The Network Hub

August 5, 2015  4:29 PM

IT Strategy for WAN Procurement

Robert Sturt Robert Sturt Profile: Robert Sturt

IT Strategy for WAN Procurement and your organisations specific business strategy

The IT strategy element is perhaps one of the most powerful WAN procurement areas because, when used correctly, IT Managers are well position to align their specific business requirements with the MPLS network or VPLS service provider capability.

Strategy encompasses two elements. The first is your company strategy, competitive edge and business growth. The second is the procurement strategy your business will follow in order align your organisation with future WAN capability.

Over long periods of time, your WAN’s abilities and limitations are directly related to what the organisations is able to do on the network. How your users are able to really interact and make use of the network will affect their overall performance and, as a knock on, the organisations. And this is where the real problems begin. The majority of service provider salesman have a product to sell and will focus on your sites and bandwidth with the result being good commercials and a solution. But perhaps not correctly aligned. In some cases, IT Managers believe the approach of a quotation vs spreadsheet is an acceptable strategy. However, I’d stress the need to think a little more in-depth because connectivity is a major leading competitive edge for your organisation. The wrong decision will impact the business. When outsourcing to an MPLS provider a major point is to consider that your business goals may not align with those of the provider. A procurement strategy must be in place to ensure the best possible outcome. The problem is, IT Managers are often unaware of the key areas and vectors to consider. In the race to the best features and benefits, the typical service provider sales process will often miss key strategic elements of MPLS VPN procurement – it is critical that IT Management and procurement teams are armed with the best possible process to ensure this does not occur.

Your organisations strategy

Strategy means different things to different people. When considering company strategy, IT management will need to think about what makes the organisation competitive in the market place and the capabilities which relate to digital process and workflows. A recent article discussed how a Japanese retailed digitised their processes to allow rapid replenishment of stock. The underlying architecture was based on 70,000 computers which collected data of sold items each and every day. The data is analysed and a robust network delivered stock replenishment orders are completed. In addition, even the weather is considered. A strategic initiative must have an underlying network to deliver the data with maximum uptime. Without a robust architecture which support resiliency, traffic growth and application priority, these projects will ultimately fail.

Start with a diagnosis of your current situation

I’ll start with a statement (probably obvious but worth stating): “It doesn’t make sense to keep doing more of what doesn’t work”.

With MPLS network procurement projects I have been involved in over the years, perhaps one of the main reasons that projects do not succeed is indecision. IT Managers are faced with a tonne of service provider presentations which surround features and benefits which all sound the same. In the absence of tangible value, the decision is then based on price alone. If the savings are not significant, it takes a confident IT Manager to change service provider simply because the impact of another wrong decision is significant.

Further reading: Article on MPLS Providers

May 13, 2015  10:32 AM

Selecting a top UK MPLS Provider

Robert Sturt Robert Sturt Profile: Robert Sturt

I was recently interviewed by a new business startup forum about some of the key aspects of procuring WAN connectivity in the UK. The transcript from that interview has been sent to me for public domain release. I’ve pasted the content here. (Any questions, please let me know)

Readers embarking on a procurement project may be interested in the Techtarget version of our WAN Providers procurement Mindmap.

So, thanks for heading over Robert. Tell us a little about yourself.

Me: I’ve worked with and for major global service providers for well over a decade, mainly in a presales environment. I kept seeing the same typical issues and problems occurring within the WAN procurement process mainly due to commoditisation of WAN services, especially with UK MPLS market place, less with Global MPLS providers.

Interviewer: The UK MPLS providers market place is so competitive, for IT Managers buying WAN services, how to they make the right decision?

Me: Yes, the UK market can get a little crazy. We were asked to work with a client recently where they wanted to engage with around 15 of the top UK WAN providers. In this instance, we declined to help simply because the buying process was clearly based on a commodity decision i.e. just the end cost of the MPLS solution. I’m not saying for one minute that WAN costs do not matter but if price is your sole objective then your project may fail in one way shape or form. Making the right decision requires analysis of four major areas which include technical, process, strategy and commercials. In short, organisations must consider the specifics of their business to ensure they are aligned to the service providers in question. We call this an organisational approach to WAN procurement. I think you’ll agree, that’s a nice title 😉

Interviewer: Are you seeing any major changes in the market place?

Me: Yes and no. Yes, there’s advances in technology and lower cost of bandwidth. However, on the negative side, the major issue with UK and Global WAN providers really surrounds process. The majority of MPLS service providers are very much focussed on building bigger and better networks and allocate heavy front end sales force investment. Don’t get me wrong, investing in the network is great as the overall reach and performance increases and we all benefit. But, the process side of WAN providers is really the thorn in their customers side. As an example, adds, moves and changes are normally difficult to process with protracted delays. The reason is because the workflows are out dated and cumbersome and not at all suited to getting things done quickly and efficiently. We often hear clients talk about simple change requests which have taken up to a month to complete.

Interviewer: Based on your thoughts on process, are clients able to mitigate against this type of problem?

Me: It’s a good question. I think there is an answer. It’s all down to transparency. Within our sales process, the objective is to really gain an understanding of the end to end workflows a service provider goes through to deliver an actual service. Once you have an understanding, company and the service provider are in a position to build a process to help get around and delay caused. We have one client where they have pre populated forms which are saved on a shared cloud storage system. The forms also include video content so that anybody within their enterprise business is able to follow a change request through from end to end. We’ve also project planned the entire process so that our client knows what to expect in terms of timescales and delivery. This might appear to be a little overboard but it works and we are seeing huge improvements working with the largest of service providers.

Interviewer: It must be difficult to get through the marketing of service providers, are their any areas where service providers are not transparent on a regular basis?

Me: Goodness, there’s a fair few areas I could talk about. Let me think about maybe the top three.

One of the biggest areas is coverage. I think it’s safe to say that the major service providers offer a decent level of coverage throughout the UK but there are providers which claim to have 98% coverage but it’s arguable whether or not they are being completely transparent. If we consider both UK and Global MPLS, there’s a few elements. One is the access from your office building through to the local exchange and then to the providers edge network. The access from building to the providers network is called a tail circuit (apologies to those of you who already know this detail). The part you want to concentrate on is the providers edge network – we call this the PE (Provider Edge) which represents the first port of call into the providers MPLS WAN network. To get back to the point. Some UK WAN providers are suggesting they have 98% coverage but they are in fact talking about their ability to buy in wholesale tail circuit access and not the access into their MPLS core network. We’ve seen some providers running only a couple of main Provider Edge nodes in the UK which dramatically decreases their ability to offer you a diverse and resilient solution. I think this is a key area to focus on right now, we keep seeing this issue occur time and time again. When considering global connectivity, it is more about whether or not the international WAN provider has staff on the ground and actual connectivity rather than NNI agreements. NNI’s are network to network interconnects and describe the way in which a service provider will connect your site via a 3rd party network provider.

Another area is resource. With the cut backs in the economy, we’ve witnessed many providers cutting back office staff but increasing their sales force. What often happens is that the client signs up for their WAN and subsequently experiences delivery issues because there’s simply not enough staff within the service provider to keep track of each element. When coupled with systems which are not every slick in the first place, the delivery issues are compounded. It’s therefore important to ask for the particular number of staff in a given area and the amount of projects they look after at any one time.

I wanted to finally mention documentation. We hear service providers talking about a design pack. However, in reality, the documentation is not particularly comprehensive and there are no real defined processes to keep content up to date. And then throughout contract, nobody really understands the exact configuration. I will say that documentation is a real area where issues are caused. As an example, we worked with a client of one of the major global WAN service providers where their configuration had never been right throughout a 3 year WAN contract. Amazing but true. And yet the service provider in question had consistently said there were no issues with configuration and that everything was as it should be. We eventually confirmed this wasn’t the case and have an email from one of their engineers stating “this was the worst case of config he had ever seen”.

Interviewer: You mention documentation, how do you ensure the configs are correct?

Me: It’s difficult sometimes. The majority of service providers try and keep the router content to themselves in a managed environment. I think you have to insist on seeing the main content, without passwords of course, which will provide you with confidence that things are configured as you would like. We believe that documentation content should be clearly laid out and examples provided up front with workflows to keep your particular account up to date. It isn’t just the routers, it is all your references as well and details of any resiliency and diversity.

Interviewer: Do you have any general wise words for companies considering selecting from the top UK MPLS providers market?

Me: Sure. The goal has to be for the WAN to become an enabler to your business. The sad truth is that the WAN is normally a bottleneck. When we speak to clients expanding or introducing a new application, they are always concerned whether the WAN will adapt or cause delays to their project. In our minds, the WAN is another element to you business covering user productivity and providing a better service to your clients. Every business has a different route to market and your choice of service provider must be aligned to the specifics of your business. I’d start by analysing your existing WAN, work out where the strengths and weaknesses exist. So, work out what concerns there are and where the WAN has a detrimental impact to the business. The way we complete this work is to create an outline of each section and ask the team to input into the content which forms a report with a conclusion which describes how the WAN impacts the business. When engaging with new service providers, this initial work positions you well to begin discussion with potential top MPLS providers. If we consider that telecoms services are becoming commoditised but solutions are becoming increasingly complex with delay sensitive applications, IT management really must consider their next WAN carefully. With the data you collect from looking at existing services, your company strategy, applications and processes should be documented to build an agnostic set of requirements. How successful you will be in this endeavour will be dependent on expertise to be honest.

The basic point is this. Any UK WAN or Global WAN provider will not deliver their value at much deeper levels unless you also input into the sales process. Without aligning your business requirements with the service provider, you may end up deciding between a long list of features which can be very difficult and time consuming. The whole ethos behind this approach is to avoid commoditisation of your requirements. If you cannot define the differences between two different products then the only element left is price. Sure, it’s good to obtain great MPLS costs, but not at the expense of service.

Further reading: WAN Outsourcing

February 12, 2015  9:28 AM

What Samsung’s Smart TV is really saying about you

Sonia Groff Sonia Groff Profile: Sonia Groff
Data, Data privacy, Internet of Things, iot, Network, samsung, Security

The recent publicity about Samsung’s Smart TV listening in on private conversations has received a lot of public attention, but this latest privacy issue is nothing new to the technology community.

The Internet of Things (IoT)–and the implications resulting from millions of Internet-enabled devices becoming part of everyday life—is a topic that has been at the forefront of almost every technology conference and 2015 predictions list over the past year. Indeed, the challenge of protecting consumer privacy while delivering high quality Internet-connected or, “smart,” devices is one that IT professionals have been grappling with for some time.

At this point, there is no definite answer when it comes to how we can make sure our information is secure in a rapidly changing technological landscape.

Samsung is just the latest example of how IoT affects the consumer. Samsung’s privacy policy—just recently modified by the way—acknowledged that voice-activated commands can be recorded and sent to a third party. Samsung says it included this information in its policy so that consumers would be aware of how their information is being used. The company revealed to the BBC that the third party that receives the information is Nuance, the Burlington, Mass., vendor that specializes in voice recognition.

Samsung’s nosy TV is among the first major illustrations of how the general public may be affected by the Internet of Things. Judging by the backlash reported in the news, a lot of people aren’t too thrilled about having their personal information recorded by their no longer benign television display.

And this won’t be the last time that privacy issues regarding smart devices will arise. Innovation cannot be stopped. But according to Jim Hunter, chief scientist and technology evangelist at managed services security provider Greenwave Systems, it can be controlled.

According to Hunter, the simple step of changing the name “data” to “content” is one way to go about solving the privacy issue. As he told SearchNetworking, “There are similarities between the data in media systems and the data in activity systems. At Greenwave we think about them in a similar way and arrive with a similar security strategy. Bur instead of calling it data, we call it ‘content.'”

That new perspective presents a unique approach to data. “If you think of data as content you can create the same types of contracts that regulate how content can be consumed.” To that extent, Hunter says, sharing content now becomes more of a personal decision. “Who do you share your camera or door lock with? This can help reduce data privacy concerns,” he said.

Another key point: Many companies neglect to include security when designing a new product. They don’t see how security impacts the business. To Hunter, partnering with software providers that provide security applications to a device should be a logical step in the production process.

Hunter offers one way to deal with this new data privacy issue, but other companies are working on other strategies. The most important thing is to be aware of is the impact that IoT will have on data privacy and how stronger security measures can be beneficial to both the consumer and to business.

January 30, 2015  11:31 AM

Challenges of Global MPLS Network Procurement

Robert Sturt Robert Sturt Profile: Robert Sturt

Companion resource: The Techtarget version of our free IT Managers step by step Global MPLS Network procurement Mindmap. Every risk, pitfall and opportunity outlined at a glance.

In this article, I share my thoughts on successful WAN sales process surround creating a diagnostic environment.

An approach which considers your existing VPN strengths and weaknesses which relate to specific areas within global MPLS network procurement is a good foundation for WAN procurement execution. However, I also consider expectation setting to be the next area of value led sales, particularly when buying Ethernet telecoms services such as a secure and private global MPLS network capability. One of the main consistent feedback points we received during our own WAN procurement research told us that IT teams are better placed to work around problems and issues if expectations are set up front. When expectations are known, contingency plans are built and senior members of the business at least know the potential impact and are able to react accordingly – perhaps delaying a project and so forth.

With this in mind, I thought I’d write content on some particular areas which relate to global MPLS procurement – at layer 3 and layer 2. There are indeed some specific challenges which relate to the global arena vs their national counterparts. In this article, we’ll discuss some of the main areas to consider. MPLS and VPLS services offer fantastic scalable and fractional bandwidth with 100Mbps Ethernet as the standard with a high prevalence of 1Gbps Ethernet circuits.

There are multiple areas to consider when writing about global MPLS network procurement, if we were to write about every single area in one article, you would end up with an ebook. Statistics, reporting, change process, routing, strategy and so forth all deserve an article of their own. With this in mind, I will continue to write more content moving forward.


We talk about transparency a fair amount within our day jobs. In any complex services arena, potential customers need to be sure the service providers they are working with are providing the necessary data and information outside of marketing collateral. In order to be sure this is the case, we recommend the creation of an RFI (Request for Information) which asks relevant questions to force the required detail on capability.

Some of the key RFI areas are follows (Request our template)

Carrier and Provider Reach – PE (PROVIDER EDGE)

IT Managers will no doubt be aware that a fair amount of marketing exists within the market place. Where service providers are professing to offer a high percentage of global coverage, the detail behind the marketing deserves careful consideration and thought. The capability of reach is governed by the scale of PE (Provider Edge) coverage. The PE represents the entry into an MPLS network, i.e. connectivity prior to the MPLS Provider Edge will be based on tail circuit local loop circuits. Application latency will normally be predicted by service providers as an average across their core network. When considering global networks, the performance of delay sensitive traffic such as voice and video may be within latency parameters (SLA) at first glance but the addition of local loop delay may render the application unusable. When armed with the data regarding global MPLS network PE coverage, it is possible to approximate the distance from the PE to your office which will allow your team to estimate latency delay. Readers should note that a local loop circuit does not travel in straight lines and therefore any estimate of tail circuit length is just that, an estimate. In our work we often ask the provider to demonstrate live ping data from their PE to existing clients CE (Customer Edge) devices. The live data will also help to predict performance.

VPN Resiliency and Diversity

Leading on from our discussion on PE to CE latency, adding an Ethernet failover circuit will mean using a secondary PE device within the providers network. A second PE device will require a diverse secondary tail circuit which may extend the VPNs local loop length vs the primary tail circuit. The failover circuit additional tail length must also be considered to calculate the impact to applications if the primary fails.
We have witnessed designs which implement a second tail circuit using an alternative wholesale provider. Whilst at first glance this may appear to be a sensible option, neither provider will understand the tail circuit routing of each others local loop connectivity. The outcome will normally mean points of commonality through the VPNs network creating single points of failure. Organisations with a requirement to avoid any single points of failure should order a single provider product which is designed to route dual tail circuits with no points of commonality subject to survey.

Global MPLS Network Diversity

The Business Factor

There is an ongoing initiative to gain clarity on Enterprise global MPLS network & VPLS architecture vs business strategy, technical, cost and budget. The VPN carriers and the service provider market via carriers and providers is feature rich which sounds, as you will no doubt agree, positive. However, IT Management are faced with aligning their business specifics with the capability of prospective service providers which requires transparency with regards to true ability. Over the years I have collated data from experiences working with and for large Enterprise organisations allowing me to understand the key areas which require focus to achieve the best possible procurement outcome.
The problems are varied but in the main reflect an un-balanced approach to WAN procurement. When working with customers, their focus was often too far aligned with the technical elements vs business needs or IT teams were highly motivated by reducing costs. There isn’t a right or wrong as some projects are successful depending on criteria but an approach which creates a balanced framework to bring the business, technical and budget together provides the best possible outcome. There is also the danger of a service provider sales process which only consists of features and benefits rather than a diagnostic approach to your problems, issues and projects.

The overall challenges remain the same but today’s technology advancements are adding a further reliance on WAN connectivity. The cloud, collaboration, remote users and so forth only operate efficiently when connectivity is an enabler and not a bottleneck to performance. With this last statement in mind, support, agility, performance, resiliency, adds / changes, application QoS, migration, service management and stats (to name just a few!) must be capable of meeting your unique business needs.

Challenges specific to Enterprise Businesses procuring Global MPLS Network connectivity

Global organisations are faced with some specific challenges surrounding VPN migration and support. When considering migration, the regulations which exist within each region may impact the delivery of services. In addition, time zones, local language, access restrictions, bandwidth availability and local IT capability all conspire against an organisation to ensure global WAN provision remains a challenge. With this said, your organisation is not the first to go through the process. The Mindmap we have created also contains notes on expectation setting which allows your IT team to communicate back into the organisation concerning potential risks and pitfalls. As an example, the migration section will detail the areas which require highlighting in order to set expectations.
We mentioned expectation setting as (perhaps) the new era of the carrier / telco / provider sales process. When setting expectations, it is possible to gain an insight into the areas where particular focus is required. An an example, the ordering of dual Ethernet tail circuits is normally viewed as a single order from a carrier perspective. This ultimately means that the failover circuit is not delivered / handed over until the primary is delivered. Not good if you are working to timescales. With this said, it is often possible to separate out the circuits ensuring the primary is delivered outside of any reliance on the failover circuit. This is really just an example of expectation setting, if you are armed with this information up front, the business is able to make decisions accordingly.

Hybrid WAN approach to Global MPLS Network Connectivity & networks infrastructure

The service provider arena is awash with acronyms and buzz, the cloud being one example. The past has often focussed on one particular product as ‘the standard’ all Enterprise organisations should adopt. However, today’s designs and business requirements dictate that a hybrid approach to WAN design is widely adopted. The use of MPLS, VPLS, VLL, IPSec and so on is more prevalent than ever as users expect to securely connect whenever and wherever they are located. As an example, the new Cisco iWAN capability provides a single device to terminate multiple connectivity types reducing complexity and cost. MPLS, VPLS & VLL offer a standards based private WAN infrastructure which meets high security standards required within Enterprise organisations today. These products offer some great business benefits, a hybrid approach ensures your business is able to deliver real value based on firm requirements.

Layer 3 and Layer 2 access types and design / advantages

We have mentioned technologies such as MPLS, VPLS and VLL within this article, let’s explain some use cases.

MPLS VPN – Multi Protocol Label Switching – A layer 3 VPRn (Virtual Private Routed Network)

We’ve written a fair amount of content regarding MPLS, readers wishing to learn more about the history of the protocol should visit either of the following articles:

MPLS VPN Longform article
MPLS Network Longform article

In short, IT management refer to a layer 3 Virtual Private Routed Network as MPLS. Rightly or wrongly, the term MPLS is used to describe a private routed VPN. The correct term is therefore VPRn but, for the sake of continuity, we will continue to refer to VPRn as MPLS.

In today’s market place, MPLS offers a private based routed network either managed or unmanaged with a productised set of supportable features including QoS (Quality of Service) configured across a core / customers routers. MPLS remains the standard for all organisations looking to outsource connectivity for the majority of requirements. Available on an international basis with or without managed routers and devices.

VPLS VPN Networks – Virtual Private LAN Service

VPLS is not a separate service to MPLS. In fact, VPLS is an evolution of the MPLS protocol. The service provides much the same any to any connectivity with QoS (Quality of Service) support when compared to MPLS VPRn networks – the difference is that VPLS offers layer 2 access, stripping off layer 3. As an example, when considering data centres on a global basis, VPLS offers the ability to extend the LAN across geographical locations. Extending the LAN will enable resources to be added as required, irrespective of location. If readers imagine a scenario where further servers are required because a datacenter has reached capacity, an alternative site may be used and added to the same LAN. Clustering and resiliency is maintained across the layer 2 topology.

VLL – Virtual Leased Line

VLLs are a further evolution of the MPLS protocol providing point to point and multipoint Ethernet connectivity over distance. Often referred to as pseudo wire services, a VLL circuit offers greater reach vs dedicated fibre which is subject to distance limitations. However, whilst latency and security are clearly very good, the service is not comparable to dedicated fibre which is a per customer (not shared) wire speed latency product.

The majority of MPLS, VPLS and VLL services are based around 100Mbps Ethernet and 1Gbps Ethernet services.

Application Performance – Global traffic latency and jitter across office, mobile and cloud

We alluded to tail circuit length creating additional latency earlier within this article. When documenting your existing VPN applications and their usage profile with future project and strategy, an indication of real world performance should be profiled. The majority of international providers and carriers will offer global MPLS network capability directly connected to their backbone within major cities and regions. However, the prevalence of mobility with cloud means a fair amount of traffic could / will originate from various locations across the world. The impact of regional connectivity is that certain content may need to be restricted to avoid user dissatisfaction. Applications are becoming more connectivity aware and will not operate unless optimal conditions exist. In either scenario, aligning user applications, there profile and potential access points will allow your business to understand implications.

General network advice

Overall, the procurement of global networks, multi protocol label switching or otherwise, is perhaps more challenging vs national provisioning for the reasons we have outlined. As we move forward with VPN content, we’ll update the section at the end of this post with further recommended reading. Our intent is to write more about MPLS networks and connect their migration challenges together with video tutorial content.

Connect to our LinkedIn Group

An MPLS WAN Article
describing thoughts and advice
An WAN Service Providers
long form article

January 29, 2015  2:29 PM

Can a piece of software really determine if you’re ready to quit your job?

Sonia Groff Sonia Groff Profile: Sonia Groff
Big Data, Big Data analytics, College, Facebook, Netflix, Network, Predictive Analytics, Techtarget

The evolution of predictive analytics technology continues to be something to keep an eye on in 2015. Although the technique is nothing new to the average consumer – we see it every time Netflix recommends a movie or Facebook places an ad on our news feed – it might be time to pay closer attention to the affect it could have in our work lives. Whether that impact is negative or positive is too early to determine, but one thing is certain: Technology companies are creating big data analytics software to monitor employee activity and the sophistication and capabilities of that technology are steadily increasing.

Take Workday. The company’s cloud-based human resource management software is used by hundreds of organizations to oversee their employees.

Back in November, Quentin Hardy wrote in The New York Times that Workday takes big data analytics and goes a step further than Netflix and Facebook. Instead of merely suggesting a movie or an ad to click on, Workday’s software is now capable of calculating which employees are most likely to leave a company or overspend their budgets. After collecting this information, Workday offers HR managers options that can range from job promotions to reprimands. It’s this type of dynamic analysis that sets Workday apart from other vendors, observers say.

“There are other vendors talking about ‘predictive analytics,’ but what I think is different about Workday is that they are looking at publicly available data, such as job postings, and not just aggregating customer data or bringing in a third-party data set,” said IDC Research Director Christine Dover, in an interview with TechTarget executive editor David Essex.

So on the upside, these kinds of predictive analytic tools can help companies increase productivity, reduce spending budgets and recognize employees who excel at their jobs. But for every upside, there is a downside.

Hardy, for example, wondered in his Times article what impact Workday could have on college students who haven’t even entered the workforce. As Hardy wrote, “Workday is also used for school recruitment: Should knowledge of what companies like to see on a resume affect choices in curriculum design, or the kinds of projects students work on?”

Hardy has a point. So much of the growth in technology depends on innovation, which flows from creativity. I like to believe that many people are naturally creative, and when groups of people come together to solve a problem or create a product, the answers come from a diverse set of ideas. If students start basing their curriculum choices on what they think will look appealing to potential employers, that desire to conform might end up making everyone too similar.

Students and employees already face enough pressure to impress their professors, bosses and colleagues. Will they now also have to bow to the whims of a piece of data analytics software?

November 18, 2014  2:13 PM

CDC for cybersecurity? One group thinks it might be time

Chuck Moozakis Chuck Moozakis Profile: Chuck Moozakis

Do enterprises and other organizations need a CDC-like entity to help them in their fight against cyber attacks?

The Society for Information Management (SIM) thinks they might. Madeline Weiss, director of SIM’s Advanced Practices Council (APC), said the group is evaluating whether it’s time to create what she terms “a CDC for cybersecurity,” modeled after the U.S. Centers for Disease Control and Prevention. To that end, an APC task force last month drafted a proposal for such a body, dubbed the CIO Coalition for Open Security. Its goal? To create a framework in which companies can work together, across industries, and share information about malicious cyber activities—much like the CDC collects data and issues bulletins about outbreaks and other health-related developments to the nation as a whole.

The APC is no slouch. The council comprises 33 senior IT executives, most of whom are CIOs employed by large multinational corporations and government agencies. Although the APC usually acts behind the scenes in an advisory capacity, the cybersecurity problem is so critical that the group has been spurred to action, Weiss said in an interview conducted at SIM’s annual meeting in Denver earlier this month.

A large part of that push came from David Bray, CIO of the U.S. Federal Communications Commission, who recently spoke to the group in his capacity as a guest lecturer at Oxford University. Bray delivered a dim and “extremely scary” scenario of the future of cybersecurity, Weiss said, followed by some ideas about what the industry can do about it.

“He made the point that no one organization, no matter how big they are or how well-equipped, can solve this problem,” Weiss said. “He said success is dependent upon collaboration and openness–open in the sense that there is sharing of attacks, and that there is sharing of potential, of possibilities and observations and solutions and that there should be sharing within private, public and governmental sectors.”

Similar efforts exist within other sectors, most notably in the pharmaceutical industry, where Eli Lilly’s InnoCentive acts as a repository of crowdsourced solutions aimed at tackling unresolved R&D problems. Such an approach for cybersecurity, Weiss argued, could be equally beneficial, providing companies with early-warning information and other data they need to thwart attacks. In addition, a CDC-like organization for cybersecurity could connect security problem solvers with those experiencing security issues. For example, it might be able to produce a map of distributed denial of service alerts or act as an information clearinghouse.

“Working together, we can address this issue,” Weiss said. “Working alone, we probably can’t.”

The next step is for the APC to sketch out the framework that would support the coalition, including soliciting volunteers who would lead the initiative.

“Members have done some investigation and learned that there are [similar] activities in various industries, but they seem to be staying within their industries — in other words, lots of silos,” Weiss said.

“We plan to sponsor research that will help us understand who the current key players are and determine what has worked and what hasn’t,” she added. “We then anticipate pushing for combining efforts where feasible to facilitate broader and more open sharing [of information].”

November 18, 2014  9:32 AM

A VPLS Network procurement walkthrough

Robert Sturt Robert Sturt Profile: Robert Sturt

Organisations should never be forced into a features and benefits conversation with their prospective service providers. The majority of network designs produced by our BT Business partnership surrounds hybrid technologies, perhaps VPLS across data centres, layer 3 MPLS at branch sites, fibre services within the core and IPSec / SLL for remote users.  In certain sites, it makes sense to deliver a layer 3 capability, in others (such as data centres) VPLS is the clear option to deliver capability. In metropolitan areas, fibre is always a good option. This kind of features and benefits sales approach will result in missed requirements and essentially a MPLS or VPLS network solution which is not fit for purpose.

A good accompanying resource is the Techtarget version of my MPLS and VPLS step by step IT Managers procurement Mindmap which is available upon request.

The mindmap examines in detail the process and considerations to make vs your own business requirements. The overall complexity is dependent on not only your requirements today but also those which need to be predicted in the future. The IT team’s work is becoming more critical than ever to communicate needs as globalisation, security, application performance, user productivity and disaster recovery is driving a critical reliance on WAN connectivity. The ultimate goal, as ever, is to maximise uptime of resources and plan for scenario’s which are unlikely but would impact the business in a major way. The WAN may appear as though innovation is fairly stagnant, we don’t hear too much in the way of significant evolution and buzz around WAN connectivity. However, applications are evolving faster than they ever have before due to enhanced productivity, different ways of working and a desire to achieve efficiencies and this a competitive edge.

What is VPLS Ethernet

Virtual Private LAN Service networks provide the ability for companies to create a LAN structure between geographically separate sites. The traditional and default choice for IT Management is generally considered to surround layer 3 VPRn (Virtual Private Routed Network) – known as MPLS in the market place. We believe the growth of VPLS services is driven by the ubiquitous access of Ethernet coupled with private cloud based services. We will go on to to explain more about our findings later.

The key benefits of VPLS solutions surround a number of key points.

Perhaps the most popular discussion surrounds the ability to extend data centre connectivity (or essentially sites which contain resources) across geographical separation. The dream is to deliver global or national connectivity whilst maintaining a base level of configuration and thus avoiding IP address reconfiguration which is required with layer 3 networks (MPLS – Virtual Private Routed networks). We are aware that globalisation is growing with data centres located in far flung locations, the challenge of deploying applications is made easier with VPLS layer 2 WAN services. A VPLS solution will extend the deployment of your server clusters into different data centres protecting against major disruption.

In another scenario, service providers and enterprises often do not meet in terms of requirements vs capability. There are some businesses which are reluctant to allow a service provider access to their layer 3 management and routing, Perhaps the organisation is needing to serve an unsupported protocol which the service providers will not transport. In this example, the ability to layer on layer 3 is a clear advantage for VPLS based connectivity.

It would be remiss not to mention VLL (Virtual Leased Line) services as they are closely related. VLL’s are designed to emulate point to point  / multipoint fibre connectivity across an MPLS core network. The benefits are clear since MPLS provides the reach and emulation for circuits which would otherwise be too great in distance for dedicated fibre provision. 

In short:

VPLS provides any to any connectivity using pseudowires – Virtual Ethernet circuits provisioned as a full mesh topology

VLL – point to point or multipoint Ethernet pseudowires

A pseudowire is essentially point to point emulation of Ethernet.

One important distinction to make: VPLS is an evolution in terms of capability which is built and created on the shoulders of MPLS core networks. The majority of IT managers believe that VPLS is somehow a different platform to MPLS but the reality is, MPLS core networks are the foundation for layer 2 connectivity. In other words, todays MPLS networks facilitate layer 2 and layer 3 connectivity.


Prior to VPLS becoming a mainstream technology, organisations were not only limited by distance related issues across layer 2 fibre but also dedicated high speed data circuits equalled high costs. The telco’s already owned significant core networks with layer 3 capability, the addition of a layer 2 VPN capability made sense.

Some serious benefits to consider

An organisation with a private cloud (their own hosting facility) requires further virtual servers on the same LAN segment. However, space is running out fast. In this scenario, a further data centre could be added with a connection into VPLS. Once connected, further virtual servers are able to be installed which will appear on the same connected LAN as the older full data centre facility. The plus point is clearly demonstrated to surround seamless LAN connectivity. The added benefits of a geographically separated site surrounds disaster recovery and resilience since the loss of a DC will ultimately partially remove some connected hosts but not all of them which offers greater uptime.

You have the desire and capability manage your own routed network. As the name suggest, the procurement of VPLS is at layer 2 which leaves layer 3 routing to be setup as required. Service providers set a base level of capability for MPLS.

We worked with a client recently which had decided to implement a cloud server cluster strategy for redundancy and scalability. With each cluster needing to reside in the same VLAN and network but with geographical separation for further redundancy, the organisation looked to VPLS. which enables extended VLAN. In addition, their data centres were encountering issues with power and cooling. The addition of a further datacenter allowed the client (as per point 1)

Consideration of VPLS vs MPLS

VPLS is built using a service provider product term called EVC’s (Ethernet Virtual Circuits). This is a marked difference when making a comparison to MPLS. The use of EVC’s is perceived as a scalability issue since, as network grows, the network performance may be impacted meaning there is an ultimate ceiling in terms of how many EVCs each provider router may support. The majority of providers will brush over scalability since their core networks are, over time, increasing in their ability to scale which increases their ability to support greater EVC’s. In the majority of cases, there is no need to worry or be overly concerned but clarity should always be requested depending on which provider readers are considering.  On the counter point, MPLS (or rather layer 3 routed networks) are truly connectionless from the perspective of scalability.

VPLS network terminology

As I have previously mentioned, VPLS is a layer 2 VPN across an MPLS core network. When considering providers, procurement teams will often be faced with acronyms such as PE or P which refer to the edge and core devices within a network.

The PE device refers to the Provider Edge which is essentially the edge node into a service providers network. IT Managers are advised to understand the true PE capability of prospective service providers since PE coverage determines scale and diversity options. The P device is the ‘Provider’ core aggregation devices within the centre of their network used to scale the MPLS core network. 

VPLS Network Acronyms

Some thoughts regarding VPLS network procurement

In general, VPLS is sold as an unmanaged service with Ethernet handoff. With this said, in some instances, the provider will offer a managed service whether this is based on a Layer 3 switch or a router. As with any WAN procurement project, the advice is to carefully consider the service capability vs your specific requirements. The Mindmap not only details some of the specifics of VPLS but also the key vectors we know to matter across application performance, uptime, topology, strategy and budget. In general VPLS services should be viewed in the same way as the more traditional layer 3 from the perspective of SLA which includes latency, jitter and uptime guarantees. Clearly an unmanaged service creates a very different adds, moves and changes process vs managed services. The typical approach when making changes is often surrounded by ‘clunky’ processes which creates delay. One of the real plus points of VPLS, as we have mentioned within this article, is the ease of self managed services. We are seeing growth within the managed services sector where organisations are outsourcing the management to specialist organisations which overlay their services with the providers supplying the connectivity. This, we believe, is a major shift in thinking since the traditional approach is to use a single provider for connectivity and management. VPLS is creating an environment of adoption which creates a little more freedom when considering how to manage services on an ongoing basis.

All of the concerns surrounding MPLS procurement are essentially the same when considering VPLS. We are in effect talking about layer 3 vs layer 2 which both using an underlying MPLS core network.

We have written a fair amount of content on WAN procurement, both MPLS and VPLS but the core of our approach remains the same. It is clear that organisations which achieve better outcomes when they are able to align their business specifics vs the service provider capability. In short, if you consider applications (as an example), our approach to execute WAN procurement involves understand how the application performs today but also how performance may be increased to improve productivity. In some instances, improving application performance may not relate to the technical aspects of a capability but perhaps admin tasks such as adds, moves and changes. As organisations begin to understand how each provider might provide a capability which adds a competitive edge, the WAN becomes and enabler rather than the typical bottleneck.


VPLS is a growing technology which, in part, is due to the emergence of cloud based solutions, whether private or public. Server clusters often require geographical diversity, VPLS networks add a unique capability here. The ability to add, remove servers as required across a layer 2 Ethernet WAN with any to any connectivity. The simplicity of layer 2 is now available across the WAN offering seamless connectivity on a Global basis. As a counter point, layer 3 services offer an out of the box routed network supporting a standard capability. As I wrote toward the beginning of this article, we are finding most project result in a hybrid approach for design. This means that VPLS is a another building block for organisations to use in their pursuit of connectivity and cloud excellence.

Additional reading: MPLS Network long form article

WAN Service Providers long form article

October 29, 2014  2:55 PM

Taking the pulse of Wi-Fi-enabled healthcare devices in an IoT world

Gina Narcisi Gina Narcisi Profile: Gina Narcisi
Internet of Things, Network

Wi-Fi connectivity is a great luxury to have in public places to power your favorite app, but what if your life-saving medical device relied on the wireless LAN to work?

Hospitals are using wireless devices and equipment — ranging from small patient monitoring sensors, to pharmacy inventory systems, all the way to large imaging systems — to care for patients. Needless to say, reliable, consistent Wi-Fi connectivity has become a critical network asset, rather than just a “nice to have” feature for many healthcare facilities.

As the Internet of Things (IoT) gains traction, Wi-Fi vendors are working to ensure they can offer their customers the functionality and management tools they’ll need to support the influx of Wi-Fi-enabled devices requiring network access and attention from IT. “It’s clear that for a lot of our customers, more devices are ‘turning on,’ or requiring network access, rather than just the typical user devices people are carrying in,” said Bruce Miller, vice president of product marketing for Xirrus, a Thousand Oaks, Calif.-based Wi-Fi vendor.

Healthcare certainly isn’t the only industry grappling with supporting IoT devices. However, most other verticals aren’t faced with the challenge of supporting devices that are saving lives. Xirrus is currently working with healthcare customers, as well as customers that develop Wi-Fi-enabled medical tools and devices for the IoT. Miller also highlighted some of the wireless LAN design considerations enterprise IT teams supporting IoT devices should know.

Right out of the gate, many medical devices aren’t easy for IT teams to support. This equipment often comes with low-end wireless cards because they don’t have high bandwidth needs — especially in the case of a sensor that is reporting patient data, not streaming live video. Additionally, healthcare environments are also very “noisy” from an RF and coverage perspective, Miller said. “There are a lot of devices than can interfere [with Wi-Fi signals] – we’ve even heard of up to 20 devices in one patient room,” he said. “The number of devices is getting extreme, and in some situations, that can pose a lot of challenges.” Most healthcare facilities are also filled with many small rooms with a lot of walls that cut signal strength down, and radiology labs with metal-coated walls that are difficult to penetrate, he said.

Xirrus is encouraging its healthcare customers to design for dense environments by deploying direct, in-room Wi-Fi close to the client. This means more access points are needed in an IoT-enabled environment.

Once the wireless LAN has been bolstered to address the sheer number of devices that need support, IT must be able to understand and identify all Wi-Fi-enabled equipment in their environment, Miller said.”It’s key to be able to separate out what kind of device something is, what it does, how it operates differently from another kind of device, and lastly, how it [needs to be] supported,” he said. “We’ve been doing this for a while — helping customers understand the difference between a laptop, tablet or phone, so now it’s just extending that visibility further.”

In addition to understanding what the device is, IT has to be able to make sense of the data coming from the device in an intelligent way. Then, the information must go to the right place, like patient stats to a monitoring nurse or physician or alerts to IT if a device has been moved or stolen, Miller said. “We’ve had to look at the health of…a greater variety of clients, and put those capabilities into our systems to allow IT to troubleshoot,” he said. If a device keeps disconnecting and reconnecting, or generating a lot of errors, Xirrus’ network management tools can monitor those network health stats and provide alerts to IT. “Sometimes, it’s as simple as updating a driver or software on a device, or maybe [the device] is in a bad coverage area, and IT needs to know about that, too,” he said.

Wireless LAN design and deployment has changed dramatically over the years, and they also can vary by industry. “On our side, we’ve turned our procedures and best practices upside down from what we used to do just a few years ago…We also base our products on upgradable hardware so business don’t have to roll out a whole new set of products when things change in their environment,” Miller said. “We recommend higher signal strength everywhere, 5 gig everywhere, and being able to support an adaptable infrastructure that can conform to new requirements.”

October 6, 2014  8:21 AM

Thoughts on achieving good MPLS costs

Robert Sturt Robert Sturt Profile: Robert Sturt

MPLS CostsIf your idea of obtaining good MPLS costs is to throw a spreadsheet of sites together and hope for the best, you might be disappointed. In this article I share some of my experience where projects have achieved some excellent results.

Part of creating a WAN proposal is building a specific capability aligned with your business. A capability and not a bottleneck. The truth is, most clients I speak with regarding change are in a poor situation because there was never any work completed to understand whether their existing WAN was in alignment with their business. A major component of this work revolves around understanding which areas of both your organisation and the service provider capability are matched.  To complete this work requires an understanding of both sides of the coin. In the first instance, IT Managers need to consider particular aspects of their business from strategy through to application performance requirements. On the provider side, each and every key area which has the potential to impact your business should also be clearly understood. I’ve often been involved in a situation where the information provided by an organisation in order to price up their WAN is little more than addresses and bandwidths. In this scenario. the decision making process defaults to little more than a commodity based purchase. In the absence of value, all you are left with is price.

Dealing with special pricing teams

I have also been involved in a good amount of special bid’s. You know the kind of situation. One provider is more expensive than the other but features appear equal. Senior members of a business don’t really get the value and therefore instruct their IT management team to obtain MPLS costs at their best available rates. The problem occurs when the provider is faced with the spreadsheet I mentioned earlier. The special bid team working on your account is unable to determine whether their is serious buying intent because they don’t have a well aligned design in addition to the spreadsheet. The answer then is fairly simple. Providers (and special pricing teams) need to see buying intent, they need to know that their hard work will not be wasted on a fruitless exercise. So, whilst your intent may well be mostly ‘lowest possible pricing’ based, remember that the teams within the provider recognise which deals are more likely to result in a sale.

A base level of data to achieve great MPLS costs

If you consider a base level of data which should be the minimum required to achieve good pricing, I would suggest the following elements.

  • Topology diagram presented in Visio format (including failover)
  • Applications, listed by priority with QoS (Quality of Service) settings
  • Your business strategy in terms of decision making process with time scales

Over and above these elements, a complete statement of requirements (SoR) will provide a major benefit to both your project and the goal of achieving MPLS costs from the providers with which you are in discussions. An SoR is a thorough document which is designed to look at every aspect of your particular business including the motivation for your project, the existing service provider and their pain points and issues together with a revised design based on these specifics. When preparing SoR content, a templates approach is required to ensure certain elements are not missed when creating the documentation. In the day job, we consider every aspect including:

User experience to the user behaviour which is increasingly mobile on a global basis. The users within your network require ubiquitous access to resources no matter where they are located.

Quality of Service – The level of bandwidth a priority required for each application on the network. Careful consideration must be given to where the traffic is sourced and destined.

Failover – Consideration of failover design and type. For example, the failover product should be designed whether the uptime is based on fibre primary and fibre failover or most cost effective copper including EFM and broadband.

Further reading:

Step by Step MPLS Procurement Mindmap

Network Projects

October 6, 2014  7:02 AM

BT IP Clear Playbook for UK IT Management

Robert Sturt Robert Sturt Profile: Robert Sturt

US readers will no doubt tune out but wait. Although BT IP Clear is a UK based service, the technology refers (as a rule, there are exceptions) to unmanaged connectivity from BT. The US market is largely unmanaged vs the UK’s preference for managed services when procuring WAN connectivity. So, take a read through and compare a flagship UK product vs your US service provider capability. BT are no longer using BT IP Clear as a product name but the majority of IT Managers still refer to their wires only product using this brand reference. BT IP Connect is now the flagship product which also includes a wires only version together with fully managed routers where required, both Global and UK. Within the rest of this article, we’ll talk generically about the BT IP Clear capability.

      • Reach and Diversity for failover – BT’s national coverage of Provider Edge (PE) devices to terminate your circuits
      • SLA – The national latency, jitter, uptime and install figures
      • Circuit types – From Gigabit Ethernet through to ADSL
      • Other services – cloud, SIP and remote access

We have been spending a substantial amount of time over the last 18 months improving and honing our WAN procurement content. In some respects, this work is slight selfish since we are, in tandem, documenting our own sales process. Our original WAN Mindmap was generic and contained the pitfalls, risks and opportunities associated with MPLS & VPLS procurement. It is still, by far, our most requested content. Good news – when we embarked on the BT IP Clear version, we really wanted to create something which would specifically detail the procurement process as it relates to a particular product. The IP Clear service is generally positioned as wires only product and therefore attention should be paid to the attributes of a self managed service.


BT’s MPLS network is known to be well engineered and essentially covers the UK and, in the case of Global Services, the rest of the world. Gartner recently announced BT would remain within their magic quadrant because of their capability to serve global Enterprise clients. You may be forgiven for wondering how BT Global MPLS has anything to do with the BT IP Clear UK product? The same resources and investment is put into the network as a whole. As the global network evolves, so does the UK capability which increased bandwidth and presence with POP’s (Points of Presence) becoming more wide spread adding diversity and performance increases. If you ever read BT product description, the capability also mentions global reach. This said, IP Clear has always been associated with UK coverage. However, it is possible to procure a UK VPN from BT and connect international sites at a later date should your organisation grow by acquisition.

The following map details existing coverage in the UK.

BT IP Clear CoverageIt’s pretty easy to notice that the UK is well covered. Ultimately, this means your sites have less distance to travel to the nearest point of network entry. This not only reduces costs but also has the added benefit of diversity choices and the best possible latency.

The more PE nodes a provider has, the easier it is to create a diverse network. Within the generic procurement Mindmap, we always advise asking any potential provider for their true PE coverage as this will demonstrate your ability to create diversity and also demonstrate the providers true MPLS capability which is often covered up by marketing.

Let’s look at an example.

The BT Secure Plus product is designed to avoid any single point of failure. With full diversity, two routers will be configured running HSRP (Hot Standby Routing Protocol) or load balanced depending on your requirements. (Being self managed).

From the routers, BT will look to use two different points of exit from the building. Whether or not this is possible depends a) whether two points of entry exist and b) whether or not there are any restrictions on the building from the perspective of creating another entry point. Once the circuits leave the building, diverse paths will be attempted to ensure seperacy is maintained with dual BT local Exchanges used where possible. From the exchange, the circuits will ultimately arrive at dual BT Provider Edge POP’s.

As an MPLS network can carry both your voice and data traffic, you are effectively putting all of your applications under one circuit without diversity. Although you can achieve economies of scale by using MPLS a reliable service becomes essential or any savings you make by using the technology can quickly be eroded via productivity losses in the event of failure. By having so many POPs in so many key business locations BT can provide that piece of mind that we can reach a resilient POP sooner than any other provider in the UK.

Circuit types

There are a number of different ways to access the network, including connectivity from 1Gbit/s all the way through to standard broadband. One of the clients we are working with now are using the IP Clear ADSL product across 106 sites, only two of them are fibre based leased line products. There is a mix of availability with regards to DSL from standard ADSL2 through to FTTC (Fibre to the Cabinet). In terms of site issues, there are only 3 of the sites which are suffering from poor performance due to the locations being remote. BT are able to check site addresses to understand the kind of performance you will experience in the real world. The actual performance has been pretty good in terms of latency, here’s a live ping from the network which includes the LAN from HQ to a site connected via DSL:

Success rate is 100 percent (5/5), round-trip min/avg/max = 20/20/24 ms

CE_Router#ping .254 0.254

Type escape sequence to abort.

The performance of the above ping is more than good enough for VoIP (SIP) based services and mission critical applications. The upstream bandwidth may potentially become an issue over the longer term but, for now, all is looking good.

      • Lower cost fibre access direct to your site
      • EFM access, aggregating copper pairs (telephone lines) to offer a single Ethernet service with built in resilience and a lower cost compared to fibre
      • ADSL2+ integration as an access technology onto our WAN services
      • Superfast access through Fibre To The Cabinet (FTTC) and Fibre To The Premises (FTTP)
      • EMF and GEA access providers

BT IP Clear SLA (Full granular figures are included within the Mindmap)

The SLA is a commercial agreement, we always suggest organisations never design based on SLA figures and NEVER commit to the business that circuits will always perform to SLA parameters.

This said, the SLA will provide you with a good overview of predicted performance. If we know that traffic across the UK POP to POP will perform on average Xms depicted within the SLA, we are at least able to consider worst case performance. In general, latency performs better than projected SLA figures since they are always set as a monthly average.

The uptime guarantee is perhaps the most useless of all, in my opinion of course. (Not BT’s by the way, just SLA’s in general). For years we have seen figures of 99.9% as the standard for fibre based leased line connectivity. The fact remains that the SLA is of little comfort if your site is down and falls outside of these amazing averages. In this sense, it is important to design uptime based on the specific requirements of that site. The IP Clear product allows you to ensure services are built to maximise both productivity and performance regardless of the SLA figure.

Other Services

Clearly the WAN is an enabler to additional services such as the cloud and SIP. BT provide a number of different cloud based options for managed services which include hosting and colocation. These services may not be as applicable for clients looking to buy IP Clear self managed IT infrastructure but it possible to create a hybrid of services. Access to SIP is a possibility by two methods. The first involves separate access using a BTNet leased line.

The other alternative is directly via the  MPLS platform. However, the BTNet variant is a much easier product to implement since the product allows interface into existing ISDN-2 or ISDN-30 circuits – a Samsung device converts ISDN to IP. However, if true end to end SIP is required, access will need to be via the MPLS platform.

BT IP Clear Pricing

We are finding that project we are working on are producing some excellent commercials. As an IT Manager, you need to be aware that any project will likely yield better savings and costs when the requirements are fully outlined. The special pricing teams within BT are busy and therefore they take the projects with a good statement of requirements more seriously than those which consist of a spreadsheet and bandwidths.

Our senior designer has Distilled everything we know about BT IP Clear procurement into one of our single step by step A2 Mindmap. We borrowed some of our Techtarget MPLS VPN procurement workflows and essentially layered on the specifics of IP Clear service from the perspective of reach, latency, QoS (Quality of Service), fix times, uptime, change requests and additional BT products which interface into the capability including SIP and Cloud. Request the hybrid procurement Mindmap with added IP Clear capability.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: