Vortex Blog
June 16, 2006
The real issues behind the 'Net neutrality debate
Dear Vorticians,
The issue of 'Net neutrality has been in the news of late, as Congress looks to revamp the nation's communications laws - with a primary focus on making it easier for the big telcos to offer television services in competition with the cable companies.
Most of the major media outlets have carried stories, opinion pieces and polls on the topic of 'Net neutrality, as senior executives from the Internet companies like Google debate senior executives from the communications world. Network World is no different. This week, for example, we have an excellent debate on the issue of 'Net Neutrality that pits Cisco's Senior Managing Director of Global Advanced Technology Policy Robert Pepper, a former FCC chief of policy development, against Gigi Sohn, the president and founder of Public Knowledge, a public interest advocacy group. You can start with Vortician Pepper's presentation here.
We also have a very lively forum on the topic that's being moderated by David Isenberg, a fellow at Harvard's Berkman Center for Internet and Society, and Scott Cleland, well-known telecom analyst and chairman of NETcompetition.org, which represents telecom and wireless companies. You can put your two cents in here.
The heart of the debate: The Google camp claims no one should get preferential treatment on the Web, while the telco types claim they need to strike preferential deals with content purveyors to ensure quality delivery of all their videos and songs so they can recoup their network investments.
Both sides are right. But, more important it seems to me, both are missing the point. It seems like the whole country is.
Read more
Comments (0) | Permanent link
June 01, 2006
When it comes to Vonage - I told you so!
Dear Vorticians,
I rarely say "I told you so" and there's a good reason why. It's because I'm rarely right on the money. But when it came to Vonage's initial public offering last week, and the stock's subsequent performance, well . . . I told you so.
Back in August, when the voice-over-IP company began talking about an IPO, I said I thought the plan was a bust. So far, events are conspiring to prove me right (although it's still early in the game for Vonage and I may ultimately be proven wrong.) Vonage shares were offered at $17 but closed down 13% on the day of the IPO. As of this writing, they're priced at less than 12 bucks a share. A Wall Street Journal piece called Vonage's coming-out party one of the ugliest of the year. Ouch. (If you'd like to read my original piece, you can find it here.)
Why was I sour on Vonage? A variety of factors:
Read more
Comments (1) | Permanent link
May 25, 2006
Help to shape the new Security Standard conference
Dear Vorticians,
Having wrapped up our discussion on network access control, but being still in a security frame of mind, I wanted to give you a heads up on a new project I'm working on - a project about which I'd love to get your insights.
Working with Bob Bragdon, the publisher of CSO Magazine, I'm putting together the program for a new, executive-level conference called The Security Standard. (Tagline: The Security of Business. The Business of Security. I like that.)
Our goal with The Security Standard is to create a new kind of event that explores the most important business issues centered on risk management and the challenges of creating a truly secure organization - even, if it's possible, making security a competitive advantage in a very uncertain world. We want to bring together senior business and technology executives to explore the intersection of organizational, political, business and technical issues shaping security today.
Read more
Comments (0) | Permanent link
May 19, 2006
Readers have the last say on network access control
Dear Vorticians,
Over the past weeks, as I've explored different angles of the network access control market, I've received quite a bit of correspondence that I just haven't had the space to accommodate. (You know how we writers can just ramble on and on.) I want to wrap up my exploration of NAC by sharing some of these notes and I hope you'll respond to these reader thoughts and inquiries if you have the time and knowledge.
Vortician CJ Meyers, an IT executive in Florida, got on my good side by not only thanking me for the network access coverage but assuming I am a busy kind of guy - a risky assumption. He wrote: "Thank you for this blog! I am very interested in this subject and am happy that I found this blog to do some research before committing to a solution. I heard about the blog from the May 8th print edition of Network World. I already learned a great deal by reading those articles, and now with the blog, I've got some more great material to parse.
"Currently my organization is seeking a NAC solution and we were leaning towards the Cisco CleanAccess solution. However, we've recently become aware of a vendor called Mirage Networks that provides similar NAC functionality, but completely out-of-band and adds endpoint security without a client agent. I have a Webex with the vendor next week, but am interested in any insight or additional literature, comparisons, reviews, etc. that you may have come across in your research. I searched the blog and didn't get any hits. I know you must be terribly busy, but I appreciate in advance any help you can provide!"
Read more
Comments (1) | Permanent link
May 04, 2006
Extreme, Foundry and Juniper leaders speak on access control
Dear Vorticians,
This week I took to the halls at Interop in Las Vegas, where I had the opportunity to talk with a number of senior executives and customers about network access control - a major topic at the network industry's top conference.
As an aside, I've been going to Vegas long enough to remember when the City of Sin was tacky and cheap. Now, it's tacky in a new and completely different way and it's expensive as hell. Case in point: I acquired (it seemed like an acquisition) four cocktails - not all for myself, of course - at one of the swank eateries inside a major casino for the princely sum of nearly $55, prior to tip. That was the prelude to a meal nearly requiring a mortgage application.
Everything is so over-designed and so over-marketed to make you feel that you're among the world's young and hip and having an "experience" that it comes off feeling deeply manipulative. We're not having a wild night of abandon. We're having steaks after a day pounding the show floor. There's nothing for us to tell about what happened in Vegas when we leave Vegas because we're not really doing anything all that different than we do at home. Oh well, give me cheap and tacky Vegas any time. There was something about the raw seediness that I found more enjoyable.
Okay, I'm back.
While pounding that show floor, I met with leaders of three of Cisco's enterprise rivals and really pushed them on the issue of whether network access control provides an opportunity for them to make inroads against the 800-pound-gorilla of the network market. Surprisingly, they're split on the issue.
Read more
Comments (0) | Permanent link
April 28, 2006
What Microsoft's NAP means for the security market
Dear Vorticians,
For Microsoft, it is very good to be king and it makes all the sense in the world to build a network access control scheme that takes advantage of all your subjects - the operating systems that dominate the desktop market and control much of the server market. (For the earlier pieces in this ongoing discussion of network access control, click here.
Not surprisingly, Microsoft's Network Access Protection (NAP) strategy centers on enabling the Windows desktop client to communicate its state of security readiness to Windows server software, which decides whether the client can access the network or be restricted until its security health is brought up to policy. It's a fairly simple architecture and the best part for Microsoft is that the company has enjoyed pretty wide visibility for the NAP plan, even though it has not delivered on very much of it.
NAP is constantly being compared and contrasted to Cisco's Network Admission Control (NAC) strategy, for example, but NAP won't make its way into the world until the release of the oft-delayed Windows Vista client (which should roll out for business customers later this year) and the Windows Longhorn server software, which is still in beta. Microsoft says it is "investigating" - what an odd word - an update for clients that run XP with Service Pack 2 - meaning the rest of the world, so it will be quite some time before NAP gains much traction.
In the spirit of openness, Microsoft has pledged to support both Cisco's NAC and the Trusted Computing Group's Trusted Network Connect standards, which Cisco has not yet pledged to support. Microsoft's NAP documentation also outlines an important role for third-part security software and hardware in building a robust, secure enterprise ecosystem.
But make no mistake that the NAP plan is vital to Microsoft's strategy of owning much more of the lucrative and fragmented security market in the future. Microsoft has already moved into the anti-virus and anti-spam markets, something that strikes fear into the hearts of existing market leaders - no matter what they might tell you in public. (Here, I am reminded of the companies that once made a nice living selling TCP/IP "stacks." After Microsoft announced plans to embed TCP/IP, these folks all told me that Microsoft's offering would be weak and that customers would still be willing to pay for their more robust software. They're gone now.)
Read more
Comments (0) | Permanent link
April 21, 2006
What can Juniper learn from Enterasys in network access control?
Dear Vorticians,
Last week I went into some depth about Cisco's strategy in the area of network access control, which I believe is one of the more important technology and market battles shaping up for the coming decade. I find it hard to believe that anything could have been more important than reading that deeply insightful piece, but if you by chance missed it, you can catch up here. (In fact, you can find all recent Vortex Digest entries, including the piece launching this exploration of network access control, right here.)
This week, I want to spend some time looking at Juniper and a couple of Cisco's other competitors in the enterprise network arena.
Under its Enterprise Infranet umbrella, Juniper offers a competing vision of network access control, known as Unified Access Control, that differs from Cisco's in one critical aspect - its simplicity. Cisco's Network Admission Control strategy is more sweeping and more complicated, calling for many devices in the network to play a role in determining whether and when an end node may gain access to resources and applications.
Read more
Comments (0) | Permanent link
April 14, 2006
What's at stake for Cisco in network access control
Dear Vorticians,
Let me start by saying I was wrong. (Save this and savor it.)
In last week's piece beginning my discussion on network access control, I stated that Check Point was not a member of Cisco's Network Admission Control (NAC) partner program. Au contraire, as the company informed me. Yours truly was not savvy enough to notice that, unlike Microsoft's one-Web-page listing of its partners, Cisco's NAC program participant site is broken down into three sections listing partners that are shipping product and partners currently developing products, as well as "Non-NAC Cisco partners developing solutions" - a distinction that isn't explained (or maybe I missed that too.)
In my oversight, I not only failed to notice Check Point prominently listed in the "currently developing" products area but, worse, gave Cisco short shrift in the number of NAC partners I cited. Cisco lists nearly 80 partners in one form or another. Two gaffes in one entry. Wow. My apologies.
I began last week by saying that I believe network access control represents one of the ore significant battlegrounds of the coming decade in IT. Why? The key word is control. (Isn't it always?) This week, I'll look at what network access control means to Cisco and in upcoming editions, we'll explore what it means for companies as diverse as Microsoft, Juniper, Enterasys, Check Point and Trend Micro, among others.
When it comes to Cisco and end point security, control takes on a variety of shades.
Read more
Comments (0) | Permanent link
April 07, 2006
The battle for network access control
Dear Vorticians,
One of the more interesting 'battles' in the IT industry today is unfolding on the landscape of network access control. I put quotation marks around the word 'battle' because in this fight there is not only the customary clawing for high ground and accumulation of weapons (technology, marketing hype, etc), there is also an extraordinary alliance-building effort underway - one that involves virtually every major player in the IT eco-system as well as dozens of smaller companies. Companies are placing - and hedging - their bets on the key network access control architectures vying for customer attention.
At its core, network access control is a pretty simple concept. The idea is that the infrastructure should be able to control your access to resources (applications, information) depending on who you are and whether your access device conforms to your security policies. If, for example, you come back from vacation with a virus-infected laptop, the network would know enough to keep you quarantined until the virus was removed.
At a finer-grained level of control, the network access system would open up some resources and not others. Case in point: I'm a visitor at your company and I plug my laptop into an Ethernet port. You might let me browse the Web, but not access any internal resources.
Network access control is a critical step forward in security as our applications become more inter-enterprise in nature and the traditional network perimeter dissolves. But here's the problem. If you're an enterprise customer, which network access control scheme are you going to implement? On whose architecture are you going to bet the future of your company? Today, Cisco, Microsoft, Juniper and an organization called the Trusted Computing Group, among others, are promoting network access control schemes that are more or less incompatible and more or less complete, although none is very complete. Good luck picking a path.
Read more
Comments (0) | Permanent link
March 31, 2006
Why one reader says there will be no "Intel Inside" of networking
Dear Vorticians,
A couple of entries back, I wrote about a company called Bivio, which is building what it claims is a general-purpose processor for network gear that would free developers to focus on value-added capabilitiies in software rather than having to design and build new hardware when customer needs change. It's an ambitious goal and I asked readers to weigh in on its feasibility. Vortician Jeff Prince, the chairman and CTO of ConSentry Networks, which is in the increasingly hot network access control market (more on that in an upcoming report), offered this cogent analysis.
"John, I read your latest Vortex Digest, and the topic was related to Bivio and their general purpose hardware for developing networking products of the future. You asked for opinions, so here's mine. First, a little history. During the upturn in the late 90's, a number of startups based their entire company strategy on very complex, custom ASICs (application specific integrated circuits) and built significant value on the performance benefits that these ASICs created. After the downturn, there was reluctance by the venture community to invest in network companies that wanted to develop their own silicon due to the capital required to fund them. So most of the startups that were funded were building products solely based on off-the-shelf hardware. Given this backdrop it is easy to see how common platforms were born.
"The networking world has changed for the better with the introduction of merchant silicon from companies like Broadcom and Marvell focusing on Ethernet connectivity, which has become a commodity market. At Foundry Networks, our first products were completely ASIC-based, 13 custom chips to build a switch. Today networking companies can be much more targeted at the areas that they want to innovate in, and use merchant silicon for those functions that they don't. Now for Bivio..
Read more
Comments (0) | Permanent link
