Tuesday, June 30, 2015

Azure Service Fabric Powers Microsoft's Cloud

Microsoft's Azure Service Fabric is a microservice application platform that allows developers to decompose their work into logical subsystems that are loosely coupled and can be updated independently.

In this video, Mark Russinovich, Chief Technology Office for Microsoft Azure,  talks about how Azure Service Fabric is becoming a key differentiator for the company's cloud initiatives.

Recorded at Open Networking Summit 2015 in Santa Clara, California.



#ONS2015 - Microsoft Azure Puts SDN at Center of its Hyperscale Cloud

To handle its hyperscale growth, Microsoft Azure must integrate the latest compute and storage technologies into a truly software-defined infrastructure, said Mark Russinovich, Chief Technology Officer of Microsoft Azure in a keynote presentation at the Open Networking Summit in Santa Clara, California. The talk covered how Microsoft is building its hyperscale SDN, including its own scalable controllers and hardware-accelerated hosts.  Microsoft...

More on core technologies for enabling hyperscale clouds

See Brad Booth on Hierarchical SDN, the move toward on-board optics, and Flexible Ethernet for data center operations.

Blueprint: Two-factor Authentication Signals the Death of the Password and Physical Token

by Andy Kemshall, Co-founder and CTO of SecurEnvoy

Considering the frequency and severity of data breaches today, we have reached a point of Cybercrime 2.0.  This requires an approach of Security 2.0. The challenge of protecting company data and systems is a continually evolving IT infrastructure.   Companies need enhanced authentication solutions that allow them to protect access to the data and resources critical for operations remotely. With that, the case for multi-factor authentication becomes stronger.

According to the Ponemon “2015 Cost of Data Breach Study: Global Analysis,” the average total cost of a data breach increased from $3.52 to $3.79 million. The average cost paid for each lost or stolen record containing sensitive and confidential information increased from $145 in 2014 to $154 in this year’s study1.

Once only considered for high-end companies (e.g., banks), today companies large and small in the government, healthcare, energy, financial services, insurance, manufacturing, marketing, retail, telecommunications, charity, legal and construction sectors are turning to two-factor authentication (2FA) for their internal security needs.  Although the evolution is slow, a change in attitude is taking place due to the growing concern what a breach can result in including: company downtime, lawsuits, lost business and a damaged reputation. This is motivating executives to pay closer attention to their company’s security.

Within a work environment, most companies utilize standard security measures.  This is with either a simple username and password or a physical token to enable employees to access important data and applications.

The Password

Over the years, we’ve trusted the password.  We trust its ability to keep our companies safe from thieves and those who would do us harm. Passwords met an impasse five years ago, and today they need to have 12 characters or you need to write them down in order to keep track of them.  Moore’s law tells us that every two years computing power doubles – meaning every two years the amount of time it takes to crack a password using a brute force attack is cut in half. It’s now reached the point where a password can be cracked in minutes, sometimes seconds. The antidote: 2FA.  This incorporates something you know, such as a password or PIN, something you are, such as a fingerprint or retinal scan, and something you own, which can either be a physical token or a soft token on a device you use every day, such as a mobile phone. The idea behind 2FA is to bring two of these separate methods together for a stronger level of security, should one of the methods become compromised.

The Physical Token

Companies employing the traditional physical token are likely to experience the following downsides to this approach including: contractors and employees can misplace them, overloading the IT department in replacements; physical tokens do not scale well, can be expensive, deployment of a newer version can take a while (three months to a year) and are less secure than 2FA.

These are non-issues when considering 2FA with a mobile device approach as it is extremely simple to deploy, easy-to-use and adoption with employees is quick. There are seven billion GSM devices in the world and people are very attached to their mobile devices.  Also, if employees want to upgrade their mobile device, the user self-enrolls their new device rendering the old one safe for disposal.

Lastly, the costs of tokens versus a mobile 2FA approach.  The life of a token is three to five years and to replace all of them in a medium or large-sized company can cost hundreds of thousands of dollars, plus it can take three to twelve months to completely roll out.  This holds companies back in terms of productivity.  A mobile 2FA approach simply leverages devices employees already have with them, saving companies money and time to change over new systems.

Implementation of 2FA

If a company wishes to implement a mobile 2FA approach for its network architecture, networking insiders can choose to deploy this in three different ways: on-premise, through managed service provisioning (MSP) or via the cloud.

On-premise allows direct integration within your own network. This unique approach seamlessly dovetails an existing infrastructure. A major benefit of this is that user data resides within the company and leverages existing replication infrastructure such as Active Directory.

Some solutions providers have a partner network for MSP deployment. Utilizing a dedicated MSP partner allows greater choice of integration to suit your network. This approach also allows a security vendor to take over the overall operation and day-to-day administration of your tokenless two-factor authentication system. Reducing the burden of one’s resources, this approach makes it easy for the vendor to provide 2FA solutions for the cloud, integrating into the login seamlessly into your environment.

Although on-premise is the most ideal approach, cloud should be considered if there is a different setup, for SMBs and for companies with several servers and several locations.  Although a lot of companies turn to the cloud as a solution, when it comes to security, there are drawbacks.  These include:

  • Needing constant synchronization with the information people have any time it changes;
  • A cloud environment can be ceased by any government; and
  • The cloud environment cloud stores the seed records (with sensitive information and passwords), which can be hacked.

An additional advantage of on-premise approach is that the seed records are under the control of your company security as security providers like SecurEnvoy do not hold any seed records.

In conclusion, two-factor authentication via mobile devices is evolving into an ideal method that should be considered today to authenticate the end user. It is stronger, the adoptability is easy - as the end-user can pick what mobile device they can use (and in some cases, how they can receive a passcode via SMS, email or voice), it is simple to deploy and overall, it costs less.

About the Author

Andy Kemshall, Co-Founder and CTO at SecurEnvoy is one of the leading European experts in two-factor authentication. As the co-founder and CTO of SecurEnvoy, he brings nearly 20 years of IT security authentication experience to SecurEnvoy. Andy is the inventor of both SMS and secure mail recipient -based two-factor authentication, and more recently NFC based one-swipe authentication. Prior to his role at SecurEnvoy, Andy was one of the original customer-facing technical experts at RSA Europe.  While at RSA, he served as the Sales Engineering Manager where he managed high-level customer relationships, developed the product and advised RSA HQ on new and emerging technologies from Europe.

About SecurEnvoy

SecurEnvoy (www.securenvoy.com) is the trusted global leader of mobile phone-based Tokenless® two-factor authentication. Its innovative approach to the multi-factor authentication market now sees millions of users benefitting from its solutions all over the world. Controlling endpoints located across five continents, SecurEnvoy design innovative two-step verification solutions that leverage both the device the user carries with them and their existing infrastructure. The solutions are the fastest to deploy and the most secure in the industry. With no hardware or deployment issues, the ROI is dramatically reduced and easily managed.

Ponemon’s 2015 Cost of Data Breach Study: Global Analysis 

Got an idea for a Blueprint column?  We welcome your ideas on next gen network architecture.
See our guidelines.

Cisco to acquire OpenDNS for $635 Million

Cisco agreed to acquire OpenDNS, a privately held security company based in San Francisco, for approximately $635 million in cash and assumed equity awards.

OpenDNS provides a secure DNS offering with advanced threat protection for "any device, across any port, protocol or app." Its predictive security model is designed to anticipate malicious activity, including botnets and phishing. Its DNSCrypt technology converts regular DNS traffic into encrypted DNS traffic to prevent eavesdropping and man-in-the-middle attacks. The service is hosted in peering data centers around the world.

Cisco said the acquisition will boost its Security Everywhere approach by adding broad visibility and threat intelligence from the OpenDNS cloud delivered platform.

"As more people, processes, data and things become connected, opportunities for security breaches and malicious threats grow exponentially when away from secure enterprise networks," said Hilton Romanski, Cisco chief technology and strategy officer. "OpenDNS has a strong team with deep security expertise and key technology that complements Cisco's security vision. Together, we will help customers protect their extended network wherever the user is and regardless of the device."


  • OpenDNS was founded in 2006 by David Ulevitch. Investors included Sutter Hill Ventures, Greylock Partners, and Sequoia Partners.

AWS Plans Data Center in India

Amazon Web Services announced plans to open an AWS infrastructure region in India for its cloud computing platform in 2016.

AWS did not reveal the location of its new data center but cited a number of partners in India including Accenture, Blazeclan, Frontier, Intelligrape, Minjar, Progressive, PWC, SaaSforce, SD2labs, Team Computers, Wipro, and many others.

"Tens of thousands of customers in India are using AWS from one of AWS's eleven global infrastructure regions outside of India. Several of these customers, along with many prospective new customers, have asked us to locate infrastructure in India so they can enjoy even lower latency to their end users in India and satisfy any data sovereignty requirements they may have,” said Andy Jassy, Senior Vice President, AWS. “We're excited to share that Indian customers will be able to use the world’s leading cloud computing platform (AWS) in India in 2016 – and we believe India will be one of AWS's largest regions over the long term."


Distil Raises $21M for Bot Detection and Mitigation

Distil Networks, a start-up with offices in Arlington, Virginia and San Francisco, raised $21 million in Series B funding for its bot detection and mitigation solution.

Distil helps to defend websites against malicious bots used for web scraping, brute force attacks, competitive data mining, account hijacking, unauthorized vulnerability scans, spam, man-in-the-middle attacks and click fraud.

Its unique approach monitors every single Web request and builds a signature, or fingerprint, of every incoming connection, allowing the company to accurately detect, flag and block that unique fingerprint for all other sites under Distil’s protection.

By having blocked more than 50 billion bad bots to date, Distil said it has amassed the largest known database of malicious bots.

The funding round was led by new investor Bessemer Venture Partners (BVP), with participation from current investors Foundry, TechStars, ff Venture Capital, Idea Fund and Correlation Ventures.


The OPNFV Project Expands its Member Roster

The OPNFV Project announced that Altera, Brain4Net and CertusNet have joined as Silver members. Launched in September 2014, the OPNFV project is supported by 60 member companies.

“Collaboration is key to accelerating the open source software development of NFV, and with Arno now available, we’re seeing that vision materialize,” said Heather Kirksey, director, OPNFV. “We look forward to the contributions our newest members will bring to the community with their knowledge of FPGA technologies and orchestration and control solutions for SDN and VNF.”

Open Platform for NFV is a carrier-grade, integrated, open source flexible platform intended to accelerate the introduction of new products and services using NFV.


OPNFV Community Delivers Arno, its First Release

The OPNFV Project, which is the community based effort sponsored by the Linux Foundation to develop an open source platform to accelerate the introduction of Network Functions Virtualization (NFV), announced the availability of OPNFV Arno, its first software release. Arno provides an initial build of the NFV Infrastructure (NFVI) and Virtual Infrastructure Manager (VIM) components of ETSI NFV architecture. Key capabilities of OPNFV Arno: Availability...

Microsoft Contributes Device System Bridge to Alljoyn

The AllSeen Alliance has contributed the open source Device System Bridge (DSB) code to the AllSeen open source software project.

DSB enables interoperability with legacy and purpose-built device networks under the AllJoyn open source software framework.  For example, using the AllJoyn DSB, developers can connect BACnet-based devices for building automation or Z-Wave smart home products to AllJoyn-enabled devices locally or remotely, depending on the design configuration.

The AllSeen Alliance said DSB complements the AllJoyn Gateway Agent, an extension of the AllJoyn software framework that connects AllJoyn devices in a local network to external networks, delivers remote access, device management and fine-grained security and privacy control. By comparison, the AllJoyn DSB acts as a “superconnector” for devices using their existing non-AllJoyn interfaces and creates a virtual version of these devices on the AllJoyn system.  This enables other AllJoyn devices and applications to interact with these BACnet, Z-Wave or similar protocol devices as if they were simply additional AllJoyn devices in the AllJoyn system.

“Millions of connected devices exist. We see significant savings for companies that bridge existing automation systems and devices to leverage their existing infrastructure and put it to work in IoT,” said Jason Farmer, AllSeen Alliance Gateway Working Group contributor and Lead Program Manager at Microsoft. “Microsoft is committed to making the IoT as accessible, secure, cost-effective and simple as possible. Our DSB contribution to the AllSeen Alliance will help bring real-world applications to market quickly with existing devices and infrastructure, accelerating the Internet of Your Things.”


EU to End Roaming Charges in mid-2017

The European Union will adopt new rules to end mobile phone roaming fees by mid-2017. Under the agreement, roaming surcharges in the European Union will be abolished as of 15 June 2017. However, roaming providers will be able to apply a 'fair use policy' to prevent abusive use of roaming. This would include using roaming services for purposes other than periodic travel.

Roaming fees will already go down on 30 April 2016, when the current retail caps will be replaced by a maximum surcharge of €0.05 per minute for calls, €0.02 for SMSs and €0.05 per megabyte for data.

The European Parliament is also planning the first EU-wide open Internet rules (Net Neutrality), whereby operators will have to treat all traffic equally when providing Internet access services.

"This is a great success for the European Union and the Latvian presidency", stressed Anrijs Matīss, the Latvian Minister for Transport. "The Latvian presidency has put a lot of effort into finalising the Telecom Single Market proposal - we revived the proposal from scratch and reached agreement. This would not have been possible without the commitment and constructive approach of the member states, the European Parliament and the European Commission".


Taiwan's Chunghwa Telecom Picks Ericsson for LTE Expansion

Chunghwa Telecom, the largest telecom operator in Taiwan, awarded a contract to Ericsson to boost its LTE coverage and capacity on the island. Financial terms were not disclosed.

Ericsson will continue to serve as sole supplier for the entire core network, including a multi-access Evolved Packet Core, and as a major supplier for RAN in Taiwan's most populated areas, including Taipei city.

Jan Signell, Head of Region North East Asia at Ericsson, says: "This further demonstrates our commitment to our long term strategic business relationship with Chunghwa Telecom. As a major supplier to Taiwan's largest operator, it is our mutual interests to not only deliver a superior network to optimize customer experience, but also create new revenue opportunities for Chunghwa Telecom in the enterprise business segment."


Bharti Airtel Selects Nokia for 3G Expansion in 5 Circles

Bharti Airtel awarded a four-year contract to Nokia Networks to roll out its 3G network in 5 new telecom circles and network expansion in 3 existing telecom circles. Financial terms were not disclosed.

Under the 4-year contract, the company will provide its radio elements and services expertise to power Bharti Airtel’s infrastructure.  The rollout includes Nokia's Flexi Multiradio 10 Base Station, its all-IP multicontroller RNC (mcRNC) NetAct, a cloud-ready virtualized OSS, and network planning services.