» www.networksasia.net: Deeper, broader and better!

specialreportEnterprise IT securityin Asia

Volume 8 • Issue 3 • September/October 2011 HK$45 S$8

ASIA’S SOURCE FOR ENTERPRISE NETWORK KNOWLEDGE

DATA CENTER TRANSFORMATION

TRENDS & ANALYSIS • CASE STUDIES • VIEWPOINTS • TECHNOLOGY TIPS • GADGETS

• Rethinking your infrastructure• Green power strategies

clearchoicetestPalo Alto Networks'next-generation firewall

0911nwa_cover.indd 1 31/08/2011 3:45 PM

TE Connectivity, TE connectivity (logo), AMP NETCONNECT, AMP NETCONNECT (logo), ADC KRONE, ADC KRONE (logo)

are trademarks. Other logos, product and/or Company names might be trademarks of their respective owners.

One of the world’s largest suppliers of network infrastructure for your o� ce.

TE Connectivity brings you

AMP NETCONNECT and

ADC KRONE, two world

renowned brands for

complete and specially

designed o� ce networks.

READERS’ CHOICE

PR

ODUCT EXCELLENCE

2010

READERS’ CHOICE

PR

ODUCT EXCELLENCE

2010

2011Winner Category:Structured Cabling Systems

Fiber Connectivity Solutions

Fully Compliant10G Solutions

Glide Cable Management

Solutions

Shielded and Unshielded Copper Technology (Cat. 5e,

Cat. 6, Cat. 6A and Cat. 7)

Fiber Management Systems

www.te.com www.ampnetconnect.com www.adckrone.com/asia

0911nwa_cover.indd 2 31/08/2011 3:45 PM

www.networksasia.net 2011 september / october • network world asia 1

Editorial and publishing officeQuestex Asia Limited13/F, 88 Hing Fat Street, Causeway Bay, Hong KongPhone: (852) 2559 2772 Fax: (852) 2559 7002Website: www.networksasia.netSubscription Hotline: (852) 2589 1313 Subscription Fax: (852) 2559 2015E-mail: customer_service@networksasia.net

Volume 8 • Issue 3 • September/October 2011

Network World Asia (ISSN 1814-0459) is circulated to over 7,008 enterprise IT, computing, Internet professionals, networking companies and other companies who use networks. It is produced for IT and networking professionals, engineers, and senior managers responsible for the approval, specification, recommendation or purchase of network equipment or software.

Network World Asia is published by Questex Asia Ltd, 13/F, 88 Hing Fat Street, Causeway Bay, Hong Kong. Subscription Rates: 1 year HK$330 (Hong Kong only) US$58 (within Asia) and US$64 (outside Asia). All copies distributed in the PRC are free of charge. Printed in Hong Kong. Postage paid in Hong Kong. ©2011 Questex Media Group, Inc. All rights reserved. No part of this publication may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopy, recording, or any information storage or retrieval system, with-out permission in writing from the publisher.

POSTMASTER: Send address changes to Network World Asia, 13/F, 88 Hing Fat Street, Causeway Bay, Hong Kong

Circulation: 7,008

Questex Media Group LLC 275 Grove Street, Newton, MA 02466, Tel: +1 617 219 8300

PRESIDENT & CHIEF EXECUTIVE OFFICER Kerry C. GumasEXECUTIVE V.P. & CHIEF FINANCIAL OFFICER Tom CaridiEXECUTIVE VICE PRESIDENT Tony D’Avino

Sales Team:Shigeru Kobayshi Japan Email: shig-koby@media-jac.co.jpZena Coupe Europe/USA Email: Zena@expomedia.bizHong Kong Sales Tel: (852) 2559 2772 Singapore Sales Tel: (65) 6297 7908

Jonathan Bigelow Managing Director Email: jbigelow@questexasia.com

SE Asia Bureau Chief Victor Ng vng@questexasia.com

Senior EditorKhoo Boo Leong blkhoo@questexasia.com

Online Content EditorKen Wong kenw@questexasia.com

Contributing Editor Emily Chia echia@questexasia.com

Senior Reporter Melissa Chua mchua@questexasia.com

Editorial Director Chee Sing Chan cchan@questexasia.com

Art Director Eric Lamelam@questexasia.com

Publisher May Yee Tan mytan@questexasia.com

Senior Account ManagerWayne Wongwwong@questexasia.com

Assistant Client Services Manager Reinwel A Decinardecina@questexasia.com

Senior Client Services Executive Christopher Hengcheng@questexasia.com

HR & Admin Manager Janis Lam janisLam@questexasia.com

Circulation Director John Lamjlam@questexasia.com

Assistant Circulation Manager Allie Mokamok@questexasia.com

C O N T E N T Sspecialreport27 Mitigating the risks of embracing social media28 Managing the human factor in enterprise IT security32 Securing the social enterprise38 CommunicAsia2011 and BroadcastAsia2011 highlights

trends&analysis4 Cloud business models struggle to coexist with public Internet4 Data center equipment market down, except for purpose-built switches5 VoIP market set to generate $40 billion a year by 20155 76% of Asia Pacific govts recognize need for ICT sustainability strategy6 Strong performance in optical networking market

techtips18 Five simple rules for moving to the cloud20 Successful UC implementation

casefiles22 Singapore school’s HQ gets secure access and control of data centers24 Recovering Japan

clearchoicetest35 PA-5060 is one fast firewall

gadgets39 Mobile devices launched at CommunicAsia 2011

regularsupfront2 Why data center transformation?

viewpoint26 The safest haven for data

biteback40 Shielding yourself against virtual bullets

DataCenterTheNew

Data center transformation More organizations are rethinking their IT infrastructures and evaluating alternatives to cope with surging amounts of data and the need to be more efficient and agile. Page 8-9

Better data center capacity planning 3 steps to better capacity planning, 3 ways to optimizing your infrastructure, and 1 revolutionary breakthrough for your network. Page 10-12

The green data center Enterprises are realizing the value of harnessing greener sources of power and technologies. Page 13-16

0911nwa.indd 1 31/08/2011 3:48 PM

network world asia • september / october 2011 www.networksasia.net2

upfront

Other than vendors trying to get more money out of your data center investments, what else could possibly be shouting out for the transformation of

data centers today?The complexities of today’s data centers cannot be over-

stated. Could it be the need to simplify, consolidate and unify data center resources that demand transformation? Because of costs and real-estate constraints? Or are expo-nential data growth and bandwidth bottlenecks the key considerations?

Cloud computing and virtualization are helping to trans-form data centers from a siloed infrastructure to a shared IT infrastructure that is more efficient and flexible in meet-ing fast-changing business needs. (See page 8)

Raghu Subramaniam, Asia Pacific CTO of Juniper Net-works, finds that, as networks become more essential in the world we live in today, the network fabric in data cen-ters must meet today’s needs for our culture to connect and business to expand with unprecedented reach, speed and efficiency. (See page 12)

Jean-Pierre Garbani, a vice-president and principal ana-lyst at Forrester Research, is of the view that traditional approaches to data center capacity planning is no longer acceptable because they are not business service-oriented enough, and don’t place enough emphasis on emerging data center costs and constraints. (See page 10)

Jonathan Chiu, APC by Schneider Electric’s general manager for Hong Kong & Macau, agrees with Gartner in identifying exponential data growth as the biggest data center infrastructure challenge for enterprises today. (See page 11)

Sooner or later, when it comes to data center transfor-mation, the green factor must come in.

More than three quarters of Asia Pacific government CIOs and IT managers see the need for an IT sustainability strategy. (See page 6)

As Facebook, Cisco, Google and many organizations ex-plore clean, renewable energy sources like wind farms and solar panels, at least to power office spaces, it is conceiv-able that such energy sources will be reliable and afford-able enough to support mission-critical data center appli-cations one day. (See page 13)

And then there’s the issue of security to throw a spanner into the works.

Why keep lots of data and applications – and the media and cables you need to store and access them – in your data center? Here’s the case for the cloud being the safest haven for your data. (See page 26)

How do we keep our networks optimized, the traffic that traverse through them safe, and potential threats identi-fied and stopped? (See page 40)

Over the last few months, NetworkWorld Asia met up with hundreds of CIOs, security heads, IT managers and industry experts across Asia to discuss the issue of security

in a business world that cannot do without social media, smartphones, tablets and remote access. Do read our special reports on these discus-sions. (See pages 27-34) NWA

Why data center transformation?

Victor Ng vng@questexasia.com

C

M

Y

CM

MY

CY

CMY

K

BDM_197x267_WorldAsia_081811.pdf 1 2011/8/18 16:03:27

0911nwa.indd 2 31/08/2011 3:48 PM

www.networksasia.net 2011 september / october • network world asia 3

C

M

Y

CM

MY

CY

CMY

K

BDM_197x267_WorldAsia_081811.pdf 1 2011/8/18 16:03:27

0911nwa.indd 3 31/08/2011 3:48 PM

network world asia • september / october 2011 www.networksasia.net4

trends&analysis

ture vendors’ equipment sales. But product capabilities that help telcos move away from simple access/con-nectivity services and advanced optical and packet gear that can create large, intelligent network cores to facilitate, for example, resource and application transfers between data centers, will be in demand.”

Relating this to carrier revenues, Matt added: “The last-mile crisis is, not surprisingly, seen as an opportunity by some. For consumer-oriented services and apps residing in the cloud, fiber to the home may be the delivery pipe, supplemented by mobile broadband. For mission-critical business applica-tions, though, we imagine that the cloud will provide a healthy kick to the market for carrier Ethernet and IP VPNs. Given how tough it is for operators — espe-cially wireline players — to find revenue growth nowadays, this may be a welcome reality.” NWA

runs high, that IaaS (infrastructure-as-a-service) applications will generate more and higher-margin revenue — not just traffic growth — to support building multi-terabit networks.

Expanding on this theme, Dana Coo-person, Ovum’s Practice Leader, Net-work Infrastructure, commented that “Public cloud IaaS business models are “pay-for-use” or at least tiered, which, unlike “all-you-can-eat” consumer broadband models, tie resources used more directly to revenues generated. Public and private cloud business and pricing models are new and in flux, so there’s still ample time to get it right...or wrong.”

Cooperson added, “The network is an essential part of telcos’ value proposi-tions as cloud computing applications move from public IP, with no QoS or SLA guarantees, to trusted networks.”

“We expect cloud applications to only incrementally add to infrastruc-

Resiliency, latency, and security on the core Internet are problem areas for mission-critical cloud-

based business applications, as are the irregular last-mile access networks that exist in many countries, according to Ovum’s network infrastructure analysts.

“Public IP will not be sufficient for business-grade cloud computing and carrier Ethernet and IP/MPLS VPNs will play increasingly important roles. More efficient data centers, and more of them, distributed globally, will also help”, said Matt Walker, Ovum principal analyst.

Although cloud computing is a well-defined concept, it will require a strong physical network infrastructure to live up to its promise. These will need improved interconnectivity for resiliency, load bal-ancing, new transmission capacity; and added intelligence from new optical and IP hardware.

Ovum’s recent discussions with op-erators and vendors indicates that hope

Cloud business models struggle to coexist with public Internet

MARKET RESEARCH FIRM Infonetics Research re-cently released excerpts from its first quarter (Q1 2011) Data Center Network Equipment market size, share and forecast report.

“After massive growth (of more than 50%) in 2010, the data center network equipment market is slowing significantly in 2011, as some of the 2010 drivers like pent-up demand disappear and new challenges arise, such as slowing public sector spend-ing,” noted Matthias Machowinski, Infonetics Research’s directing analyst for enterprise networks and video.

“This dynamic is already playing out, with sales down on a sequential basis in the first quarter and year-over-year increases moving down to single-digit percent territory. Purpose-built data center Ethernet switches continue to enjoy strong growth as buyers transition to these devices to better address performance requirements in their data centers.”

Highlights from the Infonetics report include:• In Q1 2011, the worldwide data center network equip-

ment market, which includes data center Ethernet switches, application delivery controllers (ADCs), and WAN optimization appliances, declined 7% from the previous quarter, but is up 2% year-over-year (Q1 2010

to Q1 2011)• In 2010, the global data center equip-ment market grew to $8 billion, and Infonetics Research forecasts it to top $10 billion by 2015• Cisco continues to lead the data cen-ter Ethernet switching market by far, with over 80% market share• ADC market leader F5 increased quarterly revenue only slightly, but

gained 4 points of market share as rivals Cisco and Citrix declined

• The data center equipment markets in Asia Pacific (APAC) and Central and Latin America (CALA), posted strong year-over-year growth in Q1 2011, driven by emerging economies

Data center equipment market down, except for purpose-built switches

0911nwa.indd 4 31/08/2011 3:48 PM

www.networksasia.net 2011 september / october • network world asia 5

continued on page 6

ket leader, has had considerable pub-licity recently and does report some numbers. From these, we estimate that there are more internet telepho-ny than VoIP users, with Skype alone accounting for almost 150 million regular callers,” said Bosnell.

Even so, revenue generated is much lower. At the end of 2010, it had around 9 million paying users generating $8 a month on average. Again, it is the potential size of the cake that makes for some attractive opportunities.

“If Skype continues to grow as it has been and manages to keep its ARPU at the current level, then it will be gen-erating in the region of $2 billion a year by the start of 2016. If you work hard and manage to marry your in-ternet telephony service with a major mobile device manufacturer and solve any number of technical and regula-tory issues, the market could really explode,” concluded Bosnell. NWA

cording to Point Topic. At this stage in the development of a market, there are so many variables that forecast-ing models can easily be off by a significant margin. For example, an increasing number of subscribers are doing without a fixed line telephone service altogether, relying instead on mobile.

Bosnell added: “Given a number of assumptions, relatively consistent ARPU, regulatory easement, a cau-tious set of projections and so on, we expect the global fixed line VoIP market to be generating at least $40 billion a year in five years’ time.”

Point Topic’s analysis on VoIP has so far focused on fixed line services; however, Internet telephony, where services like Skype are active, is a more enigmatic market.

“It is highly fragmented and gener-ally served by companies who don’t or won’t report regular statistics and revenues. However, Skype, the mar-

Voice over IP (VoIP) now has over 120 million subscribers worldwide, according to the

latest analysis from Point Topic, and its growth looks set to accelerate as predictions indicate a $40 billion an-nual VoIP market by 2015.

Point Topic’s data revealed a glob-al growth in VoIP of 12.6% during 2010 and shows that there is plenty of headroom left for VoIP around the world.

“The growth of VoIP has been bumpy but shows signs of accelera-tion,” said John Bosnell, Senior Ana-lyst at Point Topic. “VoIP has all the hallmarks of a classic substitution commodity. This is where customers look at the service that is delivered by a new product and decide that it meets, or exceeds, the service they are currently receiving, and when it is appropriately priced, they will switch from one to the other.”

The whole broadband market and all its consumers are potential cus-tomers, and there is good evidence that consumers see VoIP as a supe-rior substitute for traditional PSTN calls.

“We expect there to be over three quarters of a billion fixed line broad-band subscribers by the end of 2015. In theory, all of them are targets for VoIP,” said Bosnell.

Any projections about the size and value of the VoIP market should be treated with caution however, ac-

VoIP market set to generate $40 billion a year by 2015

0911nwa.indd 5 31/08/2011 3:48 PM

network world asia • september / october 2011 www.networksasia.net6

trends&analysis

a high priority by 72% of respondents. The top initiatives included server vir-tualization and consolidation, policy implementation and cooling system redesign.

“With the global rise of energy pric-es and the looming threat of an en-ergy crisis, energy is becoming more than just expensive – it’s a liability,” said Benedict Soh, IT Business VP for Schneider Electric Singapore. “It’s important that government decision makers understand that the cost of not solving this problem is significantly higher than the solution. All govern-ment CIOs and ICT managers now realize that this cost burden is unsus-tainable for the country – it diminishes the funds available for investment in productivity, expansion of output, and ultimately affects their overall global competitiveness.” NWA

ability of electricity will have a sig-nificant impact on their data centre’s ability to support operations over the next 3 years, more than 70% were from developing countries – India, Bangladesh, Sri Lanka, Indonesia, Thailand, Vietnam, Philippines and Malaysia.

Representatives from the more de-veloped Asia Pacific countries polled – China, Taiwan, Hong Kong, Japan, Korea, New Zealand, Australia and Singapore – were less concerned with the supply of energy, noting that it may only affect a limited number of depart-ments or have a minimal impact.

A majority of governments (80%) recognize that the data center is a key focus area for reducing energy con-sumption. For building a new data center or expanding existing opera-tions, energy efficiency was considered

More than three quarters of Asia Pacific government CIOs and IT managers have

realized the need for a dedicated office to plan and execute an overall ICT sus-tainability strategy, according to a poll of 118 government CIOs and IT man-agers released by Schneider Electric IT Business.

Interestingly for IT vendors, 72% of the participants indicated that they include sustainability criteria in the evaluation and selection of ICT pur-chases. In exploring Asia Pacific’s at-titudes towards energy efficiency, the poll results underscore the importance of spreading awareness of energy man-agement amid the high environmental and financial costs of energy through-out this region.

Remarkably, of the 32% of respon-dents who said that cost and/or avail-

76% of Asia Pacific govts recognize need for ICT sustainability strategy

THE GLOBAL OPTICAL NETWORKING (ON) market put in a strong performance in the second quarter of 2011, climbing almost exactly halfway to its pre-recession peak, according to Ovum.

In its new market-share analysis, the independent analyst finds that spending by telecoms service provid-ers with ON vendors grew by 16% when compared with the first quarter of the year, and 17% when compared to the same quarter last year, to hit US$4.1 billion.

Moreover, annualized spending rose 8% compared with the second quarter of 2010, to reach US$15.3 bil-lion. Dana Cooperson, vice-president of Ovum’s network infrastructure practice, said: “This performance marks the second sequential quarter of annualized gains and puts the market almost exactly halfway back to its pre-recession peak of $16.6 billion, posted in the third quarter of 2008.”

Cooperson commented: “In North America, the market grew 18% when compared to the second quarter of 2010 to top $1 billion for the fourth straight quarter. Only Asia Pacific did not grow when compared to quarter two of 2010, with spending remaining at $1.4 billion.”

With regards to vendors, Huawei reclaimed the top rev-enue spot for the quarter, with $900 million and 22.7% share, beating its posting for the first quarter of 2011 by more than 60%. However, despite this, Huawei still suffered the biggest loss of the top ten vendors in the more important annualized share metric.

Meanwhile, its archrival ZTE, which was ranked third in terms of market share, had its best-ever quarter, reaching revenues of just over $500 million. This represented an annualized increase of 45% compared with the second quarter of 2010, and allowed ZTE to post the biggest annualized share gain among the top 10 vendors.

Strong performance in optical networking market

©2010 Check Point Software Technologies Ltd. All rights reserved. Check Point, the Check Point logo, and Check Point Endpoint Security Full Disk Encryption are trademarks or registered trademarks

of Check Point Software Technologies Ltd. or its affiliates.

Check Point DLP prevents data breaches before they occur

Did I just send that file tothe wrong person?

PREVENTdata loss

EDUCATEusers

ENFORCEdata policies

Have you ever accidentally sent an email to the wrong person or attached a document that wasn’t meant to be shared?

Check Point makes DLP work by combining technology and processes to move businesses from passive detection to

prevention, before data breaches occur.

Authorized Distributor

For more information, please contact M.Tech at (65) 6516 0088 or email:

sales@mtechpro.com

www.mtechpro.com

Ad_DLP_100520_FINAL1.indd 1 19/5/2011 10:16:12 AM0911nwa.indd 6 31/08/2011 3:48 PM

www.networksasia.net 2011 september / october • network world asia 7

©2010 Check Point Software Technologies Ltd. All rights reserved. Check Point, the Check Point logo, and Check Point Endpoint Security Full Disk Encryption are trademarks or registered trademarks

of Check Point Software Technologies Ltd. or its affiliates.

Check Point DLP prevents data breaches before they occur

Did I just send that file tothe wrong person?

PREVENTdata loss

EDUCATEusers

ENFORCEdata policies

Have you ever accidentally sent an email to the wrong person or attached a document that wasn’t meant to be shared?

Check Point makes DLP work by combining technology and processes to move businesses from passive detection to

prevention, before data breaches occur.

Authorized Distributor

For more information, please contact M.Tech at (65) 6516 0088 or email:

sales@mtechpro.com

www.mtechpro.com

Ad_DLP_100520_FINAL1.indd 1 19/5/2011 10:16:12 AM0911nwa.indd 7 31/08/2011 3:48 PM

network world asia • september / october 2011 www.networksasia.net8

adopted to achieve the end objective. “Customers should evaluate if the in-vestment is worthwhile,” Quah adds. “Organizations should also consider how best it can leverage the advances of IT infrastructure and cloud com-puting technology, to sharpen their competitive advantage rather than just improve operational functions per se.”

People and processesSo, look beyond issues pertaining to

cost or technology obsolescence. For instance, with cloud-based infrastruc-ture as a service (IaaS), organizations can ‘turn on’ additional resources to support seasonal peak loads and re-turn to normal capacity when these peaks are over.

But the full benefits of a new in-frastructure cannot be realized if the people and processes are not pre-pared for it.

“We’re probably not seeing as much wholesale infrastructure moving to the cloud as we have with software-as-a-service or storage-as-a-service or disaster recovery solutions,” says Julie Parrish, senior vice president of worldWide partner sales at NetApp. “Moving to the cloud is not all about cost but more a question of where’s you core competency and what’s the best way to get resiliency and flexibil-ity in your infrastructure.”

“The adoption of IaaS really de-pends on customers’ perception of se-curity, performance, availability and the type of workload they want to mi-grate to an IaaS model,” says Loh Ch-

Transformation by objectivesMore organizations are rethinking their IT infrastructures and evaluating alternatives to cope with surging amounts of data and the need to be more efficient and agile. By Khoo Boo Leong

DataCenterTheNew

Innovations like cloud computing and virtualization are hastening the transformation of data

centers from siloed infrastructures to shared infrastructures that are more efficient and flexible in addressing dynamic business requirements. And with every technology refresh in the data center, comes opportunities to introduce green technology and energy-efficient equipment that significantly reduce operational costs.

Even more remarkable, businesses can now decide to build, upgrade or buy their own data centers.

“Building a data center to support one’s own business needs is no longer a necessity as there are many options for organizations to host their busi-ness applications on purpose-built data centers,” says Quah Chin Yong,

vice president of Continuity & Opera-tions at CrimsonLogic Pte Ltd.

These options include utility mod-els, private data centers and even vir-tual private data centers. They offer sophisticated services like pay-per-use, virtual data center design and di-saster recovery (DR) services to host and manage business applications.

“When transforming the data cen-ter, organizations should consider deploying automation tools and standardized hardware and software products to mitigate the complexi-ties and operational costs of manag-ing heterogeneous networks and sys-tems,” Quah says.

The starting point for an organiza-tion facing such an array of options is to define “where it wants to go”. This determines the approach to be

0911nwa.indd 8 31/08/2011 3:48 PM

www.networksasia.net 2011 september / october • network world asia 9

ing Soo, NetApp’s country manager for Singapore.

Staff in the organization should be trained to handle new scenarios that have an impact across multiple appli-cations and focus more on predictive capacity planning and performance management.

“For instance, a runaway process in a shared infrastructure could poten-tially bring all the other applications in the infrastructure to a halt,” Quah says. “Capacity planning would also become more challenging, especially with [dynamic provisioning].”

Other areas to review include secu-rity policies and procedures against an increasing number of cyber threats and the whole value chain, recalibrat-ing the processes and staff skill sets to add value and ensure that the TCO makes sense.

Nonetheless, there are compelling events that make customers suddenly evaluate innovations like the cloud. An example is in the US where be-ginning with the FY2012 budget, the Office of Management and Budget re-quires that Federal agencies consider cloud computing as an alternative for new IT investments. For the FY2013 budget, the requirement will cover projects that include development, modernization, and enhancement as well as steady state operations, and in FY2014, the requirement will cov-er all projects.

“Another compelling event hap-pened in Japan with the earthquake and the tsunami which compromised the country’s energy supply,” says Parrish.

Consume off the cloudOne notable trend is that the se-

lection and decision-making process for cloud computing may differ from that for a major internal IT procure-ment. For example, non-IT staff can now subscribe to a web-based email application directly or self-provision applications, storage and even infra-structure by consuming off the cloud. “At NetApp, we use Salesforce.com,

an initiative of field operations, not IT,” Loh adds.

Balance performance and cost“ “Few production grid servers are

virtualized today, owing to the fact that there are multiple obstacles to virtualization implementation, fore-most among which include justifying the high upfront costs required to transition to a virtualized IT infra-structure despite the potential long-term savings,” says Dirk-Peter van Leeuwen, vice president and general manager of Red Hat Asia Pacific.

Red Hat offers an enterprise vir-tualization platform for servers and desktops via a subscription model. The solution offers comprehensive management functionality, including live migration, high availability, pow-er manager and system scheduler.

For larger organizations that need to run mission-critical business appli-cations and demand exceptional per-formance in software and hardware with a smaller footprint and scalabil-ity, an in-house unified computing platform would make sense.

“It takes less time to set up such platforms, as compared to platforms with mix and match standalone serv-ers,” says Quah. ”The difference could be between days to set up a unified platform and weeks or months to pro-vision for a mix and match platform. Furthermore, with a unified platform, organizations can benefit from the ease and convenience of maintenance by leveraging a single contact point for the support requirements. However, such systems are relatively expensive.

“On the other hand, blade systems, are appropriate for organizations that prefer to group generic applications together to leverage on resource shar-ing; hence, achieving a good balance of performance and cost. Blade sys-tems offer more flexibility in terms of the type of applications that can run on it. Nowadays, there is an increas-ing number of organizations running mission-critical applications in blade systems as well.”

“[Our solutions] are unified not just at the protocol level but all across our stack. It’s one of the things that makes them simple to manage,” says Par-rish of NetApp, which offers Cisco-validated storage solutions for secure multi-tenant unified computing sys-tems and the Flexpod architecture for data centers that integrates disparate compute, storage, and network com-ponents and scales to fit a variety of customer environments.

Simplify management“The storage infrastructure is com-

plex compared to a compute infrastruc-ture, with many types of workloads, data, compliance requirements, backup and retention compliance, disaster re-covery and so on,” Loh says. “The focus is really on managing all these in a sim-plified manner at lower risk.”

Therefore, as data centers consoli-date, virtualize or move to a shared in-frastructure, they must have end-to-end visibility and control to manage not only capital but also operational expenditures.

“Businesses need to make decisions faster to be competitive with reliable and accurate data,” says Traci Yar-brough, global director of product marketing at Emerson Network Pow-er. “Unfortunately, it’s everywhere — across the enterprise, layers, beyond the firewall, and in the cloud. Of late, we are also seeing the need to tap into and make sense of vast amounts of data from disparate sources, such as sensor data, servers, power equipment, cool-ing equipment, switches, storage, etc.”

To do this, data centers need in-frastructure management solutions to control components, including both IT and physical infrastructure, from a single console. “Performance is paramount in a data center; data virtualization must provide high-performance connectivity to all data, a powerful query engine, a Web ser-vices server, caching, and all the vari-ous optimizations one would expect from a data federation server,” says Yarbrough. NWA

0911nwa.indd 9 31/08/2011 3:48 PM

network world asia • september / october 2011 www.networksasia.net10

In the coming years, the flexibil-ity and cost alternatives provid-ed by new technologies such as

virtualization, internal and external cloud computing, and different types of cloud-based solutions will offer IT infrastructure and operations (I&O) professionals a choice of platforms for running an application or business service. This changes the scope of ca-pacity planning and consequently the process of planning capacities. Capac-ity planning is no longer just a process aimed at forecasting hardware needs; it’s the key to understanding and op-timizing the cost of running business services through platform selection.

The traditional capacity planning process was a four-phased affair. Step 1: Create a baseline to under-stand how your server, storage, or network infrastructure are used by capturing secondary indicators such as CPU load or global network traffic. Steps 2 and 3: Evaluate changes from new applications that are going to run on the infrastructure and the “drift” or workload due to increased activity in a given business services. Step 4: Analyze the data from the previous steps to forecast future in-frastructure requirements and decide how to satisfy these requirements.

The traditional approach is no lon-

ger acceptable because it is compo-nent- and not business service-orient-ed, it doesn’t take costs and value into consideration, and it doesn’t place enough emphasis on emerging data center costs and constraints.

The simple fact that a choice of placements exists for a given business service implies that we must consid-er all the elements that support the decision, especially from a cost and value standpoint, before making an informed decision on where a specific service should run.

The capacity planning of tomorrow supports internal as well as external choices, virtual as well as physical alternatives. Furthermore, the new capacity planning organization is no longer part of the I&O department — it has to be part of an overall manage-ment group reporting to the CIO.

To offer competitive IT services into the future, Forrester recommends that I&O professionals update today’s ca-pacity planning process with three new steps to account for cost-value analy-sis, governance, and global planning.

1. A cost-value analysis is added to evaluate where the service should be located

This is a decision support step with a foundation in activity-based cost-

ing (ABC), which takes all the real costs into consideration in its analy-sis. For example, a business process may have a critical value yet have a total capital and operating cost that is far superior to what it should, con-sidering the number of users or the frequency at which it is used. Such a service is a clear candidate for an al-ternative placement with a lower-cost overhead. Going forward, it’s critical for I&O professionals to understand the cost-value of business services, es-pecially as facilities and energy costs consume a more significant portion of total IT capital and operating costs.

2. A governance step keeps recommendations in line with overarching enterprise policies

This is a modifier that could over-ride the cost-value analysis. Gover-nance is needed to keep any decision in line with the enterprise policies regarding security, outsourcing, or audit and confidentiality. Thus, while a lower-cost solution such as public cloud computing may be more prof-itable for some low-volume applica-tions like personnel files, I&O profes-sionals have to include security and data privacy requirements in their platform selection, be it cloud-based or internal.

3. A global, ITIL-defined capacity plan becomes the end result

Unlike the old method, the new ca-pacity planning process concerns all technologies across the data center and is cross-referenced with critical business service and technology type. The new capacity planning process still has a network plan, a storage plan, a compute plan, and so on, but it also shows the relationship between these technology silos, facilities, and critical business services on a global scale. As a result, it is now aligned with the notion of business capacity management, service capacity man-agement, and technology capacity management found in ITIL.

for better data center capacity planningBy Jean-Pierre Garbani

DataCenterTheNew

3 steps

0911nwa.indd 10 31/08/2011 3:48 PM

www.networksasia.net 2011 september / october • network world asia 11

IT leaders place a lot of emphasis on the capital-saving benefits of cloud computing—but they’re missing the point. What’s important in cloud tech-nologies is that it gives IT a choice of de-livery platforms that didn’t exist before.

Software-as-a-service, infrastruc-ture-as-a-service, internal clouds, and

virtualized infrastructures offer a vari-ety of capabilities and costs. As with all choices, we need a rationale to exercise it — and this is what capacity planning is all about. Capacity planning will let IT leaders make the most of their cloud investments by understanding how much or how little they need to source

to deliver the quality-of-service expect-ed by the business users. NWA

Jean-Pierre Garbani is a vice president and principal analyst at Forrester Research, where he serves Infrastructure & Operation Professionals in predicting and quantifying IT disruptions.

Tip 1: Avoid over-sizing and enhance scalabilityOver-sizing is the single largest avoidable cost as-

sociated with typical data center infrastructure, which will also lead to and represent avoidable operating and maintenance costs, including costs on service contracts for equipment. Most of this excess cost can be recovered by implementing architecture that can continuously adapt to changing requirements or unpredictable demand in a cost-effective and high-availability manner, like data center power infrastructure with pre-engineered modular building blocks and scalable equipment installation. The pay-as-you-grow scalability, like that of APC by Schnei-der Electric’s InfraStruXure products, will fit in well with enterprises’ future growth plans avoiding over-sizing and excess costs.

Tip 2: Power and cooling capacity managementMost data center operators are unaware of the loading

and current power and cooling capability of their data centers, even at a total bulk level. The ability to measure and predict power and cooling capacity at the rack en-closure level is, therefore, required to ensure predictable performance and optimize use of the physical infrastruc-ture resources. Capacity management processes, such

as performance monitoring, workload monitoring, and supply and demand forecasting are vital. Moreover, the bi-directional interaction between change management and capacity management should also not be overlooked, as change management is highly dependent on capacity management information to predict the impact of pro-posed changes to the data center operation.

Tip 3: Enhance operational efficiency by effec-tive data center management

Energy cost and operational efficiency can be saved and obtained by better physical infrastructure plan-ning, minor system reconfiguration, and small process changes, through making use of data center manage-ment software. New management software planning and implementation tools improve IT room allocation of power and cooling (planning), provide rapid impact analysis when a portion of the IT room ails (operations), and leverage historical data to improve future IT room performance (analysis), which help optimize data center infrastructure.

Jonathan Chiu is APC by Schneider Electric’s general manager for Hong Kong & Macau.

DATA GROWTH IS IDENTIFIED as the biggest data center in-frastructure challenge for large enterprises, according to a sur-vey by Gartner. Aligning IT ca-pabilities with business needs, data growth and energy effi-ciency is a top-of-mind concern for enterprises. A more holistic planning and management ap-proach is highly recommended to bring about greater energy efficiency and cost effective-ness. Here are three general tips for enterprises to optimize data center infrastructure:

How to optimize your infrastructure By Jonathan Chiu

0911nwa.indd 11 31/08/2011 3:48 PM

network world asia • september / october 2011 www.networksasia.net12coverstory

of Layer 4 to 7 processing at any point in an application’s workflow. Support for virtual networks is important be-cause data centers are increasingly multi-tenant and have complex re-quirements for application security, performance, and reliability. Virtual networks provide the basic tools to allow resources to be partitioned and yet allow them to communicate se-curely when necessary.

Modular distributed imple-mentation that is highly reliable and scalable: A fabric network is built using a set of modular hardware and software components that are distributed and federated. A modular implementation where the modules are kept independent through the use of physical or logical separation has two important benefits. The first is that failures in either the hardware or soft-ware cannot compromise the entire system. The second is that it becomes possible to increase or decrease the size of the system while it is running.

Single logical device: Despite its distributed implementation, a fabric network acts as a single logical packet switching device. This characteristic is important because it provides the simplest possible model for the net-work from a data center administra-tor’s standpoint. It permits orchestra-tion and management applications to be as simple as possible. NWA

Raghu Subramanian is the Asia Pacific CTO of Juniper Networks.

A revolutionary breakthrough in data center networkingThe world has bet big on robust data centers that are the backbone of communication

and commerce for billions of people and trillions of transactions every day. By Raghu Subramanian

DataCenterTheNew

As the demands placed on data centers expand at an exponen-tial rate and are now beyond

what the current architectural ap-proach can support, fabric solutions have become a way out of this difficult reality. Here’s why:

Any-to-any connectivity with fairness and full non-blocking: The ability of a set of interfaces to send and receive packets to and from any other set with no restrictions or preplanning is critical to pooling the computing and storage resources in a data center. This “flat” connectivity simplifies the writing of applications since there is no need to worry about the performance hierarchy of commu-nication paths inside the data center or the “affinity” of application compo-nents to provide good performance.

Low latency and jitter: A fabric network has interface-to-interface la-tency on the order of 2 microseconds at a small scale growing slowly to about 10 microseconds at the largest scale. Low latency in a fabric network is critical to high performance, espe-cially for modern applications where the ratio of communication to com-putation is relatively high compared to legacy applications. For example, financial applications are especially sensitive to latency. High latency translates directly to lower perfor-mance because applications stall when they are waiting for a response over the interconnect.

No packet drops under

congestion: The ability to not drop packets when congestion occurs is critical to efficiently transport “bursty” server to disk traffic. Most applications assume that reads and writes to disk will succeed with very high probability. Packet drops due to congestion breaks this assumption and forces the application to handle packet loss as an error, resulting in a drastic reduction in performance. In a fabric network, the no-drop property is provided by not harming “innocent bystanders” — interfaces whose traffic is not destined to congested interfaces. This property is key to supporting multi-tenancy and multiple applications within a tenant.

Linear cost and power scaling: The cost and power consumption of a fabric network increases linearly with the number of interfaces. This is in sharp contrast to traditional ap-proaches where both cost and power increase much faster than linearly. Since each interface requires some forwarding hardware, it is easy to see that the cost and power of a fabric must increase at least linearly with the number of interfaces. This is high-ly desirable from both a CAPEX and an OPEX standpoint.

Support of virtual networks and services: A fabric network im-plements virtual Layer 2 and Layer 3 networks to support multiple tenants that run multi-tier applications. Com-plex security and services require-ments are supported by the insertion

0911nwa.indd 12 31/08/2011 3:48 PM

www.networksasia.net 2011 september / october • network world asia 13

Google has invested more than US$780 million in clean, wind energy generation as

part of its efforts to accelerate the de-ployment of over 1.7 GWs of clean re-newable energy.

Facebook has completed one half of a 300,000 square-foot data center in Oregon, US. It features rainwater reclamation, a solar energy installa-tion to provide electricity to the office areas and reuse of heat created by the servers to heat office space. Colder air from the outside will cool the facility 60% to 70% of the year while a low-energy evaporative cooling system that taps on the low humidity climate of Central Oregon’s high desert is used the rest of the year.

So, it is conceivable that renew-able energy sources like wind farms and solar panels will be reliable and affordable enough to power mission-critical data center applications one day. For now, energy efficiency will be critical in helping data centers grapple with tight operating budgets, rocketing data growth and rising en-ergy costs.

After years of surviving periodic upgrades and technological refreshes, data centers with rigid, traditional designs, especially for power and cooling, can no longer cope with the requirements of new technologies, such as virtualization and blade serv-er technologies, which drive up com-pute, storage and network resource densities in the data center.

The energy dilemma is a complex problem that must be addressed by a holistic strategy that integrates power, cooling, racks, security and manage-

ment. Such a strategy should be scal-able, flexible and adaptable enough to meet changing business requirements and future expansion through modu-lar and phased implementation.

Follow the loadIdeally, data centers should be able

to follow the IT load with conservative build-out of capacity on day one and then staying close to the load – scal-ing up or down as needed. This is the key to achieving low power usage ef-ficiency (PUE) and TCO, says Sieg-fried Drexler, the Asia Pacific and Ja-pan enterprise business development manager (BDM) of APC by Schneider Electric’s Infrastruxure Solutions Portfolio.

“Full build-out is the dream situa-tion but that means IT load is at 100% capacity and one has to build a new

data center,” says Drexler. “In most cases, you don’t see this at all, espe-cially at a large data center. As the data center environment is dynamic, if the UPS is not scalable and not adaptable to business requirements, the PUE would be poor.”

But data centers would have a high-er likelihood of following the IT load if they have a complete set of reliable metrics in the first place to measure the load and the supplied power for it.

Minding each other’s businessThat would allow companies to op-

timize availability of power by balanc-ing safety margins and risk tolerance to conserve energy and cut costs.

Such a strategy demands both IT and facilities departments to under-

Green data centers in the wind By Khoo Boo Leong

DataCenterTheNew

continued on page 14

Cisco’s new green data center features a UPS room that uses energy-efficient rotary flywheels, instead of hundreds of environmentally challenging batteries.

0911nwa.indd 13 31/08/2011 3:48 PM

network world asia • september / october 2011 www.networksasia.net14

continued from page 13

stand each other’s concerns and align their approaches to planning an ener-gy-efficient and green infrastructure. “We’re integrating different metrics [to provide an integrated and multi-faceted view of all the mission-critical physical systems of the data center] for the IT manager, the facilities man-ager and the CFO or CIO,” says Pat-tabhi Rajan, enteprise BDM of man-agement systems and racks for Asia Pacific and Japan at APC by Schnei-der Electric.

“In large enterprises, especially in the telco space, the real estate and fa-cilities people continue to look after the physical buildings while the tech-nical facilities people who look after power and cooling are now moved un-der the CTO,” says David Blumanis, vice president of regional data center solutions for APC by Schneider Elec-tric, Asia Pacific & Japan.

“[Our StruxureWare for Data Cen-tres management software suite] hooks into the facility management system as well as the [IT infrastruc-ture] system,” says Blumanis. This enables the data center manager to access and manage the IT room, building electrical power and power quality, facility and data center cool-ing, and physical security.

If it ain’t broke, fix itFor a more holistic and sustainable

strategy, CIOs should also explore practices such as procuring and pro-visioning refurbished servers, extend-ing the life cycle of hardware and equipment, as well as optimizing the IT infrastructure.

“By not fundamentally understand-ing and addressing the need to imple-ment green solutions in every envi-ronment within the IT infrastructure, from servers to storage to data cen-ters, many CIOs overlook the green advantages and value they can real-ize,” says Dato’ Praba Thiagarajah, the CEO and founder of Basis Bay, a Malaysia-based technology solutions company.

For instance, the use of refurbished servers, especially mid-range Unix and mainframe-class machines, help companies to circumvent “the prob-

ability of failure with a brand new ma-chine at the initial phase,” says Siva Gunesparan, manager of enterprise system at Basis Bay.

“There are many classes of pre-owned machines,” says Gunesparan. “For example, a customer buys a new machine. If the machine to be replaced is in the optimal age of be-tween 1 and 5 years, we’ll [buy it] and make necessary configuration chang-es to optimize it and offer it to the next client.” Refurbished machines could also be sourced from demo units, customers’ wrong orders, ex-cess vendor inventory, or lease re-turns from customers.

“Our engineers can spec up an older machine to outperform a brand new machine but at a fraction of its price,” Gunesparan adds. What its in-house engineers can do on pre-owned equipment, they can also do to main-tain and prolong the lifecycle of en-terprise hardware. “You can use your hardware as long as you want and as long as you’re still happy [with the performance],” says Gunesparan.

Ultimately, this is as much about

reducing unnecessary costs and over-heads as it is about reducing waste and protecting the environment. As Gunesparan puts it, “If everyone keeps buying new machines, there’ll be a high consumption of power to produce and deliver them and [more] machines will get dumped and cause pollution.”

Cloudy and brightEarly this year, Cisco Systems Inc.

unveiled its green data center in Tex-as, US. The facility combines environ-ment-friendly facility design, green approaches to power and cooling, and an architectural approach optimized for virtualization and cloud comput-ing, with the aim of delivering “every-thing as a service.”

The data center is paired with a second data center facility in Texas to form a virtualized, dynamic IT servic-es cloud, also serving as backup sites for one another. Eventually, three such pairs of production data centers worldwide will serve as the building blocks for Cisco’s private cloud. From this cloud, Cisco will deliver IT servic-es like video, mobility, security, and collaboration, while reducing costs for hardware, real estate, power/cooling, and operations.

The technology that runs the data center also contributes to a greener environment. For example, a uni-fied fabric in the data center unites storage and data traffic, reducing the number of switches, adapters and ca-bling required. Fewer cables trans-late to increased air circulation so the equipment runs cooler and more efficiently.

Other highlights of Cisco’s green data center include the use of filtered, outside cool air instead of mechanical chilling 65 percent of the time, saving the company an expected $600,000 per year in cooling costs; the use of energy-efficient rotary flywheels in the UPS room; and for a start, it has solar cells on the roof to generate 100 kilowatts of power for the office spac-es in the building. NWA

Data centers should be able to follow the IT load with

conservative build-out of capacity on day one and then staying

close to the load – scaling up or down as needed. This is the

key to achieving low PUE and TCO.

Siegfried Drexler, Enterprise BDM, Infrastruxure Solutions

APC by Schneider Electric

DataCenterTheNew

0911nwa.indd 14 31/08/2011 3:48 PM

www.networksasia.net 2011 september / october • network world asia 15

Belden knows your data center is much more thana space that simply houses servers and networkequipment.

Fueled by e-commerce and the IP world we live in today, thedata center has become the most critical asset and investment fornearly every organization.

It is truly the operations center of your business, housing all the mission-critical applications, equipment and systems you need to enable everytransaction, communication and task, providing the links to customers, businesspartners and vendors around the world and even controlling building environmental,security and life safety systems.

Belden®, Your Data Center Partner

For more information: datacentre@beldenapac.comwww.beldenapac.com • www.belden.com

Singapore27 International Business Park

#05-01 iQuest@IBPSingapore 609924

Tel: +65 6879 9800 Fax: +65 6564 9602

India16th Floor, Tower B

Unitech Cyberpark Sector 39Gurgaon Haryana, 122001

Tel: (91) 124 450 9999 Fax: (91) 124 450 9900

AustraliaLevel 1, 810 Pacific Highway

Gordon,NSW 2072Tel: +1800 50075 (Toll Free)

Fax: (612) 9499 8756

ChinaUnit 1301, No. 19 Building

1515 Gu Mei RoadCaohejing High Tech Park, ZIP 200233

Tel: (8621) 5445 2388 Fax: (8621) 5445 2366 / 77

Belden® RedefinesData Centers

Belden DC (26.5.11) Ad Option5B_Layout 1 26/5/11 10:54 AM Page 1

3. ‘Rightsizing’ UPS to match critical load

Suppose transaction traffic growth increases the load from 120 to 150kVA. Slotting another 40kVA module into a spare rack location will restore the system’s N+1 redundancy status, with-out interrupting power to the load. The UPS remains ‘rightsized’. Further growth in load demand can be accom-modated by modular increments of the UPS system capacity.

By contrast, adding another 120 kVA standalone unit means having to find more floor space, laying more cabling and carrying out a nontrivial installa-tion exercise.

In essence, modular UPS topology provides secure power, uses less en-ergy, generates less CO2, and is flex-ible to adapt to changing critical load demands – all attractive propositions to today’s data center operators. NWA

Tan Yu Ming is general manager of Kohler Uninterruptible Power.

Green power tips for today’s data centersBy Tan Yu Ming

DataCenterTheNew

With data centers running on guaranteed 24/7 availabil-ity, operators understand

the vital role that Uninterruptible Power Supply (UPS) plays in support-ing the critical load. Here are some power tips to help data center opera-tors stay green.

1. Reduce physical UPS footprintSuppose a data center has a load re-

quirement of 120 kVA and runs on a redundant UPS configuration to sup-port its critical load. Such a require-ment could be fulfilled by two 120 kVA standalone UPS cabinets sharing the load.

Alternatively, a single rack con-taining four modular rack-mounting 40kVA UPSs can be installed. This is also a redundant system, because if a single 40kVA module fails, the re-maining three modules together have

enough capacity to drive the critical load.

A modular UPS topology shrinks a 120 kVA system footprint from 0.71m2 to 0.53m2, while the weight reduces from 860kg to 370kg. The critical load demand is met by a number of smaller UPSs operating in parallel rather than one large monolithic unit.

2. Improve UPS running efficiency

Each UPS unit in the standalone ex-ample supplies half the load, 60kVA, during normal operation, so it’s 50% loaded. By contrast, each 40 kVA mod-ule is more heavily loaded at 75% of its capacity. Because UPS efficiency in-creases with loading, the modular units run with 96% efficiency compared with 91% for the standalone units. This improved efficiency not only reduces direct energy cost; it brings further savings through reduced cooling costs and carbon emissions.

0911nwa.indd 15 31/08/2011 3:48 PM

network world asia • september / october 2011 www.networksasia.net16

trol energy costs. For example, APC by Schneider Electric’s InfraStruxure Management Software Portfolio allow enterprises to have real time monitor-ing to ensure the highest availability, healthy operations, and greater effi-ciency. Also, enterprises can improve data center efficiency by taking refer-ence from PUE reports generated by the software. The functions of the soft-ware range from environmental moni-toring, and security to energy efficien-cy calculations and more, for planning, operation and analysis:

• Planning: e.g. display visually the impact of intending moves and changes in the data center, generate recommended instal-lation locations for rack-mount IT equipment and cooling solu-tions to maximize energy effi-ciency etc.

• Operation: e.g. generate real time PUE value, identify excess capacity etc.

• Analysis: e.g. leverage historical data to improve future IT room performance, with energy usage reports

In response to dynamic data growth and future business needs, enterprises should keep pace with the most up-dated technology trends as well as maintain regular analysis schedules and evaluations of the cost-and-energy efficiency of data centers for a greener operation.

Jonathan Chiu is APC by Schneider Electric’s general manager for Hong Kong & Macau.

Enterprise cloud services

– the green agendaBy Jonathan Chiu

DataCenterTheNew

Cloud computing was highlight-ed as a top strategic technology area for 2011 by Gartner. This

trend is making the traditional data center increasingly complex with its greater amount of mission-critical in-formation and the demand for remote management capability.

While power, cooling and cost control remain top concerns in the data center, new questions including Green IT, energy efficiency and PUE, et cetera, are highlighting the need for a new, business orientation to the management of data center physical infrastructure. Indeed, a more ener-gy efficient and reliable data center management approach is needed to help enterprises reduce operational costs and energy consumption, and, at the same time, build the green brand image.

Protect the “power” without over-sizing

Given that all data is “stored” at a “single point” when employing cloud computing, availability and redundan-cy of power solutions are a top priority to the enterprises. In many cases, en-terprises deploy an oversized uninter-ruptible power supply (UPS) system to avoid downtime or for safety reasons, but that is less efficient, requiring sub-stantially more energy and cost to run, as well as producing a larger carbon footprint. Optimizing existing data centers, even in the data center plan-ning process, is definitely one of the ways to address the issues.

Enterprises can also achieve data

center optimization by implementing a scalable architecture that can adapt to changing requirements or unpre-dictable demand in a cost-effective and high availability manner. More-over, deployment of solutions with redundant power supplies and green features can provide the necessary re-dundancy to prevent downtime from a single failure within the power distri-bution system, like APC by Schneider Electric’s Symmetra PX, by providing high levels of availability and manage-ability with great energy efficiency. A special note to enterprises on cooling infrastructure is that row-based cool-ing with better air flow management is recommended to reduce energy wast-age and overcooling, bringing into play greener data centers.

Green data centers with proactive remote management

Greater visibility means greater availability and efficiency. Legacy re-porting systems designed to support traditional data centers are no longer adequate for new “agile” data centers, particularly in this world of growing virtualization and cloud-computing with constant capacity changes and dynamic loads that need to be man-aged. Enterprises require software that allows them to plan, operate at low cost, and analyze operations for enabling workflow improvement and energy efficiency.

Holistic management capabilities available today can enable enterprises to utilize IT assets more effectively and maximize their capacity to con-

NWA

0911nwa.indd 16 31/08/2011 3:48 PM

www.networksasia.net 2011 september / october • network world asia 17

0911nwa.indd 17 31/08/2011 3:48 PM

network world asia • september / october 2011 www.networksasia.net18

techtips

ternally and externally from multiple suppliers. This prompts companies to rethink their approach to security. You cannot deny access to everyone; rather, you must let the right people access the specific data they need – and no more. IT must now actively control the use of services to prevent any out-of-the-ordinary activities.

5) Start with an exit strategyBy having to rely on external pro-

viders, the threat of vendor lock-in is real. The impact of a breakdown or contract termination of externally provided services is much more im-mediate to the business. Having a “Plan B” – one that enables you to switch suppliers within a reasonable timeframe – should be part of how you architect your cloud services and your contracts. Standards are emerg-ing in this area, but in the meantime, automation capabilities of vendor-neutral management tools can help enable such cost-conscious exit strat-egies.

How fast?The appropriate speed for jumping

into cloud computing depends on the culture and current state of your or-ganization. Realistically, you aren’t going to be in the cloud tomorrow. Pushing the accelerator hard might not be everyone’s cup of tea, but using these five simple guidelines to adopt the cloud at a comfortable pace for your organization will ensure you do not get left behind. NWA

Anna Gong is vice-president for Cloud, Virtualization and Service Automation in Asia Pacific at CA Technologies.

quirements). Then, map the goals and constraints to existing IT services and your cloud-based opportunities. A portfolio approach helps you identify which services could be moved to the cloud and deliver cost savings and agil-ity to the business, helping you pick the “low-hanging fruit” that makes the most sense in the cloud.

Use this as a method for continu-ous evaluation and improvement; IT portfolio planning is not a one-off ex-ercise.

3) Make service costing a core competency

Most organizations are looking to gain cost efficiencies with cloud com-puting, more than just moving capital expenditures to operational expendi-tures. Whether a service is provided in-house, composed of sourced com-ponents, or delivered completely as a service, it is essential to understand the exact cost characteristics of each service (not just the IT functions) and the impact on the overall cost of do-ing business. This helps IT prepare itself for business-level conversa-tions: Can they deliver services at an optimal cost, and if not, can they sug-gest a viable alternative? Increasing transparency in the cost of IT services will give you insight into areas to cost optimize, but also drive useful discus-sions about accountability, agility, availability and security.

4) Treat security as a serviceSecurity concerns are consistently

cited as a barrier to cloud computing. The cloud model requires an organi-zation to dynamically control access of a variety of users across a changing portfolio of applications running in-

Most IT organizations are ex-perimenting with the cloud in one form or another.

Here are five simple guidelines to help keep your feet planted firmly on the ground as you get started with cloud computing:

1) Design IT as a supply chainThink of IT as a supply chain that’s

focused on delivering service: You’ll source some applications from your internal IT systems and others from external service providers. Much like a car factory that uses multiple sup-pliers, you should alter that balance based on your business requirements. Although deceivably simple, this ap-proach will help to change the way the IT organization thinks and acts and how other departments perceive IT. Supply chain thinking allows you to both buy and build. A good rule of thumb in setting your IT supply chain strategy is the “lean” mantra: Only do what adds value to your customers and remove any steps/activities/pro-cesses that don’t add value or aren’t legally required.

2) Use a portfolio approach for deciding what to move to the cloud

Implementing a cloud is as much about ‘what to do’ as ‘how to do it.’ Treat decisions about what to move to the cloud as an IT portfolio plan-ning exercise. Begin with the strategic goals of your organization in mind, which may vary from becoming cus-tomer-focused to launching products in emerging markets to reducing costs. Next, match the goals to business or market constraints (e.g., legislation, resources, geography or financial re-

5 simple rules for moving to the cloudBy Anna Gong

IntroducingAsiaD: All Things Digital AsiaD is the inaugural expansion of D: All Things Digital on a global stage. Just like its predecessor, AsiaD will feature Walt Mossberg and Kara Swisher and their unyielding brand of live journalism as they take a close look at the infl uencers and innovations shaping the digital revolution worldwide. With Hong Kong as the backdrop, AsiaD will take place October 19-21 and unite the leaders and visionaries from North America with the top players from across Asia –– all while showcasing the uncompromising D formula of unscripted, unrehearsed interviews and dialogue. Space is limited so we encourage you to reserve your attendance today. To register, please visit http://allthingsd.com/d/asiad/register/.

0911nwa.indd 18 31/08/2011 3:48 PM

www.networksasia.net 2011 september / october • network world asia 19

IntroducingAsiaD: All Things Digital AsiaD is the inaugural expansion of D: All Things Digital on a global stage. Just like its predecessor, AsiaD will feature Walt Mossberg and Kara Swisher and their unyielding brand of live journalism as they take a close look at the infl uencers and innovations shaping the digital revolution worldwide. With Hong Kong as the backdrop, AsiaD will take place October 19-21 and unite the leaders and visionaries from North America with the top players from across Asia –– all while showcasing the uncompromising D formula of unscripted, unrehearsed interviews and dialogue. Space is limited so we encourage you to reserve your attendance today. To register, please visit http://allthingsd.com/d/asiad/register/.

0911nwa.indd 19 31/08/2011 3:48 PM

network world asia • september / october 2011 www.networksasia.net20

techtips

multitude of in-house development sources, off-the-shelf solutions and bespoke vendor offerings – can be ag-gregated and supported simply and effectively. By leveraging the capabili-ties of SIP, a company can safeguard legacy investments while becoming more agile, efficient and customer-centric than even its newest competi-tors. Also important is the presence of video within UC, which can enable key business processes. These video solutions should be low-cost, low-bandwidth, high-definition and easy to initiate for maximum benefits.

In any UC deployment, there are certain pitfalls which can hamper ef-fective implementation. For example, some organizations find themselves changing mission-critical business processes to align with the functions and features that a UC platform can deliver rather than aligning the UC system with the manner in which the business operates and how users will tap on it.

Your company’s UC journey UC adoption is not a single solution

but a process. Without a clear under-standing of how UC benefits the entire user community, many of its inherent advantages may not be achieved.

While the upfront costs of UC sys-tems may appear manageable and within budget, many organizations do not use the full array of features avail-able on day one. However, they still may end up paying licensing costs for features they don’t use because of the way some manufacturers bundle soft-ware licensing in “all or none” pack-ages. Knowing the front-end costs (hardware, software, licensing) as well as the ongoing costs (administra-

The concept of unified communi-cations (UC) is one of simplifi-cation: The goal is to deliver a

consistent user experience, one that supports context-aware collabora-tion that is always-on. The new era of business communications gives em-ployees intuitive control over voice, video, presence, IM and social media in multi-vendor, multi modal environ-ments.

The result is a new user experience that’s far more powerful than any-thing you see today. UC is increasing-ly viewed as a valuable platform that can offer numerous benefits across your entire company. The technology is expected to play a key role in many organizations’ ongoing efforts to grow their business and improve profitabil-ity. The result, for the end user, is a far more organized and directed way of communicating with colleagues, partners and customers.

But, as often is the case in technol-ogy, simplifying things for users can lead to an increase in complexity for those providing the service. The drive to efficiently provide these services is deeply interconnected with the need for open standards and the ability to work across multiple platforms and link disparate elements – which are at different points in their internal evo-lution – into a coherent whole.

The broad use of the Session Initia-tion Protocol (SIP) is helping greatly in easing access to the platforms needed for UC to deliver real benefits. SIP is an open protocol. Open plat-forms lower the risk of adoption and increase the value of a technology. This means that a company’s existing business systems – often established over many years and comprising a

Successful UC implementation

Making smart business decisions quickly can be difficult, but connecting

the right people to solve issues in real-time should be both simple and cost-

effective. That is what a next-generation UC offering

can deliver. By Roy Wakim

0911nwa.indd 20 31/08/2011 3:48 PM

www.networksasia.net 2011 september / october • network world asia 21

tion, maintenance, service delivery) at the start of the process can go a long way towards understanding the bottom-line costs of a UC implemen-tation. The right vendor and partner combination will have services and solutions experts on hand to take an investing company through these in detail.

Those same experts can also focus on determining the return on invest-ment (ROI) for UC platforms. ROI can be found in Internet Protocol (IP) transport savings, reduced mobile phone charges, increased employee productivity and cost savings in-herent in a modern communica-tions platform. Some metrics are more difficult to measure than others, so organizations need to find those that make the most sense for their business. But investing in the right support services from day one of imple-mentation is critical to deliver-ing longer term savings.

Companies must focus on how IT will support the UC system af-ter implementation – something which many vendors fail even to mention during the sales cycle. Organizations with limited IT resources and users who are not technology savvy may quickly discover that their IT depart-ment is spending an inordinate amount of time answering ques-tions and teaching users how to navigate the system, all of which add to ownership costs. A variety of solutions exist – from managed ser-vices to in-house training – to ease the implementation process.

And it is important that compa-nies set expectations regarding what types of changes users and the busi-ness should see after the UC platform is rolled out. Providing user training is very important. Users who don’t know how to use the new tools will become frustrated, causing adoption to drop, complaints to rise and a less-than-ideal transition to the new UC system.

A lack of sponsorship is one of the

most important reasons why UC im-plementations have sometimes been perceived as failures. The technology may work flawlessly, costs stay well within budget, delivery may occur on time and as planned, and users may be ecstatic about the system’s new features, but if management doesn’t like the new platform or IT doesn’t support it, the overall perception can easily be that the project failed to de-liver the expected value to the busi-ness and its users. Ensuring buy-in from the top – and driving that mes-sage throughout the organization – is

critical to long-term success. This can be accomplished in three

phases.

Phase 1 - Extend current investments

Companies can leverage on their existing investments for a unified control point for UC and video, which will dramatically reduce the total cost of ownership.

Phase 2 - Deploy new capabilitiesThe new capabilities can be in the

form of applications and devices and endpoints. The end endeavor is to

improve productivity and overall cus-tomer experience.

Phase 3 - Transform your business

Technology and innovation are two words that form a pillar of social enterprise. Today, innovations de-cide the pace of a company’s growth. Hence, it becomes critical to rapidly create and deploy new services while incorporating multi-modal communi-cations. The key is to leverage collab-oration as a competitive advantage.

Keys to successful implementation

Before selecting and deploying a UC system of any size, reach out to professional service providers for best-in-class support. Togeth-er, you can develop an in-depth deployment strategy, understand the level of interoperability with current infrastructure and how applications will be integrated with the UC platform. Organiza-tions must know how users and the business will operate the systems. It is imperative to take advantage of people who clearly understand the new technology, as well as current systems already in place, to reduce the chance of unexpected failures. Systems that seem too complex most likely are. If employees can’t understand the new platform, they won’t use it.

The most important key to suc-cessful implementation is to deploy the components in phases. Many UC implementations should be planned on at least a 12-18 month deployment cycle that occurs in stages.

No two UC implementations are the same and as such there is no single way to successfully deliver a UC plat-form. However, organizations can eliminate many of the risks typical to most UC implementations by follow-ing common-sense guidelines. NWA

Roy Wakim is director for SME Communications at Avaya Asia Pacific.

0911nwa.indd 21 31/08/2011 3:48 PM

network world asia • september / october 2011 www.networksasia.net22

ITE operates a comprehensive IT infrastructure to support the needs of its staff and 40,000 full- and part-time students. The IT systems team is tasked to maintain more than 100 servers, hosting single-sign-on Web portals, email, e-learning, student administration, finance and hu-man resource systems, and other function-specific systems.

Getting equippedSeah Hock Chee, ITE’s manager for

IT systems, was faced with a critical decision to manage two data centers from the headquarters while ensur-ing effective resource deployment. He could establish a duplicate team of system administrators to man-age the second site or have the ITE headquarters team to manage both data centers. After careful consider-ation, he decided to acquire Emerson Network Power’s Avocent manage-ability solutions to allow the existing team of IT administrators to manage servers at both locations.

ITE deployed the Avocent DSView 3 software management solution, com-bined with multiple DSR 4030, DSR 800 and DSR 1021 KVM switching systems.

Security benefitsAddressing data center security

is a priority for Seah. “External IT vendors and programmers some-times need to access our servers to install new application systems, and conduct testing and troubleshooting. With the Avocent IP-based solution in place, they can do the same work from outside the data center. This greatly reduces our exposure to risks of tampering or damage to our serv-ers,” he explained.

In addition to physical security, ITE gains from having logical secu-rity. With DSView 3 software, logical

grouping of servers and assignment of access rights are possible. Hence, the system administrators will be given access only to the systems under their charge.

Complete remote access and control

DSView 3 software, Virtual Media, is available on the DSR 4030 KVM switch. It enables ITE to map CD-ROMs and other storage media to a remote server to perform file trans-fers, application and OS patches, and CD-ROM diagnostics. Conducting these daily management tasks is now possible without constant trips to the physical servers.

“It is much more conducive to work outside the noise level of the data center enclosure,” said Tan

Choon Chiat, head of data centers at ITE. “Additionally, travel time is saved when the administrators do not need to physically access the data center to carry out tasks such as loading CDs or collecting log files for troubleshooting. We can then focus on diagnosing, solving remote site problems and keeping our serv-ers up and running.”

With an additional remote data center to manage, the need for se-cure and convenient file transfers is even more pressing. This was solved

by leveraging on the encryption op-tions available with the Virtual Media sessions. The encryption levels include DES, 3DES, 128-bit or no encryption. Data files are encrypted before transmission to ensure all file transfers are secure. This benefit can be achieved without having to load additional security software onto the target servers.

SavingsIn addition to saving time and

reducing physical travel, ITE also uses the Avocent IP-based solutions to save on server rack space. Having a console to locally manage multiple servers on each rack is no longer required. With DSView 3 centralized management software, ITE admin-istrators have a single interface that

gives them complete remote control of the attached multi-platform serv-ers. The multiple sets of peripherals (keyboard, monitor and mouse) that were used to manage the servers at the racks are a thing of the past.

“With Avocent solutions, we are able to manage both data centers by effectively leveraging on the existing skilled technical personnel at head-quarters,” Seah explained. “We now have secure access and control of all our local and remote servers directly from headquarters.”

Singapore school’s HQ gets secure access and control of data centers

casefile

SINCE ITS ESTABLISHMENT IN SINGAPORE on 1 April 1992, the Institute of Technical Education (ITE) has developed into an institution well known for its provision of pre-employment training to secondary school leavers, and continuing education and training to working adults.

Cast your votes now for the 2011 NetworkWorld Asia Reader’s Choice Product Excellence Awards. Tell us about the vendors and products which made the greatest impact on your organization in 2011.

Whether it’s an up-and-coming vendor or a long-established player, the readers of NetworkWorld Asia want to know which companies and technologies are leading the pack. Visit networksasia.net now and make your voice heard.

Submit your votes in 35 categories including:• Enterpriseservers• Storage/datamanagement• Datacenterinfrastructure• Unifiedcommunications• Next-generationfirewall• Structurednetworkcabling• Cloudsolutions• Server/networkoperatingsystem• andmore...

Let the voting begin!Quick – what’s the hottest technology of 2011? If you have an opinion, now’s the time to share your views.

Deadline for voting:

30 Sept. 2011Awards ceremony:

10 Nov. 2011

Sponsored by

READERS’ CHOICE

PR

ODUCT EXCELLENCE

2011

Sponsorship inquiries:Tan May Yee

+65 6395-4582mytan@questexasia.com

Vote now at:

www.networksasia.net

Hitachi Data Systems

nwa0911_hsead_RCA.indd 1 29/08/2011 3:51 PM0911nwa.indd 22 31/08/2011 3:48 PM

www.networksasia.net 2011 september / october • network world asia 23

Cast your votes now for the 2011 NetworkWorld Asia Reader’s Choice Product Excellence Awards. Tell us about the vendors and products which made the greatest impact on your organization in 2011.

Whether it’s an up-and-coming vendor or a long-established player, the readers of NetworkWorld Asia want to know which companies and technologies are leading the pack. Visit networksasia.net now and make your voice heard.

Submit your votes in 35 categories including:• Enterpriseservers• Storage/datamanagement• Datacenterinfrastructure• Unifiedcommunications• Next-generationfirewall• Structurednetworkcabling• Cloudsolutions• Server/networkoperatingsystem• andmore...

Let the voting begin!Quick – what’s the hottest technology of 2011? If you have an opinion, now’s the time to share your views.

Deadline for voting:

30 Sept. 2011Awards ceremony:

10 Nov. 2011

Sponsored by

READERS’ CHOICE

PR

ODUCT EXCELLENCE

2011

Sponsorship inquiries:Tan May Yee

+65 6395-4582mytan@questexasia.com

Vote now at:

www.networksasia.net

Hitachi Data Systems

nwa0911_hsead_RCA.indd 1 29/08/2011 3:51 PM0911nwa.indd 23 31/08/2011 3:48 PM

network world asia • september / october 2011 www.networksasia.net24

DATA CENTER OUTAGES are not uncommon, with regular recovery efforts focused on restoring business-critical applications. But the devastat-ing 9.2 magnitude earthquake that hit Japan in March proved rather unique from a disaster recovery per-spective due to the sheer magnitude of the quake and the large number of citizens impacted by the subsequent power outages in the country.

“The March quake marked the first time we’ve seen a huge disaster hit a technologically advanced nation that relies heavily on power and com-munications,” said Bruce Cowper, a group manager at Microsoft’s Trust-worthy Computing group, who added that Microsoft’s data center disaster recovery operations in Japan had to be shifted from a business-centered disaster recovery plan to one with a more humanitarian focus.

Communication became the first priority in the direct aftermath of the quake, particularly due to the break-down of mobile networks across the country. “People’s immediate needs were to let family and friends know they were fine, hence efforts were focused on keeping Hotmail and Mi-crosoft’s messenger services online,” he said.

BalancingMicrosoft’s data center in Japan lay

within the earthquake zone but was physically unaffected by the tsunami. However, the facility, which hosts Japan-localized versions of Microsoft services such as Hotmail, MSN and Bing, grappled with power and re-source issues caused by the disaster.

The need to keep communications services running was coupled with the challenge of scaling back on the volume of infrastructure running in

the data center due to the power shortages in the area. Cowper said the team needed a course of action that would lighten the load on local partners such as hard disk and server vendors. The Microsoft team decided to migrate data from its key commu-nications services out of Japan into data centers in the US, and gained permission from the Japanese gov-ernment to do so.

PrioritizingTime was spent determining the

priority for the migration queue, based on user accounts most re-cently used. The decision was made to migrate mailboxes immediately with their associated data coming in over the next few days, in order to reduce the impact on custom-ers. “We found there was no way we could perform real-time migra-tion with the impacted bandwidth; you’re talking petabytes of data coupled with limited bandwidth due to damaged submarine cables. With the mailbox migration being virtually instant, people could receive new mail, access their address books and use other communications programs such as Messenger pretty much without inter-ruption,” said Cowper.

The migration pro-cess first involved hav-ing a team in the US that performed remote monitoring of the data center’s operations right down to the point where services were shut down. Other Microsoft services frequently accessed by the lo-cal populace, such

as MSN Japan and Bing Japan, were kept within the country, as these services contained small amounts of data in real terms, said Cowper.

RecoveringTo further lessen strain on lo-

cal infrastructure, Microsoft did not aggressively push out non-critical Windows updates and launched a quiet rollout of IE9. Other Microsoft products such as Windows Azure, Exchange Online, SharePoint Online and Lync Online were offered free for 90 days to help businesses resume operations more quickly.

The events of March 11 marked the first time Microsoft was able to put a major disaster coordination plan to the test, said Cowper, who added a major lesson to be learnt was having to differentiate between business critical applications and what the people on the ground needed. “The hairiest moment was not triggering the data migration process but get-ting the initial information to decide what would be the right approach.”

Recovering Japan

casefile

Disaster recovery efforts at Microsoft deviated from the typical business focus while dealing with the aftermath of the Japan quake.

By Melissa Chua

0911nwa.indd 24 31/08/2011 3:48 PM

Advertorial

www.networksasia.net 2011 september / october • network world asia 25

Failing to prepare is preparing to fail. This famous axiom drives businesses to prepare for the hectic pace of busi-ness challenge by innovating and embracing leading-edge

trends. As a result of this preparedness, data backup and disaster recovery (BU/DR) strategies have had to evolve in preparedness level, too.

Preparedness is great. But BU/DR can get complex and cum-bersome. It is also an opportunity cost to other top-priority MIS objectives. Businesses have resorted to mixing and matching dif-ferent BU/DR strategies since no single all-purpose unifying solu-tion was available. But when preparedness meets opportunity, that is when good luck smiles upon harried IT professionals.

Opportunity costs If a radical solution was developed to provide the opportunity

to simplify and unify disparate backup and disaster recovery tasks, it would also come at a cost, right?

Not always true, say the data preservation experts at Acronis. Their latest edition of Backup & Recovery is trailblazing a new path in keeping BU/DR costs down and in tight rein. How? By finally allowing IT professionals the opportunity to unify and simplify control, while reining-in costs with a pay-as-they-use paradigm.

Simplicity is the ultimate sophistication Acronis Backup & Recovery 11, launched in June this year, is

the first product to unify both the data protection and recovery con-trol interfaces, at the data-centric and system-centric level. This simplification and unification cuts not only the heavy cost that run-ning separate solutions incurs, but also the time needed for recov-ery to full-scale operational readiness.

In answer to its own conclusions derived from launching the in-dustry’s first Global Disaster Recovery Index, Acronis’ latest flag-ship is one of the few to embrace BU/DR for physical, virtualized and Cloud platforms.

NetworkWorld Asia met up with Acronis’ chief brainiac of R&D, Alain Gentilhomme, to pick his brain regarding this latest opportunity for data preservation that Acronis aims to offer to harried CEOs and COOs. He convincingly paints a scenario of current Asian BU/DR trends where data preservation risks from global natural and man-made data disasters will coalesce with the rising prominence of Cloud and Virtualization adoption:

“Running separate solutions for data protection and disaster re-covery drive up costs and often, integration between technologies, even from the same vendor, pose unforeseen difficulties. With the unified platform of Acronis Backup & Recovery 11 allowing users to control their data wherever it is held—be that in a physical, vir-tual or a cloud world—we expect businesses to benefit from sim-plified data protection and management. Also, they will enjoy the flexibility to choose what they need when they need it.”

Pay as you go Alain added that, to walk the talk of being a leader in data

preservation innovations, Acronis has invested much brainpower into developing a huge but super cost-efficient data silo for cus-tomers.

“That is the secret why we can offer highly secure online data storage services at such low subcription rates. Best of all, this allows businesses to control how much they pay, by controlling how much online storage they use.” The resultant savings in time and money can be allocated toward other priorities, such as beef-ing up training in optimizing virtualized servers.

All in all, it seems that Acronis Backup & Recovery 11 is geared to offer a golden opportunity for MIS departments in SMBs to have all their current and imminent BU/DR bases covered. For sure, some short-term investments in time and money will be in-curred in implementing the product. However, the long-term intan-gible benefits in terms of cost control, ROI, risk optimization and overall IT resource management are obtrusively obvious.

What remains is for the truly prepared enterprise to tap this op-portunity to generate its own good luck.

Good luck happens when preparedness meets opportunity No matter how complex and expensive data backup and disaster recovery contingency plans can get, businesses still regard them with a healthy dose of respect. But can the cost of preparedness be mitigated by opportunity?

Alain Gentilhomme

0911nwa.indd 25 31/08/2011 3:48 PM

network world asia • september / october 2011 www.networksasia.net26

viewpoint

The risk of security breaches has reached a new and frightening level — from sophisticated tools in the hands of governments and organized crime alike to

spontaneous attacks harnessing the resources of thousands of loosely connected vigilantes.

Add to that the dizzying array of devices now used to access, move and store data, and security strategies that seemed airtight only a few years ago now look so much more like Swiss cheese.

Your first instinct might be to pull back from cloud com-puting, viewing it as inherently less secure than keeping data and applications locked into hardware. It’s an under-standable reaction — but one that couldn’t be more wrong. In fact, the cloud is now the safest place for your data.

Think about it: Data is lost when an organization loses control over it — how it’s stored, how it’s transmitted and what end users do with it. Clouds, and the virtualization technologies on which they run, give you back that control, from data center to delivery to the endpoint.

Deliver user experience, not vulnerable data A key tenet of security is making sure data doesn’t go

astray when it leaves the enterprise. What if it never leaves the enterprise at all? Desktop virtualization means that all data, applications and state remain centralized.

IT gains precise, granular control over applications and data; everything is encrypted at rest, using keys that never leave the data center. Meanwhile, full back-end automa-tion means less human involvement — and, as we all know, less human involvement means less chance of things going wrong.

A locked-down data center is all well and good, but mo-bility is also important in today’s global economy. Again, virtualization holds the key (no pun intended). Instead of data being mobile, it’s access itself that roams: because you can always log into your data and application state from any connected device, there’s never a reason to save anything to removable media (that so often fall into the wrong hands).

What about offline use? Any data delivered to the desktop cache remains encrypted at all times, and IT holds the keys. Lost laptop? Disgruntled employee? Hotel room theft? Not

Worried about your data? If you’re not, you’re kidding yourself. By Yaj Malik

to worry; the only thing you’ve lost control over is unusable gibberish.

Traditional endpoint security is deadIt’s no longer possible to detect attackers faster than

they can mutate, and managing antivirus protection guest-by-guest is not a scalable task. It’s also fundamentally in-compatible with virtualization, since we can’t have every endpoint in the organization trying to update a centralized attack file and index its virtual hard disk at the same time.

Now, what if we look on the flip side: We can’t be invul-nerable to attack — so what if we make attacks less relevant by ensuring that each endpoint is in its best possible state?

When a hypervisor is booted, one of the first things it does is check that it hasn’t been modified since it was last signed by its creator; the same applies for each virtual ma-chine. If it’s not — even if you don’t know whether, how, or by whom it’s been compromised — you can simply revert it to its pristine state.

After each login, each VM is returned to its original state, so attackers have no way to gain a foothold in your envi-ronment. This approach — essentially moving from black-listing to whitelisting — is a fundamental shift in endpoint security.

Deny DoS attackers Even the best data security can’t protect against a denial-

of-service attack. You know what can? Truly massive pe-rimeter control. But don’t start pouring your own concrete yet; why do you think people started keeping their money in a bank instead of at home? Because the bank has a better safe. And so does Amazon—as we’ve seen, even better than PayPal and Visa.

The largest cloud providers have defense resources far beyond anything you could match in your own data cen-ter—if you even wanted to try. But why would you?

Any way you look at it, it’s clear: The world may be get-ting more dangerous by the day — but the cloud is safer than ever. NWA

Yaj Malik is Vice-President for ASEAN at Citrix Systems.

The safest haven for data

0911nwa.indd 26 31/08/2011 3:48 PM

Special Report : Blue Coat Systems

www.networksasia.net 2011 september / october • network world asia 27

However, unless it is properly man-aged and monitored, social media can create major challenges for

corporate networks, such as slowing down business applications, impeding network performance and threatening new video and VoIP initiatives.

Jonathan Andresen, Director of Prod-uct Marketing for the Asia-Pacific at Blue Coat Systems, highlighted the importance of URL analysis and layered defense to IT security today against traditional deep packet inspection. He was speaking at a recent breakfast session in Singapore to discuss IT experiences and challenges re-lated to social media and social network-ing.

“Many organizations try to solve emerg-ing security threats with unified threat management or with one device that can do many things,” Andresen said. “We now need to have a purpose-built web security solution that can customize the Internet to what your business needs.”

Below are excerpts of the panel dis-cussion.

Risks of allowing social mediaSuresh: Users are asking for social media to interact with their customers and it can be beneficial for the business. However, users may be put at risk if they click on unknown links, for example, and get their computer infected. So, it indirectly in-creases the IT support task. David: One major risk is malware attacks like spear phishing. Another big risk is the sharing and exchange of information that could be sensitive [in relation to] business,

procedures, business partners, customer relationships or finance.

Managing the risksDavid: Getting on the social media band-wagon, there are risks you have to miti-gate. Security-wise, there are pros and cons in either outsourcing, putting in ap-pliances or getting your own people to [manage IT security. The latter] would be the most painful way. Suresh: Managing the public cloud with various Web sites and social media plat-forms is a challenge. We are reviewing proposals for managed services [because if we deploy] devices in every location, we have to maintain them and someone has to constantly monitor the logs. Even-tually, whoever wants to access the Inter-net will be certified or verified by man-aged services. Yong Chiang: We are still pondering over what kind of policies we want to adopt for social media and to what extent we want to control or allow it. Because of social media, many people are also subscribing to mobile broadband. So, even if the cor-porate network blocks them out, they can switch to their mobile phone. The granu-larity of [control provided by] security tools would help us to understand what can be done and formulate policies.Freddie: Most of us have more than one Facebook account or Twitter account; one for personal use and one for corporate use. Many a time, I would check my Facebook account on my smartphone instead of the office PC. How can we ensure that [corpo-rate] information is not leaked out on the

Mitigating the risks of embracing social media

Speaker and host: Jonathan Andresen, Director of Product Marketing, Asia-Pacific, Blue Coat Systems

Members of the discussion panel:

Social networking and Web 2.0 applications have become ubiquitous in today’s business computing environment.

personal account? We have to educate the users on the do’s and don’ts.

Risks of personal devicesSuresh: It is a challenge when users use their own devices to access sites that we block and there is also the risk of users losing their own tablets and smartphones. Also, these users will have to sync their mobile devices with their laptops [and that may invite the risk of malware]. David: Similarly, when a user cannot get through to their corporate wireless net-work, they just plug in their mobile de-vices to get Internet access. This requires a combination of [acceptable use] policies and educating the users. We remind users of the risks and even highlight case studies to create awareness.Jonathan: The beauty of security as a cloud

service is that IT can en-force policies to protect users wherever they are by running through the client connector running on their laptop, [iPhone or iPad]. It’ll be difficult to protect all the personal devices but you can have a stronger measure of protection for corporate-issued devices. We’ve not seen malware attack-ing smartphones like we see on PCs yet. NWA

Neo Yong Chiang, CIO, Office of Information Services, Republic Polytechnic

David A. Lim, COO and CIO, Asia Pacific Metals Refiner Pte Ltd

Suresh Kumar, Assistant IT Director, Asia Pacific Region, Agility Logistics Services Pte Ltd

Freddie Lee, Deputy Head, Technology, Clearing and Payment Services Pte Ltd

Victor Ng, SEA Bureau Chief, Network World Asia

Moderator:

www.networksasia.net 2011 september / october • network world asia 27

0911nwa.indd 27 31/08/2011 3:51 PM

network world asia • september / october 2011 www.networksasia.net28

and this can be used to access any blocked sites like social media, gam-ing, file-sharing, etc. Capt Azhar: The challenge in the Navy is that everyone now has access to communication devices and can com-municate freely with everyone else. So, maintaining security and band-width availability are issues we have to address.

Said: We are currently managing the use of social network platforms and improving vessel communication. Traditionally, vessels rely on satel-lite communication with no access to the Internet. Today, we have de-ployed Very Small Aperture Terminal (VSAT) on our vessels that enable Internet access. So, while we already have the security measures in place for our corporate network, this poses a new security challenge for us.

Social media and security risks

Charles: Even a couple of years ago, you don’t see Facebook or Twitter icons on most corporate websites. Now, almost every corporate site has them. The headache is how to main-tain it. It’s difficult to draw that line. You want to implement security but you also want to have some leeway on how technology is used. We need to put policies in place, have support from top management on how IT

network and more granular control of applications. Otherwise, can the IT department block users from using social networking applications? How significant is the human factor in the security of enterprise networks?Below are excerpts of the discussion:

Challenges

Dr Mubbashir: Most of our 8,000 plus staff members in KPJ Healthcare are well educated and a good number of them, including doctors, nurses, and allied health staff, use social media. Some of the doctors are interact-ing with their patients through their Facebook walls. But we find it hogs a lot of our network bandwidth.

Charles: Our Facebook page is one of the channels through which our mar-com team communicates with our hotel guests. We have separate net-works for hotel guests and staff and we do control bandwidth usage and monitor online user behavior. With three quarters of the organization on Facebook, [we don’t know how pro-ductive they are during work hours].

Dr Mubbashir: Another issue apart from the organization’s internal bandwidth is the bandwidth that em-ployees bring to the workplace. They could access the Internet via their mobile device’s broadband network

In its recent Application Usage and Risk Report, Palo Alto Net-works reported that “contrary

to popular opinion, social network-ing has not meant the death knell of webmail and instant messenger (IM). Compared with 12 months ago, IM traffic, as a percentage of overall traffic has more than doubled, while webmail and social networking in-creased nearly five times.”

The challenge for IT is that more than 40% of the 1,042 applications that was identified on enterprise net-works in the study can now use SSL or hop ports to increase their avail-ability within corporate networks and evade the controls of conventional security solutions. Nonetheless, the greater concern may not be security risks but the human factor.

At a roundtable discussion with a group of IT heads in Malaysia re-cently, Song Tang Yih, Vice President of Asia Pacific at Palo Alto Networks pointed out that email is no longer the main channel for phishing or malware attacks. Instead, cyber-criminals are taking advantage of the trust between friends on social networking sites. “Users will have a greater tendency to click a link sent by a friend and opening the door to malware attacks.”

To manage these risks, organiza-tions clearly need visibility of the ap-plications running on the corporate

SPECIALREPORT

Participants in Malaysia:

Andy Yew, Head of Information & Technology – Asia Pacific, Aveva Group

Dr Mubbashir Iftikhar, CIO, Information Technology Services, KPJ Healthcare Berhad

Said Isman, Service Delivery Manager – IS&T, BumiArmada

Managing the human factor in enterprise IT security

0911nwa.indd 28 31/08/2011 3:48 PM

www.networksasia.net 2011 september / october • network world asia 29

looks at it in terms of the whole com-pany operation and IT security. Of course, having the right equipment to monitor this is also crucial. Then again, if you have too many layers of security, you need [to manage your IT expenditure].

Jonathan: [Aligning IT with business], IT practitioners can submit data on what they see on the network and the risks involved. Based on the risk fac-tors presented, the business can then decide on the need [to allow use of social media or access to certain web-sites].

Eric: The Internet is just a tool to en-able the business. So, social media like Facebook, Youtube and even Skype are all allowed. We believe in enabling the staff and we have mech-anisms to inspect the applications being used. We can identify the top 200 users [based on their download-ed bytes and time they spend online]. So, there are policies and process checks to allow users to embrace so-cial network tools without compro-mising company resources.

Andy: [While] there are significant knowledge-based resources out there in the Internet, there are significant risks and dangers as well. We actu-ally approach it using a multi-prong approach of filtering, tracking as well

as educating the user. However, we must be clear that [IT’s goal is not to encourage users idling time away] on a social networking site. [From an organizational standpoint, we have to be careful not to remove access] to useful information along with access to the frivolous ones by blocking or banning websites like blogspot.com.

Bandwidth issues

Dr Mubbashir: We don’t allow Youtube because of bandwidth. But our doc-tors have valid reasons to use You-tube as it is the second most impor-tant search engine after Google. We certainly want to open up some of the capabilities of social media. The future is [about] open networks and improved security. For instance, one of our pediatricians has 3,000 plus fans on Facebook and he responds to important questions on healthcare from patients regularly. His Facebook page is his website. If he cannot ac-cess Facebook, he would do so using his own mobile gadget or laptop.

Song: Control also means more gran-ular management of such applica-tions, not just block or allow. For ex-ample, you allow only a certain group of doctors to access Youtube, the marketing department to access cer-tain social networking application, or the finance department to access

a relevant application. The second thing is that when a user accesses the Internet via the dongle on their own laptop, the laptop is exposed to secu-rity risks. That’s where the visibility and control help in managing the use of Facebook and other applications.

Said: One of the measures we have taken is bandwidth shaping. So, for social network apps, such as Youtube, we allot a low bandwidth. If more than one person tries to access You-tube, it’ll be very slow. For Facebook, we disable the apps. Users can update their status and upload their photos but they cannot launch the apps.

Mobile devices

Andy: Unfortunately, many consumer mobile gadgets are not ready for en-terprise use from a security perspec-tive. The functionality for applica-tions is there, but if a phone is stolen, not many of them allow, without third-party intervention, the ability to disable or remote wipe the data automatically [if the SIM card is re-moved]. Then, there is also the issue of the application stores popularized by Apple and Android. Of course, you can disable or enable the option, but [maintaining those phones may be overwhelming for IT if there are re-

Hosts Moderator

Eric Au Yong, Head – Communications, Enterprise Systems & Infrastructure, E-Genting Sdn Bhd

Song Tang Yih, Vice President, Asia Pacific, Palo Alto Networks

Charles Francis, Senior Manager, Group ICT, The Nomad Group

Jonathan Tan, Managing Director, Asean, Palo Alto Networks

Captain Azhar bin Saadon, IT Director, Royal Malaysian Navy

Victor Ng, SEA Bureau Chief, Network World Asia

continued on page 30

0911nwa.indd 29 31/08/2011 3:48 PM

network world asia • september / october 2011 www.networksasia.net30

continued from page 29

source constraints]. A combination of policies and tools are what’s needed, on top of user education.

Social engineering

Andy: We find that one of the biggest threats with easy access [to social net-works] is using social engineering as a vector to compromise a system. Short of blocking everything, the only solu-tion is user education, of which I’m a big advocate. [Regardless of how much protection you put on an OS,] malware has always stayed a step ahead of tra-ditional methods of threat protection. Is there actually a better way to stop people from clicking something they are not supposed to click?

Charles: I believe that when you are at work, you have no business going on Facebook to do your personal stuff. [And when anyone clicks on a mali-cious link,] IT has to spend time [ad-dressing these problems]. So, user education is important and we need policies to define guidelines for rep-rimanding staff if they misuse IT re-sources. On top of that, we should have proper security systems. We can also reduce bandwidth for applications be-ing used for personal purpose.

QoS and security

Andy: Quality of Service (QoS) allows us to place certain “controls” by con-straining bandwidth usage or how much data a user can consume within our network. Once a limit is reached, we’re able to quickly use monitor-ing tools to identify the offender and send the appropriate warnings. That usually deters them from doing so again. At the same time, it also helps us to identify whether or not the du-bious traffic was user initiated or a result of malware infection.

Jonathan: Users may receive an IM that is very low bandwidth. Even if you throttle your QoS to 1%, you can

still use IM. But when the user clicks on a suspicious link, that’s where security comes in. So, QoS does not guarantee security and also not an answer to safely enable the business. Then, how do you design your IT sys-tem? Ideally, your network should be self-regulated, provides visibility and has security measures in place.

Andy: We’ve found that many secu-rity tools are not preemptive enough. We also have had to balance between false positives stopping proper in-formation from getting through and

trying to secure the landscape. After all, we’re only as strong as our weak-est link. We invest in security tools but we currently would put a higher premium on logging and network sniffing tools that allow us to know what goes in and out of our network boundaries, in addition to traditional anti-malware/virus tools.

Open source tools

Jonathan: One pertinent notion is, “Have browser will travel.” You can download and install many things through the browser. So, I need visi-bility to validate whether the applica-tions being used are safe [before any infection occurs]. IT consumerization also means that users will bring ap-plications that they are familiar with in their personal life to work. For example, we’ve found IT savvy users installing the Ultrasurf proxy client.

This allows users to go to sites that you block.

Dr Mubbashir: It’s so easy nowadays. You can search on Youtube and find visual step-by-step guides on hack-ing, proxy clients and many others. Andy: Besides the issues of licensing compliance, there has been a gradual increase of “dubious” free tools that actually come packaged with malware inside. We do not operate a lock-down environment, thus the ability to quickly identify and contain these kinds of malware would be a boon.

Of course, user education or engage-ment along with IT policies also help.

DDoS attacks

Capt Azhar: How can we prevent dis-tributed denial-of-service attack (DDoS) attacks and what is the risk of a DDoS attacker taking advantage of the social network platform?

Jonathan: Most companies have de-ployed load balancers to handle DDoS. To a certain degree, our fire-wall has DDoS capability. However, if it is a high load DDOS attack, it’s a best practice to deploy a load bal-ancer in front of your network.

Victor: What can happen is that the user adds an application to his or her Facebook page that stealthily turns the user’s computer into part of a botnet. NWA

SPECIALREPORT borderless enterprise...Is your network secure?

New mobile devices have given your employees unprecedented access to enterprise applications and information. And they have also opened your network to the threat of new intrusions and potential data loss – changing the landscape for every business.

How you respond to this new environment will determine the future of your business. How do you maintain security while allowing real-time access to critical data? Check out the Secure Mobility channel on networksasia.net for insight on how to keep your network secure yet flexible enough to meet your users’ needs. Find insightful whitepapers, case studies and analysis on how others in your industry are building an intelligent architecture for the future.

Sign up for eNewsletters, whitepapers and more at:

security.networksasia.net

Th

e

NWA_SecurityAsia2011_ad.indd 1 25/05/2011 11:39 AM0911nwa.indd 30 31/08/2011 3:48 PM

www.networksasia.net 2011 september / october • network world asia 31

borderless enterprise...Is your network secure?

New mobile devices have given your employees unprecedented access to enterprise applications and information. And they have also opened your network to the threat of new intrusions and potential data loss – changing the landscape for every business.

How you respond to this new environment will determine the future of your business. How do you maintain security while allowing real-time access to critical data? Check out the Secure Mobility channel on networksasia.net for insight on how to keep your network secure yet flexible enough to meet your users’ needs. Find insightful whitepapers, case studies and analysis on how others in your industry are building an intelligent architecture for the future.

Sign up for eNewsletters, whitepapers and more at:

security.networksasia.net

Th

e

NWA_SecurityAsia2011_ad.indd 1 25/05/2011 11:39 AM0911nwa.indd 31 31/08/2011 3:48 PM

network world asia • september / october 2011 www.networksasia.net32

belongs to your organization.” Wholesale blocking of Web 2.0 ap-

plications is not the answer, as users would be bound to find methods to circumvent the IT department’s man-date, and it would be best to allow employees to access such applications. The IT department’s job would lie in finding the safest way possible for the continued use of social media.

Lucian Teo, CIO for Singapore’s Na-tional Population and Talent Division, a government arm, said his organiza-tion had opted to embrace social media in order to reach out to the community at large. “Social media has the potential to encourage nation-building, but our challenge lies with changing organiza-tional mindsets. It’s more a question of how we can safely open our network, rather than how to close it.”

Teo added that the level of communi-cation between users and the IT depart-ment was vital. “There’s no way to stop social media consumption among em-ployees in their 20s, but IT can use this tendency toward social media to help employees be better at their work and encourage loyalty. For example, you could empower your Gen-Y employees who are active on social media sites to spearhead official social media projects. Invest in their personal lives – engage them on their Facebook pages or Twit-ter streams – and they will reciprocate by championing your organization’s

with mounting regulatory require-ments and limited budgets.

Participants present hailed from or-ganizations with vastly different busi-ness goals, but all faced the challenges brought about by a workforce accus-tomed to using mobile devices. Hon-eywell’s director of global technology services in the Asia Pacific, K C Chong, said his organization viewed the role of security as that of a business enabler, due to the availability of various secu-rity and surveillance solutions in the company’s portfolio.

Chong was of the opinion that orga-nizations should aim to enable the use of mobile devices to promote business growth, although the line between corporate and personal devices and content had become increasingly hard to define. Honeywell, despite its busi-ness dealings with bodies requiring stringent confidentiality, such as the United States government, allowed us-ers to bring their own mobile devices in order to satisfy end users’ needs.

Open collaborationThe path forward for enterprises lay

in progressing from a highly controlled IT environment to one that was more open and collaborative, said John McCormack, president of Websense. “Companies could be competitors one day and partners the next, and it’s now hard to draw boundaries around what

The permeation of social network-ing applications into the enter-prise environment has occurred

at a rate that many IT departments were unprepared for. To block such applica-tions wholesale could do the company a disservice due to the ability of Web 2.0 to enhance communication, interaction, and productivity; but to leave the net-work open to social media could result in an abundance of threats to corporate and network security.

The proliferation of user-owned mobile devices into the enterprise environment has likewise left IT in a conundrum. Would it be best to allow all devices onto the network, or bar all machines at the risk of compromising productivity? Forming the ideal mo-bile devices policy while taking secu-rity into account was often easier said than done.

Content, be it in the form of mobile, wireless, Internet, video or multimedia data, has become the lifeblood of enter-prises, but the conditions for protecting it have become harder to define. Eight IT heads hence gathered at a breakfast to debate the best forms of governance and accountability for the enterprise in an age where the classification of cre-ator, consumer and communicator of such content has been blurred. An age where enterprises face unprecedented challenges due to the growing speed and sophistication of threats coupled

SPECIALREPORT

Eight IT heads debate how companies can leverage social media and user-owned mobile devices to drive the business forward.

By Melissa Chua

Securing the social enterprise

0911nwa.indd 32 31/08/2011 5:18 PM

www.networksasia.net 2011 september / october • network world asia 33

cause, knowing that you are not trying to change their lifestyle, but helping them be better at what they do.”

Despite several organizations’ will-ingness to harness social media to raise the business’s profile, issues

Participants:

Moderator:

Chong Kwong Chow, Director,

Global Operations, Honeywell

Lucian Teo, CIO,

National Population and Talent Division

Alison Higgins-Miller, Vice President,

Websense

Freddie Lee, Deputy Head, Clearing and Payments Services

Pte Ltd

Neo Yong Chiang, CIO,

Republic Polytechnic

Chee Sing Chan, Enterprise Group Editor,

Questex Asia

Billy Cheng, Head,

Management Information Systems,

Kah Motor

Lee Kee Siang, Director Infocomm,

National Library Board

John McCormack, President, Websense

Gopal Varutharaju, Director, Information Technology, Jebsen &

Jessen

Tommy Hor, Director, Computer Center,

National University of Singapore

continued on page 34

Hosts:

around activities such as blogging and how sensitive data could be inadver-tently leaked via such channels were brought up by Freddie Lee, deputy head for technology at Clearing and Payments Services. Chong said enter-

prises could do well with content man-agement products that examine and access content instead of blocking a particular URL wholesale.

0911nwa.indd 33 31/08/2011 5:18 PM

network world asia • september / october 2011 www.networksasia.net34

Companies who had reached a cer-tain degree of maturity in security policy would do good to hold inter-nal roadshows for engaging users in the concept of security, said Lee Kee Siang, director of infocomm at the National Library Board (NLB). “Edu-cation is important, and users need to understand security is not limited to the realm of the IT guys.”

Lee added that any new service or application in the organization would be subject to a thorough IT security scan to determine how much risk it carried. Users would be advised to look for alternatives if the program carried

sufficient security concerns. Clearing and Payments Services’

Lee said the abundance of mobile data plans and associated wireless tether-ing would render any firewalls useless.

Neo Yong Chiang, CIO of Republic Polytechnic, agreed, adding that the abundance of third-party applications could also serve as conduits for mal-ware. “Restricting users from install-ing such programs would only spur them toward finding other means of access,” said NLB’s Lee. “Instead, it might be more effective to use exam-ples of people who’ve abused a certain application, in order to educate users.”

Refrain from the ‘Rolls Royce’ solution

Chong pointed out that recent high-profile security breaches, including one that happened to a competitor company, had helped promote aware-ness among the business leaders in his organization. “Nobody has a big enough budget for security, so [we should] view security as the purchase

of an insurance policy. Don’t get a ‘Rolls Royce’ solution if the company can only afford a Toyota, and be pre-pared to answer [questions as to] why investments made did not cover all bases.”

Visibility was crucial in enabling and maintaining a safer network, said Go-pal Varutharaju, director of informa-tion technology at Jebsen & Jessen, an organization whose uniqueness lay in its lack of global headquarters. The company’s structure comprised of eight business divisions with offices across the globe coupled with three joint venture partners in Germany.

“Having a security dashboard was essential for us. Some divisions un-

derstand the need for it but others see it as an added cost, although things have improved since an IT policy was implemented,” said Varutharaju. “Re-cent hacking headlines have brought a lot more awareness to security’s cause, although investment in it is still slow.”

Director of the National University of Singapore’s (NUS) Computer Cen-ter, Tommy Hor, similarly emphasized the need to manage security efficiently with the aid of a suitable dashboard. “Enterprises’ understanding of secu-rity has become more mature as they grow in size. They’ve understood the need to be responsible for data col-lected and respect users’ privacy.

The challenge now lies in finding the most practical way for the differ-ent technologies and levels of defense to complement each other,” said Hor, who added that his organization used products from ArcSight to gain net-work visibility. The Arcsight solution was handy in performing real-time monitoring but lagged behind in giv-

SPECIALREPORT

ing administrators visibility into his-torical trends, he said.

Billy Cheng, head of management information systems at Kah Motor, who had recently been assigned to take charge of IT at various new business units, said monitoring and auditing was highly challenging in a distributed environment. “Our sales staff has been using their own devices, and the con-stant push from users has been about how the environment can be opened up for them.” Cheng said the company was testing products from Citrix and VMware. “It ultimately boils down to the cost of embarrassment should a leakage occur.”

Segment by segmentWhich users should be allowed access

to Web 2.0 applications? This question poses a challenge for IT departments, and segmentation was critical to en-abling business flow, said Vanutharaju.

Chong said the need for segmen-tation signaled the need for strong monitoring capabilities. Chong’s firm Honeywell had previously operated with a conservative, closed mindset to-ward social media sites till the dawn of Web 2.0 signaled the need for mindset change. The firm had employees who needed access to YouTube as the com-pany had posted several of its product manuals onto the video sharing site. “The department heads had to tell us which employees required access be-fore we provided it. With this access also came the need for logging, in case investigations are required in the fu-ture. IT now provides the business with the tools they require to function; the department steps back after.

“Only become the policeman when the situation calls for it,” said Chong.

McCormack pointed out that what companies needed was a tool that could access the risk profile of a par-ticular mobile device based on how the item interacted with corporate resources. “Anything that’s pervasive will be used, and it’s crucial that IT has visibility and control over what’s being said and done while still allowing the device to function.” NWA

continued from page 33

Nobody has a big enough budget for security, so [we should]

view security as the purchase of an insurance policy. Don’t

get a ‘Rolls Royce’ solution if the company can only afford

a Toyota, and be prepared to answer [questions as to] why

investments made did not cover all bases.

K C Chong, director of global technology service,Asia Pacific, Honeywell

0911nwa.indd 34 31/08/2011 5:18 PM

www.networksasia.net 2011 september / october • network world asia 35

Palo Alto Networks’ new firewall delivered performance 10 times faster than when we tested in

2008, and came close to its rated ca-pacity of 20Gbps in firewall-only mode, according to our exclusive Clear Choice testing.

Of course, there is always a tradeoff between security and performance. In the case of Palo Alto’s PA-5060, it all depends on what features you turn on and off.

Palo Alto Networks has shaken up the firewall market with its “applica-tion aware” feature, and we found that this next-generation capability carries no performance penalty. The PA-5060 does application-layer inspection by default.

On the other hand — and this is a pret-ty big caveat — UTM rates were nowhere near the device’s stated 20Gbps limit. Performance was far lower with any UTM feature enabled than when the PA-5060 operated in firewall-only mode.

Regardless of which UTM features we enabled — intrusion prevention, an-tispyware, antivirus, or any combina-tion of these — results were essentially the same as if we’d turned on just one such feature. Simply put, there’s no ex-tra performance cost, beyond the initial sharp drop in rates, for layering on mul-tiple types of traffic inspection.

Rates also fell when the device han-dled SSL traffic. And when decrypting SSL traffic, the system’s four 10-gigabit Ethernet interfaces ran at rates that would make Fast Ethernet aficionados smile.

continued on page 36

clearchoicetest

But UTM, SSL features put a brake on performance.By David Newman, Network Test, Network World

PA-5060 is one fast firewall

0911nwa.indd 35 31/08/2011 3:48 PM

network world asia • september / october 2011 www.networksasia.net36

clearchoicetest

continued from page 35

Some of these is to be expected. All security devices slow down when han-dling SSL traffic, and we’ve seen far big-ger drops, in percentage terms, when enabling UTM features.

Overall, we’d characterize the PA-5060 as a capable performer. While it offers many unique application-in-spection capabilities, it doesn’t quite do away with the perennial question about security-vs.-performance tradeoffs.

Web metricsForwarding rate was the primary

metric in our tests. We used both mixed and static HTTP loads to measure rates under various configurations, along with separate tests to assess perfor-mance for SSL traffic. We also verified the PA-5060’s TCP connection capacity and connection setup rate.

The forwarding rate tests clearly show that the PA-5060, which can be equipped with up to four 10-Gbit/s in-terfaces, runs at least 10 times faster than earlier Palo Alto models.

In a test involving heavy Web traf-fic with a mix of content types and ob-ject sizes, the PA-5060 moved data at around 17Gbps when configured as a firewall.

That’s a bit under the system’s

20Gbps rated capacity, which isn’t alto-gether surprising since such data-sheet numbers often are obtained using best-case conditions such as a single large object requested over and over.

In contrast, the traffic load we used involved a mix of text, images and bi-nary content of various sizes — just the sort of Web traffic often seen on enter-prise networks. The 17Gbps rate we saw in testing is probably a more meaning-ful predictor of performance on pro-duction networks.

The mixed traffic load offered here is identical to the one Network World’s Joel Snyder used in his 2008 review of Palo Alto’s PA-4020 firewall. In that test, the PA-4020 topped out at around 1.6Gbps (vs. a rated capacity of 2.0 Gbps).

UTM’s performance penaltyAs with most other security devices,

rates fall sharply if various UTM func-tions — such as antispyware, antivi-rus, and intrusion prevention capa-bilities — are enabled. Again using the same mixed Web load, we saw rates drop from 17Gbps to around 5.3G or 5.4Gbps.

The good news is that rates held steady regardless of the number of UTM functions in use. So, it doesn’t matter whether the PA-5060 does an-

tispyware, antivirus, intrusion prevention, or any combina-tion of these.

One way of boosting for-warding rates is to disable server response inspection, which checks traffic flowing from servers to clients. Dis-abling this feature caused rates to nearly triple, to 13.7Gbps. This setting is mainly useful when the firewall sits in front of data centers or other server farms. Enterprise network managers deploying firewalls to protect clients will want to keep server inspection enabled (which is the default setting).

Speed bump: SSL handlingSSL encryption is compute-

intensive. Even with dedicated silicon for the task, the PA-5060, like virtu-ally all other high-end firewalls, is a far slower performer when handling SSL traffic.

The PA-5060 generally moved traffic at around 7.5G to 7.6Gbps in every test case. We initially suspected that the nearly identical rates were caused by some limit in our test gear. But back-to-back tests of the Spirent Avalanche equipment without the PA-5060 in line moved traffic at around 8.6Gbps, faster than the firewall. So the test gear wasn’t the bottleneck.

Rates for SSL traffic are higher than those for cleartext traffic, except in the firewall-only test case. This suggests the PA-5060 does less inspection of SSL traffic by default. Palo Alto’s engi-neers confirmed this, but only for the particular traffic generated by Spirent Avalanche; in this case, the PA-5060 simply classified the traffic as type “SSL” and did no further inspection. Palo Alto says there are cases where the PA-5060 can detect certain attacks hidden in SSL traffic, but we did not attempt to verify that claim.

The PA-5060 does support decryp-tion of SSL traffic for deeper inspec-tion, but that feature comes with a heavy performance cost. When doing SSL decryption, rates fell to 986Mbps when the PA-5060 acted as a firewall, and just 108Mbps with all UTM fea-tures enabled.

Both numbers are a long way off from the 17-Gbps rates we saw in the cleartext tests, or even the 7.5-Gbps rates in the SSL tests without decryp-tion. If higher-speed decryption of SSL is required, network managers might consider a purpose-built appliance such as those from Netronome and other vendors.

Static object handlingA traffic load that mixes object sizes

offers one approximation of what en-terprise Web traffic might look like, but it’s certainly not applicable in all situations. We also ran separate tests with fixed object sizes: One with 10-kbyte objects, since this is close to

0911nwa.indd 36 31/08/2011 3:48 PM

www.networksasia.net 2011 september / october • network world asia 37

the average object size as observed in many studies of Web logs, and another with 512-kbyte objects, since this large size would better describe maximum firewall rates.

Of course, no production network carries Web traffic where every request is for 10- or 512-kbyte objects, but mod-eling some allegedly “real world” condi-tion wasn’t the goal here. The tests with static object sizes had a simpler goal: To describe the limits of firewall per-formance when handling average and large Web objects.

Not surprisingly, the PA-5060 turned in its single fastest result, nearly 18.7Gbps, in tests when configured as a firewall and presented with 512-kbyte objects. With average 10-kbyte ob-jects, rates were a bit slower, around 16.3Gbps.

Enabling UTM features produced a similar result as with the mixed-object loads: Rates were substantially lower than in the firewall-only tests, but very consistent regardless of which combi-nation of antispyware, antivirus and intrusion prevention we used. Here again, the PA-5060 moved large objects

faster than average-sized objects after we’d enabled UTM features, though by a smaller margin than in the firewall-only tests. With UTM features turned on, the PA-5060 moved large objects only about 1Gbps faster (around 6.2G to 6.3Gbps) than average-size objects (around 5.2Gbps).

The PA-5060 also moved SSL traf-fic at lower rates when static objects were involved, especially in tests with large objects. This is an expected result, since more bytes means more work for the device’s encryption engine. In most SSL test cases, rates were around 10.5G to 11Gbps with average-size objects and around 8.8Gbps with large objects.

Also, traffic rates for SSL were around the same regardless of which features we enabled or disabled on the firewall. As in the mixed-object tests, the PA-5060 didn’t try any further in-spection after classifying the Spirent traffic as SSL.

Decrypting SSL traffic carried a heavy performance cost, even higher than in the mixed-object tests. With SSL decryption enabled, rates fell as low as 100Mbps when we offered large objects to the PA-5060. And, we used the weaker RC4-MD5 cipher; if anything, rates would likely be lower still with a stronger cipher such as AES256-SHA1.

TCP connection testingWhile traffic rates are undoubtedly

useful in characterizing firewall per-formance, they’re not the only met-rics that matter. We also conducted separate tests to determine how many concurrent connections the PA-5060 could handle, and how quickly it could set up and tear down those connec-tions.

In the TCP connection capacity tests, we configured Spirent Avalanche to build up successively larger con-nection counts by having each exist-ing connection make one new HTTP request every 60 seconds. The largest number of concurrent connections the PA-5060 handled without errors was 3,620,979. While 3.6 million is a huge number, it’s also less than the device’s

rated capacity of 4 million. After test-ing concluded, Palo Alto said it had identified a bug in the software version we tested, and that a release scheduled by press time would allow the firewall to handle 4 million concurrent con-nections. We did not test the new soft-ware.

In a related test, we also examined the maximum rate at which the fire-wall would set up and tear down new connections. Here, we configured Spi-rent Avalanche to use HTTP version 1.0, forcing each HTTP request to set up a new TCP connection. When han-dling this load, the PA-5060 handled 44,120 connections per second error-free when using all four of the device’s 10-gigabit Ethernet interfaces. In tests involving two interfaces and an ear-lier version of the Palo Alto software, we observed error-free rates of nearly 47,000 connections per second. Either rate is very high and will probably be more than sufficient for the majority of enterprise users.

While there’s room for improve-ment in the PA-5060’s performance, especially when it comes to UTM per-formance and SSL decryption, we’re encouraged by these results. The PA-5060 is already far faster than the PA-4020 tested earlier, and it’s still one of the few firewalls with true ap-plication-layer inspection capabilities. With some optimizations to UTM and SSL performance, it may do away with security/performance tradeoffs once and for all. NWA

Newman is a member of the Network World Lab Alliance and president of Network Test, an independent test lab and engineering services consultancy.

ThanksNetwork World gratefully acknowl-

edges the assistance of Spirent Communications, which supplied its Spirent Avalanche 3100 GT traffic appliances for this project. Spirent’s Michelle Rhines, Jeff Brown, Glen Cory Jr., and Chris Chapman also provided engineering support.

0911nwa.indd 37 31/08/2011 3:48 PM

network world asia • september / october 2011 www.networksasia.net38

More than 56,000 industry visitors, conference speak-ers and delegates, exhibiting

staff and media from around the world attended CommunicAsia2011 and BroadcastAsia2011 between 21 and 24 June.

The strong line-up of companies on the showfloors and distinguished speakers at the conferences reinforced CommunicAsia and BroadcastAsia as the information, communication and broadcast industries’ premier launch-pad and networking event in Asia, said Stephen Tan, chief executive of show organizer Singapore Exhibition Ser-vices.

More than 250 industry luminar-ies addressed pertinent issues and challenges affecting the media and IT industries at the CommunicAsia2011 Summit, BroadcastAsia2011 Interna-tional Conference and Creative Con-tent Production Conference. These knowledge-sharing opportunities pro-vided delegates with invaluable oppor-tunities to network with industry ex-perts and thought leaders from across Asia and the rest of the world.

Global innovationsMaking its debut was the Huawei

MediaPad, the world’s first 7-inch IPS touch-screen tablet, which runs on Google’s Android 3.2 operating sys-tem.

The significance of Nokia’s return to CommunicAsia after a decade-long ab-sence was also marked by the launch of the N9 smartphone, as well as a show-case of the company’s latest suite of mobile devices and services.

Mobile application developers such as Falcon Interactive, Myriad, Nokia, Stream Media, VeriFone and Mobi-quest made their presence felt at Com-municAsia2011, and companies such as NTT DoCoMo excited the crowd

with their Augmented Reality mobile applications that allow two or more people to view the same virtual objects in real-time.

Some of the world’s leading satellite players — such as AsiaSat, C2Sat, GE Sat, Intelsat and Tata Commu-nications — show-cased their wares and services to k e e n

v i s i -tors, while national

ICT capabilities were showcased at 26 group pavilions.

“This was our first time exhibiting at CommunicAsia and we were im-pressed by the event. Not only were we able to showcase the ICT technologies available in Thailand, but we also re-ceived some good business prospects and collaboration opportunities for the ten companies that exhibited un-der TRIDI. We will definitely be back next year to showcase what Thailand has to offer,” said Dr Supot Tiarawut, director of debut exhibitor Telecom-munications Research and Industrial Development Institute (TRIDI).

Other highlights included ST Elec-tronics’ (Info-Comm Systems) oTTo-Go Telematics Service Hub and Smart Travel Information System, which deliver real-time traffic information to drivers and vehicle owners, as well as Nokia Siemens Networks’ dem-onstration of LiquidRadio, a cloud-based base station architecture that enables operators to easily direct mo-

bile broadband capacity where it is needed most.

Setting the stage for revolutionary display

The spotlight at BroadcastAsia2011 was on 3D, hybrid broad-cast broadband TV (HbbTV) and DVB-T2, and visitors witnessed first-hand the latest solutions from compa-nies such as AV8 Me-dia, Dalet, Grass Valley,

Harris, Harmonic, Media Village, Play-box, Polecam, Sony and more.

“The quality of the visitors to Broad-castAsia2011 surpassed previous years, and we were kept busy meet-ing prospective customers throughout the four days. We applaud Singapore Exhibition Services for bringing in strong, serious buyers, and for putting together yet another fantastic show,” said Joyce Quark, channel and mar-keting manager at Harmonic.

On the first day of BroadcastA-sia2011, Pixel Power announced that it has installed 10 units of LogoVision, a dedicated branding and graphics play-out device designed for 24-hour opera-tion in a transmission environment for SingTel’s IPTV service Mio TV. It also supplied Radio and Television Malay-sia (RTM) with five high-specification Clarity 3000 units, including 3D, clip and audio capabilities.

At the inaugural Cinematography/Film/Production Zone, industry play-ers such as BlackMagic Designs, Can-on, Cine Equipment, The Media Village and Quantel convened to showcase the latest inventions and technology up-grades in 3D, HD, motion/film pro-duction and post-production software that maximize production efficiency without compromising on quality. NWA

Positive visitor growth and exhibitor feedback for CommunicAsia2011 and BroadcastAsia2011

0911nwa.indd 38 31/08/2011 3:48 PM

www.networksasia.net 2011 september / october • network world asia 39

gadgets

Sony Ericsson Xperia Active Running on Google’s Gingerbread 2.3 operating system, the Xperia Active features a 3-inch capacitive touch-screen reality display with a mobile Bravia Engine, a 5-megapixel camera with HD video functionality, and a 1GHz processor. Additional apps can be stored on the phone’s 2GB microSD card that also allows storage to be increased to 32GB. Pre-loaded sports apps enable consumers to easily track their fit-ness levels. Users can set their ideal training route using the built-in GPS, Barometer and Compass. On-screen heart rate and pulse can be monitored in real-time (enabled by ANT+ wireless networking technology), while the iMapMyFitness app can monitor day-to-day performance.

Sony Ericsson Xperia RayRecent smartphones from Sony Ericsson such as the Xperia Arc has showcased the manufacturers’ design capabilities. Following in that trend is the 9.4mm thick Xperia Ray driven by a 1GHz processor running the Gingerbread 2.3 Android OS. Its 3.3-inch scratch-resistant screen offers excellent resolution and brightness. Apps and other media can be stored on its 4GB microSD card; storage to be in-creased to 32GB. Other features include a front-facing camera, integrated touch

keys and applications like LiveSound and LiveDock. LiveSound headphones allow consumers to remotely access applications from the phone through LiveKey control with a simple push of a button. By sim-ply connecting their smartphone to the docking station, LiveDock allows users to launch applications from the Android Market and charge their phone at the same time.

While no longer as popular a launch platform for mobile devices as before, CommunicAsia 2011 still saw a decent number of smart mobile devices introduced. By Ken Wong

Mobile devices launched at CommunicAsia

Blackberry Bold 9900Blackberry’s Bold 9900 features a 1.2GHz processor, a liquid graphics capacitive touch screen and support for high-speed 4G/HSPA+ wide area wireless networks. Powered by the BlackBerry 7 OS, it includes built-in support for Near Field Communica-tions (NFC) that will allow users to, for example, pair the Bold to an accessory or read information such as a web link from a smart NFC tag by simply tap-ping their BlackBerry Bold on it (eg. a Smart Poster). The BlackBerry 7 OS is designed to provide a more intuitive and productive user experience with improved browsing, voice-activated searches, the ability to manage per-sonal content separately from cor-porate content, as well as addi-tional personal and productiv-ity apps out of the box.

Huawei MediaPad Qualcomm’s dual-core 1.2GHz processor powers Huawei’s 7-inch Android 3.2 Honeycomb Media-Pad tablet. The phone al-lows 1080P full HD video playback, a 1.3 megapixel front-facing camera and a 5-megapixel auto focus rear-facing camera with HD video recording capability. It also supports Flash 10.3 videos and comes preinstalled with applications such as Facebook, Twitter, Let’s Golf and Documents to Go.

The 16GB or 64GB Nokia N9 device provides three home views that the company says is designed to give fast access to the most popular features: Using apps, staying up to date with notifications and social networks, and switching between activities. The body is a single piece of polycarbonate and has a scratch-resistant 3.9-inch AMOLED screen that allows users

to watch videos in 16:9 wide-screen formats. There is also an 8-megapixel Carl Zeiss autofocus sensor, wide-angle lens.

Nokia N9

0911nwa.indd 39 31/08/2011 3:48 PM

network world asia • september / october 2011 www.networksasia.net40

biteback

These connect to the Internet through a proxy that filters nor-mal traffic from malignant traffic. Data pipes are critical in delivering connectivity and services to users, and must be kept free of security threats like malicious code and un-desirable content. Clean pipe solu-tions ensure that information flows steadily to the user, without being choked by external threats along the way.

In a world where DDoS attacks are evolving to become more sophisticated and harder to detect, businesses often need guidance on the various hard-ware and software solutions available. To keep things simple, look for a part-ner that provides clear explanations on its data security offerings, and is will-ing to customize them to your compa-ny’s IT infrastructure needs.

To guard against malicious virtual attacks, prevention is always better than cure. Configuring a data secu-rity system to protect your online as-sets and data is infinitely easier than attempting to fix a site that has been corrupted by external hackers. Data, once lost, is not easily recovered. With a good data security system in place, you can focus on your core business, serving the customers who have placed their faith in you. NWA

Stephen Harrison is APAC vice-president for ControlCircle.

enterprises, are vulnerable to DDoS attacks. To prevent similar security breaches, companies can try three simple things:

• Protect switches and routers from network flooding. Flood-ing occurs when an overwhelming amount of traffic is detected on your network, causing all your on-line operations to grind to a halt. A sudden, suspicious spike in net-work traffic can often be traced to a DDoS attack designed to choke your network. Choose network hardware that contains simple soft-ware to detect and prevent flood-ing, so you will be alerted early in the event of a DDoS attack.

• Invest in blackholing and sinkholing. Blackholing refers to the process of sending traffic that attacks your DNS or IP address to a “black hole”, or a non-existent server, for safety. Sinkholing routes traffic to a valid IP address, but in-telligently analyzes traffic and de-tects security threats your networks may be facing. Together, both pro-cesses will help to redirect the flood of traffic to a non-existent network location to protect your existing data, and separate the good traffic from the bad.

• Make use of clean pipe solutions.

We live in a world that is becoming increasingly de-pendent on online trans-

actions and services. When making online transactions, customers trust in companies to protect their per-sonal details, such as their full names, phone numbers, addresses and credit card numbers. Such sensitive data, when left unguarded, can easily be stolen and misused, causing great distress to both companies and their customers.

In the last few years, the number of DDoS attacks and other incidents of e-mischief per hour have increased dramatically, because there is so much more online data at stake. DDoS at-tacks are especially harmful – they can cause unusually slow network perfor-mance, the unavailability of a website and its services, or a flood of spam.

The recent attacks on Sony’s Play-Station Network, involving DDoS and hacker attacks to bring the site down, compromised more than 100 million online and gaming accounts, and was one of the most serious cyber attacks on a single company in recent history. As a result, Sony lost an estimated US$170 million, and its stock price dropped by 30%. Its corporate repu-tation has also suffered considerable damage from this attack.

Clearly, cybersecurity is paramount in a world where all businesses, from global conglomerates to fledgling

Shielding yourself against virtual bullets

With so much valuable data migrating online, cybercriminals are targeting corporations now more than ever.

By Stephen Harrison

C

M

Y

CM

MY

CY

CMY

K

NWWA-ad-FA.pdf 1 20/8/11 12:33 AM

0911nwa.indd 40 31/08/2011 3:49 PM

www.networksasia.net 2011 september / october • network world asia 41

C

M

Y

CM

MY

CY

CMY

K

NWWA-ad-FA.pdf 1 20/8/11 12:33 AM

0911nwa.indd 41 31/08/2011 3:49 PM

network world asia • september / october 2011 www.networksasia.net42

0911nwa.indd 42 31/08/2011 3:49 PM