| This week's sponsor is PGi. |  | Webinar: IT and Marketing: Extreme Collaboration
Tuesday, August 26th, 2pm ET / 11am PT | New Editorial Event!
Media outlets love to focus on the tension between IT and marketing. But if it's a war, both sides lose. Instead, CIOs have to partner with CMOs to help deliver on aggressive business goals in an ever-changing landscape. Register Today! |
Editor's Corner: My take on Intel's near-future support for open standards Also Noted: Spotlight On... An Internet of People, this time when they need help
Rackspace says no more IaaS; OpenStack leaders say yes to more OpenStack; and much more...  Follow FierceEnterpriseCommunications on Twitter!
News From the Fierce Network:
1. STEM degree can lead to fame and fortune, but not necessarily in IT
2. Hilton trains its employees the mobile way
3. Like Vegas in August, mobile security is hot at Black Hat
| 
My take on Intel's near-future support for open standards
 On Monday, I shared with you some direct questions I intended to ask Intel during an invitation-only event the company held at its Jones Farm, Oregon campus this week. As you might expect, as is the case with any company prior to the introduction of a new class of product, there's a limit to how specific the company can be about the product itself.
This remains the case even when the company's product roadmap is made public, when the strategy behind the creation of that roadmap is not only public but legendary (the so-called "tick-tock" approach), and the identity of the next part on the roadmap can be ascertained with a moment's deduction: in this case, Intel's next Xeon servers. But these questions spoke more to the company's strategy than to the specifications of any future product. And I'll be honest: I wasn't the only one asking questions this week, and on a few occasions, my concerns were addressed before I even raised my hand. Nevertheless, in my own voice rather than the company's official voice, I can provide you with an assessment of the responses I've received all week, beginning with the first two questions on Monday's list. 1. Could a "bare-metal" server based on a near-future Xeon v3 processor enable, say, a server based on Brocade's Vyatta platform to, say, accelerate its routing functions using embedded microcode, or an OpenFlow-based switch to improve its handling of memory, similar to the way Intel accelerates virtualization with its VT technology now? "Bare metal" would not be the right phrase. It's very clear to me now that Intel is interested in producing hardware that utilizes specific resources that can specifically, not indirectly, improve the functionality of NFV devices. But there will be two levels of "support:" 1) by virtue of software already supporting known, open platform standards, or supporting openly provided network overlays such as Cisco's VxLAN and Microsoft's NVGRE; and 2) through the software supporting emerging Intel-branded standards like its Data Plane Development Kit. The latter would mean the software has a narrower platform target, but on the other hand, those libraries would know just how to take advantage of the nuances and unique features of Intel hardware. Put another way, there will be two levels of potential performance gains that specifically apply to NFV and no other category: one through the NFV component's natural adherence to open standards; and the other, deeper level, though a specific commitment to Intel's libraries. 2. Will a Xeon v3-based server provide enhanced support for virtual machine security that might give one vendor--say, VMware or Citrix--at least a temporary edge over the others, if it adopts these features first? It should absolutely come as no surprise that Intel's partnership with Oracle to produce a database-oriented server based on an Intel CPU available to no one else is a prototype to the type of relationship it wants to build with other OEMs. I've been given signals that there may be many more such relationships to come, but one reason we may not know about them is because the partner company chooses not to reveal that secret. That said, it appears to me now that such relationships would be with hardware manufacturers, or perhaps even with certain high-volume buyers of hardware at a level where they can set the specifications. I don't see a situation forthcoming where a typical software maker like the two I chose (VMware, Citrix) would be given any special advantage by Intel through a business relationship. Oracle is a unique case because it builds a major database product and a server. This can be taken as good news for proponents of open software standards, because as indications were certainly made to me, the only advantages that Intel wants to give to software on its own accord are the kind that can apply to open standards that are likely to be used in high volume. There won't be a virtualization security "trick", for instance. Stay tuned to FierceEnterpriseCommunications for my analysis of Intel's responses to the other three questions on my list. - SF3 Read more about: Intel 2014 workshop, NVGRE
back to top |
|
Today's Top News 1. Intel hopes asynchronous OpenSSL will thwart future Heartbleed
One of the most fundamental components of Web security is session-level encryption, which also aids in authenticating the sustained identities of parties in a Web session. When the curiously lauded "Heartbleed" bug was discovered in the open source version of session-level security, OpenSSL, the extraordinary aspect of the discovery wasn't so much that encryption keys could (with some effort) be stolen, but that the vulnerability existed--perhaps without anyone's knowledge--for several years. Now, there is a renewed institutional effort--beyond the generosity of individuals with their time--to contribute to the reinforcement of open source session security. During an interview with FierceEnterpriseCommunications Wednesday at Intel's Jones Farm campus in Oregon, software engineer Brian Will spoke about his firm's contributions to that effort, particularly with respect to whether Intel hardware will be able to take automatic advantage of features being built into OpenSSL software. "If you go to the Linux Foundation website… they've come out with a roadmap of features that they're going to be putting in place," says Will, to address some of the valid concerns that you're expressing. "Heartbleed was the tip of the iceberg." A number of foreseeable man-in-the-middle attacks, he notes, were recently patched by OpenSSL's latest contributors--work that might never have even begun were Heartbleed not publicized to the extent it was. But when you take a good look at the document to which Will refers, it isn't so much a roadmap as an "under construction" sign. One element of the roadmap, labeled, "No clear release plan," reads in part, "Historically OpenSSL has made new feature releases on an infrequent basis and no forward plan of releases has been published. It is difficult for users to plan for new releases, and understand when new features might become available, or when support will end for a release." The item below that reads, "No clear platform strategy". That's of concern to Intel, whose goal is to enable commonly used resources including OpenSSL to take advantage of Intel platforms. Will believes one positive goal will be to restructure OpenSSL for increased maintainability. It will also help, he adds, for there to be more than three people doing the maintenance. "It's amazing that they've got the distribution they got, because there were only three core maintainers," says Will. "And these guys had other full-time jobs. That's why it's important that the Linux Foundation stepped up and said, 'You know, a lot of people use this. We need to support them.'" Right now, a good part of the maintenance effort is being devoted to cleaning up the FreeBSD version of the library. Intel's key contribution to the library is asynchronous operation--the first legitimate permutation of the processing model for parallelization. You see, OpenSSL had never been reconfigured to run on multicore processors. While it was technically possible for an Intel CPU to apply implicit parallelization (tearing processes apart at the seams), the synchronous nature of the original programming model limited where those seams could be applied. Because timing was critical, processors had to apply enormous overhead just to be able to reconcile which workloads pertained to what cycles. Asynchronous programming simply enables the processor to apply the same type of dynamic code optimization to OpenSSL threads, as it would to a general-purpose group of threads. "We worked with the OpenSSL team to add this asynchronous capability to OpenSSL," says Will, "which essentially, from an accelerator standpoint, allows us to send multiple requests down through the stack, and pipeline those requests into the accelerator, and pipeline them in the back through a socket into the software." Unlike in the synchronous model, the use of sockets, explains Will, lets existing components that are geared to do work in parallel to go on about their business while the socket processes its thread. Cryptography is one of those components that no longer forces the processor to wait. It can accept new connections while crypto is at work, increasing the number of new connections processed by a Web server from around 6,500 connections per second to 40,000. What's more, SSL requests using the smallest 64-byte length can be expedited within the same processor by a factor of nearly 50… and perhaps more down the road. "All that asynchronous work that we did," says Will, "we posted on a development branch of OpenSSL, and is freely available to whoever wants to go and get it. We're working with [the Linux Foundation] to bring that into the standard distribution of OpenSSL." While new forks based on OpenSSL (such as one promoted by Google) may include some of Intel's algorithmic contributions to the library, Will says, the asynchronous operations would not be found in forks or derivatives, and therefore may not benefit from the resources of Intel's QuickAssist acceleration. For more:
- see the Linux Foundation's OpenSSL roadmap
- check out Intel's white paper on OpenSSL acceleration (.pdf)
- see the OpenSSL code repository Related Articles:
Heartbleed scan shows most large companies still vulnerable [FierceITSecurity]
Google forks SSL to create BoringSSL [FierceCIO]
Linux Foundation enlists Microsoft, Cisco, Facebook to go save OpenSSL Read more about: Intel 2014 workshop, Brian Will
back to top |
2. Obama: Net should remain open for free expression, monitoring criminal enterprises
At a U.S./Africa business forum in Washington, D.C. Tuesday, President Obama intended to make a statement in favor of governments leaving control of Internet communications to the people who use it. But in an effort to line up his complete views on Internet policy in a nice row, the President very nearly contradicted himself, and ended up taking a circuitous route to avoid doing so. In the end, Mr. Obama blended a message against paid prioritization for Internet traffic--part of the Government's original Open Internet regulations--with a message that openness should also include a balanced approach to the monitoring of communications in search of evidence of criminal activity. The word "warrant" did not come up during his discussion. "I know that there's a tension in some countries," stated the President, according to the White House's official transcript. "Their attitude is we don't necessarily want all this information flowing because it can end up also being used as a tool for political organizing, it can be used as a tool to criticize the government, and so maybe we'd prefer a system that is more closed. I think that is a self-defeating attitude. Over the long term, because of technology, information, knowledge, transparency is inevitable. And that's true here in the United States; it's true everywhere." But in the President's extemporaneous remarks, he appeared to realize that transparency may make certain things visible, including to governments--and especially to governments, including in Africa, where transparency can present a danger. "And so what we should be doing is trying to maintain an open Internet, trying to keep a process whereby any talented person who has an idea can suddenly use the Internet to disperse information," President Obama continued. "There are going to be occasional tensions involved in terms of us monitoring the use of the Internet for terrorist networks or criminal enterprises or human trafficking. But we can do that in ways that are compatible with maintaining an open Internet." From there, the President went on to try to draw a parallel between this point and his message that laws in African countries should not be biased towards the wealthy and/or powerful, and should empower individual innovators. While the President spoke to that point at some length, the questioner only heard the net neutrality part, which provoked him to reset his position. "You have big, wealthy media companies who might be willing to pay more but then also charge more for more spectrum, more bandwidth on the Internet so they can stream movies faster or what have you," he said. "And the position of my administration, as well as I think a lot of companies here, is you don't want to start getting a differentiation in how accessible the Internet is to various users. You want to leave it open so that the next Google or the next Facebook can succeed." Mr. Obama has not spoken often on the subject of net neutrality. While he has spoken in favor of letting markets decide the pace and course of innovation, he has--almost with the same breath--said these same businesses should not be allowed to set up peering arrangements or paid prioritization. This may not be so much a direct contradiction as a moderate viewpoint expressed not from a moderate position, but rather from two angles simultaneously. But his position on the authority of governments to conduct surveillance has wavered ever since he was an Illinois senator. In 2008, then-Senator Obama famously switched his opposition to telcos being granted immunity from prosecution for participating in FISA surveillance, to support for immunity. In response to allegations of having flip-flopped, the then-Senator issued a statement that could be interpreted as having supported both positions. For more:
- see the transcript of the President's remarks to the U.S.-Africa Business Forum
- read Betanews' coverage of then-Senator Obama on warrantless wiretapping from July 2008 Related Articles:
Netflix: Free speech shouldn't be a factor in 'commercially reasonable'
Net neutrality opponents now claim regulations are disrespectful to Obama Read more about: Net Neutrality
back to top |
3. Intel: SDN is a 'long-term play', NFV a 'big deal'
Telcos and telecommunications service providers are anxiously awaiting news from Intel as to the extent to which its forthcoming series of Xeon server processors will provide direct support for software-defined networking, and perhaps network functions virtualization as well. At an invitation-only workshop at its Jones Farm campus in Hillsboro, Oregon on Tuesday, Intel was willing to go beyond the subtle hints it had publicly dropped. "Software-defined networking is probably a longer-term play. It's a complicated problem," says Dylan Larson, who directs Intel's Data Center Group product lines. Longer-term than what? Well, in years past, it was the operating system which placed demands on processor design to be able to provide readily available functionality. In the data center, a new layer is squeezing itself between the operating system and the processor. Though the architects of this layer have referred to it as a "stack," as in OpenStack, system architects are perceiving it with a more descriptive phrase: the orchestration layer. This is now the driver of functionality requirements for modern data center hardware; and recently, Intel has had to respond with optimizations and facilities for virtualization. For OpenStack, these efforts have concentrated upon provisioning virtual machine instances, says Larson. But integration with the Linux Foundation's OpenDaylight project for SDN is next on the block, along with the reference architectures that pertain to it. "But the focus of being able to take these layers apart and look for ways to simplify that provisioning activity, is a very, very powerful concept," continues Larson. "It really resonates with customers we've talked to, and I think it's an area where you're going to see a tremendous amount of excitement." NFV is the component of SDN that's happening fastest of all, and Intel is certainly not blind to that fact. "You can certainly see people who are building hardware appliances today, taking them, making them into software, and running them in a virtual machine," he says. "And if you can get very, very high performance, data-type processing, you can be able to make this a reality. You don't have to build a discrete piece of hardware in a box… What we've tried to do is build the enabling components you need to make this a reality." One of these components is available now: Intel's Data Plane Development Kit, which enables such useful (and, from the perspective of political observers, controversial) features as deep-packet inspection (DPI). "We're not just winking at the packets as they go by," says Larson. "But being able to get much, much deeper packet inspection in a virtual machine as you push these appliance assets through a more software-defined infrastructure." Europe's telecom standards body ETSI has taken the lead, he goes on, in making NFV "a big deal". One huge benefit Intel notes ETSI perceiving is the transference of network assets that used to exist behind a proprietary, patent-filled blockade, and move them into a more open, general-purpose infrastructure. "This will be a powerful approach to how we see the telco infrastructure evolve over time," he says. But Larson acknowledges that one roadblock ahead for CPUs in the SDN/NFV space is reliance upon application-specific ICs (ASICs) to perform high-speed routing and switching functions for which CPUs--which are busy managing general-purpose servers, after all--may not provide enough available speed. As competitors in the space including Alcatel-Lucent, Juniper Networks, and Cisco have all stated, it might be technically impossible to stack enough CPUs together to achieve the performance level required by an optical core router. "Certainly there's a bunch of ASICs out there, and there are FPGAs out there. But the microprocessor being so fast, and the assets that we're able to put together like DPDK," says Intel's Dylan Larson, "put us in the position to get to line-rate forwarding, which is the whole reason that people have used ASICs in the past anyway." He's talking about speeds of hundreds of millions of IP packets forwarded per second--speeds that cannot be achieved, say some engineers, by way of typical divide-and-conquer techniques that multicore processors are known to employ. Routers at the core level must store full copies of the IP routing table, not hierarchically divided or distributed versions. It's the type of job that may place smarter processors at a disadvantage over dumber pipes and simpler ASICs. But telcos are demanding the ability to move their archaic equipment to new, modern form factors, says Larson, and this demand will compel Intel and others to resolve this little orders-of-magnitude problem somehow. For more:
- read "Cisco & Juniper NFV Plans for Telecom Transformation" by Lee Doyle
- read "Alcatel-Lucent CTO States the Case for NFV" by Craig Matsumoto Related Articles:
Intel preview: Will the next Xeon include NFV, SDN inside?
Brocade: NFV will change what it means to be 'certified' Read more about: Xeon E5 v3, Intel 2014 workshop
back to top |
4. No, Vidyo's inclusion in devices is not 'Internet of Things video'
If a thing with an Internet connection were capable of providing you with a video link, then is this an "Internet of Things" application? A report released Monday by communications analyst firm Infonetics says yes, and credits software-based conferencing provider Vidyo with effectively creating a new IoT video market. "IoT has been largely a low bandwidth, low monthly ARPC (average revenue per connection) phenomenon," state co-authors Michael Howard and Godfrey Chua. "In fact, these are the drawbacks often cited by of those still skeptical of the IoT opportunity. But IoT is complex, and there is more to this than meets the eye. We think Vidyo is onto something, and, if its solution is as advertised, it could very well have a meaningful hand in disrupting the market and making video more prevalent in IoT." The idea that a device capable of communications should provide communications service is not the least bit new. Infonetics goes on to suggest that video rental vending machine provider Redbox could provide live videoconferencing with company agents, directly through its kiosks, if they were endowed with Vidyo's streaming technology. Infonetics did not go on to discuss whether such a move would help Redbox reverse its trend of closing kiosk locations nationwide. But that may be beside the point. The original success of Redbox's business model was the fact that it operated automated vending machines, not video-telephones. It's arguable that there isn't much that a live human operator could add to the "Redbox experience". Which is beside the point that fewer and fewer movie viewers are interested in DVD and Blu-ray, choosing instead in greater numbers to view movies from Internet streaming services, OTT service providers, and on-demand CATV providers. If any service category in the U.S. could benefit from the addition of human beings--live or streaming--it's the latter. But even that is orthogonal to a somewhat obvious truth: The Internet of Things does not refer to any communications system that links inanimate devices capable of communicating, otherwise Apple TV, some of the newer soda machines, ATM machines, airport ticket printers and Congress could all qualify as IoT. It is not an IoT use case whenever a device that lacks a human operator is connected to the Internet. Devices everywhere have IP addresses, and that's the point. Real IoT is about equipping ordinary objects (e.g., items in inventory, household appliances, segments of petroleum pipelines, traffic control devices, highway guardrails, Coast Guard rescue vessels – the boats, not their occupants) with automated communications devices that enable them to send useful signals--maybe just heartbeats, perhaps with status messages--to communications hubs in a network. Those hubs may, perhaps indirectly, be connected to devices with IP addresses. So an IoT application is, by definition, a communications process launched by very small devices attached to… things, intending to communicate with a hub, which is also a thing. It therefore follows that if the communications process involves a) a person, who is speaking b) a human language, as opposed to a byte or a one-bit heartbeat to c) another person, it is not an IoT use case. IoT is, by definition, low-bandwidth. Thus, not video. Strangely enough, the Infonetics report makes this very statement: "The idea is to incorporate the human element back into the interactions without the cost burden of physical human presence." But of course, all long-distance communication achieves this same goal. It is not a failure on Vidyo's part that it is not an IoT use case. Rather, it is an oversight on the company's part, in my opinion, to have allowed its brand to be co-opted as IoT, when it deserves to be taken seriously as a facilitator of an Internet of people. For more:
- check out Infonetics' white paper (reg. req.)
- read The Verge's article on Redbox Related Articles:
What 'Internet of Things' means today: production line visibility
Is a sensible communications network of things really an Internet? Read more about: Redbox, vidyo
back to top |
Also Noted SPOTLIGHT ON... An Internet of People, this time when they need help One subject that's close to my heart, especially just a few years out from the tornado disaster in Joplin, Missouri, is the use of Internet-oriented technology to keep first responders and rescue officials close at hand, and in touch with the people who may need assistance most. In the Joplin storm, Facebook ended up being one of the most reliable systems available, after telephone lines and wireless carrier towers were blown down. But is that necessarily a good thing for Facebook? My friend and colleague Steven Cherry looks into a new system entering beta in Canada that enables a network to be established in advance, and put to use exclusively in a future emergency. Read more: A Social Network for Emergency Notifications [by Steven Cherry, IEEE Spectrum] > Consumerization and the CIO - Now Available On-Demand From devices to services to apps, end users have a lot of choices - and those choices are bleeding into enterprise IT faster than ever. How do these changes affect IT strategy, budget and infrastructure? Register to watch now! > IT and Marketing: Extreme Collaboration - Tuesday, August 26th / 2pm ET / 11am PT Media outlets love to focus on the tension between IT and marketing. But if it's a war, both sides lose. Instead, CIOs have to partner with CMOs to help deliver on aggressive business goals in an ever-changing landscape. Register Today! > Advancing the federal cybersecurity workforce - Wednesday, September 10th | 2pmET/11amPT Join NIST and NICE leaders as they explore The National Cybersecurity Workforce Framework, innovative spproaches to cybersecurity training and workforce improvement, the broader focus of NICE in advancing cybersecurity awareness nationawide, and more! Register Today!
| > eBook: 5 Key Strategies for Successful Mobile Engagement Read this eBook to discover how you can deliver highly targeted, personalized content and services to your customers across all mobile channels – and the key strategies that are critical to a successful mobile approach. Download today! > Whitepaper: Supporting VDIs and Thin Clients Companies have already begun deploying VDIs and thin clients (like Google's Chromebook) on a massive scale. The low-cost, easily deployed workstations present a significant cost savings for companies, but require unique tools to support them. This whitepaper, written by Proxy Networks, outlines the best way to do that. Download now. > eBook: eBrief | Making BYOD Work: 4 Critical Strategies for Midmarket and SMB Companies Bring-your-own-device (BYOD) can be a blessing for mid-size and small businesses. But getting the real payoff requires some attention to details that may differ from those at large enterprises. Download this eBrief to get more practical advice for making BYOD work. | |
Editor: 
No comments:
Post a Comment
Keep a civil tongue.