How do users at home or in an office know when they’re getting the best performances out of a device, application or cloud service? How can enterprises document when the systems they’ve set up for their employees–remote or on-premises–are operating efficiently and securely?

This isn’t all about the mere speed of applications. We’re about talking several attributes: speed, security, reliability, agility, configurability and others. What about good, strong internet connections? How about video that doesn’t snag or crash and crisp audio that doesn’t disappear into an internet well? What about safe, secure delivery of documents, images and other important company assets?

It’s about the user experience, too. In fact, IT is nothing if not about the user experience, and it always has been. Steve Jobs used to say that it doesn’t matter how good an application is; if it doesn’t have an intuitive user interface, you might as well throw it away, because no one’s going to use it.

It takes accurate monitoring and observability tools based on analytics to do all the things mentioned above, and as time goes on, more and more of these requirements are being done by automated software, not humans. The sheer scale and big data capacity of these applications, whether in a cloud or not, is moving far beyond a human’s ability to stay on top of them 24/7. In fact, it’s impossible.

The old ways of monitoring apps are outmoded

The old ways of monitoring and managing applications have become inefficient, thanks to many visibility gaps. Telemetry that’s required for understanding how highly distributed cloud applications behave has grown exponentially. DevOps teams, SREs, and developers have started looking for new approaches to meet this requirement. The new solutions are not only about incident detection. They also have to include incident prediction and capabilities to explore how code changes impact the overall business, and that’s where observability comes into play.

Observability is a new way of getting insight into the performance of cloud environments based on analytics for a vast amount of telemetry data (metrics, traces, histograms, logs, events) collected from a diverse set of data sources—cloud applications and services, infrastructures and Kubernetes app coordination. Observability combined with the DevOps culture of responsibility shared by multiple teams creates an effective new approach to untangle the thorniest issues affecting cloud applications.

So how does a business go about finding the answers? It starts by finding the right monitoring and observability tools and deploying them in an efficient manner. Here are 10 excellent vendors with which to start in this category:

• VMware Tanzu
• NetBeez
• AppDynamics
• Dynatrace
• Zenoss
• New Relic
• Riverbed
• Splunk
• Catchpoint
• Instana

Defining observability

A succinct definition: Observability is a mindset that enables you to answer any question about your entire business through collection and analysis of data. Building observability into your business enables you to answer questions about your business in real time, and often this can be the difference between out-performing competitors or allowing them to out-perform you.

A key trend in the evolution of IT systems now is that enterprises are making moves from basic visibility to network observability. This is where IT pros can use the data to solve critical problems that cause business-interrupting issues. Monitoring is important but incomplete; observability takes the data from monitoring and puts it into action. It creates the ability to understand why networks are slow, what the source of anomalies are, and if a user is compliant.

IT observability, when combined with AI and automation, also holds the promise to deliver the actionable answers needed to ensure cloud-native applications work perfectly and deliver the best experience and value possible to their users.

ITOps observability challenges

Prior to the pandemic, having employees work on office campuses provided significant advantages to IT for a few reasons. The network infrastructure is managed and uses enterprise-grade equipment. Also, most users are located near IT support. As a result, root-cause analysis within a corporate environment is much easier than across hundreds or thousands of home offices. (For additional information, read the EMA Research paper on extending network performance monitoring to the home office,)

Here are the network observability challenges for work-from-home employees who make up “enterprise branches,” according to NetBeez:

Extending network observability to the home office

To address remote worker network observability challenges, there are four key capabilities to extend observability to home-office networks, NetBeez said. They are:

• Collect and aggregate network connectivity, performance and throughput data from the remote worker’s laptop or desktop, from across the Internet, and within the VPN tunnel to identify and pinpoint performance issues;
• Actively test websites and SaaS applications’ availability and performance, including DNS checks without passively capturing end-user transactions;
• Constantly test network support for voice/video-over-IP calls, including identifying packet loss, jitter and latency issues that degrade voice and video services; and
• Collect Wi-Fi metrics to detect performance issues caused by poor WiFi coverage and interferences with other WLAN networks or systems.

In summary …

• The home office has gained major traction as a permanent alternative work environment. ITOps and security teams are charged with de-risking this change and enabling the workforce to be productive in many new environments.
• The bad news: Too many enterprises are far behind the curve here in mid-2021 in making the needed adjustments to protect and serve all their employees, no matter where they are deployed.
• The good news: There are excellent observability solutions that mitigate these challenges and assist ITOps teams in maximizing their efforts and resources.

Photo by Tima Miroshnichenko from Pexels

The post Performance Monitoring, Observability for the Home Office appeared first on eWEEK.

Remote work is driving more unstructured data sprawl than ever in the history of digital anything. Whereas before the pandemic (pre-2020), most business data emanated from highly-secured commercial offices, now it’s estimated that more than half of all these important files are coming from places (gulp!) that might be wide open to interception from bad actors trying to make a profit off holes in security. Some of those are gaping ones that any rookie hacker can crack in a matter of minutes.

This is precisely why enterprises now are focusing heavily on updating the endpoint management of their desktop PCs, laptops, phones, tablets, video equipment and other devices housed in home offices-turned-corporate branches here in 2021. The fact is, since a majority of workers are finding advantages in working at least part of the time from home, they want to keep this in play as long as possible, and companies are obliging them. There are advantages for employers here, too, but that’s another story.

“We heard from our customers about this: 67% of IT executives are concerned about unstructured data sprawl, and more than half say remote work is the main culprit. My reference is to data across multiple apps, multiple clouds,” Vineet Jain, CEO of Egnyte, said during a recent #eWEEKchat on this very topic.

Data sprawl is literally everywhere

Policies need to be gently enforced for users

Jain of Egnyte said that for corporations to have more control, enforcing data governance policies without the tech getting in the way is key.

“Further, getting the content management architecture right is key. Examples are files sitting on unsecured devices, data loss and mismanaged permissions,” Jain said. “The attack surface has grown exponentially, so even basic things like hardening your routers, keeping anti-virus up to date and centralizing content in one ‘logically unified’ silo are some of the means to meet the security challenges.”

So how does a company go about upgrading its system so that all of the above happens, and that bad actors don’t get inside and cause mayhem? Ransomware numbers are way up the last two years, yet the general public doesn’t hear much about those exploits at all—largely because it’s extremely embarrassing to a company, not to mention surrendering to a ransomware crook is generally not seen as an asset by shareholders.

Based on Gartner Research’s 2020 UEM market report, eWEEK here features three leading companies’ solutions in this article. To find more information on more endpoint management market leaders, see eWEEK’s library on the topic.

Defining Unified Endpoint Management

Gartner Research defines the UEM tools market as a set of offerings comprising mobile device management (MDM) and management of personal computers, via traditional client management tools (CMTs) or modern management, through a single console that also combines the application of data protection, device configuration and usage policies. Modern UEM tools:

• Provide a user-centric view of devices across device platforms.
• Enable modern PC management through native Windows 10, macOS and Chrome OS controls.
• Enable MDM through native iOS and Android controls.
• Aggregate analytics and telemetry from users, apps and devices to help inform policy and related actions.
• Provide insights into user experience through aggregation of telemetry signals, events, logs and synthetic transactions.
• Integrate with unified endpoint security (UES) tools to support security policy management, execute administrative actions and improve integration with identity and access management (IAM) tools.

VMware Workspace ONE

In the 2020 Magic Quadrant for Unified Endpoint Management (UEM), Gartner recognized VMware as a leader for the third successive year. VMware’s centerpiece here is its Workspace ONE UEM product, an end-to-end solution which:

• enables customers to drive workplace modernization, implement zero trust and improve employee experience;
• delivers a device-agnostic user experience across all major mobile and desktop platforms through deep integration with single sign-on (SSO), remote access, endpoint security, identity; management, desktop and app virtualization, and numerous third-party solutions;
• uniquely enables traditional and modern PC and mobile management from a single console, and fully supports customers migrating from traditional network-based CMT to modern UEM-based PC support; and
• helps organizations maintain business continuity with scalable digital-first infrastructure, flexible virtualization solutions, and intelligent and secure device management that keeps employees productive and engaged anytime, anywhere.

VMware’s Workspace ONE is focused on providing improved employee experience through UEM, virtualization, analytics, apps and workflows. Its operations and clients tend to be geographically diversified. VMware continues to invest in helping customers drive workplace modernization, implement zero trust and improve employee experience, anchored by Workspace ONE Intelligence and Carbon Black endpoint security integration.

What separates it from competitors

• End-to-end solution: VMware enables remote work and a seamless, device-agnostic user experience through its deep integration of UEM with single sign-on (Workspace ONE Access), remote access (Workspace ONE Tunnel), endpoint security (Carbon Black), and desktop and application virtualization (Horizon); and support for many third-party solutions. Social media analytics highlight satisfaction with the remote onboarding feature, which has taken on increased importance during the COVID-19 pandemic.
• Ease of use: VMware offers seamless integration of traditional and modern PC and mobile management techniques through the same console, in addition to in-console templates and wizards to empower IT admins to maximize value. VMware also curates a vast online knowledge repository that includes product information, videos, labs, blogs, implementation guides, learning activity paths and reference architecture in its Tech Zone portal.
• Flexibility: VMware’s flexible architecture enables customers to operate exclusively on-premises, exclusively in SaaS, or a hybrid of the two where customers decide on a component level what model is a best fit. Standard and customizable connectors can enable complex integrations. VMware also offers several integrations with third-party identity, endpoint security, IT operations and IT service management tools.

You should know …

• Platform value proposition: To maximize the unique value of VMware’s Workspace ONE platform (e.g., employee experience, risk-based conditional access [zero trust], automation, intelligence and analytics, etc.), clients will need to purchase the Enterprise license tier.
• Advanced feature adoption: VMware continues to make investments in areas such as modern management of Windows and macOS devices, and offerings such as employee onboarding; yet adoption has been slower than expected.
• Microsoft 365: VMware customers committed to Microsoft 365 must rationalize the incremental cost of paying for Workspace ONE and Microsoft Endpoint Manager, or should look for advanced Workspace ONE capabilities to complement Endpoint Manager. The Workspace ONE integration to MEM offering is currently in limited beta.

IBM Security MaaS360 with Watson

IBM Security MaaS360 with its Watson product, also in Gartner’s Top 3, is focused on artificial intelligence (AI)-enhanced UEM. Its operations are geographically diversified; clients tend to be small to midsize technology, retail and manufacturing companies based in the Americas and Europe. IBM continues to invest in AI, ensuring alignment with new devices, features and use cases, and deeper integration with identity and endpoint security products.

What separates it from competitors

• Watson Analytics: IBM has used its Watson AI expertise to deliver analytics designed to help customers identify, prioritize, triage and resolve issues on devices managed by MaaS360. Customers value the efficiencies gained from customizable, automated reporting that helps them identify and prioritize critical issues.
• Ease of use: Gartner clients continue to report that MaaS360 is easier to implement than other UEM solutions. The product offers several policy templates through a wizardlike interface that uses AI to deliver benchmarked reports that enable customers to configure and validate their environment against peer and published practices. It also has a clean dashboard to react to events quickly.
• Strong CMT support: The integration with third-party CMTs, along with Group Policy Object (GPO) migration capabilities, simplifies the journey to co-management and modern management. Clients have referenced positive experience with integrations to Microsoft Endpoint Configuration Manager, HCL BigFix and Tanium. IBM also offers self-directed patching and application updates for Windows and macOS (using OPSWAT), and tools to help customers migrate to modern management.

You should know …

• SaaS only: MaaS360 is available only as a SaaS solution and does not provide any on-premises management option. It does, however, offer an on-premises access gateway to enable mobile devices to access email and other applications.
• Mostly midmarket: Gartner rarely sees MaaS360 on enterprise client shortlists unless the organization is already heavily invested in IBM software. IBM is working on enabling its sales force to sell MaaS360; however, most sales are from small to midsize companies or through the carrier channel.
• Limited endpoint diversity: Despite strong CMT integration, most clients report using MaaS360 to manage mobile devices rather than as UEM to manage PCs via co-management or modern management.

Microsoft Endpoint Manager

Microsoft Endpoint Manager (MEM), the final member of Gartner’s Top 3, combines Intune and Configuration Manager and is available with an Enterprise Mobility + Security (EMS) license. Microsoft’s operations and clients tend to be geographically diversified. Microsoft continues to invest in improving end-user and IT admin experience, integration with endpoint security and identity systems, and expanded use of analytics, AI and machine learning (ML).

What separates it from competitors

• Marketing and product strategy: With the establishment of MEM, Microsoft offers the most used UEM tool on the market, with significantly more devices under management than its competition. Though many I&O leaders are confused by the MEM, Configuration Manager and Intune relationship, online references in 4Q19 increased by 278%, with discussions on how MEM combines its offerings into a single console at no additional cost.
• Microsoft-native: Deep integration across Microsoft products offers security capabilities that are difficult to replicate piecemeal. Evidence of improved stability and performance achieved by reducing third-party plug-ins cannot be ignored. MEM’s integration with Azure Active Directory, Defender Advanced Threat Protection (ATP) and Microsoft 365 app protection offers improved security and user experience through zero-trust conditional access.
• Co-management: Improved Intune and Configuration Manager integration, along with the pandemic, have accelerated the adoption of co-management and modern management. Prepandemic, clients were too focused on replacing Windows 7 with Windows 10 to adjust their endpoint management strategies.

You should know …

• Third-party integrations: Clients frequently struggle with limited integration with third-party identity, service and asset management, and endpoint security products. Additionally, organizations seeking advanced macOS management and remote control are required to use third-party integrated solutions.
• Nonstandard use cases: MEM currently lacks robust management capabilities for IoT, wearables, rugged frontline devices and UNIX/Linux operating systems as well as required controls for highly regulated use cases where containerization and integrated VPNs are more common. MEM enables management of Microsoft 365 Enterprise apps and data using Intune app protection policies and conditional access; however, that may not meet compliance requirements.
• Difficult to use: Clients’ most common concern is that using MEM is not easy. Reasons include the overhead required to architect, build and maintain Configuration Manager and integration between on-premises Active Directory (AD) and Azure AD. Managing some policies (like Windows Hello) requires use of multiple consoles. Clients also frequently voice frustration with staying abreast of product updates and finding documentation and best practices across the various websites, communities and blogs.

The post Selecting Endpoint Visibility, Management for WFH Employees appeared first on eWEEK.

When setting up or upgrading a home office in which you’re working for either yourself or for a company, there are a lot of tools you’ll need to consider. You could simply start out with a PC, smartphone, free Zoom account, an internet connection, and lots of coffee, but you’re going to need a lot more than those essentials if you’re going to be professional about all this.

Here are some additional ideas for your office, based on eWEEK reporting.

PCs/laptops

eWEEK, which was known as PC Week for the first 16 years of its existence (1984-2000), built an excellent reputation then–and which has continued to the present day–regarding its evaluations of personal computers of all kinds. eWEEK Labs, which once had a full-time staff of 20 to 25 product testers, was known as one of the finest and most complete third-party IT research houses in the world for a long, long time.

To help home office users decide on which PC investment to make, eWEEK is loaded with information on numerous manufacturers’ products.

Dell: eWEEK has a long and deep collection of news and review articles on Dell laptop and desktop PCs. Go here to see the compilation.

Lenovo: eWEEK has an impressive collection of news and review articles on Lenovo desktop and laptop PCs. Go here to review the compilation.

Toshiba:  Check out eWEEK’s lineup of news, review and features articles on Toshiba laptops.

Samsung: Here is a list of reviews of Samsung laptops.

Microsoft: Read about Microsoft’s mainline Surface laptops in these eWEEK articles.

HPE: There’s a list of HP laptop reviews and feature stories here.

Apple: Here’s a listing of articles and reviews on the MacBook series.

Asus: You can find a listing of reviews and feature articles on Asus laptops here.

Finally, here’s a general listing of laptop and desktop reviews of all makes and models on eWEEK.

Video conferencing

Zoom: Few IT companies have benefited from the COVID-19 pandemic as much as San Jose, Calif.-based Zoom, thanks to its reliability and easy-to-use, intuitive interface. Where the company had a decent but not spectacular total of about 13 million regular users (and mostly inside enterprises) in January 2020, four quarters later it was closing in on 500 million users. This includes schools, small businesses, nonprofits and individuals–far eclipsing its previous enterprise-only clients. It’s now bringing in $2.6 billion per year in revenue; its stock shot up 369 percent from Q1 2020 to Q1 2021.

RingCentral: This Belmont, Calif.-based company offers a cloud-based PBX system for businesses. The RingCentral platform supports hundreds of thousands of users. It’s designed to handle 2X capacity and is currently managing more than 10 billion minutes of voice traffic per year. RingCentral Office features include call auto-attendant, company directory, call forwarding and handling, multiple extensions, a mobile app for iPhone and Android, Business SMS, video conferencing and screen-sharing, and fax. Go here for the latest information on the office platform’s products and services.

LogMeIn: The company just announced live streaming for its GoToWebinar service. Now you can live stream webinars on popular third-party social platforms such as Facebook Live, YouTube Live and (coming soon) LinkedIn Live, as well as virtual event platforms that include CVent, Intrado, Socio and others directly through GoToWebinar.  Go here for the details.

Others in this category: Adobe, Bluescape, GoToMeeting, OnBoard, Asana, Robin, BoardDocs.

Headsets

Sennheiser:  Danish audio peripherals maker EPOS is co-developing with Germany’s Sennheiser a new line of high-end, wired headsets co-branded by EPOS|Sennheiser and called IMPACT.

Sennheiser has earned a reputation over four decades as being a high-quality but slightly more expensive maker of headphones and microphones. The co-development of this new line of audio peripherals is substantial news in the industry.

To show how specialized we’re all getting in this day and age, the new EPOS IMPACT headsets have all been certified for use with Microsoft Teams. Other headset companies, including Poly and Jabra, also have had their products sanctioned by Microsoft for its Teams app, the international promotion of which hasn’t been seen by the Seattle-based IT giant since it launched Windows 95.

These EPOS IMPACT headsets, previously certified for Skype for Business, simply require a firmware upgrade to be certified for Teams. They’re already ergonomically designed for all-day use; with the increasing number of Zoom, Skype and Webex calls employees are doing on a daily basis because they’re working from home, comfort eventually becomes an important factor in peripherals like these. Go here for more information.

Jabra: The Jabra Evolve2 30 has been described by The New York Times Wirecutter columnist, Melanie Piola, as “the best USB headset for people who take a lot of calls at their computer. It combines excellent mic quality with wear-all-day comfort, and the headphones sound great with both music and voice.” Try one for yourself; go here for more information.

Poly: This company’s (Polycom + Plantronics, merged in 2018) wired and wireless headsets are well worth the investment (they run from about $100 to about $420) because they work well and for a long time. They can take a beating and keep on working as if nothing bothers them. Poly has focused on security as its market advantage; its Savi 7300 Office Series keeps conversations private. The ultra-secure DECT wireless headset, which has 128-bit authentication and military-grade features–such as 256-bit AES encryption–is a natural choice for financial, medical, government and contact centers or anywhere sensitive conversations happen. Go here for more product detail.

Others in this category: Leitner, Bang & Olufsen, Microsoft, Skullcandy, Avantree, Avalle, Tribit.

Video conference-director bars

Before the pandemic hit last March, video bars for meeting spaces and huddle rooms (smaller rooms for 4 to 6 people) were escalating into a major enterprise collaboration trend. These automated bars, using multiple cameras and microphones, act as virtual video session “directors”; they are able to take in a room as a whole in one shot, then, using voice tracking, listen to who’s speaking in order to focus on them until it’s someone else’s turn to speak. Obviously, these will again become in demand as people start returning to their offices after a 14-month break in routine. They also can come in handy or smaller, home-based offices, although that’s not where the trend is going at this time.

Here are two of the leading providers:

Poly: Poly, based in Santa Cruz, Calif., is the simplified namesake of the 2018 merger of Polycom and Plantronics, two highly respected makers of next-gen peripherals that include headsets, microphones, video cameras, virtual PBXs and automated video directors. The company was undeterred by the pandemic that hit U.S. businesses in March 2020, adapting its frontline videoconferencing product lineup to be used in smaller, home-type offices. The Studio P series of videoconferencing units, launched in early 2021, became a first-class example of how enterprise-level video streaming and presentation equipment could work inside a home office.

The Poly Studio P Series includes the Poly Studio P5 Webcam, Poly Studio P15 Personal Video Bar (pictured) and Poly Studio P21 Personal Meeting Display. The Poly Studio kits connect with other company products as needed by users. Bundles can include the new Studio P5 camera with Poly’s award-winning headsets or the portable Poly Sync intelligent speakerphone to set up a complete work-from-anywhere scenario. These personal devices combined with Poly Lens Desktop App and Poly+ paid subscription services to bring hardware and software together into one package in order to simplify device management.

Poly also has a partnership with Zoom that enables users to use that collaboration app as a primary or alternative channel for meetings of any kind.

Jabra: Jabra, based in Lowell, Mass., came out in April 2021 with its new PanaCast camera lineup: the Jabra PanaCast 50, designed to be the world’s first “new normal”-ready intelligent video bar, and the Jabra PanaCast 20, an intelligent personal camera.

PanaCast 50 takes on the role of the “director” of a meeting; it intelligently adjusts the video stream to follow the action in the meeting. This allows Jabra PanaCast 50 to detect active speakers and the flow of conversation, delivering a remote meeting experience that’s fully immersive and responsive.

Three 13-megapixel cameras mounted in a high-precision multi-camera array create an immersive 180° field of view in Panoramic-4K that covers a whole room.

The PanaCast 50 can deliver two video streams simultaneously. This allows the device to perform multiple functions at once, so while one video stream is busy focusing on the meeting participants, the second can be used to focus on a particular area of interest within the room.

PanaCast 50 also delivers an independent data stream that provides anonymous people count meta-data as real-time numerical information. Because of its 180° field-of-view, PanaCast 50 can achieve 100% coverage of the meeting room and provides an opportunity to count everybody in the room.

Others in this category: Samsung, Sony, Panasonic.

Portable videocams

Logitech: This company makes some of the highest-quality webcams in the business. Go here for product information.
Poly: Poly’s P5 webcam is a professional-grade unit that is in high demand. Go here for product information.
Jabra: The Panacast is another high-quality webcam used in numerous offices. Go here for product information.
Others in this category: Dell, Papalook, Fuvision, Amcrest, Hrayzan.

Enterprise security for home office

Key players in this market: Companies with a percentage of their employees who are working remotely–and that’s a high number in this pandemic time window–should be aware of the following 12 service providers and their security packages.

In alphabetical order:

Akamai: Intelligent edge platform
Aruba: Edge-to-cloud security
Awake: Partnership with Arista a major deal
CrowdStrike: Focuses a lot on human interaction in remote security.
iBoss: SASE and Zero Trust
McAfee: AI a big feature in this platform
Microsoft: Azure Sentinel, Microsoft Threat Experts
Netskope: Ransomware protection in the cloud
Palo Alto Networks: Has been providing network-to-branch security since 2011
SecureLink: Remote location security
VMware: Anywhere Workspace is latest offering
Zscaler: Zero Trust Exchange Framework

For more information from the extensive eWEEK security library on this topic, go here.

The post How to Equip a Next-Gen Home Office appeared first on eWEEK.

The post Enterprise Security at Home: Remote Access Options appeared first on eWEEK.

Okay, so we’re a full year into the first worldwide pandemic in 100 years, and it’s shifted our world completely. Nothing is the same as it was–and in just about every segment of our lives. In this article, the first of a special eWEEK series on “The Home as Enterprise Branch,” we’re focusing on the continuing evolution of our home and office workplaces, which generally have been held hostage by nagging effects from the pandemic.

In this series, we’ll be looking at this sea change in terms of networking, security, devices, collaboration tools and applications. We’ll examine what kinds of devices and security are available for individual use cases for companies large and small that are using homes as literal enterprise branch offices. We’ll have thought leaders in this area offer their perspectives all along the way. It’s safe to say we’ll all learn a lot.

Pain points of remote work

Generally, what both enterprises and employees want is freedom to work from anywhere on a phone or laptop that is safe, reliable and efficient: a workplace that is a moveable feast for normal and power users alike.

Matt Martin, co-founder and CEO of smart calendar assistant maker Clockwise, outlined for eWEEK some of the key pain points of enterprise business done inside private residences.

“The pandemic has made it even more difficult to find focus — from non-stop Zoom calls to kids shouting in the background, we’re all struggling to prioritize our time,” Martin told eWEEK. “As a result, workers end up with schedules that hurt their productivity–whether it’s hours of back-to-back Zoom calls, or a meeting falling in the middle of a block of focus time designated to get work done on key projects.

According to his company’s latest customer information, Martin said that time spent in team meetings has increased by 25% as people have shifted to working from home since the start of the pandemic.

“We also found that about 60% of our users view scheduling and rescheduling meetings as a significant pain point,” Martin said. “So we built our own smart scheduler to make it radically easier for teams to collaborate, while preserving time for everyone to focus on their most important work.”

This problem is especially felt by engineering organizations and teams, where focus time is a precious commodity, Martin said. Without adequate focus time, engineers lack the critical heads-down and problem-solving time to develop and deliver effective products on time and of the highest quality, Martin said.

Employees working more often from ‘anywhere’

During the past few years, software-defined network routers for both enterprises and home offices are being shipped with better and faster data streaming and security, making everything more efficient. They’re also now outfitted with intelligence software that helps move data to the right places in automated fashion. Companies such as HPE’s Aruba, Cisco Systems, Juniper, Qualcomm, Open Systems, Masergy and others are busy filling these needs for home, small office and large office SD-WAN installations.

5G connectivity from telecoms won’t be in the mainstream market for a while yet, but WiFi 6E units have been available for more than a year and are way more performant than the elderly WiFi 2.4 and 5.0 systems that are so common in home networks.

VMware, known far and wide for its B2B data center product line but not necessarily for its home-based products, is reinventing itself again. The Palo Alto, Calif.-based software giant rolled out a new remote workplace platform, VMware Anywhere Workspace, on April 20 that uses its Workspace One package as a centerpiece. Go here for a complete report on the new platform

Sanjay Uppal, who came to VMware three years ago in the acquisition of SD-WAN maker VeloCloud Networks, now runs the company’s new Service Provider and Edge business unit. This comprises three key networking sectors: SASE (secure access service edge), communications services providers and edge computing, “because a lot of applications are becoming edge-native,” Uppal told eWEEK.

“We already had businesses that were targeting employees’ productivity with our Workspace One solution, but the pandemic accelerated a lot of our plans,” Uppal said. “When a company with, say, 5,000 employees had to move most of their offices to home or a coffee shop, suddenly there were a whole lot more connections that you had to get in. You had to worry about operational flexibility as well as the performance of all these folks coming in.”

So this is VMware’s opportunity, as Uppal sees it, to address all these issues at once: bringing their existing products together to solve networking problems for the enterprise, the service provider and for the employee as companies move to become “anywhere” businesses.

Lots of upgrading now in progress

With the advent of widespread SD-WAN, WiFi 6 and 5G on the horizon, plenty of key decision-makers are, in fact, currently upgrading their networks. Speed in moving data streams to where the computing is taking place, and vice-versa, has never been more important to businesses–local or global.

WiFi 6, for one example, enables speeds to improve, latency to recede and cause familiar limitations of WiFi to vanish. The relatively fallow ground of 6GHz means that compromises due to legacy devices would be gone, making WiFi something that you could use anywhere in the office or on the production floor.

Imagine WiFi 6 at 60GHz. With all of that extra bandwidth, wireless capacity would move far beyond the current limitations of fiber networks in the office. While there will still be a role for fiber outside of the office, inside the office, 60GHz WiFi 6 will simplify enterprise networking by providing a multi-gigabit infrastructure without the disruption of cabling or the expense of wired infrastructure.

‘COVID-19 has changed the working world forever’

Henning Volkmer, president and CEO of cloud-printing software maker ThinPrint, Inc., told eWEEK that “COVID-19 has changed the working world forever. Fortunately, this means that hybrid work is making its way as the new standard, leveraging the positives and avoiding the downsides of both working options.

“Decisionmakers can address the IT challenges ahead by understanding the various solutions that are at their disposal to ensure a smooth transition to support their organization’s home office and traditional office hybrid workplace.”

Next in this series: Enterprise Security Needed at Home: Remote Access Security Options

The post What Next-Gen Networking Brings to the Home Table appeared first on eWEEK.

Moreover, in addition to coping with the evolving nature of the threats themselves, enterprises must also adapt their security postures to accommodate their changing infrastructures. Measures developed for bare-metal servers inside a controlled data center are not well suited for organizations that have adopted approaches such as server virtualization and private cloud.

Traditional network topologies isolated sensitive workloads using basic segmentation and focused protection at the perimeter using measures such as firewalls and intrusion protection. Perimeter measures protect solely against threats from outside the network; they cannot see internal traffic.

The coexistence of multiple workloads side-by-side on shared servers sets the stage for attacks from within. By compromising a trusted source such as an end user, a cyber-attack can breach the perimeter and become an internal threat. Once inside, the attack can move laterally to infect a broad swath of the network, unless measures are taken that are specifically designed to address internal threats.

Isolating and Securing Applications with NSX Micro-Segmentation

In multi-tenant environments, workloads must be protected against internal threats that may originate from other workloads. VMware introduced micro-segmentation within the NSX network virtualization platform to address this need. Micro-segmentation isolates sensitive workflows from each other and allows administrators to secure them individually using fine-grained network controls and security policies.

Critical to NSX’s implementation of micro-segmentation is the hypervisor-embedded NSX Distributed Firewall, which enforces policy rules that govern the flow of traffic through individual virtual network interfaces. It is a stateful firewall, meaning that it monitors and tracks the states of active connections as the basis for context awareness.

Using that context, the distributed firewall can determine what application generated a piece of traffic, regardless of what port it is operating on and what protocol it is using. This visibility into the application layer (L7) is a distinguishing characteristic of the NSX Distributed Firewall, compared to competing solutions. It allows for firewall rules that are based on individual applications, reducing the attack surface for would-be assaults.

An application-centered security approach using micro-segmentation also automates and simplifies management. Firewall rules are automatically created when new VMs are spawned, remain with the VMs as they migrate across physical hosts and environments, and are removed when VMs are terminated.

In the broader context of enterprise virtualization, automating security along with the other factors of network, compute, and storage is central to transforming the enterprise for greater agility and efficiency while also improving

services. Full integration of all these factors into the VMware vSphere environment ensures optimal performance, security, and scalability compared to solutions cobbled together using bolt-on services.

Securing Workloads in a Multi-Cloud World

Micro-segmentation allows organizations to lock down workloads directly, rather than focusing on physical infrastructure. This ability helps IT embrace a world where workloads are distributed across multiple premises and public clouds that the organization doesn’t control.

In particular, organizations operating in a multi-cloud context cannot hope to efficiently create bespoke networking and security postures for each cloud they use; the operational complexity of doing so would simply be prohibitive. What’s needed is a way of controlling and securing applications and data across on-premises data centers, public clouds, and the network edge.

NSX addresses this need by applying a consistent set of security policies in software to workloads across all these environments. Equally important to having consistent policy is to enforce it consistently across all the locations and types of workloads in the enterprise. The NSX Distributed Firewall interface provides a centralized means of applying policy and providing verifiable, consistent enforcement both on-premises and off.

The NSX Cloud solution is pre-verified and optimized for use with leading public clouds, including Amazon Web Services and Microsoft Azure. It also applies and enforces security policy consistently across various types of workloads, whether they run on bare metal, in VMs, or in containers.

Adapting to Constant Change in Modern Applications

The applications that enterprise workloads are based on are no longer the localized and static entities that have prevailed for decades. Today’s enterprise software may be distributed across multiple locations and clouds instead of being hosted on a single server, and it may self-update frequently, creating a dynamic, constantly changing identity and set of behaviors.

The distributed and dynamic nature of modern applications makes it difficult for IT organizations to create and maintain security policies that take advantage of an understanding of application behavior. In addition, those organizations typically lack the tools and control points to enforce such policies, particularly across the full spectrum of infrastructure where the applications operate.

Adaptive micro-segmentation addresses these shortcomings, enabling IT to automatically maintain and enforce security policies for dynamic, distributed applications. It begins by using VMware AppDefense to analyze applications based on their workloads and network traffic. That analysis generates deep intelligence and understanding of intended, known-good application behavior.

Based on that understanding, AppDefensecreates creates micro-segmentation and other security policies that eliminate unnecessary communications and pushes them to NSX, reducing the attack surface. NSX also provides control points for robust, holistic enforcement of those security policies, even across multiple data centers and clouds. It locks down workloads and legitimate communication paths to protect against direct attacks on applications.

To address the dynamic nature of applications, adaptive micro-segmentation watches for changes to any software component. AppDefense automatically adapts security policies in response to application changes, then applies those policies with NSX, dramatically simplifying management and maintenance, as well as improving the protection of applications and their component workloads over time.

Conclusion

VMware NSX provides application-oriented security suited to the multi-tenant reality of today’s virtualized and multi-cloud networks. It expands on the traditional security emphasis at the network perimeter, extending protection to the internal network, where the vast majority of traffic occurs. It also automates security, protecting networks and workloads as they are dynamically created and decommissioned, while responding to the changing needs of applications and the environment.

Software-first networking with NSX protects workloads across bare metal, virtual machines, and containers, whether on-prem or in a multi-cloud environment, with greater visibility and control over workloads and data. NSX positions network operators to better protect their data and the rest of the business as they reach for the agility, flexibility, and cost efficiency benefits available to them from software-first multi-cloud networking.

To learn more about software-first networking, visit
www.vmware.com/software-first-networking

Contributor: Matt Gillespie is a technology writer based in Chicago. He can be found at www.linkedin.com/in/mgillespie1.

The post Virtual, Multi-Cloud Networks Require New Approaches to Security appeared first on eWEEK.

The future requires pervasive, end-to-end connectivity for applications wherever they are: inside or outside the data center, potentially traversing multiple third-party clouds. Managing and securing workloads across these diverse infrastructures requires a software-first approach that abstracts the control plane from the physical network underlay.

This approach’s focus on applications and their workloads, rather than on network equipment, re-aligns network operations to enable a pace of change that isn’t dragged down by the need to make hardware changes. It also allows a holistic approach to security and management, regardless of the physical network. These capabilities make the enterprise more cost efficient, escaping the spend-and-replace cycle for network equipment while embracing all topologies, including multi-cloud.

VMware NSX is the only network virtualization solution that integrates natively with the rest of the virtualization layer in vSphere environments. Other solutions take a “bolt-on” approach that typically falls short in many respects, such as requiring manual configuration when changes are needed. That manual work is inefficient, prone to error, and may increase the likelihood of expensive outages. As bolt-on point solutions accumulate, these limitations are often compounded by the increasing complexity of a cobbled-together environment.

Software-first networking is abstracted from the underlying network hardware, bridging different infrastructures by design. In addition, the broader network ecosystem is enabling and optimizing physical infrastructure for NSX. For example, when Cisco Application Centric Infrastructure (ACI) operates in network-centric mode, it interoperates hand-in-glove with the VMware network virtualization layer.

Cisco ACI in network-centric mode complements NSX, providing a robust, highly reliable foundation for management and operations at the physical network layer. This combination enables a common, policy-based operational model across physical and virtual networks, with NSX providing network virtualization and ACI automating the addition and configuration of physical hardware.

Simplify and Accelerate Network Operations

IT organizations must continually negotiate among the conflicting priorities of multiple business units, and this complexity can be especially acute in network operations. Giving preference to one stakeholder over another is problematic at best, and the underlying lack of agility often leads to unmet business needs. Worse yet, the need to accelerate application deployment often leads to shortcuts that can compromise workload security, availability, and continuity.

Just as server virtualization has simplified compute infrastructure and increased agility in mainstream data centers, virtualized networking based on NSX decouples the network from the underlying physical devices and fabric, to simplify and accelerate network operations. This abstraction seamlessly enables workloads based on VMs, containers, and bare metal to deploy and move seamlessly across different environments, such as data centers, branches, and clouds.

Architects and admins can now manage this complex topology as a single end-to-end fabric, using consistent policy throughout. And because networks are designed in software, they can be dynamically created and decommissioned as changing business needs dictate, with unprecedented control over the environment.

NSX enables network operators to embrace the need for dynamic change in their environments, while mitigating the risk traditionally associated with change. Creating application-specific networks in software enables unprecedented agility while limiting the potential impact of any individual change within the larger environment. As a result, networks are more responsive to emerging needs while also improving uptime.

With NSX, organizations can administer their environments with fast, automated network provisioning that is based on a central set of policies to govern disparate infrastructure elements. Programmatic control enables an accelerated pace of change that isn’t dragged down by hardware changes, increasing efficiency and reducing staff workloads.

Secure Traffic, Wherever it Needs to Go

Securing network traffic across multiple clouds and other infrastructures that you don’t control is a critical challenge. Traditionally, changes to network segmentation have been made through switch or router configurations, using methods such as virtual local area networks (VLANs) and access control lists (ACLs).

This approach can be cumbersome, requiring admins to touch each device individually, and it is poorly suited to the needs of a dynamically changing network. The security provided by these measures is also focused at the network edge, not protecting internal (east-west) traffic. By contrast, NSX protection operates at both the network and the workload levels, protecting internal traffic. It also protects workloads with consistent policy and enforcement across on-premise, hybrid cloud, and cloud-native (container) workloads. That consistency is critical to a uniform security posture across the entire environment.

Building networks on a per-application basis with NSX provides inherent network segmentation. In addition, NSX Distributed Firewall is a kernel-embedded distributed firewall that enables micro-segmentation, so organizations can define security policies at the level of individual workflows to isolate sensitive traffic. In addition, adaptive micro-segmentation enables NSX environments to dynamically adapt security policy for individual workloads and networks to the rapid changes that are common with modern applications.

Because this firewall functionality is embedded in the hypervisor, it provides near-line-rate throughput to avoid network bottlenecks. Because it is distributed, its cost-effective scale-out architecture automatically extends capacity as hosts are added. This approach also places the firewall close enough to individual workloads to access context information that enables simple and effective policy, while being far enough from the guest to avoid potential compromise.

Make the Business More Cost-Efficient

NSX gives network administrators the ability to programmatically provision and manage virtual networks, independent of the underlying network hardware. Because automation based on NSX eliminates the need for manual configuration of hardware when deploying those networks, it adds dramatically to cost efficiency.

Any topology—from a simple flat network to a complex multi-tier one—can be provisioned almost instantaneously, without the need for physical changes. Network changes to support changing business needs are handled in software, largely without human involvement.

By reducing the day-to-day burden of mundane tasks on IT personnel, those staff members are free to pursue higher value work for the business. Moreover, the ability to evolve the network for new capabilities and functionality no longer requires capital outlays for new equipment, allowing IT to escape the self-defeating spend-and-replace cycle.

In addition, software-first networking adapts to applications’ needs while embracing all topologies, including multi-cloud. Applications and workloads can be deployed onto the most cost-effective infrastructure available, including to a combination of various on-prem and cloud infrastructures. Those environments are networked using fabric-agnostic approaches with NSX, allowing them to fine-tune their desired balance between factors such as cost and performance, further optimizing operations.

Conclusion

Software-first networking with NSX gives network operators the means to break through the limitations of legacy hardware-centric approaches. Modernizing with NSX unifies disparate infrastructure from the data center to the cloud, spinning up virtual networks on demand.

Virtual network processes based on NSX are automated, flexible, and secure by design, operating on any network underlay. They improve alignment between IT and the business by enabling agile response to changing requirements. And they prepare for the future with infrastructure that is no longer tied to physical limitations.

To learn more about software-first networking, visit
www.vmware.com/software-first-networking

Contributor: Matt Gillespie is a technology writer based in Chicago. He can be found at www.linkedin.com/in/mgillespie1.

The post Software-First Networking Promotes Agility, Security appeared first on eWEEK.

Mainstream enterprises now have complex environments that include applications and workloads executing across bare metal, virtual machines, containers, and public clouds. Organizations must manage and secure network traffic across these diverse infrastructures, many of which may be owned by third parties. Particularly in the case of any model that includes public cloud resources, managing workloads in software is the only option.

In addition to the data being able to pass freely on any underlying hardware, control of the traffic must also be centralized and hardware agnostic. Automation and management must be independent of where workloads execute. Likewise, security must be baked into all workloads, whether they are running on a physical on-premise network, a public cloud, or a combination of both.

Unifying these heterogeneous environments to abstract away their complexity has become a strategic imperative. Virtual machines and cloud-native workloads have uncoupled applications from the underlying hardware. In similar fashion, networking and security must be uncoupled from the network hardware to allow cohesive deployment and operational models to be used across the entire on-premise and public infrastructure.

VMware NSX helps companies that have invested (or are considering investment) in Cisco Application Centric Infrastructure (ACI) to successfully adopt a long view toward capabilities they will need in the future, in addition to those they need today. VMware NSX and Cisco ACI complement each other, with each company playing to its leadership strengths.

Software-Enabling the Network with the NSX Overlay

VMware NSX virtualizes and abstracts the network, breaking down silos so data and workloads can move across different topologies. This software-defined approach extends across multiple networks and topologies in company-owned data centers, partner networks, and hybrid clouds, enabling disparate network segments to act together as one.

By defining the network in software, NSX can provision any topology on demand, in just seconds, regardless of the underlying hardware. Multiple virtual networks can be created to match whatever requirements the business presents, using both capabilities built into NSX and those of third-parties. Those networks can isolate traffic as needed and still be managed together as a coherent single unit, building operational efficiencies as well as taking flexible advantage of all physical resources available.

Workloads are fully portable across disparate physical environments, with operational efficiency that’s enhanced by automation to create and provision networks, optimize their operation, and then decommission them, all dynamically in response to changing business needs. By automating tedious, repetitive tasks, NSX increases efficiency, reduces human error, and frees IT staff to focus on higher-value work.

NSX provides a full range of logical elements to enhance these networks, including logical switching, routing, distributed firewalling, and load balancing. From a security standpoint, NSX provides segmentation down to the workload level, with security policies that move with migrating workloads wherever they reside and preventing the lateral east-west movement of threats within the data center.

These services are defined in software, making them independent not only of the underlying physical infrastructure but also of the logical network underlay. At the same time, interoperation with ACI enables customers to enhance fabric management. The physical IP fabric is provisioned and managed using ACI, including fabric connectivity to vSphere and NSX. ACI running in network-centric mode provides server connectivity, while NSX connects applications. This approach allows both ACI and NSX to each do what they do best while minimizing complexity.

Interoperation of the Cisco ACI Underlay and NSX Overlay

Cisco ACI is an integrated hardware and software policy-driven framework based on the Cisco Nexus 9000 family of switches. It delivers performance leadership and operational simplicity, for a rock-solid fabric that provides a robust foundation for network virtualization based on NSX. The combination offers both a programmable, software-defined network using the NSX overlay and robust ability to build and control ACI’s underlay fabric.

Traffic is encapsulated using virtual extensible LANs (VXLANs) for tunneling that enables VMs to operate seamlessly on any physical infrastructure. Connectivity between NSX, vSphere, and the ACI fabric is simplified with ACI endpoint groups that use VLANs to segregate traffic for operational functions such as transport, management, workload migration, and storage. This approach means that one-time configuration supports stable switch-fabric operations on an ongoing basis.

Capacity can be scaled out simply by adding additional physical ports, with a minimum of modification, helping maintain future-readiness for the network. New NSX logical networks can likewise be created without defining new VLANs, which simplifies the underlay to increase uptime by minimizing change, while adding the agility and flexibility of software-defined virtual networking.

In sum, using NSX as the virtual network overlay for ACI provides an agile environment that spans the data center and public cloud. The underlay is abstracted from deployed workloads to simplify service provisioning, while enabling the flexibility, security, and performance provided by NSX.

Conclusion

Together, VMware NSX and Cisco ACI enable an elegant strategy for network virtualization and fabric management, across the enterprise from the data center to the public cloud. This software-first approach enables customers to rapidly deploy a high-performance switching fabric that offers simple scalability with only minor changes to the network. Because NSX abstracts away those modifications from the workloads, services are not disrupted.

NSX provides full-featured network virtualization that complements but goes far beyond what a fabric-focused solution such as ACI can provide alone. At the same time, NSX is fabric-agnostic, meaning that it not only works with any fabric but is designed explicitly to work with multiple fabrics at the same time. Virtualizing the network with NSX eliminates physical dependencies and positions network operators for robust operation as business needs and network technologies continue to evolve.

To learn more about software-first networking, visit
www.vmware.com/software-first-networking

Contributor: Matt Gillespie is a technology writer based in Chicago. He can be found at www.linkedin.com/in/mgillespie1.

The post Optimizing the Intersection Between Virtual and Physical Networks appeared first on eWEEK.