Steve Garson

Author Archives: Steve Garson

IDG Contributor Network: 3 providers fixing the middle mile problems of internet-based SD-WANs

A new global backbone provider emerged from stealth last week, giving organizations even more choice in how they build their Internet-based SD-WANs.  Mode introduced what it calls a “software-defined core” (SD-CORE) network that offers IT “affordable private-network reliability and quality of service” across the globe.The company joins Aryaka and Cato Networks as one of the few independent backbone providers helping enterprises solve the variability problems of the Internet core. Middle-mile performance forms the biggest challenge for delivering stable, global, low-latency connections.To read this article in full, please click here

IDG Contributor Network: 3 providers fixing the middle mile problems of internet-based SD-WANs

A new global backbone provider emerged from stealth last week, giving organizations even more choice in how they build their Internet-based SD-WANs.  Mode introduced what it calls a “software-defined core” (SD-CORE) network that offers IT “affordable private network reliability and quality of service” across the globe.The company joins Aryaka and Cato Networks as one of the few independent backbone providers helping enterprises solve the variability problems of the Internet core.  "Internet testing results: Why fixing the internet middle mile is essential for SD-WAN performance," middle-mile performance, forms the biggest challenge for delivering stable, global, low-latency connections.To read this article in full, please click here

IDG Contributor Network: Internet testing results: why fixing the internet middle mile is essential for SD-WAN performance

It’s no secret that the public Internet is a quagmire of latency and packet loss problems. No wonder, many of clients are reluctant to trust Internet-based SD-WANs with VoIP and business-critical applications. After all, how can an SD-WAN running over Internet provide a predictable user experience if the underlying transport is so unpredictable?To answer that question, SD-WAN Experts recently evaluated the performance and stability of long-distance Internet connections. Our goal: to determine the source of the Internet's performance problems by measuring variability and latency in the last and middle miles.What we found was by swapping out the Internet core for a managed middle mile makes an enormous difference. Case in point is Amazon. The latency and variation between our AWS workloads was significantly better across Amazon’s network than the public Internet (see figure). Why that’s the case and how we tested is explained below and in greater depth from this post on our site.To read this article in full, please click here

IDG Contributor Network: Internet testing results: why fixing the internet middle mile is essential for SD-WAN performance

It’s no secret that the public Internet is a quagmire of latency and packet loss problems. No wonder, many of clients are reluctant to trust Internet-based SD-WANs with VoIP and business-critical applications. After all, how can an SD-WAN running over Internet provide a predictable user experience if the underlying transport is so unpredictable?To answer that question, SD-WAN Experts recently evaluated the performance and stability of long-distance Internet connections. Our goal: to determine the source of the Internet's performance problems by measuring variability and latency in the last and middle miles.What we found was by swapping out the Internet core for a managed middle mile makes an enormous difference. Case in point is Amazon. The latency and variation between our AWS workloads was significantly better across Amazon’s network than the public Internet (see figure). Why that’s the case and how we tested is explained below and in greater depth from this post on our site.To read this article in full, please click here

IDG Contributor Network: 3 generations of secure SD-WAN services

You simply can’t take advantage of all that SD-WAN has to offer without giving branch offices local Internet access and you can’t give them local Internet access without securing them. SD-WAN for all its strengths does not provide robust edge security. Yes, data is encrypted in transit. And, yes, some SD-WAN appliances come with basic stateful firewalling capabilities. But with attacks coming at layer-7, branches require a next-generation firewall (NGFW) and updated IPS/IDS capabilities to protect locations —  not a basic firewall. For all intents and purposes, branch SD-WAN needs layer-7 security, which is why you see so many SD-WAN vendors striking partnerships with security vendors or some building security into their appliances.To read this article in full, please click here

IDG Contributor Network: 3 generations of secure SD-WAN services

You simply can’t take advantage of all that SD-WAN has to offer without giving branch offices local Internet access and you can’t give them local Internet access without securing them. SD-WAN for all its strengths does not provide robust edge security. Yes, data is encrypted in transit. And, yes, some SD-WAN appliances come with basic stateful firewalling capabilities. But with attacks coming at layer-7, branches require a next-generation firewall (NGFW) and updated IPS/IDS capabilities to protect locations —  not a basic firewall. For all intents and purposes, branch SD-WAN needs layer-7 security, which is why you see so many SD-WAN vendors striking partnerships with security vendors or some building security into their appliances.To read this article in full, please click here

IDG Contributor Network: WAN Summit recap: challenges facing SD-WAN services

If the recent WAN Summit in New York where I moderated a panel on last-mile access (more on that later) was any indication, the SD-WAN market is shifting towards a service-delivery model where sufficient network security and predictability are baked into the SD-WAN so the service can replace MPLS.In session and private conversations, topics related to secure SD-WAN services kept popping up. The challenges of today’s managed services. The impact of the cloud. The need for SLAs in SD-WAN services. How encryption complicates visibility and, by extension, enterprise security. These and other issues point to the change and challenges facing SD-WAN services.To read this article in full, please click here

IDG Contributor Network: WAN Summit recap: challenges facing SD-WAN services

If the recent WAN Summit in New York where I moderated a panel on last-mile access (more on that later) was any indication, the SD-WAN market is shifting towards a service-delivery model where sufficient network security and predictability are baked into the SD-WAN so the service can replace MPLS.In session and private conversations, topics related to secure SD-WAN services kept popping up. The challenges of today’s managed services. The impact of the cloud. The need for SLAs in SD-WAN services. How encryption complicates visibility and, by extension, enterprise security. These and other issues point to the change and challenges facing SD-WAN services.To read this article in full, please click here

IDG Contributor Network: Carrier SD-WAN: SD-WAN should be more than just an MPLS complement

Is it only me who finds it just a bit dubious that carriers are advocating SD-WAN? SD-WAN was practically invented to get away from the clutches of carriers, and now we're supposed to trust them to be the stewards of WAN transformation?Carriers lost that privilege when their business model grew out-of-step with how we do business. We grew tired of being charged double Internet prices for MPLS capacity. In an era of self-service, carriers were still making us wait to troubleshoot problems. And we were astonished that new MPLS circuits could take weeks, even months, to bring into a new site when you could often get started with broadband in a matter of days and upgrade to DIA when ready.To read this article in full, please click here

IDG Contributor Network: Carrier SD-WAN: SD-WAN should be more than just an MPLS complement

Is it only me who finds it just a bit dubious that carriers are advocating SD-WAN? SD-WAN was practically invented to get away from the clutches of carriers, and now we're supposed to trust them to be the stewards of WAN transformation?Carriers lost that privilege when their business model grew out-of-step with how we do business. We grew tired of being charged double Internet prices for MPLS capacity. In an era of self-service, carriers were still making us wait to troubleshoot problems. And we were astonished that new MPLS circuits could take weeks, even months, to bring into a new site when you could often get started with broadband in a matter of days and upgrade to DIA when ready.To read this article in full, please click here

IDG Contributor Network: Comparing global internet access services for SD-WAN: huge differences in pricing and quality

All too often, IT teams make the mistake of thinking about Internet access as a commodity, failing to consider how well connected a provider is with the rest of the Internet. Picking the right Internet service, especially internationally, can be extremely important when evaluating SD-WAN solutions from companies like Aryaka, Cato Networks, Cisco (Viptela or Meraki), Open Systems, Silver Peak, Versa or VMware (Velocloud).To better understand why looking at the quality of an Internet service is so important, I gathered global pricing and configuration information from my friends at GlobalInternet, a global aggregator of Internet access connections. Here’s what we found.To read this article in full, please click here

IDG Contributor Network: Choosing ISPs for SD-WAN: don’t be pound foolish

I was in the local Best Buy the other day and overheard a conversation between a saleswoman and a father looking to buy a computer for his daughter. Apparently, the daughter is a designer, which of course requires lots of heavy graphics work. Anyway, the saleswoman was trying to explain how he should invest a little bit more in an expensive graphics card because of her work. The father wouldn’t hear of it. He wanted the least expensive machine possible.It was a mistake.Part of the art of life is knowing when and where to invest your resources for maximum return. Sometimes less is, well, less and investing a bit more really can make a difference. I know you didn’t come to this blog for self-help advice, but life’s truism has real-world implications for wide area networks and, in particular, when selecting the Internet infrastructure underlying your SD-WAN.To read this article in full, please click here

IDG Contributor Network: Choosing ISPs for SD-WAN: don’t be pound foolish

I was in the local Best Buy the other day and overheard a conversation between a saleswoman and a father looking to buy a computer for his daughter. Apparently, the daughter is a designer, which of course requires lots of heavy graphics work. Anyway, the saleswoman was trying to explain how he should invest a little bit more in an expensive graphics card because of her work. The father wouldn’t hear of it. He wanted the least expensive machine possible.It was a mistake.Part of the art of life is knowing when and where to invest your resources for maximum return. Sometimes less is, well, less and investing a bit more really can make a difference. I know you didn’t come to this blog for self-help advice, but life’s truism has real-world implications for wide area networks and, in particular, when selecting the Internet infrastructure underlying your SD-WAN.To read this article in full, please click here

IDG Contributor Network: Will China start blocking SD-WAN traffic…today?

More than a decade ago, I launched the forerunner to SD-WAN Experts, MPLS Experts, on a project to China. Back then finding out telecom services in another country, let alone another continent, seemed like a mission impossible. China was among the most difficult.Much has changed in our industry. MPLS has given way to SD-WAN, but some things remain the same. We still need global connectivity and China continues to remain a mystery. My story about China blocking VPN traffic – and potentially SD-WAN traffic – caused quite a stir in the industry, in large part because, like so many things when dealing with China, concrete information remains scarce (particularly for non-native speakers).To read this article in full, please click here

IDG Contributor Network: Will China start blocking SD-WAN traffic…today?

More than a decade ago, I launched the forerunner to SD-WAN Experts, MPLS Experts, on a project to China. Back then finding out telecom services in another country, let alone another continent, seemed like a mission impossible. China was among the most difficult.Much has changed in our industry. MPLS has given way to SD-WAN, but some things remain the same. We still need global connectivity and China continues to remain a mystery. My story about China blocking VPN traffic – and potentially SD-WAN traffic – caused quite a stir in the industry, in large part because, like so many things when dealing with China, concrete information remains scarce (particularly for non-native speakers).To read this article in full, please click here

IDG Contributor Network: China to block SD-WAN and VPN traffic by Jan. 11

A new Chinese policy going into effect next week, will have profound impact on businesses relying on Internet VPN or SD-WAN access within China.According to a notice from China Telecom obtained by SD-WAN Experts, the Chinese Government will require commercial Chinese ISPs to block TCP ports 80, 8080, and 443 by January 11, 2018. Port 80 is of course the TCP port commonly used for carrying HTTP traffic; 8080 and 443 are used for carrying HTTPS traffic. Commercial ISP customers interested in maintaining access to those ports must register or apply to re-open the port through their local ISP.  The news, first reported by Bloomberg July, was expected to be implemented by February, 2018. This is the first time a specific date has been provided for the action.To read this article in full, please click here

IDG Contributor Network: China to block SD-WAN and VPN traffic by Jan. 11

A new Chinese policy going into effect next week, will have profound impact on businesses relying on Internet VPN or SD-WAN access within China.According to a notice from China Telecom obtained by SD-WAN Experts, the Chinese Government will require commercial Chinese ISPs to block TCP ports 80, 8080, and 443 by January 11, 2018. Port 80 is of course the TCP port commonly used for carrying HTTP traffic; 8080 and 443 are used for carrying HTTPS traffic. Commercial ISP customers interested in maintaining access to those ports must register or apply to re-open the port through their local ISP.  The news, first reported by Bloomberg July, was expected to be implemented by February, 2018. This is the first time a specific date has been provided for the action.To read this article in full, please click here

IDG Contributor Network: Warning: security vulnerabilities found in SD-WAN appliances

In a rush to capitalize on the SD-WAN market opportunity, some SD-WAN vendors seem to be playing fast and loose with their appliances.At a recent customer site of ours, Nirvik Nandy, CISO of SD-WAN Experts and CEO of Red Lantern, a security and compliance consultancy, and I collaborated on a security analysis of SD-WAN architectures. We conducted penetration testing of several SD-WAN solutions, looking atthe appliances and cloud architectures. Details of how we tested and vendor results are necessarily confidential. However, I can share with you some of our overall findings about appliances – we’ll get to the cloud at a later date.SD-WAN security: what it really means First, some context: SD-WAN vendors speak about their architectures as being secure and that’s true to an extent. All SD-WAN solutions secure traffic in transit. But there’s more to network security than protecting data against eavesdropping and wiretapping, which is why companies deploy next-generation firewall (NGFW), intrusion prevention systems (IPS), and more.  SD-WAN and security vendors have been addressing this need, integrating the functionality of one another into solutions that provide networking and security.To read this article in full, please click here

IDG Contributor Network: Warning: security vulnerabilities found in SD-WAN appliances

In a rush to capitalize on the SD-WAN market opportunity, some SD-WAN vendors seem to be playing fast and loose with their appliances.At a recent customer site of ours, Nirvik Nandy, CISO of SD-WAN Experts and CEO of Red Lantern, a security and compliance consultancy, and I collaborated on a security analysis of SD-WAN architectures. We conducted penetration testing of several SD-WAN solutions, looking atthe appliances and cloud architectures. Details of how we tested and vendor results are necessarily confidential. However, I can share with you some of our overall findings about appliances – we’ll get to the cloud at a later date.SD-WAN security: what it really means First, some context: SD-WAN vendors speak about their architectures as being secure and that’s true to an extent. All SD-WAN solutions secure traffic in transit. But there’s more to network security than protecting data against eavesdropping and wiretapping, which is why companies deploy next-generation firewall (NGFW), intrusion prevention systems (IPS), and more.  SD-WAN and security vendors have been addressing this need, integrating the functionality of one another into solutions that provide networking and security.To read this article in full, please click here

IDG Contributor Network: Why your company can be sued for using SD-WAN

When you buy your SD-WAN, or for that matter any WAN technology, you sort of assume that the vendor has the legal right to sell it to you.But what happens if they don’t? What happens if you’ve built your WAN on an illegally acquired technology?The question is not just theoretical. Last week, FatPipe sent me a press release pointing out how United States PTO Patent Court upheld a signature claim to its U.S. patent (number 6,775,235) for load balancing across disparate networks. Load balancing is a critical component of all SD-WAN products. As such, FatPipe could, in theory, claim licensing fees from SD-WAN players and their users.To read this article in full or to leave a comment, please click here

1 2 3