It's the Network, Stupid!

By Mario Dal Canto and Chris Mellon on April 9, 2009 3:25 AM | No Comments

The Birth of the Universal Computing Platform

datacenter.png


The Yankee Group is predicting a four trillion dollar market for the "Anywhere IT" computing paradigm.   What is this new paradigm?  Specifically, "The Anywhere Network" will automatically make the following decisions for users:

 

  • Which network to connect to
  • How to connect to the network
  • How to connect to the services and applications on the network
  • How to deliver the information to the user, anywhere on any device


Those charged with managing information technology networks and delivering IT services - today's vital nervous system of the global economy - should be reminded that "It's the network!"  The future is not about smarter or more powerful devices. It's about smarter networks.  Networks that will allow any application to run anywhere and be usable from any connected device, on-demand and on-the-fly.


With greater intelligence and a smarter architecture, the new network paradigm will provide enormous efficiencies and convenience.  In part, its beauty will be its "Back to the Future" feel with simple devices that are cheap, easy to use, secure and highly reliable.  As with the plain old telephone, the complexity in this model will reside in the network and be managed by professionals so workers and consumers can enjoy greater convenience and productivity.  It will be a world where anyone can get their "stuff" - be it music or movies or medical records or email - securely and properly formatted on any digital device.

The "Anywhere IT" vision is needed, however, not only because of the new benefits it can provide, but also because the present paradigm is hopelessly insecure and inefficient. No amount of resources invested in the current Web-based, client/server network architecture will ever take the global economy where it needs to go. As the old Yankee once told the bewildered New York tourist seeking directions to Kennebunkport, Maine, "You can't get there from here."

Why is the present architecture so expensive and yet so hopelessly flawed?

First, in a Web-based model, remote devices connect directly to enterprises. Addresses on the Internet facilitate connections, but these signs are visible to friend and foe alike. Every Web site or static Internet protocol (IP) address becomes a potential target for hacking, spoofing and denial-of-service attacks.

Enterprises spend hundreds of millions of dollars annually trying to police the gateways between the Web and their router network. The present model is so weak that an enterprise has to open a connection before it can decide whether to reject it. These are deep and inherent flaws in the current paradigm.

Second, although it may be a futile gesture, each of these innumerable IP addresses must be heavily defended not only at the edge of the network but also on every connected PC and server. Yet any organization (especially large enterprises) has never had, and never will have, 100 percent compliance with all of the patches, upgrades, installations and configurations required to defeat recognized threats - much less those of a knowledgeable attacker.

To ensure compliance, employees and contractors dispersed at too many places would have to implement too many complex information technology policies and procedures flawlessly. One critical advantage of the new model will be to lighten the burden that current technologies impose on professionals and consumers alike.

Third, the current architecture is teeming with open input-output devices that make networks, even government-classified, air-gapped networks vulnerable to thousands and even hundreds of thousands of insiders. For example, every intelligence agency and military department has been badly and repeatedly burned by U.S. citizens acting as agents of foreign powers, resulting in roughly 100 espionage convictions over the past 25 years. Most of these agents operated for years before they were detected, and almost all were volunteers.

Fourth, too many devices exist in too many places with too much data. Last year an estimated 1.7 million laptops were stolen, including some with vast quantities of sensitive personal information such as Social Security numbers and dates of birth. And every time remote users connect to enterprise networks there is the potential to upload malicious code, either wittingly or unwittingly.

The myriad of problems stemming from the present model requires not only new capabilities but also a new network architecture. 

Fortunately, the bandwidth limitations that forced the commercial adoption of the PC/Web model in the 1980s and 1990s are steadily disappearing. Local storage, processing and manipulation were imperative in the days of dial-up access, but that era is rapidly receding if not entirely gone. Although the United States still lags most developed countries in mobile broadband, fixed broadband access already is available to more than 60 percent of U.S. homes and more than 85 percent of U.S. businesses.

This growing capacity offers more than a way to move files faster, and an entirely new, completely stateless and dataless, network architecture is now possible. SIMtone has developed and delivered a stateless and massively scalable intelligent network platform, where pixels move instead of data, where firewalls can be closed to inbound traffic, where data, services and business intelligence never reside on devices yet is readily accessible by any user, via any device, on any connection, anywhere.

We've listed below the differences between legacy networks and stateless and dataless networks. Please take a look and let us know your thoughts.

          Comparison: Web/Client-Server Networks vs. Stateless Networks

SECURITY

 

Before

After

Data Storage

Local media can be seized, stolen or lost.

Forward positions can function without resident data - loss of equipment does not equal loss of data.

Configuration Control

Employees upload and download code at will often introducing software incompatibilities and malicious code.

The enterprise retains complete configuration control. No processing on the network or on the client prevents any possible manipulation from the outside.

Network Security

Web-based portals subject to hacking and DOS attacks.  Hundreds of millions spent on insecure gateways.

All connections originate from behind a firewall with inbound ports closed.  No IP address on the web to hack or attack. No data ever transverses the network or resides on any switch, ever.

Insider Threat

Massive opportunities for employees to download information or upload code that compromises critical networks.

Authorized employees enjoy easy access but cannot upload or download without explicit permission.

Chain of Custody

Organizations cannot share evidence without compromising the chain of custody.

Individuals can remotely access information without ever having control of the information.

Internet Access and Gateways

Organizations provide static IP addresses for employees seeking to gain remote access. Employees need to maintain access configuration and validation tools often limited to specific PCs and locations only.

All connections originate from behind a dynamically managed firewall - the organization can remain invisible on the web, and the employee can connect from any location, via any network and using any device.

Laptop Theft

Laptop theft and loss a severe problem - 1.7 million laptops in the US reported stolen in 2004.

Laptops may still be lost or stolen, but they no longer contain sensitive information.  Also, small inexpensive "non-personal devices" can be substituted for laptops.

Continuity of Operations

Unique, expensive solutions required.

Easy to instantly and dynamically provide and grant expanded secure access to remote users in times of crisis or emergency.

 

INTEROPERABILITY


Before

After

Information Sharing

Difficult to achieve secure interoperability.

Distribution of ID tokens permits secure information sharing regardless of hardware or software back-ends - without compromising control of information.

 

MOBILITY


Before

After


Carry one, dedicated, specifically configured, Expensive, fully managed, state-full and data-full PCs

Use any zero-configuration, stateless, Inexpensive, lightweight, devices via any network.

 

COST AND EASE OF ADMINISTRATION


Before

After

Employee Unique Devices

 

Each employee tied to a single PC that must follow them from office to office, job to job.

Any employee can use any device at any location.

Maintenance

 

Heavy, difficult to maintain PCs with moving parts.

Inexpensive stateless hardware, only screen, NIC and keyboard required.

Device Costs

 

Expensive managed PCs.

Unmanaged PCs or inexpensive stateless devices.

Bandwidth Conservation

 

Pipes choke on fat files.

Predictive, optimized, QoS controlled bandwidth utilization.

Cost and Ease of Inserting New Functionality

 

Each individual desktop PC must be upgraded, insertion costs high.

Only application servers need to be maintained and upgraded.  Insertion costs low.

Weight and Power Reductions

 

Heavy, fragile, energy consuming PCs.

No hard drives, fat memory, ultra-fast chips or moving parts, just a screen, NIC and keyboard, leading to substantial reductions in weight, size, and power requirements.

          

Categories:

Tags:

Leave a comment

Search

About this Entry

This page contains a single entry by Mario Dal Canto and Chris Mellon published on April 9, 2009 3:25 AM.

Cloud Computing -- Delivered by Your Local Telecom Company? was the previous entry in this blog.

SIMtone Supports Green Computing with Sponsorship of America's Cup Team is the next entry in this blog.

Find recent content on the main index or look in the archives to find all content.