Consolidation Does Not Equal Simplification

By John Gray

Higher education IT executives know that data center consolidation doesn’t always lead to simplification. Instead, in most cases, when you reduce locations, you’re left with a highly complex mess of enterprise components wreaking havoc on your performance.

The successful data center can respond to business requirements without jeopardizing operational and capital costs. Yet, if you’re trying to manage an out-of-control architecture – even if it’s in fewer locations – that goal is unattainable.

Take, for instance, the University of Southern Florida. Michael Pearce, system vice president for IT, says it’s his job to create an open and collaborative environment for the school’s more than 60,000 users across several campuses. What makes this task difficult is that many users have cross-functional roles that give them access to multiple systems. For instance, someone might work at the school’s medical center and also be a student. It’s critical for compliance and other security mandates that this user can’t share information between applications.

Most academic institutions operate a three-tier data center architecture that would require them to manage their switches, routers and other infrastructure individually to gain this kind of control. This is hardly a model for simplification.

Imagine if you could wipe out one of those tiers and flatten your data center architecture. Well, it’s possible if you centralize your data center management and use purpose-built gear that is interoperable and lets you manage the data center as a whole entity – not a mishmash of legacy parts. With this sophisticated, state-of-the-art infrastructure, including switches, routers and security, you can gain IT resilience and optimal performance.

Take for instance, virtual switches. As IDC reports in an executive brief titled “Simplification Driving Datacenter Network Requirements,” virtual switches “will reduce demand for physical switches but place greater need for performance and reliability at the core.”

In addition, IDC contends that enterprises will not migrate their mission-critical workloads to a virtual architecture unless they have the same consistent network security, management and policies available on virtual ports as they do on physical ports. This is certainly true of higher education.

So, even if a virtual switching infrastructure seems promising in terms of allowing you to reduce your overall physical devices, unless you can manage the virtual and physical networks as a logical whole, this endeavor will not hold water.

You need a comprehensive solution that supports a resilient virtual switching fabric. In fact, Yankee Group senior analyst Phil Hochmuth says, “the idea of a fabric – being able to have that failover, that ability to connect quickly and mesh with other nodes in the network – is essential.”

Jeff Kabel, a technical marketing engineer at 3Com, says the key is to be able to take multiple core, distribution and access layer switches and make them look like a single, logical switch. There should be no need for multiple links for redundancy and legacy resiliency protocols. Rather, you have complete physical layer redundancy.

The network control protocols also operate as a cohesive whole to streamline processing, improve performance and simplify network operations. For example, routing protocols calculate routes based on the single logical domain rather than the multiple switches it represents.

In the next blog, we’ll discuss the management methodology that can further simplify your data center.

Building Your Next-Generation Data Center

This week’s blog kicks off a series of Data Center blogs that will feature insights from 3Com Data Center Product Marketing Manager, John Gray.

By John Gray

It’s no secret that over the next few years, your data center is going to be expected to handle a lot of new applications without missing a beat in supporting your current lineup. You’re going to have to architect an infrastructure that can handle large-scale, resource-intensive research projects, highly collaborative networks and real-time high-definition video learning.

The aim of your organization in bringing these apps onboard or improving them is to boost student learning as well as attract new faculty, grants and donations. Therefore, blips in operations because your infrastructure can’t handle these new technologies would not be well tolerated.

These blips generally come about because the network is incapable of handling the additional traffic. After all, the applications we mentioned above all can do a number on bandwidth and overall infrastructure capacity. Solving the saturation problems that stem from these applications can lead to a tremendously complex data center.

In a discussion with Phil Hochmuth, a senior analyst with Yankee Group Research in Boston, he describes this troublesome phenomenon in more detail. “When an organization has a new application, IT typically adds a new server cluster to the network. When the network gets congested or performance falls below par, IT adds more bandwidth,” he says. He calls it an add-and-upgrade cycle that is detrimental to the health of the data center. Hochmuth concludes, “It’s too costly and doesn’t solve the underlying issues.”

We’ve come to realize that the underlying problem lies in the traditional three-tier data center model of access, aggregation and core switching. Each tier has myriad protocols, technologies and management – a true nightmare if what you seek is simplification and resiliency. In fact, too often, a majority of an IT organization’s time, money and effort is spent keeping systems running, the infrastructure operational and the disaster recovery plans functional.  Those types of distractions will certainly lead to the failure of university data centers as you try to take on more innovative projects.

To avoid this game-ending outcome, you must rethink the way you approach the data center. Rather than relying on out-of-date, non-interoperable infrastructure, it’s time to consider the new era of purpose-built technology that addresses the needs of emerging applications. Such state-of-the-art, sophisticated management tools and infrastructure will help you not only adopt new applications, but also improve the performance of your existing systems. In other words, you’ll be the proud leader of a successful next-generation data center.

Over the next few blogs, we’ll discuss in detail some strategies for building the next-generation data center, including data center simplification, server I/O consolidation, the migration from Gigabit Ethernet to 10 Gigabit Ethernet, the energy efficient mindset, and last but certainly not least, security and business continuity. We’ll show you why these five areas are the blocks on which you can lay the foundation for your next-generation data center.

The Challenges of Cloud Computing

By Monique Lucey

As we wrote in a previous blog entry, cloud computing holds tremendous benefits for higher education institutions in terms of data center footprint reduction, cost savings and streamlining staff. However, as we’ll dig into now, it also has challenges that must be overcome.

Cloud computing relies heavily on virtualization to ensure that service providers get the most use out of their physical infrastructure and, therefore, can keep costs down. However, the same virtual architecture that provides an inexpensive alternative to on-site infrastructure can wreak havoc with a university’s privacy and security policies.

For instance, service providers will often house several customers’ applications and data on a single physical host. If you’re under privacy mandates that require you to keep sensitive information separate, this strategy can pose problems.

Cloud computing providers also take advantage of the load balancing that virtualization offers by enabling virtual machines to be moved among physical hosts. This goes a long way to ensuring the availability and fault-tolerance of your applications, but it also puts you at risk of non-compliance since you cannot consistently know the physical location of your data as some mandates require. Also, you could be in jeopardy if you are beholden to country-specific rules that forbid the transmittal of sensitive information across national borders.

With data moving between multiple physical hosts and multiple data centers, IT can no longer rely on site visits to a service provider’s facilities as a checkbox for off-site data security.

Rather than tossing aside the idea of cloud computing altogether, academic institutions can sign on with private cloud providers and then extend their own network management platform to include the service provider’s environment. This approach enables you to apply your current regulatory and internal policies and their enforcement to your cloud computing services.

For instance, you can set policies that restrict virtual machines carrying sensitive information from being moved around. Also, you can monitor virtual switches to ensure that configuration changes don’t result in private data becoming public.

Finally, IT can use a network management platform to implement the same role-based access users would have in your own data center. This eases the burden of authorization management, auditing and reporting.

So, while cloud computing presents privacy and security obstacles, wise use of your network management platform can quickly alleviate them, enabling you to enjoy the benefits of these cost-efficient services.

Into the Clouds

By Monique Lucey

Cloud computing is certainly becoming the buzzword du jour, but how exactly does it apply to what you’re trying to accomplish in higher education IT?

At its most basic, cloud computing is a way for organizations to replace on-site applications and related data center infrastructure with services available via the Internet. In doing this, you can avoid the massive capital expenditures of hardware, software and storage, as well as data center facilities costs such as power, heating and cooling. Most cloud computing models feature a predictable service fee structure based on number of users or actual usage.

With cloud computing, IT teams can quickly meet user demands. For instance, if researchers need server and storage capacity for a short-term project, IT can provision the resources through a cloud computing provider and then end the contract when the researchers have concluded their project. This is a highly cost-effective way to support the short-term, resource-intensive projects that pop up at a university. By moving your gear off-site, you can also broaden the services you offer your users without expanding the footprint of your data center.

Cloud computing is a general term that applies to several different options: software as a service, infrastructure as a service, platform as a service, and computing as a service. Each peels away the layers of the data center and places it in the hands of the provider. For instance, infrastructure as a service enables you to offload storage, servers and other infrastructure. Computing as a service gives you access to compute power through massive server (and virtual server) farms. Platform as a service enables customers to build their own applications using a platform’s underpinnings, including the operating system, databases and interfaces. (For more detail, check out “Cloud Computing’s Top Issues for Higher Education” in the June issue of University Business.)

Software as a service is the most recognizable cloud computing format in use today. IT can use it to provide applications to your users via the Internet, without having to maintain the hardware and deal with software updates and patches.

In his University Business article, author John Nicholson sums up the benefits of cloud computing for higher education: “For academia, cloud computing lets students, faculty, staff, administrators, and other campus users access file storage, e-mail, databases, and other university applications anywhere on-demand. This expanded, device-neutral access theoretically lets everyone use information more effectively,” he writes.

However, as you’ll find, there are some obstacles that higher education faces with cloud computing regarding privacy protection, federal mandates and virtualization. For instance, providers depend on virtualization to get the most out their physical server investment, putting multiple virtual machines (which in most cases means multiple customers’ data) on a single host. They also use features such as VMware’s VMotion to help with load balancing, which might result in your data being automatically moved between numerous data centers in various states or even countries. While this helps them to keep costs down, this architecture presents issues if you have to prove to auditors that you can pinpoint the physical location of your data at any given time.

We’ll dig into this problem and others that cloud computing presents in the next blog on January 5^th.

Research Data Explosion: Impetus for 10G Networks

By Monique Lucey

The explosion in research data is a bi-product of the information age and higher education has led the way in making this possible. Educause recently conducted a study on the effects on colleges and universities and the ways their IT organizations deal with it. This study, “Institutional Data Management in Higher Education” looked at the challenges facing institutions across three areas of data impact: operational information, content and research data.

Research data presents a challenge relating to ownership, preservation and interpretation. Additionally there is an ongoing debate about how to store, share and properly manage this rapidly increasing broad body of data. The expanding universe of research data has led to the explosion of servers, virtual machines, Gigabit Ethernet NIC I/O, cabling, space, power etc., resulting in high complexity/cost and poor performance (mostly in the access layer of the network).

The good news for data center operators is that a network migration to 10 Gigabit Ethernet offers many near term and real benefits in support of the ever increasing data demands.  For starters – 10 Gigabit Ethernet delivers 10 times the bandwidth of Gigabit Ethernet.  In high performance computing environments that often use as many as four to eight Gigabit Ethernet NICs in each server, organizations can deploy just two 10 Gigabit Ethernet NICs and achieve full redundancy for availability – while dramatically increasing bandwidth per virtual machine.

From a network design and operational perspective, consolidating on 10 Gigabit Ethernet network dramatically reduces the number of Gigabit Ethernet ports, NICs, upstream switch ports and cables – which equates to a simpler, flatter network design needing fewer access-layer switches.  Finally – fewer ports and switches lead to lower power and cooling costs.

Institutions that can get a handle on these challenges before they get out of control, creating  bottlenecks and network downtime, will reap the benefits of attracting research grants and the brightest research talent.

“MIT’s Research Laboratory of Electronics demands a high-performance, high-reliability network infrastructure. We recently upgraded with 3Com’s H3C enterprise switches, allowing us to support the most demanding, bandwidth intensive and mission critical research initiatives. With H3C networking solutions, MIT can deliver a new level of innovation that will ultimately help us to attract funding for our leading-edge research.” Dave Foss, Assistant Director of IT, MIT Research Laboratory of Electronics

Is your institution drowning in research data? If so, how will you ensure that your network infrastructure meets bandwidth demands today and into the future? We want to hear from you.

The Higher Education CIO’s Year Ahead

By Monique Lucey

While 2009 was certainly a challenging year for higher education CIOs, 2010 is shaping up to be just as daunting. The economy is expected to still be plaguing budgets and staffing yet you’ll have a slew of new projects headed your way such as cloud computing and network and firewall virtualization. And get ready for regulatory compliance to play an even bigger role in your lives.

Experts are saying that it will take transformational CIOs, rather than functional ones, to help organizations achieve their business objectives. The difference is that you’ll have to adapt to being a strategic part of higher education institution’s leadership rather than a reactive service provider.

According to CIO Magazine’s “State of the CIO 2009” report, 70% of CIO respondents say that IT is considered an integral business partner by the rest of the business. In their leadership role, CIOs say they spend their time aligning IT with the business goals, cultivating the IT/business partnership, improving IT operations and system performance, and leading change efforts. This is in stark contrast to previous eras when CIOs were knee-deep in hardware and software deployments. These days CIOs say long-term strategic thinking and planning, expertise in running the IT function, and collaboration and influence are the leadership competencies most critical for their current role.

This switch from hands-on IT infrastructure management has resulted in 74% of respondents being able to say they hold a seat on their organization’s executive committee – a higher number than the past two years.

Sitting at the table requires you to be a visionary who can clearly communicate the power technology has to support business goals while at the same time keeping an eye to cost containment. In lieu of explaining the wonders of new hardware and software, you must map technology advances to revenue-generating projects.

In higher education, CIOs have to understand the needs of faculty, student and staff, targeting your efforts towards making admissions run more smoothly, academic resources more readily available, content access more compliant, and research networks more secure. In effect, CIOs must have a clear grasp on every requirement within your college or university.

Once you have that insight, as a 2009 Gartner report “Meeting the Challenge: The 2009 CIO Agenda” points out, CIOs above all else must be decisive and resourceful despite economic conditions. Gartner encourages CIOs to focus on improving business processes, using business intelligence to raise visibility, and enhance workforce effectiveness.

The research firm says CIOs must restructure IT to be more productive and more agile because “the business will not reduce its demand for IT just because you have fewer resources.” This is something that leaders at academic institutions know all too well. Gartner also advises modernizing your technical infrastructure to take advantage of newer technologies that lower cost, use less energy, deliver better performance and provide greater capacity.

The CIO that does all this will shine a positive light on IT and ensure that you maintain your newfound stature within the organization. What are you doing to meet the challenges in 2010?  Has the difficult economy shifted your institution’s IT focus? How?  We want to hear from you.

Real Security from Virtual Firewalls in a Virtual Network

By Monique Lucey

A couple of weeks ago, I touched on the demand for network virtualization in a wrap up of Educause sessions. My colleague, Gary Kinghorn, product marketing manager at 3Com, focused on H3C security solutions recently posted this discussion about the advantages of virtual firewalls in a virtual network:

Real Security from Virtual Firewalls in a Virtual Network

By Gary Kinghorn

Virtualization has certainly become a driving factor in networking, application deployment and data center design over the last few years. One of our marketing folks recently ran across an interesting deployment scenario where as part of a large network virtualization project, they were also making use of virtual firewalls to virtualize the security layer of their network, further reducing costs. While the first step of virtualization usually happens in the application server, customers should also be thinking about ways to reduce hardware costs and management complexity by taking advantage of the same concepts inherent in all of our H3C security appliances and blades.

The typical deployment scenario goes something like this: A large distributed enterprise has multiple campuses, or a large distributed campus, with divisions or groups spread throughout. You can think of these as potential subsidiaries of a conglomerate, departments in a university, or logically separated clean-room projects. The problem is that the physical location of the groups is not aligned with the physical layout of the campuses or buildings. This is a challenge for network designs that frequently are aligned with campus layouts and not the virtual organizations. Virtual Local Area Networks (VLANs) work well locally, when closely mirroring the network topology, but don’t work well across the enterprise WAN, since layer 2 network virtualization doesn’t scale when extended through the layer 3 routers.

Providing a VLAN for a widely separated group requires a technology called Virtual Routing and Forwarding (VRF), so that VLANs can be efficiently extended through the router core of the organization. This can provide the appropriate policy enforcement and network capacity appropriate for each division or group, no matter what their size. Other efficiencies can be realized through what is essentially a private wide area network broadcast domain. These VRFs are reasonably straightforward to set up and manage since the H3C networking infrastructure and management platform supports this capability for highly scalable deployments.

But things get even better when enterprises take advantage of virtual firewalls. Whereas logically distinct organizations sharing a network would need their own firewall to protect their LAN segment and to define their unique security policies, firewalls no longer need a one-to-one correspondence with the LAN segment they are protecting any more than an enterprise application still needs its own server to provide adequate service. In essence, a single physical firewall can be divided into hundreds of virtual firewalls, each with its own distinct set of rules, aligned with a particular LAN segment or VLAN, and individually managed by a local group administrator (as needed).

The enterprise class SecPath VPN Firewall F5000-A5, for example, supports up to 256 virtual firewalls in a single appliance. Perhaps it’s deployed at the gateways to the router core, and all the traffic that flows through the firewall can be partitioned to the right VLAN, applying the right policies. A widely distributed VLAN doesn’t need another firewall at each physical site. One virtual firewall located on a single physical firewall anywhere on the WAN can serve as the only firewall required for the entire VLAN no matter where it’s located, as part of a larger virtual network. How far are you in virtualizing your IT services? Have you already implement virtual firewalls? If so, what benefits have you seen?

A Multi-State Strategy For Complying With Privacy Laws

By Monique Lucey

While many states have individual data disclosure laws that dictate how organizations are to handle privacy breaches, universities are trying to find the commonalities and ensure their network security accounts for them.

One IT executive at a state college said he is hoping for an overarching federal law so that he doesn’t have to dig into the particulars of each state’s mandates. Although his campus is only in one state, he says, to be safe, he follows the guidelines of the numerous states where the college’s students are considered residents.

It’s a best practice that IT executives at other institutions could follow.

The first step is to determine what the states consider to be sensitive data. For instance, Indiana’s state law encompasses social security numbers (beyond the last four digits), driver’s license numbers, state ID card numbers, credit card numbers, debit card numbers, financial account information and any security code, access code, or password of a financial account.

Then study how the states expect you to secure that data. Do they want data encrypted while at rest and during transmission? Do they specifically call for you to use firewalls, network access controls, authentication and other security measures? What types of auditing or reporting should you be able to carry out to prove compliance?

Next, you have to understand when the notice must be given. Some states mandate that notice be given “without unreasonable delay,” but this is too vague. If this is the case, then IT and university leaders should set your own time limit for notifying affected parties and alert users in your public security policy.

Another key factor in following state privacy laws is to be clear on how notice is to be given. Some states require you to contact users in writing, depending on the size of the breach and the cost. If the cost would be too great, states may allow you to disclose the information to the media or post it on your site.

Finally, you should have a good grip on when you must share a breach with the state attorney general’s office. Each state has different thresholds for this escalation.

As you develop baselines for complying with multiple state laws, make sure you fully test your reporting and alerting systems in terms of technology and business procedures. For instance, it doesn’t do any good for you to have great security tools in place that tell you when a breach occurs if you have no process in place for university leaders to respond in a timely and compliant fashion.

For more information, check out your state’s disclosure laws.  As an example, here is legislation from  Indiana and Massachusetts.

Buyer beware of the vendor who tells you a mixed-vendor network is bad

By Monique Lucey

Last week’s blog looked at new and interesting issues in higher education from various Educause sessions. I was struck that none of these presentations addressed the implications of a multivendor network, and thought I would take this opportunity to introduce a guest blogger, John Gray. John is a product marketing manager at 3Com, focused on H3C enterprise brand products and in particular, on data center solutions. John recently posted this discussion about the advantages of a mixed-vendor network on the official 3Com blog.

Buyer beware of the vendor who tells you a mixed-vendor network is bad

By John Gray

I recently listened to a presentation in which an IT analyst presented a case for how mixed-vendor networks are less reliable, more complex and costlier than a single-source vendor strategy.

While the analyst made some interesting points, he failed to acknowledge any of the key benefits that a dual- or multivendor-network strategy offers customers.

For starters, a multivendor network provides enterprises with the freedom to choose.

Rather than having to adhere to one vendor’s proprietary or monolithic architectural view of the world, a multivendor strategy enables enterprises to leverage open standards‐based solutions that are aligned to a customer’s business priorities, and not the other way around. This freedom enables enterprises to choose the best possible solution, rather than having to settle or compromise for a certain product simply based on the logo on the front of the box.

Decades of standards work by industry groups such as the IETF have enabled this broad multivendor interoperability across L2/3 networks for key networking functions like switch trunking, VLANs, QoS and Power over Ethernet (PoE), to name just a few.

What is it going to take to earn YOUR business?

Furthermore, multivendor competition levels the playing field and creates an environment where competing vendors become VERY focused and innovative on how they can earn a customer’s business through aggressive pricing, value-added services and feature/product commitments.

If nothing else, this type of open competition at least keeps an incumbent vendor honest and as sharp as it can possibly be on pricing and support. In a best-case scenario, customers may learn they can save tens or hundreds of thousands of dollars.

But my (single-source) vendor keeps telling me about multivendor complexity, issues, etc., etc. …

There’s a reason they keep telling you this: There isn’t much upside for an incumbent supplier if you bring in a second vendor! The reality is that current best practices for running today’s network infrastructures apply to both a single or multivendor network. For example, establishing well-defined, open standards boundaries between the access and core network layers provides a logical demark to deploy a different vendor solution if it makes feature/function or economic sense to do so.

In fact Gartner recently published a research note around this very topic citing that: “The operational impacts of introducing a second vendor for basic network infrastructure are modest and easily handled by most organizations.” It continued: “Introducing a second vendor will reduce capital expenditures (capex) by at least 30% (and often more), while only minimally increasing operational expenditures (opex).”

I’d be interested in hearing your stance on single- versus multi-vendor networks. Which do you think is more advantageous?

Lessons Learned from the Mile High City

By Monique Lucey

Last week I attended Educause in Denver including a session given by Dennis O’Reilly, Network Architect at The University of British Columbia. In his presentation, O’Reilly provided an interesting look at the payoffs of network virtualization. He detailed the innovative way in which UBC is virtualizing the campus network to increase security, provide new functionality and reduce energy. Virtualizing the UBC network enabled many other services including wireless, VPN, virtual devices (VMs), virtual storage (SAN), virtual desktops and virtual load balancers.

During his discussion, O’Reilly mentioned a compelling conversation with Dave Foss, IT Director of Research Laboratory of Electronics at MIT.  O’Reilly attended a CIO Networking Forum sponsored by Dell and 3Com at the Hotel Teatro in downtown Denver. The CIO Networking Forum was hosted by Dave from MIT and Fred Tarca, Chief Information Technology Officer of Quinnipiac University. The event included a roundtable discussion on such topics as: How to leverage IT to help recruit students, attract funding and support research initiatives.

Dave Foss talked about his primary responsibility at MIT —  to provide the best infrastructure and support possible to enable leading-edge research initiatives, attract grants and funding, and to recruit and retain the world’s brightest minds. Dave explained that the MIT Research Laboratory of Electronics required 10GE connections to support testing of a next-generation MRI machine in their lab and needed the network capabilities and flexibility to adapt to new requirements in order to compete for grants. MIT has earned significant research grants because they can provide the best network infrastructure, and this has enabled his lab to grow faster than any other lab on campus.

A top priority for Fred Tarca at Quinnipiac University is to ensure that the network meets student and parent expectation.  Fred views parents as paying customers and is committed to delivering the level of support and service they expect.  He also requires the same level of commitment to customer support from their vendors.

One of the things not discussed in either Dennis O’Reilly’s session or the CIO Networking Forum was how network virtualization might play out in a multivendor environment. The reality is that current best practices for running today’s network infrastructures apply to both a single or multivendor network. For example, establishing well-defined, open standards boundaries between the access and core network layers provides a logical demarcation to deploy a different vendor solution if it makes feature/function or economic sense to do so.

Gartner recently published a research note around this very topic citing that: “The operational impacts of introducing a second vendor for basic network infrastructure are modest and easily handled by most organizations.” It continued: “Introducing a second vendor will reduce capital expenditures (capex) by at least 30% (and often more), while only minimally increasing operational expenditures (opex).”

Three key themes echoed throughout the event as being critical to academic institutions today: delivering centralized services, network speed and world-class service. With the conference behind me and another year quickly drawing to a close, I look ahead and wonder how higher education networks will evolve over the next five years? Where academic institutions will invest next? Let us know what you think.