point (AP) manufacturers like Cambium to build Wi-Fi hardware that’s compatible with Express Wi-Fi by Facebook.

Cambium, a global provider of wireless network services, is one of the first Wi-Fi vendors to join Facebook’s Express Wi-Fi certified ecosystem, Cambium said in a statement this week. Cambium works with service providers and enterprise network operators to build edge connectivity. It specializes in providing end-to-end wireless fabric of cloud-managed platforms.

In the Facebook partnership, Cambium is enabling network deployment with its Frictionless Wi-Fi cnPilot enterprise-access service, Cambium president and CEO Atul Bhatnagar said in a statement. The cnPilot Wi-Fi products feature indoor and outdoor APs that can be installed in new or existing wireless local area networks.

The Express Wi-Fi network requires Wi-Fi vendors to support specific communications protocols to enable Facebook internet service provider partners to deploy Express Wi-Fi networks, according to Chetan Hebbalae, senior director of product management at Cambium. Facebook approves only Wi-Fi vendors that have passed its interoperability qualifications, he added.

As the goal of the Express Wi-Fi by Facebook program is to provide internet access to remote places, Bhatnagar noted approximately 3.8 billion people are unconnected around the world.

Nyansa provides free network insights

Network analytics vendor Nyansa Inc., based in Palo Alto, Calif., is making worldwide network data freely available. The data has been collected by Nyansa’s Voyance software-as-a-service platform that monitors hundreds of business networks with millions of end-user client devices. 

The free and public dashboard, called Voyance Live, is the first and only repository of network analytics, Nyansa said in a statement. The service was developed to help network professionals gain insight into the behavior of business networks that are not their own.

Voyance Live updates continually and provides insights into various network issues, service performance and client incidents. The aggregated network insights include the top Wi-Fi APs, best and worst performing applications, a breakdown of enterprise client devices in use by operating system, as well as the top issues affecting network performance.

Voyance Live does not share customer data but gleans anonymous insights and analytics from enterprise networks. The service can provide organizations with quantifiable answers to network issues by using real network data.

Voyance Live uses wired and wireless network data from more than 12 million client devices and hundreds of thousands of Wi-Fi APs under observation within Voyance, Nyansa’s commercial network analytics service. By using cloud sourcing, Voyance Live collects and processes petabytes of network data, analyzing billions of client events and detecting tens of thousands of incidents.

SevOne to add support for VMware NSX SD-WAN

SevOne, a Boston-based network and infrastructure management services provider, said its SevOne SD-WAN Monitoring Solution will support VMware NSX SD-WAN by VeloCloud. SevOne’s SD-WAN monitoring tool, released earlier this year, is designed to help managed service providers (MSPs) that offer network services over multi-tenant, multivendor networks.

The SevOne SD-WAN Monitoring Solution supports WAN infrastructures from Cisco, Huawei, Juniper, Nokia and others. It also supports Cisco SD-WAN. VMware NSX SD-WAN by VeloCloud provides bandwidth expansion, as well as access to data and enterprise and cloud applications.

MSPs need to view and access network performance data from the complex services running across their MPLS-based services, as well as hybrid WAN services, SevOne said in a statement.

The latest SevOne SD-WAN service, scheduled for release later this year, will provide real-time and historical insight into enterprise and service provider networks with customizable dashboards for network operations and engineering, product owners and business executives. MSPs can use SevOne’s SD-WAN monitoring tool for visibility across their entire service delivery path, including enterprise Wi-Fi from campus to branch and software-defined data centers.

Arista CloudVision gets multi-cloud, NSX security features

Arista Networks has added to its CloudVision management console the ability to apply security policies across virtualized switching fabrics running on Amazon Web Services, Google Cloud and Microsoft Azure.

Arista also introduced this week an integration between Arista CloudVision and NSX, VMware’s software for provisioning virtualized networks. The combination lets engineers take security policies created in NSX and apply them to Arista switches running in the data center.

The latest features come about a year after Arista introduced a virtualized version of its network operating system, called vEOS, for AWS, Google and Azure. At the time, Arista added some vEOS controls to CloudVision, which competes with Cisco CloudCenter.

The new multi-cloud feature within Arista CloudVision lets engineers modify the access control lists (ACLs) in vEOS switches, said Jeff Raymond, vice president of EOS product management. The capability, which the vendor calls Zone Segmentation Security, eliminates having to worry about the unique security mechanisms in each of the three public clouds.

Companies often create virtual networks in the public clouds to deliver security, load balancing and other services to applications. Amazon and Google call the networks Virtual Private Clouds (VPCs) while Microsoft refers to them as virtual networks (VNet).

Arista has integrated its Zone Segmentation feature with Zscaler’s cloud-based web gateway. The integration lets companies use Zscaler to apply security policies for traffic heading from a campus network or remote office to the cloud provider. Arista CloudVision applies policies to traffic flowing between and within virtual networks.

Overall, Arista is using CloudVision to address a trend toward more collaboration between corporate networking and security teams, said Shamus McGillicuddy, an analyst at Enterprise Management Associates, based in Boulder, Colo. A recent EMA survey found that 91% of security and network infrastructure teams were working together using shared or integrated tools.

The latest Arista offerings also show the vendor recognizes its customers need security that stretches from the private data center to the public cloud, said Bob Laliberte, an analyst at Enterprise Strategy Group, based in Milford, Mass. “Building out a strong security ecosystem will be critical, and delivering a capable management platform for hybrid cloud environments will be important for its customers to effectively manage those hybrid environments.”

VMware NSX integration with Arista CloudVision

The NSX integration bridges the gap between VMware virtual networks and Arista physical switches in the data center. With CloudVision, engineers will be able to take security policies created for NSX environments and apply them to workloads running on the hardware.

NSX policies define the network resources accessible to groups of workloads and applications running on the virtual network. CloudVision applies those policies to an Arista fabric by converting them into a format that can become a part of the switch’s ACL.

As a result, engineers can save time by using just NSX for creating security policies, according to Raymond.

New hardware-based encryption in Arista routers

Finally, Arista plans to release four routers with built-in support for encryption standards. For the enterprise WAN, Arista embedded hardware-based IPSec in the 7020SRG for site-to-site virtual private networks. The router is a 10 GbE platform.

For the data center interconnect, Arista will provide MACsec encryption in the new 7280CR2M and the 7280SRAM. Both routers offer wire-speed encryption with 10 GbE and 100 GbE for up to 100 kilometers. For MACsec encryption up to 2,500 km, Arista introduced the 7280SRM, which has 200 GbE Coherent interfaces for metro and long-haul links.

Arista plans to release all the new technology by the end of September.

Arista sells its products primarily to tier-one and tier-two service providers, financial institutions and high-tech companies, including Microsoft, Amazon and Facebook.

Recently, however, the company has aimed some new hardware at enterprises with more mainstream data centers. In May, for example, the company introduced switches for the campus LAN.

Array bolsters throughput, security in NFV appliance

Array Networks Inc. has introduced an upgrade of its network functions virtualization hardware. New features in the AVX NFV appliance, which provides application delivery, security and other networking operations, include support for 40 GbE interfaces and higher throughput for encrypted traffic.

Array, based in Milpitas, Calif., launched the AVX5800, AVX7800 and AVX9800 appliances this week. Along with support for optional 40 GbE network interface cards (NICs), the latest hardware provides a significant improvement in elliptic curve cryptography (ECC) processing over a Secure Sockets Layer virtual private network (SSL VPN).

The new NFV appliances include Array’s latest software release, AVX 2.7. The upgrade provides better fine-tuning of system resources for virtualized network functions running on the platform. Other improvements include the ability to back up and restore AVX configurations and images via USB and an online image repository for software running on AVX appliances.

Array has also added enhancements for companies using the NFV appliance with OpenStack environments. The company has introduced a hypervisor driver that lets the AVX platform serve as an OpenStack compute node.

The AVX NFV platform, launched in May 2017, comprises a series of virtualized servers for running Array and third-party applications, such as Fortinet’s FortiGate next-generation firewall and Positive Technologies’ PT AF web application firewall.

A10 Harmony Controller Update

A10 has launched an upgrade to its Harmony Controller, an application delivery controller, or ADC, that is also a cloud management, orchestration and analytics engine.

A10, based in San Jose, Calif., released Harmony version 4.1 last week, adding improvements to the product’s ability to configure and manage policies across A10’s line of Thunder security appliances.

New features in Harmony include preloaded Thunder ADC services. Also added to the controller is a self-service app for Thunder SSL inspection, which decrypts traffic, so security devices can analyze it.

AVX9800
Array Networks’ AVX9800 NFV appliance

Other improvements include extending Harmony’s analytics history to 12 months, so network operators and security pros can go further back in time when investigating events.

Harmony is a cloud-optimized ADC that can spin up specific services anywhere in a hybrid cloud environment. The software also incorporates per-application analytics and centrally manages and orchestrates application services.

Aviatrix improves its AWS security

Aviatrix has added to its AVX network security software better control over traffic leaving Amazon Web Services. The enhancements provide customers with stronger protection against internal threats and external attacks.

The new AVX capability announced last week focuses on filtering egress data from an AWS virtual private cloud (VPC). An AWS VPC provides a private cloud computing environment on the infrastructure-as-a-service provider’s platform. The benefit of a VPC is the granular control a company can get over a virtual network service serving sensitive workloads.

AVX for AWS VPCs verifies the traffic destination’s IP address, hostname or website, the vendor, based in Palo Alto, Calif., said. An inline, software-controlled AVX Gateway does the VPC filtering and prevents traffic from going to unauthorized locations.

The Aviatrix platform, which comprises a controller and gateway, operates over a network overlay that spans cloud and data center environments. The new VPC egress security feature is available as part of the platform, which is available only as software.

Companies can deploy the Aviatrix product through the AWS marketplace. Aviatrix also has versions of its technology for Microsoft Azure and Google Cloud.

Mist Systems gives VMware NSX SD-WAN a boost

Arista Networks and VMware, both recent entrants in campus and branch office networking, have made significant moves to add cloud-based Wi-Fi management and analytics to their respective software portfolios.

VMware launched this week interoperability between its NSX SD-WAN and Mist Systems’ machine learning engine for maintaining Wi-Fi performance. Meanwhile, Arista acquired Mojo Networks for the startup’s analytics, which it calls Cognitive WiFi.

Arista’s purchase of Mojo shows the former vendor taking control over its Wi-Fi offering, rather than depend solely on its current deal to offer Aruba wireless products from Hewlett Packard Enterprise, said Bill Menezes, an analyst at Gartner. “[They’re] going to have much more input and control over the pace of tech development.”

The VMware-Mist collaboration, on the other hand, reflects an industry trend of connecting the wireless access layer in remote offices to an SD-WAN product, Menezes said.

“That’s something that most of the major vendors are looking at in one way or another,” he said. “Some of them, like Cisco and Aruba, are developing that capability in-house.”

Mist is providing interoperability between its products and NSX SD-WAN through open APIs. As a result, the combined products deliver to IT administrators “end-to-end visibility and insight into users, application and network performance for LAN and WAN,” the companies said in a statement. Other features include trend detection and recommendations to avoid problems, and event correlation and anomaly detection for fault isolation and remediation.

Mist combines big data and machine learning to track user behavior on Wi-Fi and ensure network performance. The company’s machine learning engine will help NSX SD-WAN analytics by gathering more than 100 different user states from access points (APs).

Metrics gathered by Mist technology include the time it takes an AP to connect to devices and the number of failed attempts. The system can also collect roaming data, such as when a mobile device switches APs to take advantage of a stronger signal or leaves an AP that’s dropping too much data.

Mist will also add to NSX SD-WAN anomaly detection for APs, mobile devices, operating systems and applications connecting to Wi-Fi. Mist and VMware will sell their products separately through joint channel partners.

In 2017, VMware entered the market for branch-office networking with the acquisition of software-defined WAN vendor VeloCloud. In May, VMware extended its virtual networking software, NSX, to remote offices through integration with VeloCloud, which the company renamed NSX SD-WAN. Combining the technologies made it possible for VMware customers to use NSX for policy-based network management across the data center and branch.

Arista acquires Mojo

The VMware-Mist collaboration came nearly a week after Arista said it would acquire Mojo for its cloud-based software focused on network analytics and management. The acquisition, which Arista expects to close by the end of September, is the company’s first. Arista did not release financial details.

Arista announced the Mojo acquisition roughly three months after introducing its first switches for the campus LAN. Available in the fall, the 7300X3 and 7050X3 spline switches are 10/25/40/50/100 Gigabit Ethernet gear equipped with telemetry and monitoring features designed to help network operators  diagnose performance problems.

Arista acquired Mojo for its machine learning and big data platform. The Cognitive WiFi system tracks more than 300 key performance indicators, Gartner said in its latest Magic Quadrant for the Wired and Wireless LAN Access Infrastructure. The research firm listed Mist and Mojo in the visionary quadrant of the report.

As a campus network supplier, Arista needed more than just technology for the wired LAN, Arista CEO Jayshree Ullal told financial analysts during a recent conference call. That’s because a growing number of Arista customers are turning to Wi-Fi as it approaches multigigabit speeds.

“What we bought Mojo for was their Wi-Fi, their Cognitive WiFi, and the software capabilities associated with the access points [Mojo provides],” Ullal told analysts, according to a transcript on the financial site Seeking Alpha.

Arista plans to  merge Mojo technology with its CloudVision network management software that combines cloud computing, big data and machine learning. The product collects and archives network state and runs a suite of applications against the data to provide visibility, automate the deployment of network components, and analyze and report on incidents.