The Secure Network Fabric Takes on the Data Center

By Gary Kinghorn, Sr. Product Marketing Manager

This week 3Com made a series of announcements regarding security and network resiliency for the data center and virtual networks. Strategically, this was a follow-on and update to our Secure Network Fabric story we unveiled last August. The announcements this week also included some key milestones in our Secure Network Fabric strategy that we had promised last year. Perhaps, most importantly, the announcements highlighted the continued integration of the security products from TippingPoint with the network infrastructure from H3C, particularly in support of data center virtualization projects.

The benefits of network and data center virtualization are quite compelling purely from a cost reduction, ease of management, and network simplification perspective. However, deploying security for these virtual environments has been a big challenge since we rely on physical security devices that may not easily adjust to our virtual architecture. A new product from TippingPoint, called vController, overcomes the challenge of securing traffic between virtual machines in the data center, even running on the same physical server, by routing traffic through physical IPS appliances with enough capacity to support multiple 10 Gb network connections and data center applications. vController is the first technology in the Secure Virtual Framework (SVF), the company’s vision for securing all elements of the data center. 3Com also announced a new TippingPoint SSL appliance for faster encryption/decryption of web-based application traffic to facilitate IPS analysis.

In further support of secure and resilient networks, 3Com also unveiled the new H3C S9500E switch platform which facilitates scalable data center deployments as an alternative to the higher end S12500. The S9500E also is an excellent core switch, with very high 10 GE and GE port density, allowing customers to go with more cost-effective two-tier data center architectures. We spent a great deal of time talking with analysts about our Resilient Virtual Switch Fabric (RVSF) and our Intelligent Resilient Framework (IRF) technology that provides greater than five 9s network availability.  IRF allows customers to deploy multiple switches in a fail-over mode for complete fault-tolerance, while allowing them to be managed as one virtual switch. With IRF, the network can take full advantage of all the switch capacity in active-active mode, potentially doubling throughput, while reducing network complexity and management costs for mission critical applications.

One of the pillars of the Secure Network Fabric story is network-embedded security modules, to support security throughout the fabric of the network. At the RSA conference next week in San Francisco, we will be demonstrating the first TippingPoint IPS security blade for the H3C S7500E switch chassis. This is a key milestone for the vision we laid out last August.

The important take-aways from the announcements underscore the importance of the Secure Network Fabric. Organizations can’t focus security at the perimeter, and it’s becoming more and more of a challenge to deploy security services as a bump in the wire. Virtual servers, virtual networks, and advancing resiliency technology all require security to be deployed throughout the fabric of the network and security products will need to adapt. The end result, though, will be more efficient and easily managed networks that are able to support more sophisticated security and compliance policies in support of new business initiatives.

New Internet Security Threat Trends Report Available

By Gary Kinghorn

A new co-branded report is now available from H3C and CommTouch, our anti-spam security partner, that details the latest Internet security threat trends as of the last quarter.  The report can be downloaded here.  The report discusses the Mal-Bredo A virus, which continued to circulate the world for the second quarter in a row; also discussed in the report are swine flu blended threat attacks, and other seasonal threats.

During the quarter it was noted that spam email constituted 77% of all email traffic. An average of 312,000 zombies were newly activated each day for the purpose of malicious activity, with Brazil being responsible for 20.4% of global zombie activity. The report also includes the latest in malware and phishing trends, as well as Web 2.0 attacks and the always entertaining “Top 10 Most Ridiculous Spam Subjects”.

H3C Data Center Switches: Certified Green, an Industry First

The H3C data center switches are on a testing roll. As we’ve talked about already, our H3C core switches got kudos from independent testers for their exceptional performance and resiliency. Now our switches have gotten a nod on efficiency.

This time around the accolade comes from Miercom, a leading provider of independent test services who put our H3C S12508 core switch and its smaller, top-of-the-rack cousin, the S5820X, through their paces. At the end of the testing, Miercom gave both switches its “Certified Green” award—the first ever data center class products to receive this designation.

The Miercom certification validated that our H3C switches use up to 50% less energy than competitors. Miercom also gave the nod to our Intelligent Resilient Framework (IRF) technology, calling it another green innovation that further reduces energy consumption. IRF technology helps customers deploy a flatter, higher performing, yet simplified two-tier network design that requires fewer switching platforms.

That 3Com wins such distinction is no fluke, of course. 3Com has long recognized that operational excellence for modern IT requires a deep commitment to energy efficiency. We know it’s not something that can be retrofitted into old, power-hungry gear or slapped onto new products as an afterthought or, worse yet, on paper only.

Seeing is Believing

By John Gray

A few months back you may have heard or read about how our H3C S12500 core data center switch was setting unmatched performance and resiliency standards for core data center switching in 3^rd party testing (see H3C Sets New in Independent Tests).

As proud as we are of these testing results, we realize that words on screen (or paper, as the case may be) can be easy to dismiss. But seeing these new data-center switches in action—now that’s a different story altogether.

That’s why we decided to partner with Spirent at its Sunnyvale, Calif., data center proof-of-concept lab—so you can see our next-generation H3C data center switching solutions in action.

This proof-of-concept demonstration will showcase the capabilities of our flagship H3C S12500 and S5820X top-of-rack data center switches.  These demonstrations will provide a firsthand view of how the network handles a host of next generation application, service and user requirements, under various traffic and protocol conditions.  These conditions include Layer 2 and 3 switching, IPv4, IPv6, MPLS, BGP routing, streaming video and other advanced multicast services.

Visitors to the lab will also see the power of 3Com’s innovative Intelligent Resilient Framework (IRF) technology, which allows thousands of 1- and 10-Gbps Ethernet ports to be managed as a single virtual IP address, enabling unprecedented scalability and sub 50-millisecond recovery from a network disruption.

Will it blow you away? We think so.

The data center demonstration will run through January. If you’re interested in stopping by, contact us for more information.

For more information on the SPoC test, you can also check out this video interview with Philippe Michelet – 3Com’s Data Center Portfolio Leader.

Real Security for a Virtual Network

By Gary Kinghorn

Virtualization has certainly become a driving factor in networking, application deployment and data center design over the last few years. One of our marketing folks recently ran across an interesting deployment scenario where as part of a large network virtualization project, they were also making use of virtual firewalls to virtualize the security layer of their network, further reducing costs. While the first step of virtualization usually happens in the application server, customers should also be thinking about ways to reduce hardware costs and management complexity by taking advantage of the same concepts inherent in all of our H3C security appliances and blades.

The typical deployment scenario goes something like this: A large distributed enterprise has multiple campuses, or a large distributed campus, with divisions or groups spread throughout. You can think of these as potentially subsidiaries of a conglomerate, departments in a university, or logically separated clean-room projects. The problem is that the physical location of the groups is not aligned with the physical layout of the campuses or buildings. This is a challenge for network designs that frequently are aligned with campus layouts and not the virtual organizations. Virtual Local Area Networks (VLANs) work well locally, when closely mirroring the network topology, but don’t work well across the enterprise WAN, since Layer 2 network virtualization doesn’t scale when extended through the Layer 3 routers.

Providing the functionality of a VLAN for a widely separated logical group (over a Layer 3 WAN or router core) requires a technology called Virtual Routing and Forwarding (VRF). This provides what could be thought of as a virtual VLAN (but that sounds both redundant and confusing). These new private WANs are more accurately called VRFs, or what can logically be viewed as a wide area broadcast domain.

VRFs effectively provide the appropriate policy enforcement and network capacity appropriate for each division or group, no matter what their size, while sharing the same Layer 2 and 3 network infrastructure with many other VRFs. This can help optimize network resources and provide better service to individual users. These VRFs are reasonably straightforward to set up and manage since the H3C networking infrastructure and management platform supports this capability for highly scalable deployments.

But things get even better when enterprises take advantage of virtual firewalls. Whereas logically distinct organizations sharing a network would need their own firewall to protect their LAN segment and to define their unique security policies, firewalls no longer need a one-to-one correspondence with the LAN segment they are protecting any more than an enterprise application still needs its own server to provide adequate service. In essence, a single physical firewall can be divided into hundreds of virtual firewalls, each with its own distinct set of rules, aligned with a particular LAN segment, VLAN, or VRF and can be individually managed by a local group administrator (as needed).

The enterprise class SecPath F5000-A5 and the SecBlade VPN Firewall module, for example, both support up to 256 virtual firewalls. The SecBlade module could be deployed right into one of the core router chassis, and all the traffic that flows through the firewall can be partitioned to the right VLAN, applying the relevant policies. A widely distributed VLAN doesn’t need a firewall at each physical site. A few physical firewalls can support hundreds of distributed VLANs in a highly scalable fashion, no matter how widely distributed, as part of a larger virtual network. This can greatly reduce the proliferation of security devices by consolidating and centralizing deployments, while greatly reducing ongoing management costs and overhead. Networks will be able to grow more efficiently and cost-effectively, and maximize use of shared resources.

Interested in hearing more? Give us a call and we’ll show you how.

Webinar: HP Acquisition of 3Com

Ron Sege, president and COO of 3Com, and Marius Haas, HP senior vice president and general manager of the ProCurve Networking unit, went into further details about HP’s landmark $2.7 billion acquisition of 3Com in a webinar that took place Wednesday, Nov. 11. Please click here to register and hear the webinar.

HP to Acquire 3Com for $2.7 Billion

Today 3Com entered into a definitive agreement to be acquired by HP for an enterprise value of $2.7 billion. The result is a powerhouse that is intended to disrupt the networking industry by offering customers cost-effective, open standards-based alternative data center and network infrastructure solutions.

Not only is this a great transaction for our shareholders, who receive a significant premium over today’s closing stock price, but this move dramatically accelerates the execution of our proven “China Out” disruptive strategy by leveraging HP’s customer and channel reach, as well as its investment capabilities. The market will now have an unmatched innovative networking solutions provider that can serve all networking and data center needs under one roof.

With this announcement, our customers and prospects will get a direct response to their repeated requests for an offering that doesn’t lock them into proprietary network architectures, inflexible service offerings and unfocused strategies that at one point became the norm. In fact, they get a commitment from HP and 3Com to deliver an open, highly optimized and flexible IT environment that aligns infrastructure to business demands and doesn’t require customers to commit to a closed architecture or to settle for a cobbled-together solution.

This deal gives HP a leading market position and a large, talented, cost-effective R&D team in China, and an enterprise sales force in the rest of the world that has been consistently gaining market share across the globe with marquee wins such as Peugeot, SNCF, MIT, Infraero and the South Korean army, to name a few. It also gives HP access to a proven differentiator in our broad, modern product portfolio, which includes the H3C enterprise networking solutions and the TippingPoint security solutions that address our customers’ desire to have security as an integrated part of the network.

The networking industry experienced a significant change today. It gained a one-stop networking solutions provider that addresses the fundamental challenges facing customers today: simplifying and security the network, deploying best-in-class solutions with lowest total cost of ownership, and transforming the network from a connectivity tool to a business enabler. Of course, we have to obtain shareholder approval and certain government approvals, and meet certain conditions before we can close this deal; in the meantime, we operate as two independent companies.

I invite you to share your thoughts about this exciting industry development with us.

John Vincenzo

VP Marketing

Additional Information and Where to Find It

802.11n Is Here; Is It Time to Cut the Cord?

By Joe Vukson, Enterprise Product Marketing

By now, especially since it’s been seven years in the making, many of you have heard that 802.11n is now a ratified standard. With performance and features that put connecting to the network via .11n on par with, and in some ways better than, connecting via a wire, is it time to cut the cord and unwire the enterprise?

Today, laptop sales far outpace desktop shipments. New dual-mode mobile devices are introduced every day. This creates a ready user base to take advantage of 802.11n’s speed, reliability and range, and therefore, the potential to replace wired connections, or at the very least, blur the lines between wired and wireless connectivity. And with the standard ratified, prices will surely come down as more enterprises adopt, quickly moving the technology toward commoditization and causing a reduction in components and manufacturing costs.

With all of these factors at play, wireless is no longer the slower-performing and less-reliable cousin to a wired connection. Users have a viable option that  elevates efficiency and productivity by enabling them to connect to more than just the Internet and e-mail; they can now access multiple applications and systems simultaneously,  allowing them to do their jobs anywhere at any time.

.11n delivers…

• Speed – Up to 6 times faster than a legacy 802.11 a/b/g connection. Now, wireless connections are faster than a wired 10/100 Fast Ethernet connection.

• Capacity – Multiple-input/multiple-output (MIMO) radio technology enables support for more users and overall improved reliability and user experience.

• Range – Users that are farther away from access points (APs) will still have higher data rate connections than .11a/b/g connections and enterprises can conceivably cut back on some APs in areas where wireless is not as much of a requirement, while still having ample connectivity.

While we’re sure to see more of the access layer blending wired and wireless, the backbone, which often commands speeds of 10 Gigabit Ethernet and beyond, will continue to rely on electrical tether to connect users at the wireless or wired edge back to the core and data center.

Enterprises need to think about both wired and wireless LAN (WLAN), and be able to deploy, administer and manage them as part of a comprehensive network infrastructure strategy.  Essentially, abstracting the wired network with wireless, and managing them as a unified network access layer.

The ability to extend features and benefits of the wired network—including user-driven policy and security, quality of service (QoS) and other features—to the wireless network, is critical to delivering a consistent user experience regardless of how a user accesses the network. This single view of the user will go a long way to streamlining the enterprise IT staff’s responsibilities and making them more efficient and able to focus on bigger, more strategic issues.

Enterprises also have a lot to gain when unifying their network infrastructure. From a capital expense standpoint, deploying modules that physically integrate into modular chassis and flex chassis switches, as well as branch office-ready unified wired and wireless switches, limits the physical number of devices in the network. Operationally, fewer devices mean reduced demand for power, cooling and space requirements either in a data center or wiring closet. Additionally, wired and wireless solutions that leverage a common operating system and managed from a single management platform reduce the amount of training and overall maintenance while increasing security, control and performance.

So, to answer the question: While .11n is a monumental leap forward compared to legacy .11 a/b/g networks, wired connections still—and always will—have  their place in the enterprise. The opportunity for real efficiency and value to the user is to manage them as a unified network access layer where .11n will certainly have a positive impact. Hospitals will be better able to care for patients with the ability to share enhanced care information with doctors and nurses faster regardless of where they are in the hospital. Schools and universities can create more interactive classrooms and campuses, leveraging rich media content that attracts students. IT organizations that are being tasked with deploying .11n will be wise to understand how to leverage their current wired infrastructure and maximize this new technology’s impact.

Buyer beware of the vendor who tells you a mixed-vendor network is bad

By John Gray

I recently listened to a presentation in which an IT analyst presented a case for how mixed-vendor networks are less reliable, more complex and costlier than a single-source vendor strategy.

While the analyst made some interesting points, he failed to acknowledge any of the key benefits that a dual- or multivendor-network strategy offers customers.

For starters, a multivendor network provides enterprises with the freedom to choose.

Rather than having to adhere to one vendor’s proprietary or monolithic architectural view of the world, a multivendor strategy enables enterprises to leverage open standards‐based solutions that are aligned to a customer’s business priorities, and not the other way around. This freedom enables enterprises to choose the best possible solution, rather than having to settle or compromise for a certain product simply based on the logo on the front of the box.

Decades of standards work by industry groups such as the IETF have enabled this broad multivendor interoperability across L2/3 networks for key networking functions like switch trunking, VLANs, QoS and Power over Ethernet (PoE), to name just a few.

What is it going to take to earn YOUR business?

Furthermore, multivendor competition levels the playing field and creates an environment where competing vendors become VERY focused and innovative on how they can earn a customer’s business through aggressive pricing, value-added services and feature/product commitments.

If nothing else, this type of open competition at least keeps an incumbent vendor honest and as sharp as it can possibly be on pricing and support. In a best-case scenario, customers may learn they can save tens or hundreds of thousands of dollars.

But my (single-source) vendor keeps telling me about multivendor complexity, issues, etc., etc. …

There’s a reason they keep telling you this: There isn’t much upside for an incumbent supplier if you bring in a second vendor! The reality is that current best practices for running today’s network infrastructures apply to both a single or multivendor network. For example, establishing well-defined, open standards boundaries between the access and core network layers provides a logical demark to deploy a different vendor solution if it makes feature/function or economic sense to do so.

In fact Gartner recently published a research note around this very topic citing that: “The operational impacts of introducing a second vendor for basic network infrastructure are modest and easily handled by most organizations.” It continued: “Introducing a second vendor will reduce capital expenditures (capex) by at least 30% (and often more), while only minimally increasing operational expenditures (opex).”

I’d be interested in hearing your stance on single- versus multi-vendor networks. Which do you think is more advantageous?

3Com Analyst Relations Quarterly Update

By Mary Gabra

3Com’s Analyst Relations division issues a quarterly newsletter to update industry analysts around the world about major events and happenings at 3Com. The last issue was just recently published and because of the positive feedback I received, I wanted to share it with readers of the 3Com blog as well.

Our newsletter encapsulates the most important news about 3Com from the previous three months: a summary of our most recent financial results, a section on company updates (such as strategy announcements, major launches, etc.) and another section highlighting marquee customer wins in each region.  I also include references to any recent product validation reports, webinars or events that 3Com is participating in.

Highlights of this issue include:

• 3Com kicked off its FY10 with a very solid Q1, exceeding market expectations!
• 3Com maintains #2 ranking worldwide in Ethernet ports shipped!
• 3Com delivers secure network fabric through integration and expansion of TippingPoint and H3C Solutions.
• H3C S12500 Series switches set new performance standard for data center switches in independent tests.

To access this issue, click here.

Feedback is always welcome and appreciated!