VPNs and Data Center Efficiency

By Nicholas Greene Data centers have long formed the backbone of our increasingly digital society. Without them, the technological lifeblood of our civilization essentially vanishes altogether. The fact is, we’re already incredibly reliant on computers and networking, and that’s not going to change any time soon. What will change – what is changing – is that we’re using the Internet for more and more, putting greater strain on and making increasingly difficult demands of the infrastructure that supports it. That’s the problem with a vital technology – it tends to experience extremely rapid growth. As a direct result, data centers are starting to grow at exponential rates simply to keep up with all the computing requests. This poses a very specific problem: it’s extremely easy for this rapid expansion to careen out of control, leaving an organization with a convoluted mess of poorly-implemented hardware and an application infrastructure that would frustrate most IT professionals.  Coupled with this is a considerable increase in the cost of operations.  Data centers now require more bandwidth and use more energy than ever before. That’s where VPNs come in. Powerful tools for efficiency in the business world, VPNs are equally valuable in the data center market for a number of reasons. First and foremost, a data center is typically either a self-contained business or one tendril of a larger organization. Proper implementation of a VPN vastly improves the productivity of an organization’s staff in either scenario. As I have discussed before, ease of communication, constant connectivity and increased mobility all lead to a marked increase in productivity, while the security offered by a VPN...

IPv6 and Infrastructure – Are we doing enough?

Dark Reading’s Kelly Jackson Higgins is reporting that many providers and vendors, including Google, AT&T, Facebook and others – plan to officially go live with IPv6 on this year’s IPv6 Day (June 6). This might sound familiar, as it was last June that more than 400 organizations — including Google and Facebook – enabled IPv6 standards on their websites. Last year, no major outages were reported, paving the way for this year’s official switch. Even so, an ongoing concern has been whether our technology infrastructure is ready for IPv6. Rainer Enders, CTO of NCP engineering, posed this very question last year in the column “We Need Infrastructure Before IPv6 Becomes a Real Problem” on CTOEdge. Drawing upon his personal experience, Enders illustrated the stark technical reality facing IPv6 implementation: I live in Walnut Creek, a community less than 30 miles from San Francisco — arguably, the epicenter of technology and innovation in the world. And yet, my community isn’t yet equipped to handle IPv6 or high-speed Internet protocols. If we — just a stone’s throw from Silicon Valley — can’t transition easily to technological innovations, how can we expect anything more from the rest of the country?  Now, in an encouraging next step, the Internet Society has announced that “Major Internet service providers (ISPs), home networking equipment manufacturers, and web companies around the world are coming together to permanently enable IPv6 for their products and services by 6 June 2012,” reports ZDNet’s Steven J. Vaughan-Nichols. He adds: In a statement, the Internet Society’s CTO, Leslie Daigle, said, “The fact that leading companies across several industries are making significant commitments to participate in World IPv6 Launch is yet another indication that...

Don't Worry, IPv6 Won't Break Your Existing IPsec VPN, Part 1

By Daniel P. Dern What does the coming of IPv6 mean for companies relying on IPsec for secure site-to-site and remote VPN connections to the company network? “Nothing would change,” says Rainer Enders, CTO, Americas, for NCP engineering. “From an end-user point of view, there is zero impact at the application layer. Using IPv6 instead of IPv4 will be transparent to the user.” What does this mean for IT admins responsible for provisioning and administering IPsec VPNs and VPN capability? “You still have to have your VPN application in place, and that application has to be managed, monitored, and controlled,” says Enders. “You want to make sure you have the right technology deployed, for instance at the operating system, patch, and security level.” IPv6 increases the need to have the appropriate security technology for VPNs and other networking activity, Enders notes. “Static firewalls work fairly well in an IPv4 environment, because there are other layers of protection, such as private addresses. However, with IPv6, the world is ‘flatter’ and much better connected. So IT admins will want a managed-client firewall, and take more security precautions, to focus more on protecting devices.” Stay tuned for Part 2 on how a company can add IPv6...

Don’t Worry, IPv6 Won’t Break Your Existing IPsec VPN, Part 1

By Daniel P. Dern What does the coming of IPv6 mean for companies relying on IPsec for secure site-to-site and remote VPN connections to the company network? “Nothing would change,” says Rainer Enders, CTO, Americas, for NCP engineering. “From an end-user point of view, there is zero impact at the application layer. Using IPv6 instead of IPv4 will be transparent to the user.” What does this mean for IT admins responsible for provisioning and administering IPsec VPNs and VPN capability? “You still have to have your VPN application in place, and that application has to be managed, monitored, and controlled,” says Enders. “You want to make sure you have the right technology deployed, for instance at the operating system, patch, and security level.” IPv6 increases the need to have the appropriate security technology for VPNs and other networking activity, Enders notes. “Static firewalls work fairly well in an IPv4 environment, because there are other layers of protection, such as private addresses. However, with IPv6, the world is ‘flatter’ and much better connected. So IT admins will want a managed-client firewall, and take more security precautions, to focus more on protecting devices.” Stay tuned for Part 2 on how a company can add IPv6...

IPsec's longevity is about more than IPv6

By Nicholas Greene We already know that IPsec is here to stay, especially since it’s such an integral part of IPv6. So, how did IPv6 become so ingrained with IPsec? Why was IPsec developed in conjunction with IPv6, and how did it get to where it is today? To answer these questions, let’s quickly revisit the origins of IPsec. Let’s go back to the 1990s, when (as most people think)  IPv6 was first being developed because of IP address exhaustion. But in reality, along with the address exhaustion, something else was abundantly clear to the Internet Engineering Task Force (IETE). During its inception, the Internet was a relatively private technology. Truth be told, I don’t think the original technology was ever intended to become the public platform that it is today. And as most people involved with networking will tell you, security for a private network is a very different beast than from public network security. A public security remedy is what the IETF ultimately realized was lacking as the Internet became increasingly public. “The obvious need for securing content at layer three [the ‘network’ layer of the seven-layer OSI networking model] was what spurred the development of IPsec,” said Paul Hoffman, head of the VPN Consortium. “There is security for each protocol at each layer, and IPsec is for that IP.” See, as the Internet grew, a number of applications and protocols began to appear that SSL wasn’t really equipped or designed to deal with. Essentially, SSL at the time, wasn’t well-suited for public networks.  There were two reasons for this. The first one: SSL was — and...