Trying to Envision the Future through Eyes of Today
#MWC15 What an incredible week it was at Mobile World Congress this year! With 1,900+ exhibitors and around 100,000 attendees it is hard to focus on any single topic or find a common theme among all of us. But through the many pitches and discussions, we are able to bring every concept together to find a couple ideas that were repeated throughout the show. Does IoT require a new Internet? The new and trendy hot topic of the congress was Internet of Things (IoT). Everyone is talking about IoT and how it is going to change how service providers and consumers are managing their lives. It is estimated that there could be anywhere from 20 billion to 200 billion connected devices by 2020. Keeping in mind that reality often exceeds expectations in technology, this is a bit overwhelming. IoT is still in the upwards phase of the hype cycle and it is hard to nail down any specific directions of framework around the IoT concept. There are companies talking about connected cars which will provide Internet access and functional capabilities within the vehicles. There are other companies looking to add more devices that the average human will carry around from connected health devices, to watches, to shoes. Everyone wants to be involved with the IoT movement, but few understand what is necessary for IoT to be successful. Many conversations revolve around security for IoT. Some are talking about the security of the devices and their capabilities such as Internet-enabled home surveillance. Others are talking about the security and integrity of the data for healthcare devices that may be online such as pacemakers or CPAP machines. But, IoT is in such an early stage of development, that it is hard to congeal a central vision or thought around what else we need to be thinking about to ensure a smooth and successful evolution. I had many discussions last week discussing an important issue that we may not be focusing our attention on, but is essential for IoT to become mature and accepted. The number of IoT devices connecting to the service provider network on a regular basis will be daunting and potentially overwhelm the mobile network’s infrastructure. The influx of the large number of connected devices does not only impact the consumers and the various application providers, but there is a very direct impact to the mobile service providers beyond the data growth. These devices behave differently from human-enabled devices that are pseudo-randomly initiated, these devices will automatically send updates on a regular periodic interval. As the number of devices increases over time, the number of simultaneous connections that will be occurring at any given interval point will eventually overwhelm the mobile service provider’s connection and registration infrastructure. This problem and others need to be investigated and addressed along with the potential security issues before we embrace the IoT vision of the future. Virtualization is not a fad, it is a reality Continuing its popularity from last year, virtualization, and specifically NFV, continues to be an extremely strong item of interest. Vendors are starting to progress beyond the first step of virtualization and are now asking each other how these virtualized functions will work together within the NFV architecture framework. NFV is proving itself to be more than a passing fad as vendors and service providers work to establish functional multi-vendor NFV deployments. As scenarios are being built in the labs and trialed in the field, everyone is coming to the realization that the true benefit of NFV is not the CapEx or even the OpEx savings that was initially outlined over 2 ½ years ago. The value of NFV is the delivery of cloud-like technologies to the service provider’s core network environment. It is the agility and elasticity - the bringing of services to bear efficiently, and the on-demand resourcing - through the abstraction and orchestration that delivers the value of the NFV architecture. There are more vendors discussing and demonstrating the requirements for the management and orchestration of NFV this year. There is a consensus that the virtualization vision of the future is not one where the entire network is virtualized. It is unrealistic to believe that existing hardware will be tossed aside in lieu of virtualized functions in every use case. There are situations where proprietary vendor delivered hardware is still the best choice due to cost, performance, or functionality. The network of the future will be a hybrid architecture with both proprietary hardware and virtualized solutions. What is important in this hybrid architecture is that the management and orchestration of this network be consistent and unified when working with physical and virtualized components. In an ideal scenario, the management and orchestration solution need not know whether a component is physical or virtualized. From a functional perspective, both versions of the service should look the same and be configured and managed in the same way. Not so stodgy after all Service providers are known as old school, slow moving, and taking a long time to adopt new technologies and concepts. This year, MWC has proven that this is not the case. NFV is less than three years old and we are already seeing mature architectures being built and tested. And while there have been Internet enabled devices almost since the development of the Internet, there is an explosive trend to bring IoT to bear in every way imaginable. It will be interesting to see these technologies along with others continue to transform the mobile service provider networks as the world continues to get more interconnected. These life-changing and network-altering technologies are the beginning of a new voyage towards the visions of our interconnected future. With a positive perspective, I look forward to seeing what the networks of the future hold for us as a global community, but only after a voyage of my own to recover from this enormous and insightful event! Bon Voyage!Why an Empty Glass is like a Key Mobile Service Provider Technology
"Speedy Gonzales (1955 short)" by Source (WP:NFCC#4) #MWC15 I was at a restaurant with some colleagues after the day of Mobile World Congress events today in Barcelona. Unfortunately, all the Spanish I learned was from the Warner Bros Speedy Gonzales cartoons. The people of Barcelona are great and most of them have a superb command of the English language. While we were ordering and eating our tapas which we selected off of the menu of options, one of our servers came by to refill our water glasses. I took this opportunity to ask the server for a separate empty glass so I could take some medicine I needed to mix with the water. The server looked at me with a puzzled look and I tried to explain again. ‘Please bring a cup. Empty,” I said as I used hand gestures to simulate an empty glass with the one he had just filled. Again, he gave me a look that signified he did not understand. “Cup. Empty,” I stated once again. He nodded this time and walked off. A minute later he was back with no cup, but our waiter was with him. The waiter said, “I am sorry. He does not understand you. What do you need?” “An empty cup, please.” I held up the medicine packet to show him why I needed it. “Ah. No problem. One moment.” And off they went as the waiter explained to the young gentleman what I needed. Finally, the server arrived with my empty glass. This brings up one of the issues that mobile service providers have that we sometimes gloss over or sweep under the table knowing it is being resolved in the future. The LTE networks need translation services like my waiter provided. Not for English or Spanish, but to switch the conversation from IPv6 to IPv4 and back again. The problem is that LTE networks are architected to use IPv6 addresses using 128 bits of IP address space while the Internet is still mostly IPv4, using 32 bits for each IP address. In addition, many service provider networks are not fully IPv6 either and they need this IP translation service to support the communications through their own infrastructure. Most LTE capable phones are designed to support IPv6. The Internet of Things, when it blows up to 50 billion devices by 2020 will have things with IPv6 addresses. This is necessary because there are not enough IPv4 addresses to support all of these devices. A carrier grade network address translation (CGNAT) solution is needed to provide IP address translation capabilities within the network. CGNAT may not have the buzz of IoT, nor does it have the public momentum of NFV, but it is still an essential technology to incorporate until the service provider networks and Internet fully support IPv6 addresses. CGNAT is deployed in most service provider networks to some extent, but it functionality and performance needs to be expanded to support this surge of new devices connecting to the LTE networks. A complimentary technology that I would be remiss to omit when talking about CGNAT is DNS64 services. DNS64 is the mapping of DNS addresses in IPv4 format to IP addresses in IPv6 format. This is critical because DNS is all about the mapping of names, or fully qualified domain names (FQDNs) to IP addresses which will be either IPv4 or IPv6. Service providers need to keep the CGNAT technologies in mind as they continue to build and expand their LTE networks, especially with the popularity of IoT. In my instance, I was lucky that I had my waiter to provide translation services between Spanish and English. The long term solution is for the server and/or me to learn each other’s respective languages. Only then will the waiter not be needed to always be around so we can have a conversation. In the service provider’s network the CGNAT solution (with DNS64) will always be needed until all of the devices and the Internet support a common a language, IPv6.Mobile Service Providers are missing a Key Security Issue - And it is not DNS
#MWC15 Barcelona is a great city, but with 100,000 people coming to the city for Mobile World Congress, it is expected that the criminals will come in force to prey upon these unwary travelers. When I travel, I am careful to protect myself from unsavory acts such as pickpocketing or physical attack. I avoid areas that may be dangerous and I take care to protect my personal belongings from theft such as keeping my wallet in my front pants pocket. But it is easy to become complacent and forget about possible ways to become a victim. When I am walking down a street, it is natural for me to have my phone out to look at the map for directions or use another service. My expensive smartphone is now out in the open for someone to run by and grab it. They will be gone before I even have a chance to react. Smartphone snatch and grab theft via The Times Mobile service providers are concerned about protecting their networks from DDoS attacks and intrusions that either degrade the performance of their network or expose sensitive information about them or their subscribers. One of the most common points of concern for the service providers is the DNS infrastructure. Every mobile operator has been hit by some DNS attack in the past, whether they are willing to admit it or not. Most service providers have implemented some level of protection against DNS attacks. But it is not only DNS that mobile service providers should be worried about. Many mobile operators have rolled out, or are rolling out Voice over LTE (VoLTE) services to deliver voice calls over the data network. To enable the VoLTE service, they need to have an IMS infrastructure in place to handle the SIP signaling to connect and monitor the VoLTE call status. Traditionally, before VoLTE, this IMS network has been closed and not accessible from the subscriber devices directly. Unfortunately, VoLTE changes that. VoLTE requires the smartphone to generate SIP messages to initiate a phone call. These SIP messages are sent to the IMS infrastructure intact. This means it is just a matter of time for malicious hacker to generate fake SIP messages that can reach the IMS services to deliver a DoS attack, obtain unauthorized services, or possibly even gain intelligence about the service provider’s subscribers or network configuration. Mobile service providers need to take a hard look at this portion of their network. They need to determine what needs to be in place in terms of security services such as an application-aware firewall, and/or DDoS protection solution to protect this newly exposed critical component of their infrastructure. Using a smartphone has changed my vulnerabilities and habits in the same way is VoLTE is forcing mobile service providers to re-inspect all aspects of their network as it changes the fundamental models that they have become accustomed to.Mobile Security That Just…Is.
Guest Blog by Jay Kelly, Senior Product Marketing Manager #MWC15 I believe that we can all agree that mobility is exploding, can’t we? According to an IDC report, the worldwide mobile workforce is expected to reach 1.3 billion people by the end of this calendar year (2015). That, according to the same report, represents a tad over 37 percent of the global workforce. And, according to a report from Intel, the number of mobile devices worldwide will top 50 billion – that’s billion, with a “b”! – by 2019. Staggering figures, aren’t they? I suppose that it goes without saying, then, that one of the top concerns for enterprises and their IT (and security) departments is the security of mobile devices, apps, and data. In most of the articles and reports outlining the top security or cybersecurity threats facing enterprises in 2015, mobility and security, in some form, can be found in the top 5 threats. Everything from securing Bring Your Own Device (BYOD) initiatives, to ever-increasing and more sophisticated mobile malware, to hackers exploiting mobile devices to steal data, credentials, and even accessing cloud- and SaaS-based apps from an exploited mobile device can be found on the list of top security threats of 2015. It’s the same old song and dance: Mobility – mobile devices, mobile access, a mobile workforce, BYOD – is scary and can be dangerous. I bet we can all agree on that, too. But, is it mobility itself that is a threat waiting to happen for an enterprise? Or, is it their mobile user that is the problem? Well, according to a recent survey, one of the biggest problems identified are employees, believe it or not! According to the “2015 State of the Endpoint Report: User-Centric Risk”, conducted and published by Ponemon Institute LLC (and sponsored by Lumension), the careless, apathetic, or disinterested employee with multiple mobile devices, who is working remotely while using commercial cloud apps is one of the greatest threats to enterprise security. The Ponemon study goes on to state that the greatest increase in potential security risk to the IT environment are mobile devices, such as smart phones (80 percent of respondents); 42 percent of respondents claim that mobile, remote employees pose the greatest risk to security. Listed among the top threats to security in an organization, after negligent or careless employees, was the increase in personal devices being connected to their network, or BYOD; employees using commercial cloud apps at work; the number of employees using multiple mobile devices – many of those device not being secure – while at work; more stealthy, hard to detect malware; and employees working remotely over insecure wireless connections. Those issues certainly sound like a recipe for a disastrous hack and loss of data, don’t they? So, how can an enterprise today ensure that their mobile employees who are disinterested, disengaged, and uncaring about security are able to connect to their network and applications – wherever they may reside – over just about any wireless connection, from virtually any mobile device simply and securely, while simultaneously ensuring the security of the device, too? Why, by taking the entire security decision out of their hands, of course! F5’s enterprise mobility gateway solution combines the core components of market-leading enterprise mobility management products, such as AirWatch by VMware, with the mobile access capabilities of F5’s Edge Client and the granular, secure, contextual identity and access management at the network level from F5 BIG-IP APM, to deliver fast, automatic security for the user’s device and connection, and secure, appropriate access to corporate application wherever they are located. F5 can enable full device, L3 – L7 VPN; VPN access only to virtual applications via a virtual desktop interface, or VDI; or per-app VPN, all based on dynamic, context-aware access policies, centralized in a single policy server and engine, and created and managed using a GUI-based, drag-and-drop editor, F5’s Visual Policy Editor. By integrating BIG-IP APM with market-leading EMM solutions, like AirWatch by VMware, enterprises can benefit from policy-driven mobile device management and security, as well as the ability to enable integrated, seamless access from select, identified mobile and web-based apps, as well as specific URLs and web pages, to the organization’s resources without user intervention. The user doesn’t have to open or touch anything. Their VPN access in engaged as soon as they open a mobile or web app, or web page defined by their corporation as requiring per-app VPN access. Fast, secure, and automatic. No user muss, no user fuss. And, with BIG-IP APM’s identity federation capabilities, user productivity can be enhanced, since users may be allowed to enter their secure credentials once, and maintain access to networked and cloud-based apps. BIG-IP APM and leading EMM solutions such as AirWatch by VMware also integrate at the policy level, enabling contextual mobile device and access policies, defined by user, device, location, time, and more. So, if a user is attempting network access over a network known to be sketchy, they may be limited to access only applications on their virtual desktop. Or, if the EMM solution determines that the user’s mobile device does not meet security policy defined by the enterprise, their access may be limited. Or, if they are attempting to access sensitive networked or cloud-based applications from an unusual location, they can be asked for additional layers of authentication. By integrating F5’s powerful, secure, multi-faceted BIG-IP APM with leading EMM vendor solutions, such as AirWatch by VMware, enterprises can ensure a fast, simple, enhanced mobile experience for their users, while ensuring that their users really don’t have to know – or even care – about security, because it is just secure and works.Why Spanish Cuisine is Like the New Mobile Service Provider Business Model
#MWC15 I enjoy coming to Barcelona every year for Mobile World Congress. On one hand, the show is overwhelming with the number of attendees and back to back meetings I have when I am here. But on the other hand, I get to experience and enjoy the great cuisine in this city. I always like to try new foods and see what the local cuisine is like no matter how odd it may seem to my sensibilities (stinky tofu, anyone?). Of course, one of the staples of the restaurants in this part of the world is tapas. Tapas are appetizers or fingerfood served in restaurants in small portions. It is common to order a dozen different tapas dishes for a group of people. There is often a large selection of tapas dishes offered at a restaurant. I have seen over 50 on a single menu at some places. Just like the tapas restaurants in Barcelona, mobile service providers need to customize and cater to their subscribers’ differing interests. As mobile service providers adjust to their subscribers using more data with faster 4G LTE networks and less voice, they need to shift their revenue models to focus on delivering data-related services. The service provider wants to offer value added services that enhance the customer experience at a small premium. Not everyone will want the same service and the customer needs the ability to be selective and pick and choose what is right for their usage pattern. In some cases, the subscriber might sign up for an anti-spam/anti-virus scanning service to secure and protect their communications and devices. Other subscribers could sign up for a parental controls service for their dependents to prevent the viewing of undesirable content. The types of services that the mobile operator will offer can be as varied and numerous as the tapas dishes offered in the restaurant. The services that a subscriber signs up for can be delivered within the service chaining architecture being developed to maximize the efficiency of the mobile operator’s network and value added services. The important point is that the service provider needs to offer a wide range of services to allow the subscriber to customize and optimize their individual service. These services need do be delivered with small premiums for the total package to make the value of the entire mobile service feel reasonably priced. This model will allow the service provider to enhance the subscriber quality of experience through specific functions and individualization while providing a renewing and expanding revenue stream to replace the dwindling voice revenues. Tapas restaurants are fun because I can customize my dining experience with foods I like in conjunction with foods I am interested in trying without overwhelming my budget or appetite. Premium value added services will deliver the same experience for the subscribers from their mobile network operators. Buen provecho!Why Getting to Mobile World Congress needs TCP Optimization
#MWC15 I just arrived in Barcelona for Mobile World Congress, the premiere mobile industry event. This year, they expect up to 100,000 exhibitors and customers to attend the event, up from over 70,000 last year. I took three flights taking over 18 hours to get here. My flights were packed with other attendees all trying to get here like me. I had a significant delay at one point because they had to change the actual plane we were supposed to be flying on. There were long lines and it took quite a while to get through some of the lines for the plane, passport control, and getting my show badge. Every time, the system was not designed to handle such a large influx of people going through the system, and every time, I was delayed getting the expected service and reaching my final destination. This is much like our need for TCP optimization technologies on the Internet. Service providers have to manage congested networks due to seen (large scheduled events) and unforeseen (natural disasters and malfunctions) conditions. During these situations, they need to find ways to still deliver a quality service to their customers. Calls still need to be made. Application still need to update efficiently and in a timely manner. Currently, many service providers use technologies like video optimization and caching to maintain a high quality of experience for their customers. Unfortunately, these technologies may not be ideal as the Internet evolves. Traffic is growing at a high rate with the general availability of 4G LTE networks and 5G is around the corner. In addition, encrypted traffic is on the rise, increasing over four-fold in Europe in the past year because of security and privacy concerns. These solutions must see the content to be effective and the encryption prevents their use. TCP optimization, on the other hand, leverages the TCP protocol and does not depend on applications or content. It is designed to improve the flow of traffic through adjustments to the TCP protocol parameters based on expected and observed network conditions. This means that the flow from an application on the Internet to the subscriber can be optimized on one side for the low latency high speed characteristics of the Internet and given a different set of parameters based on high latency and slower access networks like cellular radios. The TCP optimization technology manages the optimal delivery of the content by acting as a TCP proxy to handle both sides of the connection separately. If I were able to somehow apply this technology to my trip to Barcelona and manage the flow of 100,000 people through the week-long event, it would feel like I got 120% increased efficiency (based on real improvements to content delivery over live wireless networks) out of my efforts surrounding this show. If you are interested in hearing more about TCP Optimization, please view our new Reference Architecture on our website or come visit our booth at MWC located at Hall 5, Booth G11
