Hyper-Converged Infrastructure
Article | October 3, 2023
The rollout of 5G networks coupled with edge compute introduces new security concerns for both the network and the enterprise. Security at the edge presents a unique set of security challenges that differ from those faced by traditional data centers. Today new concerns emerge from the combination of distributed architectures and a disaggregated network, creating new challenges for service providers.
Many mission critical applications enabled by 5G connectivity, such as smart factories, are better off hosted at the edge because it's more economical and delivers better Quality of Service (QoS). However, applications must also be secured; communication service providers need to ensure that applications operate in an environment that is both safe and provides isolation. This means that secure designs and protocols are in place to pre-empt threats, avoid incidents and minimize response time when incidents do occur.
As enterprises adopt private 5G networks to drive their Industry 4.0 strategies, these new enterprise 5G trends demand a new approach to security. Companies must find ways to reduce their exposure to cyberattacks that could potentially disrupt mission critical services, compromise industrial assets and threaten the safety of their workforce. Cybersecurity readiness is essential to ensure private network investments are not devalued.
The 5G network architecture, particularly at the edge, introduces new levels of service decomposition now evolving beyond the virtual machine and into the space of orchestrated containers. Such disaggregation requires the operation of a layered technology stack, from the physical infrastructure to resource abstraction, container enablement and orchestration, all of which present attack surfaces which require addressing from a security perspective. So how can CSPs protect their network and services from complex and rapidly growing threats?
Addressing vulnerability points of the network layer by layer
As networks grow and the number of connected nodes at the edge multiply, so do the vulnerability points. The distributed nature of the 5G edge increases vulnerability threats, just by having network infrastructure scattered across tens of thousands of sites. The arrival of the Internet of Things (IoT) further complicates the picture: with a greater number of connected and mobile devices, potentially creating new network bridging connection points, questions around network security have become more relevant.
As the integrity of the physical site cannot be guaranteed in the same way as a supervised data center, additional security measures need to be taken to protect the infrastructure. Transport and application control layers also need to be secured, to enable forms of "isolation" preventing a breach from propagating to other layers and components. Each layer requires specific security measures to ensure overall network security: use of Trusted Platform Modules (TPM) chipsets on motherboards, UEFI Secure OS boot process, secure connections in the control plane and more. These measures all contribute to and are integral part of an end-to-end network security design and strategy.
Open RAN for a more secure solution
The latest developments in open RAN and the collaborative standards-setting process related to open interfaces and supply chain diversification are enhancing the security of 5G networks. This is happening for two reasons. First, traditional networks are built using vendor proprietary technology – a limited number of vendors dominate the telco equipment market and create vendor lock-in for service providers that forces them to also rely on vendors' proprietary security solutions. This in turn prevents the adoption of "best-of-breed" solutions and slows innovation and speed of response, potentially amplifying the impact of a security breach.
Second, open RAN standardization initiatives employ a set of open-source standards-based components. This has a positive effect on security as the design embedded in components is openly visible and understood; vendors can then contribute to such open-source projects where tighter security requirements need to be addressed.
Aside from the inherent security of the open-source components, open RAN defines a number of open interfaces which can be individually assessed in their security aspects. The openness intrinsically present in open RAN means that service components can be seamlessly upgraded or swapped to facilitate the introduction of more stringent security characteristics, or they can simultaneously swiftly address identified vulnerabilities.
Securing network components with AI
Monitoring the status of myriad network components, particularly spotting a security attack taking place among a multitude of cooperating application functions, requires resources that transcend the capabilities of a finite team of human operators. This is where advances in AI technology can help to augment the abilities of operations teams. AI massively scales the ability to monitor any number of KPIs, learn their characteristic behavior and identify anomalies – this makes it the ideal companion in the secure operation of the 5G edge. The self-learning aspect of AI supports not just the identification of known incident patterns but also the ability to learn about new, unknown and unanticipated threats.
Security by design
Security needs to be integral to the design of the network architecture and its services. The adoption of open standards caters to the definition of security best practices in both the design and operation of the new 5G network edge. The analytics capabilities embedded in edge hyperconverged infrastructure components provide the platform on which to build an effective monitoring and troubleshooting toolkit, ensuring the secure operation of the intelligent edge.
Read More
Hyper-Converged Infrastructure, IT Systems Management
Article | September 14, 2023
Flexible data access, enhanced disaster recovery, and reduced infrastructure staff burden are some of the biggest reasons businesses migrate to innovative and reliable cloud technologies. Infrastructure-as-a-service or Iaas, is one such cloud computing model that has simplified the lives of enterprises and developers by reducing their infrastructure burden. Iaas gives you access to servers, networking, storage, and virtualization features.
IaaS is fast becoming one of the biggest trends in cloud computing. According to Technavio's latest report, the IaaS market projects a growth of USD 141.77 billion, registering a CAGR of 28.2% from 2021 to 2026.
“So many systems end up as a big dreaded ball of mud (which is totally preventable) when designing an enforceable architecture model.”
Alexander von Zitzewitz, CEO, hello2morrow Inc.
But, how can IaaS technology help you grow and advance your business? Here are some key advantages of switching to IaaS:
Better Performance
One of the more well-known benefits of IaaS is achieving a higher performance level from your infrastructure. Rather than worrying about the latest hardware for your infrastructure, with IaaS in place, your in-house IT team will be able to focus more on working on your business goals and objectives through technology.
Because the SLA (Service Level Agreement) with your IaaS cloud service provider can ensure that you are getting the best performance from your cloud provider's infrastructure. An SLA will ensure that your cloud provider is accountable for continuous upgrades and the best possible service for your business.
Decreased CapEx
With IaaS technology, you can choose the IaaS cloud service provider of your choice. Typically, a cloud provider has a more reliable, robust, and redundant infrastructure setup than what would be feasible and financially realistic in an office environment. This means you can save on maintenance, purchase, and operating hardware-related business expenditures. Additionally, it also decreases your overall IT-related capital expenditure (CapEx).
Increased Flexibility
IaaS increases your scalability and flexibility exponentially. Your business can scale up and down as needed and on-demand.
For example, say your business is hosting a short-term campaign to drive more traffic to your website. IaaS will automatically provision resources to ensure your business infrastructure is well equipped to handle the sudden incoming traffic boost.
Scale- Up Your Business
Additionally, IaaS gives your growing business the flexibility it needs from its IT infrastructure.
For example, if you’re considering opening a new office in a different location, you don’t need to spend extra on new hardware; instead, you can directly connect to your infrastructure virtually. This means you don’t need to invest in additional infrastructure for business expansion continually.
Managed-Task Virtualization
As IaaS supports the virtualization of management tasks, your IT is free to concentrate on other, more thought-intensive work. This will not only drive more efficiency but also help boost ROI.
Disaster Recovery
During disasters like an earthquake or floods, IaaS ensures smooth business operations. Disaster Recovery as a Service (DRaaS) stores and replicates data in multiple data centers in different geographical locations.
So even if a disaster or mishap causes significant damage to the data center, your IaaS providers can quickly restore the data from another data center.
Conclusion
IaaS allows your businesses to utilize the cloud to achieve your IT goals. It is flexible, scalable, reliable, cost-effective and provides seamless access to maximize business continuity. Therefore, you should choose a reliable IaaS cloud provider who can deliver a variety of cloud infrastructure solutions.
Read More
Hyper-Converged Infrastructure, Application Infrastructure
Article | July 19, 2023
The success of 5G technology is a function of both the infrastructure that supports it and the ecosystems that enable it. Today, the definitive focus in the 5G space is on enterprise use cases, ranging from dedicated private 5G networks to accessing edge compute infrastructure and public or private clouds from the public 5G network. As a result, vendor-neutral multitenant data center providers and their rich interconnection capabilities are pivotal in helping make 5G a reality. This is true both in terms of the physical infrastructure needed to support 5G and the ability to effectively connect enterprises to 5G.
Industry experts expect 5G to enable emerging applications such as virtual and augmented reality (AR/VR), industrial robotics/controls as part of the industrial internet of things (IIoT), interactive gaming, autonomous driving, and remote medical procedures. These applications need a modern, cloud-based infrastructure to meet requirements around latency, cost, availability and scalability. This infrastructure must be able to provide real-time, high-bandwidth, low-latency access to latency-dependent applications distributed at the edge of the network.
How Equinix thinks about network slicing
Network slicing refers to the ability to provision and connect functions within a common physical network to provide the resources necessary to deliver service functionality under specific performance constraints (such as latency, throughput, capacity and reliability) and functional constraints (such as security and applications/services). With network slicing, enterprises can use 5G networks and services for a wide variety of use cases on the same infrastructure.
Providing continuity of network slices with optimal UPF placement and intelligent interconnection
Mobile traffic originates in the mobile network, but it is not contained to the mobile network domain, because it runs between the user app on a device and the server workload on multi-access edge compute (MEC) or on the cloud. Therefore, to preserve intended characteristics, the slice must be extended all the way to where the traffic wants to go. This is why we like to say “the slicing must go on.”
The placement of network functions within the slice must be optimized relative to the intended traffic flow, so that performance can be ensured end-to-end. As a result, organizations must place or activate the user plane function (UPF) in optimal locations relative to the end-to-end user plane traffic flow.
We expect that hybrid and multicloud connectivity will remain a key requirement for enterprises using 5G access. In this case, hybrid refers to private edge computing resources (what we loosely call “MEC”) located in data centers—such as Equinix International Business Exchange™ (IBX®) data centers—and multicloud refers to accessing multiple cloud providers from 5G devices. To ensure both hybrid and multicloud connectivity, enterprises need to make the UPF part of the multidomain virtual Layer 2/Layer 3 interconnection fabric.
Because a slice must span multiple domains, automation of UPF activation, provisioning and virtual interconnection to edge compute and multicloud environments is critical.
Implementing network slicing for interconnection of core and edge technology
Equinix partnered with Kaloom to develop network slicing for interconnection of core and edge (NICE) technology within our 5G and Edge Technology Development Center (5G ETDC) in Dallas. NICE technology is built using cloud-native network fabric and high-performance 5G UPF from Kaloom. This is a production-ready software solution, running on white boxes built with P4 programmable application-specific integrated circuits (ASICs), allowing for deep network slicing and support for high-performance 5G UPF with extremely fast data transfer rates.
With NICE technology in the 5G ETDC, Equinix demonstrates:
5G UPF deployment/activation and traffic breakout at Equinix for multiple slices.
Software-defined interconnection between the 5G core and MEC resources from multiple providers.
Software-defined interconnection between the 5G core and multiple cloud service providers.
Orchestration of provisioning and automation of interconnection across the 5G core, MEC and cloud resources.
Architecture of NICE technology in the Equinix 5G ETDC
The image above shows (from left to right):
The mobile domain with radio access network (RAN), devices (simulated) and mobile backhaul connected to Equinix.
The Equinix domain with:
Equinix Metal® supporting edge computing servers and a fabric controller from Kaloom.
Network slicing fabric providing interconnection and Layer 2/Layer 3 cloud-native networking to dynamically activate UPF instances/interfaces connected with MEC environments and clouds, forming two slices (shown above in blue and red).
Equinix Fabric™ and multicloud connectivity.
This demonstrates the benefit of having the UPF as a feature of the interconnection fabric, effectively allowing UPF activation as part of the virtual fabric configuration. This ultimately enables high-performance UPF that’s suitable for use cases such as high-speed 5G fixed wireless access.
Combining UPF instances and MEC environments into an interconnection fabric makes it possible to create continuity for the slices and influence performance and functionality. Equinix Fabric adds multicloud connectivity to slices, enabling organizations to directly integrate network slicing with their mobile hybrid multicloud architectures.
Successful private 5G edge deployments deliver value in several ways. Primarily, they offer immediate access to locally provisioned elastic compute, storage and networking resources that deliver the best user and application experiences. In addition, they help businesses access a rich ecosystem of partners to unlock new technologies at the edge.
Secure, reliable connectivity and scalable resources are essential at the edge. A multivendor strategy with best-of-breed components complemented by telemetry, advanced analytics with management and orchestration—as demonstrated with NICE in Equinix data centers—is a most effective way to meet those requirements. With Equinix’s global footprint of secure, well-equipped facilities, customers can maximize benefits.”
- Suresh Krishnan, CTO, Kaloom
Equinix and its partners are building the future of 5G
NICE technology is just one example of how the Equinix 5G and Edge Technology Development Center enables the innovation and development of real-world capabilities that underpin the edge computing and interconnection infrastructure required to successfully implement 5G use cases. A key benefit of the 5G ETDC is the ability to combine cutting-edge innovations from our partners like Kaloom with proven solutions from Equinix that already serve a large ecosystem of customers actively utilizing hybrid multicloud architectures.
Read More
IT Systems Management
Article | August 8, 2022
Consider IaaS (infrastructure as a service) as a virtual version of your traditional data center. IaaS is a branch of cloud computing technology that offers virtualized storage, server, and networking wrapped together as a self-service platform. It is highly cost-efficient and makes up for easier, faster workloads. Although incredibly convenient for business, it largely depends on what your company needs to use it for.
What is IaaS, and How Can It Benefit Your Business?
IaaS first rose to popularity in the early 2010s. Since then, it has become the standard abstraction model for many types of workloads. But with the rise of the microservices application pattern and the arrival of new technologies like containers and serverless IaaS is still a foundational service, but the field is more crowded than ever.
The most common household cloud computing names—AWS (Amazon Web Services), Google Cloud and Microsoft Azure— are all IaaS providers. They all maintain giant data centers around the globe. It includes tons of storage systems, physical servers, and networking equipment under a virtualization layer. Cloud customers access these resources to deploy and run applications in a highly automated manner.
Developing a cloud adoption strategy is a vital step forward for modern-day business. And this subscription-based cloud computing service, IaaS, offers a remote management solution and reduces your purchase cost at the same time.
Additionally, IaaS also provides key solutions vital for any company’s future plans, such as big-data analysis. It allows businesses like yours to analyze massive data sets and see future trends, patterns, and associations that a human wouldn’t.
Understanding the IaaS Architecture
In an IaaS service model, your cloud provider will take over your infrastructure components, such as traditional on-premises data centers and host them on the internet. This includes virtual computing, servers, networking hardware, and infrastructure components, as well as the hypervisor layer.
IaaS service providers will also provide a wide array of services to accompany those infrastructure components.
Monitoring
Detailed billing
Security
Log access
Load balancing
Clustering
Storage resiliency
Backup
Replication
Disaster Recovery
IaaS services are automated and highly policy-driven, so you can implement all your infrastructure tasks effortlessly.
How Does It Work?
IaaS customers access their resources through a WAN (wide area network). Leveraging the cloud provider's services, they will install the remaining elements of an application stack.
For example, you can log in to the IaaS platform to create VMs (virtual machines), install operating systems on each VM, deploy middleware like databases, create storage buckets for workloads and backups, and install the enterprise workload on that VM. Afterward, you can also use the IaaS provider's services to track costs, balance network traffic, monitor performance, troubleshoot application-related issues and manage disaster recovery.
IaaS Use Cases
As IaaS provides general-purpose computing resources, it can be used for any kind of use case. IaaS is most often used today for the development and testing environments, websites, and web apps that interact with customers, data storage, analytics, and data warehousing workloads. Plus, it also offers backup and disaster recovery services, especially for on-premises workloads. IaaS is also a good way to set up and run common business software and apps like SAP.
Real-life Examples
GE Healthcare: Reputed medical imaging facility GE Healthcare adopted Amazon EC2 from AWS to design the GE Health Cloud. GE Health Cloud platform successfully empowered its consumers by collecting, storing, accessing, and processing information worldwide from different types of medical devices to obtain value from data.
Coca-Cola: The beverage giant Coca-Cola collaborated with SoftLayer adopting a pay-as-you-go architecture to manage their CRM system effectively during peak seasons.
Final Thoughts
Before choosing a provider, you will need to think carefully about the services, reliability, and costs. First, you should thoroughly assess the capabilities of your organization’s IT department and determine how well equipped it is to deal with the ongoing demands of IaaS implementation. Accordingly, you will be prepared to choose an alternative provider and move to the alternative infrastructure if you need to.
Read More