Monday, May 2, 2005

Cisco Unveils Adaptive Threat Defense Appliances

Cisco Systems announced a family of multi-function security appliances aimed at stopping attacks before they spread through the network.

The new Cisco ASA 5500 Series, which builds on the company's PIX Security Appliance, IPS 4200 Series, and VPN 3000 Concentrator product families, delivers advanced adaptive threat defense services including Anti-X defenses, Application security, and Network containment and control. It provides customers with network-based Anti-X defenses for worm and virus mitigation, spyware/adware protection, network traffic micro-inspection, hacker and intrusion prevention, and Denial of Service (DoS) prevention, all with on-device security event correlation.

The Cisco ASA 5500 Series offers Network containment and control services that provide precise control and segmentation of users, application access and network traffic flows. These include Layer 2-4 stateful inspection firewall capabilities.

The ASA 5500 Series also provides VPN IPSec and SSL services that integrate with the adaptive threat defense technologies detailed above to help ensure the VPN connection does not become a conduit for threats such as worms, viruses and hackers.

Various models of the Cisco ASA 5500 Series scale from 300 Mbps to 650 Mbps.

MCI Introduces its Next-Gen Ethernet Services

MCI introduced its portfolio of next-generation Ethernet services. The announcement coincides with the completion of both field and customer trials of MCI Converged Packet Access (CPA) technology in the Chicago area.

MCI's Converged Packet Access (CPA) leverages Ethernet and MPLS. The architecture consolidates all services - Frame Relay, Private IP, IP VPN, Ethernet, Private Line, and voice - onto a single, customer Ethernet interface (10bT, 100bT and Gig E). Once an initial physical connection is established, MCI customers can logically provision capacity and services as needed without requiring physical changes to the network. MPLS tunneling technology is utilized to create logical channels that securely separate customer's services.

The Chicago Mercantile Exchange Inc. (CME) was one of the first MCI customers to move live traffic among customers onto MCI's CPA platform. MCI's Private Line Ethernet Services are used to connect more than 600 customers so trades are quickly received and transacted. CME will also utilize MCI's Ethernet Services to keep up with the rapid growth and international expansion of its e-trading platform into seven new European hubs as well as open its first Asia-Pacific hub this summer.

The equipment configuration for the field trial relied on the Tellab 8860 multi-service router, the Fujitsu FLASHWAVE 4500 Multiservice Provisioning Platform (MSPP), the ANDA EtherReach 2200 CPE and ANDA EtherEdge 4000 edge aggregation device.

MCI is launching its CPA architecture in 24 additional cities across the U.S. by year-end. Some of those cities include Atlanta, Boston, Dallas, Houston, Miami, Minneapolis, Newark, New York, Philadelphia, San Francisco, St. Louis, and Washington, D.C./Baltimore.

MCI's expanded Ethernet portfolio will include:

  • Global Data Link Ethernet (GDLE) Services, an end-to-end global private line service, that allows customers to connect geographically dispersed local and wide area networks via a highly secure, reliable and scalable platform. Service will initially be available from the U.S. to several European countries, including the UK, Belgium, France, Germany, Italy, Luxembourg, Netherlands, Sweden and Switzerland.

  • Private Line Ethernet Services, which enables U.S. businesses to connect locations nationwide,

  • Metro Private Line Ethernet Service, which connects business sites within the same region,

  • MCI Storage Transport Service, which enables companies to more easily implement storage area networking solutions (SANS),

  • and Internet Dedicated Ethernet Service, which allows companies to connect to the Internet using very high bandwidth, ranging from 1 Mbps to 1 Gbps.

Ethernet is also being added as an access option for MCI's flagship MPLS-based VPN and Private IP services.

MCI's new Ethernet offerings will be available on-net via MCI's fiber-lit buildings and off-net in select locations beginning in July. Unlike traditional data pricing models, MCI's Ethernet services are sold on a per megabit basis.
  • MCI's Converged Packet Access (CPA) architecture has four key components: (1) an Ethernet traffic aggregator; (2) a new Layer 2 and TDM grooming infrastructure; (3) an optical add-drop multiplexer; and (4) a packet-enabled service edge. This equipment allows MCI to aggregate traffic originating from one large business customer or many small business customers in a multi-tenant business building across a single, secure network access circuit. MCI is using an Ethernet over SONET infrastructure.

Sun Cites Momentum for its Grid Utility Computing

Since announcing its Grid utility computing initiative in February, Sun Microsystems has activated regional Sun Grid Centers in Virginia, New Jersey, and London, with customers from the financial and education sectors. Additional facilities are planned.

Sun said several high profile banks and ntertainment companies have completed extensive testing for Sun Grid. Sun has also launched a "sneak peek program," an early access program for pre-qualified Sun customers to test their applications for compatibility and performance on the Sun Grid.

Sun's new utility offerings include the Sun Grid compute utility and the Sun Grid storage utility. The Sun Grid compute utility -- provides customers with fully virtualized CPU memory and high-performance storage connected through a secure networked grid, at a price of $1/cpu-hr. Customers can use it for jobs such as Monte Carlo simulations, protein modeling, reservoir simulations, mechanical CAD simulations and similar non-transactional workloads. The Sun Grid compute utility will deliver a standard computing grid, powered by AMD Opteron processor-based systems, Solaris 10 OS and N1 Grid Engine, to help provide customers optimal performance, functionality and security. The Sun Grid storage utility -- supports customers' grid jobs at a price of $1/GB-mo or can be used independent of the compute utility.

Internap Finds Half of all Internet VoIP Calls Below Acceptable Quality

Internap Network Services, which provides performance-based routing services over the Internet, has added VoIP route optimization and reporting functionality to its Flow Control Platform. The new functionality optimizes routing of VoIP traffic to enable enhanced call quality. The system allows user-defined quality metrics, such as mean opinion score (MOS) and jitter, to route VoIP traffic across an organization's IP network.

Internap said in network performance testing, which simulated over 1.5 million VoIP calls to destinations around the globe, it found that almost half of all VoIP calls sent over default carriers and routes were below acceptable levels of end-user call quality criteria. For one-third of the calls, Internap claims its technology can improve call quality and MOS scores.

Internap's Flow Control Platform is a network appliance deployed at the enterprise or service provider network edge. By intelligently routing traffic across multiple ISP links to conform to customer performance and cost policies, the FCP solution enables customers to intelligently load balance and optimize their networks. Latency is lowered by an average of 35% and risk diversity is ensured in the event of a carrier outage or brownout. The company claims significant bandwidth savings as well.

Fujitsu Europe to Resell Airspan's WiMax

Fujitsu Telecommunications Europe will resell Airspan's AS.MAX family of WiMAX broadband wireless access products, including its HiperMAX, MacroMAX and MicroMAX base-station products, as well as EasyST and ProST customer premise equipment. The two companies will also evaluate options for incorporating Airspan's WiMAX technology into Fujitsu's GeoStream Access Gateway portfolio of products.

Airspan's AS.MAX product family has been designed for indoor, self-installable deployment. The EasyST will offer fully indoor plug-and-play WiMAX services and is expected to be commercially available in Q3 2005.

Siemens Launches HiPath Wireless LAN Solution

Siemens Communications announced its new HiPath Wireless portfolio, a centrally deployable 802.11 WLAN system that works in any enterprise environment and on any existing data network or VoIP infrastructure.

Siemens said it HiPath Wireless portfolio represents a major milestone fo interoperability across multi-vendor systems. The solution, supported by a new line of comprehensive HiPath Services offerings, incorporates technology from Chantry Networks, which Siemens acquired in January.

Siemens' Layer 3 overlay architecture provides for centralized management and coordination of access points, security and user-based policy rules. Rapid subnet roaming supports real-time applications like VoIP without the need for re-authentication and re-keying as a user roams. Virtual wireless subnets are also part of the HiPath Wireless system's architecture, enabling enterprises to dynamically create user access policies for different campus locations and for different classes of users or applications. The HiPath Wireless Controller automatically provisions the right levels of access and quality of service for roaming users.
  • In January 2005, Siemens completed its acquisition of Chantry Networks, a Boston-based start-up that provides secure integrated mobility management solutions for WLANs. Financial terms were not disclosed. Unlike traditional Layer 2 switch-based offerings, Chantry Networks' BeaconWorks provides wireless connectivity directly over IP. Intelligent wireless subnets enable differentiated provisioning and policing between different types of user groups, over one physical network. The Chantry architecture is ready for later integration of WiMAX, and the access points are designed in such a way that devices from different third-party manufacturers can be integrated.

Taiwanese IPTV Set-top Vendors License ANT's Interface

Askey Computer Corporation and Alpha Networks, both of Taiwan, have licensed ANT's Fresco browser and PurePlay digital media manager technology for integration into IPTV set-top boxes (STBs) targeted to operators in the United States, Europe, China, Japan and Taiwan.

STB manufacturer, Askey, will integrate ANT's Fresco browser into an IPTV STB reference design to provide a customised user interface and access to operator-provided content. Askey will also incorporate ANT's PurePlay digital media manager to deliver a STB design with media manager capabilities. PurePlay provides photo viewing, MP3 audio and video clip playing, slideshow and media management facilities in consumer appliances such as TVs, STBs and DVD players.

Alpha Networks will utilize ANT's Fresco for the user interface on its new line of IPTV STBs. Alpha's IPTV STBs with ANT's Fresco professional-graded UI will support high quality MPEG-4 SP/ASP, WMV9, SMPTE VC-1 or H.264 (AVC) video.

Spirent's Avalanche 7.0 Targets Triple Play

Spirent Communications released a new version of its Avalanche platform designed to validate the readiness of the IP infrastructure equipment for triple play services.

Avalanche 7.0 features real-world user and triple play traffic emulation along with automation flexibility to test multiple dimensions of the network. This includes testing the capacity and functionality of both the network and network devices. Each test port can simultaneously assess application performance, QoS mechanism performance, Session initiation Protocol (SIP) performance, and IPsec, SSL VPN and firewall security performance under real-world user and application traffic conditions.

Spirent offers a "WorkSuite Manager" that can configure and automate test sequences according to user-specified goals. For example, if a user seeks to discover the maximum number of concurrent connections that can be supported by the infrastructure, WorkSuite can automate a sequence of iterative tests designed to continue until that specific maximum is discovered.

Pulse~LINK Promotes Multi-Protocol Vision for UWB

The UWB Forum has formed a Common Signaling Mode (CSM) Working Group to promote interoperability and coexistence of dissimilar Ultra Wideband physical layers. Pulse~LINK' CTO John Santhoff, who first proposed the concept before the IEEE 802.15.3 Task Group in Singapore of 2003, will chair this new group within the Forum.

"The many flavors of UWB that are emerging in the marketplace require the UWB industry to establish rules for Spectrum Etiquette that insure fair and equal access to UWB spectrum for all users," states Santhoff. "The Forum recognizes the fact that dissimilar UWB physical layers are going to exist for differing applications and is committed to insuring a positive consumer experience."

Pulse~LINK President and COO, Bruce Watkins, will join the UWB Forum Board of Directors. Additionally, Pulse~LINK's Director of MAC Development, Allen Heberling, was appointed as chair of the UWB Forum MAC Working Group.

Qwest Adds 85,000 DSL lines in Q1

Qwest Communications reported Q1 2005 revenue of $3.45 billion, representing the fourth consecutive quarter of stable revenues for the company. Net income per share was $0.03, which includes a gain on asset sales of $0.14 in the first quarter of 2005, compared with a loss of $0.17 a year ago.

"Our ability to stabilize revenues, as well as our continued diligence on cost containment and optimization, has resulted in meaningful margin expansion. EBITDA margins increased to more than 28 percent compared with 25 percent a year ago," said Oren G. Shaffer, Qwest vice chairman and CFO. Some highlights for the period:

  • Qwest added 85,000 DSL lines in Q1 2005, bringing its total DSL customer based to 1.1 million lines. Qwest added 81,000 DSL lines in Q4 2004.

  • The company's bundle penetration, defined as consumer retail lines with at least one additional service, including wireless, DSL or long-distance, increased to 47 percent compared to 35 percent a year ago.
    CAPEX totaled $313 million, compared to $455 million in the first quarter of 2004.

  • Qwest added 82,000 long distance customers in the first quarter, bringing its total to 4.6 million long-distance lines.

  • Wireless revenues were flat sequentially while wireless subscribers declined 11,000 in the first quarter to 743,000, an improvement from the decline of 24,000 last quarter. Nearly all of the decline occurred in the first half of the quarter before the migration to the usage-based network was complete. Qwest successfully completed the migration in mid-February resulting in reduced churn in the quarter.

  • Business retail access lines declined 36,000 in the first quarter, including 23,000 of UUNet disconnects, a significant improvement from year ago declines of 87,000. The company attributes the improvement in the rate of loss primarily to success in small-business lines.

Broadcom Offers Dual Port GigE Transceiver for VoIP

Broadcom announced a new dual port Gigabit Ethernet (GbE) transceiver designed specifically for IP phone applications. Since IP phones require dual ports to support both voice and data simultaneously, Broadcom's new transceiver is a great companion chip to its existing IP phone product family, enabling a two-chip Gigabit IP phone solution.

Broadcom said that as networks migrate to Gigabit Ethernet, the current generation of Fast Ethernet IP phones act as a bottleneck to PC data traffic as the IP phone resides between the network and the PC, supporting both voice calls and data using one Ethernet connection. In this configuration, the IP phone dictates the speed of the PC data traffic. The widespread adoption of GbE-enabled PCs by the enterprise market, coupled with the increase in corporate upgrades to support GbE, has created a critical need for IP phones to support Gigabit Ethernet to prevent bottlenecks between the network and the PC.

The new chip is the latest member of Broadcom's 0.13-micron Gigabit Ethernet-over-copper physical layer (PHY) device family, joining more than 25 additional quad and single port PHY/transceiver products. The dual port GbE transceiver is sampling to early access customers and is priced at $8.40 in quantities of 10,000 units.

Aruba Debuts Secure Personal Access Point

Aruba Networks introduced "Personal Access Point" (AP) software capability that enables corporate users to safely take their mobile corporate voice and data networks wherever they go using any broadband connection. The software works with all Aruba APs and mobility controllers and is QoS-enabled and voice protocol-aware, permitting prioritization of delay-sensitive voice traffic.

Users simply attach the Aruba Personal AP to a broadband IP connection, DSL router or cable modem in their home, remote office or hotel. Aruba's Personal AP automatically builds a secure IPsec tunnel to a central Aruba mobility controller, authenticates, self-configures and begins operation. If the broadband connection is behind a firewall, Aruba's Personal AP uses Network Address Translation Traversal (NAT-T) to connect to the mobility controller without requiring any user intervention. If the connection is behind a web portal, as in a public hotspot or hotel room, a mechanism is provided for users to complete the login process through that web portal.

Aruba Personal APs download security policy and configuration directly from Aruba mobility controllers. This eliminates any risk of security policy misconfiguration and the need for any technical expertise at remote locations. In addition, a lost or stolen Personal AP does not open a door to the corporate network since no encryption keys or other security information is stored locally, and users must still complete standard wireless authentication before being given access to network resources.

Aruba's Personal APs communicate user attributes such as authentication method, application, device type and protocol used to Aruba mobility controllers. This lets IT staff selectively restrict or allow access to particular applications or network resources based on how each user authenticates without having to create virtual LANs everywhere to segment different user groups.

A remotely-connected Aruba Personal AP works with existing 802.1x supplicants to provide secure authentication to the corporate network. Communication with the mobility controller is secured using IPsec.

Aruba Personal AP software is priced at US $250.

D-Link Offers Wireless Switch with Trapeze Smarts

D-Link introduced its first wireless switch for small to medium business customers featuring mobility software from Trapeze Networks. The D-Link AirPremier Wireless Switch is an eight-port Layer 2 10/100 switch that executes and maintains the intelligence of Trapeze Networks' Mobility System Software (MSS), which manages, configures and controls all aspects of thin access points (APs), such as the Trapeze 300 series Mobility Point.

With support for up to twelve simultaneously active, directly or indirectly connected APs or MPs, any switch port can be used for network connectivity, AP or MP connectivity, or both. Power over Ethernet capability is available.

D-Link said its wireless switch delivers Identity-Based Networking, which provides services such as virtual private group membership, personal firewall filters, time-of-day/day-of-week access, encryption type, authentication, usage tracking, location tracking, and associated network statistics. Multiple D-Link AirPremier Wireless Switches can be installed in any network to increase coverage area and capacity as needed.

Authorizations stay with users wherever they roam because the D-Link AirPremier Wireless Switches share the information, ensuring secure access and connectivity to the right services. The D-Link AirPremier Wireless Switch is specifically designed for distributed deployments in the wiring closet or small or medium offices, allowing for central maintenance and security.

The D-Link AirPremier Wireless Switch also performs Layer 2 forwarding and comes with extensive Layer 3-4 and identity-tracking capabilities. It integrates seamlessly with wired infrastructures and offers redundant load-sharing links, 802.1Q trunking, spanning tree and per-VLAN spanning tree (PVST+). It also supports IGMP snooping, which is vital to supporting IP multicast streams. Availability is expected in Q3.

Cramer and Nortel Team for Network Management Development

Cramer and Nortel are developing off-the-shelf software adapters based on standards from the TeleManagement Forum (TMF) that will connect Cramer's inventory management and process automation platform with Nortel's Optical Network Manager. The new standard, called "MTOSI" - multi-technology operations support interface, provides a mechanism for telecom operations support systems to exchange data.

VSNL Secures U.S. Gov't Approvals to Acquire Tyco Global Network

The FCC gave its approval to transfer the Tyco Global Network (TGN) landing station licenses from Tyco to Videsh Sanchar Nigam Limited (VSNL), India's largest provider of international telecommunications and internet services. The FCC's approval culminates a nearly six-month process that included a formal review by the Committee on Foreign Investment in the United States (CFIUS) as well as the Department of Homeland Security (DHS), the Department of Defense (DOD), the Department of Justice (DOJ), the Federal Bureau of Investigation (FBI) and other agencies to ensure the transaction would not pose competition, law enforcement, national security or public safety concerns.
  • In November, 2004 VSNL announced that it agreed to acquire Tyco Global Networkfor $130 million (not including the assumption of certain liabilities).

AT&T Settles Excite@Home Lawsuit for $400 Million

AT&T settled a lawsuit brought by the Excite@Home Bondholders' Liquidating Trust regarding claims arising out of AT&T's former position as At Home's controlling shareholder. The settlement, which is subject to approval by the United States Bankruptcy Court in San Francisco, will result in the Trust receiving $400 million. The settlement consists of a $340 million payment from AT&T and the release of $60 million in reserves established for the benefit of AT&T in the Excite@Home bankruptcy.

Comcast will pay AT&T Corp. $170 million to reimburse it for Comcast's portion of AT&T's settlement. Pursuant to the terms of its acquisition of AT&T Broadband from AT&T, Comcast is contractually liable for 50% of the $340 million settlement amount for these lawsuits, which are described below. The settlement also releases all claims by AT&T and AT&T Broadband in the At Home bankruptcy.

The Excite@Home Bondholders' Liquidating Trust was established in the Excite@Home Bankruptcy to assert claims against the company's former controlling shareholders, AT&T, Comcast and Cox. The Trust was scheduled to begin a one to two month long jury trial against AT&T on May 2, 2005 in Superior Court, San Jose, California. Among other claims, the lawsuit alleged that AT&T breached fiduciary duties it owed to Excite@Home and misappropriated Excite@Home's trade secrets in connection with the building of an AT&T high speed network to replace Excite@Home's network when Excite@Home filed for bankruptcy in September 2001.
  • In December 2001, AT&T abruptly terminated an agreement to acquire Excite@Home, which provided Internet services for cable modem users. Excite@Home then terminated its broadband Internet services to AT&T cable modem customers, knocking some 764,000 users offline. AT&T restored service using its own backbone. Comcast Communications and Cox Communications gradually migrated their cable modem users off of Excite@Home and onto their own backbones over a period of several weeks.

  • On September 28, 2001, Excite@Home and its wholly owned subsidiaries filed for Chapter 11 bankruptcy protection. On the same date, AT&T agreed to purchase substantially all of the assets and services associated with Excite@Home's broadband Internet access business for $307 million and the assumption of certain liabilities. At the time, Excite@Home was serving 4,162,000 worldwide residential broadband subscribers.

Level 3 Enhances Audio for MSN Messenger

Level 3 Communications will enhance the audio conversation feature of Microsoft's MSN Messenger, an instant messaging (IM) service with more than 155 million active users each month. The improved voice communication capability was announced by MSN in April. The companies said Level 3's new technology significantly improves connectivity helping to navigate firewalls and enabling a more seamless experience.

Level 3 is using Netrake's nCite session controllers to overcome the security technology challenges associated with passing VoIP calls through firewalls, as well as through translations from public IP address schemes to private corporate network addresses. This Firewall/NAT (Network Address Translation) traversal function is a core capability of Netrake's nCite session controller.

Interop Keynote: "Innovation is Back" -- John Chambers

"Innovation is back, not just in terms of technology, but in terms of creating better productivity," said John Chambers, CEO of Cisco Systems, speaking at Interop in Las Vegas. For the past seven years, Chambers has been evangelizing the concept that IP network investment is directly tied to productivity. Chambers said that one of the reasons he remains optimistic about the networking industry's future, is because companies now understand that greater productivity is indeed enabled by IT and that investments in their network, combined with new work processes, is the best way to grow their businesses.

Productivity waves are now washing across many different industries, from retail, to transportation, health care and government, observed Chambers. The health care industry, for example, suffers from rapid rising costs and deteriorating customer interaction. But huge productivity gains in health care can be achieved, argues Chambers, by standardizing on common online medical records, adopting computerized physician entries, supporting remote patient monitoring, using remote consultations, sourcing through electronically-linked pharmacies, deploying real-time wireless tracking systems for hospital resources, etc.

The majority of productivity gains in the next decade will be about interactive transactions, said Chambers. "The wired and wireless worlds are coming together in an integrated network, driving new productivity."

Security is the first reason why companies must think about their network as an "architecture" or a "complete solution," rather than making independent decisions about individual boxes, said Chambers. In Cisco's research, security is the top issue on the minds of CIOs and CTOs, followed by wireless, IP telephony, voice/data convergence, and the virtualization of resources.

Chambers believes that security can be an enabler of new applications or it can be a roadblock if not done correctly. Intelligence and applications will be distributed virtually throughout global networks. Data and applications will be geographically independent. Users will need to access these applications from anywhere using a wide variety of devices over wireline and wireless networks. To handle this challenge, security has to be "completely pervasive across all layers of the network."

"Wired cannot be separated from wireless, switching cannot be separated from routing, and even remote workers using their home networks cannot be separated from your data center," said Chambers.

Here at Interop, Cisco is introducing its "Adaptive Security Architecture", which includes a family of multi-function security appliances that help stop attacks before they spread through the network. The new products represent a key component of the recently announced Adaptive Threat Defense phase of the Cisco Self-Defending Network (SDN) security strategy.

In terms of new product design, Chambers said routing, switching and other advanced technologies will be increasing integrated in modular devices. Customers will want to upgrade their platforms without having out the rip out their existing equipment. Customers will need a common network architecture that adapts to all their needs. Cisco's mission, said Chambers, is to offer this global systems approach.

A webcast of the keynote is available on the Cisco website.