Last week I published a feature that took a long, hard look at Cisco’s network security strategy. This story tackled a big subject so naturally I left out a few odds and ends and a little analysis. I thought I’d drop them here for your reading pleasure.
- Who owns the security strategy at Cisco? When I was reporting this story, a few of the people I interviewed wondered aloud about who actually runs the show for Cisco’s security strategy these days. In case you were wondering, Tom Gillis, vice president and general manager of Cisco’s Security Technology Business Unit, runs the show. Gillis was one of the founders of IronPort Systems, the email and web security company that Cisco bought three years ago. He was serving as senior vice president of marketing at IronPort at the time of the acquisition.
- Speaking of which, this Q&A with Gillis on Cisco’s web site is was referred to me by at least four different Cisco PR and marketing people as the most recent articulation of Cisco’s security strategy. So if you want to hear straight from them what they’re vision is, go there.
- Fred Kost, director of security solutions marketing at Cisco, told me Gillis owns most of Cisco’s security strategy, however security is a big area that touches on a number of different business units. Kost said several other senior VPs and GMs at Cisco work with Gillis to coordinate the security elements of their products with Cisco’s overall security strategy.
- I’ve heard many networking pros and consultants talk abut how Cisco seems to have two competing approaches to network access control, causing some confusion in the network. It has an appliance-based NAC product from its acquisition of Perfigo and it has an infrastructure-based product developed from within its routing and switching business. Kost said Cisco has been converging these two products in recent months under one brand: TrustSec. Ultimately Cisco’s NAC approach will become more closely tied to network infrastructure. Kost said NAC is a growing market for Cisco, but the standalone NAC appliance market hasn’t caught on.
A school district in California is using location-based wireless technology to track preschoolers. I admit that when I first saw the headline for this story, I worried that the school was embedding RFID tags in the kids… kind of like the tags they put in pets these days. Thankfully, that’s not the case!
KTVU-TV is reporting that the Contra County School District is using some combination of RFID and Wi-Fi technology to check students in and out of schools, to track their locations and to make sure they get fed lunch. Based on what I saw in the video, this seems to be some kind of real-time location system (RTLS).
The school district spent $50,000 on the system, which includes a series of sensors throughout the school and basketball jerseys that have an RFID and Wi-FI package embedded in the chest. The school district says the system improves security but it will also save 3,000 man hours a year by eliminating paperwork (teachers had to fill out paperwork every time a child entered or left the school and every time a child was fed).
The reporter for this story didn’t identify the vendor(s) who provided this system to the school, but he noted that it was based on technology commonly deployed in hospitals. There are a lot of RFID/WI-FI-based patient and asset tracking system vendors serving the healthcare industry. One of them probably adapted this technology for the school.
Virtual Private LAN Service (VPLS) enables multipoint-to-multipoint communication over carrier-based MPLS/IP networks, basically enabling enterprises to extend LAN segments over long distances.
In this video, Juniper Networks MX Series product manager Rameshbabu Prabagaran explains how enterprises now use service provider infrastructure as just another transport layer for their enterprise LANs through VPLS.
[kml_flashembed movie=”http://www.youtube.com/v/AFu7o-TD2P0″ width=”425″ height=”350″ wmode=”transparent” /]
Data center MPLS was a hot topic earlier this week at a Juniper Networks Data Center Design workshop in NYC. In this video, Juniper Networks MX Series product manager Rameshbabu Prabagaran explains that some companies are turning to MPLS inside the data center as a means to implement network segmentation that is more scalable than alternatives.
[kml_flashembed movie="http://www.youtube.com/v/Mrg6ki1gYR4" width="425" height="350" wmode="transparent" /]
During his latest earnings call with Wall Street analysts, Cisco CEO John Chambers put a good spin on the supply chain issues that have plagued his company and many other IT vendors for more than a year as component manufacturers have struggled to meet demand. (On a side note, I’m still waiting for someone to explain to me why suppliers aren’t able to ramp up production to meet demands from Cisco and other vendors. Are they struggling to find raw materials? Are they afraid to expand capacity for fear of another downturn gutting demand and forcing them to make extraordinary cuts a second time since the recession began?)
Chambers said Cisco’s supply chain constraints are improving but remain challenging, with supplier lead times stabilized but still longer than ideal. He said Cisco has made significant progress with this and product lead times are now within a normal range for the majority of the company’s products. Note that he said the majority of products are within normal lead times now, but not all. Chambers didn’t specify which products still have long lead times… whether or not they include the high volume products that networking pros have been griping about such as the Adaptive Security Appliance (ASA) 5000 series devices.
Chambers said the number of components that are scarce in Cisco’s supply chain has decreased. At the beginning of the last quarter Cisco was “chasing” 550 parts that were hard to acquire in its supply chain, he said. By the end of the quarter that number was down to around 300. Chambers noted that in normal times Cisco chases about 100 components in its supply chain.
Also, Cisco has clearly taken extraordinary steps to get products into the hands of its customers faster. Chambers admitted that profit margins have suffered as the company has spent money on speeding up its supply chain with more use of airfreight and other unspecified methods.
Despite chasing parts and trying to grease the wheels of supply chain, customers still have gripes. As we reported recently, some networking pros have turned to Cisco competitors rather than wait for Cisco to deliver. They aren’t willing to leave Cisco behind, but for some parts of the network they are willing to try a new vendor. Of course, if they like what they see from these new vendors, their use of Cisco alternatives could increase if the supply chain issues get worse again.
So are customers seeing improvement? It’s not just Chambers saying this. I’ve heard from networking pros who say the delays aren’t as bad as they were on many products.
If you’re still feeling the pinch, let us know in the comments section.
The FCoE debate is over. At last there is an answer to converged storage networking that leaves tiresome Ethernet behind: Fibre Channel over Token Ring (FCoTR).
The newly launched FCoTR Alliance is working feverishly to develop the 802.5qZ standard, which will soon be submitted to a standards body.
The alliance “is responding to growing industry pressure from a diverse group of networking and storage professionals” with the primary goal of furthering “the awareness, adoption, and commercial support of FCoTR.”
More importantly, the alliance aims to prevent storage professionals from ever having to learn burdensome Ethernet technology while enabling long-time networking admins to remain comfortable in a technology they know and love – Token Ring.
“The adoption of Fibre Channel technology means an opportunity for network convergence. Leveraging my existing Proteus token ring network for use with storage is a very desirable proposition,” said Jose Chavez, director of information technology for Superannuated Systems, Inc.
FCoTR also enables both storage and networking purists to keep the Ethernet gene pool clean.
“Many Fibre Channel gurus balk at the idea of Ethernet being capable of guaranteeing the right level of lossless delivery and performance required for the SCSI data their disks need. IP Junkies like Greg Ferro ofEthereal Mind balk at the idea of changing Ethernet in any way and insist that IP can solve all the world’s problems including world hunger (Sally Struthers over IP SSoIP.) Additionally there is a fear from some storage professionals of having to learn Ethernet networks or being displaced by their Network counterparts,” writes esteemed Define the Cloud blogger Joe Onisick.
Ferro – who is one of a team engineers drafting the standard – is only attempting to help storage professionals maintain their Fibre Channel investment.
“For all those Storage Nut Jobs who can’t imagine their precious FibreChannel frames crossing an Ethernet network, we are proposing the development of FibreChannel over Token Ring. That’s right, the second best networking protocol ever invented (after FDDI), offers everything you sad, attention deficit ridden, storage losers ever wanted in shared network. Deterministic delivery, over engineered cabling, layer 2 troubleshooting. We can even improve the FC protocol by isochronous transmission for serial clocking performance and guaranteed delivery,” writes Ferro. “Last known Token Ring standards were developed to Gigabit performance, and it shouldn’t be too hard to dust them off and ramp them to 10Gigabit and more.”
Once the 802.5qZ standard is established, it is very likely vendors will launch a series of product (most of which promise not to be interoperable, but will be launched with lavish press events, maybe even one on the New York Stock Exchange floor). Here are some predicted product launches:
· EMC SLOW (It’s the version of FAST that supports Token Ring)
· NetApp SMTR (SnapManager for Token Ring)
· HDS UPS (It is to USP what UPS is to FedEX)
· 3PAR HeyNow! (3Par requires each disk to say “Hey Now!” if they want the token)
· Compellent Frozen Data (It’s the Fluid Data line slowed down so much it freezes)
· IBM WHU (The Prequel to XIV)
· HP StorageDoesntWork (Just saying)
Learn more about the lossless storage over token ring in this in-depth and well-explained video on FCoTR.
[kml_flashembed movie="http://vimeo.com/moogaloop.swf?clip_id=13399464" width="400" height="225" wmode="transparent" /]
A nice find by Stu Miniman at Wikibon. He dug up this video in which VMware’s director of research and development Howie Xu previews his session at VMworld, “The Future Direction of Networking Virtualization.
In the video below, Xu talks about VMware’s plans to announce an “open, extensible networking virtual chassis platform so that anyone can develop the on-demand networking service on top of vSphere.”
[kml_flashembed movie="http://www.youtube.com/v/8xCFmGmRwAs" width="425" height="350" wmode="transparent" /]
Hit pause at the beginning of that video and look at the white board. As Stu pointed out in his blog, you’ll see the term “vFabric” at the top, to the right. Stu thinks this could be the name of a new virtual networking OS from VMware.
When something like the Mark Hurd scandal happens, we in the media spend a lot of time quoting pundits about what impact the event could have on the markets we cover. For instance, ITWorld Canada quotes Rick Sturm, CEO of Enterprise Management Associates, about how Hurd’s departure could throw a wrench in the integration of 3Com into the company.
If [HP] brings in someone who says, ‘I’m not so sure [3Com] was a smart idea,’ they could have a few bumps in the road.
That’s for sure. Of course, given the amount of money laid out this year for the 3Com deal and the Palm acquisition, I think the board of directors will want to hire a new CEO who is committed to making those investments work. At the same time, a new CEO will probably be more willing to cut his losses with an acquisition that isn’t working if said acquisition didn’t happen on his watch.
So the board will probably hire a CEO who will commit to HP Networking’s 3Com/H3C/TippingPoint integration at least for a few years. But what about the rest of the company?
Over at CTOEdge, Mike Vizard pointed out that HP employees were suffering from low morale even before this Hurd scandal hit. He points to Glassdoor.com, a site where employees rate their CEOs and review what it’s like to work at their companies. HP has a Glassdoor rating of 2.4 on a scale of 1 to 5, based on 1,353 ratings. Hurd has an approval rating of just 34%. Employees tell the site that executives focus too much on numbers.
HP has enjoyed a lot of success under Hurd’s leadership. It has solidified its position as the #2 enterprise networking vendor, grown its share of server sales and made a lot of money on services with its EDS acquisition. But whispers of poor morale combined with this dramatic loss of its CEO certainly justifies some hand-wringing — by the media and by HP customers — especially since Cisco is being so aggressive in competing directly with it on networking and servers. As Vizard asks in his CTOEdge column: “Can an HP that is already pretty divided internally come together to drive the innovations needed to compete across a range of business segments that to one degree or another are under siege?”
Yikes, multiple publications, including BusinessWeek, are reporting that HP CEO Mark Hurd has abruptly resigned following an internal investigation into whether he had violated the company’s sexual-harassment policy. Hurd (Update: Hurd’s bio has been scrubbed from HP.com. Now he’s on a page which lists former HP CEOs) was reportedly cleared in the sexual harassment allegation but had violated a personal conduct policy.
HP’s CFO Cathie Lesjak will act as CEO on an interim basis while the company looks for a replacement.
I’m not going to bother looking into the details of what Hurd allegedly did. He’s gone now. And that’s huge. This is one of the biggest technology companies in the world. It is poised to compete for a huge share of the networking market. And suddenly the CEO who is credited with turning HP around after some years of struggle under mediocre leadership (*cough* Carly Fiorina *cough*) is gone.
What happens now?
HP ProCurve has long been a niche, low-cost networking vendor popular among small and midsized businesses and enterprise campus networks. Under Hurd’s leadership, the ProCurve business became the number two enterprise networking vendor, and took an even bigger leap forward earlier this year when it closed a deal to acquire 3Com and its promising H3C networking and TippingPoint network security brands.
Now Hurd is gone. There is no way of knowing what direction a new CEO would take the company. It’s probably safe to say HP’s board of directors will expects a new CEO to maintain a commitment to networking, given the sizable investment HP made in 3Com. HP has a lot of momentum in that area, but will we see some shifts in strategy under new leadership? Who knows?
It will be important to watch how other key HP executives respond to this scandal. Senior Vice President Marius Haas, general manager of HP Networking, has been widely credited with the rise of HP’s networking business. Above him is Executive Vice President Dave Donatelli, general manager of HP’s Enterprise Servers, Storage and Networking. If either of those guys jump ship, take note.
Also, HP is a public company. When a public company has a leadership shakeup in the midst of a run of success, Wall Street balks. If the stock price stumbles badly, HP’s leadership may be forced to make some short-range scrambling in response.
Are you at the point where you need to update the old Cisco Catalyst 6509s in the core of your data center? If you are, you’re probably looking at the Nexus line of data center switches that Cisco has been promoting for the last couple years. Many enterprises are trying to decide whether to migrate from Catalyst to Nexus or to look at Cisco alternatives — either one of the newly risen big guys like Juniper and HP Networking or some of the long time data center networking specialists like Force10 or Brocade (formerly Foundry).
Jeremy Filliben, CCIE @3851 just blogged about his experience in migrating from Catalyst to Nexus in his data center. Basically he built a new Nexus LAN, with dual Nexus 7010s in his core, alongside his legacy Catalyst LAN and interconnected them before cutting over the Layer 3 Functionality in his network from his old core Catalyst 6509s to his new Nexus 7010s.
Jeremy goes into detail about the problems he’s encountered during this project, including some glitches with extranet BGP peering and spanning tree root migration. The BGP issue was caused by a overlapping third-party BGP Autonomous System (AS) numbers, which in Catalyst he had always handled by enabling the “allowas-in” knob on his internal routers. The feature isn’t available on Nexus yet. He traced the spanning tree issue to the fact that Nexus switches handle Bridge Protocol Data Units (BPDUs) in a way that is different from how Catalyst handles them. The issue will force him to keep the Catalyst 6509s in production longer than he wanted. Check out his blog about the Catalyst-Nexus migration to find out how he fixed these issues and learn about some other minor but annoying things he has discovered during the project.
Jeremy also pointed out a nice resource by Carole Warner Reece on her blog at Chesapeake Netcraftsmen which provides side-by-side comparison of the differences between IOS and NX-OS command line interface.