NEC Corporation of America
As we looked over the more than 130 entries we received for the Best of Interop Awards, we noticed the continuation of last year's trend toward better management products. As always, the simpler things look on the surface, the more work is required behind the scenes. Virtualized and cloud resources can deliver on their promise of faster and more responsive computing and storage only if IT has effective controls to track those dynamic resources--a need that winners such as V3, Citrix, Cisco, and Panzura fill. Likewise, the demand for mobile data access is creating new management problems for IT teams, and winners like Alcatel-Lucent, McAfee, and Cloudpath Networks bring new ideas to mobile.
Picking the "best" product at Interop is always a challenge, and narrowing down our choice for 2012 was no exception. After much discussion, our executive judging team decided that the very first enterprise-class, OpenFlow-compliant network controller--the ProgrammableFlow PF6800 Controller from NEC--delivered the innovation, insight, and advanced thinking expected of a Best of Interop Grand Prize Winner.
The relevance of the PF6800 lies in the growing interest in software-defined networking (SDN), which has the potential to dramatically change networking strategies. Even though Ethernet itself is an open standard, the control plane for switching is not. That means network administrators are pretty much limited by the proprietary management options provided by their hardware vendors.
The key goal of the SDN movement is to upend the network management status quo by abstracting the control plane from the networking hardware, using an open standard like OpenFlow for network control. Doing this has the potential to make networks far more vendor-agnostic, while at the same time modernizing the network definition process, improving visibility, and increasing network performance. But SDN must meet those goals without sacrificing the reliability expected of large networking environments.
The key to a reliable SDN lies in a quality network controller, and the NEC ProgrammableFlow PF6800 Controller is the first generally available, OpenFlow 1.0.0-based network controller, making it feasible to take SDN out of the test lab and into production. OpenFlow is just a few years old, but some big names in the industry, including Google, are already touting SDN's potential, so it's worth more than a passing glance. It takes a company like NEC, with the courage and commitment to introduce enterprise-class products, to give SDN a chance to prove itself in the very difficult and challenging enterprise IT environment.
Of course, there's still a lot of work to be done, and you'll have to do your own research on whether SDNs make sense in your IT operation. But you might someday look back with nostalgia at 2012 as the time when network management started to change forever.
Now, dig into details on the Best of Interop winners in nine categories, with analysis from each of the judging teams. --Steven Hill, Best of Interop lead judge
Judges: Andrew Conry-Murray (InformationWeek), Steven Hill (Interop)
In a Virtual Desktop Infrastructure (VDI), individual PCs and laptops are replaced by virtual desktops that are streamed to the users from a set of servers in a data center. Groups of identical desktop images, called "pools," are generated from a single master image or a small set of master images and deployed to users. IT organizations adopt VDI for a variety of reasons, including reducing the management burden (having to maintain only a small number of images, rather than any number of OS configurations and versions found among traditional PCs.)
While server virtualization now dominates the data center, VDI has yet to make as large an impact, since its return on investment isn't nearly as clear. That said, virtual desktops are making their way into more IT operations: 11% of organizations have an extensive VDI deployment, while another 33% have limited use of VDI, according to InformationWeek's 2011 Virtualization Management Survey. Beyond the economics, another reason VDI hasn't swept away traditional desktops is availability--if a VDI server fails, all the desktops in that pool go down, too.
Startup V3 Systems aims to tackle that problem with its V3 Optimized Desktop Allocation. V3 works with VMware's View to provide virtual desktops to users via V3's purpose-built hardware appliances. The V3 Optimized Desktop Allocation (ODA) product is designed to identify when an appliance fails and move any affected virtual desktops to another appliance. When the V3 ODA detects the appliance failure, it alerts an administrator, who can then create a new pool or opt to connect to a standby pool. It then communicates with VMware View to create the pool and provision the users' desktop environments, with the ultimate goal being to minimize end user disruption.
One big limitation: ODA works only with V3 appliances in a VMware environment. The product was announced at Interop and is available immediately. --Andrew Conry-Murray
Judges: Charles Babcock (InformationWeek), Matt Vogt
Desktop virtualization has lagged far behind the server virtualization wave that's swept over data centers. Brave virtualization advocates who've proposed virtualizing desktops have often found themselves floundering. Suspicious end users are often disappointed by performance. Employees want a personalized desktop, they want to access work files on mobile devices as well as laptops, and their storage requirements are growing. IT has been severely challenged with managing that load, especially given that any failures in delivering a desktop environment mean end user rebellion.
For years, Citrix Systems has attacked each of these problems from its position as an expert in the area of virtualizing and managing end-user computing. It developed protocols for delivering rich content to end users, regardless of the nature of the device. It developed a thin hypervisor for disconnected laptops. It produced Citrix Receiver, the universal client framework for any device's virtual desktop.
Citrix's leading products include XenDesktop for basic end-user provisioning, XenApp for application virtualization, and XenClient for the mobile desktop. Now it has rolled these features into one product with simplified administration, without crimping on features: VDI-in-a-Box.
Citrix VDI-in-a-Box provides the software needed to provision, manage, and personalize a set of virtual desktops. It also includes its own server management functions so that provisioning capacity can grow with the size of the end-user group. A version of Receiver geared for Macs, iPads, Intel laptops, Wyse (Dell) thin clients, and many Android devices comes with VDI-in-a-Box. Another plus: It isn't restricted to Citrix's hypervisor. It works with Microsoft's Hyper-V and VMware's ESXi hypervisors as well. --Charles Babcock
Judges: Eric Krapf (No Jitter), Michael Healey (Yeoman Technologies)
Alcatel-Lucent's new OpenTouch Conversation advances enterprise collaboration by providing an intuitive user interface that effectively incorporates multiple communications media. The product's "Conversation Wall" feature offers a particularly useful way for employees to track their communications with those who are their most frequent collaborators, streamlining the process of teamwork across communications networks. The Best of Interop Collaboration judges found OpenTouch Conversation to be a good example of the new breed of workplace tools that rival consumer interfaces for ease of use and pleasing design.
Beneath the covers of the easy-to-use drag-and-drop interface, OpenTouch Conversation supports the industry standards and technologies that form the basis of next-generation enterprise communications. The product's basis in SIP (Session Initiation Protocol) lets users move easily among voice, video, and instant messaging. It also adds white-boarding and other useful collaboration functions.
With the growing importance of mobility, OpenTouch Conversation's ability to run on tablets and smartphones in addition to desktop PCs and Macs ensures that a company can deploy this interface to a wide range of users in virtually any collaboration scenario--mobile, remote, or traditional office-based. The look and feel is the same across all the devices--a useful factor when multiple devices are the norm. Overall, we found OpenTouch Conversation to be an intuitive, flexible tool for enabling collaboration within the enterprise. --Eric Krapf
Judges: Howard Marks (Deepstorage.net), Scott Lowe (The 1610 Group)
A single Panzura Quicksilver appliance is a cloud storage gateway providing a cached file system that serves as a front end to public or private cloud storage systems, from Amplidata to Amazon's S3. That's handy, but things really get interesting when an IT organization uses multiple Quicksilver appliances to create a global distributed file system with cloud storage as its back end.
To accomplish this, data in one of the company's Global Cloud Storage System is encrypted and globally deduplicated at each appliance, reducing the security risks of using public cloud storage for sensitive data and minimizing the monthly cost. In fact, Quicksilver hits three of this year's hot storage trends: data de-duplication, solid state drive-based storage, and, of course, cloud capabilities.
Users and applications in locations worldwide can then access data through their local appliances via SMB and NFS storage protocols as if they were file servers. That gives users access to all the data stored on any of the organization's appliances through a single name space. The appliances, which can be virtual servers in small branch offices or physical appliances with up to 324TB of solid state and spinning disks, exchange metadata updates in real time so files are available across the global network immediately.
Once in place, Quicksilver is designed to provide a globally deduplicated store, to reduce backup requirements, as well as a single global file store for a company's files. This unified storage environment can then span many sites and automatically tier data from flash to cloud as needed. In addition, the metadata exchange methodology supports key features like global file locking, which offers NAS-like protection to ensure the integrity of shared data.
While Panzura's Quicksilver is our winner, the other finalists gave it a run for its money. Riverbed's Granite extends the reach of WAN acceleration to block-based and write-intensive applications by providing an iSCSI appliance for the remote office. Granite not only caches data, but unlike traditional WAN acceleration products (including Riverbed's own Steelhead), it keeps providing storage for remote users even if the WAN link is down. Newcomer Ceph, on the other hand, promises to be the storage "god box" that creates an almost infinitely scalable object storage back end, supporting updates in place through both file and block storage interfaces. But while Ceph shows tremendous promise, it is for now an open-source project that still needs validation in production environments. --Howard Marks
NEC Corporation of America
Judges: Steven Hill (Interop), Andrew Conry-Murray (InformationWeek)
2012 was a big year for the Management, Monitoring, and Testing category, with almost 40 high-quality entries. But this year's winner is unique in that there's nothing comparable on the market today. As mentioned in the Best of Interop Grand Prize category, the PF6800 ProgrammableFlow Controller from NEC stands alone as the first commercial OpenFlow network controller to advance beyond an open-source project in the software defined network (SDN) movement. The PF6800 is an important first.
OpenFlow networks require a master controller to orchestrate the network environment, and as of now the NEC PF6800 ProgrammableFlow is the only controller you can buy. Being the first at anything paints a huge target on your back, so NEC deserves a lot of credit for taking OpenFlow out of the lab and into the real world. The open-source controllers out there may be a good starting point for testing and development purposes, but most companies want a product with a vendor--and the accompanying technical support--behind it before they'll trust production loads to such an important role. NEC offers the PF6800 controller as an appliance or as a software product that can run on your server hardware of choice. This can be important for companies that prefer to minimize their hardware footprint.
There were other strong MM&T finalists: Riverbed's Virtual Cascade Shark offers an excellent tool to provide analytics and visibility into virtual switches in VMware's ESXi hypervisor. And Net Optics' Spyke appliance provides detail about every single network transaction you could want, plus root-cause analysis capabilities for problem resolution at a price that's viable for smaller businesses as well as large enterprises. But it's hard to beat something as groundbreaking as the NEC PF6800 ProgrammableFlow Controller.
The PF6800 is based on the OpenFlow 1.0.0 standards published by the Open Networking Foundation, making it the only commercial controller that's cross-functional with products from dozens of OpenFlow-based networking companies. The promise of SDN--making deployment of network capacity as quick and easy as launching a virtual server--is appealing. New competition is good for the industry and will hopefully spur innovation. --Steven Hill
Judges: Kurt Marko (InformationWeek), Greg Ferro (Ethereal Mind)
18 products vied for honors as the best piece of network gear this year, ranging from offerings from the industry's heavyweights to innovative products and technologies from small startups.
This year's giant-slayer and category winner is Gnodal's 2RU, 72-port, 40-gigabit Ethernet (GbE) switch, the GS0072. Founded just five years ago, Gnodal is a small startup based in Bristol, U.K., far from the Silicon Valley hub of the network industry. The company made its Interop debut in 2011 with a line of 1U 10- and 40-GbE switches, each using a single instance of its custom Peta switch ASIC. This year, Gnodal pushed ASIC integration to new heights by incorporating 12 of its Peta chips into a single chassis, effectively creating a self-contained, fully redundant 40-GbE fabric-in-a-switch--what CEO Fred Homewood calls a "fat tree in a box."
The GS0072 couples 12-switch ASICs, each of which acts as a non-blocking crossbar to all ports, into a "Gnodal fabric" with almost 7 Tbps of throughput. That means the GS0072 isn't just an extremely fast 40 GbE switch, with latency as low as 282ns, but also the perfect fabric backplane for Gnodal's 10-GbE ToR edge device, the 72-port GS7200. Because Gnodal-to-Gnodal switch processing is handled within the ASIC hardware, latency between any node in a leaf-spine mesh, which can scale out to as many as 4896 ports, is less than 500ns. Other features automatically implemented in the Gnodal control plane include dynamic load balancing and distributed, inter-switch packet fairness. In sum, the GS0072 puts the most 40-gigabit port into a single low-latency switch yet, while its Layer 2 fabric features actually deliver what other vendors have long been talking about.
There were other strong finalists in the Networking category. The Mellanox SX1024 packs 60 ports in a 48x10 GbE, 12x40 GbE 1U package that makes it an electronic and mechanical tour de force. A follow-up to last year's Best of Interop finalist (the 40-gigabit SX1036) that uses the same proprietary SwitchX silicon, the SX1024 makes the perfect edge companion. Pairing them in a 2-by-8 fat tree provides 288 non-blocking 10-GbE ports with 750ns maximum latency while burning only 1100 Watts.
Another finalist, the PLX TeraPHY TN8045, confirms the effect merchant silicon is having on the switching market. But unlike the proprietary Peta or SwitchX chips, PLX has its sights firmly on the open market. The PLX TeraPHY TN8045 is a quad-port 10GBASE-T (copper) PHY with 10GBase-KR backplane interface to an Ethernet switch or Mac device in a low-cost ($82), high-density (25x25mm) package. It's a device destined to bring on a new generation of inexpensive 10-gigabit switches and multi-port interface cards. --Kurt Marko
Judges: Mike Fratto (Network Computing), Don Magrogan (Fusion PPT)
Cisco AppNav technology intelligently clusters Cisco's Wide Area Application Services (WAAS) physical and virtual appliances into a single resource pool managed by a central controller. AppNav can be installed on existing Cisco Wide Area Virtualization Engine (WAVE) appliances and ASR routers. Cisco plans to add more devices in the future.
AppNav adds more than just centralized management. Cisco's WAAS Central Manager could manage and report on multiple WAAS instances through a single management server, allowing administrators to configure, set policy, and monitor WAAS appliances. AppNav goes beyond mere central management by clustering the WAAS instances into a single pool of resources. The AppNav cluster is a single, virtualized and distributed WAVE appliance.
Up to 8 AppNavs can be clustered for high availability, and any WAAS appliance running the current version can be included into an AppNav cluster. Incoming flows can be automatically redirected to the appropriate WAAS physical or virtual appliance. WAAS appliances can be clustered regardless of location within a data center, across data centers, or even in a cloud environment. AppNav synchronizes flow state across the WAAS appliances, providing stateful fail-over should a WAAS appliance fail.
AppNav also provides seamless scaling of WAAS resources, letting IT admins add or remove appliances as needed. When a new appliance is added to the cluster, AppNav begins to use it for application optimization. If an appliance is removed, the flows going to it are migrated elsewhere. All WAAS functionality, such as policy definition and multi-tenancy, are maintained centrally.
AppNav's features are very similar to the new clustering features in Citrix Netscalar 10, but AppNav offers more deployment options. Regardless, the new clustering options in both products are worth examining. Riverbed's Steelhead Cloud Accelerator was also a strong contender in this category, but lack of support in Steelhead Mobile knocked it out of the running. --Mike Fratto
Judges: Tim Wilson (Dark Reading), Andrew Braunberg (Current Analysis)
Intrusion prevention systems (IPS) are at a crossroads. In most cases, these products are built around older technology that is signature-based, slow to process, and data-center focused. Our winner in the Best of Interop Security category is rolling out a next-generation IPS that addresses all of these limitations.
The McAfee Network Security Platform XC Cluster operates at 80 Gbps, which is much faster--by one estimate, two to four times faster--than existing IPS options. It also offers granular multi-tenancy options that are purpose-built for cloud and service provider environments. It offers up to 1,000 virtual IPS policies per appliance, with granular policy control in each, making it capable of operating in even the largest provider environments.
The NSP XC Cluster supports a huge database of known attacks, including hundreds of signatures specific to mobile threats, but it also can detect and alert users on zero-day threats and previously unseen exploits. It offers correlated threat alerts with mobile numbers, and it can email mobile users to alert them of potential threats on their phones.
The product also offers security capabilities for cloud and virtual environments. For example, its IntegrationVMware vShield APIs offer native inspection of virtual environments, regardless of whether the environment is a public or private cloud.
Unlike older IPS technology that relies solely on signatures, McAfee is extending its IPS capabilities with new Network Threat Behavior Analysis capabilities that help identify potential threats that might not have been seen before. The new product also leverages network flow data, including layer 7 information to give context to IPS threats. --Tim Wilson
Judges: Mike Finneran (dBrn Associates), Grant Moerschel (Wavegard)
XpressConnect helps IT more efficiently get employees started on secure Wi-Fi networks by using self-service mechanisms. With the growing move to bring your own device (BYOD) policies and the increasing number of Wi-Fi enabled smartphones and tablets in companies, IT departments are often overtaxed when helping employees connect to the wireless LAN.
During provisioning, Xpress Connect presents a single signup page through which users identify themselves as an employee with a corporate device, an employee with a personal device, a visitor, or a business partner or contractor. Each user's role and the device's trust level determine the access allowed. For example, an employee with a personal device might receive limited access to network resources and less bandwidth than an employee with a company-owned device.
Using dissolvable enrollment agents, Cloudpath's solution can onboard a variety of client platforms, such as Windows, iOS, and Android. It can take these devices from an open, enrollment WLAN--or a 3G/4G network--to a more secure WLAN, based entirely upon digital certificates like EAP-TLS or other authentication and encryption mechanisms, including EAP-PEAP and EAP-TTLS. For user authentication, XpressConnect works with Active Directory, LDAP, OTP, and OAuth-compliant services such as Facebook and LinkedIn. XpressConnect can act as a certificate authority for visitors and personal devices covered under BYOD policies, or it can interact directly with your Certificate Authority should you wish to push device certificates through it. The device certificate issued can have a specified expiration date so that the device automatically retires after a specified period.
Cloudpath's software found early acceptance in university environments, where many students were bringing their own devices and IT needed a way to connect them in a streamlined fashion. The company is now moving beyond its university base to cable companies, retailers, and other organizations that operate large-scale Wi-Fi networks, and it's looking at how its technology might be used in connection with customer loyalty plans. Because XpressConnect helps solve the thorny problem of auto-enrolling non-domain devices into the secure WLAN infrastructure while discerning among different user and device classes, it's worth a close look. --Mike Finneran