April 13, 2014

Diffusion of Innovations - economics of SDN NFV

Martin Casado spoke at the NetEvents Cloud Innovation Summit keynote on March 27th, 2014 about “How the Hypervisor Can Become a Horizontal Security Layer in the Data Center”. Alan Weissberger has a great blog post on Martin’s talk here: http://ht.ly/vJZZO

Security will never be the same again.  It’s a losing battle. 40% of SDN adopters paying money for SDN network virtualization are doing it for a security use case implementing micro-segments on a per app basis overcoming the traditional limits of vlans and hard wired firewall policies.

One of the main take aways I liked from Martin’s talk was his “Technology Adoption Curve” showing the five steps for any new data center concept. This is what a typical CIO is now going through when learning about Virtualization, Cloud, SDN, and now NFV on their path to the SDDC.

  1. Science Fiction
  2. Plausible
  3. Let the crazies go first
  4. Help me understand
  5. Get me into production

When researching for this post I found that this is related to the economic theory “Diffusion of Innovations” and the “Logistics Function”.

I wonder - where are you now in this adoption curve?  What category is your organization in:

  • innovator - willing to take risks with financial resources help absorb failure
  • early adopter -  new technology will help them stay competitive
  • early majority - above average social status yet lack opinion leadership
  • late majority - typically skeptical about innovation
  • laggard - aversion to change and focused on tradition

With successive groups of consumers adopting a new technology (shown in blue), its market share (yellow) will eventually reach the saturation level. In mathematics the S curve is known as the logistic function.

A logistic function or logistic curve is a common special case of the more general sigmoid function, with equation:

f(x) = \frac{1}{1 + \mathrm e^{-x}}

where e is Euler’s number (approximately equal to 2.71828). For values of x in the range of real numbers from −∞ to +∞, the S-curve shown above is obtained.

The logistic function can be used to illustrate the progress of the diffusion of an innovation through its life cycle. Historically, when new products are introduced there is an intense amount of research and development which leads to dramatic improvements in quality and reductions in cost. This leads to a period of rapid industry growth. Some of the more famous examples are: railroads, incandescent light bulbs, electrification, the Ford Model T, air travel and computers. Eventually, dramatic improvement and cost reduction opportunities are exhausted, the product or process are in widespread use with few remaining potential new customers, and markets become saturated.

Logistic analysis was used in papers by several researchers at the International Institute of Applied Systems Analysis (IIASA). These papers deal with the diffusion of various innovations, infrastructures and energy source substitutions and the role of work in the economy as well as with the long economic cycle. Long economic cycles were investigated by Robert Ayres (1989).[7] Cesare Marchetti published on long economic cycles and on diffusion of innovations.[8][9] Arnulf Grübler’s book (1990) gives a detailed account of the diffusion of infrastructures including canals, railroads, highways and airlines, showing that their diffusion followed logistic shaped curves.[10]

Carlota Perez used a logistic curve to illustrate the long (Kondratiev) business cycle with the following labels: beginning of a technological era as irruption, the ascent as frenzy, the rapid build out as synergy and the completion as maturity.[11]

Everett Rogers’ studies of technology diffusion have a direct application to the examination of Internet use.  He describes the time-phased movement of adoption and adaptation in terms of an “S-curve,” which describes a slow initial rise over time, followed by a more rapid acceleration and finally a slowing toward steady state. S curves show the rate of adoption for six technologies in the US, beginning with telephone, followed by radio, television, cable television, VCR, Personal Computers and Internet. Telephone rises slowly.  Radio, TV, VCR and Internet rise very steeply. TV seems to have risen fastest, and, like phones and radio, has achieved almost 100% diffusion.  (Internet is unlikely to achieve this 100% saturation as rapidly since about half the remaining non-users in the US have declared themselves uninterested in joining the Internet.)


April 11, 2014
vmxnet3 e1000 nic drivers vmware fusion

When you need the best network and cpu performance for a virtual machine it’s best to use the paravirtualized network interface drivers from VMware.  You can choose between the more compatible Intel e1000 or the faster VMware VMXNET3.

Just edit the VMX file for the VM. Make sure the VM is powered off first.

Find the line as shown below and edit as desired…
ethernet0.virtualDev = “vmxnet3”
#ethernet0.virtualDev = “e1000”

Verify the change with the LSHW command. Below I show the LSHW output for both the e1000 and the vmxnet3 drivers on a centos box.  Notice the vmxnet3 shows 10gbps and the e1000 is only 1gbps.

description: Ethernet interface
product: 82545EM Gigabit Ethernet Controller (Copper)
vendor: Intel Corporation
physical id: 3
bus info: pci@0000:02:03.0
logical name: eth0
version: 01
serial: 00:0c:29:0f:3f:c3
size: 1Gbit/s
capacity: 1Gbit/s
width: 64 bits
clock: 66MHz
capabilities: pm pcix bus_master cap_list rom ethernet physical logical tp 10bt 10bt-fd 100bt 100bt-fd 1000bt-fd autonegotiation
configuration: autonegotiation=on broadcast=yes driver=e1000 driverversion=7.3.21-k8-NAPI duplex=full ip= latency=0 link=yes mingnt=255 multicast=yes port=twisted pair speed=1Gbit/s
resources: irq:17 memory:fd5c0000-fd5dffff memory:fdff0000-fdffffff ioport:2000(size=64) memory:e7b00000-e7b0ffff(prefetchable)

description: Ethernet interface
product: VMXNET3 Ethernet Controller
vendor: VMware
physical id: 0
bus info: pci@0000:03:00.0
logical name: eth0
version: 01
serial: 00:0c:29:0f:3f:c3
size: 10Gbit/s
width: 32 bits
clock: 33MHz
capabilities: pm pciexpress msi msix bus_master cap_list rom ethernet physical logical tp 1000bt-fd
configuration: autonegotiation=off broadcast=yes driver=vmxnet3 driverversion= duplex=full ip= latency=0 link=yes multicast=yes port=twisted pair speed=10Gbit/s
resources: irq:18 memory:fd4fb000-fd4fbfff memory:fd4fc000-fd4fcfff memory:fd4fe000-fd4fffff ioport:4000(size=16) memory:e7a00000-e7a0ffff(prefetchable)

April 8, 2014

This pug dog hangs out on the Alameda near Rosie’s Pizza. 

March 30, 2014
How to Post to Facebook, Twitter, and Google+ at the Same Time

March 27, 2014
Fortinet Launches FortiGate Security on Amazon Web Services AWS

About Fortinet Inc.
Fortinet (NASDAQ: FTNT) is a worldwide provider of network security appliances and a market leader in unified threat management (UTM). Our products and subscription services provide broad, integrated and high-performance protection against dynamic security threats while simplifying the IT security infrastructure. Our customers include enterprises, service providers and government entities worldwide, including the majority of the 2011 Fortune Global 100. Fortinet is headquartered in Sunnyvale, Calif., with offices around the world.

Fortinet Inc.

Fortinet Inc. Products (4)
Fortinet FortiWeb-VM | Version v5.0 | Sold by Fortinet Inc.
Bring Your Own License + AWS usage fees
The FortiWeb Web Application Firewall provides specialized, layered application threat protection for medium and large enterprises, application service providers, and SaaS providers. FortiWeb web application firewall protects your web-based applications and internet-facing data from attack and data loss. Using advanced techniques to provide bidirectional protection against malicious sources, application layer DoS attacks and sophisticated threats like SQL injection and Cross-site scripting, FortiWeb platforms help you prevent identity theft, financial fraud and denial of service. It delivers the technology you need to monitor and enforce government regulations, industry best practices, and internal policies.
Linux/Unix, Other v5.0 | 64-bit Amazon Machine Image (AMI)
Fortinet FortiManager-VM | Version v5.0.4 | Sold by Fortinet Inc.
FortiManager Security Management appliances allow you to centrally manage any number of Fortinet Network Security devices, from several to thousands, including FortiGate, FortiWiFi, and FortiCarrier. Network administrators can better control their network by logically grouping devices into administrative domains (ADOMs), efficiently applying policies and distributing content security/firmware updates. FortiManager is one of several versatile Network Security Management Products that provide a diversity of deployment types, growth flexibility, advanced customization through APIs and simple licensing.
Bring Your Own License + AWS usage fees
Linux/Unix, Other v5.0.4 | 64-bit Amazon Machine Image (AMI)
FortiGate-VM | Version v5.0.5 | Sold by Fortinet Inc.
FortiGate virtual appliances allow you to mitigate blind spots and improve policy compliance by implementing critical security controls within your virtual infrastructure. FortiGate virtual appliances include all of the security and networking services common to FortiGate physical appliances, giving you the freedom to deploy a centrally managed mix of physical and virtual appliances.
Bring Your Own License + AWS usage fees
Linux/Unix, Other v5.0.5 | 64-bit Amazon Machine Image (AMI)
Fortinet FortiAnalyzer-VM | Version v5.0.4 | Sold by Fortinet Inc.
Bring Your Own License + AWS usage fees
FortiAnalyzer Network Security Logging, Analysis, and Reporting Appliances securely aggregate log data from Fortinet Security Appliances. A comprehensive suite of easily customable reports allows you to quickly analyze and visualize network threats, inefficiencies and usage. FortiAnalyzer is one of several versatile Fortinet Management Products that provide a diversity of deployment types, growth flexibility, advanced customization through APIs and simple licensing.
Linux/Unix, Other v5.0.4 | 64-bit Amazon Machine Image (AMI)

SUNNYVALE, CA, Mar 26, 2014 (Marketwired via COMTEX) — Fortinet(R) FTNT +0.05% — a world leader in high-performance network security — today announced that the company’s flagship award-winning FortiGate(R) security platform is now available on Amazon Web Services (AWS), a division of Amazon.com, Inc., in the AWS Marketplace. The company will be demonstrating the FortiGate-VM at the AWS Summit 2014 (Booth # 120), taking place on March 26 in San Francisco, California.

FortiGate-VM is strategically designed to help customers better mitigate potential blind spots by implementing critical network security controls including bi-directional stateful firewalling, intrusion prevention and VPN within their virtual private cloud (VPC). Today’s announcement marks the fourth Fortinet security solution available on AWS.

Last year, the company announced the availability of FortiManager-VM and FortiAnalyzer-VM on AWS, which enable customers to deploy security management and reporting to all FortiGate and FortiGate-VM security technologies running at the edge, in internal networks, at remote offices, within core data centers or deployed in the cloud. And they’re able to do it from a single, centralized management platform. In 2012, the company released FortiWeb-VM for Web application security, which helps secure Web applications and meet compliance requirements.

"Our unique and innovative business model delivers a secure and reliable payment model that helps prevent fraud for our customers and their loved ones," said James Burns, director of security for True Link Financial. "Since we had already invested in Fortinet security solutions for our corporate network, when it came to processing credit card and other financial transactions securely in our data center, we were confident we could rely on FortiGate-VM on AWS to provide protection, performance and encrypted communications for our mission-critical services."

"We are pleased to see Fortinet continuing to expand its offerings on AWS through AWS Marketplace with their FortiGate platform," said Brian Matsubara, Head of Global Technology Alliances, Amazon Web Services, Inc. "By bringing their security platform to AWS, Fortinet is providing scalable network security controls to customers around the world."

Fortinet Virtual Appliance Advantage FortiGate virtual appliances and virtual domains enable the deployment of consolidated network security to protect virtual infrastructure and increase visibility and control over communications within virtualized and multi-tenant cloud environments, particularly in scenarios where it is not feasible to deploy dedicated hardware.

Flexible and Scalable Fortinet virtual appliances can scale quickly to meet demand and protect intra-virtual machine communications by implementing critical security controls.

FortiGate security appliances have won numerous awards and recognition, including multiple NSS Labs’ Recommended ratings and SC Magazine Awards for Best Network Security Solution and Best Integrated Security Solution. FortiGate-VM virtual appliances feature all of the security and networking services common to traditional hardware-based FortiGate appliances, including government certifications. In September 2013, Fortinet announced FortiGate-VM earned Common Criteria EAL 4+ Certification for FortiOS 4.3-VM. The Common Criteria certification process is a third-party evaluation service for determining the trustworthiness of information technology security products, which is fundamentally important to the company’s enterprise and government customers.

Users can deploy a mix of hardware and virtual appliances in clouds and virtualized internal data centers, operating together and managed from a common centralized management platform. With increasing support for AWS environments, users deploying AWS instances into Amazon EC2 or Amazon VPC can maintain corporate standards for security and compliance in the cloud.

"AWS is a global leader in IT infrastructure services with many enterprise and government agencies utilizing its services. As such, it is essential that Fortinet provides the same enterprise class network security on the AWS cloud as we do for core and edge networks," said John Maddison, vice president of marketing for Fortinet. "We have a number of customers who have requested we port FortiGate-VM onto AWS, and we’re happy report that the technology is ready today."

Availability FortiGate-VM is currently available in the AWS Marketplace:


March 6, 2014
My vmsec blog, Virtual Machine Security, turned 5 today!

My vmsec blog, Virtual Machine Security, turned 5 today!

(Source: assets)

March 6, 2014
ONS2014 Keynote: John Donovan, Senior EVP, AT&T Technology & Network Operations

There will be a download bias in our capital expenditures. When you look at the profile of the technology 2014 is the year AT&T begins the beachhead projects which we extend the useful life of existing gear which starts the process this year in procurement. We’re taking engineering limits and redimensioning them which give us an impact this year. That affords us the opportunity to reinvest in the new platform. So underneath that broad level there are a ton of new things going in where extend and get benefits from the old. In 2015 we start to have platforms that were born in the highly distributed cloud (not a data center). AT&T is on a march down a path to move us conceptually and get us out of the data center mentally into 4600 data centers and central offices. This is what allows us to take advantage of our architecture. Then the microseconds of compromise that exist between the metal and the application will be overcome by the milliseconds avoided by having an extremely highly distributed fiber heavy very very fast network. So we expect those projects to start to come in in next year. This has a crescendo effect as we move our way through 2014 and into 2015.

Go to 36:24 to hear this question and John’s response live. 

When do you think you will see measurable tangible changes to the ATT business model from this transformation?


March 2, 2014
What’s a quaver? From Close Encounters of the Third Kind

An eighth note (in the US and Canada) or a quaver (other English-speaking countries) is a musical note played for one eighth the duration of whole note (US and Canada. Semibreve, or half a breve, other English-speaking countries), hence the name.

Eighth notes are notated with an oval, filled-in note head and a straight note stem with one flag note flag (see Figure 1). A related symbol is the eighth rest (or quaver rest), which denotes a silence for the same duration.

March 2, 2014
Reading List For "The Phoenix Project:" The DevOps Novel (Part 1) IT Revolution

kanban, pdca, kata, kaizen, lean, flow, interaction, automated test, special forces, coaching, training

February 27, 2014

Security is super tight at SFO today.  We just saw a woman get a liter bottle of water through security.  
Try to get your beer as carry-ons. :-)
It was just in her large carry-on bag and somehow security didn’t pick it out when it went through the scanner. She pulled it out when she was putting stuff back in the bag after going through the checkpoint and she said to them “oh my, I’m sorry. I didn’t mean to bring this through.” Then a TSA employee came over, took it from her and tossed it in the trash in front of her. 
If you try it with the beer, don’t tell them about it if they don’t find it. Learn from her mistakes. 

Liked posts on Tumblr: More liked posts »