Welcome to the Sentinel Blog!
We are proud to feature a carefully curated collection of articles and other content related to the most important technology topics of today and beyond. Our posts are composed and edited by Sentinel’s ALWAYS ENGAGED team of solutions architects, engineers, project managers and other subject matter experts.
Sentinel CTO Robert Keblusek on How XtremIO Can Change the Way You Do Business
XtremIO is an all-flash platform, and while it isn’t the only all-flash platform in Sentinel’s offerings, it is the most mature and offers advanced scale-out capabilities so customers experience the best resilience and scalability possible. Most platforms are positioned to deliver storage services for 3-5 years of life, but XtremIO has been designed to deliver an estimated 7 years of service. Because of the power efficiency, ease of use, amazing performance, powerful scale-out capabilities and high storage efficiency, this platform offers a tremendous overall total cost of ownership.
XtremIO is an excellent platform for the most demanding workloads, including high performance virtualization, enterprise applications such as ERP solutions, analytics, virtual desktops and much more. Workloads that demand nonstop activity will benefit from the integral high availability built into XtremIO, as well as the capacity to work with technology such as EMC VPLEX for active/active dual data center services. Because XtremIO works over both fiber channel and IP networks there are plenty of connectivity options to integrate XtremIO into the customer environment. In addition, XtremIO provides an excellent environment for application development environments with always-on storage efficiency, immediate copy capabilities, API integration and much more, bringing tremendous agility to the most demanding development environments and providing a great platform for DevOps initiatives.
Sentinel’s customers have experienced some unexpected benefits of XtremIO in both performance and storage efficiency. All-flash platforms are known for excellent performance, but all platforms are not created equally. XtremIO was designed with enterprise-tier resilience and reliability in mind to take on the most demanding enterprise applications. Customers are replacing very large enterprise-class traditional arrays with the XtremIO platform and realizing both availability and significant performance improvements.
In one case, a client of ours delivered an SAP ecommerce workload on a new XtremIO VSPEX solution we designed and integrated for this high growth application. The development team was running some normal operations on a hybrid traditional array, but when it stopped after less than 10 minutes they re-ran the operation assuming it had failed. Eventually they realized the operation was not failing but actually completing the task in that short period of time. The team was extremely impressed with the new performance and capabilities. It’s also a great example of how a test/dev team can increase the amount of testing they perform, so there’s less time spent waiting for processes to complete and more time spent improving application experiences. This has a tremendous return on investment that’s often overlooked up front when comparing storage platforms without engagement of the application development team.
In another test case, a customer described the performance of Sentinel’s CloudSelect® computing platform as “breathtaking.” The client was an independent software vendor, and before signing up for high growth services delivered through CloudSelect® they wanted to run some tests on our premium platform. In a matter of hours, our team was able to connect their cloud workloads to our platinum tier of services powered by EMC Vblock with XtremIO. What was breathtaking to the client was Sentinel’s ability to prove that their high performance MongoDB application was able to consistently realize 65,000 operations per second with over 1 million operations across 100 threads. They are currently moving these high performance MongoDB services to our CloudSelect® platinum tier in preparation for explosive growth.
Very few platforms today are designed to reduce storage use while delivering all of the performance, resilience and efficiency across an expected 7-year usable lifespan. This is what makes the overall total cost of ownership for XtremIO so incredible worthwhile. Three primary factors are used by XtremIO to make the best use of space while delivering a non-stop experience:
When sizing an environment, Sentinel does performance advisory assessments based on a number of factors. One of these compares the current customer data to the expected efficiencies that will be realized by XtremIO. In most cases, customers are expected to reach between 2x and 6x greater levels of efficiency. The amount of improvement will vary based on the existing platform capabilities. Some platforms only deliver portions of these services and efficiencies. Others might deliver them post-process after the storage has been written to the array. Very few offer these with limited to no performance impact in memory with an always-on architecture.
Sentinel recently replaced a large financial services customer’s legacy hybrid arrays with a new XtremIO platform. In preparation, Sentinel provided an advisory services assessment that determined the organization’s business functional requirements as well as data center and disaster recovery in-depth sizing for performance, storage space and growth. This large organization with many branch banks is expected to double in size over the next 5 years through mergers, acquisitions and other factors. Based on this assessment, XtremIO provided a 7-year plan that could exceed these growth projections for reliability, performance and scale.
Since the migration, the expected results from the advisory engagement have been realized. Below are some specific metrics measured before and after for comparison purposes. It is noteworthy that the migration also included consolidation and added new applications, which impacted the pre-migration to post-migration results. but the results are almost exactly on target to the advisory engagement expected results.
*Space Efficiency Summary*
+Savings from compression and deduplication were slightly lower than expected
+Savings from removal of zeros is higher than expected
+The overall efficiency improved by 4.8x, higher than the estimated 4.34x
+ Before: 26,043 IOPS from both arrays
After: 81,392 peak IOPS from XtremIO with capabilities for up to 300,000 IOPS
+Before: Latency of 10.63ms and 6.31ms from each array using the lowest 95% I/O
After: Average under 0.5ms latency including times of intense migration operations not adjusted for 95th percentile
+ Scalability to 16 units for space and performance growth
I would say that this customer’s experience is exceeding expectations as measured before and after XtremIO. At Sentinel we focus on Always Leading and not only meeting, but exceeding expectations. When I see results like this, I am proud of our performance and feel confident that we have installed a solution that delivers proven results and will allow our customer to grow their business without constraints. If you’d like to learn more about XtremIO and other Sentinel services, please contact us.
Sentinel CTO Robert Keblusek was also recently featured in an EMC partner video. You can watch that here.
An Introduction to Cisco Spark From Solutions Architect Jimmy Hanus
Cisco Spark is a complete collaboration service for businesses that enables your employees to message, meet, or call anyone, anywhere at any time.
**What is the Cisco Spark Platform?**
The Spark platform consists of 3 key components: Message, Meeting and Call. Its primary features include Persistent Chat, Document Sharing, Conferencing, Web and Video Conferencing, Video Rooms as well as Cisco Phones and Video Endpoints that register directly to the Cisco Collaboration Cloud.
Cisco Spark Messaging is a key part of the platform’s collaboration offering, which is supported on multiple devices including mobile, desktop or web app through your browser. Messaging starts with a virtual room which supports 1-on-1 or team collaboration. Users have the ability to create personal meeting rooms with the touch of a button. Persistent Messages are included by default, which also allows for file sharing within the virtual rooms.
Security is of the highest importance when transferring personal or sensitive data to a user or many users. Spark offers end-to-end encryption of content which includes messaging, files, voice and video. You also have the option to moderate room participants and content that is shared within the virtual room.
You can start a collaborative meeting with Spark by simply adding their name or email address within the room. It’s that simple! Unlimited virtual rooms give you the scalability to meet with everyone.
Users have the ability to start a video conference instantly with the touch of a button from any of your virtual rooms. Sharing content within the meeting enables better business alignment and can accelerate decision making.
Cisco Spark Meetings have revolutionized the way users communicate and collaborate with each other. They are WebEx powered, which means you benefit from all the features that WebEx offers today. You can schedule meetings with the click of a button from your mobile device or computer. Connect face-to-face with HD video & audio, and share content quickly and easily on any device from anywhere.
Spark offers room systems which are telepresence-enabled devices. This gives you the ability to bring a room full of people into a video conference. Cisco’s SX-10 device includes an integrated camera, codec and microphone. Pan/Tilt/Zoom, Remote Control, PoE and video stream of up to 1080p30. You can receive content on both your Spark mobile app and your room system to make sharing content from devices that much easier.
Using proximity technology, mobile devices and room systems are able to pair automatically. That means everything you can do on your Spark mobile app is controllable through your room system.
Make and move calls to and from the room system and your mobile device with the touch of a button. If you are ready to leave the meeting room but not ready to leave the call you can simply use the Spark app to drag the call to your local device. You also can choose whether you would like to hang up the call on the Spark room system or leave it active for another participant in the meeting.
Cisco Spark calling offers a couple different ways to make calling easier. Users can make calls with cloud PBX or through the hybrid service using an on premise PSTN. Cisco calling also supports voice and video with messaging integration. The new Spark Phone OS supports the latest generation of phones such as the 7800 and 8800 series phones. Video is available on the 8845 and 8865 phone models. Wideband codecs such as G722 are supported for high quality calls.
Basic features such as video calling, single number reach, call forwarding, call transfer, do not disturb and hold/resume are included with Spark. Auto-attendants, hunt groups, shared lines, video on hold, desk phone control, ad hoc conference and zero touch meeting are among the advanced features.
Device provisioning is simpler than ever with Spark. A unique QR code is generated for each phone. Video capable phones can simply hold the QR code in front of the camera to integrate the phone into the cloud automatically.
**Cisco Spark Hybrid Services**
Cisco allows customers to integrate on premise applications with those in the cloud. Some of these include Cisco Call Control, Microsoft Exchange and Microsoft Active Directory.
Directory Services – extends enterprise directory contacts to the cloud, for both Cisco UC & Spark customers
+ In sync cloud & premises directories – removing user from AD deactivates cloud service & removes user from all rooms and services.
+ Provides directory accuracy and consistency so users know who they are talking to.
+ Uses single sign-on to mandate company-approved passwords and help enforce corporate security standards.
+ Add people to Spark rooms from your company directory
+ Simple admin for AD and cloud services – one action to remove a departing user
+ Schedule meetings simply with anyone listed in your company directory, with certainty and confidence
Calendar Service - connects your calendars and enables meeting scheduling on the move, for both Cisco UC & Spark customers.
+ Schedule meetings from your mobile device’s calendar app or Microsoft Outlook / Outlook Web Access
+ Add @webex into the location field to add your WebEx details (your personal room to host the meeting)
+ Add @spark to create a Spark room for all invitees, allowing the conversation to start before the meeting
+ Schedule meeting from your mobile device simply and with no plugins
+ In one step, provide a place for your invitees to get to work and be more productive when it’s time to meet
+ Extend Spark service mobility to the entire enterprise UC system from any browser WebRTC-enabled real time communication (audio, video, data)
+ Calls & notifications without configuring call forwarding or having the app open - mobile push services
+ Move seamlessly between phones, devices, video room system - even WiFi-to-cellular connection
+ Make and receive voice and video calls from anywhere you have Internet access, simply and securely
+ Get notified when anything important happens - a call, a message, or a colleague posts the latest plan
+ Seamlessly transfer a call to where it suits you - a different device or a room, all with no interruption
+ Call any enterprise or PSTN number from Spark, and answer any inbound call with the Spark app
Call Service Connect – Cisco Spark & the enterprise phone system – so they behave as one. Your Spark app becomes an enterprise softphone.
+ Provides voice and video interoperability between Jabber and Spark
+ Use Jabber or Spark to call anyone without worrying about which you or the other person is using.
+ Be reached on Spark, Jabber or a desk phone. Choose to take the call on whichever suits you best at that moment.
+ Call company extensions, PSTN numbers, Spark-only users and even video bridge numbers
+ Dial from the Spark app as you would from your desk phone - call PSTN numbers via enterprise phone system
+ Start a call on a mobile device and hand off to a room system when you arrive
*Unified Call History*
Call Service Aware – makes Spark aware of calls passing through the entire enterprise UC system
+ Desk phone & Jabber call history is pushed into the cloud and made available across Spark service
+ When combined with Call Service Connect you can call people back from Spark easily
+ Convenient access to your call history regardless of device or app used
+ Quick and easy redial or call back of missed calls, from anywhere
+ Call history is made available in 1-on-1 Spark rooms along with messages & content - reminds you when you last spoke
*Easy Content Sharing*
Call Service Aware - makes Spark aware of calls passing through the entire enterprise UC system.
+ Place a call to another Spark user and the service automatically starts a meeting between the two of you
+ The meeting surfaces in the Spark app and you can click a single button to share your screen
+ When the call ends, so does the sharing session. There’s no need to close it out separately.
+ Once you start a call, you also start a meeting
+ Share content with a single click
+ Share your screen or send documents/messages in the Spark room in which the call is happening
Cisco Spark can fundamentally change the way your business operates, communicates and collaborates by enabling your efficiency and productivity to reach unprecedented levels. If you would like to learn more about Spark, please contact Sentinel.
Sentinel Perspectives: Cisco Live 2016
This past July, several members of the Sentinel team headed to Las Vegas for the annual Cisco Live conference. It presented an opportunity to learn more about Cisco and their products, as well as do some networking while having fun along the way. We asked some of our employees who attended to tell us a little bit about their experience.
*Matt LaSota, Director of Support Services Network and CloudSelect*
Cisco Live 2016 hosted in Las Vegas was yet another great learning event full of exciting speakers and breakout sessions to spark anyone’s interest, no pun intended. Cisco had a number of breakout sessions around ACI, security, UCS, and Spark to name a few. Cisco’s ACI solutions were discussed in deep technical detail to include extending ACI fabrics between sites which was a particular favorite. Cisco Live 2016 also came along with lots of great conversations with our customers, thank you to everyone who stopped by booth 2510 to chat! The event also brings some special meaning to myself, having passed the CCIE Data Center lab exam at the Las Vegas mobile lab on July 10th, making myself a 4xCCIE! Looking forward to Cisco Live 2017, back in Las Vegas, and all of the advancements and announcements another year will bring to our industry.
*Stephanie Fornarelli, Sales Executive*
So I had the privilege of going to Cisco Live once again this year and was so excited to see how much we have learned from the first one. Our booth was neat, simple, and informative. We had banners that kept our services simple, as well as a colorful PowerPoint going through various Sentinel slides to catch the eye. Our drone giveaway was a hit as well and helped with the initial approach to the booth in some cases. Emily, Alex, and myself worked hard to be out there in front of people and bring them in, answer questions, and find out what IT initiatives they have coming up that we can assist with. Our engineers as well as Bob Keblusek, Ryan Santry and Matt LaSota made it easy to elaborate on our services and were able to dive deeper into our technology which was a huge benefit. Our customer appreciation event at Tom’s Urban was fantastic. We had more people show up than last year and had a wonderful time networking and really getting to know our customers as well as meet new potential customers. We definitely strived to leave our customers feeling a closer bond to Sentinel as well as leave a great impression on future customers. Overall, it was a great event and I can’t wait to see how Sentinel does next year!
*Mark Combs, Enterprise Account Supervisor*
I had the opportunity to attend Cisco Live 2016 in beautiful Las Vegas. This was my first time attending Cisco Live even though I have been in the networking industry for 20+ years. Honestly, I didn’t know what to expect, but my anticipation was really high given the great things I heard about this event in the past. I’m happy to report that Cisco did not disappoint. Right from the start, I was immediately impressed in how organized the event was. From initial registration, getting to and from your IT sessions, or just eating lunch. The mobile Cisco Live app made it extremely easy to register for new sessions or to find out what’s next on the agenda so you were always be where you wanted to be and not walking around aimlessly. The seminars were great and you could literally sit in just about any technology or session you prefer to learn about. From ACI to deep technical breakout sessions regarding industry IWAN designs, the choice was basically yours. The amount of tech sessions available felt a bit overwhelming at times, however the good news is that they are all available to watch on the Cisco Live website at no cost. That being said, I believe the most valuable piece of attending Cisco Live was the “World of Solutions” booths. This was where vendors from all over the globe could showcase their newest technologies. The collaboration alone was worth the price of admission. Nowhere else can you get so many people together with the same interests to discuss real world issues or scenarios and the exchange of ideas pertaining to those issues. I guess that’s why they call it “Live” - you have to be there to experience it firsthand. Hopefully, I will have the opportunity to experience Cisco Live in 2017 and all that it brings.
Solutions Architect Keith Ippolito on Why Your Business Needs A Microsoft Upgrade
Your IT back office can often be a “set it and forget it” implementation. Servers and their hosted applications are installed and set up to fulfill a business need. As long as operations continue without a hitch, those components remain unseen and get placed on the back burner of attention. As a result, it can be quite the grueling experience when an inevitable upgrade occurs. It doesn’t have to be. Here are the top two reasons your organization should regularly maintain various Microsoft infrastructure-related software.
**Compatibility and Support**
Have you ever tried to pair a Bluetooth headset with a rotary phone or attempted watch the latest YouTube sensation on your Commodore 64? Sounds silly right? It’s a bit of an extreme example, but quite similar to how software works. Most software companies, Microsoft included, try to maintain backwards compatibility to allow for interoperability between multiple versions of a product. There becomes a point though when these companies have to make a decision, usually financial, to depreciate certain compatibilities. This translates directly to Microsoft’s Support Lifecycle when legacy versions of products stop becoming compatible with the latest versions.
Each of Microsoft’s products has a support term that falls into one of two categories: mainstream support or extended support. During the time a product is under mainstream support, Microsoft provides product bug fixes or patches, feature enhancements and security updates. This is the period of the product lifecycle where customers can rely on a working product that Microsoft stands by. It is within this window where the software is most ideal and companies assume the least amount of risk. The extended support period only provides security updates, making it less ideal but still within a tolerable risk level. Once a product reaches the end of the lifecycle, all support ends. Most IT professionals might remember when Windows XP and Windows Server 2003 reached end of life (EOL). Many organizations still operate using these software versions. In the event of a failure, the costs are almost guaranteed to exceed what would have been spent on an upgrade.
Do you always lock your car door when you aren’t in it? If you answered no, consider this alternative question: Would you always lock your car door if you had a stack of $100 dollar bills sitting on your seat? If that was your life savings, it would make sense to take as many precautions as possible to ensure it was protected. Security should be treated the same way. Servers today store a great deal of sensitive public and private information. Digital security gets compromised all the time, especially when the underlying technologies are out-of-date.
Microsoft continues to improve the security of its products with every release and regularly provides security updates to protect against the latest developed threats. New products such as Advanced Threat Analytics (ATA), a cloud-based platform that analyzes and monitors an infrastructure to detect threats, are also available to help your business establish additional layers of protection.
There are other important reasons and benefits to consider maintaining the latest version, including end user experience, increased feature set, and performance to name a few. The reasons detailed above should be a starting point for any business to take a closer look at their IT back office roadmap and begin planning to update their infrastructure.
Don’t be that business spinning cycles when an emergency happens. Sentinel can help you upgrade today! Contact us for more information.
Why a Disaster Recovery Runbook is Critical to Your Business
Think a disaster won’t happen to you? Are you willing to bet your company on that? The Aberdeen Group estimates that a SINGLE HOUR of downtime costs a mid-sized business an average of $74,000. The term “disaster” often conjures up notions of tornadoes or fires or acts of war, but it’s much more than that. A careless employee could accidentally crash your network for 6 hours. That’s also a disaster. An NFIB National Small Business poll indicates man-made disasters hit 10 percent of all small businesses. At least 30 percent experience a natural disaster at some point. Moreover, a study by the University of Texas shows only 6 percent of companies impacted by a catastrophic data loss survive, 43 percent never reopen and 51 percent close within two years.
Disasters and unplanned outages do happen, and they can be extremely costly. The good news is that a Disaster Recovery Plan, including a well thought through DR Runbook, can help your business avoid significant impact by optimizing the response to these scenarios.
Many companies feel that establishing backup and/or moving services to the cloud will automatically infuse disaster preparedness into their environment, but that’s simply not the case. While these strategies can minimize risks or provide some recourse, they do not cover all risks and fail to prepare staff to respond to the various outages that sometimes occur.
What is a DR Runbook?
+It is a set of processes and procedures derived from a Business Continuity/Disaster Recovery Plan that businesses use to respond to disaster/outage scenarios. It generally uses step-by-step decision trees to determine the most effective response to a particular scenario.
+Typically, it contains procedures to begin, stop, supervise and debug the system. It may describe procedures for handling special requests and contingencies.
+It includes a set of actions to key risks – and their associated impact – to the business identified in a Business Continuity Plan/Business Impact Analysis.
+It incorporates and identifies a process for maintaining current DR response procedures (Change Management).
+An effective runbook allows other operators with prerequisite expertise to effectively manage and troubleshoot a system.
Through our experience in IT infrastructure, services and process consulting, Sentinel’s Business Process Consultancy Division offers a unique service to create the optimal DR Runbook for your business that minimizes risk and impact.
An engagement is scaled to the needs of a customer’s business. Considering the documented responses through in-depth interviews with stakeholders, a risk/impact assessment and IT best practices, the engagement will assess the ability to meet business objectives in disaster/outage scenarios and identify gaps.
With further development analysis and runbook automation, these processes can be carried out using software tools in a predetermined manner, improving recovery time and minimizing losses. Training can be provided for use of procedures and/or outsourced responses. Our goal is to help businesses ensure their ability to handle any DR scenario and maintain it as a practice. To learn more about DR Runbook and other Sentinel consulting services, please contact us.
VP of Solution Engineering Ron Boscaccy on The Benefits of Telehealth
Today’s healthcare organizations seek to consistently reduce costs, improve services, provide access to specialists, educate patients and expand their geographic footprint, all while maintaining quality care. Telehealth represents a way to achieve these lofty goals.
Telehealth is the delivery of health-related services and information using communication technologies. When implemented properly, this solution enables healthcare teams to improve collaboration, streamline workflows, enhance patient examinations and consultations, as well as make critical decisions more quickly. Remote access allows for extended monitoring of patients, employee training, consultations with doctors and/or patients in addition to other tools and resources essential for high quality patient care.
Here’s a great example of how telehealth can benefit healthcare organizations. One of Sentinel’s clients was recently looking for a solution that would support remote doctor and specialist interactions with patients, as well as provide remote monitoring should patients need to be isolated. This required both video conferencing and mobility solutions for members of the organization, other healthcare providers and patients. Mobile carts needed to move between patient rooms, examination rooms and the ER. The carts required wireless connectivity and a source of power for moments when no power outlet was available.
Sentinel built a solution using the caregiver’s existing Cisco Unified Collaboration System. For doctors and specialists, Cisco Jabber was installed on laptops and smartphones to provide mobile video. A large display was also installed in a dedicated room, featuring Cisco Telepresence video conferencing for use when a group of outside specialists is required. A medical grade mobile cart with a Cisco Telepresence display allows for easier movement around the healthcare facility. Features include:
+Intuitive controls simplify use and allow providers to focus on patient care
+Seamlessly integrates with telemedicine peripherals
+Battery options allow untethered use for nearly an entire nurses shift
+Pan / Tilt / Zoom of the camera from the remote side
+FDA Class I registered medical device
For visitors or patients that don’t have video capabilities, Cisco Jabber Guest can be used to provide seamless connectivity to a Telehealth solution. Cisco Jabber Guest helps visiting personnel easily interact with enterprise workers by using real-time communications that are high quality, standards-based and comprehensive. Guests simply click a browser link or mobile application to start the interaction.
Initial feedback from the healthcare organization indicated telehealth has enhanced collaboration between experts and clinical staff, enabling them to provide additional support without the need to send patients to ER. Patients can now receive the benefit of multiple expert opinions, information exchange and an overall improvement in healthcare. Partners and trade associates are able to more effectively collaborate and support each other over video conferencing and other remote access endpoints.
There are many different ways that telehealth is revolutionizing patient care and the healthcare industry in general. Sentinel is equipped with the most powerful telehealth solutions and will work closely with your organization to determine the best technology products and services to achieve your unique goals.
For more information on Sentinel’s Teleheatlh Solutions, please contact us.
Sr. Solutions Analyst Bill Carter on the Basics of Software Defined Networking
What is Software Defined Networking (SDN)? In the simplest terms, SDN changes key portions of your network operations from automatic to manual. In a typical network, a control panel automatically assigns tasks and policies to different components without the need for user interference. However as new computing and mobility trends emerge and IT environments grow and change, a certain degree of flexibility is required to maintain optimal network performance. SDN eliminates constraints and enables you to customize network policies in ways that fit the specific and ever-evolving needs of your business.
When SDN equipment is deployed, an engineer interprets a set of policies into Command-Line Interface (CLI) commands. These commands have to be input manually to multiple devices, and if the configuration is correct they will work together to meet the policy requirements. To illustrate these policies and how they’re implemented using SDN, here’s an example showing how a remote office is added to a network:
+At the remote office, computers and IP Phones must be connected to separate networks
+Voice communications will be prioritized over all other traffic
+A secure connection will be used across the Internet to headquarters
+Remote office switch
+Create data and voice VLANs
+Configure quality of service to prioritize voice
+Remote office router
+Create data and voice interfaces
+Configure quality of service to prioritize voice
+Configure routing protocols
+Configure DMVPN to encrypt all traffic between the remote office and headquarters
+Configure quality of service to prioritize voice
+Configure DMVPN to encrypt all traffic between the remote office and headquarters
The SDN helps users to better manage and navigate the complex configuration and operation of the network. An SDN controller creates a single point to interact with and enables any portion of the network to be changed quickly and easily.
Cisco’s Application Policy Infrastructure Controller Enterprise Module (APIC-EM) is an SDN platform for enterprise WAN, campus and access networks. APIC-EM delivers an elastic platform for policy-based automation that both simplifies and abstracts the network. It allows business intent policies to transform network configuration.
APIC-EM and its basic applications are available for free. No typo there, it costs zero dollars. Some additional apps are available for a fee.
Basic applications included at no cost:
+EasyQoS - The EasyQoS feature enables you to configure quality of service on the devices in your network that have been discovered by the Cisco APIC-EM. Using EasyQoS, you can group devices and then define the business relevance of applications that are used in your network.
+Path Trace - The Path Trace application helps to solve network problems by automating the inspection and interrogation of the flow taken by a business application in the network.
+Network Topology Visualization - The Cisco APIC-EM automatically discovers and maps network devices to a physical topology with detailed device-level data. You can use this interactive feature to troubleshoot your network.
Separately licensed (for a fee) applications:
+Intelligent WAN (IWAN) - The separately licensed IWAN application for APIC-EM simplifies the provisioning of IWAN network profiles with simple business policies. The IWAN application defines business-level preferences by application or groups of applications in terms of the preferred path for hybrid WAN links. Doing so improves the application experience over any connection and saves telecom costs by leveraging cheaper WAN links.
+Enterprise Service Automation (ESA) - Cisco Enterprise Service Automation aids with orchestration, automation of processes, and service chaining of virtual and physical branches.
Cisco APIC-EM provides an enterprise SDN solution which abstracts the complexity of network infrastructure and features a set of applications to simplify the deployment of network capabilities. APIC-EM takes the policies, translates them, and automates the deployment of the commands.
More information on APIC-EM can be found here http://www.cisco.com/go/apicem
Please contact Sentinel for more information about SDN and how it can help your business.
IT Solutions Team Lead Ted Joffs Details a Cisco HyperFlex Installation
In the IT industry, the phrase “we are pretty much a 100% physical shop” is one that you dread to hear – especially from a fast-growing company. Such was the case with a leader in the financial services industry recently when they asked Sentinel to install a Virtual Desktop Infrastructure (VDI) solution for a new call center rollout of around 250 desktops as well as fully re-deploy their physical desktop and server infrastructures. They were pretty set on a hyper-converged solution and were looking for something scalable and easy to manage. To be successful, in the eyes of the business, the solution had to:
1. Be solid. With internal hesitation to virtualization from the business, there had to be reliability.
2. Be fast to deploy. To meet the aggressive deadlines, there could be zero delay on delivery or deployment.
3. Be lightning fast. To aid in business buy-in and adoption, the solution had to deliver a better end-user experience than the current desktops. Performance was critical to that.
After reviewing the vendor options, the customer ultimately chose Cisco HyperFlex and VMware Horizon for their hyper-converged VDI solution. Aggressive deployment timelines were set and equipment was on the way. From there we moved onto the fun stuff.
The HyperFlex cluster was delivered quickly. Really quickly. Once the gear was on-site it was time to deploy. Before we go there, I want to touch on one particular aspect of the solution. Sentinel knows that maintaining data integrity and availability is essential to our customers as they adopt and adapt to new technology. How the Cisco HyperFlex solution delivers that can be summed up pretty easily:
· +The Cisco HyperFlex product line is a variant of the Unified Computing System (UCS) product line, and with that you have the full redundant design of dual fabric interconnects, full multi-pathing, and server hardware that is designed with zero single point of failure. In this particular deployment, we had four nodes (N+1) with dual fabric interconnects, and two 10GB paths from each of the HX240c nodes. Everything also ran on fully redundant power. It was a strong platform to begin from.
· +The SpringPath HALO Architecture is a file system – I am simplifying things here a bit – that allows for distribution of writes onto multiple solid-state drives (SSDs) across multiple nodes BEFORE acknowledging the writes. This maintains the data integrity by ensuring that there are multiple copies of the data on separate nodes in the cluster to prevent potential data loss.
· +The HALO Architecture enhances the data integrity by using a Log Structured Distributed Object Store to allocate the data as small objects across multiple servers in a sequential pattern, which are in turn replicated to other pool members to achieve data redundancy. By doing so, they increase not only performance, but the life of the flash layer disk in the servers as well as redundancy overall.
Back to the deployment. In a post on my personal blog, I mentioned that the HyperFlex deployment was pretty fast. Once you rack and cable the cluster, the HX installer is a breeze. What I love about the HX installer is the fact that it really does build the entire UCS deployment and makes adding a node to an existing cluster just as easy. Click. Click. Done. Overall, the deployment of the HX system after rack and cable took less time than installing the vCenter server that was required for the deployment (Note: The vCenter must be on separate hardware but can be moved into the HyperFlex cluster for ongoing operations).
After meeting the first two objectives, we needed to look at the speed. Since this was a VDI cluster, we made one small change (one line in a configuration file) to optimize the cluster’s L3 Cache for a read-heavy environment. Once that small change was made, it was time to run some tests. Since Sentinel doesn’t own the environment I will only include the following observations:
· +During testing of the 4-Node cluster with 4xVMs pushing I/O, the cluster achieved well over 125,000 I/Ops. Even in the worst-case boot storm of 250 users logging in within a one-minute period you would only really require 117,500 I/Ops, leaving plenty of room to spare. Keep in mind, this was not done in a controlled lab under ideal circumstances.
· +I was able to clone a 100GB (65 Used Thin) VM from template in less than three seconds. Seriously.
· +I deployed 250 linked clone desktops including two boots, customization, and domain join in under seven minutes. The bottleneck was the VDI limit on the maximum concurrent operations sent to vCenter (which I tweaked to 25) and probably the Active Directory domain join tasks as part of the customization. It was fun watching the vCenter task pane roll by so fast I couldn’t keep up with it.
The customer was extremely happy with the performance, scalability and easy management of their new infrastructure. The Cisco HyperFlex and VMware Horizon solution met the requirements so well that I better understand the hype around Cisco HyperFlex and the SpringPath HALO Architecture.
Of further interest in terms of scalability comes confirmation from Cisco that node capacity expansion beyond the current self-imposed limitation is in the works and will not be limited to hardware. External storage is also fully supported. This means you will have the capability to hyper-converge your core systems and still make use of external storage area networks (SAN) where business needs dictate.
All in all, HyperFlex is a rock solid platform with a fantastic and robust architecture that you would be wise to evaluate. Couple it with VMware Horizon for desktop deployment, and you have an infrastructure built to help your business achieve unprecedented levels of success. If you would like to learn more about HyperFlex or other converged/hyper-converged infrastructure solutions, please contact Sentinel for more information.
Strategic Solutions Advisor Rick Spatafore On HIPAA Compliance Vs. Ransomware
What was once thought of as a compliance checkbox, HIPAA (more specifically the Security Rule) is causing consternation among healthcare IT practices.
The Health Insurance Portability and Accounting Act, or HIPAA as it is known, requires that healthcare organizations protect the confidentiality, integrity and availability of your Protected Health Information (PHI). Confidentiality ensures that PHI remains private and inaccessible to unauthorized persons. Integrity keeps the PHI intact and prevents alterations or destruction in an unauthorized manner. Availability provides on demand access and usability of the PHI by an authorized person.
Healthcare IT departments are already struggling to keep up with the ever-increasing pace of technology. Now they must be ready to face a new threat to cybersecurity: ransomware. Healthcare has become a primary target for hackers to launch ransomware attacks.
A HIPAA breach is typically seen as a loss of PHI. With ransomware this changes as there is no theft of data, at least from what recent cases have shown. What ransomware does is limit access to PHI and brings the integrity of the PHI into question. Both of these acts could be construed as HIPAA violations, especially limiting the availability of PHI. Once your encrypted PHI is infected with ransomware, you have no idea what effect the breach will have on PHI or the rest of the environment.
Ransomware can be launched through different methods, but the most common are phishing attacks and software exploits. Both leave key data exposed. Healthcare organizations train users on HIPAA and how to prevent violations, but often provide insufficient instruction related to good cybersecurity practices. Healthcare organizations can improve user education on best practices by adopting comprehensive security training programs such as SANS Securing the Human.
Ransomware also targets older and unsupported middleware products. A recent campaign leveraging the SamSam variant exploits the middleware engine then proceeds to spread through the network, encrypting servers and databases that are available. This will continue to have a profound impact on the healthcare industry, as organizations and providers are typically slow to adopt new technologies and update systems. For example, many Windows XP workstations are still in use at healthcare facilities because vendors have not updated software for compliance with Windows 7, Windows 8.1 or Windows 10. This same slow adoption bleeds over in applying updates to servers and middleware. Healthcare organizations are at the mercy of their vendors to adopt secure software versions and provide updates.
Two recent ransomware incidents had two completely different outcomes. The Hollywood Presbyterian breach resulted in the hospital paying the ransom to regain access to their data. While the ransom was only 17 thousand dollars, the organization had to divert patients to other hospitals and was limited in their access to PHI for patients. The resulting damage to the credibility of their brand and loss of patient revenue is ultimately much higher than 17 thousand dollars.
A second ransomware incident occurred at Methodist Hospital in Kentucky. This incident had very different results. Methodist Hospital was able to activate their disaster recovery plan and continue to see patients while running off of their DR site. There was no need to divert patients, no need to pay the ransom, and minimal damage to their credibility.
This is where following a good security framework comes in. By following a standard like NIST Cybersecurity Framework, organizations are able to see how all systems are affected by security incidents. Many IT departments do not include backup and disaster recovery planning as a part of their security strategy when in fact they are one of the most critical parts. Having a solid backup system that is off-network and encrypted is crucial to dealing with ransomware attacks. There are ransomware variants that look for on-network backups and encrypt them, further crippling the organization. Having solid, practiced procedures to either restore your backups or run off the disaster recovery site can save critical time in ensuring access to PHI.
Adopting a layered security approach will lower your risk profile. No single technology can stop all malware, but layering technologies together can strengthen your security posture. In order to actively protect your organization, you must thoroughly understand your environment. This should be done during a Risk Assessment, which is required under HIPAA but oftentimes not performed thoroughly. Understanding your environment allows you to prioritize your cybersecurity tasks and develop a strategy to minimize your organizational risk.
Concerned and wondering about next steps? Sentinel can get you started on the right path with a Risk Assessment Audit that will determine among other things, how hardened your network is and evaluate the efficacy of your backup and DR strategy. Contact us for more information.
An Introduction to World Wi-Fi Day From Solutions Architect Tim Gustafson
Recently the Wireless Broadband Alliance announced the inaugural World Wi-Fi Day, set to take place annually on June 20th. The purpose behind it is to celebrate the role of Wi-Fi in connecting communities across the globe, and explore innovative new solutions to help bridge the digital divide.
Those of us who use Wi-Fi regularly often take it for granted. There are currently more than four billion people around the world with very limited or no access to the internet due to a lack of money and/or resources. While new initiatives such as Connected City are improving and introducing wireless to underserved urban areas, many other Wi-Fi projects still require funding and developmental support in order to become a reality.
One popular idea involves combining outdoor access points in a root and mesh topology with existing internet connectivity and wireless point-to-point solutions, which significantly expands the area of useable Wi-Fi coverage. This would enable more people to have access to reasonably priced high speed internet in places where it’s needed most.
Sentinel Technologies has been consulting, designing, and deploying indoor and outdoor wireless solutions for the past two decades, helping cities, municipalities, government, education, enterprise and small businesses improve productivity and collaboration through affordable connections. Please contact us for more information about our wireless offerings.