Page 1


Automated solutions take on increasingly complicated network management tasks


Virtualisation leaders analyse why virtualisation is a musthave trend

MAKING THE LEAP Middle East IPv6 experts explain how to move from IPv4 and what companies need to know about IPv6


Corporate Ad_20.5x27.5


2:51 PM

Page 1

Contents 2 Editors Letter: We look at the problems and benefits of implementing IPv6 for enterprises and operators.


Network News: All of the hardest hitting stories from the Middle East’s network industry in April.

14 Online Highlights: Check out our editor’s picks of the month, the top reader comment and our NME poll results.

24 Top Tips for Moving to IPv6: The top IPv6 players outline the most important IPv6 strategies for enterprises.

33 What is Virtualisation? Alistair McLaurin, principal consultant with IT optimisation consultancy firm Intergence, talks us through virtualisation.

36 What is Network Consulting? HP explains its role in helping enterprises develop networks that will support their future business.

37 The Future Now: Help AG tells Network Middle East why it is time to move to next-generation firewalls.

16 Making the Leap How to migrate to IPv6 from IPv4 is one of the top concerns facing enterprises across the globe at the moment, Network Middle East speaks to IPv6 experts to find out what companies need to know and what their migration options are.

46 Protecting the Virtual Machine: Tarek Kuzbari of Kaspersky Lab outlines security options for virtual machines.


Securing Your Health: NME takes a look at a security software deployment at the Ministry of Health in Kuwait.

52 Alien Crosstalk and how to stop it: John Siemon, CTO and VP operations of cabling specialist Siemon, talks about converged cabling, shielded cabling and 10GBASE-T networks.

54 Top 5 Mistakes in Embracing the Cloud: Fortinet Middle East discusses mistakes enterprises make when deploying cloud.


26 Flexibility on Demand

40 Managing Your Network

Network Middle East gets to grips with virtualisation and discovers that one of the main trends driving virtualisation is the need for employees to be mobile.

As network management becomes increasingly complicated, so management software has become an essential tool to ensure performance and availability.

Security Stress: A former Pentagon security advisor speaks to NME about emerging security threats that enterprises are facing.

59 Network Security News: All of the latest security news this month.

64 Last Word: Challenging the industry.

5HJLVWHUHGDW'XEDL0HGLD&LW\ PO Box 500024, Dubai, UAE Tel: +971 4 444 3000 Fax: +971 4 444 3030 :HEZZZLWSFRP

June 2012 Vol.18 No.6

Editor’s comment



Offices in Dubai and London

The IPv6 Headache

he move from IPv4 to IPv6 is at the forefront of many enterprises’ strategies for 2012 and beyond. With the region having been assigned its last block of IPv4 addresses in the first quarter of 2011, companies across the Middle East need to take a close look at their existing network infrastructure and decide on a migration plan that will suit their requirements. While global adoption of IPv6 is still a long way off, if companies decide to postpone their IPv6 adoption until they are forced to change, they will miss out on customers from countries in Asia and Europe, which have already run out of IPv4 addresses and are actively migrating to IPv6. Unfortunately due to decisions made in the 1990s around IPv6, the new Internet Protocal version is unable to talk to IPv4 addresses, so, rather like an English-only speaker trying to talk to an Arabic-only speaker, they cannot understand each other. This means that networking vendors and telecoms providers are currently entering an awkward period, where they are facing differing requirements from different customers. The reason this period is so awkward is that the only new globally unique unicast addresses

you can get from your regional address registries are now IPv6 and regional address registries are becoming very protective of the few IPv4 blocks they have left. However, the majority of the user devices connecting to the internet are IPv4, the majority of content accessible over the internet is only IPv4, and the vast majority of service provider connectivity remains IPv4 only. Getting even basic connectivity to the IPv6 internet usually requires some form of IPv6-overIPv4 tunneling, and the average user has no way to enable this. Not only that, but although most modern operating systems are fully IPv6 capable, there are many that are not. There are also many types of enterprise network software that is likely to have issues with IPv6. Service providers are now faced with implementing IPv6 for the few customers (in the region) who want it, while also running IPv4 and a translation system that can convert between the two, which is at best a temporary solution as more IPv6 users come on line and the translation system has to be scaled to burgeoning demand. This means that for a considerable time service providers will need to run what is called a dual-stack system or

a similar solution, which can run both IPv4 and IPv6. However, dual-stacking has a fatal flaw; yes, the dual stacked device can speak equally to IPv4 devices, IPv6 devices, and other dual-stacked devices, and the transition can be driven by DNS, but, dual-stack means that everything an enterprise does will need both an IPv4 and IPv6 IP address, and since we are out of IPv4 addresses that is clearly not going to work, which begs the question, what now? Luckily there are three other options to ease the IPv4 to IPv6 conversion strain, but each one is really only a temporary fix. So, enterprises not only have to worry about their own network infrastructure, but they also have to worry about the service providers’ infrastructure. If you are an enterprise in the Middle East region considering the IPv6 move, the best thing to do is ask your service provider whether they can support IPv6 and work with them to implement a solution that works for you and make sure you start the process soon or you will be left far, far behind. GEORGINA ENZER Editor

Do you receive Network Middle East every month? To subscribe, please visit

,737(&+12/2*<38%/,6+,1* &(2 Walid Akawi 0DQDJLQJ'LUHFWRU Neil Davies 0DQDJLQJ'LUHFWRU Karam Awad 'HSXW\0DQDJLQJ'LUHFWRU Matthew Southwell *HQHUDO0DQDJHUPeter Conmy (',725,$/ (GLWRU Georgina Enzer Tel: +971 4 444 3316 email: 6HQLRU*URXS(GLWRU Mark Sutton $'9(57,6,1* 6DOHV'LUHFWRU George Hojeige Tel: +971 4 444 3193 email: $GYHUWLVLQJ0DQDJHUAnkit Shukla Tel: +971 4 444 3482 email: 678',2 6HQLRU'HVLJQHUMichel Al Asmar 3+272*5$3+< +HDGRI3KRWRJUDSK\ Jovana Obradovic 6HQLRU3KRWRJUDSKHUVEfraim Evidor, Isidora Bojovic, 6WDII3KRWRJUDSKHUV Lester Ali, George Dipin, Murrindie Frew, Shruti Jagdesh, Mosh Lafuente, Ruel Pableo, Rajesh Raghav 352'8&7,21 ',675,%87,21 *URXS3URGXFWLRQ 'LVWULEXWLRQ'LUHFWRU Kyle Smith 'HSXW\3URGXFWLRQ0DQDJHUBasel Al Kassem 0DQDJLQJ3LFWXUH(GLWRU Patrick Littlejohn 'LVWULEXWLRQ0DQDJHUKarima Ashwell 'LVWULEXWLRQ([HFXWLYH Nada Al Alami &,5&8/$7,21 +HDGRI&LUFXODWLRQDQG'DWDEDVHGaurav Gulati 0$5.(7,1* +HDGRI0DUNHWLQJDaniel Fewtrell (YHQWV0DQDJHU,73%XVLQHVV Michelle Meyrick 'HSXW\0DUNHWLQJ0DQDJHU Shadia Basravi ,73',*,7$/ 'LJLWDO3XEOLVKLQJ'LUHFWRU Ahmad Bashour Tel: +971 4 444 3549 email: *URXS6DOHV0DQDJHU,73QHW Vedrana Jovanovic Tel: +971 4 444 3569 email: ,QWHUQHW'HYHORSPHQW0DQDJHU Mohammed Affan :HE$GYHUWLVLQJ0DQDJHU Meghna Jalnawalla ,73*5283 &KDLUPDQAndrew Neil 0DQDJLQJ'LUHFWRU Robert Serafin )LQDQFH'LUHFWRU Toby Jay %RDUGRI'LUHFWRUVMike Bayman, Neil Davies, Rob Corder, Robert Serafin, Toby Jay, Walid Akawi &XVWRPHU6HUYLFH7HO Printed by Khaleej Times Controlled Distribution by Blue Truck Subscribe online at The publishers regret that they cannot accept liability for error or omissions contained in this publication, however caused. The opinions and views contained in this publication are not necessarily those of the publishers. Readers are advised to seek specialist advice before acting on information contained in this publication which is provided for general use and may not be appropriate for the reader's particular circumstances. The ownership of trademarks is acknowledged. No part of this publication or any part of the contents thereof may be reproduced, stored in a retrieval system or transmitted in any form without the permission of the publishers in writing. An exemption is hereby granted for extracts used for the purpose of fair review.

Published by and Š 2012 ITP Technology Publishing, a division of the ITP Publishing Group Ltd. Registered in the B.V.I. under Company Number 1402846.

30%* off your data centreâ&#x20AC;&#x2122;s energy bill is just the beginning Imagine what we could do for the rest of your enterprise Saving up to 30% off your data centreâ&#x20AC;&#x2122;s energy bill is no small feat, and as energy prices continue to climb, every watt of energy you save matters. But data centres donâ&#x20AC;&#x2122;t operate in a vacuum; they support and are supported by systems â&#x20AC;&#x201D; process, HVAC, and security, to name a few â&#x20AC;&#x201D; that also require vast amounts of power.

Enterprise-wide energy savings Today, only EcoStruxureâ&#x201E;˘ energy management architecture by Schneider Electricâ&#x201E;˘ can deliver up to 30% energy savings to your data centre and beyond, to the entire enterprise. Reducing data centre energy costs by up to 30% is a great beginning, and thanks to EcoStruxure energy management architecture, the savings donâ&#x20AC;&#x2122;t have to end there.

Learn about saving energy from the experts! Download our FREE white paper today and stand a chance to win an iPad 2! Visit Key Code 20358p Call +9714-7099690 (Arabic) / +9714-7099691 (English) Fax +97147099-650

Active Energy Management Architecture from Power Plant to Plugâ&#x201E;˘ Industrial plants /PENSTANDARDPROTOCOLSALLOWFORSYSTEM wide management of automated processes with minimised downtime, increased throughput, and maximised energy efficiency.

Buildings Intelligent integration of security, power, lighting, electrical distribution, fire safety, HVAC, IT, and telecommunications across the enterprise allows for reduced training, operating, maintenance, and energy costs.

Data centres From the rack to the row to the room to the building, energy use and availability of these interconnected environments are closely monitored and adjusted in real time.

30% Š2012 Schneider Electric. All Rights Reserved. Schneider Electric, EcoStruxure, and Active Energy Management Architecture from Power Plant to Plug are trademarks owned by Schneider Electric Industries SAS or its affiliated companies. All other trademarks are PROPERTYOFTHEIRRESPECTIVEOWNERS!0#-IDDLE%AST 0/"OXn $UBAI 5NITED!RAB%MIRATESs ?5!% '"?"

Appointments HP Middle East has appointed two new country managers in Qatar. Bassam Zaki will take over as Enterprise Storage, Servers and Networking (ESSN) country manager and Khaled Nassef Selim takes on the ESSN channel manager role. In their new roles, both Zaki and Selim will be looking to grow the ESSN business in Qatar, helping to build relations with customers and partners and strengthening HPs presence in the market. Selim will be focusing on the channel in Qatar, supporting various channel programmes already in place and growing the relationship between HP and its network of channel partners.

Ruckus Wireless introduces new access points Technology Ruckus Wireless has announced its highest capacity three-stream ZoneFlex 7982 and most affordable dual-stream ZoneFlex 7321 802.11n Smart Wi-Fi access points for carriers and enterprises in the Middle East. The Ruckus ZoneFlex 7982 and ZoneFlex 7321 enhance the high and low ends of the Wi-Fi market and were developed for enterprises and telecom operators facing pressures from wireless-only mobile devices accessing a richer mix of multimedia traffic. The new solutions are designed to deliver consistent performance and maintain stable connections within high-capacity environments - and to smart mobile devices that constantly change their location and orientation.


June 2012 Vol.18 No.6

HP appoints new Qatar country managers


Farid Faraidooni, chief commercial officer, du says that the company is implementing IPv6 solutions.

du is developing IPv6 infrastructure Business UAE-based telecoms operator du has confirmed that it is currently implementing the IPv6 infrastructure for both its enterprise and home customers. IPv6 is the next generation of IP; the version the internet is currently running on is IPv4. “We are actively engaged in a company-wide programme for IPv6 transition. In the coming few months, residential and enterprise services will become commercially available on IPv6. This will enable our customers to speed-up their transition plans as the carrier of their services will become IPv6 enabled,” said Farid Faraidooni, chief commercial officer, du.

The major difference between IPv6 and IPv4 is that IPv4 has a 32-bit address, resulting in around four billion addresses, which have almost run out, while IPv6 has a much larger address base. “While this number of addresses on the internet [four billion] seemed like a lot back in the seventies when IP was first developed, nowadays with the huge proliferation of the internet, and increasing number of people and devices getting connected to the internet, this number is no longer large enough. Accordingly IPv6 was developed with a much larger address scope, which results in 340,282,366,920,938,463,463,3

74,607,431,768,211,456 IP addresses,” said Faraidooni. du is also working with the TRA and other industry members to increase awareness on importance of IPv6 transition and the various transition strategies available for enterprises. du will also be implementing a dual-stack system in its network, which will allow users to connect using IPv6 and IPv4 simultaneously as IPv4 will continue to be widely used for many years to come. “We will introduce support for IP version 6 while retaining full support for IP version 4. This enables seamless use of IPv6 services for those customers who demand it,” said Faraidooni.

Cisco study suggests BYOD is on the rise Infrastructure Cisco has revealed that IT is accepting and in some cases embracing the ‘bring your own device’ trend (BYOD). The company recently announced findings from the Cisco IBSG Horizons Study of IT and business leaders, which show that BYOD is becoming established, and managers are now recognising the need for a scalable BYOD approach that allows them to address mobility, security, virtualisation and network policy management. The study found most organisations

are now enabling BYOD in the enterprise, with 95% of respondents saying their organisations permit employee-owned devices in some way, shape or form in the workplace. The study also showed that the average number of connected devices per worker is expected to reach 3.3 by 2014, up from 2.8 in 2012. “As the number of devices being brought into work increases, organisations need a comprehensive mobility strategy. By leveraging the intelligent network, organisations can now provide their employees with the

benefits of working anywhere, anytime: in other words, work your way. These findings support Cisco’s assertion that mobility needs to extend beyond BYOD to include integration of service provider mobility, enterprise mobility, security, collaboration and desktop virtualisation solutions,” said Ahmed Etman, Borderless Networks sales lead, Cisco Emerging Markets. The survey also found that over 76% of IT leaders surveyed see BYOD as somewhat or extremely positive, while seeing significant challenges for IT.

June 2012 Vol.18 No.6

EMEA SMBs looking to up virtualisation Business Channel partners serving the SMB segment in EMEA are expecting to see a substantial increase in investment in virtualisation technologies by the sector. According to new research carried out by Canalys, the solution provider channel expects to see twice as many SMBs become more than 80% virtualised, meaning having virtualised most businesscritical applications, and shifting to an IT-as-a-Service and cloud computing model, by 2014. The analyst company surveyed 350 channel partners serving the SMB sector across Europe, Middle East and Africa, on behalf of VMware, to find out about trends in virtualisation adoption among SMBs.

Riverbed announces HP cloud support Technology Riverbed Technology has announced that the Whitewater family of cloud storage gateway solutions now supports HP Cloud Object Storage. Organisations that deploy Whitewater gateways can now choose HP Cloud Object Storage as a storage option to meet their requirements for disaster recovery. The addition of HP Cloud Object Storage to the growing Whitewater gateway ecosystem is designed to extend Riverbed’s ability to give organisations choice and flexibility when upgrading their data protection infrastructure to replace tape-based technology with fast, secure and costefficient cloud storage.



Graham Owen, regional sales director MEA and Turkey, Cambium Networks says that the PTP 810 provides the key features capabilities users need to meet today’s IP requirements.

Cambium Networks announces PTP810 Products Wireless broadband solutions provider Cambium Networks , has announced the Cambium PTP 810, a new point-to-point (PTP) wireless backhaul solution supporting native E1/T1 and native Ethernet in a single configurable software system. The PTP 810 is a hybrid solution designed to enable carriers, utility, public safety and enterprise operators to migrate existing TDM traffic to an IP-based Ethernet network. According to Cambium Networks, by minimising the time and expense involved in making the transition to an IP-based Ethernet network, operators will now have a more powerful and efficient communications system

to support new and additional applications such as voiceover-IP, on-demand video and video surveillance. The PTP 810 also features XPIC functionality, designed to enable operators to double throughput capacity as differentiated data is transmitted simultaneously on both vertical and horizontal polarisations in a single channel. “Today’s carriers and enterprises look to deliver converged multiservice networks that offer high capacity, availability, reliability and security, with true flexibility,” said Graham Owen, regional sales director MEA and Turkey, Cambium Networks. “With the PTP 810, Cambium is providing all the key features capabilities

users need to meet today’s IP requirements and tomorrow’s communications needs – all within in a neatly packaged, easyto-maintain platform.” Key features of PTP 810 include that is provides native TDM and Ethernet, software configurable channel bandwidth and modulation, operates in the 6 - 38 GHz RF bands and with userconfigured channel bandwidths from 7 to 80 MHz, supports ACM, Cross Polarisation Interference Cancellation (XPIC) and Ethernet link aggregation, features scalable throughput to 700 Mbps (full duplex), supports both T1/E1 and STM-1/OC-3 interfaces and supports protected PDH Ring with built in T1/E1 cross point switch.

R&M expands in Saudi Arabia Business Structured cabling specialists Reichle & De-Massari is increasing its workforce in Saudi Arabia, adding both sales and technical staff for the Kingdom. According to R&M. it has completed several cabling projects in the Kingdom in recent years such as providing a new end-to-end state-of-the-art network cabling infrastructure to a leading government health care facility. “The Saudi market is our nearterm strategic focus due to the

tremendous demand potential we see here. This is across several industry verticals such as health, finance, telecom/public networks, and real estate. Our increased staff will enable us to be more proactive and responsive to customers and market needs,” said Jean-Pierre Labry, executive vice president, R&M Middle East and Africa. According to the company, R&M’s modular end-to-end copper and fibre solutions are a good fit for the type of large scale

infrastructure projects now being undertaken in Saudi Arabia. Large scale projects can also go green starting from their network infrastructure by installing R&M’s energy and space efficient cabling solutions that are manufactured in a green facility. “With our efficiently designed copper and fibre range, network planners are also able to implement their green building requirements beginning with the cabling,” said Manzoor Ali, managing director, R&M Saudi.

With complete security, you’re safer in our world Complete IT security protecting every part of your business Unified Protection (UTM) One appliance that eliminates the complexity of multiple point solutions. It gives you complete security to stop the viruses,

Mobile Control Secure, monitor and control iPhone, iPad, Android and Windows Mobile devices.

spam and hackers that threaten to compromise your business.

Web Protection Endpoint Protection Gives you everything you need to stop malware and protect your data in one console. It’s fast, effective and complete security for your users, wherever they are.

Make web access safe and productive with a remotely-monitored appliance.

Network Protection Keep your network infrastructure safe with complete network security.

Data Protection Your confidential data needs protection, and you have to prove it’s protected to the regulators. Our encryption and data loss prevention (DLP) stops data breaches and lets your users securely access, share, store and recover data.

Email Protection Secure your email with our software solutions, or choose a remotely-monitored appliance.

Sophos Middle East | Office 205-EIB 5 | Alpha Building | PO Box 500469 | Dubai Internet City | Dubai | UAE Email: | Tel: +971 4375 4332 |

Products Fujitsu has launched its high-end mission-critical Primequest servers for Windows, Linux and Oracle Solaris in the Middle East region, the servers are designed to be able to run any OS. “Primequest is a new server to the Middle East, it has been on the market in its current form since 2010 and forms a second generation Primequest that previously from 2005 to 2010 was based on the Risk CPU,” said John Stadden, director of Sales and Business Development, Enterprise Servers and Storage Fujitsu. The Primequest server is developed with a mainframe paradigm and has a very strict quality assurance and design methodology. It also has very strict tolerances in the design of the underlying system. Fujitsu also has its own Primequest BIOS, so it is not just the hardware and manufacturing, but also the underlying firmware is under Fujitsu’s control.

HP extends Gen8 portfolio Products HP has extended its HP ProLiant Generation 8 (Gen8) portfolio with new servers that are designed to deliver increased performance, simplified maintenance and improved data centre uptime. The expanded HP ProLiant Gen8 line-up includes new servers based on the AMD Opteron 6200 Series processors, Intel Xeon processor E5-2400 product family and Intel Xeon processor E5-4600 product family. Optional enhanced HP PCIe Gen2 IO Accelerators reduce data access latency are designed to enable clients to achieve accelerated application performance and improved compute cycles.

73% of Network Middle East spot poll respondents believe green networking is an important issue in the region

Business The majority of Network Middle East readers believe that green networking is an important trend for the Middle East, according to a poll carried out by the magazine on, Facebook and LinkedIn. Seventy-three percent of respondents to the Network Middle East spot poll said that all enterprises should definitely be utilising green hardware and software to reduce their environmental impact. However, despite the poll results showing an interest in green networking in the region, the uptake of green initiatives in the Middle East still remains

Green networking a hot topic poll shows low, according to networking companies such as R&M and Brocade. Twenty-one percent of poll respondents said that enterprises should think about implementing green networking initiatives depending on the cost of changing over hardware and software. In the Network Middle East May issue, we discovered in our Green Networking section that green initiative implementation can not only reduce costs in the long term, by shrinking electricity usage bills and utilising data-centre space more efficiently, but can cost less in the short term, as many green

June 2012 Vol.18 No.6

Fujitsu launches Primequest server in UAE



products are more compact and enterprises need fewer devices to do the same job, for example with virtualisation. Just 10.5% of poll respondents thought that green networking was not worth bothering about, stating that green initiatives are not something a company should focus on. A very small 5.2% said that the company they worked for had already implemented green networking initiatives. The Network Middle East poll is run over a period of a month on the Network Middle East Facebook and LinkedIn pages, as well as on

GBM announces partnership Business

Virtual Bridges and Gulf Business Machines (GBM) have announced a partnership to deliver Virtual Bridges VERDEM virtual desktop management and provisioning capabilities to organisations throughout the GCC region, except Saudi Arabia and Pakistan. Featuring online, offline and branch Virtual Desktop Infrastructure (VDI), VERDE is designed to help organisations reduce the cost and complexity of managing desktops, while minimising security concerns and business risk. This major partnership agreement establishes a long-term strategic relationship by which GBM will

remarket, distribute, resell and support Virtual Bridges products, including VERDE, the industry’s first VDI Gen2 solution. Designed for organisations that want to escape the constraints of physical computing, VERDE is designed to simplify desktop management, improve security and increase business agility. It provides end users access to both Windows and Linux desktops from any location or device. In addition, IT professionals can manage desktops centrally while reducing the costs and challenges associated with provisioning, updating and securing distributed PC environments.

“As the leading VDI Gen2 solution, VERDE will help our customers reduce desktop total cost of ownership while increasing organisational agility, productivity and responsiveness,” said Cesare Cardone, CEO, GBM. “We are excited to partner with Virtual Bridges to bring this value to organisations in our region.” Virtual Bridges is designed to help customers easily scale their environment to meet fluctuating business demands, without sacrificing security or performance and regardless of whether the solution is deployed on a customer’s own infrastructure or hosted or delivered as a service.

Fortinet unveils DDoS appliance Products

June 2012 Vol.18 No.6



82% of companies polled by EMC were unsure of whether they can fully recover their IT systems after a disaster.

EMC study says region not ready for DR Business Eighty-two percent of organisations surveyed are not very confident that they can fully recover their IT systems after a disaster, according to a new survey of 1,000 companies in the Middle East, Turkey and Morocco by EMC. ‘The Disaster Recovery Survey 2012: Middle East, Turkey and Morocco’ survey also found that 64% of those surveyed have lost data and/or suffered systems downtime in the last year.

Additionally, 37% of organisations claim they need at least one day or more to become fully operational again, and on average, organisations suffered from two days of downtime. Hardware failure (55%), software failure (40%) and security breaches (36%) were cited as the primary causes of data loss and downtime and loss of employee productivity is the most likely consequence of data loss and downtime (43%). Fifty-two percent of

organisations who store a backup copy offsite still use tape for disaster recovery, while 48% rely on CD-ROM to recover after a disaster. Seventythree percent of organisations using tape want to replace it. Faster backups (55%), increased security (39%), and speed of data recovery and systems restore (36%) were cited as the top reasons to replace the tape system. According to EMC, these findings highlight the need for backup transfor-

mation to next-generation backup and recovery solutions to ensure continued business operations in the event of a natural disaster, malicious activity or more routine and common disruptions to IT systems. In response to such incidents, improving security is seen as key with 44% of businesses having improved physical security and 43% digital security, this despite the fact that security breaches were the third most common cause of data loss and downtime.

Riverbed extends partnership with VMware Technology Riverbed Technology has announced that they will continue to partner with VMware to help enterprises accelerate their journey to the cloud. The partnership is designed to help enable businesses to increase efficiency and improve productivity while reducing costs. With the latest collaboration, Riverbed wide area network (WAN) optimisation solutions accelerate virtual machines

(VMs) moving between clouds—private, public and hybrid—with VMware vCloud Connector. The combination of Riverbed and VMware solutions are designed to help enable cloud service providers to maximise their cloud computing offerings by empowering their customers to utilise their existing IT investments. Parag Patel, vice president, Global Strategic Alliances, VMware commented: “Businesses all over the world are turning

to virtualisation and cloud computing to simplify their IT infrastructure, consolidating, and moving applications to the cloud,” said Built upon VMware vSphere 5 and VMware vCloud APIs, VMware vCloud Connector is designed to allow customers to connect VMware vSphere and VMware vCloud Directorbased private and public clouds and manage them through a single interface. Riverbed and VMware’s solutions are designed to

help customers overcome these challenges, enabling companies to realise the benefits of utilising multiple cloud environments without compromising performance. The Riverbed WAN optimisation solution is designed to deliver significant performance gains when moving large VMs across the WAN, while giving the ability to reduce the time to move VMs and costs associated with WAN infrastructure.

Fortinet has unveiled its FortiDDoS product family for enterprises, web hosting and cloud service providers. The new FortiDDoS100A, FortiDDoS-200A and FortiDDoS-300A are dedicated appliances that are designed to detect and help protect against DDoS attacks. The appliances feature custom ASICs that are designed to be capable of mitigating DDoS attacks while maintaining low latency, preventing loss of availability to critical systems, servers and applications.

Intel partners with Huawei for LTE Infrastructure Intel Corporation and Huawei have announced a collaboration aimed at advancing the development of interoperability testing and deployment of LTE TDD solutions worldwide. As part of the agreement, the two companies will establish a joint lab for IOT (Interoperability Tests) and fast implementation of LTE TDD technology. The collaboration will utilise Huawei´s expertise in LTE TDD network infrastructure technologies and Intel’s innovative and cost-optimised mobile communication platforms to expedite the maturity and deployment of LTE TDD. By connecting directly to Huawei’s infrastructure, Intel will carry out end-to-end testing of its mobile platforms in a real life environment.

Meru networks announces new WLAN solutions

June 2012 Vol.18 No.6




Cannon Technologies has developed T4 overhead raceways for copper and fibre cabling.

Cannon Technologies develops T4 raceways Products Cannon Technologies has developed a range of T4 overhead raceways for copper and fibre cabling, designed to integrate with the company’s T4 cold air cocooning solution. The T4 raceways are matched to all of the company’s wide range of equipment cabinets, racks and frames both in terms of fixings and cable entry/ exit points and are available as both ‘single-deck’ and ‘double-decker’. The raceways fix directly to the tops of the cabinets and the double-decker version allows route or cable type

segregation – for example segregating fibre cables from copper or A-route from B-route. “We believe that data centre infrastructure should also be plugand-play,” said Cannon Technologies managing director Matt Goulding. The T4 cable trays and T4 raceways are designed particularly for a retrofit situation to guarantee that there will be no need for emergency on-premise re-engineering. According to Cannon, there is a very strong move towards overhead raceways for both copper and

fibre cabling in order to leave the underfloor area free of the big air dams which masses of Cat 6A 10Gigabit/s cables are now tending to form. Air dams have a serious adverse effect on cooling efficiency and effectiveness. One of the major issues with overhead cable trays or raceways, that Cannon has tried to overcome with the new T4 range, is that if they are not from the same ‘family’ as the data centre racks or cabinets, companies may have to spend a lot of time and effort on engineering and installation problems to

overcome on-site difficulties with different fixings and cable entry or exits failing to line up properly. Non-family cable trays and raceways can seriously interfere with the roofsection fixings needed for cold-aisle containment and cocooning solutions. This can cause difficulties when both are being installed together. The scope for problems, when it is intended that cold-aisle cocooning will be retrofitted at a future date is immense. This could be a potential engineering nightmare and a risk to future uptime.

Ixia to purchase Anue Systems Business Global provider of converged IP and wireless network test solutions, Ixia, has announced that it has entered into a definitive agreement to acquire network visibility solutions provider Anue Systems. Under the terms of the agreement, Ixia will pay $145m in cash, subject to certain adjustments including an adjustment based on the amount of Anue’s net working capital

at closing. The transaction is anticipated to close in Q2 2012, and is subject to customary closing conditions and approvals. According to Ixia, Anue increased its revenues 51% in 2011 to $40.5m and generated gross margins of 83% for the year. For the 12 months ended 31st March, 2012, Anue generated $47.6m in revenues. “Many networking trends such as the deployment of cloud and virtu-

alisation, LTE and mobility driven growth, security implications of applications delivered over cloud infrastructures and the massive expansion in bandwidth are fuelling both Ixia’s and Anue’s growth,” said Vic Alston, Ixia chief operating officer. “Next-generation cloud providers, mobility operators and enterprises all require network and traffic visibility to maintain quality of service across application and service de-

livery. Anue’s Optimiser solutions provide customers with a measurable value regarding performance, scale and resiliency of networks, while enabling the creation of a next generation platform for quality of service delivery across live networks.” With the acquisition of Anue, Ixia hopes to become a leading global player in the rapidly growing and expanding network visibility market.

802.11n wireless enterprise networking company Meru Networks has announced a set of new Meru WLAN solutions that can be deployed on-premise, within virtualised private cloud environments, or as subscription-based, hosted applications. Meru’s new line of Virtual Mobility Controllers are VM warebased virtual appliances that are designed to operate on standard x86 computing platforms in data centre or private cloud environments.

Oracle announces Sun Backup Appliance Products Oracle has announced its Sun ZFS Backup Appliance, an integrated, high performance backup solution for Oracle engineered systems, including Oracle Exadata Database Machine, Oracle Exalogic Elastic Cloud and Oracle SPARC SuperCluster T4-4. Oracle’s Sun ZFS Backup Appliance is designed to deliver up to 20 terabytes per hour full backup and up to 9.4 terabytes per hour full restore throughputs, one of the fastest published recovery rates among general purpose storage systems for Oracle engineered systems data protection. The Sun ZFS Backup Appliance’s fast backup throughput is based on backups of unique data, and does not require additional host-side software or CPU resources.

The online home of:







StruxureWare Operation Suite 7.1 now available

Thuraya, GTNT partnered to provide mobile satellite communication services in Russia


1 2 3 4 5





Web Protection, Data Protection, Complete Security designed to address challenges.

IDC says lower energy consumption is natural progression in hardware development.

Facebook may be worth more than $100bn SonicWALL debuts TZ 105, TZ 205 firewalls Oracle announces Sun Backup Appliance BT announces security innovations Riverbed extends partnership with VMware


1 2 3

Green Smokescreen R&M expands in Saudi Arabia Etisalat to aid Ajman Bank on ICT



This seems to be an excellent product for the GCC internet educational community. Internet censorship and spying on staff and students using the Internet is very important in the 21st Century.” Barry Richardson comments on BISAK selects Cyberoam UTM for network protection.


Percentage of Small and medium businesses becoming virtualised. Source: Research carried out by Canalys.


Is green networking an important trend for the Middle East?


Definitely, all enterprises should be using green hardware, software to reduce their environmental impact

14 June 2012 Vol.18 No.6


No, green initiatives are not something a company should focus on


Maybe, it depends on costs of implementation


My company has already implemented green initiatives


Percentage of organisations surveyed by EMC that are not very confident that they can fully recover their IT systems after a disaster The survey polled 1,000 companies in the Middle East, Turkey and Morocco. Source: EMC.

How to manage your network from anywhere, anytime

Your network, in the palm of your hand mydlinkTM Cloud Services allow you to effortlessly access, view and control devices on your home network from anywhere, anytime. Check-in to make sure the kids really are doing their homework, or keep an eye on who’s accessing your network when you’re not home with D-Link’s new range of Cloud Routers. Monitor your home from wherever you are, 24/7 with D-Link’s Cloud Cameras. Access your home videos, photos, music and movies on the go with D-Link’s Cloud Storage. Simply log into your secure mydlinkTM account via from any PC, iPad®, iPhone® or Android™ device. With mydlink you really can keep everything you love close. Explore how you can manage your network from the palm of your hand:

Connect to More

+971 4 880 9022


16 June 2012 Vol.18 No.6


the Leap How to migrate to IPv6 from IPv4 is one of the top concerns facing enterprises across the globe at the moment, Network Middle East speaks to IPv6 experts to find out what companies need to know and what their migration options are.


he deployment of IPv6, the new internet protocol poised to take over from IPv4, is accelerating, particularly in the Asia-Pacific region and several European countries where IPv4 addresses have run out. Networking solution expert Brocade, part of the IPv6 forum, a world-wide consortium of global internet vendors, industry subject matter experts, research and education networks, which has a mission to advocate IPv6 by improving technology, market, and deployment, user and industry awareness of IPv6,says that IPv4 addresses have almost dried up. “When the internet boomed in the early 90’s more applications were delivered with more services, so people starting using the internet more, leading to a dramatic and continuous increase in the number of internet users. Now users also have a smartphone, a tablet PC and at the same time may have a desktop PC, so with this dramatic increase of demands for IP addresses the IPv4 pool has dried up. In the beginning of 2011 the last blocks of IPv4 addresses were assigned to certain service providers across the region,” states Samer Ismair MENA systems engineer for Brocade.

“If our customers are communicating with Asia, at some point, they will have to talk IPv6 natively. There are some patch solutions available at the moment that vendors say translate between IPv4 and IPv6 addresses, but it is really only a temporary solution.” Nicolai Solling from Help AG says that there are three IPv6 strategies that companies need to look at when considering migration.


June 2012 Vol.18 No.6 17

NME Enterprise Software Technologies ad.pdf











10:22 AM

According to strategic information security consulting company Help AG, some of its customers in the Middle East region will have to start handling IPv6 soon, especially if they are communicating with Asia. But the overall global uptake of IPv6 has been slow because IPv6 does not connect with IPv4 at all. IPv6 works as a separate, yet parallel network, and exchanging traffic between the two networks requires special translator gateways. D-Link has been a designer and implementer of IPv6 since 2005, and has incrementally integrated IPv6 into its product portfolio. The company says that there are multiple benefits to IPv6, which include the fact that IPv6 has a very large address space and consists of 128 bits as compared to 32 bits in IPv4, which makes it possible to support 2^128 unique IP addresses, a substantial increase in the number of computers that can be addressed with the help of the IPv6 addressing scheme. In addition, this internet protocol eliminates the need for Network Address Translation (NAT). “Whereas IPv4 is a best effort service, IPv6 ensures QoS, a set of service requirements to deliver guaranteed performance while transporting traffic over the network. For networking traffic, the quality refers to data loss, latency or bandwidth,” says Sakkeer Hussain K, sales & marketing manager at D-Link Middle East & Africa.

D-link also says that mobile IPv6 ensures transport layer connection survivability and allows a computer or a host to remain reachable regardless of its location in an IPv6 network. In effect, it ensures transport layer connection survivability. With the help of Mobile IPv6, the existing connections through which the mobile node is communicating are maintained, even though the mobile node changes locations and addresses. Other important features of IPv6 are stateless auto-reconfiguration and network-layer security. Stateless auto-reconfiguration allows IPv6 hosts to configure automatically when connected to a routed IPv6 network and network layer security implements network-layer encryption and authentication via IPsec.

IPV6 UPTAKE Help AG has been working with IPv6 from the angle that its customers need to have a migration strategy for moving to IPv6 based networks. “Honestly up until now the adoption or uptake or IPv6 is extremely limited, specifically if you are looking at it from an enterprise customer perspective and that is exactly where Help AG is focused and where we have the largest part of our customer base – in the enterprise space, where the uptake of IPv6 has not really been needed up until now,” says Nicolai Solling director of technology services at Help AG. “But it is definitely changing very quickly. One of the primary reasons is that the Asian regis-

Benefits of IPv6 over IPv4: Enhanced security Improved quality of service IPv6 is simpler for network administration More efficient packet transmission IPv6 unlikely to run out of addresses More efficient routing

Brocade has developed both wired and wireless networking solutions designed to make sure that its customers’ IPv6 adoption is smooth and seamless, says Samer Ismair, MENA systems engineer, Brocade.

In the beginning of 2011 the last blocks of IPv4 addresses were assigned to certain service providers regionally.” SAMER ISMAIR MENA SYSTEMS ENGINEER FOR BROCADE.

trars and organisations that take care of issuing IP addresses to organisations and service providers, have run out of IP addresses in 2011. If users purchase a new internet connection now in Asia, they will be issued with an internet protocol version 6 address. “If our customers are communicating with Asia, at some point, they will have to talk IPv6 natively. There are some patch solutions available at the moment that vendors say translate between IPv4 and IPv6 addresses, but it is really only a temporary solution,” Solling adds. Brocade has developed both

wired and wireless networking solutions designed to make sure that its customers’ IPv6 adoption is smooth and seamless. “When moving from IPv4 only networks to IPv4 and IPv6 networks, the network devices have to support this dual protocol, we call them dual stack networks because there is a transition period where you need to support both in your network before adding only IPv6 networks. Whatever Brocade is doing in the market supports both IPv4 and IPv6,” states Ismair. ICT solutions provider Huawei says that one of the biggest problems companies are facing June 2012 Vol.18 No.6 19


A premium execuƟve search company started in 2011, youbook is a new business venture of Mr M.M. Banerji, founder and CEO of youbook who earlier founded/owned/managed a renowned execuƟve search Įrm in the region since 1995. He started his career from PCL (Pertech Computers Ltd) India in 1986 and over the years has worked with renowned IT companies like ICIM and SIMA Advanced technology where he spearheaded the DELL division across GCC in 1993. Mr. MM Banerji lives and breathes talent aƩracƟon, engagement and acquisiƟon, and more speciĮcally leveraging processes and technology to idenƟfy and hire more of the right talent. Over the last 18 years, he has worked closely with several leading IT Įrms globally and placed over 3000 IT professionals in areas like SoŌware development, ApplicaƟon, ERP, Network, Security, Web portal, tesƟng, Storage Admin, Systems Admin, Data Warehousing, Mainframe etc. The company believes in entrepreneurship and every team member in the organizaƟon is an entrepreneur. It’s a company of diverse talent and skills. The team comprises of experienced, ambiƟous, vibrant, young professionals having ability to update with latest trends & requirements of our client.

youbook is a premium execuƟve search Įrm specializing in middle to senior level posiƟons globally.


when trying to implement IPv6 is that there is no uniform solution for enterprises. “We believe that the most efficient and cost-effective route to IPv6 will always be specific to the individual enterprise. As such, a detailed network evaluation is required to assess which services, content, and equipment would be impacted by your IPv6 transition. Of course good co-operation with equipment vendors and your ISP will ensure the network analysis takes place quickly and smoothly. After that, entities are in a much better position to seek support for IPv6 and determine whether they will require hardware changes, software upgrades, or perhaps a combination of both,” according to Leo Xu, vice president of Solutions & Marketing, Huawei Middle East.

MIGRATION STRATEGIES Home internet users or small businesses do not need to worry about transferring to IPv6 as most of the heavy lifting will be done by the service providers and product manufacturers. However, enterprises and bigger companies who have integration with several suppliers and several partners do need to plan their IPv6 strategy in detail. Some of the major shifts involved in the IPv6 transition include renumbering networks, running two separate networks (IPv4 and IPv6) simultaneously, upgrading relevant software and hardware, training staff, and testing implementations.

“We have found that a welldesigned and executed IPv6 plan relies on four key factors: assigning the right people to manage the transition, establishing the right processes to take the project forward, procurement practices that consider both short and long-term investment, and thoroughly evaluating the right IPv6 protocol suite for your network. For all of these areas, we feel that vendors have a particular responsibility to help organisations in understanding the unique costs and benefits of transitioning to IPv6,” explains Xu. There are three main migration strategies that are possible today, according to Help AG. The first strategy is where enterprises run a dual stack on their devices. This means that all of the devices used by the enterprise will have both an IPv4 and IPv6 address. The second strategy is to run a dual stack on their internet facing devices, such as firewalls and routers. “This is probably the most realistic one for most organisations. Many firewalls support address translation between IPv4 and IPv6, so what you will have is IPv4 and IPv6 addresses delivered by the service provider and that will be translated into IPv4 in your organisation,” says Solling. The third option is the one that is the most likely to happen in the short term, according to Help AG, and that is that the service providers in the networks provide translation between IPv4 and IPv6 addresses. “The problem is if you have a

IPv6 facts - IPv6 has trillions and trillions of IP addresses. According to Help AG, if every IPv6 IP address was a grain of sand, there would be enough of them to build 300,000,000 planet Earth’s, making the possibility of them running out somewhat distant. - IP experts are already working on the next IP project, which is about creating an address space which looks at the universe, in case we find some life forms outside the planet earth.

Leo Xu from Huawei says the last blocks of IPv4 addresses were assigned to regional service providers in the beginning of 2011.

“We believe that the most efficient and cost-effective route to IPv6 will always be specific to the individual enterprise. As such a detailed network evaluation is required to assess which services, content, and equipment would be impacted by your IPv6 transition.” LEO XU, VICE PRESIDENT OF SOLUTIONS & MARKETING, HUAWEI MIDDLE EAST. server that is running on IPv4 on your own internal network and you want to publish on IPv6, you have to call the service provider and tell them to publish the website and what to do,” according to Solling. “In all of these solutions one of the drawbacks that the customer will have is that they will lose out on the key benefits of IPv6, so right now we are talking about IPv6 from the

perspective that we ran out of something else. But it is a much more advanced protocol.” DLink says that that Ipv4 and Ipv6 will coexist for many years to come and that reliable coexistence will be governed by various transitioning strategies.

SERVICE PROVIDERS IPv6 implementation is much more difficult for service provid-

June 2012 Vol.18 No.6 21

Farid Faraidooni, chief commercial officer, du says that IPv6 will soon be available for both enterprise and home customers on the du network.

ers than for enterprise customers, according to Brocade. If the service providers decide to do translation for their customers, they have to invest in some very large traffic points where

they do the translation. This means that every time a customer wants to publish on IPv6 they have to call their service provider. According to Brocade, both du and Etisalat are purchasing IPv4

“In the coming few months, residential and enterprise services will become commercially available on IPv6.” FARID FARAIDOONI, CHIEF COMMERCIAL OFFICER DU.

United Arab Emirates (24 LIRs/DAUs) 1 star: 3 (12%)

and IPv6 compatible devices and Huawei states that many operators such as STC, Etisalat, Wataniya, and Nawras have already taken a serious look at the problem of unallocated addresspool depletion of IPv4, and the company is currently working with them to explore solutions of smooth migration to IPv6. “In Oman specifically, we have also helped Omantel to upgrade its IP network to become IPv6 ready,” says Xu. du has confirmed to Network Middle East that the company is actively engaged in a programme for IPv6 transition. “In the coming few months, residential and enterprise services will become commercially available on IPv6. This will enable our customers to speed-up their transition plans, as the carrier of their services will become fully Pv6 enabled. “In addition, we are involved with TRA and other industry members to increase awareness on importance of IPv6 transition,” says Farid Faraidooni, chief commercial officer, du. The company has also confirmed that they will introduce support for IPv6 while retaining full support for IPv4, to enable

Bahrain (22 LIRs/DAUs)

use of IPv6 services for those customers who demand it. “This way, we will ensure that a home user whose laptop or other device is IPv6 enabled will use IPv6, while a user who does not support IPv6 will continue to use IPv4 normally,” states Faraidooni. At the time of going to press Etisalat had not responded to queries on its IPv6 readiness.

MOVING ACROSS According to industry assessments, the IPv4 and IPv6 coexistence period may last for up to 20 years, so companies’ networks will have to support IPv4 and IPv6 simultaneously. Public-facing web sites in particularly should provide both IPv4 and IPv6 services, fortunately most of the new network devices and terminals out there do support both IPv4 and IPv6 simultaneously, says Huawei. “Entities will have to support IPv6 someday. Remember that the longer enterprises wait to adopt IPv6, the more costly it is likely to be. We have already seen more enterprises planning and deploying IPv6 as they have now had the chance to thoroughly assess their budgets and priorities,” says Xu.

Qatar (7 LIRs/DAUs) 1 star: 7 (31%)

2 stars: 2 (8%) 3 stars: 3 (12%)

1 star: 0 (0%) 2 stars: 1 (14%)

2 stars: 0 (0%)

4 stars: 0 (0%)

3 stars: 1 (4%)

3 stars: 0 (0%) 4 stars: 0 (0%)

4 stars: 0 (0%) no IPv6: 14 (63%)

no IPv6: 16 (66%)

Lebanon (30 LIRs/DAUs) 1 star: 6 (20%)

no IPv6: 6 (85%)

Saudi Arabia (63 LIRs/DAUs)

Kuwait (29 LIRs/DAUs)

1 star: 9 (14%)

2 stars: 6 (9%)

2 stars: 12 (3%)

1 star: 5 (17%)

3 stars: 3 (10%)

2 stars: 2 (6%)

3 stars: 5 (7%)

3 stars: 2 (6%)

4 stars: 2 (3%)

4 stars: 1 (3%)

4 stars: 0 (0%) no IPv6: 19 (63%)

no IPv6: 20 (68%)

no IPv6: 41 (65%)

IPv6 RIPEness is a rating system which awards stars to RIPE NCC members depending on how IPv6 ready they are. Stars are awarded for: having an IPv6 allocation, visibility in the Routing Information Service (RIS), having a route6 object in the RIPE Database, having a reverse DNS delegation set up.

22 June 2012 Vol.18 No.6

Service Support Experts With Nearly 700 Hours Of Training Each

Upgrades Replacement Guarantees A Valid Software License Promotions And Aggressive Discounts And Full Warranty


Protect Your Business: SEE IT, REPORT IT @

Cisco Partners – Providing Added Value To Genuine, Quality Cisco Products

you're getting more than just a product.

When you buy through an authorized cisco channel

A Genuine Product.


Buy From An Authorized Channel For Total Peace Of Mind

Protect Your Business

10 1.

Top Tips for moving onto IPv6 Network Middle East gets top IPv6 players to outline the most important IPv6 strategies for enterprises.


These can be devices that are upgradeable to IPV6 or that are ready today to do IPV6 and can be a hardware or a software system.



If you run a website, an e-commerce application, or a VPN appliance you need to check if it has any reliance on the IP address of the client systems.



The enterprise must understand that the major issue with IPV6 is really about creating the right kind of strategy and solution to deploy the new internet protocol.



It is good to plan ahead. Even if an enterprise was to get a dual stack today, they might not get a lot of traffic on it but at least they will get some experience with it.








IPv4 world Tier 1 providers were very well-connected, charging everyone else to cross their networks. In the new IPv6 world though, these providers don’t have the same connectedness as they used to and have actually largely been replaced by mid-level players. The easiest way to check if your service provider is IPv6 ready is to ask them, and ask for evidence.


The move to IPv6 may affect enterprise business continuity so planning an IPv6 move in detail is very important.



If the service providers have been careful with their address allocations, they should have enough IPv4 addresses left to allow you to grow your business, but you should talk with them about your plans as early as you can, and maybe even reserve addresses for systems like websites, firewalls and load balancers that are connected directly to the net.

24 June 2012 Vol.18 No 6

Enterprises should focus on and understand that IPv6 will put new requirements on their domain name system architectures. One of the most significant modifications that IPv6 makes to IP is in the area of addressing, so this means that using DNS on IPv6 requires some changes to how the protocol works.

If enterprises do not adopt IPv6 in the short term, at some point they are going to start limiting people in communicating with their infrastructure, specifically if their customers are in Asia, in the US and Europe.



Ensure your staff is familiar with IPv6; there are many IPv6 training course options available across the globe, from online education to face-to-face training.

Organisations that have failed to get their IT staff critical knowledge about IPv6 will soon find themselves in desperate need of IPv6 experience.

Protect your most Valuable asset: your data

That‘s where Dell can help. storage devices, call Dell‘s expert storage consultants for advice on creating a powerful solution to protect your data.

Keep everything in its place Is your data securely organised, stored and backed up? Lost or misplaced data can result in lost productivity and increased expense for businesses of any size. Consolidating your data into one centralised place makes it easier to manage, easier to access and easy to share.

PowerVault MD36OOi

Intel® Xeon® Processor DR4000

PowerVault MD3220

PowerVault NX35OO

PowerVault MD36OOf

For purchase or more information contact

Dell Authorized Sales, Services and Solution Providers Dubai: (04) 398 9999 Ext. 777, (04) 314 1484 Abu Dhabi: (02) 622 4442, E-mail: Celeron, Celeron Inside, Core Inside, Intel, Intel Logo, Intel Atom, Intel Atom Inside, Intel Core, Intel Inside, Intel Inside Logo, Intel vPro, Itanium, Itanium Inside, Pentium, Pentium Inside, vPro Inside, Xeon, and Xeon Inside are trademarks of Intel Corporation in the U.S. and/or other countries.

June 2012 Vol.18 No.6



Aaron White regional director, Middle East and Africa at Citrix says that the ability for employees to access information on the go saves enterprises time and energy.

Flexibility on Demand

Virtualisation is fast becoming an essential part of enterprise network infrastructure as it enables employee flexibility, writes Piers Ford.


rom the server in the data centre to the desktop and the remote client, virtualisation is now such an established element of enterprise IT strategies in the Middle East that it is difficult for network managers to imagine a world in which at least part of their infrastructure is not delivering the cost, efficiency and security benefits of a virtualised computing model. More recent trends such as cloud computing and shifts in how enterprises are looking to get a more dynamic return on

26 June 2012 Vol.18 No.6

their investment in the data centre are driving adoption deeper into the business. And far from being solely the domain of large multi-national organisations with hard-core data centres, virtualisation has found a responsive SMB market in the region. “One of the main trends that drives virtualisation is the need for employees to be more mobile in today’s working environment,” says Aaron White, regional director, Middle East and Africa at Citrix, a vendor which has long pioneered virtual solutions.

“Whether that means working from different locations in the office, hot-desking in coffee shops while on the go, or working on flights around the region or the world, people are demanding more flexibility from their devices and networks. The ability to access information on the go also saves time and energy for businesses, enabling staff to remain productive from wherever and whenever they choose to work.” According to White, organisations with a highly mobile workforce tend to be early virtualisa-

tion adopters. He estimated that more than 4,100 organisations in the region are using Citrix to virtualise their Windows applications and deliver IT as an on-demand service. “Virtualisation enables the delivery desktops and applications as ‘on-demand’ services to the end-user, creating an efficient business case for adoption,” he states. “Many organisations are struggling with the cost and complexity of hosting multiple physical hardware in their data centres, so virtualisation offers a proven technology

Ahmad Khattab, vice president of sales at Vision Solutions says that some businesses are asking whether they need a physical environment at all.

for simplifying that structure, making it more agile, manageable and cost-effective.”” VIRTUALISATION LOWERS IT COSTS According to Samer Ismair, MENA systems engineer at data centre specialist Brocade Communications, with virtualisation now accepted as a way to lower the total cost of IT without sacrificing performance, availability, security or operational efficiency in the data centre, network architects are becoming more ambitious with their virtualisation strategies. “[They] are looking for ways to build more powerful, flatter networks that can support higher traffic loads and increasing east-west traffic in virtualised environments, while

avoiding network congestion,” he says. “Collapsing network layers also reduces complexity, which lowers overhead costs and reduces risk. “This type of design, however, requires high-density, highbandwidth network components that deliver full wirespeed connectivity. We offer the industry’s most powerful LAN switches and server adapters for enterprise data centres, and can help customers to build flatter, simpler networks today.” However, the technology itself is just one aspect of virtualisation. As early adopters have discovered, some of the challenges to successful deployment are strategic and even cultural, from an IT perspective. “What many enterprise customers are recognising is that

“Some enterprises are fearful of disturbing legacy systems. If you have had many trouble-free years of operation, you’re not going to consider moving to a virtualised environment.” Ahmad Khattab, vice president of sales at Visions Solutions. conventional Ethernet networks limit their ability to scale virtualisation and are not built to provide a dynamic cloud infrastructure,” explains Ismair. “As a result, data centre networks are evolving over the next three to five years in very significant ways,” he adds. “Server virtualisation and the distribution of application com-

ponents across virtual machines change the dynamics of network traffic and coupled with the high growth in application data and rich media introduces challenges that limit scalability.” GOING VIRTUAL With the case for virtualisation largely won in the enterprise, the foundations have been laid June 2012 Vol.18 No.6 27

George DeBono, Red Hat general manager Middle East and Africa agrees that mapping out the workloads that can be virtualised is the usual starting point for enterprises implementing virtualisation.

“Executive sponsorship is extremely important in regard to the success of a [virtualisation] project.” George DeBono, general manager, Red Hat, Middle East.

for public and private cloud service delivery. And few network managers need persuading about the value proposition of centralised management or in deed the ease with which new users can be provisioned in a virtualised domain. “Virtualisation tends to be preceded by a process of consolidation, in essence divesting the infrastructure from a siloed set of hardware and software components to a structured and

unified set of standardised components,” says Cisco UAE data centre business development manager, Saad Sayed. “To prepare for virtualisation, the customer should profile their application real estate to understand which applications may operate in a virtualised infrastructure; this is normally a balance between performance, capacity and risk. Once these applications are identified, a process begins to define the

architecture and capacity required to deliver the virtualised infrastructure. Overlaid on top of this are considerations around high availability, disaster recovery, security, scalability and service management.” At Linux software specialist Red Hat, general manager Middle East and Africa George DeBono agrees that mapping out the workloads that can be virtualised is the usual starting point for companies. The company works with ISVs and its implementation services to create a roadmap for customers to move physical machines to a virtualised infrastructure using tooling. With its subscription-based approach, Red Hat also helps customers to avoid up-front software costs. “Organisational readiness is

definitely key,” he states. “Some structures are set to change: management of network and storage, to some degree, will now take place inside of the management toolkit for virtualisation. For this, a role-based concept inside the virtualisation toolkit is key. Also, the planning of capacity is important and will require some external help for organisations not experienced in virtualisation.” CLOUD IN MIND DeBono says that a corporate IT strategy should continue to encompass the possibilities of physical, virtual and cloud computing. The advent of a hybrid open cloud architecture, in particular, will be a significant development as it will enable companies to source different June 2012 Vol.18 No.6 29

Pappu Rao, director of technology services at systems integrator GBM says that there is really no reason for not virtualising.

“Unless there are applications that demand electronic security through physical devices or direct access to physical hardware...there is really no case for not virtualising.” Pappu Rao, director of technology services, GBM.

30 June 2012 Vol.18 No.6

parts of their IT from different internal and external cloud and virtualisation providers, mixing and matching them to exploit the benefits of innovative services and applications. Caution will continue to be the watch word for some. Ahmad M Khattab, vice president of sales at Vision Solutions says the market has moved on from

the initial premise of server containment to server consolidation. And some businesses are now asking whether they need a physical environment at all. For them, the cloud is an enticing prospect. Others will need to be persuaded. “Executive sponsorship is extremely important in regard to the success of a [virtualisation] project,” he explains. “Beyond that, processes must be in place for administrative controls and virtualisation lifecycle management in order to succeed. “Some enterprises are simply fearful of disturbing legacy systems. If you have had many trouble-free years of operation, you’re not going to consider moving to a virtualised environment,” he adds. “The critical decision point will be the next time you refresh your server infrastructure. There will almost certainly be an opportunity to reduce costs by virtualising at least some of that server infrastructure.” Not surprisingly, vendors at the heart of the virtualisation movement see no reason to delay, touting benefits such as – flexible working, better allocation of IT resources and more cost-effective investment in the overall structure – that can be realised at the moment of implementation. “Even one-man businesses and entrepreneurs will recognise the benefits of storing data and applications virtually in the cloud, to make on-the-move access possible and secure information outside of their own network,” says Aaron White. AGILITY Impressive ROI statistics will help to convince more cynical prospective adopters. VMWare, for example, claims CAPEX savings of at least 50%, OPEX savings of 60% and an 80% reduction in data centre energy consumption.


Samer Ismair, MENA systems engineer at Brocade Communications, said that virtualisation is now accepted as a way to lower the total cost of IT.





Expert’s Column

June 2012 Vol.18 No.6


McLaurin says that virtualisation has a host of benefits for enterprises.

What is Virtualisation?

Alistair McLaurin, principal consultant with IT optimisation consultancy firm Intergence talks us through the nuts and bolts of virtualisation


T virtualisation refers to the separation of the resources of a physical server from the operating system running on it. Traditionally when an operating system is installed on a PC or server it has exclusive use of the hardware it runs on. When it’s booted up it takes control of the processor, memory and interfaces of that server. Two generations of hardware ago that would have made perfect sense;

both PCs and servers had power which matched the operating systems of the day. As the hardware evolved operating systems evolved too, their ability to multi task and run many applications simultaneously became more and more sophisticated. However, computing hardware has continued to grow in power. Both PCs and servers have increased in power beyond what is required for many busi-

ness applications. In particular, modern processors with many processor cores and multithreading are often difficult to utilise to their full potential unless software is specially crafted to utilise their capabilities. While some applications such as data warehouses can still soak up huge quantities of dedicated server capacity, many standard enterprise applications, infrastructure services and desktop applications cannot consume all the resources that are available to them.

“We are now seeing people using similar software to run Windows and Linux on the same PC, allowing them to use corporate standard windows applications combined with a diversity of open source engineering and development applications and environments.”

HYPERVISORS Many businesses are also concerned about the security and performance of their core applications and prefer not

to have them share an operating system with other applications, to protect confidential data or to ensure guaranteed performance at all times. This is where virtualisation comes in. A virtual machine or hypervisor is first installed on a PC or server which interfaces with all the physical components of the hardware it is installed on. It then creates anything from one to hundreds of virtual machines which real operating systems can be installed into. These virtual machines generally are allocated a slice of the physical server’s resources, for example a six core processor may be split into six virtual processors or a gigabit network interface may be split into many virtual network interfaces. As an operating system is installed into these virtual

Virtualisation can make the IT departments job easier by reducing data centre equipment as well as reducing deployment times for OS and applications.

machines it sees the resources the hypervisor is giving to it, as if it was a physical machine, and installs just as it would on a physical machine. Everything is self-contained without virtual machines being aware of the existence of anything else on the same hardware. While there can be slight overhead of CPU and memory to support running the hypervisor, this is generally very low as the hypervisor does its work as a system boots up and then gets out of the way. A further benefit of using hypervisors is that virtual machines can always be created with the same specifications in terms of processor power, memory, and network access. This means that organisations can buy the best hardware on offer to them at the time without having to retest and rebuild applications and operating systems for new hardware configurations. The new hardware is simply configured to support the standard virtual machines. In addition, operating systems can be created and deployed as images for standardised virtual machines, a process which takes seconds rather than hours for a new install. Increasingly operating system vendors, particularly

34 June 2012 Vol.18 No 6

Linux vendors, can supply pre built OS images for your use. This concept has also extended to the concept of a virtual appliance where data centre components such as load balancers, firewalls and caching proxies are supplied as â&#x20AC;&#x2DC;virtual appliancesâ&#x20AC;&#x2122;, software images which can be loaded on to virtual machines rather than physical servers and be available for use in minutes. VIRTUALISATION USE CASES Another use case for virtualisation is the provision of virtual desktops. Here, concentrated server power such as a blade chassis are divided into hundreds or thousands of virtual machines with a similar specification to a desktop PC. These then have a desktop operating system and applications installed on them to interface with the corporate network. This opens up a large number of possibilities. A company can use thin clients or low end PCs to access desktops which offer higher power or a more managed environment. Alternatively these solutions can be deployed for remote or travelling workers to allow access to the corporate network, with security being enforced by access to the desktop and the

applications which can be run on the virtual desktop. A final use case for virtualisation is to allow running multiple operating systems on a desktop. This is a model which first become widespread with the introduction of Intel based Apple Macintoshes which led to a boom in people using virtualisation on the Macintosh to run Mac intosh and Microsoft Windows side by side. We are now seeing people using similar software to run Windows and Linux on the same computer, allowing them to use corporate standard Windows applications combined with a range of open source engineering, development applications and environments. REAL BENEFITS So, virtualisation can offer real benefits to any organisation at

every level, from server farm optimisation to supporting an enterprises remote workers. It is also a field where vendor offerings continue to develop at a rapid pace and organisations need to look for standards support to ensure they do not become locked into proprietary single vendor solutions. To be successful, an organisation will need to ensure their monitoring and management systems are updated to ensure they have the ability to visualise the mixture of physical and virtual servers that we will all be using and managing in the notto-distant future. Alistair McLaurin is a principal consultant with IT optimisation consultancy, Intergence, which operates from Cambridge (UK) and Dubai (UAE).

Benefits of Hypervisors t Installation costs and overheads when implementing a hypervisor are low t Virtual machines can always be created with the same processor power, memory, network access specifications t Operating systems can be created and deployed as images for standardised virtual machines t New installations of an OS take seconds rather than hours

You're Always On. We're Always On. Dubai i intern net city Building no 10, offices 312, 311 1 Dubai, , UAE Telephone: 00971 14391 11621

Darren Parkes says as a network consultant, he sees companies trying to improve on mobility and productivity.

Darren Parkes, HP EMEA Network Consulting Portfolio lead explains his professional role and how he helps guide clients to develop networks that will support their future business CAN YOU EXPLLAIN WHAT EXACTLY NETWORK CON ONSULTING G IS AND D HOW IT T WORKS? Basically we act as agents to our clients and help them get through all the decisions and choices they may have to make when implementing new network technologies. What we really try and focus on is to quite deeply understand what an enterprise’s challenges are, what their business problems are, and then understand what they are trying to achieve and where they are going. Sometimes we get information that shows their business challenge is trying to make more users mobile, but then we go deeper into understanding how that is linked to the clients business. Very simply our approach is no more complicated then understanding where clients are today and where they want to go and how they are

“Most enterprises I work with want to transform, but do not want to rip and replace because they have a business to run and they cannot just do that.” going to get there. The ‘how they are going to get there’ is the difficult part, it is all the choices a company has to make to get to their goal – we are the change agents or honest brokers to get them through that range of choices. We really understand what clients aim to do, then build IT to flow after that understanding, instead of going in and recommending technology straight away.

DO Y YOU HAV AVE TO DEA EAL WITH A LOT OF LEGA GACY TECH HNOLOG G Y? Most enterprises that I work with want to transform but do not want to rip and replace because they have a business to run and they cannot just do that. So then what normally emerges is a series of discreet projects, each one builds on the other so that when they are finished it takes the company to that transformed state.

36 June 2012 Vol.18 No 6

Clients that I speak to want quick wins, I expect it is because some of the IT people I speak to want quite quick results. We might work with them to optimise their environment based on legacy infrastructure, it might be making sure users can access your application, upload, download, do whatever they need to do with that content, if that is what is important to you in the first phase, that is what we will do. If we get into the area of big broad blueprint designs for the future, then we will get into the way the network may look for the future, so that may be cloud infrastructure, virtualised networking. What we don’t want to do in year one or month one is implement something that will have to be replaced in year three - unless of course that is the only way.

WHA AT KIN ND OF TRENDS S ARE YOU SEEING G IN THE E NETW WORKIN NG SPA ACE? Some of the biggest trends in terms of business topics are increased productivity in enterprise networks, mobility, cloud and IPV6. IPV6 from my experience is on the tick list of things enterprises need to have an opinion on. Some clients are getting deeply into IPV6 adoption and it is taking up quite a lot of their time. They are also looking at productive resources, which is mobility and collaborative resources, not just mobility, it is also things like video contact centres and how that is bound together.

WHO O ARE YO Y U WORKING G WITH IN THE MI MIDDLE EAST? I can tell you we are working with a bank in the Middle East, they had serious issues in a test and development network environment. They used to have businesses coming to them and saying ‘We want to be able to model our Forex exchange position and see the risk of that position,’ but in essence they were not able to build a test environment to test that risk, not just stress test it, but test the finance systems based on regulatory compliance, and test the network in a simulated way to check vulnerabilities. It used to take them many, many weeks and months of different resources, network, storage, server and application resources, so what we did with them was work on a transformation of their test environment which was successful and they are now engaging it.

Nicolai Solling, director of Technology Services at help AG tells Network Middle East why it is time to migrate to next-generation firewalls


he firewall has long been the vanguard of enterprises’ efforts to effectively protect their networks from the multitude of internet threats. In its simplest form, a firewall is a means of access control, preventing outsiders from accessing private company data and controlling what external resources the employees have access to. Traditional firewalls, introduced as far back as the mid-1990s have limited visibility into the contemporary web-based network landscape. Thanks to the explosive popularity of Web 2.0, application delivery is now possible through a variety of means - AJAX based applications, Java based applications, Hypertext Preprocessor (PHP), Active Server Pages (ASP) and .Net. When it comes to controlling such applications, a traditional firewall just doesn’t make the grade.

WHAT ARE NGFW’S? Next Generation Firewalls (NGFW) combine the features of traditional firewalls along with intrusion prevention, application identification and control, and user and group policies into a single highperformance application. These firewalls are ‘applicationaware’ in that filtering is based upon the type of application or traffic traversing the ports. These devices can even discriminate between applications that share the same port allowing

enforcement of highly granular policies, such as permitting access to Facebook while blocking the gaming applications on the site, or blocking file sharing applications or proxy services, while permitting the flow of HTTP traffic through the firewall. Apart from addressing security concerns, NGFWs offer bandwidth control. Because of application awareness, NGFWs perform quality of service functions, so higher priority applications are accorded a higher percentage of bandwidth. In the Middle East, where the cost of bandwidth is still prohibitively high, a device which addresses this concern in addition to its primary functionality is a welcome solution. Many of the features of NGFWs were first promised by Unified Threat Management (UTM), but UTM systems have inherent performance issues when enabling advanced security features. This is due to the fact that UTM systems are just classical firewalls and while they offer bolt-on features such as antivirus, IPS and URL filtering, the basic processing of packets is still done in sequence. One of the reasons companies are wary of jumping on the NGFW bandwagon is because they burned their fingers with UTM so-

lutions and are afraid that NGFWs too will raise similar performance issues. However since NGFWs classify traffic based on signatures and perform security inspection in parallel, they do not suffer the same pitfalls as UTM. MIGRATING TO NGFW IT departments today are asked to do more with less, which is why next-generation firewall

Expert’s Column

The Future Now

June 2012 Vol.18 No.6


Nicolai Solling says that companies must get on the NGFW bandwagon.

One thing organisations need to ensure is that the firewall software supports sufficient features for the rules migration from legacy firewalls. Many enterprises are still required to run two levels of firewalls and it is acceptable to operate a classic and a NGFW. This may even be desirable during the migration phase to allow for the optimisation of the NGFW or to allow complete reorganisation of

“Next Generation Firewalls (NGFW) combine the features of traditional firewalls along with intrusion prevention, application identification and control, and user and group policies into a single high-performance application..” technologies are an attractive option, both from a technical as well as a financial perspective. Next-generation firewalls perform multiple functions such as IPS, URL filtering, proxies and network antivirus thereby eliminating the need for separate devices for each of these which in turn brings about significant reduction in operational expenses. When migrating to next-generation firewall technology, customers must be aware of the new features so as not to lose out on any of the functionalities offered.

the policy set taking into account the increased visibility and control offered by the new system. Two prevailing trends in the Middle East IT industry have been the rise in the number of hacking attacks and the gradual shrinking of IT budgets. Through the adoption of all-in-one solutions CIOs can tackle both problems simultaneously. The bottom line is that organisations that fail to do so are at the risk of falling behind the competition. Next-generation firewalls are here to stay - be safe rather than being sorry!

Managing aging Your Network

40 June 2012 Vol.18 No.6


Your Network Network management has never been straighforward, but with the advent of big data and BYOD, things have become a lot more complicated, writes Piers Ford


etwork management used to be a relatively specific and straightforward process focused largely on keeping the network up and running. Today it is a far more sophisticated task, in which the issue of network performance looms large at every turn, thanks to the demands of the enterprise, with its reliance on data availability and integrity, and end-users who expect the same quality of service regardless of the device or application they want to access. With data in all its variety constantly jostling for priority across the network, minimising any disruption to the delivery of data packets caused by delay, loss, throughput or retransmission problems is a priority for businesses across the Middle East. A range of network performance and monitoring tools has emerged to meet growing demand for ways to streamline data delivery across infrastructures that, with the arrival of the cloud at the heart of enterprise computing, are more complex than ever. “The world is moving on to a new generation of IT applications and working habits that dramatically affect networks,” says Lee Reynolds, managing director at specialist distributor Computerlinks, which supplies Exinda’s Unified Performance Management solutions for WAN optimisation. “Trends such as Bring Your Own Device [BYOD], which sees an increasingly mobile workforce which expect to access the network wherever they are, and a growing number of cloud-based applications taking up more space on the network, are key developments network managers are having to deal with.” Reynolds says that the IT department is effectively losing its ability to determine or anticipate network usage as it becomes more fractured, unpredictable and user-controlled. “There is also a move towards VoIP, SaaS, video delivery and hosted cloud traffic all becoming regular features on the business network,” he states. “Therefore it is critical that IT departments find a next-generation WAN optimisation solution to provide the necessary visibility and control to guard against an overworked network.” In a region where so many businesses have an infrastructure based on networks of remote offices, the adoption of

“Because most networks deploy performance monitoring at the infrastructure level only, whenever there is a problem we tend to dive to the network elements looking for bits and bytes, whereas we should drill down from the enduser and application level, with some context, to trouble-shoot.” MAAN AL BACHARI, SYSTEMS ENGINEER AT CISCO.

June 2012 Vol.18 No.6 41

Jonas Zelba from Frost & Sullivan says that the increase in data traffic, demand for higher bandwidth and reduced spending has made managing the network a tough job.

new technologies and access devices has further complicated the issue by driving up bandwidth consumption, almost to breaking point, according to Reynolds. “Crucially, the region has undergone massive modernisation in recent years, which has brought its own complications,” he says. “For example, the UAE population grew from just over three million in 2000 to a staggering 7.5 million in 2010. Some 90% of this growth has been the ‘working expat’ which has brought with it predictably heavy communications expectations which have impacted on network usage. Countries such as Qatar, Saudi Arabia and Iraq are already in the early stages of similar growth, which explains why WAN optimisation technology has seen major growth in the region in the past three or four years.”

Florian Malecki from Dell SonicWALL, says that a comprehensive view of an enterprise network is compelling for SMBs.


Choosing the right tools to manage network performance in this rapidly evolving environment is a challenge, which depends on a variety of factors. While the network infrastructure itself has become the merged carrier for a multitude of applications and communications, monitoring performance does not necessarily require a big-ticket solution. For example, vendors like SolarWinds are taking a more interactive approach to product development and providing a viable alternative to traditional network management platforms. Its online ‘thwack’ community will allow customers to influence the type of network performance tools that are built, according to Sanjay Castelino, vice president of product marketing. “In terms of the future of network Issues Network Management performance tools, Software can overcome: we think the future of IT management software is Disruption to the delivery of data packets squarely grounded caused by loss/delay/throughput or in the idea that transmission problems companies [and Network outages arising due to faulty the people in configuration changes those companies] build complete Enterprise compliance issues products for other Wastage of skilled resources in repetitive people, to help configuration tasks them solve problems and remove Fractured, unpredictable and user-controlled complexity from networks their life,” he states. Heavy communications expectations that “The business impact network usage and technology benefits of using

network management or monitoring software for IT departments is to find software that makes your life simpler. Networks are a lot more complicated and for those managing them, the demands are higher and the resources are lower. The solutions are better software and tools,” Castelino adds. “The dynamics of enterprise networks are constantly evolving with servers and applications being virtualised, end points going mobile and cloud applications being introduced,” says Jonas Zelba, information and communication technologies analyst at Frost & Sullivan. “Many network optimising solutions have been created by introducing different products, which have contrasting operating systems, databases and even disparate user interfaces. These tools provide the application response time via packet seizure and review, but they do not scale across the entire network. With the continuous increase in data traffic, a steady growth in the demand for higher bandwidth and reduced overall expenditure, managing the enterprise network has altogether become an exceedingly daunting task for the network manager.” According to Zelba, network professionals need to consider a number of options when it comes to choosing the most appropriate Network Performance Management (NPM) solution.

FINE TUNING If scalability is important, for example, the NPM must be able

to keep up with the demands of large amounts of data collection and storage, which can create major challenges for status report generation. On the plus side, several systems can work together, increasing the power of a single reporter. If ease of installation is important, businesses might want to consider an appliance-based solution rather than a product hosted by multiple servers. These products have a built-in capacity to perform data collection along with monitoring and reporting network elements are simpler to operate, less expensive and easier to maintain. All-in-one NPM devices also allow key performance indicators to be measured and reports generated for the overall IT infrastructure, answering the requirement for real time visibility to a wide set of users. The ability to set up baselines, which allow the NPM to monitor performance and establish a measurement of ‘standard’ behaviour, raising alerts when there is a disparity in network usage, might be a priority for some enterprises. For others, it will be more important to choose an NPM that provides integrated workflow capability, allowing the network administrator to navigate from a macro to a micro view of network performance data – analysing and solving problems more quickly. Measuring efficiency through the ratio of the number of IT infrastructure elements monitored to the number of personnel June 2012 Vol.18 No.6 43

Brocade. Rethink your campus LAN.

Š 2012 Brocade Communications Systems, Inc. All Rights Reserved.

Marina Gil-Santamaria, from Ipswitch says companies must be aware of network issues.

required could be another enterprise requirement. “The starting point should always be to look at what is on the network and deduce how many devices, or elements, you need to be able to monitor to ensure optimum network availability,” says Marina Gil-Santamaria, director of product management and community at Ipswitch, whose WhatsUp Gold NPM targets large enterprises who want a 360-degree view of their network assets from a single pain of glass. “Then, through your network management tool, set various thresholds on bandwidth utilisation to ensure that you are aware of potential bottle necks and can make changes to the network infrastructure before it has the chance to go down,” she said. Like other NPM vendors, Ipswitch is meeting demand for an integrated platform that combines of network monitoring, application awareness and auditing capability with new functionality that allows users to drill down to specific devices and computers, enabling forensic attention to errors, and various degrees of auditing. At Orchtech, an Egyptian systems integrator, which includes WhatsUp Gold in its

Paul Sherry from Riverbed says the role of the network manager is changing.

portfolio, senior technical specialist Ahmed Basiouny states that businesses still treat network performance management as a reactive rather than a proactive process. In sectors such as banking and oil production, which have a lot of daily interactions between employees and clients, it is vital that the enterprise identifies and solves issues before the user is affected. “Measuring bandwidth utilisation and ensuring network uptime are important issues in the Middle East for a lot of enterprises,” he explains. “So they increasingly spend a lot of time monitoring the bandwidth utilisation of their employees. Especially lately, after the Arab Spring, employees are using a lot of bandwidth to follow up on the latest events and news, forcing IT departments to have more control and set thresholds rules across the network.” This is a typical picture of the challenges faced by network managers responsible for converged networks and the services that run across them.

PROACTIVE APPROACH Dell SonicWALL is another vendor that has taken the centralised management approach with its

The New Role of the Network Manager: - Network managers now have to understand how critical applications are being delivered to end-users - A network manager should evaluate the requirement of the NPM (Node Packet Manager) to help them monitor the services they are running - Network managers need to start looking into more holistic and application-aware tools to manage the network

Sanjay Castelino from SolarWinds says network managment software should make life easier.

NPM and analysis tools. Florian Malecki, EMEA senior product marketing manager, says the ability to visualise network traffic, plan easily and measure return on investment, troubleshoot and take a comprehensive view of network events is a compelling business proposition for SMBs as well as enterprises, leading directly to cost savings and more accurate billing for actual enterprise traffic usage. Dell SonicWALL has a number of high-profile customers in the Middle East, including Dubaibased Topaz Energy and Marine, Jacky’s Electronics and Jarir Bookstore in Saudi Arabia – all of which have solved congestion problems and maximised bandwidth availability by taking

tion level, with some context, to trouble-shoot. “The end goal should always be the user experience. A network manager should evaluate the requirement of the NPM in the best way to help them monitor the services they are running.”

NETWORK MANAGERS Delivering these services securely and efficiently will continue to preoccupy network managers for the foreseeable future, as networks and applications grow more complex. NPM vendors will press ahead with increasingly automated tools like Riverbed’s Cascade application-aware platform, which provides end-to-end visibility from the network perspective.

“Once concerned primarily with keeping the network infrastructure up and running, network managers are now tasked with understanding how critical applications are being delivered to end-users.” PAUL SHERRY, REGIONAL DIRECTOR, RIVERBED, MIDDLE EAST AND AFRICA. a proactive approach to network performance management. “The basic approach is not enough, and network managers should start looking into more holistic and application-aware tools,” states Maan Al Bachari, systems engineer at Cisco, which includes NPM tools in its Prime network management portfolio. “Because most networks deploy performance monitoring at the infrastructure level only, whenever there is a problem we tend to dive to the network elements looking for bits and bytes, whereas we should drill down from the end-user and applica-

“The role of the network manager is changing,” explains Paul Sherry, regional director Riverbed, Middle East and Africa. “Once concerned primarily with keeping the network infrastructure up and running, network managers are now tasked with understanding in detail how critical applications are being delivered to the endusers. The ideal solutions will offer end-to-end visibility into the performance of the enterprise network applications, and features to quickly identify and resolve performance and availability issues.” June 2012 Vol.18 No.6 45

Kuzbari says that many IT departments are misinformed when it comes to virtual machine security.


Protecting the Virtual Machine Network Middle East speaks to Tarek Kuzbari, MD of Kaspersky Lab Middle East and Turkey about Kaspersky’s Security for Virtualisation and how to secure virtual machines

WHAT IS THE DIFFERENCE BETWEEN PROTECTING VIRTUAL MACHINES AND PROTECTING TRADITIONAL SERVERS? Actually it is the same and this is where the misconception is happening. Unfortunately people believe that when they provide protection for their server and then install a virtual machine on that server, the protection provided on the software level for the physical machine will be the same for the virtual machine, which is not true. In reality, every virtual machine can be considered and treated as a separate physical machine with its own operating system, which also has the same challenges and same risks and vulnerabilities as any other physical machine will have. This is why the need for protection of servers or workstations that host virtual machines is becoming a must and is not optional. ARE THE MALWARE OR VIRUSES ATTACKING VIRTUAL MACHINES DIFFERENT FROM TRADITIONAL CYBER-THREATS? The types of the attacks are exactly the same as on normal machines and cyber-criminals are trying to benefit from the misconception that virtual machines are different from normal machines, but it is all the same. It is the same misconception with virtual machines as we see for example with Mac – people believe that on Mac there are no malware or Trojans but unfortunately it is not so. Growth in malware has been exponential; one year ago we were talking about 30,000 malware per day detection, now it is 70,000 per day. We are talking about one malware every second. Cyber-gangs are expanding their sights and really targeting business to business customers. WHAT PROTECTION SHOULD COMPANIES HAVE FOR THEIR VIRTUAL MACHINES? In the virtual machine security space there are different protection methods; either the IT manager decides to provide no

46 June 2012 Vol.18 No.6

protection, so they install no antivirus or security software, or they decide to provide protection. When we look at providing protection, there are three scenarios that we see. First of all is to install the anti-virus or security suite protection on the physical level without providing the protection for the virtual machines. We see risks in that model. The second scenario is to install the security suites on all the virtual machines as well as the physical machines, this is called agent-based. The third model is called agent-less and this is where the Kaspersky Security for Virtualisation comes in. The KSV virtual appliance can provide security to the physical machines as well as virtual machines from a single layer. What we are offering with Kaspersky Security for Virtualisation is, instead of having different software on each virtual machine, as in the agent-based model, you just have one layer where you can provide all the protection you need for the resources and resource management. The main advantage is that you provide the protection you need on the virtual machine and at the same time you are keeping the flexibility for these work machines and you don’t have to sacrifice resources for the same task on different virtual machines. Kaspersky Security for Virtualisation is delivered as a virtual security appliance that integrates with VMware vShield Endpoint to provide agent-less, anti-malware security based upon Kaspersky Lab’s anti-malware engine. It is developed from the same code-base as our endpoint security products, and is designed to avoid the complexity and resource-drain associated with security programmes that typically ‘bolt-on’ acquired technology for virtual environments. WHAT ARE THE ADVANTAGES OF AGENT-LESS VIRTUALISATION SECURITY? - Improved virtual machine performance: Storage space is not

being utilised by the anti-virus solution. - Unified management: You only manage one layer, not different virtual machines in your network. Sometimes we see thousands of machines running on a virtual network and running one layer is much easier. - Return on investment - When you are running virtual machines, you are already considering how you can utilise resources effectively and if you have a solution installed on each of your virtual machines that means you are consuming resources, memory, hard disk etc and by applying this new model you can increase efficiency and ROI. DO ANY OF YOUR COMPETITORS HAVE SIMILAR VIRTUALISATION SECURITY SOLUTIONS? One or two competitors do have similar solutions. WHAT ARE THE COSTS INVOLVED IN SWITCHING TO VIRTUAL MACHINE SECURITY? The implementation cost is actually lower, if we are talking about virtual machines running on one physical machine, in the old model, the customer is buying 50 different licenses for each virtual machines, but on the new model they only have to buy one license and can use it for any number of virtual machines they have. WHAT DO YOU THINK THE BIGGEST ENTERPRISE SECURITY THREATS WILL BE IN 2012? In 2011-2012 there have been a lot of targeted attacks on enterprises and governments for different reasons. We see political reasons for example the cyber-attacks earlier this year on banks and government sites. It was just to affect business. There are lots of attacks targeting special organisations, such as the Stuxnet and Duqu viruses and the recent malware in Iran. In our region, we see the level of such attacks increasing. We are trying to link more closely with government agencies to try and assess and help with these victims. It is very challenging as we donâ&#x20AC;&#x2122;t see lots of reporting for any organisation that has been a victim of an attack,we see lots of cases where they cover it up, so we cannot solve or provide protection for other organisations if we cannot share this knowledge and talk about it publically. HOW CAN COMPANIES BE ENCOURAGED TO SHARE INFORMATION ABOUT CYBER-ATTACKS? I think we should develop a framework with government organisations, where if a company is targeted there are procedures for reporting the attack and keeping it anonymous. In different European countries it is mandatory for any organisation who has been a victim of any kind of cyber-attack to report back exactly what kind of attack it was and to cooperate with government agencies. In the United Arab Emirates for example, we do not see the current framework either legal or organisational in place to support such kinds of reporting.

Kaspersky says that the malware and viruses that attack virtual machines are identical to the Trojans and viruses that attack physical machines.

Sometimes you can see infrastructures have spent billions on security, but then the IT manager sticks a username and password on a piece of paper and puts it on his desk. So even implementing policies is being compromised by the lack of knowledge or misbehaviour of employees. So really it is about education, it is about policies and it is about the law and finding solutions.

Two virtualisation security models Agent-based: Protection installed on each virtual machine - risks include consuming different memory sizes, hard disk space, different resources in all the virtual machines. Agent-less A system where a virtual appliance provides security to the physical machines as well as the virtual machines through a single layer of support, so if any IT person adds different virtual machines, they will be immediately protected.

June 2012 Vol.18 No.6


The Kuwait Ministry of Health turned to Trend Micro solutions to help secure confidential patient records and research data

The only issues faced during the implementation of the new security solutions was having to manually remove legacy security software, says Trend Micro’s Patil.


uwait has one of the most developed healthcare systems in the Gulf region, with services delivered by the Ministry of Health at approximately 90 primary healthcare centres, hospitals, and specialty centres across the country. As a healthcare provider, the Ministry has the responsibility of protecting patient privacy, said Hussain Eidan, operations manager, Information Systems Department, Ministry of Health, Government of Kuwait. “Our main security strategy is focused on protecting our data—it is crucial that we protect personal patient information from leaks and hacking. These are the main challenges. we are facing. We also have research and study teams in the organisation, and must protect all of the data associated with their work,” said Eidan. To block malware and other security threats, the infrastructure was originally protected by solutions from two leading security vendors, but a few years ago, the Ministry’s Information Systems Department became dissatisfied with the security products in place. “Rolling out the previous software, maintenance, and support were not at the level we expected,”

Case study

June 2012 Vol.18 No.6


said Eidan. “When we started getting a lot of calls about infections, we began to think about switching security vendors.” SOLUTION Dissatisfied with the level of protection and management complexity offered by the original security solution, the Ministry of Health’s technology team approached Trend Micro. After researching and testing several security products available in the market, the Ministry decided to switch to Trend Micro Enterprise Security solutions. “We found that Trend Micro was best for our environment, and our evaluation results were also supported by recommendations from consultants that we respect,” said Eidan. Today, the Ministry of Health’s infrastructure is protected by Trend Micro Enterprise Security for Endpoints, which also includes Trend Micro OfficeScan. Trend Micro Enterprise Security products and services are powered by the Trend Micro Smart Protection Network infrastructure that delivers advanced protection from the cloud. Threats are blocked in real-time, before they reach hospitals or healthcare centres. The

bulk of ever-growing pattern files are kept on central scan servers rather than individual endpoints, keeping the agent footprint small and reducing the need for frequent signature updates. “As a critical arm of the Kuwaiti government, the Ministry of Health is tasked with keeping the nation healthy,” said Eidan. “The IT infrastructure of the ministry is among the best in the region and Trend Micro OfficeScan is crucial to our security.” Recently, the Ministry participated in the beta testing of the newest release of Trend’s endpoint solution OfficeScan, which is designed to handle the rigors of virtual desktop environments. “OfficeScan, with Smart Protection Network, gives us a very strong solution that includes

in-the-cloud reputation checking,” said Eidan. “The latest release of OfficeScan is one of the finest products from Trend Micro, to date. It will save us time in terms of management, and the enhanced plug-in integration is very good - OfficeScan now includes a Data Loss Prevention [DLP] plug-in that will increase our data protection without increasing our management efforts. “DLP will help us better protect our data—some departments can use this new built-in capability to prevent leaks. This gives us an extra layer of protection for sensitive information,” he added. Besides the enhanced plug-in integration and DLP capabilities, the Ministry is taking advantage of other new features in the release. “USB device control features and

Ministry of Health, Kuwait One of the largest ministries in Kuwait, the Ministry of Health was established in 1936. At present, the healthcare network in Kuwait is one of the best in the Gulf region and among the finest in the world. Kuwaitis receive medical services at government clinics and hospitals free of charge. Public healthcare is maintained by a network of primary and secondary health centres and specialised hospitals and research institutions.

May 2012 Vol.18 No.5





"DUJWF%JSFDUPSZJOUFHSBUJPOHJWF us more control and make our jobs easier,â&#x20AC;? said Eidan. â&#x20AC;&#x153;Scan performance is also a major improveNFOUÂ&#x2030;UIFOFX0Ăł DF4DBOIBT SFEVDFETDBOUJNFTCZw The Ministry plans to deploy the production version of the new release to all sites, and is using the

50 May January 2012 2012 Vol.18 Vol.18 NoNo 6 1

DLP plug-in device blocking features at crucial protection points. DLP will also let them monitor the movement of sensitive data, and introduce controls or adjust policies appropriately. ISSUES FACED: The Ministry said that there were

The Ministry of Health says that the new Trend Micro security implementation ha helped them reduce bandwidth use for applications.

few problems during the Trend deployment, although Trend did have to manually clean some of the machines within the Ministry of Health network. â&#x20AC;&#x153;Using the old anti-virus there were infections in the network, we had to do manual cleaning of the machines. Some machines did not have antivirus installed and they were working as an infection source and were threatening the entire network â&#x20AC;&#x201C; the servers and the database server,â&#x20AC;? said Eidan. Ravi Patil senior technical account manager at Trend Micro said that the uninstallation of the old anti-virus was the biggest challenge because it had corrupted in some places and had to be manually removed. â&#x20AC;&#x153;Most of it was done automatically by our product, but on a few machines we had to uninstall the old anti-virus software manually to update the new software and keep it running,â&#x20AC;? he said. RESULTS By deploying the new version of Trend Microâ&#x20AC;&#x2122;s solution which features Smart Scan technology, bandwidth usage has been slashed for remote locations.

â&#x20AC;&#x153;We have major issues with the bandwidth especially in remote locations, so basically critical applications in remote locations could not be accessed or we would have a hiccup in the bandwidth. With the new anti-virus we have smooth operations,â&#x20AC;? said Eidan. The old antivirus was automatically uninstalled on the implementation of the new anti-virus client on the majority of the machines, and the solution was fully deployed in 90 locations within a three-week period. â&#x20AC;&#x153;We have found [the latest release of] Trend Micro OfficeScan to be an excellent and very dependable product,â&#x20AC;? said Eidan. OfficeScan helps the Ministry tailor security across the various departments and sites, and helps it configure Smart Protection servers to optimise the network utilisation for updates and speed up the time to protection. â&#x20AC;&#x153;We can tailor policies to introduce the control and protection that group of users needs and each database requires. Protecting our data is our top priority. With this release of OfficeScan, we gain a very comprehensive data leakage solution,â&#x20AC;? said Eidan.

John Siemon,CTO and VP Operations at cabling specialist Siemon, says that shielded cabling is the best cabling option for 10GBASE-T networks.

June 2012 Vol.18 No.6



Alien Crosstalk and

how to stop it John Siemon, CTO and VP Operations of cabling specialist Siemon explains shielded cabling and converged cabling


etwork and cabling solutions provider Siemon is conducting a global tour to educate the marketplace on the benefits of shielded cabling over legacy UTP, or unshielded twisted pair cabling. Siemon is also discussing the adoption of 10GBASE-T networks, which is being driven by equipment from Cisco, Intel and HP. 10GBASE-T, or IEEE 802.3an2006, is a standard released in 2006 to provide 10 Gbit/s connections over unshielded or shielded twisted pair cables, over distances up to 100 metres. 10GBASE-T has latency in the range 2 to 4 microseconds compared to 1 to 12 microseconds on 1000BASE-T. As of 2010 10GBASE-T silicon was available from several manufacturers with claimed power consumption of 3-4 W per port at structure widths of 40nm and with 28nm in development, power will continue to decline. “10GBASE-T is here. We have been talking about it for a long time, it is poised to take off this year and is fuelled by numerous announcements at the recent Interop conference in Las Vegas. We feel very strongly that even though there is some recognition of Cat6 in operations in 10GBASE-T we think that attempting to run 10G over Cat6 is a mistake. We very strongly believe that shielded cabling is the best solution for any 10GBASE-T network and we are emphasising that point in our seminars.” says John Siemon, CTO and VP Operations for Siemon. SHIELDED CABLING The primary reason shielded cabling is best for 10GBASE-T is that, although the chipset for 10GBASE-T is very advanced in terms of its ability to cancel out and accommodate internal noise from the twisted pair cable, one major limitation is its tolerance to external noise, the uncorrelated noise from other cables, known as alien crosstalk. “In addition to providing superior alien crosstalk

performance, the shield provides general immunity to external noise for 10GBASE-T networks,” states Siemon. Siemon says that 10GBASE-T data centres will further the broad-based market adoption and acceptance of shielded twisted pair solutions. “As far as we are concerned, the cabling of choice for 10GBASE-T should be shielded twisted pair because our models show that a typical 100m, 4-connector Cat6A shielded channel provides 80% higher channel capacity than a comparable Cat6A UTP channel up to 500MHz.Considering the relatively small cost differential between Cat6A UTP and shielded systems, the channel capacity provided by the latter make it the clear winner,” adds Siemon. One of the limiting factors of 10GBASE-T is alien cross talk, but there are alien crosstalk mitigation methods which provide spatial separation between the cables and create a distancing effect between each of the cables. “The crosstalk between pairs within a cable is controlled by varying the twist rates, which has enabled twisted-pair to perform well up to the maximum frequencies specified for 6A. Alien crosstalk is dominant between like-coloured pairs when cables with the same basic construction are grouped into a bundle. When bundled, likecoloured pairs, which have the same twist rate couple strongly when they are not separated by a shield. Although Cat6A UTP cables contain design elements that control this type of coupling,

they are not as effective as a shield in reducing alien crosstalk,” according to Siemon. Currently in data centres density is a major consideration. Because space often comes at such a premium, the tendency is to push pathway fill to the limit. In circumstances when pathways are filled to capacity, the cable is subject to significant strain, which effects alien crosstalk performance far more for UTP than it does for shielded cabling. “To mitigate alien cross-talk issues, a study that was done by a major field test instrument supplier last year indicated that in just a 24 cable bundle, to trouble shoot alien crosstalk for one cable would take about 20 minutes and to troubleshoot all 24 cables would take over three hours and 40 minutes. Those times will only provide a diagnosis. If there are alien crosstalk failures, corrective actions can take far longer. The point is that you are much less likely to have those issues with shielded systems,” says Siemon. According to the company, the cabling industry grew up with unshielded twisted pair, especially in the US-based systems and there are some markets that have embraced shielded systems for a long time such as Germany and France. CONVERGED CABLING According to Siemon, it is also an exciting time for converged cabling, because like 10GBASE-T it has been talked about in the market for a long time. “We are seeing that the market leaders in building subsystems such as security, access control, Shielded twisted pair cables have foils to prevent alien crosstalk.

air conditioning, lighting and fire safety have started to embrace converged IP-based networking, which will lead to a broader adoption of twisted pair in much the same way that convergence occurred between voice and data services decades ago. One of the key enablers for the use of structured twisted-pair cables is that devices and controllers for these subsystems don’t necessarily need to be located in areas with ready access to power. Being able to provide that power through a twisted pair channel provides numerous benefits. “One benefit is that it is less costly to deploy. Another is that a Power over Ethernet [PoE] solution provides continuity of service during a power outage as long as the PoE switch is properly backed-up,” says Siemon. “We have just come from Doha and seen all the buildings there utilising converged cabling to some extent. One of our partners claims to have 80% market share in Doha using Siemon cabling.” Although this claim may seem provocative, the great extent to which the Doha market has embraced structured cabling for buildings having converged services indicates the high market potential for this type of solution in the rest of the Middle East region, according to Siemon. New construction and building renovations benefit from a converged system because they are using a common standardsbased twisted-pair infrastructure for all. GLOBAL EXPANSION Siemon is 109 years old and was originally based in the US. In 1990 the company made its first global expansion into Europe and the Middle East, and it has been present in the Middle East region for 20 years. Siemon’s roots are in structured twistedpair and fibre cabling, but the company now considers itself to be a specialist in IT infrastructure and has expanded to include racks and cabinets for data centres, intelligent patching, cooling and power. June 2012 Vol.18 No.6 53

June 2012 Vol.18 No.6

Expertâ&#x20AC;&#x2122;s Column


Top five mistakes in embracing the cloud

Bashaireh says that companies need to be aware of the laws governing data privacy in the country in which their data is held.

Bashar Bashaireh, regional director, Fortinet Middle East on the common mistakes enterprises make when deploying cloud and how to avoid them


his year, cloud computing is definitely poised to gain importance among enterprises. CIOs are now convinced that when properly implemented, cloud computing can dramatically improve the firmâ&#x20AC;&#x2122;s agility and productivity while cutting infrastructure cost. Companies large and small will move significant parts of their operations to the cloud in the next one to two years. Yet, while every organisation wants a piece of the cloud action, not all of them will get the results they desire. Bashar Bashaireh, regional director of Fortinet Middle East outlines the five top mistakes that enterprises make when adopting cloud and what they should do to make sure cloud implementation is smooth.



NOT OPTING FOR THE RIGHT CLOUD MODEL There are several models of cloud deployment to choose:

Public cloud: This is owned by a cloud provider and made available to the general public on a multi-tenant, pay-asyou-use basis. Private cloud: Owned and deployed by an organisation solely for internal use. Community cloud: This is cooperatively shared by a set of tenants, often from the same industry. Hybrid cloud: This spans the cloud deployment models listed above, enabling applications and data to move easily from one cloud to the other. Each type of cloud deployment offers its advantages. The factors to consider before adoption are the business criticality of the applications the firm wants to move to the cloud, regulatory issues, necessary service levels, usage patterns for the workloads and how integrated the application must be with other enterprise functions.


Your cloud security and corporate security policies must be integrated. Instead of creating a new security policy for the cloud, however, extend your existing security policies to accommodate this additional platform. To modify your policies for cloud, you need to consider similar factors: where the data is stored, how the data is protected, who has access to the data, compliance with regulations, and service level agreements. When properly done, adoption of cloud computing can be an opportunity to improve your security policies and overall security posture.



Do not assume that your data is automatically secure just because you use a service provider. You need to do a comprehensive review of the provider’s security technology and processes, and check how they secure your data and their infrastructure. Specifically, you should look into the following: Application and data transportability: Does your provider allow you to export existing applications, data and processes into the cloud? Can you import these back just as easily? Data centre physical security: How does the service provider protect its physical data centres? Are they using SAS 70 Type II data centres, and how well trained and skilled are their data centre operators? Access and operations security: How does your provider control access to physical machines? Who is able to access these machines, and how are the machines managed? Virtual data centre security: Cloud architecture is key to efficiency. Find out how the individual pieces like the compute nodes, network nodes and storage nodes are architected, and how they are integrated and secured. Application and data security: To implement your policies, the cloud solution must enable you to define groups, roles with granular role-based access control, proper password policies and data encryption (in transit and at rest).




Never think that outsourcing your applications or systems means you can abdicate responsibility for data breach. Some SMBs have this misconception but you must understand that your company is still ultimately accountable to customers and other stakeholders for the sanctity of your data. Simply put, it is your CEO that risks going to jail, not the cloud provider’s.

One of the top mistakes enterprises need to be aware of when implementing cloud is not opting for the right cloud model


Data that is secure in one country may not be secure in another. In many cases though, users of cloud services don’t know where their information is held. Currently in the process of harmonising the data laws of its member states, the European Union favours very strict protection of privacy, while in America, laws such as the US Patriot Act, give government and other agencies virtually unlimited power to access information belonging to companies. Always know where your data is held. If necessary, store your data in more than one location. It is advisable to choose a jurisdiction where you will still have access to your data should your contract with the cloud provider be unexpectedly terminated. The service provider should also be able to give you flexibility on where you want your data to be held. The bottom line is that the adoption of cloud technology must come with risk mitigation steps, and firms are well served to plan for and act upon these steps from the very beginning, so that returns on their cloud investments can be maximised. June 2012 Vol.18 No.6


June 2012 Vol.18 No.6



Carl Herberger, former Pentagon advisor says that cyber-criminals have developed more advanced means of attacking companies and governments.



Carl Herberger – former Pentagon security advisor and vice president, Security Solutions at Radware talks Network Middle East through future threats facing enterprises Cyber-crime is getting worse and cyber-criminal’s tactics are getting more and more advanced, according to Carl Herberger, former Pentagon security advisor and vice president, Security Solutions at Radware, who says that companies need to watch out for targeted attacks and attacks against physical infrastructure. “If you have attended the Black Hat conferences and listened to the strategies from cyber-warfare centres on cyber-warfare, the

cause physical problems with attack techniques,” he said. During Black Hat events over the last two years, there have been techniques shown that illustrate how cyber-criminals can take a security vulnerability and turn it into a security problem. Demonstrations showed how a cyber-gang can actually physically overheat a device to set it on fire. “In some cases a battery on a cellphone was set on fire and in some cases a printer engine,

“[targeted infrastructure attacks] will not only increase, in terms of their ferocity, but their tactics will change so that you can actually cause physical problems with cyber security techniques.” conception is that these attacks [targeted infrastructure attacks] will not only increase in terms of their ferocity, but their tactics will change so that you can actually

so now someone can target a vulnerability in a data centre and cause a tragic physical problem. These are the things that are worrying people,” said Herberger.

Since viruses like Duqu and Stuxnet have been effective and efficient, cyber-criminals will also be looking at these virus structures and trying to work out how to use them for their own attacks. “Stuxnet illustrated some really neat concepts to people that are up to nefarious things. The virus illustrated how a cyber-criminal can combine a multi-vector, multivulnerability engineered hack, together with a couple of zero day threats, a couple of vulnerabilities, a mission and some flexibility in design, and can achieve the attack you want,” said Herberger. Cyber-criminals have also recently developed an update to the Low Orbit Ion Cannon (LOIC), an open source network stress testing and denial-of-service attack application, written in C#. LOIC was used extensively by hacker group Anonymous in 2011 and 2012. The new update, the High Orbit Ion Cannon (HOIC), enables attackers to multiple targets at once.

“LOIC is a one-on-one tool so when you attack someone you can put in a single IP address, HOIC solves the problem of not being able to attack many people. Now you can amplify your attacks. Previously if you wanted to start an attack and you want to attack 1,000 people and used LOIC, you would need 1,000 people to administer it, or you had to do it sequentially. Today you can have far fewer people participate in the attack or, if you can gather up the same amount of people you can have far more targets to attack,” said Herberger. The other major feature upgrade on the HOIC attack system are ‘boosters’, which define the specific attack, allowing hackers to easily change modes. “The way I like to think of a booster is that it is like an airplane bomber and the booster is the bomb ordinance. That ordinance can change in characteristic almost immeasurably, to hit multiple targets,” said Herberger.

Security focus

June 2012 Vol.18 No.6


Sophos has introduced three new security suites - Web Protection, Data Protection and Complete Security.

Sophos introduces new security suites Sophos has introduced three new Complete Security Suites, which are designed to offer Sophos partners the tools they need to help their clients address evolving enterprise security challenges, such as the rise of consumerisation, advanced persistent threats and malware. “The evolution of Sophos technology and the new ‘Complete Security Suites’ represent a clear and forwardlooking vision to manage the advanced multi-vectored threats businesses face,”said Robert

Newburn, head of Information Security and Managed Services, Trustmarque. “Security never stands still and neither does Sophos. Through significant in-house development and tactical acquisitions they have built a set of integrated technologies simplifying security management, driving down costs and offering customers a mature set of proven tools to protect the enterprise endpoint, mobile devices and the gateway.” The Complete Security Suites, Web Protection, Data Protection

and Complete Security, combine functions such as endpoint, data and web and email protection, along with mobile device management and protection for Microsoft Exchange and SharePoint. “As a managed service provider, we are our clients’IT departments, so keeping management costs down is critical to our business,” said Marcus Bearden, vice president of technology, Carceron. “The centralised management of Sophos’Complete Security Suites will reduce

our administrative costs, thus reducing costs for our customers—a true win-win. Additionally, they will allow us to offer our clients a better value than an a la carte model while satisfying all their security needs.” The Complete Security Suites are also designed to shorten the sales cycle for Sophos partners as clients no longer have to evaluate individual solutions in order to solve each security challenge. Instead, they are able to offer solutions that work together across all points.

BT announces security innovations BT has announced innovations to its BT Assure security portfolio, which are designed to help organisations better address a wide array of security issues. The innovations focus on the risks posed by the growing presence of personal devices on corporate networks, the large scale deployment of cloud solutions and the challenges of

‘big data’, the large amounts of unstructured data inherent in contemporary commerce. “The best companies understand that commerce is ultimately a trust relationship. Technical ecosystems can however sometimes fail to meet their ambitions, challenging the trust between companies, their customers, and their supporting

players. Our customers face new opportunities to proactively lead with security, placing security firmly in the heart of the boardroom. By promoting intelligence and innovation through our BT Assure portfolio, we help our customers to identify, implement and deliver security where it matters most, building it into the heart of

the organisation rather than just bolting it on. Trust needs to be backed by a continuous investment programme in skilled people, as well as state of the art global infrastructure and security management systems. This is definitely the time to rethink the risk,” said Wael A El-Kabbany, managing director, Middle East & North Africa, BT Global Services.

SonicWALL has revealed its new firewall for small businesses.

June 2012 Vol.18 No.6

Security focus


SonicWALL debuts TZ 105, TZ 205 firewalls Intelligent network security and data protection solutions provider SonicWALL has introduced the SonicWALL TZ 105 and TZ 205, secure, high performing Unified Threat Management (UTM) firewalls for small business, retail locations, branch offices and distributed enterprises. The TZ 105 and TZ 205 are designed to provide strong, enterprise-grade security in a small form factor appliance and provide comprehensive protection against viruses, Trojans, key-loggers and other application layer attacks. The

TZ Series is designed to deliver highly effective anti-malware, intrusion prevention, content/ URL filtering and application control capabilities and offer broad, secure mobile platform support for laptops, smartphones and tablets. They feature support for native SSL VPN clients for Apple iOS and Google Android phones and tablets. The design of the SonicWALL Reassembly-Free Deep Packet Inspection engine allows the TZ series to provide full network security without introducing latency. For increased security, the new

TZ Series is designed to provide the ability to configure separate zones for network segregation with distinct security policies for each network segment. As a result, a virus in one department remains isolated and will not affect other groups or, for example, critical systems such as Point of Sale terminals. With the tools provided by the TZ Series appliances, IT managers can provide not only network access, but they can also drive network efficiency by actively optimising bandwidth and application usage at the user or group level.

Incorporating advanced networking features such as IPSec and SSL VPN, multiple ISP failover, load balancing, optional integrated 802.11n wireless and network segmentation, the TZ Series helps to delivers network connectivity, resilience and availability features to ensure uptime and accessibility. The wireless, network segmentation, virtual private network and centralised management capabilities of the new TZ Series are designed to enable network deployments that must meet Payment Card Industry compliance standards.

IBM reveals new security analytics IBM has unveiled new analytics, which uses advanced security intelligence to flag suspicious behaviour in network activities, and is designed to help better defend against hidden threats facing organisations. The QRadar Network Anomaly Detection appliance is designed to analyse complex network activity in real-time, to detect and report activity that falls outside normal baseline behaviour.

The analytics looks at inbound attacks and can detect outbound network abnormalities where malware may have already infected a ‘zombie’ system to send the corporate data outside the organisation. “Advanced attackers are both patient and clever, leaving just a whisper of their presence, and evading many network protection and detection approaches,” said Marc van

Zadelhoff, vice president of Strategy and Product Management, IBM Security Systems. “Most organisations don’t even know they have been infected by malware. An advantage of IBM analytics is that it can detect the harbingers of new attacks from the outside or reveal covert malicious activity from the inside.” Using advanced behavioural algorithms, the QRadar Network

Anomaly Detection appliance is designed to analyse disparate data that can collectively indicate an attack – network and traffic flows, intrusion prevention system (IPS) alerts, system and application vulnerabilities, and user activity. It quantifies several risk factors to help evaluate the significance and credibility of a reported threat, such as the business value and vulnerabilities of targeted resources.

Monday 15th October, 2012 Dubai, UAE

RECOGNISING EXCELLENCE IN ENTERPRISE COMPUTING Have your achievements acknowledged at the 8th annual ACN Arab Technology Awards 2012




For sponsorship opportunities, please contact: George Hojeige Sales Director, ITP Technology T: +971 4 444 3203 E:

Antony Crabb Sales Manager, Arabian Computer News T: +971 4 444 3398 E:

For nomination enquiries, please contact:

For table bookings and other information, please contact:

Mark Sutton Senior Group Editor T: +971 4 444 3225 E:

Michelle Meyrick Events Manager T: +971 4 444 3328 E:

To submit your nominations, or for more information, please visit:

June 2012 Vol.18 No.6

Security focus


Fortinet has confirmed that three UAE banks were the victims of DDoS attacks in Q1 2012.

Three UAE banks affected by Q1 DDoS attacks Three UAE banks’ online banking websites were the victims of DDoS attacks in the first quarter of this year, according to Bashar Bashairah, regional director of Fortinet, halting online transactions and services. One of the banks was under sustained attack from cybercriminals for a period of three to four days All of the attacks were successful for short periods of time and did manage to take the banks offline for a few hours at a time, said Bashairah. Some of the banks that were victims of the attack were

Fortinet clients and Bashairah said that Fortinet was able to limit the damage done by the attacks and get the websites back online soon after the attacks occurred. He estimated that due to the websites being offline, the banks could have suffered heavy financial losses. “Bringing a bank website down for even half a day still results in millions of dirhams of losses from website transactions,” said Bashairah. In January this year hacker group, IDF-Team, threatened to bring down the UAE Central

Bank and other financial and government websites in the UAE using distributed denial of service (DDoS) attacks. The UAE central bank foiled hackers’ attempts to bring down its website, the bank’s head of information technology (IT) told Reuters at the time. Hackers launched a DoS (Denial of Service) attack against the central bank website, in which the hackers bombarded the website with information, hoping to take it offline, Bob Thomson, chief manager of IT told Reuters in January. Telecoms operator Etisalat, the fixed line service

provider of the UAE central bank then blocked all access to the website from outside the UAE, stopping the hackers from bringing down the site. The IDF-Team said in a Pastebin post that they were planning to bring down the Saudi Arabian and Abu Dhabi stock exchanges, both sites were not breached during the Q1 attacks. Rashed al-Baloushi, acting director general of Abu Dhabi Securities Exchange told Reuters that its website was not specifically targeted. “We have been checking the database and no abnormal access took place.”

BT survey reveals BYOD risks A BT survey of more than 2,000 users and IT decision makers across 11 countries has revealed that risks to business are moving too fast for a purely reactive security approach to be successful. According to the BT ‘Rethink the Risk’ research results, the traditional secure outer perimeter of enterprise networks no longer exists and organisations now require

specific tools are required to measure, understand and address this new security reality. According to the research, cyber security threats, accidental or intentional data loss through employees, and increasing use of personal devices on employer’s networks are the three biggest security risks perceived by IT decision-makers. In particular, Bring Your Own Device (BYOD) is making

progress within the corporate environment, with 60% of employees using personal devices for work, with especially high usage in countries such as China and India (92% and 80%) The research also showed that 82% of companies say they already allow bring your own device or will do within the next 24 months, even though the trend is creating new security issues for organisations. Four

out of ten companies have experienced security breaches due to unauthorised devices. Of those companies that do have a bring your own device policy, securing devices was by far the biggest challenge at 74%. IT departments and power users, followed by company boards and senior management are the largest specific groups that are driving demand to be able to use their own devices.

June 2012 Vol.18 No.6

Last word


Challenging the Industry Nick Black, senior technical manager for Trend Micro reveals his views on the regional IT industry

Can you tell us how you began working in the IT industry in the UAE? I transferred countries with Citrix Systems after helping start the Citrix office in South Africa, I then transferred with them to the UAE as a Systems Engineer responsible for pre-sales activities across the Middle East region. What is the best and worst thing about the networking industry in the UAE? Generally organisations have built their infrastructure relatively recently which means there are no legacy issues to deal with. The worst thing is that organisations purchase state of the art technology but then it is implemented poorly, and so they do not get the full benefit of what they have paid for. Advanced specialist skills in the region still concerns me after nine years here.  

Systems as the no 2 employee in South Africa - I was able to have a direct impact on the success of this new office. What IT product or innovation should the IT industry watch out for this year? Thought controlled keyboard? No seriously – I think the mobile consumer space is very interesting at the moment, more importantly how to secure these devices seamlessly without removing functionality and performance.

Talk us through your usual daily routine at work. My days are generally filled with a mixture of global conference calls, customer calls and meetings, team calls and meetings and management meetings. This then means significant time investment in following up on actions that result from these meetings. I also allocate an amount of time each week to ensure the regional strategy is being followed and to realign team members when required.

Comparing the IT industry in the UAE to other countries, do you think it measures up or is lacking, and why? In all countries there are industry segments that are early adopters and others that are less concerned about technology. This is the same in the UAE. The technology is available in the UAE, financially organisations can generally afford to adopt cutting edge technology – but as I mentioned before, finding the right skills to implement and maintain high performing, highly secure and highly available IT solutions remains a major concern.  

What has been your proudest achievement in your career so far? When I was invited to join Citrix

What IT company, other than your own do you admire and why? Apple Inc – they continue to

challenge the industry in terms of innovation. They stick with what they believe in even if this means profits are reduced. Their attention to detail and quality are their top priority. Who do you look up to in your career? Ed Iacobucci, founder of Citrix and head of the IBM OS/2 Design Team. What do you do for fun? Ride quad bikes in the UAE Motocross championships and the Abu Dhabi Desert Challenge. What is one unusual thing about you? My boredom threshold is very low.


kin r o w

et n f les o u r the

HP is changing networking. Gone are the days of networks that are hard to manage, vulnerable to attacks, and expensive to maintain. With HP game-changing solutions, the status quo is history. The New Rules of Networking #1 Simplified network designs that are twice as secure1 #2 Up to 2x better performance for greater flexibility2 #3 Up to 65% lower cost of ownership3 Put the new rules to work for you. Outcomes that matter.

Copyright Š 2010 Hewlett-Packard Development Company, L.P. 1. Respondents from Infonetics September 2008 survey report that Tipping Point blocks 2.3x more threats compared to next-closest competitor 2. Based on line rate comparison between HP 12518 128x 10G (2.2 Bpps) and Cisco Nexus 7000 Series 18 (960mpps) 3. IDC white paper sponsored by HP, ROI of Switched Ethernet Networking Solutions for the Midmarket, #219843, August 2009

Network Middle East - June 2012  

Network Middle East - June 2012 - Volume 18 - Issue 6 "68 Pages" ITP Technology Publishing, Dubai, UAE