So what is SD-WAN and why does it matter?

So what is SD-WAN and why does it matter?

So What is SD-WAN and why does it matter

Times have changed, and enterprises are using the cloud and subscribing to software-as-a-service (SaaS). While users traditionally connected back to the corporate data centre to access business applications, are now accessing those same applications in the cloud.

As a result, the traditional WAN is no longer suitable mainly because backhauling all traffic – including that destined for the cloud – from branch offices to the headquarters introduces latency and impairs application performance.

SD-WAN provides WAN simplification, lower costs, bandwidth efficiency and a seamless on-ramp to the cloud with significant application performance especially for critical applications without sacrificing security and data privacy. The value of SD-WAN is clear. Organisations not only save money but benefit from increased business agility and worker productivity. It also enables IT to deploy new applications more quickly and accelerate time-to-value.

A Software-defined Wide Area Network (SD-WAN) is a virtual WAN architecture that allows enterprises to leverage any combination of transport services – including MPLS, LTE and broadband internet services – to securely connect users to applications.

An SD-WAN uses a centralised control function to securely and intelligently direct traffic across the WAN. This increases application performance and delivers a high quality user experience, resulting in increased business productivity, agility and reduced costs for IT.

Traditional WANs based on conventional routers were never designed for the cloud. They typically require backhauling all traffic – including cloud- destined traffic – from branch offices to a hub or headquarters data centre where advanced security inspection services can be applied. The delay caused by backhaul impairs application performance resulting in a poor user experience and lost productivity.

Unlike the traditional router-centric WAN architecture, the SD-WAN model is designed to fully support applications hosted in on-premise data centres, public or private clouds and SaaS services such as Salesforce.com, Workday, Office 365 and Dropbox, while delivering the highest levels of application performance.

Basic SD-WAN vs Business-driven SD-WAN

Not all SD-WANs are created equal – Many SD-WAN solutions are basic SD-WAN solutions or “just good enough” solutions. These solutions lack the intelligence, reliability, performance and scale needed to ensure a superior network experience. And remember, without a fast, secure and high performing network, enterprise digital transformation initiatives can stall because they rely on apps that rely on services that in turn rely on the network. SD-WAN is a hot topic and is driving strategic decisions within the enterprise. So, what is a Business-driven SD-WAN and why is Basic SD-WAN not good enough?

The primary difference between SDN and SD-WAN is how they are used. SDN has been used in traditional telecom and data centre infrastructures, enabling services on-demand, reducing high operational costs and improving network performance and scalability. SD-WAN, on the other hand, is a cost-effective alternative to the traditional Multiprotocol Label Switching (MPLS) networks, providing connectivity for geographically dispersed locations in a scalable and secure way.

Both SDN and SD-WAN are based on the same methodology of separating the control plane from the data plane to make networking more intelligent. Architecturally they are similar in many ways:

  • Centralised management or orchestration – the control plane
  • Distributed data forwarding function – the data plane
  • Application-driven traffic routing policies

That said here are the differences between the two technologies.

SDN SD-WAN
Mainly used in data centres Deployed in branch offices and data centres
Centralised orchestration and control Centralised orchestration, control and zero-touch provisioning
Separation of control and data forwarding plane Separation of control and data forwarding plane
Technology has taken a long time to mature Recent technology but maturing very rapidly
Variations of commodity and specialised switching hardware Off-the-shelf x86 appliances – physical, virtual, cloud
Savings come from improved operational efficiencies Savings come from leveraging lower WAN transport and infrastructure costs and improved operational efficiencies

 

Top Benefits of SD-WAN

Building a Better WAN with a Complete Solution

Not all SD-WANs are created equal. By building a better WAN with HPE Aruba and Silver Peak, customers can realise an extended range of benefits:

  • Lower WAN OPEX and CAPEX
  • Greater business agility and responsiveness
  • Increased application performance across the WAN
  • Assure business intent with advanced application visibility and control
  • Robust edge-to-edge security and micro-segmentation
  • Extensibility to 3rd party products via service chaining

Choosing an SD-WAN Vendor

All SD-WANs Are Not Created Equal

SD-WANs are quickly emerging as a preferred solution for leveraging the internet for enterprise connectivity. There are several key foundational components that come with an SD-WAN, including:

  • Ability to leverage multiple forms of connectivity including broadband
  • Dynamic path selection
  • Zero-touch provisioning
  • Centralised management
  • Dramatic cost reductions

The value of a foundational SD-WAN on its own is clear. Organisations not only save money but benefit from increased business agility and worker productivity. It also enables IT to deploy new applications more quickly and accelerate time-to-value.

To achieve the maximum benefit from an SD-WAN, it’s important to fully investigate your options before selecting a specific SD-WAN solution. The question should not simply be: “How can I deploy an SD-WAN?” It should be: “How can I build a better WAN? One that addresses the new demands created by the Cloud; one that doesn’t disrupt my existing WAN during the transition.”

While an SD-WAN is a critical component of building a better WAN, a complete solution must address a broader set of requirements:

  • Performance – Deliver predictable application performance and quality of service across the WAN
  • Visibility and control – See and control all applications and data running across the WAN
  • Security – Secure and segment all WAN traffic and applications
  • Extensibility – Able to service chain other WAN services and route across the WAN

That’s where HPE Aruba and Silver Peak comes in. HPE Aruba and Silver Peak offers a complete range of hardware, software and cloud-based solutions that provide secure, reliable virtual WAN overlays to connect users to applications.

HPE Aruba and Silver Peak SD-WAN solutions give IT the flexibility to use any combination of underlying transport technologies without compromising application performance. This dramatically lowers costs, boosts business performance and accelerates time to value.

Moving to an SD-WAN

Non-Disruptive Migration is Possible

Adding SD-WAN to an existing WAN infrastructure couldn’t be simpler. With HPE Aruba and Silver Peak, it can be a seamless transition. During the migration, all existing WAN equipment, services and connections continue to operate as before.

HPE Aruba and Silver Peak’s flexible deployment model allows IT to add appliances, either physical or virtual, whenever and wherever new sites are added to the SD-WAN. Once authenticated and authorised, Orchestrator automatically configures and seamlessly merges them into the SD-WAN.

In other words, you can start immediately and migrate at your own pace, without disruption.

If you’re ready to empower your remote workforce, enable seamless edge-to-cloud connectivity and optimise IT operations, contact us today.

Source: Silver Peak System Inc https://www.silver-peak.com/sd-wan/sd-wan-explained

A renewed focus on business resilience

A renewed focus on business resilience

Our world is facing an acceleration in the frequency, diversity, and impact of disruptions. Planning your network to help your organisation respond to the unexpected is now more important than ever.

Cisco Wi-Fi 6 solutions go above and beyond industry standards and other vendors’ solutions with both hardware and software innovations that meet your needs today and tomorrow.

Begin your Wi-Fi 6 journey

Prepare to meet changing network demands with Wi-Fi 6, also known as 802.11ax. With it, you’ll get faster wireless speeds, increased capacity, and improved reliability to power entirely new mobile experiences. Wi-Fi 6 achieves speeds up to 4 times faster than previous Wi-Fi standards, improving the user experience and performance of bandwidth-hungry apps like voice, video, and collaboration. Go beyond Wi-Fi 6 with Cisco Catalyst 9100 Series access points.

Cisco Catalyst 9100 Access Points

Transform how you work and support remote users. Cisco Catalyst 9100 Access Points prepare your network for the future of supporting, and going beyond, Wi-Fi 6. With users expecting an immersive experience, coupled with IoT becoming the new mobile, we are now more dependent on Wi-Fi than ever before. Cisco Catalyst 9100 Access Points, powered by Wi-Fi 6 technology and supporting Cisco’s intent-based networking architecture, are ready for the growing user expectations, IoT devices, and next-generation cloud-driven applications.

Resilient

A Wi-Fi 6-enabled Catalyst 9100 Access Point gives your network a capacity boost and helps it run efficiently.

Secure

With image signing, secure boot, Cisco Trust Anchor, and more, the Catalyst 9100 Access Point helps secure your entire network.

Intelligent

Paired with Cisco DNA software, the Catalyst 9100 Access Point provides you with enhanced analytics and more efficiency

The secret to success for your organisation is being better—faster. Do both with Cisco Wi‑Fi 6.

 

Attackers want to exploit and abuse your AI

Attackers want to exploit and abuse your AI

 By Ericka Chickowski

As the importance of AI to an organisation goes up, so do the stakes for security problems.

“If AI is a core part of your product [or] manages a portion of your financial system or business strategy, it automatically becomes a target by anyone looking to make a shady buck off your company,” says Ariel Herbert-Voss, a research scientist at Open AI in a recent report on trustworthy AI.

But the special roles and complexity of AI and ML have led to special categories of attack against AI. As such, AI implementers and chief information security officers need to be on the lookout for them.

Just like any other kind of emerging technology, cybercriminals will increasingly be drawn to AI and ML models as another attractive attack surface to exploit for money. The more AI becomes intertwined with the business, the more attractive it becomes to attack. In fact, Gartner expects that by next year, 30% of cyberattacks will involve emerging AI threats such as adversarial AI, data poisoning, and model theft.

Since the risk is high, there is a need to add in-built defense capabilities in AI models.

ROHINI CHAVAKULA AI AND DATA SECURITY LEAD, HPE POINTNEXT SERVICES

Many security principles still hold true

The CIA triad of cybersecurity—confidentiality, integrity, and availability—still very much holds true in the domain of AI, which means forward-thinking security leaders must start planning their strategies to uphold each of those three fundamentals. The following are the types of questions security leaders, technologists, and business stakeholders should ask about their AI infrastructure:

  • Confidentiality: How well are the organisation’s AI systems protecting and encrypting the data used for modeling, and how well are the algorithms themselves protected from theft—particularly if those algorithms provide a competitive advantage?
  • Integrity: How is the business and IT ensuring the integrity of the AI models and the data they rely on? Are AI algorithms and the underlying code protected from tampering and subversion that would distort their output?
  • Availability: Are AI systems and infrastructure built ruggedly enough to withstand denial-of-service attacks that could slow them down or even bring them down?

Some of the broadest security issues enmeshed with AI technology are the same data privacy issues that enterprises face every day across all their other systems. AI needs extraordinary amounts of training data to create learning models and to use testing and working data to utilise the models. In many use cases, that includes personally identifiable information and regulated data about people—for example, think of the amount of patient PII that runs through healthcare AI used in clinical trials for new drugs.

As with any other sensitive data, this AI data must be safely stored through measures like encryption at rest and in transit, as well as secure access and authentication. So, while data privacy issues will only be exacerbated and expanded in scope by AI, they’re not all necessarily AI-specific. In most instances, they are the same software security and network security issues that cybersecurity professionals already grapple with.

The most common AI threats emerging now

As Rohini Chavakula, AI and data security lead at HPE Pointnext Services, explains, what would keep a data scientist or AI engineer up at night would be things that threaten the functionality or accuracy of the model. The bulk of such threats boils down to the following three major categories.

Adversarial AI

Adversarial AI is a category of attack techniques that seeks to subvert working AI models through malicious data input. A great simple example of this was an attack devised by security researchers back in 2019 against, ironically enough, an AI-based security product.

Researchers at the firm Skylight managed to figure out how to subvert the CylancePROTECT endpoint security AI model by appending a bit of code into malicious files. That bit of code acted as a universal bypass, tricking the AI into thinking the bad files were clean and allowing them to operate on what the user considered a protected system.

There are any number of ways adversarial AI can be employed. Some other proven theoretical examples include taking over digital assistants like Alexa or Siri with specially encoded audio files, to cause self-driving AI to malfunction in very targeted ways by putting stickers on the road or on street signage.

The point for defenders to understand is that just as they must be wary of bad input in software design, they also have to bring that wariness to bear when it comes to how AI models interact with data. Attackers are going to be looking for any way they can to profitably abuse those interactions.

Chavakula believes that AI teams need to start developing in-built defenses in their models to fight against threats to their functionality, including methods such as adversarial training.

“Since the risk is high, there is a need to add in-built defense capabilities in AI models, which is still missing. Mid- and low-sized attack intentions like adversarial AI need solutions which only a defense layer can control,” Chavakula says, adding that innovators need to advance the set of tools available to check that these defenses are working. “There are a lack of tools in the market to test AI models in reality.”

Data poisoning

Data poisoning is a term often used interchangeably with adversarial AI. But there is a subtle distinction: Data poisoning typically occurs within the training data not just to subvert an existing AI model in one-off instances but to completely change the way the model works.

The level of poisoning attackers can accomplish will depend on how much access they have to the underlying model and the training data—it could involve injecting or manipulating data within training sets. One amusing illustration of how data poisoning can work happened more than five years ago with Microsoft’s unsuccessful marketing ploy to train its Tay chatbot in the conversational arts by exposing it to the Twitterverse. The training data in this case were tweets from the general public, which was encouraged to feed Tay’s learning with witty and fun interactions. Twitter users answered by poisoning the heck out of that stream. It only took about a day for Tay to start spewing hate speech and vulgarity in response to user questions.

While this might elicit a chuckle, the implications are serious for any AI use case and could cause serious business malfunction in so many realms. For example, a poisoning attack against supply chain analysis AI could cause the system to order the wrong number or type of widgets and grind production or sales to a halt.

According to Glyn Bowden, CTO of the AI and data practice at Hewett Packard Enterprise, data scientists and security pros need to find ways to ensure that the model they deployed is the one they actually trained.

“This is true for any environment, but the obvious vertical paying attention here is financial,” Bowden says. “If you can force your competitors to deploy a manipulated model into their automated trading environment, you open up the opportunity to ‘trade ahead’ or simply trade against what you know the model will be predicting.”

Some ways to protect against this could be by hashing and check-summing, or even digitally signing the model, he says.

Model theft and replication

Another big concern that should be on the radar of CISOs and CIOs is the threat of model theft and replication. Attackers are inevitably going to be reverse engineering and seeking ways to get AI models to leak information so they can extract either sensitive data or how the model works.

“There is a movement to attempt to reverse engineer models to see if even a synthesised dataset can be produced, which might hint at patterns in the actual training data,” Bowden explains.

This could be used as the first step in an adversarial attack like the one against Cylance. Or it could be used just to steal the model outright.

“Another risk here is as more models are deployed to the edge, the systems they are deployed on might be more susceptible to theft,” Bowden says. “Think of a video camera with an embedded inference engine. The model will run on that device and the theft would potentially compromise it.”

A counter to this threat could be to explore encryption of the model where decryption happens at runtime, he says.

AI threat modelling

The good news for defenders is that there’s been a lot of research and progress made in the past couple of years in the field of adversarial training, AI threat modeling, and AI risk assessment. In fact, earlier this month, Microsoft released an open source tool called Counterfit that’s meant to help developers test the security of their AI and machine learning systems. And last fall, MITRE introduced a collaborative project called the Adversarial ML Threat Matrix, which is a framework for modeling threats to AI/ML systems.

According to Diana Kelley, a researcher and analyst at SecurityCurve and former Microsoft cybersecurity field CTO, security pros are going to need to do a whole lot of threat modeling to wrap their arms around the emerging threats to their AI/ML systems.

“The biggest problem with companies with AI and ML is that there’s a lack of understanding,” she says. “It’s really going to come back to understanding the threat model, understanding the use cases, and understanding what the impact to the company is where AI and ML are being used and doing risk assessments and models based on that.”

According to Kelley, this means security teams are going to need to get more training on how these AI systems are being used. Accepting a black-box mentality from either vendors or in-house data scientists won’t be acceptable, “because right now a lot of companies are really just flying blind,” she says.

Lessons for leaders

  • IT security needs to scrutinise AI systems with the same best practices that apply to all others.
  • AI models are valuable company assets and need to be protected carefully.
  • Careless AI administration could lead to all manner of disasters for organisations, from mere embarrassment to legal exposure.

Ericka Chickowski

Writer

Ericka Chickowski is an award-winning freelance writer who specialises in telling stories about the intersection of information technology and business innovation. Best known for her coverage of cybersecurity and DevOps, she is a contributing writer for Dark Reading and a founding editor of DevOps.com.

Cisco Small Business Routers

Cisco Small Business Routers

Highly secure network access for small businesses

Securely connecting your small business to the outside world is as important as connecting your internal network devices to one another. Cisco Small Business Routers offer virtual private networking (VPN) technology, so your remote workers can connect to your network through a secure Internet pathway.

What are Routers?

Very simply, routers connect your business to the outside world. Where switches connect devices to other devices in your office, routers connect networks to other networks, including the Internet. They may be called different things – routers, VPN firewalls, or gateways – but, ultimately, they enable your employees to share a single external connection. Routers can enable you to securely connect two offices and allow staff working remotely to connect to your network. They may also include other features to help keep your business secure.

Why choose Cisco routing technology?

Only Cisco offers such a broad range of choices for connecting your business to the world. Whether your needs are simple or more sophisticated, Cisco routing solutions deliver business-class features that you will want to make part of your network foundations.

Features and benefits

Highly secure VPN access

Keep your remote workers secure with access for five to 100 workers, depending on your needs.

Comprehensive security

Built-in firewalls, advanced encryption, and authentication features protect against external threats, keeping your assets safe.

Easy installation

Our browser-based configuration gets you connected quickly.

The heart of our solution is a Cisco Small Business core network, which delivers reliable, secure data communications. It includes built-in security, enabling our customers to create separate, secure networks for each of their clients and create secure VPN connections. The features made it very easy to make Cisco the final choice.

– Austin Smith, founder of Digital Son, a Cisco Partner

Deliver exceptional routing performance

Build a resilient, highly secure routing infrastructure.
Enable high availability and less risk with services for routing solutions.

5 IT choices that can immediately counter climate change

5 IT choices that can immediately counter climate change

5 IT choices that can immediately counter climate change

Building a green business is an important goal – but it doesn’t have to be purely altruistic. On average, environmentally-friendly businesses save more money, are more productive and have better overall reputations. In fact, 88% of consumers say they want businesses to be more environmental and ethical. It’s actually the basis for most of their purchasing decisions, too.

88% of consumers say they want businesses to be more environmental and ethical.

Whether you want to go all-in on creating a sustainable business or simply make a few eco-conscious changes around the office, these IT choices are a good entry point.

Engage in environmental purchasing

Going green at work starts with making informed purchases and spending in line with your environmental values. By doing business with sustainable companies and prioritising environmentally-focused IT equipment, individual companies can really move the needle on climate change.

The University of Queensland recommends this multi-step checklist when shoring up your purchasing options for sustainable electronics.

  1. Evaluate the sustainability of potential purchases through the EPEAT (Electronic Product Environmental Assessment Tool) system.
  2. Choose products that are ENERGY STAR designated.
  3. Check that equipment complies with the International Labour Organisation (ILO) core framework.
  4. Purchase from companies who use recycled materials in their electronics and packaging.
  5. Extend preference to sellers who offer end-of-life take backs.

Go digital

Leaning into digital tools and solutions is a green goal for many modern businesses.

For some, the easiest place to start is going paperless. Not only can it help your business save money and better safeguard your data, it also protects against dangerous deforestation.

The associated costs of using paper are estimated at 31 times the purchasing cost.

Considering that the associated costs of using paper are estimated at 31 times the purchasing cost, it also just makes good business sense. Looking to ease in? Start by signing up for ebills and investing in digital project management tools and document management systems. Nitro reports that 59% of organisations that do invest in paperless document management realise a complete ROI in less than a year.

Turning your brick and mortar business into an online store is another eco-conscious option. Not only does it reduce consumption of natural resources like water, electricity and natural gas, it also decreases vehicle emissions by lessening the number of drivers going back and forth to your storefront.

Embrace IoT

Before you know where to cut back on energy consumption, sometimes you need to know where you’re overusing. That’s where The Internet of Things (IoT) can help.

Using IoT sensors and devices can help businesses automate their green routine by continuously monitoring usage and flagging performance abnormalities, as well as alerting users about maintenance issues.

Choose green web hosting

Feel like you’re doing a good job of keeping things sustainable in-office? What about the energy drain your business might be unknowingly contributing to with its web presence?

Over a billion websites are hosted on servers worldwide. Many of these run on fossil fuels and waste unthinkable amounts of energy. No wonder, Sustainable Business Toolkit reports that the internet produces almost as much pollution as the airline industry.

Choosing a green web hosting company can help counteract this overconsumption. How it works: “Green web hosting companies purchase renewable energy credits to offset the energy used by your website, making your website carbon-neutral or even carbon negative!”

Recycle your old tech

We’ve hit a new global milestone: 53.6 million metric tonnes (Mt) of electronic waste generated worldwide in 2019. According to the UN’s Global E-waste Monitor 2020, that’s a 21% jump in just the last five years. By 2030, that tonnage is expected to double.

Businesses who want to do their part should work with a certified e-waste recycler. They ensure that as you phase out old equipment and invest in new technology, the usable components get repurposed for other machines or responsibly upcycled – and stay out of oceans and landfills.

Why not take it a step further and obtain an e-waste recycling certification from NSF International so you can do the recycling yourself?

These eco-strategies prove that greening your IT choices and products can lessen your business’ impact on the environment without increasing your operational costs. In fact, going green actually helps you save some green. Plus, being a good environmental steward is really the ultimate perk.

HPE Pointnext for Digital Transformation

HPE Pointnext for Digital Transformation

When businesses don’t adapt to new data sources, business models, and threats, they can’t compete. Digital transformation hinges on being flexible—always staying ahead of what’s next. With HPE’s heritage and strength in infrastructure/technology, partner ecosystems and the end-to-end lifecycle experience, HPE Pointnext Services provides powerful, scalable IT solutions for your business.

DIGITAL TRANSFORMATION IS THE NEW IT GOAL

Let the experts from HPE Pointnext Services tailor a digital transformation strategy that not only meets your business and IT needs, but accelerates your time to delivery.

Storage Data Migration Service

 ✅ Migrate to HPE Nimble Storage, HPE Primera or HPE 3PAR

 ✅ Local SP resources (except for Phone Support SKU)

– Remote service delivery using Local South Pacific resources

– On-site delivery will require custom Statement of Work

 ✅ Building block migration strategy

 ✅ Same migration SKUs to use for all HPE Storage equipment

 ✅ HPE will determine/ recommend the appropriate migration methodology to use

– HPE Peer Motion is used as the data migration method

– Except when an Appliance is needed.

SKU

Description

Up to # of Servers

Max # of Source Array/s

Up to # sites

HR2L6A1 HPE Data Migration 5 Server Base SVC

5

1

1

HR2L7A1 HPE Data Migration 10 Server Base SVC

10

1

1

HR2L8A1 HPE Data Migration 50 Server Base SVC

50

2

2

HR2L9A1 HPE Data Migration 100 Server Base SVC

100

2

2

HR2M0A1 HPE Data Migration 250 Server Base SVC

250

4

4

HL3P5A1 HPE Data Migration Addon 10 Server SVC

Addon 10 Servers

Pre-requisite Base SKUs: HR2L7A1 (10), HR2L8A1 (50), HR2L9A1 (100), HR2M0A1 (250) .
HL3P6A1 HPE Data Migration Addon 50 Server SVC

Addon 50 Servers

Pre-requisite Base SKUs: HR2L8A1 (50), HR2L9A1 (100), HR2M0A1 (250)..

SU

Description

Up to # of TBs (using an appliance)

HL3P7A1 HPE Data Migration Appliance 25TB SVC

25 TBs

Pre-requisite Base SKUs: HR2L7A1 (10), HR2L8A1 (50), HR2L9A1 (100), HR2M0A1 (250).
HL3P8A1 HPE Data Migration Appliance 100TB SVC

100 TBs

Pre-requisite Base SKUs: HR2L7A1 (10), HR2L8A1 (50), HR2L9A1 (100), HR2M0A1 (250).

With decades of experience helping organisations transform, support, and operate their IT, our expertise is at the sweet spot where business meets technology. And as the leader in as-a-service approach, we help organisations take advantage of cloud economics with agility and scalability and a pay-for-what-you-use model.