NC Nov-Dec 2023
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
NETWORKcomputing<br />
I N F O R M A T I O N A N D C O M M U N I C A T I O N S – N E T W O R K E D www.networkcomputing.co.uk<br />
TO 5G - AND BEYOND!<br />
Mapping the future of non-terrestrial networks<br />
THE SASE CHOICE<br />
Is SD-WAN the right fit<br />
for hybrid working?<br />
MOVING MONOLITHS<br />
Monolithic application<br />
modernisation<br />
DDoS DEFE<strong>NC</strong>E<br />
Spanning security gaps<br />
at the edge<br />
NOVEMBER/DECEMBER <strong>2023</strong> VOL 32 NO 04
EVENT ORGANISERS:<br />
Do you have something coming up that may<br />
interest readers of Network Computing?<br />
Contact dave.bonner@btc.co.uk<br />
6-7<br />
MAR<br />
TECH SHOW LONDON<br />
ExCel, London<br />
https://www.techshowlondon.co.uk/BTC<br />
FORTHCOMING EVENTS<br />
2024<br />
FORTHCOMING EVENTS<br />
FORTHCOMING EVENTS<br />
28<br />
MAR<br />
25<br />
APR<br />
25<br />
APR<br />
9<br />
MAY<br />
22-23<br />
MAY<br />
4-6<br />
JUN<br />
13<br />
JUN<br />
19<br />
SEP<br />
2-3<br />
OCT<br />
20-21<br />
NOV<br />
CIO/CISO NORDICS SUMMIT<br />
Copenhagen, Denmark<br />
www.cdmmedia.com/events<br />
CIO/CISO UK SUMMIT<br />
London<br />
www.cdmmedia.com/events<br />
CDO UK SUMMIT<br />
London<br />
www.cdmmedia.com/events<br />
CIO/CISO BENELUX SUMMIT<br />
Amsterdam, Netherlands<br />
www.cdmmedia.com/events<br />
DTX MA<strong>NC</strong>HESTER<br />
Manchester Central<br />
https://dtxevents.io/manchester/en/page/dtx-manchester<br />
INFOSECURITY EUROPE<br />
ExCel London<br />
https://www.infosecurityeurope.com/<br />
CIO/CISO DACH SUMMIT<br />
Frankfurt, Germany<br />
www.cdmmedia.com/events<br />
CIO/CISO IRELAND SUMMIT<br />
Dublin, Ireland<br />
www.cdmmedia.com/events<br />
UC EXPO EUROPE<br />
ExCel, London<br />
https://ucxevents.io/ucexpo/en/page/ucexpo-home<br />
DATA CENTRES IRELAND<br />
RDS, Dublin<br />
www.datacentres-ireland.com
COMMENT<br />
COMMENT<br />
MANAGING THE SKILLS SHORTAGE IN 2024<br />
Predictions for the new year are as plentiful as Amazon deliveries in <strong>Dec</strong>ember, and<br />
give us a sense of the challenges but also opportunities that lie ahead in the coming<br />
months. The ongoing IT skills shortage seems to sit squarely between the two; an<br />
ongoing challenge but also an opportunity to reinvigorate and reinvest in the workforce.<br />
For Fred Voccola, CEO at Kaseya, the answer to the talent shortage may well lie in 'growing<br />
your own' in 2024: "Invest in people early as opposed to relying on headhunting talent<br />
from other companies and have a very strong internal talent growth and development programme.<br />
Not only does it offer an alternative to hiring job hoppers who will hop again<br />
shortly after being hired to their firm, but it creates a loyalty and a mutual reliance between<br />
the employee and the company, that creates not only a great workforce, but also a great<br />
company culture - one of reward and meritocracy. This type of strategy focuses more on<br />
the individual's core skills potential, rather than their experience only."<br />
However Charles Courquin, Sales Director, Symatrix, believes that we can best bridge the<br />
skills gap by looking outward to managed IT services. "Businesses must now look externally<br />
to help address the IT skills shortage and stem the significant financial losses being<br />
incurred," according to Charles. "Managed services can provide proactive support to<br />
organisations to understand their changing requirements and help drive value from their<br />
investments, helping to fill the gaps that persist in-house."<br />
REVIEWS:<br />
Dave Mitchell<br />
DEPUTY EDITOR: Mark Lyward<br />
(netcomputing@btc.co.uk)<br />
PRODUCTION: Abby Penn<br />
(abby.penn@btc.co.uk)<br />
DESIGN: Ian Collis<br />
(ian.collis@btc.co.uk<br />
SALES:<br />
David Bonner<br />
(david.bonner@btc.co.uk)<br />
Julie Cornish<br />
(julie.cornish@btc.co.uk)<br />
SUBSCRIPTIONS: Christina Willis<br />
(christina.willis@btc.co.uk)<br />
PUBLISHER: John Jageurs<br />
(john.jageurs@btc.co.uk)<br />
Published by Barrow & Thompkins<br />
Connexion Ltd (BTC)<br />
35 Station Square,<br />
Petts Wood, Kent, BR5 1LZ<br />
Tel: +44 (0)1689 616 000<br />
Fax: +44 (0)1689 82 66 22<br />
SUBSCRIPTIONS:<br />
UK £35/year, £60/two years,<br />
£80/three years;<br />
Europe:<br />
£48/year, £85/two years £127/three years;<br />
ROW:<br />
£62/year, £115/two years, £168/three years;<br />
Subscribers get SPECIAL OFFERS — see subscriptions<br />
advertisement; Single copies of<br />
Network Computing can be bought for £8;<br />
(including postage & packing).<br />
© <strong>2023</strong> Barrow & Thompkins<br />
Connexion Ltd.<br />
All rights reserved.<br />
No part of the magazine may be<br />
reproduced without prior consent, in<br />
writing, from the publisher.<br />
This is in response to a new survey conducted by Symatrix which polled 200 IT decisionmakers<br />
working for large businesses. Nearly a quarter of those surveyed (22%) estimated<br />
that IT skills shortages are costing their business more than £100,000 a year in recruitment<br />
fees, temporary staffing, increased salaries and investment in lower-level employees to<br />
bring them up to speed over time. As the skills shortage worsens, over three-quarters of<br />
respondents polled (77%) said their organisation’s IT recruitment costs have increased over<br />
the past three years, and nearly half (45%) say costs have risen by more than 10%.<br />
Mark Appleton, Chief Customer Officer at ALSO Cloud UK, also believes that managed<br />
service providers are well positioned to help companies navigate the talent shortage.<br />
"Utilising this existing relationship for access to talent allows small to large businesses to<br />
explore new avenues and revenue streams without risking their own operations," he commented.<br />
"Additionally, trusting in the expertise of service providers who have retained and<br />
fought for the right skills and quality of talent means that partnered companies can avoid<br />
falling behind, gaining all of the benefits without fighting the battle against other competitors."<br />
Whether the answer lies within or without, resolving the talent crisis should be high on<br />
our list of new year's networking resolutions. <strong>NC</strong><br />
GET FUTURE COPIES FREE<br />
BY REGISTERING ONLINE AT<br />
WWW.NETWORKCOMPUTING.CO.UK/REGISTER<br />
WWW.NETWORKCOMPUTING.CO.UK @<strong>NC</strong>MagAndAwards NOVEMBER/DECEMBER <strong>2023</strong> NETWORKcomputing 03
CONTENTS<br />
CONTENTS<br />
N O V E M B E R / D E C E M B E R 2 0 2 3<br />
GREENER DATA CENTRES.....20<br />
Michael McNerney at Supermicro outlines<br />
the different methods data centre operators<br />
can take to reduce their power consumption<br />
SASE OR SD-WAN?...............12<br />
Jonathan Wright at Global Cloud Xchange<br />
explains how SASE could supplant SD-WAN<br />
as the best infrastructure solution for our<br />
new hybrid working reality<br />
COMMENT.....................................3<br />
Managing the skills shortage in 2024<br />
INDUSTRY NEWS.............................6<br />
The latest networking news<br />
ARTICLES<br />
ENSURING STORAGE SUCCESS FOR<br />
THE NETWORK...............................10<br />
By Tony Hollingsbee at Kingston Technology<br />
MOVING MONOLITHS...................11<br />
By Jon McElwee at iomart<br />
NIS 2 COMPLIA<strong>NC</strong>E........................16<br />
By Steven Kenny at Axis Communications<br />
IOT AND THE FUTURE OF<br />
NETWORKING................................18<br />
By Alan Hayward at SEH Technology<br />
BOOSTING YOUR CLOUD<br />
DEFE<strong>NC</strong>E........................................30<br />
By Anthony Webb at A10 Networks<br />
THE MAGNIFICENT 7?....................31<br />
By Kalam Meah at TP-Link<br />
SPANNING SECURITY GAPS AT<br />
THE EDGE..................................26<br />
Roman Lara at NETSCOUT guides us through<br />
the threat facing organisations that fail to<br />
adapt ther DDoS protection at the edge<br />
GLOBAL TRANSFORMATION<br />
AND ASSET MANAGEMENT......24<br />
Rentokil Initial enhances security compliance,<br />
tracking and reporting across 25,000+ IT<br />
assests worldwide with Lansweeper<br />
TO 5G - AND BEYOND!......28<br />
Keysight Technologies' Dylan McGrath gives<br />
us an insight into the future of nonterrestrial<br />
networks (NTNs) and the era of<br />
democratised connectivity<br />
ENGAGING AI FOR ENTERPRISE<br />
SERVICE MANAGEMENT.................32<br />
By Cullen Childress at SolarWinds<br />
NECESSARY PROVISIONS................34<br />
By Justin Day at Cloud Gateway<br />
CASE STUDY<br />
"MADE IN GERMANY" QUALITY,<br />
TWO TIMES OVER........................14<br />
macmon partner NetPlans has secured<br />
leveling technology specialist ARKU against<br />
malware attacks with macmon NAC<br />
COMPANY PROFILE<br />
NETALLY...........................................8<br />
For decades, Netally's family of network test<br />
solutions have helped to deploy, manage,<br />
maintain and secure our networks<br />
REVIEWS<br />
NETALLY AIRCHECK G3 PRO.............9<br />
MACMON NAC..............................15<br />
HORNETSECURITY SECURITY<br />
AWARENESS SERVICE......................19<br />
ENDACEPROBE CLOUD..................23<br />
04 NETWORKcomputing NOVEMBER/DECEMBER <strong>2023</strong> @<strong>NC</strong>MagAndAwards<br />
WWW.NETWORKCOMPUTING.CO.UK
INDUSTRY NEWS<br />
NEWSNEWS<br />
NEWS NEWS<br />
NEWS NEWS NEWS NEWS<br />
NEWS NEWS<br />
Organisations set to increase Wi-Fi adoption in 2024<br />
Wi-Fi 6, 6E and 7 top the list of wireless technologies that<br />
network operators, ISPs, device and chipset vendors,<br />
enterprises and other companies plan to deploy by the end of<br />
2024 - ahead of CBRS, DAS and private 4G/5G. Furthermore,<br />
confidence in investment across the sector is rising with 58%<br />
saying they are more confident in investing in Wi-Fi compared to<br />
a year ago even though the business model remains the most<br />
pressing challenge for new deployments. 6GHz spectrum<br />
availability also remains front of mind with two thirds deeming it<br />
an important issue for 2024.<br />
Those are two of the keys finding from the latest cross-industry<br />
report by the Wireless Broadband Alliance, the global industry<br />
body dedicated to improving Wi-Fi standards and services. Based<br />
on input from 200 enterprises, governments, fixed and mobile<br />
operators, vendors and other organisations worldwide, th WBA<br />
Annual Industry Report 202 showcases how Wi-Fi technology<br />
continues to evolve in ways that anticipate the needs of<br />
consumers, businesses, enterprise verticals, smart cities and<br />
service providers.<br />
Tiago Rodrigues, CEO of the Wireless Broadband Alliance,<br />
said: "The WBA Annual Industry Report 2024 is a must-read for<br />
anyone wanting to know exactly where Wi-Fi is and where it s<br />
headed. Market momentum is a theme in many of the key<br />
findings. For example, 58% are more confident in investing in Wi-<br />
Fi now than a year ago - up from 46% last year. Specifically,<br />
survey respondents are stepping up investment in WBA<br />
OpenRoaming, Wi-Fi 7 and city-wide public Wi-Fi. As WBA<br />
celebrates its 20th anniversary, we look forward to the next 20<br />
years of pioneering even more Wi-Fi technologies and use cases<br />
and developing a robust trails programme for W-Fi 7 to take<br />
innovation into 2024 and beyond." The WBA Annual Industry<br />
Report 2024 is available now for free at:<br />
https://wballiance.com/resource/annual-industry-report-2024/<br />
Advanced graymail protection from Egress<br />
Egress has launched its new graymail solution with full enduser<br />
control, dedicated to improving employee productivity<br />
and reducing the time administrators spend reviewing<br />
incorrectly reported phishing emails. The graymail feature is<br />
architected into Egress' inbound threat detection product,<br />
Egress Defend, and integrates seamlessly into customers'<br />
Microsoft 365 enivronments. Graymail is bulk solicited emails<br />
which are generally low priority and not malicious phishing<br />
attacks or unsolicited spam.<br />
To tackle this drain on organisational resources, Egress has<br />
developed an advanced graymail detection capability to remove<br />
these unnecessary distractions, tailored to each individual's<br />
preference. The technology leverages Egress' patented AI-based<br />
phishing detection functionality, which uses zero trust models and<br />
neural networks to prevent behavioral-based threats. Applying<br />
this methodology, Egress surfaces priority messages within the<br />
inbox, while segmenting graymail into a separate folder.<br />
The graymail feature is easily customised by both individual<br />
users and administrators. An interactive banner is added to each<br />
message that is routed to the graymail folder, which provides a<br />
simple workflow for employees to re-categorise emails and divert<br />
them back into their mailbox. Users' preferences are<br />
automatically learned by Defend, allowing them to customise<br />
their own experience without any management overhead.<br />
94% of U.K. CIOs see cybersecurity as a major threat<br />
Astaggering 94% of U.K.-based CIOs have expressed serious<br />
concerns about at least one cybersecurity threat, according to<br />
new research from Opengear. The comprehensive survey<br />
encompassed responses from 502 CIOs and 510 network<br />
engineers in the U.S., U.K., France, Germany, and Australia. For U.K.<br />
CIOs the primary cybersecurity concerns highlighted in the research<br />
included malware (36%), spam and phishing (36%), ransomware<br />
(36%), and insider threats (27%). Malware also emerged as a<br />
significant threat for 37% of the surveyed U.K. network engineers.<br />
While only 15% of U.K. CIOs reported social engineering attacks<br />
as a threat, 23% of network engineers reported a higher level of<br />
concern for this specific type of attack. U.K. engineers said that<br />
insufficient investments are enhancing the risk of cyberattacks and/or<br />
downtime (38%). This suggests that lack of budget spent on software<br />
upgrades and network upgrades, for example, leaves organisations<br />
more vulnerable to attack and has the potential to affect business<br />
continuity, which is a high priority for 88% of CIOs globally.<br />
06 NETWORKcomputing NOVEMBER/DECEMBER <strong>2023</strong> @<strong>NC</strong>MagAndAwards<br />
WWW.NETWORKCOMPUTING.CO.UK
INDUSTRY NEWS<br />
"The skills shortage and insufficient investment in networks are two<br />
factors that have combined to encourage cybercriminals to breach<br />
businesses," said Gary Marks, President at Opengear. "Smart Out<br />
of Band solutions enable organisations to manage their networks<br />
at all times from local and remote sites, even during an outage.<br />
Network engineers can make smarter, real-time decisions to<br />
achieve consistent network resilience and unparalleled visibility, with<br />
security and encryption features ensuring that management policies<br />
remain continually enforced."<br />
Vertiv collaborates with Intel on Gaudii3 liquide cooling<br />
Vertiv is collaborating with Intel to provide a liquid cooling<br />
solution that will support the revolutionary new Intel Gaudi3<br />
AI accelerator, scheduled to launch in 2024. The Intel Gaudi3 AI<br />
accelerator will enable both liquid-cooled and air-cooled servers,<br />
supported by Vertiv pumped two-phase (P2P) cooling<br />
infrastructure. The liquid-cooled solution has been tested up to<br />
160kW accelerator power using facility water from 17°C up to<br />
45°C (62.6°F to 113°F). The air-cooled solution has been tested<br />
up to 40kW of heat load that can be deployed in warm ambient<br />
air data centre up to 35°C (95°F). This medium pressure direct<br />
P2P refrigerant-based cooling solution will help customers<br />
implement heat reuse, warm water cooling, free air cooling and<br />
reductions in power usage effectiveness (PUE), water usage<br />
effectiveness (WUE) and total cost of ownership (TCO).<br />
Zyxel call on schools to reconsider network their options<br />
Zyxel Networks is urging the UK's schools and colleges that are<br />
looking to upgrade their network infrastructure before their<br />
end of the year and over the holiday period to broaden their<br />
horizons and consider all the options and possibilities before they<br />
make their crucial purchasing decisions. Budget pressure on<br />
schools is growing. In September, the National Foundation for<br />
Educational Research (NFER) warned that schools are having to<br />
make substantial cuts due to extra financial pressures. Despite the<br />
overall budget for schools increasing by £3.5 billion for <strong>2023</strong>-<br />
24, almost half (49 percent) of primaries, and 41 percent of<br />
secondaries expect to see a deficit for 2022-23.<br />
A recent study of UK trusts found that almost one fifth (19<br />
percent) of chief executives lack confidence about their<br />
financial sustainability in the future - a huge increase on last<br />
year, when only 4 percent said they were not confident about<br />
long-term finances. Fewer than half of respondents to the<br />
National School Trust Survey, organised by the Confederation<br />
of School Trusts (CST), said they felt very or quite confident in<br />
their financial sustainability.<br />
Rachel Rothwell, Senior Regional Director, UK and Ireland at<br />
Zyxel Networks, said that as a result of all this pressure, schools<br />
looking to upgrade their infrastructure need to give even more<br />
consideration to IT investment decisions. "Schools and trusts were<br />
already under massive pressure to make cutbacks and this year's<br />
RAAC debacle has added to that. At the same time, they are<br />
expected to provide the latest technology and ensure the online<br />
safety of pupils. They are having to think long and hard about<br />
how they can reduce costs without having an impact on teaching<br />
and they now have very little room for manoeuvre.<br />
"One area in which they can still make real savings without<br />
compromising is in their choice of networking technologies. While<br />
the official advice might be to purchase products from some of the<br />
more expensive brand names, solutions from Zyxel and other<br />
manufacturers can do just as good a job for much less investment."<br />
Call for input for ScotlandIS state of the nation report<br />
ScotlandIS, the membership and cluster management<br />
organisation for Scotland's digital technologies industry, has<br />
just launched its 16th annual industry survey with a call for<br />
respondents from across the country. The survey provides an<br />
annual health check for the industry, setting a benchmark for the<br />
comparison of sector successes and challenges from year to year.<br />
It also provides ScotlandIS members and non-members the<br />
opportunity to highlight future issues they foresee affecting the<br />
industry. Key findings from the <strong>2023</strong> survey included:<br />
83% of companies surveyed expected to increase their<br />
headcounts between <strong>2023</strong>-24<br />
The proportion of businesses recording turnover higher than £1<br />
million increased from 22% in 2022 to 37% in <strong>2023</strong><br />
Scotland's tech companies reported seeing the greatest<br />
opportunities for their business in cyber security (46%), followed<br />
by data analytics (45%), and artificial intelligence (43%).<br />
Having first launched in 2008, the report was originally designed<br />
to fill a gap as there were limited figures available relating to the<br />
overall health, growth and development of the Scottish tech<br />
industry. Since then, both the report and the sector have grown<br />
significantly, with the <strong>2023</strong> version putting the value of the Scottish<br />
digital sector's economic contribution at £6 billion.<br />
Responses to the 2024 Technology Industry Survey are now<br />
being sought from the Scottish tech sector before 25 January at<br />
the link below. The feedback from the survey will then be used to<br />
produce the annual benchmarking report for the Scottish tech<br />
sector, which is due to be published in March 2024.<br />
https://www.surveymonkey.com/r/ScottishTechSurvey<strong>2023</strong><br />
NEWS NEWSNEWS<br />
NEWS<br />
NEWS NEWS NEWS NEWS NEWS<br />
NEWS<br />
WWW.NETWORKCOMPUTING.CO.UK @<strong>NC</strong>MagAndAwards NOVEMBER/DECEMBER <strong>2023</strong> NETWORKcomputing 07
COMPANY PROFILE<br />
COMPANY PROFILE: NETALLY<br />
FOR DECADES, NETALLY'S FAMILY OF INNOVATIVE NETWORK<br />
TEST SOLUTIONS HAVE BEEN HELPING ENGINEERS AND<br />
TECHNICIANS BETTER DEPLOY, MANAGE, MAINTAIN, AND<br />
SECURE TODAY'S COMPLEX WIRED AND WIRELESS NETWORKS<br />
For more than 25 years, we have been the<br />
#1 ally of network and security<br />
professionals worldwide. We began by<br />
making the world's first handheld network<br />
analyzer - the LANMeter® - and have<br />
continued as industry pacesetters ever since,<br />
first as a business unit of Fluke Networks Inc.<br />
then part of NETSCOUT Systems, Inc. Now, as<br />
an independent company, NetAlly continues to<br />
set the standard for portable network testing<br />
and assessment. Our best-in-class tools deliver<br />
the visibility needed to get the job done, fast.<br />
WHAT WE DO<br />
Our leading-edge tools work hard to get the<br />
job done fast by:<br />
Simplifying the complexities of network<br />
testing<br />
Providing instant visibility for efficient<br />
problem solving and cyber security<br />
assessments<br />
Enabling seamless collaboration between<br />
site personnel and remote experts<br />
WHO WE SERVE<br />
Your organisation relies on you to keep their<br />
networks running and secure. And just like you,<br />
we are reliable, practical, no-nonsense experts.<br />
We are your behind-the-scenes partners. From<br />
the smallest companies to the Fortune 100 and<br />
across a range of industries, network<br />
professionals around the world rely on our<br />
tools to plan, deploy, validate, secure, and<br />
troubleshoot wired and wireless access<br />
networks and the devices that connect to them.<br />
Whether you are a network or security<br />
operations manager, engineer, technician or<br />
admin, or a field service installer/system<br />
integrator, you can rely on our tools to give you<br />
the visibility you need to get your job done, fast.<br />
NetAlly is proud to be represented by a<br />
worldwide network of respected distributors<br />
and resellers. If you would like to be a part of<br />
our channel network, contact us at<br />
sales@netally.com.<br />
KEY PRODUCTS<br />
CyberScope Handheld Cyber Security<br />
Analyzer<br />
The world's first handheld cyber security tool for<br />
comprehensive site access layer cyber security<br />
risk assessment. CyberScope offers<br />
comprehensive cyber security risk assessment,<br />
analysis and reporting for the site access layer<br />
in a single, powerful, portable tool - including<br />
endpoint and network discovery, wireless<br />
security, vulnerability assessment (Nmap), and<br />
segmentation and provisioning validation.<br />
EtherScope® Portable Network Expert<br />
Taking on the complexity of ever-changing<br />
access networks, EtherScope nXG is a powerful<br />
network analyzer & Wi-Fi 6 diagnostics tool<br />
that helps engineers and technicians to quickly<br />
deploy, maintain, monitor, and analyze Wi-Fi,<br />
Bluetooth/BLE and Ethernet access networks.<br />
Speed up your workflows and improve end<br />
user experience with the industry's first complete<br />
handheld analyzer for Ethernet network<br />
troubleshooting and analysis, Wi-Fi 6/6E<br />
surveying, and security audits.<br />
AirCheck G3 Pro Wi-Fi 6 Wireless Analyzer<br />
A cost-effective hardware-enabled wireless<br />
analysis and site survey solution for Wi-Fi 6/6E<br />
and Bluetooth/BLE networks. Its intuitive user<br />
interface provides actionable intelligence,<br />
simplifying and speeding up wireless security<br />
audits, network deployment, troubleshooting,<br />
and validation. With powerful tools suited for<br />
wireless engineers, but ease of use for<br />
technicians and remote "smart hands",<br />
AirCheck G3 Pro makes your entire team<br />
more productive.<br />
LinkRunner® AT Network AutoTester<br />
The LinkRunner AT Network AutoTester offers<br />
user-configured AutoTests for a wide range of<br />
important tasks for frontline technicians. This<br />
network tester's quick cable test and switch<br />
identification facilitate fast problem isolation.<br />
Test results can be automatically uploaded to<br />
the Link-Live results management cloud<br />
service to improve collaboration between<br />
network engineers and technicians, creating<br />
greater job visibility, project control, and fleet<br />
management. <strong>NC</strong><br />
08 NETWORKcomputing NOVEMBER/DECEMBER <strong>2023</strong> @<strong>NC</strong>MagAndAwards<br />
WWW.NETWORKCOMPUTING.CO.UK
PRODUCT REVIEW<br />
NetAlly AirCheck<br />
G3 Pro<br />
PRODUCT REVIEW<br />
PRODUCT<br />
REVIEWPRODUCT RE<br />
NetAlly has a fine reputation for<br />
delivering desirable portable network<br />
testing and diagnostics solutions and its<br />
AirCheck G3 Pro will appeal hugely to<br />
technicians and engineers maintaining wireless<br />
networks. This ruggedised handheld device<br />
takes many of the features from the secondgeneration<br />
AirCheck G2 model and makes<br />
them even better.<br />
Its native Wi-Fi 6/6E radio brings visibility into<br />
the 6GHz band where it can connect at its full<br />
data rate and capture frames, and it provides<br />
more information including short-term<br />
monitoring facilities with real-time wireless<br />
measurements and trend graphs showing<br />
network changes over time.<br />
Bluetooth/BLE device support has been added<br />
and it enhances the standard site surveying,<br />
analysis and troubleshooting tools with network<br />
discovery, path analysis and integration with<br />
NetAlly's Link-Live cloud portal for topology<br />
mapping and remote control. The G3 Pro can<br />
diagnose all day as battery life has been more<br />
than doubled to 10 hours of continuous use<br />
and charging speed boosted, so it'll reach full<br />
capacity in no more than 3 hours<br />
NetAlly chose to do away with the Ethernet test<br />
port on the G2 for a number of sound reasons.<br />
Its removal is the main reason battery life has<br />
been extended and it allows NetAlly to offer a<br />
more cost-effective solution to technicians<br />
focused on wireless networks.<br />
The G3 Pro also runs the same Androidbased<br />
OS found in NetAlly's latest EtherScope<br />
products. This will appeal to novices as well as<br />
technicians and engineers - if they can use a<br />
mobile, they can use the G3 Pro.<br />
The 5in. colour touchscreen presents a<br />
selection of icons for all tasks and you can<br />
install other third-party Android apps. The<br />
screen's FAB (floating access button) opens<br />
floating action menus offering instant access to<br />
further analysis tools related to the selected<br />
task.<br />
The G3 Pro is easy to use and we tapped on<br />
its AutoTest icon to analyse the lab's Wi-Fi 6/6E<br />
networks. This uses profiles with a default one<br />
for fast air quality analysis, and you can add<br />
Wi-Fi profiles with predefined tests covering<br />
areas such as SSIDs, channels, AP details and<br />
target connectivity.<br />
After connecting the G3 Pro to our Netgear<br />
WAX630E tri-band AP over its 6GHz radio, we<br />
created a new Wi-Fi profile. We started it with<br />
one tap and could set the G3 Pro to run its<br />
AutoTests regularly as often as every minute.<br />
The test only took 20 seconds and presented<br />
a wealth of wireless information as 'cards' with<br />
each one colour coded to indicate warnings or<br />
errors. The SSID card revealed graphs and<br />
tables for signal quality, channel utilisation plus<br />
retries while a rolling PHY graph confirmed<br />
speedy close-range transmission rates of<br />
around 2Gbits/sec.<br />
The Wi-Fi test shows discovered internal and<br />
external wireless networks with the Channels<br />
map screen offering an extra Map 6E tab. One<br />
tap brings up masses of detail on all channels,<br />
their active SSIDs and associated APs,<br />
encryption schemes, all connected clients and<br />
detected Bluetooth/BLE devices.<br />
The AirMapper app runs Wi-Fi site surveys<br />
and creates signal heatmaps which can be<br />
uploaded to the Link-Live portal for further<br />
analysis and sharing with colleagues. The base<br />
kit includes a soft case, charger and one-year<br />
AllyCare support, the Kit option adds an<br />
external directional antenna and NXT-1000<br />
USB spectrum analyser for even deeper insights<br />
into wireless networks, while the TA kit includes<br />
NetAlly's Test Accessory Pocket iPerf Server for<br />
iPerf performance testing.<br />
The AirCheck G3 Pro takes wireless network<br />
analysis to the next level as it teams up support<br />
for Wi-Fi 6/6E networks with a superb range of<br />
diagnostics and site survey features. It's<br />
extremely easy to use, integrates seamlessly with<br />
NetAlly's Link-Live cloud portal and is very<br />
affordable. <strong>NC</strong><br />
Product: AirCheck G3 Pro<br />
Supplier: NetAlly<br />
Web site: www.netally.com<br />
Telephone: +44 (0)115 865 5676<br />
Price: From £2,999 exc VAT<br />
WWW.NETWORKCOMPUTING.CO.UK NOVEMBER/DECEMBER <strong>2023</strong> 09<br />
NETWORKcomputing<br />
@<strong>NC</strong>MagAndAwards
OPINION: STORAGE<br />
ENSURING STORAGE SUCCESS FOR THE NETWORK<br />
TONY HOLLINGSBEE, SSD BUSINESS MANAGER, EMEA AT<br />
KINGSTON TECHNOLOGY, LOOKS AT THE VITAL ROLE OF<br />
STORAGE IN MAINTAINING NETWORK PERFORMA<strong>NC</strong>E<br />
and hardware encryption means that data is<br />
secure at every stage of the transfer process.<br />
5. These drives are tested on server platforms<br />
with third-party and OEM RAID controllers to<br />
guarantee their compatibility with hardware.<br />
For organisations to maximise full value<br />
from their data today they need to deploy<br />
a range of technologies that give them<br />
rapid access, reliable performance, control<br />
and visibility. At the very core of this is storage.<br />
With the volumes of data that are being<br />
created, storage solutions have become an<br />
essential foundation in the technology stack<br />
and deserving of a needs-oriented strategic<br />
approach during specification.<br />
Network and infrastructure managers<br />
understand that by upgrading data storage,<br />
they are not only improving efficiency now, but<br />
reducing costs and ensuring data utilisation for<br />
the future. The deeper into digital<br />
transformation that their companies move, the<br />
more demand there will be to process high<br />
quantities of data at low latency, delivering<br />
optimum application performance and<br />
enhanced user experiences.<br />
Modernising data storage makes sense. The<br />
continued use of legacy technologies can lead<br />
to a loss of performance and reliability,<br />
however, at a time when budgets are stretched<br />
many organisations are looking for the best<br />
ways to stagger their storage upgrades.<br />
SWAPPING OUT DRIVES<br />
One approach is to remove mechanical HDDs<br />
and replace them with SATA SSDs, which are<br />
now at their most competitive price. The instant<br />
effect will be improved performance with rapid<br />
system booting and application loading times.<br />
If budgets allow a transition to the latest<br />
generation of SSDs (PCIe NVMe) will<br />
guarantee even better performance.<br />
When planning for change, many<br />
organisations are deploying a combination of<br />
HDDs and SSDs configured within their<br />
infrastructure to manage different workloads or<br />
based on the type and size of the data being<br />
stored. Frequently accessed files and data<br />
could be stored on SSDs while archived files<br />
are kept on HDDs.<br />
By taking this staggered approach to<br />
updating storage capacity, organisations are<br />
benefiting from an improved Total Cost of<br />
Ownership and reaping environmental benefits<br />
without compromising on the network<br />
performance that modern SSDs can deliver.<br />
THE TOP ADVANTAGES OF<br />
ENTERPRISE-LEVEL SSDS<br />
There is a huge difference between SSDs<br />
designed for use by enterprises, and those<br />
for consumers:<br />
1. Enterprise SSDs are able to manage a<br />
higher volume of read/write operations over<br />
their lifespans. They are designed to<br />
withstand enterprise environments with<br />
demanding workloads and constant data<br />
access requirements.<br />
2. The components in enterprise SSDs are<br />
robustly built and can operate 24/7/365. They<br />
incorporate power loss protection and data<br />
path protection to prevent data loss.<br />
3. High performance is derived from IOPs<br />
consistency and predictable low latency<br />
while servicing an intensive read/write<br />
workload. As a result, they handle more I/O<br />
operations per second, making them<br />
appropriate for applications requiring<br />
high-speed data access.<br />
4. End-to-end data protection<br />
For organisations who have already moved<br />
away from HDDs, the next step is to switch<br />
from SATA- based SSDs to NVMe-based<br />
SSDs which are better suited for missioncritical<br />
applications. The price of these<br />
models have also come down, making them<br />
highly cost-effective.<br />
CO<strong>NC</strong>LUSION<br />
Storage decisions must be based on the<br />
workloads and data access demands that the<br />
organisation is managing. These might change<br />
in time, so network managers will have to<br />
consider balancing future needs against<br />
current cost constraints. Consideration should<br />
also be given to how upgrading or replacing<br />
storage assets can help the company to meet<br />
its broader goals and expand. Storage must be<br />
seen as an integral part of the broader digital<br />
transformation strategy if it is to be a success in<br />
the future. <strong>NC</strong><br />
10 NETWORKcomputing NOVEMBER/DECEMBER <strong>2023</strong> @<strong>NC</strong>MagAndAwards<br />
WWW.NETWORKCOMPUTING.CO.UK
OPINION: CLOUD TECHNOLOGY<br />
MOVING MONOLITHS<br />
JON MCELWEE, CLOUD SPECIALIST AT IOMART, OFFERS A GUIDE TO TAKING THE COMPLEXITY OUT<br />
OF MONOLITHIC APPLICATION MODERNISATION<br />
Cloud technology has evolved at pace<br />
over the last decade. From its origins in<br />
the early 2000's when AWS created<br />
one of the first public clouds, to today where<br />
almost nine in 10 (89%) business are using the<br />
cloud in some way. During that evolution,<br />
cloud's capabilities have hugely expanded,<br />
opening businesses up to new ways of<br />
capturing data and using it to their<br />
organisation's advantages, integrating<br />
technologies such as machine learning and AI.<br />
For many companies, however, the ability to<br />
access these technologies and advantages is<br />
being hindered by legacy systems - in<br />
particular, monolithic technology stacks that<br />
hinder agility and innovation.<br />
MODERNISING MONOLITHIC<br />
ARCHITECTURE<br />
The shift from isolated working methods to a<br />
microservices environment provides<br />
organisations with a range of benefits, but the<br />
transition itself can be daunting. Large<br />
businesses with decades old technology stacks<br />
may feel overwhelmed at the thought of<br />
transitioning to microservices, and the time<br />
investment required to do so. But with the<br />
correct planning and support, it doesn't have<br />
to be an arduous task. So, how can businesses<br />
make the shift?<br />
The first necessary step is to break down an<br />
organisation's existing monoliths into<br />
manageable components. This modular<br />
transition reduces the risk of disruption to<br />
essential services while allowing the gradual<br />
adoption of microservices.<br />
To achieve smoother transitions and align<br />
changes with business objectives, development<br />
and operations teams need to collaborate<br />
effectively. This is what DevOps principles<br />
enable. However, moving to microservices also<br />
involves a thorough evaluation of the existing<br />
technology assets, to determine what needs to<br />
be migrated and what can be<br />
decommissioned, as well as a realistic<br />
assessment of the organisation's capabilities,<br />
for a successful migration.<br />
Data migration, security and compliance are<br />
essential aspects of this. Legacy systems may<br />
contain years of valuable data, so ensuring its<br />
smooth migration while preserving data quality<br />
is crucial.<br />
DEALING WITH OLD DATA<br />
It's tempting for businesses that are<br />
considering modernising their monolithic<br />
architecture, to do so once they're in the<br />
cloud. As a result, they'll conduct the lift and<br />
shift and then start on the optimisation<br />
process. This can work for many businesses -<br />
particularly larger ones with a considerable<br />
number of workloads - but for most it's a costly<br />
process which involves paying for unnecessary<br />
storage. As such, one of the most important<br />
aspects of modernisation is conducting the<br />
due diligence before the lift and shift, to<br />
understand what legacy data needs to be<br />
migrated and, crucially, what doesn't.<br />
In these cases, conducting Microsoft's Cloud<br />
Adoption Framework (CAF) before the lift and<br />
shift can be very beneficial. This is where<br />
businesses create a cloud blueprint before<br />
making the transition, to figure out whether<br />
certain workloads need refactoring,<br />
rearchitecting, resizing or rehosting. This<br />
ensures any transition to the cloud is done in<br />
the most optimised way.<br />
It's also possible to adopt a hybrid approach,<br />
which combines both a CAF as well as the lift<br />
and shift. This allows IT teams to break down<br />
applications in a manageable way, while still<br />
enjoying the benefits that having data stored in<br />
the cloud can offer. Microservices architecture<br />
is not a universal solution. Businesses with a<br />
strong need for agility, scalability, and rapid<br />
innovation will gain the most from it.<br />
FINAL THOUGHTS<br />
Businesses undergoing digital transformation<br />
by modernising monolithic architecture are on<br />
the right path towards leveraging the true<br />
benefits of cloud technology, but the process of<br />
getting there doesn't need to be complex.<br />
Working alongside trusted consultants who<br />
understand and have experience of the unique<br />
challenges posed by legacy systems, ensures<br />
any transition to a microservices environment is<br />
effective and efficient - both from a time and<br />
cost perspective.<br />
The cloud technology we have available to us<br />
today has never been better. It's time for<br />
businesses to benefit from that. <strong>NC</strong><br />
WWW.NETWORKCOMPUTING.CO.UK NOVEMBER/DECEMBER <strong>2023</strong> 11<br />
NETWORKcomputing<br />
@<strong>NC</strong>MagAndAwards
OPINION: SASE<br />
IS SD-WAN THE RIGHT FIT FOR A HYBRID WORKPLACE?<br />
JONATHAN WRIGHT,<br />
DIRECTOR OF PRODUCTS<br />
AND OPERATIONS AT GLOBAL<br />
CLOUD XCHANGE (GCX),<br />
EXPLAINS HOW SASE COULD<br />
SUPPLANT SD-WAN AS THE<br />
BEST INFRASTRUCTURE<br />
SOLUTION FOR OUR NEW<br />
HYBRID WORKING REALITY<br />
We have seen increased adoption of<br />
SD-WAN technologies over the last<br />
few years as a means of<br />
strengthening connectivity, reducing costs,<br />
and gaining greater control and visibility of<br />
networks. In fact, one recent study<br />
highlighted how 95 percent of enterprises<br />
have either already deployed SD-WAN or will<br />
do so over the next 18 months.<br />
But SD-WAN was designed for pre-<br />
COVID working conditions that were mostly<br />
office-based whereas, post-COVID, hybrid<br />
working has become the norm. What most<br />
IT directors don't realise is that the benefits<br />
of SD-WAN in a fixed workplace -<br />
increased network visibility, flexibility and<br />
security enforcement - don't translate for<br />
remote working.<br />
Given the levels of investment that have<br />
already been made in SD-WAN, many<br />
organisations are looking into SASE (Secure<br />
Access Service Edge) frameworks to add to<br />
their existing deployments - although some<br />
are still making a full transition.<br />
12 NETWORKcomputing NOVEMBER/DECEMBER <strong>2023</strong> @<strong>NC</strong>MagAndAwards<br />
WWW.NETWORKCOMPUTING.CO.UK
OPINION: SASE<br />
THE DRIVERS FOR SD-WAN<br />
With the growing migration of applications<br />
to the cloud, we have seen increased levels<br />
of SD-WAN adoption. SD-WAN deals with<br />
centralisation and automation, as it<br />
effectively optimises application traffic and<br />
supports reliable access to applications in<br />
the cloud. SD-WAN also reduces vendor<br />
lock-in, as organisations can mix and<br />
match software and hardware from different<br />
providers with centralised control at the<br />
software level. Which, in turn, enabled<br />
companies to do more in the cloud.<br />
But instead of being built around users,<br />
SD-WAN architecture is tailored around<br />
how a particular facility or site accesses<br />
applications and services located on the<br />
corporate network, in the cloud, or in a<br />
data centre. When designed, most users<br />
were expected to work on-site with traffic<br />
routed through a dedicated WAN or LAN<br />
port. Remote working was generally<br />
supported by a handful of gateways across<br />
the world with associated VPNs. The<br />
experience was slower and less flexible than<br />
in the office, but at that time remote<br />
working wasn't as widespread and,<br />
importantly, this approach still supported a<br />
secure connection to their office.<br />
LOSING SIGHT OF THE SECURITY<br />
RISKS<br />
Hybrid working models are now the norm,<br />
and the experience of working in the office<br />
must be replicated whether users are at<br />
home or on the move. This means giving<br />
users the flexibility and freedom to work<br />
securely on any device, in any location.<br />
This model requires scalable networks and<br />
security policies - not just to support a<br />
working anywhere culture, but so corporate<br />
policy and configurations can be applied<br />
for remote workers as they are on-premise.<br />
This is important because any data sent<br />
from a remote device could be unprotected<br />
while in transit to the cloud, which<br />
effectively turns SD-WAN into a security risk<br />
in a hybrid work environment.<br />
Visibility also presents an issue. For an<br />
office, the analytics and reporting process<br />
are simple because all traffic flows through<br />
a single network device. However, with<br />
remote working, people use their own<br />
broadband, and sometimes their own<br />
device, leading to a loss in visibility.<br />
The outdated, decentralised model means<br />
it's impossible to collect data for every<br />
packet centrally and report on statistics such<br />
as bandwidth consumption, security<br />
compliance, or traffic flows to applications<br />
in the cloud. This lack of visibility presents<br />
significant security concerns as without the<br />
ability to track which resources users are<br />
accessing, organisations are increasing the<br />
shadow IT landscape and unnecessarily<br />
inviting new risks to their networks.<br />
SPEED AND EASE OF PERFORMA<strong>NC</strong>E<br />
Over the years there has been significant<br />
investment in SD-WAN, which is perhaps<br />
why most companies seem reluctant to<br />
move away from the technology<br />
completely. Instead, they want to find a<br />
way to make the existing infrastructure<br />
work for hybrid working. And as a result, I<br />
predict that in just five years we'll see SD-<br />
WAN used as an access technology with<br />
most of its current functionalities shifting to<br />
a SASE overlay framework.<br />
The potential performance and security<br />
benefits are huge. With data routing<br />
through a centralised SASE framework,<br />
users can become truly device and<br />
location-agnostic without compromising the<br />
security and compliance of the data for the<br />
packet's entire journey. With some providers<br />
offering hundreds of SASE gateways across<br />
the world, it also supports more localised<br />
access to reduce latency. And, it even<br />
improves the connection between public<br />
and private network services, as the<br />
centralised design negates the need for the<br />
installation of a transitory SD-WAN hub.<br />
SASE also enables network<br />
administrators to monitor and analyse<br />
traffic flows and application performance<br />
in real-time, at a regional, brand or even<br />
user level. Simplifying data visibility with<br />
one centralised framework enables<br />
administrators to reduce the number of<br />
tools they need to monitor performance;<br />
they can now view network performance<br />
and how it connects with specific<br />
applications, as well as whether the data<br />
is secured and compliant on one single<br />
platform. This improves the speed at<br />
which issues can be discovered, assessed,<br />
and resolved.<br />
And of course, that's without considering<br />
the quality and cost. Undoubtedly, the<br />
ability to deliver high-quality networking<br />
over cheaper internet circuits was a key<br />
driver for SD-WAN adoption. Yet, it still<br />
required relatively expensive licenses and<br />
hardware. So even with though the total<br />
cost of ownership (TCO) came down, the<br />
reliance on specialist hardware and<br />
licence fees persists.<br />
Many Internet telco circuits have fallen<br />
considerably in price, and sometimes now<br />
offer a more affordable solution overall with<br />
better performance than SD-WAN on a<br />
cheaper circuit. But with SASE there are<br />
more cost optimisation opportunities as it<br />
only needs a secure connection to a device<br />
which supports SSL or IPsec.<br />
PERFORMA<strong>NC</strong>E AND PEACE OF<br />
MIND<br />
Whether using a public, private or hybrid<br />
network, and no matter what the location<br />
or device, SASE augments the visibility and<br />
security of data as it moves across their<br />
global network. This not only improves<br />
performance, but it critically offers<br />
organisations true peace of mind. <strong>NC</strong><br />
WWW.NETWORKCOMPUTING.CO.UK @<strong>NC</strong>MagAndAwards NOVEMBER/DECEMBER <strong>2023</strong> NETWORKcomputing 13
CASE STUDY<br />
"MADE IN GERMANY" QUALITY, TWO TIMES OVER<br />
MACMON PARTNER NETPLANS HAS SECURED LEVELLING TECHNOLOGY SPECIALIST ARKU AGAINST<br />
MALWARE ATTACKS WITH MACMON NAC<br />
Founded in 1928, the family-owned<br />
company ARKU Maschinenbau GmbH<br />
has become the world market leader in<br />
levelling technology, with over 50 years of<br />
experience to call on. ARKU offers the<br />
largest selection of high-performance and<br />
high-precision leveling machines as well as<br />
deburring and rounding machines.<br />
In the last few years ARKU has faced an<br />
increasing number of malware attacks.<br />
However, by working closely with the<br />
Freiburg branch of the IT systems house<br />
NetPlans, it has introduced extensive<br />
measures to defend itself. It its search for<br />
reliable and scalable network protection, it<br />
quickly became clear that macmon NAC<br />
was the right option.<br />
NetPlans is a Platinum macmon partner with<br />
certified and continuously trained macmon<br />
experts who have provided first-class support<br />
for their customers - especially from the SME<br />
sector - with the implementation of a huge<br />
number of projects.<br />
RADIUS AUTHENTICATION PROVIDES<br />
EVEN MORE SECURITY<br />
To authenticate endpoints, ARKU uses<br />
macmon's integrated RADIUS server to make<br />
the decisions on granting access. As the ID or<br />
means of authentication, a number of<br />
different properties can generally be used,<br />
such as the MAC address, user<br />
name/password or certificate. Since the<br />
network is not accessed by the system until<br />
the RADIUS server has confirmed it, there are<br />
no unused or insecure ports, which increases<br />
security significantly. While granting access,<br />
the IT team can define and specify additional<br />
rules for the switch to implement. If the switch<br />
is technically capable of doing so (layer 3), a<br />
specific VLAN, defined ACLs or almost any<br />
other attributes can be assigned in this way.<br />
An access control list (ACL) limits access to<br />
data and functions. The ACL determines the<br />
extent to which individual users and system<br />
processes have access to certain objects such<br />
as services, files or registry entries. "We use a<br />
variety of security solutions in our company,"<br />
said Felix Pflüger, IT & Digitisation Team<br />
Leader at ARKU. "Thanks to macmon NAC,<br />
we always have oversight over our extensive<br />
IT infrastructure. Our switches are<br />
administered via SNMP and<br />
RADIUS, meaning macmon sets<br />
the appropriate VLAN on the<br />
switch port, or the port is<br />
blocked if there are unknown<br />
devices. That prevents<br />
unauthorised devices from<br />
gaining access via network<br />
outlets, for example."<br />
VISITOR MANAGEMENT<br />
MADE EASY<br />
Frequent visits by customers<br />
and suppliers present<br />
companies with the challenge of preventing<br />
these users' end devices from accessing the<br />
company's internal network. The functions of<br />
the "Guest Service" module provide an<br />
intelligent and flexible management system<br />
for any external device with a granular guest<br />
ticket system for controlling temporary LAN<br />
and WLAN access.<br />
Since the number of external visitors was<br />
manageable during the Coronavirus period,<br />
the IT department was responsible for deciding<br />
whether or not visitors were granted access. In<br />
the future, however, this task will be delegated<br />
to authorised employees with the macmon<br />
guest portal. Without having to deal with the<br />
macmon NAC administration, they can<br />
generate access data directly in the portal or<br />
confirm visitors who have registered themselves.<br />
The resources shared and the duration of<br />
access can be defined while creating the access<br />
data, ensuring each visitor can access only the<br />
specific resources approved for them. For<br />
instance, a service technician who has to<br />
maintain machine equipment has different<br />
access rights than a customer who is visiting the<br />
company for a meeting.<br />
CO<strong>NC</strong>LUSION<br />
"Using macmon NAC and the macmon guest<br />
portal has allowed us to significantly improve<br />
our network security and endpoint<br />
management," said Felix Pflüger. "In our region,<br />
the macmon Platinum partner NetPlans is our<br />
expert implementation and support partner for<br />
issues related to IT infrastructure and security,<br />
which have been improved over the years and<br />
maintained at the highest standard. Only by<br />
continuously optimising existing solutions can<br />
intelligent attacks be successfully repelled in the<br />
long term. The rollout of macmon NAC in the<br />
US was a success; further projects are in the<br />
pipeline." <strong>NC</strong><br />
14 NETWORKcomputing NOVEMBER/DECEMBER <strong>2023</strong> @<strong>NC</strong>MagAndAwards<br />
WWW.NETWORKCOMPUTING.CO.UK
PRODUCT REVIEW<br />
macmon NAC<br />
PRODUCT REVIEW<br />
PRODUCT<br />
REVIEWPRODUCT RE<br />
Despite the undeniable security benefits<br />
many businesses find implementing a<br />
network access control solution<br />
challenging, as all too many are complex<br />
and time consuming to install and difficult to<br />
manage. The German company macmon<br />
secure GmbH stands out from the crowd as<br />
its NAC product is designed to be simple to<br />
deploy and maintain while its smart agentless<br />
architecture means it can be protecting your<br />
network from day one. It doesn't require<br />
agents or sensors as it queries all your<br />
manageable switches and uses methods such<br />
as SNMP, REST or Telnet/SSH to find out<br />
which network devices and connected<br />
endpoints are in the network.<br />
The macmon NAC appliance also offers its<br />
own embedded RADIUS server for<br />
authentication to fully support the industry<br />
standard 802.1X while making it much simpler<br />
to adopt. The above mentioned protocols are<br />
also being used to enforce NAC controls,<br />
which is why it is not only compatible with<br />
informational technology but can also secure<br />
operational technology (OT) networks with all<br />
their legacy systems.<br />
This simple approach has major benefits<br />
in the battle to control what macmon<br />
classifies as UFOs (unidentified frightening<br />
objects). These could be an intruder, an<br />
employee's access point being used to build<br />
their own Wi-Fi network, or something as<br />
simple as a workstation.<br />
macmon NAC can see all endpoints<br />
regardless of whether they are a desktop PC, a<br />
BYOD, a controlling unit of an industrial facility,<br />
or the laptop of a service technician. This<br />
network overview is extremely valuable for both<br />
homogeneous and heterogeneous<br />
infrastructures and large non-transparent<br />
networks, which can often be found in the<br />
manufacturing or the automotive industry.<br />
Mobile user controls are particularly good as<br />
macmon NAC can identify them irrespective of<br />
which network switch or Wi-Fi device they<br />
access, and uses whitelists to determine what<br />
access levels they are allowed. Furthermore,<br />
macmon NAC is manufacturer-agnostic, so it'll<br />
work with any manageable switch, and can<br />
scale easily as the network expands, allowing it<br />
to work with the latest IT systems as well as<br />
long-established operational technologies.<br />
We found deployment swift as we installed<br />
macmon NAC on our VMware vSphere host in<br />
ten minutes. The web console is easy to use,<br />
and our first task was to create a list of<br />
credentials for our monitored switches where it<br />
defaults to SNMP.<br />
macmon NAC gathers information about all<br />
network devices and endpoints and their<br />
attributes such as MAC and IP addresses and<br />
their names using (amongst others) ARP, DNS<br />
and DHCP as well as OT specific protocols.<br />
These may be added to a list of 'known'<br />
endpoints in the console and assigned to<br />
groups such as PCs, mobiles and guest<br />
devices, which in the simple mode even<br />
enforce up to three levels of authentication<br />
and related authorisation.<br />
Any new endpoints that macmon NAC<br />
discovers are considered unauthorised and<br />
policies are used to determine what access<br />
levels they should have - if any. Predefined<br />
rules make this even easier as they can block<br />
these devices, dynamically manage VLAN<br />
membership and present guest users with<br />
custom captive web portals.<br />
The macmon VLAN Manager is a powerful<br />
instrument to roll out as it automatically<br />
maintains a zoning concept in big production<br />
facilities or other industrial contexts, which is a<br />
requirement of many security regulations such<br />
as IEC 62443 or even ISO 27001. The<br />
Premium bundle enables full compliance<br />
scans on endpoints and offers even more<br />
integration options to gain additional status<br />
from third-party tools.<br />
macmon NAC is very amenable as it generally<br />
integrates with a wide range of third-party<br />
security solutions and even offers a framework<br />
to simply add your own integrations. <strong>NC</strong><br />
Product: macmon NAC<br />
Supplier: macmon secure GmbH<br />
Tel: +49 30 23257777-0<br />
Web site: www.macmon.eu<br />
Sales: info@macmon.eu<br />
WWW.NETWORKCOMPUTING.CO.UK NOVEMBER/DECEMBER <strong>2023</strong> 15<br />
NETWORKcomputing<br />
@<strong>NC</strong>MagAndAwards
SECURITY UPDATE<br />
COMPLYING WITH THE NIS 2 DIRECTIVE TO HELP SECURE CRITICAL ASSETS<br />
STEVEN KENNY, INDUSTRY<br />
LIAISON, ARCHITECTURE &<br />
ENGINEERING, AXIS<br />
COMMUNICATIONS,<br />
EXAMINES THE LATEST<br />
CYBERSECURITY<br />
COMPLIA<strong>NC</strong>E REGULATION -<br />
THE NIS 2 DIRECTIVE - AND<br />
WHAT SECURITY BUSINESSES<br />
SHOULD BE DOING TO<br />
PREPARE FOR IT<br />
The European Parliament adopted the<br />
NIS 2 Directive (NIS 2) in <strong>Nov</strong>ember<br />
2022 and a planned UK alignment is<br />
set to follow. NIS 2 replaces and repeals the<br />
NIS Directive that established cybersecurity<br />
requirements for the operators of essential<br />
services (OES) and digital services providers<br />
(DSP). It modernises the existing legal<br />
framework in the EU to keep up with<br />
increased digitisation and an evolving<br />
cybersecurity threat landscape, and will<br />
improve cybersecurity risk management and<br />
introduce reporting obligations across a<br />
number of new sectors and entities.<br />
With an October 2024 deadline by which to<br />
adopt and publish the measures necessary to<br />
comply with NIS 2, it's important to determine<br />
what this means for security businesses<br />
working with, or wishing to work with,<br />
affected companies. A network camera, for<br />
example, while used for both security and<br />
operational means across a range of<br />
industries that may come under the NIS 2<br />
Directive, is not classed as a critical asset.<br />
This technically places it outside the Directive's<br />
scope. Yet such a device nevertheless<br />
represents a vulnerability through which a<br />
malicious threat actor could launch an attack.<br />
What steps, then, should security businesses,<br />
their partners and customers be taking to<br />
ensure compliance?<br />
DEMONSTRATING CYBER MATURITY<br />
The new directive eliminates the distinction<br />
between OESs and DSPs, instead it clarifies<br />
businesses as either essential or important<br />
and uses a size-cap rule to determine which<br />
medium and large-sized entities fall within its<br />
scope. To comply with NIS 2 a holistic<br />
16 NETWORKcomputing NOVEMBER/DECEMBER <strong>2023</strong> @<strong>NC</strong>MagAndAwards<br />
WWW.NETWORKCOMPUTING.CO.UK
SECURITY UPDATE<br />
approach is required that considers all<br />
possible threat vectors. It is expected that<br />
those businesses that need to comply with NIS<br />
2 will have to carry out a greater level of due<br />
diligence on their technology partners. As part<br />
of this evaluation process and a vendor risk<br />
assessment, it is highly likely that policies and<br />
processes will play a much greater role.<br />
Securing a network, its devices, and the<br />
services it supports requires active<br />
participation by the entire vendor supply<br />
chain, as well as the end-user organisation.<br />
For the physical security industry, working<br />
closely with customers and other stakeholders<br />
will help to ensure a joined-up approach that<br />
everyone can agree on. Dedicated tools,<br />
documentation and training will help mitigate<br />
risks and keep products and services up-todate<br />
and protected.<br />
Equally, end-users will now be seeking to<br />
work with those suppliers and / or vendors<br />
who follow appropriate policies and<br />
processes, as well as holding third-party<br />
certifications. It's therefore imperative that<br />
physical security businesses can<br />
demonstrate, for example, that they adhere<br />
to a Vulnerability Management Policy, hold<br />
certification for ISO/IEC 27001 for<br />
Information Security Management Systems<br />
(ISMS), and Cyber Essentials Plus<br />
accreditation.<br />
DEVICE AND SYSTEM CONTROLS<br />
AND HARDENING<br />
Product integrity controls and features help to<br />
ensure that both hardware and firmware are<br />
protected from unauthorised change or<br />
manipulation. Signing a firmware image with<br />
a private key prevents firmware from being<br />
installed or upgraded without presentation of<br />
the appropriate credentials. Additionally,<br />
secure boot, based on the use of signed<br />
firmware, consists of an unbroken chain of<br />
cryptographically validated software, starting<br />
in immutable memory, that ensures a device<br />
can boot only with authorised firmware. A<br />
move to the use of signed video ensures that<br />
video evidence can be verified as<br />
untampered, making it possible to trace the<br />
video back to the camera from which it<br />
originated and verify that the video has not<br />
been modified or edited.<br />
The use of system hardening processes aims<br />
to protect and secure devices and systems<br />
against cyberattacks by reducing the attack<br />
surface - essentially protecting all possible<br />
points of entry that could be used by an<br />
attacker. Creating strong passwords,<br />
removing or disabling all superfluous drivers,<br />
services, and software, and setting system<br />
updates to install automatically are all<br />
recommended approaches. The likelihood of<br />
unauthorised or unauthenticated user access<br />
is further reduced by applying a Zero Trust<br />
policy, in line with the National Institute of<br />
Standards and Technology's (NIST) risk<br />
management framework which promotes a<br />
never trust and always verify approach to any<br />
request for systems access.<br />
While it is very unlikely that physical security<br />
systems will be classed as a critical asset as<br />
far as the scope of the NIS 2 Directive is<br />
concerned, it is important that organisations<br />
consider a holistic approach during the<br />
scoping of such technology. Physical<br />
security businesses, working closely in<br />
partnership with supply chains and<br />
customers, can deliver a system that is<br />
secure from both a physical and<br />
cybersecurity perspective, while<br />
helping to meet NIS 2 requirements.<br />
Stringent security measures, backed<br />
by policies and processes, tools,<br />
documentation and training, will<br />
help reduce risk and keep customers<br />
protected.<br />
The NIS 2 Directive - Axis briefing<br />
paper to support cybersecurity<br />
compliance: https://www.emeacomms.axis.com/nis-2-directivebriefing<br />
ABOUT STEVEN KENNY<br />
Steven Kenny has spent 18 years in the<br />
security sector in roles that have seen him<br />
take responsibility for key elements of<br />
mission critical, high-profile projects across<br />
a number of different vertical markets. His<br />
current role sees him lead a team of<br />
Architect and Engineering managers across<br />
the EMEA region whilst supporting various<br />
industry associations and standards<br />
organisations. He currently sits on the EMEA<br />
Advisor Council as the emerging technology<br />
lead for TiNYg (Global Terrorism<br />
Information Network), and on various<br />
standards committees to support IoT<br />
security, as well as the BSI Private Security<br />
Management and Services. <strong>NC</strong><br />
WWW.NETWORKCOMPUTING.CO.UK @<strong>NC</strong>MagAndAwards NOVEMBER/DECEMBER <strong>2023</strong> NETWORKcomputing 17
OPINION: IOT<br />
IOT AND THE FUTURE OF NETWORKING<br />
ALAN HAYWARD, SALES AND MARKETING MANAGER AT SEH TECHNOLOGY, LOOKS AT THE<br />
OPPORTUNITIES POSED BY IOT AND ASSOCIATED TECHNOLOGIES, THE IMPORTA<strong>NC</strong>E OF RELIABLE<br />
NETWORKS IN THIS NEW ERA, AND HOW INTEGRATIONS CAN BE SUCCESSFUL<br />
The Internet of Things is transforming<br />
networking by connecting the digital<br />
and physical worlds in new ways.<br />
Wired and wireless networks are changing<br />
how we live and work, and as a result the<br />
traditional networking model is gradually<br />
fading away. IoT consists of physical<br />
devices that include sensors and software,<br />
that connect and exchange data with<br />
other IoT devices over the networks<br />
and/or the wider internet. There are<br />
already many examples of IoT<br />
applications in existence today in the<br />
home, businesses and transportation.<br />
The potential of IoT doesn't just lie in its<br />
ability to connect physical objects but in<br />
how it can enrich the digital world with<br />
new sources of data and information.<br />
Human environments can be far better<br />
understood through the data created by<br />
IoT devices and then analysed, to identify<br />
patterns and conclusions. IoT has so<br />
many applications and use cases that are<br />
yet to be explored and as physical<br />
devices become more compact and<br />
networks more advanced, those<br />
opportunities will multiply.<br />
BUILDING RELIABLE NETWORKS<br />
The evolution of networking and the<br />
emergence of IoT will place a strain on<br />
both existing and new networking<br />
infrastructures. More devices will lead to<br />
more data being transmitted over<br />
networks at increasing rates and speeds.<br />
ericsson expects the number of IoT<br />
connections to increase from 13.2bn in<br />
2022 to 34.7bn in 2028 with a CAGR of<br />
18%. The numbers clearly state that the<br />
IoT evolution is already well underway,<br />
and networks need to be ready to handle<br />
the forecasted increases in connections.<br />
Today, networking is such a foundational<br />
element of life that there's an expectation<br />
for infrastructures to be reliable. The<br />
modern world moves at such a pace, that<br />
opportunities are missed as a result of<br />
poor connections and slow speeds. 5G<br />
for example is still yet to prove itself and<br />
gain penetration in the wider market.<br />
Edge computing is seen as one way to<br />
improve reliability by moving computing<br />
and storage resources closer to where<br />
data sources are, rather than data being<br />
transmitted to data centres and more<br />
centralised resources. Edge computing<br />
can ease congestion, improve latency and<br />
increase bandwidth. All of this requires<br />
monitoring and other adaptations to be<br />
successful, but edge computing offers so<br />
many opportunities to help transform IoT<br />
and networking for the better.<br />
TAKING INTEGRATION TO THE<br />
NEXT LEVEL<br />
In order to adapt to changing networks,<br />
organisations will need to build<br />
innovative solutions with open standards<br />
to connect legacy devices to evolving<br />
network infrastructures. There's a risk that<br />
some will be left behind in this new era.<br />
The reality is that legacy devices will<br />
continue to play a pivotal role in the<br />
coming years, and some organisations<br />
for security and operational reasons<br />
prefer to use them.<br />
Integrating legacy devices into changing<br />
networking infrastructures will require the<br />
use of intermediary devices for dongles,<br />
USB devices, printers and industrial<br />
solutions. Such devices can then be<br />
controlled and managed remotely, to<br />
ensure that they continue to effectively<br />
serve user needs. Events can be rapidly<br />
diagnosed and repairs can take place to<br />
ensure the maximum uptime of<br />
peripherals. The next era of networking<br />
won't just be dependent on the success of<br />
new technologies but also on how legacy<br />
systems can function over new network<br />
infrastructures. Legacy devices won't<br />
disappear for many years and will be very<br />
much part of the future too.<br />
The future of networking will bring with it<br />
so many possibilities and challenges to be<br />
overcome. For the future to be a success,<br />
networks will need to be reliable - and<br />
legacy devices can't be forgotten in the<br />
process. The challenges of the past and<br />
how they are solved will be crucial to the<br />
future of networking and IoT in an everevolving<br />
digital world. <strong>NC</strong><br />
18 NETWORKcomputing NOVEMBER/DECEMBER <strong>2023</strong> @<strong>NC</strong>MagAndAwards<br />
WWW.NETWORKCOMPUTING.CO.UK
PRODUCT REVIEW<br />
Hornetsecurity<br />
Security<br />
Awareness Service<br />
PRODUCT REVIEW<br />
PRODUCT<br />
REVIEWPRODUCT RE<br />
Cybercriminals never sit still and are<br />
always looking for new ways to outwit<br />
businesses and breach their security<br />
controls. Email spear phishing is still one of the<br />
most successful and prevalent forms of attack,<br />
so businesses must be more robust in their<br />
defences and stop seeing staff as just another<br />
security risk.<br />
Security Awareness Service (SAS) from<br />
Hornetsecurity is an innovative solution that<br />
turns staff from a potential liability into an extra<br />
defence layer. Using Hornetsecurity's patented<br />
Spear Phishing Engine (SPE), it tests and e-<br />
trains them in attack recognition and<br />
avoidance techniques.<br />
SAS goes further than many competing<br />
solutions as, instead of merely providing<br />
templates to help build phishing scenarios, the<br />
SPE does it all for you by automatically creating<br />
realistic simulated phishing emails, based on<br />
the most current types of attacks.<br />
Even better, it employs its Awareness Engine<br />
and patented Employee Security Index (ESI®)<br />
to regularly evaluate each user's behaviour<br />
and increase or decrease the level of training<br />
intensity to help them achieve a strong<br />
security mindset.<br />
Deployment is swift, as you whitelist the<br />
spoofed mail domains used by SAS, and onboard<br />
users and groups from Active Directory<br />
(AD), Azure AD, LDAP or via CSV upload.<br />
Ongoing management is equally simple, as<br />
SAS uses the same web portal as all other<br />
Hornetsecurity products to provide a single<br />
pane of glass. From the SAS configuration<br />
page, you view all evaluated users and groups,<br />
enable phishing simulations and set up e-<br />
training. For phishing simulations, you can hand<br />
the whole process to the Spear Phishing Engine,<br />
which automatically generates and sends<br />
simulated phishing emails, based on each user's<br />
measured security level.<br />
Plenty of customisation is available,<br />
as you can have personal evaluations sent to<br />
each user, so that they can view them in their<br />
own Security Hub portal and choose to view the<br />
types of phishing emails, with options for<br />
emails containing attachments, macros,<br />
credential phishing and domain spoofing. A<br />
Report Phishing for Outlook plug-in is also<br />
available, so users can report suspicious emails.<br />
The e-training module is activated for all users<br />
and you can specify the number of training<br />
sessions it should carry out each year. The<br />
Awareness Engine is very smart, as its Single<br />
User Booster feature ensures weak users in a<br />
group receive more training, while the<br />
Productivity Booster reduces training for those<br />
with high security scores.<br />
At this point, you can leave SAS to get on with<br />
its job in the background and as users receive<br />
their test phishing emails, it watches what they<br />
do with them. If they recognise and report it,<br />
they'll improve their security score; but, if they<br />
click on a link or open an attachment, the e-<br />
training module kicks in, right at the 'most<br />
teachable moment'. Users that were tricked are<br />
redirected to an advisory web page, which<br />
provides interactive e-training that teaches them<br />
all the things they need to look out for. It shows<br />
how to validate the sender's address, hover the<br />
cursor over a link to see its real destination and<br />
question the message content - all simple, but<br />
important, precautions.<br />
The SAS dashboard shows your current and<br />
projected ESI® scores and enables selfgovernance<br />
with knowledge, as it compares<br />
your company's rating with the industry average.<br />
A statistics page provides charts of all actions<br />
carried out on test emails, their success rates<br />
and which psychological tricks are proving<br />
to be the most effective.<br />
Hornetsecurity's Security Awareness Services is<br />
a staunch ally in the fight against phishing. It<br />
can turn staff into a valuable security asset, and<br />
its power-ful automated phishing simulation,<br />
response and e-training capabilities make it<br />
remarkably easy to deploy and to use. <strong>NC</strong><br />
Product: Security Awareness Service<br />
Supplier: Hornetsecurity<br />
Web site: www.hornetsecurity.com<br />
Tel: +44 (0) 203 0869 833<br />
Sales: sales@hornetsecurity.com<br />
Contact Hornetsecurity for pricing.<br />
WWW.NETWORKCOMPUTING.CO.UK NOVEMBER/DECEMBER <strong>2023</strong> 19<br />
NETWORKcomputing<br />
@<strong>NC</strong>MagAndAwards
OPINION: DATA CENTRES<br />
HOW DATA CENTRES CAN BECOME GREENER<br />
MICHAEL MCNERNEY, VICE<br />
PRESIDENT MARKETING AND<br />
NETWORK SECURITY,<br />
SUPERMICRO, OUTLINES THE<br />
DIFFERENT METHODS DATA<br />
CENTRE OPERATORS CAN TAKE<br />
TO REDUCE THEIR POWER<br />
CONSUMPTION<br />
Data centres use significant<br />
amounts of electricity to power<br />
their thousands of servers. From<br />
the location of a data centre to the<br />
placement of server racks, there are<br />
several actions that data centre<br />
managers can take to improve the power<br />
usage effectiveness (PUE) of the data<br />
centre. The PUE of a data centre is<br />
defined as the total amount of power<br />
delivered to the data centre, divided by<br />
the amount of power used by the IT<br />
components. The lower the value, the<br />
more energy efficient the data centre is.<br />
Of course, sourcing renewable power is<br />
an obvious first step. Still, other methods,<br />
such as increasing air inlet temperatures,<br />
optimising power delivery, and utilising<br />
the right system at the right time, can<br />
contribute to a greener data centre.<br />
OPERATE AT HIGHER<br />
TEMPERATURES<br />
When using traditional air cooling<br />
mechanisms, the air entering the server<br />
(inlet temperature) is maintained by<br />
Computer Room Air Conditioning<br />
(CRAC). How air conditioning is used in<br />
a data centre contributes the most to the<br />
PUE calculation. Reducing the amount of<br />
air conditioning significantly lowers the<br />
PUE and, thus, OPEX costs. Around the<br />
world, many data centres are keeping<br />
inlet temperatures too low. Data centre<br />
operators can reduce power usage by<br />
increasing the inlet temperatures to the<br />
manufacturer's recommended maximum<br />
value. Looking at the results from a<br />
recent survey of over 400 IT professionals<br />
and data centre managers, there is a<br />
wide range of inlet temperatures, which<br />
indicates that most IT administrators are<br />
limiting the inlet temperature to less than<br />
the manufacturer's "highest" limit.<br />
CAPTURE HEAT AT THE SOURCE<br />
CRAC is the most significant variable to<br />
optimise to lower overall PUE. The PUE of<br />
a data centre can be significantly reduced<br />
when using liquid cooling solutions in<br />
particular. While the data centre<br />
infrastructure may need to be modified or<br />
added to, the longer term OPEX savings<br />
will outweigh the initial costs.<br />
LIQUID COOLING<br />
Liquid cooling of the CPUs and GPUs can<br />
significantly reduce the need for having<br />
CRAC units in data centres and the need<br />
to push air around. There are several<br />
different methods to use liquid cooling to<br />
reduce the need for forced air cooling:<br />
DIRECT TO CHIP (DTC OR D2C)<br />
COOLING<br />
This method passes a cold liquid over the<br />
hot CPU or GPU. Since a liquid is much<br />
more efficient at removing and<br />
transporting heat than air is, the CPU or<br />
GPU can be kept within its thermal design<br />
power (TDP) envelope. This can lead to<br />
significant savings when scaled across<br />
thousands of systems in a medium to a<br />
large data centre.<br />
REAR DOOR HEAT EXCHANGER<br />
(RDHX)<br />
The rear door of the rack contains liquid<br />
20 NETWORKcomputing NOVEMBER/DECEMBER <strong>2023</strong> @<strong>NC</strong>MagAndAwards<br />
WWW.NETWORKCOMPUTING.CO.UK
OPINION: DATA CENTRES<br />
Server with D2C Liquid<br />
Cooling Intstalled<br />
and fans, which cools the hot server<br />
exhaust air before the air enters the data<br />
centre. The hot liquid needs to be cooled<br />
before it is returned to the data centre<br />
CRAC. This liquid cooling method keeps<br />
the air at a lower temperature in the data<br />
centre, reducing cooling demands on the<br />
CRAC, which will lessen the amount of<br />
electricity needed in the data centre.<br />
IMMERSION COOLING<br />
With immersion cooling, the entire server<br />
- or groups of servers - are submerged in<br />
a dielectric liquid. The close contact of<br />
the liquid molecules with the hot CPUs,<br />
GPUs, and other components is an<br />
efficient way to cool the servers, as fans<br />
will need to be removed from the<br />
servers. Some minor modifications must<br />
be made to the server before immersion.<br />
An entire rack of servers can be cooled<br />
in this manner.<br />
Immersion Cooling of Complete Servers<br />
HOT AND COLD AISLES<br />
A significant amount of electricity can be<br />
saved using the CRAC if the hot and cold<br />
aisles are separated in the data centre.<br />
When designed with hot and cold aisles,<br />
the inlet and exhaust air should not mix,<br />
allowing the data centre cooling to<br />
operate more efficiently. For adequate<br />
cooling, the rows of racks need to be<br />
installed so that the rear of the racks face<br />
each other, creating a hot aisle.<br />
Therefore, an important best practice<br />
when designing an energy-efficient data<br />
centre is to have hot and cold aisles.<br />
OPTIMISE POWER DELIVERY<br />
Power conversion from AC to DC entails<br />
some amount of heat generated. With<br />
AC being delivered to the data centre,<br />
the power must be converted to DC for<br />
the system. With each conversion, energy<br />
is lost, contributing to the inefficiency of<br />
the data centre. More efficient<br />
conversion will result in less wasted<br />
power during the conversion, with heat<br />
being the by-product that must be<br />
removed from the system.<br />
Titanium power supplies are the most<br />
efficient option, offering 96% power<br />
efficiency. Platinum power supplies are<br />
slightly less efficient at 94%. Gold power<br />
WWW.NETWORKCOMPUTING.CO.UK @<strong>NC</strong>MagAndAwards NOVEMBER/DECEMBER <strong>2023</strong> NETWORKcomputing 21
OPINION: DATA CENTRES<br />
Hot and Cold Aisles in a Data Centre<br />
supplies offer a lower efficiency of 92%.<br />
The efficiency of a power supply isn't linear<br />
or flat when it comes to the supply's output<br />
range. Most power supplies operate at<br />
their maximum efficiency when running in<br />
the upper ranges of their rated capacity.<br />
This means that an 800-watt power supply<br />
providing 400 watts of power (50%<br />
capacity) will be less efficient than a 500-<br />
watt power supply providing that same 400<br />
watts of output power (80% capacity).<br />
SOURCE GREEN ENERGY<br />
A data centre's energy source has the<br />
most significant impact on its carbon<br />
footprint and poses the most substantial<br />
opportunity to benefit the environment.<br />
Renewable energy programmes for<br />
commercial customers include generation<br />
through utility, third-party power<br />
purchase agreements (PPA), or renewable<br />
energy credits (REC). Distributed<br />
renewable energy production owned or<br />
controlled by data centres is optimal. But<br />
on-site renewable energy sources do not<br />
always satisfy data centre energy<br />
demands. Fortunately, clean grid energy<br />
can augment this. There are also<br />
increasingly effective energy storage<br />
solutions for deployment on-site, coming<br />
down in cost as battery technology<br />
improves and scales.<br />
RETHINK SITE SELECTION CRITERIA<br />
Large-scale data centres cost a lot of<br />
money to operate. For example, a single<br />
hyper-scale data centre can demand 100<br />
MW of power to keep servers, storage,<br />
and networking infrastructure performing<br />
as expected (enough to power 80,000 US<br />
households). In addition, while electronics<br />
use most of the energy consumed in a<br />
data centre, cooling those electronics to<br />
maintain operating temperatures can<br />
consume 40% of facility energy.<br />
Building costs consist of the land value<br />
as well as the cost of construction.<br />
Construction prices vary depending on the<br />
geography or region. Unlike building a<br />
home or an office building, a data<br />
centre's location has some unique<br />
requirements to be considered "green"<br />
and deliver agreed-upon Service Level<br />
Agreements (SLAs). Factors such as<br />
climate, energy pricing, risk of natural<br />
disasters, water costs, and the cost of<br />
network bandwidth all contribute to the<br />
choice of data centre locations.<br />
Data centres are critical to the world's<br />
economy. Many aspects of modern life<br />
depend on them, which consumes more<br />
electricity than ever before to deliver the<br />
services everyone uses. While the work per<br />
watt of the CPU continues to increase,<br />
there is a need to reduce the overall data<br />
centre power consumption.<br />
There are several actions that data centre<br />
operators can take. These include running<br />
systems at warmer temperatures,<br />
configuring the data centre with hot and<br />
cold aisles, and sourcing green energy.<br />
Data centres can reduce their PUE by<br />
taking just a few steps, lowering their<br />
operating expenses and decreasing their<br />
CO2 footprint for years to come. <strong>NC</strong><br />
22 NETWORKcomputing NOVEMBER/DECEMBER <strong>2023</strong> @<strong>NC</strong>MagAndAwards<br />
WWW.NETWORKCOMPUTING.CO.UK
PRODUCT REVIEW<br />
Endace<br />
EndaceProbe<br />
Cloud<br />
PRODUCT REVIEW<br />
PRODUCT<br />
REVIEWPRODUCT RE<br />
Cloud computing has revolutionised<br />
business operations globally, but the<br />
'shared responsibility' security model<br />
used by providers presents many challenges for<br />
SecOps and NetOps teams. Providers look<br />
after the security of the infrastructure, data<br />
centres and server hardware leaving customers<br />
to handle cloud application, data, operating<br />
system and access security. For teams to<br />
respond quickly to cyberattacks and resolve<br />
network or application performance issues, they<br />
must be able to capture, store, index and<br />
analyse accurate records of all traffic activity.<br />
Historically, this has been a major pain point for<br />
cloud services, but packet capture expert<br />
Endace has the perfect solution as its wellrespected<br />
EndaceProbe appliances can now be<br />
hosted in the cloud.<br />
Supporting Amazon Web Services (AWS) and<br />
Microsoft Azure public clouds, EndaceProbe<br />
Cloud delivers the same excellent packet<br />
capture and analysis features found in Endace's<br />
hardware appliances and places them right<br />
where they can provide deep visibility into cloud<br />
environments. Capable of capturing packets<br />
from virtual packet brokers, VPC mirrors, virtual<br />
span ports, load balancers, firewalls, vSwitches<br />
and virtual machines, EndaceProbe Cloud<br />
assures full security, storing all recorded packet<br />
data within your own VPC or virtual network.<br />
Deployed as a virtual machine, using the<br />
recommended sizing, EndaceProbe Cloud<br />
delivers 4Gbps packet to disk write<br />
performance, millisecond accurate<br />
timestamping, and a maximum native storage<br />
capacity of 250TB per instance. Endace's<br />
software compression and Smart Application<br />
Truncation technology further boosts packet<br />
capture capacity to as much as 500TB. You can<br />
also control cloud subscription costs by sizing<br />
the appliance up or down to your requirements.<br />
Endace adds extreme flexibility. All<br />
EndaceProbes in globally distributed cloud and<br />
hybrid networks can be centrally accessed<br />
through a single console. Endace's<br />
InvestigationManager - which can be hosted in<br />
the cloud or on-premises - provides centralised<br />
search and data-mining. Using<br />
InvestigationManager's integrated<br />
EndaceVision, a browser-based analysis tool,<br />
analysts can choose data sources from multiple<br />
EndaceProbes, view them simultaneously and<br />
use data visualisation tools to home in on areas<br />
of interest such as flows, top talkers, protocols<br />
and users. All search operations are performed<br />
locally on each EndaceProbe and only packets<br />
of interest are passed to InvestigationManager.<br />
Data egress charges are significantly reduced<br />
as there's no need to download huge pcap files<br />
from the cloud.<br />
Management of all Endace deployments can<br />
also be done centrally using EndaceCMS,<br />
which provides a single pane of glass for all<br />
administrative functions including health<br />
monitoring, configuration and upgrades. You<br />
can host EndaceCMS either on-premises or in<br />
the cloud too.<br />
EndaceProbe Cloud integrates seamlessly with<br />
a wide range of security and performance<br />
monitoring tools including solutions offered by<br />
Cisco, Palo Alto Networks, Plixer, Splunk and<br />
many others. Endace's APIs integrate directly into<br />
the user interfaces of these products so teams<br />
can analyse packet data directly from within the<br />
tools they already use without needing to have<br />
specific knowledge of Endace's appliances.<br />
A good example is Splunk. When Splunk<br />
shows an alert or event, analysts can access<br />
related packets directly from within the Splunk<br />
GUI - so they don't need to change their existing<br />
workflows. They can create, share and customise<br />
investigations accessing data from multiple<br />
EndaceProbes, view conversations, extract files<br />
from suspicious communications, generate rich<br />
logs for insight into network activity, and decode<br />
packets directly in the hosted Wireshark, thus<br />
avoiding more cloud egress charges.<br />
Cloud infrastructures are under an everincreasing<br />
barrage of cyberattacks, and SecOps<br />
and NetOps teams need total visibility into AWS<br />
and Azure environments to do their jobs.<br />
EndaceProbe Cloud provides an answer as this<br />
highly scalable unified packet capture and<br />
analysis solution is simple to deploy and ideally<br />
suited to hybrid, multi-cloud architectures. <strong>NC</strong><br />
Product: EndaceProbe Cloud<br />
Supplier: Endace<br />
Web site: www.endace.com<br />
Sales: +44 (0)800 088 5008<br />
WWW.NETWORKCOMPUTING.CO.UK NOVEMBER/DECEMBER <strong>2023</strong> 23<br />
NETWORKcomputing<br />
@<strong>NC</strong>MagAndAwards
CASE STUDY<br />
GLOBAL TRANSFORMATION AND ASSET MANAGEMENT<br />
FOR RENTOKIL INITIAL<br />
RENTOKIL INITIAL ENHA<strong>NC</strong>ES SECURITY COMPLIA<strong>NC</strong>E, TRACKING AND REPORTING ACROSS<br />
25,000+ IT ASSETS WORLDWIDE WITH LANSWEEPER<br />
Based in the UK, Rentokil Initial is one of<br />
the largest business services companies<br />
in the world, with 44,500 employees<br />
and operating in over 80 countries. The<br />
company offers route-based services including<br />
Pest Control, Hygiene, and Workwear, through<br />
teams of local experts.<br />
In early 2020, Rentokil Initial's Global<br />
Configuration Manager was looking for a way<br />
to solve the gap in their asset management<br />
strategy. The Rentokil Initial team uses the<br />
ServiceNow IT Service Management platform<br />
to manage digital workflows for enterprise<br />
operations, and they've also been using its IT<br />
asset management capabilities to track and<br />
manage IT assets across the enterprise.<br />
The company needed a solution that could<br />
automatically identify and add assets to the<br />
inventory that might otherwise be overlooked<br />
or forgotten. With more than 25,000 assets to<br />
manage, this large-scale automation was a<br />
critical capability to have.<br />
Enhancing IT asset management and<br />
identifying potential vulnerabilities:<br />
Complete IT Asset Identification: Rentokil<br />
Initial's first goal was to identify all IT<br />
assets and potential vulnerabilities<br />
residing within Windows devices and<br />
software across its extensive global IT<br />
estate. This was essential for maintaining<br />
a comprehensive view of their digital<br />
landscape.<br />
<br />
<br />
Accurate CMDB Data: Rentokil Initial<br />
aimed to feed up-to-date, accurate IT<br />
asset inventory data into its ServiceNow<br />
Configuration Management Database<br />
(CMDB). This data would serve as the<br />
foundation for compliance tracking and<br />
reporting, helping them stay in line with<br />
industry regulations.<br />
Accurate Data Records: Rentokil Initial<br />
used Lansweeper IT asset management<br />
software to discover the IT assets on its<br />
network. This accurate data seamlessly<br />
fed into their CMDB, creating single,<br />
verified data records for each managed<br />
asset. This transformation laid the<br />
foundation for streamlined compliance<br />
processes and real-time reporting.<br />
24 NETWORKcomputing NOVEMBER/DECEMBER <strong>2023</strong> @<strong>NC</strong>MagAndAwards<br />
WWW.NETWORKCOMPUTING.CO.UK
CASE STUDY<br />
Computer Security and Visibility: In a world<br />
where data breaches and cyber threats<br />
loom large, Rentokil Initial recognised that<br />
safeguarding their digital assets was<br />
paramount. Security became the chief<br />
motivator for embracing Lansweeper,<br />
enabling them to gain a comprehensive<br />
view of their IT assets, including Windows<br />
devices and software, and pinpoint<br />
potential vulnerabilities.<br />
Rentokil Initial bid farewell to spreadsheets<br />
and manual processes, which often left room<br />
for errors and inefficiencies, and ushered in<br />
streamlined operations with enhanced<br />
accuracy. By eliminating the time-consuming<br />
manual tasks that plague IT asset<br />
management, Rentokil Initial was able to foster<br />
a more agile and responsive approach.<br />
Integration was a cornerstone requirement<br />
for enhanced IT asset management, and<br />
Mark Blackman, Global Configuration<br />
Manager at Rentokil Initial, underscores the<br />
importance of this, "We needed a solution<br />
that would complement what we already had<br />
in place and simplify software audits. While<br />
our ServiceNow platform provides asset and<br />
configuration management, if somebody<br />
didn't manually register an asset, or if there<br />
were connected Windows devices that had<br />
not been identified, we were blind to those<br />
asset's existence."<br />
Understanding the magnitude of security<br />
risks, including identifying and alerting when<br />
an unknown asset connects to the network,<br />
was deemed critical. This integration with<br />
ServiceNow empowered Rentokil Initial to<br />
proactively monitor their IT landscape,<br />
fortifying their security posture.<br />
"Rather than relying on a single tool, we have<br />
multiple tools in place, which feed information<br />
to the CMDB within ServiceNow," explains<br />
Blackman. "Having data from many tools<br />
creates data "triangulation," providing a depth<br />
and breadth of information across all virtual<br />
machines, physical devices and software on<br />
the assets we want to manage."<br />
Compliance with the General Data Protection<br />
Regulation (GDPR) was a compelling driver for<br />
embracing an IT asset discovery solution.<br />
Lansweeper provided the necessary tools to<br />
maintain GDPR compliance, ensuring Rentokil<br />
Initial remained in harmony with the everevolving<br />
legal landscape.<br />
A SEAMLESS PATH TO ORGANISATION-<br />
WIDE VISIBILITY<br />
In the quest for comprehensive IT asset<br />
management and security compliance,<br />
Rentokil Initial deployed Lansweeper scanners<br />
across regional data centres in North America,<br />
Asia, and EMEA. This was a significant<br />
milestone and set them on a journey to<br />
revolutionise their organisational visibility.<br />
All the data gleaned from these scanners was<br />
centralised in a data hub in the UK. This data<br />
repository served as the linchpin of Rentokil<br />
Initial's IT asset management strategy,<br />
facilitating real-time insights and compliance<br />
tracking on a global scale.<br />
While ServiceNow operated in the cloud,<br />
Lansweeper's on-premises "mid server" acted<br />
as the bridge between the two. This onpremises<br />
component perfectly executed<br />
Lansweeper queries, ensuring accuracy and<br />
efficiency. The results were then seamlessly<br />
transmitted back to the cloud instance of<br />
ServiceNow, creating a harmonious marriage<br />
of precision and convenience.<br />
ILLUMINATING THE IT LANDSCAPE<br />
Rentokil Initial gained the ability to peer into<br />
every possible area of their IT assets connected<br />
to the corporate network. This panoramic view<br />
extended across continents, helping them<br />
gauge the state of IT globally.<br />
Moreover, this newfound visibility wasn't just<br />
about counting assets - it was about identifying<br />
potential vulnerabilities and risks lurking<br />
beneath the surface. Armed with this insight,<br />
Rentokil Initial could proactively fortify their IT<br />
infrastructure, safeguarding their business from<br />
potential threats.<br />
The combination of agent-based and<br />
agentless scanning is ideal for managing<br />
devices across global locations. The agentless<br />
scanning provides the ability to determine<br />
whether a lost or misplaced device is GDPR<br />
compliant and/or free from vulnerabilities, and<br />
therefore not at risk of being compromised.<br />
A key use case for these features was for<br />
mergers and acquisition integration, which is a<br />
key part of Rentokil's Initial strategy. "When we<br />
acquire a new company, we simply deploy<br />
Lansweeper on the company's infrastructure,<br />
and we can immediately see all the devices<br />
they have, what operating systems are not<br />
supported, and whether they've been patched<br />
properly," said Blackman. "That helps us<br />
budget appropriately for any hardware<br />
upgrades or remediation work to bring these<br />
assets up to our corporate standards."<br />
The data in the CMDB keeps Rentokil Initial's<br />
senior management team informed via KPI<br />
reports generated by the ServiceNow platform,<br />
and data from Lansweeper is essential to<br />
creating those reports.<br />
NINE MONTHS TO GLOBAL<br />
TRANSFORMATION<br />
The global rollout was no small feat - the<br />
networking team played a pivotal role,<br />
meticulously identifying subnets and<br />
credentials. These details were the keys to<br />
unlocking a comprehensive scan, and the<br />
infrastructure team meticulously verified them<br />
to ensure the initial scan's success.<br />
It stands as a testament to Rentokil Initial's<br />
commitment to organisational visibility and<br />
security. It's a journey that has not only<br />
illuminated their IT landscape but also fortified<br />
their defences against the ever-evolving threats<br />
of the digital realm. <strong>NC</strong><br />
WWW.NETWORKCOMPUTING.CO.UK @<strong>NC</strong>MagAndAwards NOVEMBER/DECEMBER <strong>2023</strong> NETWORKcomputing 25
OPINION: DDoS ATTACKS<br />
SPANNING SECURITY GAPS AT THE EDGE<br />
ROMAN LARA, PRI<strong>NC</strong>IPAL<br />
ANALYST AT NETSCOUT<br />
OUTLINES THE THREAT FACING<br />
ORGANISATIONS THAT FAIL TO<br />
ADAPT THEIR DDoS<br />
PROTECTION AT THE EDGE<br />
In recent years, threat actors have become<br />
increasingly efficient and effective at what<br />
they do, allowing them to launch more<br />
dangerous attacks and evade traditional<br />
defence techniques more successfully than<br />
ever before.<br />
During this time, cybercriminals have also<br />
been launching a greater number of attacks.<br />
Findings from NETSCOUT's latest Threat<br />
Intelligence Report show that global<br />
distributed-denial-of-service (DDoS) attacks<br />
reached an all-time high in 2022, with almost<br />
13 million attacks taking place.<br />
This increase in attack frequency, coupled<br />
with the ease of use of DDoS-for-hire services,<br />
means organisations need to ramp up their<br />
protection of their critical online infrastructure,<br />
in addition to that of downstream customers.<br />
Although there are conventional protection<br />
solutions which can stop some types of DDoS<br />
attacks, businesses must go one step further to<br />
strengthen both their on-premises and cloud<br />
security measures from the different kinds of<br />
DDoS attacks which exist.<br />
There is no one-size-fits-all solution to DDoS<br />
protection at the edge, but by establishing a<br />
hybrid DDoS defence strategy, enterprise-level<br />
organisations stand a better chance of<br />
preventing the different types of DDoS attacks<br />
from significantly damaging their business.<br />
There are three main types of DDoS attacks<br />
which are used by threat actors to intentionally<br />
overwhelm a targeted website or digital<br />
network: protocol, application-layer, and<br />
volumetric attacks.<br />
PROTOCOL DDOS ATTACKS<br />
Firstly, protocol DDoS attacks are primarily<br />
focused on taking down services or underlying<br />
network infrastructure which are responsible<br />
for delivering content to the end users. The<br />
attacks disrupt services, thereby resulting in<br />
legitimate users being unable to connect to the<br />
resources. A common method to deploy a<br />
protocol attack is through a SYN flood attack.<br />
In 2021 NETSCOUT detected a shift in<br />
preference by adversaries to direct path<br />
attacks. These DDoS attacks target stateful<br />
devices such as servers, load balancers and<br />
next gen firewalls with the intention of filling<br />
Transmission Control Protocol (TCP) State<br />
Tables with bogus connections, resulting in<br />
specific resources being overwhelmed and<br />
becoming inaccessible to legitimate users. This<br />
allows cybercriminals to take down even highcapacity<br />
devices capable of maintaining<br />
millions of connections designed to protect<br />
services connected to the internet, such as file<br />
transfer, email, and web servers.<br />
A SYN flood attack involves an attacker<br />
overwhelming the target's servers with<br />
countless SYN packets - a request from<br />
another device to start a new communication<br />
channel - which contain spoofed IP addresses.<br />
In response to each SYN packet, the server<br />
invites the device to create the new channel.<br />
However, the invitation is never fulfilled, and<br />
the server continues to wait. As a result, the<br />
server eventually crashes from waiting too long<br />
for each individual SYN packet request. With<br />
this attack method, cybercriminals can<br />
dismantle high-capacity devices capable of<br />
sustaining millions of network connections,<br />
such as supercomputers.<br />
APPLICATION-LAYER ATTACKS<br />
Secondly, application-layer attacks are<br />
designed to disrupt web applications that end<br />
users interact with. An application-layer<br />
attack can be launched by a cybercriminal<br />
using even a single machine or legions of<br />
bots to continually request the same digital<br />
26 NETWORKcomputing NOVEMBER/DECEMBER <strong>2023</strong> @<strong>NC</strong>MagAndAwards<br />
WWW.NETWORKCOMPUTING.CO.UK
OPINION: DDoS ATTACKS<br />
resource - like a website or pdf - from the<br />
targeted server.<br />
As a result, the application is overwhelmed<br />
and is unable to deliver content to its users.<br />
These attacks are mostly used to target web<br />
servers, but can also go after any digital<br />
application, including session initiation<br />
protocol (SIP) and border gateway protocol<br />
(BGP) services.<br />
VOLUMETRIC ATTACKS<br />
Lastly, there are volumetric attacks. These<br />
involve threat actors flooding a target with<br />
malicious traffic in an attempt to consume<br />
all available bandwidth either within the<br />
target network/service, or between the<br />
target network/service and the rest of the<br />
internet. These attacks are simply about<br />
causing congestion.<br />
From 2006 to 2021, volumetric attacks<br />
reigned supreme, with DNS amplification<br />
attacks at the forefront. These attacks work<br />
by sending requests that generate large<br />
replies to multiple open domain name<br />
system (DNS) servers from a spoofed IP<br />
address to appear as though the request is<br />
coming from the target. At full scale, the<br />
large influx of DNS traffic onto a single<br />
server can overwhelm it, forcing the server<br />
to crash.<br />
Adversaries will typically choose one or<br />
more of these different types of attacks to<br />
use against the on-premises and cloud<br />
environments of targets in order to maximise<br />
the degree of damage. This demonstrates<br />
the need for organisations to integrate a<br />
multi-faceted defence approach across both<br />
their network availability and digital<br />
infrastructure to effectively mitigate modern<br />
DDoS threats.<br />
THE NEED FOR A HYBRID DDOS<br />
DEFE<strong>NC</strong>E APPROACH<br />
The difficulty organisations face is having to<br />
put equal protections in place to reinforce<br />
their security across all network<br />
environments. This blocks DDoS attacks<br />
which are capable of evading either onpremises<br />
only or cloud-only defences.<br />
For instance, conventional cloud-based<br />
DDoS mitigation tools can defend against<br />
larger volumetric attacks targeting internet<br />
connectivity prior to them overwhelming<br />
local protection. Meanwhile, to defend<br />
against application-layer and encrypted<br />
traffic attacks, organisations will need onpremises<br />
defences near the targeted<br />
applications or services. However, with both<br />
examples, the solutions' level of effectiveness<br />
is very limited as it protects one network<br />
environment instead of the other.<br />
For organisations to overcome this, it is<br />
best practice for them to adopt a hybrid<br />
or multi-layer DDoS defence approach<br />
with both cloud and on-premises<br />
components that recognise all the<br />
different DDoS attack vectors and<br />
methodologies.<br />
HOW TO ESTABLISH A HYBRID<br />
SECURITY STRATEGY<br />
A hybrid DDoS defence strategy<br />
incorporates an on-premises, detection<br />
and prevention system with on-demand<br />
cloud-based mitigation capabilities at<br />
the edge. The combination of the<br />
unrelenting nature of adversaries and<br />
the growing complexity of DDoS attack<br />
methodologies and techniques<br />
necessitates the basis of a<br />
comprehensive DDoS mitigation<br />
strategy to be an on-premises, roundthe-clock,<br />
purpose-built DDoS attack<br />
protection system.<br />
This must be capable of automatically<br />
identifying and blocking all types of<br />
DDoS attacks and other cyberthreats<br />
prior to damage being inflicted on<br />
business-critical online infrastructure<br />
and services.<br />
While traditional cloud-based DDoS<br />
protection solutions are effective when it<br />
comes to stopping large volumetric DDoS<br />
attacks, they have difficulty in blocking<br />
other types of DDoS attacks designed to<br />
evade their systems. But cloud-based<br />
mitigation solutions shouldn't be<br />
discarded entirely, as they strengthen the<br />
protection of on-premises tools.<br />
Fundamentally, the best solution is to<br />
use a combination of an on-premises and<br />
a cloud solution with intelligent and<br />
automated integration, as this provides<br />
the most comprehensive protection<br />
possible. Although this doesn't represent a<br />
one-size-fits-all solution, this approach<br />
helps organisations to ensure that new<br />
and evolving DDoS threats can be dealt<br />
with in real time.<br />
I<strong>NC</strong>REASINGLY EFFECTIVE THREAT<br />
ACTORS<br />
With cybercriminals becoming<br />
increasingly adept at launching<br />
dangerous attacks and evading<br />
traditional defence techniques, an<br />
inability to adapt and defend against<br />
these emerging DDoS attack techniques<br />
will significantly damage businesses.<br />
Therefore, businesses should implement a<br />
more comprehensive defence strategy to<br />
secure their network edges.<br />
Even though cloud-based solutions may<br />
be cost-effective, ultimately, they must do<br />
more to protect organisations from the<br />
rapidly evolving nature of the threat<br />
landscape and the emerging types of<br />
DDoS attacks.<br />
Nevertheless, a multi-layer, hybrid solution<br />
which deploys on-premises defence at the<br />
edge, alongside a cloud-based backup,<br />
ensures enterprises can maintain improved<br />
cyber hygiene and prevent extended server<br />
downtime in the event they're impacted by a<br />
DDoS attack. <strong>NC</strong><br />
WWW.NETWORKCOMPUTING.CO.UK @<strong>NC</strong>MagAndAwards NOVEMBER/DECEMBERR <strong>2023</strong> NETWORKcomputing 27
OPINION: NTNs<br />
TO 5G - AND BEYOND!<br />
KEYSIGHT TECHNOLOGIES' DYLAN MCGRATH GIVES US AN INSIGHT INTO THE FUTURE OF<br />
NON-TERRESTRIAL NETWORKS AND THE ERA OF DEMOCRATISED CONNECTIVITY<br />
Non-terrestrial networks (NTNs)<br />
represent an exciting new frontier<br />
in communications as they extend<br />
the reach of 5G into regions lacking<br />
terrestrial infrastructure. NTNs use both<br />
satellites and high-altitude platforms such<br />
as balloons, airships and pilotless aerial<br />
systems in the stratosphere to ensure<br />
coverage and reliability in virtually any<br />
scenario. <strong>Dec</strong>reased costs and new<br />
capabilities in terrestrial 5G are combining<br />
to make NTNs increasingly viable,<br />
ushering in a new era of true global<br />
connectivity and a space-based IoT that<br />
will permanently change our perception of<br />
communication.<br />
3GPP's 5G standards recognise NTNs as<br />
a part of the 5G connectivity infrastructure.<br />
One of the network's chief benefits is multiconnectivity,<br />
as users connect through both<br />
terrestrial and satellite links, with the<br />
former handling low-latency traffic and<br />
satellites reserved for high-latency traffic.<br />
There are a multitude of fascinating use<br />
cases to explore here, including:<br />
<br />
Augmentation of terrestrial networks:<br />
5G NTNs will fill gaps in cellular coverage,<br />
allowing operators to enhance<br />
the latter without driving up costs.<br />
NTNs will also bolster network resiliency,<br />
increasing availability and preventing<br />
outages. In addition, they will<br />
enable operators to quickly restore<br />
service to areas impacted by natural<br />
disasters. NTNs can also be used to<br />
dynamically enhance coverage in<br />
response to changing circumstances.<br />
Take a Premier League game under<br />
typical terrestrial network conditions.<br />
Data throughput and connectivity suffer<br />
with the influx of spectators posting and<br />
<br />
streaming. With NTNs, however, drones<br />
could be deployed as flying base stations<br />
above the stadium to temporarily<br />
boost connectivity and increase bandwidth,<br />
leading to a glitch-free experience<br />
for the game's duration.<br />
Whole-world connectivity: As NTNs<br />
mature, they will enable global broadband<br />
connectivity, even in isolated<br />
regions. Consider remote locations<br />
across the globe, such as parts of<br />
Canada or Tibet, where establishing<br />
ground infrastructure to support terrestrial<br />
connectivity is either not economically<br />
viable or physically impossible.<br />
NTNs will change this, providing<br />
consistent, high-speed service in even<br />
the most inaccessible areas. Some<br />
vendors have already introduced services<br />
that support an SOS messaging<br />
28 NETWORKcomputing NOVEMBER/DECEMBER <strong>2023</strong> @<strong>NC</strong>MagAndAwards<br />
WWW.NETWORKCOMPUTING.CO.UK
OPINION: NTNs<br />
<br />
<br />
capability - for example, enabling a<br />
lost hiker on a remote mountain<br />
range to summon help via their<br />
smartphone. NTNs will make this<br />
pervasive and eliminate the connectivity<br />
challenges we associate with<br />
sailing, camping, mountain climbing<br />
and other activities in isolated areas.<br />
This will also have significant implications<br />
for aerospace and defence,<br />
and other sectors operating in geographically<br />
remote regions.<br />
Remote pipeline monitoring: With<br />
speeds of up to 20 Gbps, 5G NTN's<br />
high-speed data transfer capabilities<br />
are a significant benefit for applications<br />
that rely on real-time data processing-for<br />
example, remote monitoring,<br />
surveillance, and autonomous<br />
vehicles (AVs.) In the latter industry,<br />
NTNs can augment terrestrial networks<br />
and ensure vehicle safety in<br />
the event of congestion or outages,<br />
and in areas with poor connectivity.<br />
In addition, offshore oil platforms<br />
and other enterprises operating in<br />
remote regions without terrestrial<br />
infrastructure will be able to monitor<br />
operations and equipment more<br />
closely as the technology matures.<br />
Image intelligence: The Ukraine war<br />
provides an excellent example of this<br />
insight, as satellite images were the<br />
first to show the military vehicles<br />
Russia amassed in advance of its<br />
attack. This intelligence will become<br />
a key weapon in future military conflicts,<br />
as well as tracking global<br />
warming, pandemics and other<br />
macro events.<br />
ROADBLOCKS TO INNOVATION<br />
As with any new technology, before<br />
realising these and other 5G NTN<br />
possibilities, the industry must first<br />
overcome numerous challenges. These<br />
include design considerations:<br />
<br />
The link distances are much longer<br />
with NTNs than with terrestrial<br />
networks, and the resulting<br />
implications must be accounted for<br />
in the design process to avoid<br />
issues. Introducing a fast memory in<br />
which the signal is written and then<br />
read out with a different speed is<br />
one important step. This addresses<br />
both the propagation delay and<br />
high Doppler frequency associated<br />
with NTNs.<br />
Where and how to process data is<br />
another concern.<br />
<br />
In most cases, this will be determined<br />
by the individual use case and end<br />
goal. For industries such as the<br />
military, it may be better to design a<br />
satellite with a big computer, long<br />
battery life and a large solar array to<br />
facilitate edge computing of the<br />
data via the satellite. This would<br />
enable divisions to spot<br />
changes in civilian<br />
movement or armament<br />
formation that could<br />
signal a hostile advance,<br />
as in the Ukraine<br />
example discussed<br />
above. In other<br />
scenarios, it might be<br />
better to send data to the<br />
ground for processing,<br />
which entails having the<br />
bandwidth necessary to<br />
facilitate the transmission.<br />
Finally, NTNs have the potential to<br />
replace the legacy proprietary<br />
network and operator systems with<br />
total interoperability and universal<br />
service. Actualising this vision requires<br />
that network operators and satellite<br />
providers collaborate share knowledge,<br />
and come up with new ways to bring<br />
services to the end users.<br />
Much work remains before NTNs can<br />
fully deliver on their promise, but the<br />
future is closer than many might think.<br />
As we move towards making seamless<br />
global connectivity a reality, savvy<br />
companies should be preparing to<br />
capitalise on NTNs and all the<br />
possibilities inherent in a truly<br />
connected world. <strong>NC</strong><br />
WWW.NETWORKCOMPUTING.CO.UK @<strong>NC</strong>MagAndAwards NOVEMBER/DECEMBER <strong>2023</strong> NETWORKcomputing 29
OPINION: CLOUD SECURITY<br />
BOOSTING YOUR CLOUD DEFE<strong>NC</strong>E<br />
ANTHONY WEBB, VICE PRESIDENT AT A10 INTERNATIONAL<br />
EXPLAINS THE IMPORTA<strong>NC</strong>E OF COMBINING APPLICATION<br />
DELIVERY WITH NEXT-GEN WAF TO BUILD RESILIE<strong>NC</strong>E FOR HYBRID<br />
CLOUD ENVIRONMENTS<br />
In today's modern business landscape, outside<br />
of any macro issues or economic uncertainty,<br />
there are two significant technology<br />
challenges that enterprises are grappling with.<br />
The first challenge is around the constantly<br />
evolving threat landscape, and the growing<br />
sophistication of cybercriminals and their<br />
techniques. This means the risk of an application<br />
attack and a data breach is an ever-present<br />
threat that enterprises must contend with.<br />
The other key challenge is around the<br />
effectiveness and economics of cloud<br />
operating models. Without a doubt, over the<br />
last decade digital transformation has<br />
catapulted many businesses forward, and<br />
some can now claim to be 'true' digital<br />
businesses servicing their customers in new<br />
and exciting ways. However, in this new digital<br />
and hybrid cloud environment, enterprises are<br />
highly concerned about how they can best<br />
secure, optimise, and automate their<br />
infrastructure in the most effective and costefficient<br />
way.<br />
APPLICATIONS MUST BE<br />
CONSISTENTLY AVAILABLE<br />
Today, organisations must guarantee their<br />
applications are consistently and securely<br />
accessible, no matter the location, to ensure<br />
the best end-user experience and productivity.<br />
This includes ensuring workloads are efficiently<br />
distributed across all servers, monitoring<br />
application health, and maintaining<br />
operational integrity around the clock.<br />
However, when you add in the need to<br />
protect against a rise in application attacks and<br />
an ever-increasing number of bad actors<br />
targeting the organisation, the scale of these<br />
challenges starts to become clearer. Likewise,<br />
complex deployments, coupled with regular<br />
maintenance and often limited resources<br />
dedicated to cybersecurity, are exacerbating the<br />
risk to organisations further.<br />
In this environment, with cybercriminals<br />
constantly evolving their tactics to exploit<br />
vulnerabilities in systems, a layered defence<br />
strategy that provides comprehensive<br />
protection against a wide range of threats is<br />
essential. At the same time, a solution that also<br />
helps to deliver better business outcomes,<br />
enabling organisations to optimise the<br />
customer experience, and ensure business<br />
continuity, is highly desirable.<br />
COMBINING ADC WITH NEXT-GEN<br />
WEB APPLICATION FIREWALL<br />
Combining an application delivery controller<br />
(ADC) and a next-gen web application firewall<br />
(WAF) creates a robust security solution that<br />
supports the principles of a Zero Trust security<br />
framework. As organisations seek to establish a<br />
more efficient, effective, and secure cloud<br />
operating model, these two combined<br />
technologies enable a highly performant<br />
security solution at a strategic application<br />
ingress point that reduces false positives and<br />
automates security, empowering agility and<br />
effectiveness. The ADC efficiently sifts through<br />
the myriad of threats, while the next-gen WAF<br />
efficiently provides defence against more<br />
sophisticated web attacks.<br />
HOW DOES THIS LAYERED DEFE<strong>NC</strong>E<br />
APPROACH WORK?<br />
To explain in a bit more detail how this layered<br />
defence works, let's start with the ADC. ADCs<br />
can provide load balancing and transport layer<br />
security (TLS) offloading, which can help reduce<br />
the attack surface by minimising the number of<br />
entry points into the system. This mitigates the<br />
impact of volume-based attacks, such as DDoS<br />
or brute-force attacks. On the other hand,<br />
next-gen WAFs can provide deep packet<br />
inspection and advanced threat detection<br />
capabilities, enabling them to identify and<br />
block attacks such as account takeover (ATO),<br />
known CVEs, injections, cross-site scripting<br />
(XSS), and other OWASP Top 10 attacks.<br />
Earlier in the year, we partnered with Fastly to<br />
offer its next-gen WAF with our Thunder®<br />
ADCs to provide our customers with a premier<br />
next-generation web application firewall<br />
solution running on high-performance<br />
hardware and virtual platforms for businesses<br />
operating in a highly competitive market. This<br />
enables organisations to protect their apps<br />
against advanced threats with greater accuracy<br />
while gaining superior application availability<br />
and accelerating content delivery.<br />
DIGITAL TRANSFORMATION INITIATIVES<br />
WILL CONTINUE TO EVOLVE<br />
Unfortunately, digital transformation is not a<br />
one and done initiative. Moving forward,<br />
enterprises will continue to evolve their<br />
environments as new technologies inevitably<br />
emerge. Likewise, the cyber threat landscape<br />
will undoubtedly continue to expand, very likely<br />
at the same pace as we're seeing currently - if<br />
not faster. Organisations must therefore stay<br />
vigilant, never compromise and make sure that<br />
they have a layered defence approach to<br />
protect their business. <strong>NC</strong><br />
30 NETWORKcomputing NOVEMBER/DECEMBER <strong>2023</strong> @<strong>NC</strong>MagAndAwards<br />
WWW.NETWORKCOMPUTING.CO.UK
OPINION: WI-FI 7<br />
THE MAGNIFICENT 7?<br />
KALAM MEAH, ISP DIRECTOR AT TP-LINK UK & IRELAND LTD.,<br />
CONSIDERS HOW BUSINESSES CAN EMBRACE THE NEXT STAGE<br />
OF CONNECTIVITY WITH WI-FI 7<br />
The arrival of Wi-Fi 7 marks the next stage<br />
of wireless connectivity, offering reduced<br />
latency, seamless 4K streaming and ultrafast<br />
downloads. While Wi-Fi 6 was created to<br />
handle the growth of connected devices, Wi-Fi<br />
7 delivers astounding speeds for these devices<br />
with more power and efficiency, achieving data<br />
rates of up to 46 Gbps - 4.8 times faster than<br />
Wi-Fi 6. This new technology will be pivotal in<br />
supporting the rollout of evolving technologies,<br />
such as AR, VR and the Internet of Things (IoT),<br />
across healthcare, education and hospitality.<br />
Few mainstream devices currently support the<br />
technology, but businesses can still embrace<br />
Wi-Fi 7 and plan for its long-term use within<br />
their organisations. Older devices in the 2.4,<br />
5, and 6 GHz spectrum bands can connect via<br />
Wi-Fi 7, albeit at slower speeds. That gives<br />
businesses the flexibility required for a<br />
smoother, more cost-effective transition,<br />
meaning they can upgrade their networks<br />
gradually without wholesale device<br />
replacement.<br />
ENHA<strong>NC</strong>ING HEALTHCARE DELIVERY<br />
Delivering timely, best-in-class elective care to<br />
a backlog of more than 7 million patients is an<br />
ever-evolving problem. Wi-Fi 7's improved<br />
connectivity will support medical professionals<br />
and clinicians across diagnosis, treatment,<br />
research, and innovation adoption.<br />
The pandemic demonstrated how to deliver<br />
non-urgent healthcare remotely and online.<br />
Telemedicine solutions help alleviate pressure<br />
by reducing the time spent on face-to-face<br />
care, and remote patient monitoring (RMP)<br />
eliminates the need for regular in-person<br />
check-ups. Keeping devices and hospitals<br />
connected is the leading challenge here; the<br />
number of hospital-based IoMT (Internet of<br />
Medical Things) is projected to exceed seven<br />
million by 2026, with more than 3,850 per<br />
smart hospital.<br />
These solutions require robust infrastructure<br />
to ensure secure, timely transmission of health<br />
data between patients' homes and hospitals.<br />
Wi-Fi 7's integration with IoT-based systems<br />
delivers just that.<br />
CHANGING THE FACE OF THE<br />
CLASSROOM<br />
Wi-Fi 7 will be a game-changer for education.<br />
Students and teachers can download and<br />
upload learning resources more quickly,<br />
stream videos with less lag, and participate in<br />
virtual lessons with minimal disruption.<br />
High-definition video conferencing and<br />
immersive VR experiences will be better<br />
supported through advanced technologies like<br />
MU-MIMO (Multi-User, Multiple Input,<br />
Multiple Output), enhancing remote and<br />
hybrid learning environments by allowing<br />
multiple devices to communicate<br />
simultaneously without delays or quality issues.<br />
Increasingly, academic trusts are adopting<br />
tech-based ecosystems to improve security,<br />
cost and energy efficiency. Many schools are<br />
already utilising smart lights and motion<br />
sensors to automate lighting and reduce<br />
energy consumption, while smart locks,<br />
surveillance cameras and access control<br />
systems are helping schools limit or extend<br />
access, protecting students, staff and property.<br />
Wi-Fi 6 may struggle to support the breadth<br />
of these technologies effectively. Wi-Fi 7, on<br />
the other hand, can fuel the transition to Smart<br />
Schools with five times the network capacity<br />
and 480% more throughput than Wi-Fi 6.<br />
BRINGING HOSPITALITY INTO THE<br />
NEW TECHNOLOGICAL AGE<br />
From independent coffee shops to large hotel<br />
complexes, customers expect uninterrupted Wi-<br />
Fi connectivity, and staff rely on it to organise<br />
bookings, take payments and update stock<br />
lists. Increased bandwidth and multi-channel<br />
capabilities will significantly improve hotel<br />
connectivity, enabling Wi-Fi 7 to accommodate<br />
thousands of connected devices. Via apps,<br />
hotels can transform guest experiences with<br />
more control and enhanced security through<br />
sensors, thermostats and other devices.<br />
Automated check-in allows guests to arrive at<br />
unsociable hours and reduces the number of<br />
staff required to welcome them.<br />
Managing the unified infrastructure of large<br />
hotel complexes remotely over Wi-Fi 7 will<br />
enable IT technicians to monitor devices and<br />
network health, responding to connectivity<br />
issues near-instantaneously without having to<br />
visit the site.<br />
NOT 'IF', BUT 'WHEN'<br />
As it evolves and becomes more established,<br />
Wi-Fi 7 will usher in a new era of connectivity.<br />
That's why it's essential for organisations to be<br />
aware of its potential. As one of the key<br />
building blocks that spearheads innovation,<br />
industries should embrace this opportunity to<br />
harness the power of Wi-Fi 7 to improve<br />
communications, enhance customer<br />
experience and streamline operations for<br />
stakeholders and customers. <strong>NC</strong><br />
WWW.NETWORKCOMPUTING.CO.UK NOVEMBER/DECEMBER <strong>2023</strong> 31<br />
NETWORKcomputing<br />
@<strong>NC</strong>MagAndAwards
OPINION: ESM<br />
ENGAGING AI FOR ENTERPRISE SERVICE MANAGEMENT<br />
ENTERPRISE SERVICE MANAGEMENT IS MAKING AI-POWERED TEAMS A REALITY, ACCORDING TO<br />
CULLEN CHILDRESS, SENIOR VICE PRESIDENT PRODUCT AT SOLARWINDS<br />
This communications overload scenario<br />
is the reality for most teams across<br />
departments within an organisation.<br />
However, the good news is that there is a<br />
solution to streamline internal<br />
communications, requests, and tasks.<br />
Your employees probably feel like<br />
robots. Just attempting to keep up in<br />
our increasingly networked and<br />
always-on world means an endless<br />
barrage of alerts for the various<br />
applications and technologies we use to<br />
do our jobs.<br />
Teams are more connected than ever,<br />
but that actually may be limiting<br />
productivity and collaboration. One study<br />
found that employees already spend<br />
nearly 30% of their time on email, leading<br />
to high levels of stress and pressure to<br />
respond to messages rather than focusing<br />
on more substantial tasks.<br />
While communication is key to<br />
collaboration and creativity among teams,<br />
especially in today's hybrid and remote<br />
workforces, an overabundance of<br />
communications is bogging down<br />
employees' abilities to do their best work<br />
and stifling creativity rather than<br />
fostering it.<br />
IT teams have long recognised the value<br />
of IT Service Management (ITSM)<br />
solutions in streamlining and improving<br />
efficiency. These systems use AI to help<br />
automate routine tasks, prioritise<br />
requests, and provide self-service options<br />
for employees. Instead of having a real<br />
person do this alone, AI quickly supports<br />
simple tasks such as automating service<br />
ticket routing, leveraging virtual assistants<br />
to answer frequently asked questions, and<br />
developing an endless feedback loop to<br />
enhance the end-user experience.<br />
A recent survey of SolarWinds customers<br />
found that its AI features in ITSM solutions<br />
enabled IT teams to reduce the time to<br />
resolve tickets by 24% and save an<br />
average of 23 hours per week. These<br />
benefits can now increasingly be<br />
leveraged beyond IT teams with the move<br />
to what is being called "Enterprise Service<br />
Management," which enables other<br />
departments to build their own AI-driven<br />
ticket management system.<br />
CLOSING THE COMMUNICATION<br />
FLOODGATE<br />
The expansion of Enterprise Service<br />
Management (ESM) provides every<br />
department across an organisation with<br />
its own service portal, ticket management<br />
system, and service catalogue. This<br />
empowers HR, legal, marketing, sales,<br />
and other departments to enjoy the same<br />
increase in<br />
efficiency and<br />
productivity that IT teams<br />
have seen for years. And with the<br />
integration of AI into ESM services, it<br />
further facilitates inter-departmental<br />
cooperation, enabling the entire<br />
organisation to enhance service delivery,<br />
better manage requests, and speed up<br />
workflows for better employee and<br />
customer experiences.<br />
Consider an HR department which plays<br />
a pivotal role in an organisation's<br />
success, from recruitment and<br />
onboarding to benefits administration and<br />
employee engagement. They are<br />
frequently inundated with inquiries, from<br />
leave requests to payroll issues and<br />
everything in between. Traditional<br />
communication channels like email,<br />
phone calls, and instant messages often<br />
result in bottlenecks and delays, leaving<br />
HR departments struggling to keep up.<br />
With an ESM system, HR departments<br />
can transform their operations and<br />
significantly reduce the need for email or<br />
phone calls. For example, leave requests<br />
32 NETWORKcomputing NOVEMBER/DECEMBER <strong>2023</strong> @<strong>NC</strong>MagAndAwards<br />
WWW.NETWORKCOMPUTING.CO.UK
OPINION: ESM<br />
can be streamlined through the ESM<br />
system. Employees could submit<br />
requests through the portal, which<br />
would then automatically route them for<br />
approval to the appropriate managers,<br />
with notifications and reminders built in.<br />
This reduces the administrative burden<br />
on HR and ensures that requests are<br />
processed promptly, enhancing<br />
employee satisfaction.<br />
THE AI ADVANTAGE<br />
The benefits of ESM get even better<br />
with the integration of AI, which has<br />
already proven it can be a powerful<br />
tool for businesses. AI algorithms within<br />
ESM can analyse data generated by<br />
various requests and interactions,<br />
providing valuable insights to all teams.<br />
AI-powered ESM solutions can go<br />
beyond just appropriately directing<br />
ticket requests, for example, by<br />
providing personalised responses based<br />
on the employee's profile and past<br />
interactions. AI will also be able to<br />
identify trends in employee inquiries,<br />
helping departments proactively<br />
address common concerns and<br />
improve company policies and<br />
workflows. With the promise of AI, the<br />
entire organisation is poised to become<br />
more productive and efficient.<br />
AI will have a profound impact on our<br />
businesses and teams. But counter to<br />
some concerns, we foresee this will free<br />
up our teams' time for more impactful<br />
work rather than mean a loss of jobs.<br />
We can expect people to work<br />
alongside their new AI "colleagues"<br />
while taking on new roles that AI is not<br />
suitable for, including increasingly<br />
being able to use their human creativity<br />
and ingenuity to innovate.<br />
Organisations cannot afford to let<br />
inefficient internal communications<br />
slow their operations and creativity. It's<br />
time to envision a workplace where<br />
employees throughout the entire<br />
organisation can dedicate their<br />
attention to their substantive<br />
responsibilities instead of being<br />
overwhelmed by a flood of alerts and<br />
notifications.<br />
The future of work has arrived,<br />
leading to unprecedented creativity,<br />
innovation, and productivity, no matter<br />
the size of your business or industry. <strong>NC</strong><br />
WWW.NETWORKCOMPUTING.CO.UK @<strong>NC</strong>MagAndAwards NOVEMBER/DECEMBER <strong>2023</strong> NETWORKcomputing 33
OPINION: PROVIDERS<br />
NECESSARY PROVISIONS<br />
HAS ADAPTABILITY BECOME THE NEW BE<strong>NC</strong>HMARK FOR AN<br />
EFFECTIVE NETWORK? JUSTIN DAY, CEO AND FOUNDER OF<br />
CLOUD GATEWAY, PROVIDES AN ANSWER<br />
For businesses today, the significance of<br />
maintaining a competitive advantage<br />
and embracing technological<br />
advancements can't be overstated. While the<br />
past focus for IT professionals was on network<br />
stability, today's challenges focus more on<br />
network performance and the ability of<br />
connectivity providers to keep up. It's no longer<br />
acceptable for providers to be rigid and<br />
unadaptable, and IT teams don't want to be<br />
restricted to particular technologies and<br />
circuits. But it isn't just proprietary technology -<br />
this form of commercial inflexibility also<br />
encompasses fixed costs, contact durations<br />
and a whole host of other variables.<br />
PROVISIONING FOR WHAT YOU NEED<br />
If your company has experienced network<br />
interruptions, erratic bandwidth or total<br />
outages, you'll know only too well the<br />
substantial risks they bring. These risks not<br />
only include financial loss but also extend to<br />
potential harm, reputational damage, data<br />
loss, decreased productivity and diminished<br />
customer satisfaction. Exploring advanced<br />
networking solutions like Secure Access<br />
Service Edge (SASE) can enhance operational<br />
efficiency and bolster network resilience.<br />
However, it's crucial to also evaluate the<br />
flexibility on offer from your chosen<br />
connectivity provider.<br />
Be wary of committing to more bandwidth<br />
than you currently require. Instead, look to start<br />
with a volume that suits your present needs. If<br />
a provider suggests an over-provisioning<br />
strategy, persuading you to adopt larger<br />
volumes and more connections up front, ask<br />
yourself whether this truly benefits your<br />
business. Often, the argument from the<br />
provider is that it's more cost-effective to secure<br />
more megabytes upfront, but this might not be<br />
in your best interests.<br />
The optimal approach involves scaling up<br />
in alignment with your actual requirements,<br />
when the time is right. Rather than investing<br />
a significant portion of your budget into a<br />
contingency plan. Consider partnering with<br />
a provider who can offer flexibility and<br />
collaborate with you to formulate the best<br />
network strategy, allowing you to pay as<br />
you grow.<br />
NOT ALL NETWORKS ARE CREATED<br />
EQUALLY<br />
While it's advisable to choose a provider with<br />
a solid track record, you should exercise<br />
caution if you're confronted with lengthy<br />
contracts and outdated technologies. Opting<br />
for a larger, well-established provider can<br />
sometimes mean getting locked into legacy<br />
infrastructure which is yet to be modernised.<br />
While a specific technology might meet your<br />
current network requirements, it's essential to<br />
consider the long-term. Will it adequately<br />
adapt to the growing complexities of your<br />
network and expanding infrastructure?<br />
Additionally, it's sensible to approach service<br />
credits with caution. Although they may appear<br />
reasonable, they are often inadequately<br />
negotiated and a challenge to manage. As<br />
emphasised previously, network disruptions<br />
can harm a business's reputation, finances and<br />
overall performance. Before finalising any<br />
agreement, evaluate whether the service<br />
credits proportionately compensate the<br />
potential loss of value to your business if you<br />
do experience downtime. Ask yourself whether<br />
the service is primarily focused on remedying<br />
issues after they occur or on proactively<br />
preventing them from happening.<br />
WHAT DOES VALUE MEAN TO YOUR<br />
BUSINESS?<br />
Alongside price, you should also prioritise<br />
value when selecting your connectivity provider<br />
and network technology. Undoubtedly, cost is<br />
a significant factor in the decision, with pricing<br />
varying considerably based on speed, capacity,<br />
and connection type. However, it's important to<br />
reflect on what value truly means to your<br />
organisation. Is it centred around adopting a<br />
cloud-like approach? Can you easily scale to<br />
meet your evolving requirements? Does the<br />
contract offer flexibility through terms and coterming,<br />
allowing you to align existing and new<br />
services with the original contract dates?<br />
Ultimately every business is unique, and there<br />
is no universal connectivity solution that fits all<br />
needs. For this reason, seek out a provider<br />
capable of offering a diverse range of<br />
technologies and services. The right provider<br />
will assess your IT, financial and operational<br />
requirements and suggest the most appropriate<br />
technology to address your specific needs,<br />
rather than your perceived need. Maintaining<br />
flexibility in your network infrastructure is not<br />
only about adapting to changes efficiently but<br />
also possessing the commercial agility required<br />
to embrace new opportunities and fulfil<br />
evolving expectations. <strong>NC</strong><br />
34 NETWORKcomputing NOVEMBER/DECEMBER <strong>2023</strong> @<strong>NC</strong>MagAndAwards<br />
WWW.NETWORKCOMPUTING.CO.UK
COMING SOON<br />
THE 2024 NETWORK COMPUTING AWARDS<br />
Once again, we will be asking you- the readers of Network Computing - to put<br />
forward the people, the products and the companies that have most impressed<br />
you. Look out for more details in the new year.<br />
WWW.NETWORKCOMPUTINGAWARDS.CO.UK<br />
ATTENTION VENDORS:<br />
Have you got what it takes to impress our Judges? It's never too early to put<br />
yourselves in contention. Book your solutions in to be independently reviewed<br />
for Network Computing and they will be shortlisted for the BE<strong>NC</strong>H TESTED<br />
PRODUCT OF THE YEAR. Additionally, we invite you to submit your customer<br />
success stories for the NETWORK PROJECT OF THE YEAR.<br />
There are also opportunities to get involved with<br />
the Awards as a sponsor.<br />
Contact: dave.bonner@btc.co.uk