Welcome to the Sentinel Blog!
We are proud to feature a carefully curated collection of articles and other content related to the most important technology topics of today and beyond. Our posts are composed and edited by Sentinel’s ALWAYS ENGAGED team of solutions architects, engineers, project managers and other subject matter experts.
Sr. Solutions Analyst Bill Carter on the Basics of Software Defined Networking
What is Software Defined Networking (SDN)? In the simplest terms, SDN changes key portions of your network operations from automatic to manual. In a typical network, a control panel automatically assigns tasks and policies to different components without the need for user interference. However as new computing and mobility trends emerge and IT environments grow and change, a certain degree of flexibility is required to maintain optimal network performance. SDN eliminates constraints and enables you to customize network policies in ways that fit the specific and ever-evolving needs of your business.
When SDN equipment is deployed, an engineer interprets a set of policies into Command-Line Interface (CLI) commands. These commands have to be input manually to multiple devices, and if the configuration is correct they will work together to meet the policy requirements. To illustrate these policies and how they’re implemented using SDN, here’s an example showing how a remote office is added to a network:
+At the remote office, computers and IP Phones must be connected to separate networks
+Voice communications will be prioritized over all other traffic
+A secure connection will be used across the Internet to headquarters
+Remote office switch
+Create data and voice VLANs
+Configure quality of service to prioritize voice
+Remote office router
+Create data and voice interfaces
+Configure quality of service to prioritize voice
+Configure routing protocols
+Configure DMVPN to encrypt all traffic between the remote office and headquarters
+Configure quality of service to prioritize voice
+Configure DMVPN to encrypt all traffic between the remote office and headquarters
The SDN helps users to better manage and navigate the complex configuration and operation of the network. An SDN controller creates a single point to interact with and enables any portion of the network to be changed quickly and easily.
Cisco’s Application Policy Infrastructure Controller Enterprise Module (APIC-EM) is an SDN platform for enterprise WAN, campus and access networks. APIC-EM delivers an elastic platform for policy-based automation that both simplifies and abstracts the network. It allows business intent policies to transform network configuration.
APIC-EM and its basic applications are available for free. No typo there, it costs zero dollars. Some additional apps are available for a fee.
Basic applications included at no cost:
+EasyQoS - The EasyQoS feature enables you to configure quality of service on the devices in your network that have been discovered by the Cisco APIC-EM. Using EasyQoS, you can group devices and then define the business relevance of applications that are used in your network.
+Path Trace - The Path Trace application helps to solve network problems by automating the inspection and interrogation of the flow taken by a business application in the network.
+Network Topology Visualization - The Cisco APIC-EM automatically discovers and maps network devices to a physical topology with detailed device-level data. You can use this interactive feature to troubleshoot your network.
Separately licensed (for a fee) applications:
+Intelligent WAN (IWAN) - The separately licensed IWAN application for APIC-EM simplifies the provisioning of IWAN network profiles with simple business policies. The IWAN application defines business-level preferences by application or groups of applications in terms of the preferred path for hybrid WAN links. Doing so improves the application experience over any connection and saves telecom costs by leveraging cheaper WAN links.
+Enterprise Service Automation (ESA) - Cisco Enterprise Service Automation aids with orchestration, automation of processes, and service chaining of virtual and physical branches.
Cisco APIC-EM provides an enterprise SDN solution which abstracts the complexity of network infrastructure and features a set of applications to simplify the deployment of network capabilities. APIC-EM takes the policies, translates them, and automates the deployment of the commands.
More information on APIC-EM can be found here http://www.cisco.com/go/apicem
Please contact Sentinel for more information about SDN and how it can help your business.
IT Solutions Team Lead Ted Joffs Details a Cisco HyperFlex Installation
In the IT industry, the phrase “we are pretty much a 100% physical shop” is one that you dread to hear – especially from a fast-growing company. Such was the case with a leader in the financial services industry recently when they asked Sentinel to install a Virtual Desktop Infrastructure (VDI) solution for a new call center rollout of around 250 desktops as well as fully re-deploy their physical desktop and server infrastructures. They were pretty set on a hyper-converged solution and were looking for something scalable and easy to manage. To be successful, in the eyes of the business, the solution had to:
1. Be solid. With internal hesitation to virtualization from the business, there had to be reliability.
2. Be fast to deploy. To meet the aggressive deadlines, there could be zero delay on delivery or deployment.
3. Be lightning fast. To aid in business buy-in and adoption, the solution had to deliver a better end-user experience than the current desktops. Performance was critical to that.
After reviewing the vendor options, the customer ultimately chose Cisco HyperFlex and VMware Horizon for their hyper-converged VDI solution. Aggressive deployment timelines were set and equipment was on the way. From there we moved onto the fun stuff.
The HyperFlex cluster was delivered quickly. Really quickly. Once the gear was on-site it was time to deploy. Before we go there, I want to touch on one particular aspect of the solution. Sentinel knows that maintaining data integrity and availability is essential to our customers as they adopt and adapt to new technology. How the Cisco HyperFlex solution delivers that can be summed up pretty easily:
· +The Cisco HyperFlex product line is a variant of the Unified Computing System (UCS) product line, and with that you have the full redundant design of dual fabric interconnects, full multi-pathing, and server hardware that is designed with zero single point of failure. In this particular deployment, we had four nodes (N+1) with dual fabric interconnects, and two 10GB paths from each of the HX240c nodes. Everything also ran on fully redundant power. It was a strong platform to begin from.
· +The SpringPath HALO Architecture is a file system – I am simplifying things here a bit – that allows for distribution of writes onto multiple solid-state drives (SSDs) across multiple nodes BEFORE acknowledging the writes. This maintains the data integrity by ensuring that there are multiple copies of the data on separate nodes in the cluster to prevent potential data loss.
· +The HALO Architecture enhances the data integrity by using a Log Structured Distributed Object Store to allocate the data as small objects across multiple servers in a sequential pattern, which are in turn replicated to other pool members to achieve data redundancy. By doing so, they increase not only performance, but the life of the flash layer disk in the servers as well as redundancy overall.
Back to the deployment. In a post on my personal blog, I mentioned that the HyperFlex deployment was pretty fast. Once you rack and cable the cluster, the HX installer is a breeze. What I love about the HX installer is the fact that it really does build the entire UCS deployment and makes adding a node to an existing cluster just as easy. Click. Click. Done. Overall, the deployment of the HX system after rack and cable took less time than installing the vCenter server that was required for the deployment (Note: The vCenter must be on separate hardware but can be moved into the HyperFlex cluster for ongoing operations).
After meeting the first two objectives, we needed to look at the speed. Since this was a VDI cluster, we made one small change (one line in a configuration file) to optimize the cluster’s L3 Cache for a read-heavy environment. Once that small change was made, it was time to run some tests. Since Sentinel doesn’t own the environment I will only include the following observations:
· +During testing of the 4-Node cluster with 4xVMs pushing I/O, the cluster achieved well over 125,000 I/Ops. Even in the worst-case boot storm of 250 users logging in within a one-minute period you would only really require 117,500 I/Ops, leaving plenty of room to spare. Keep in mind, this was not done in a controlled lab under ideal circumstances.
· +I was able to clone a 100GB (65 Used Thin) VM from template in less than three seconds. Seriously.
· +I deployed 250 linked clone desktops including two boots, customization, and domain join in under seven minutes. The bottleneck was the VDI limit on the maximum concurrent operations sent to vCenter (which I tweaked to 25) and probably the Active Directory domain join tasks as part of the customization. It was fun watching the vCenter task pane roll by so fast I couldn’t keep up with it.
The customer was extremely happy with the performance, scalability and easy management of their new infrastructure. The Cisco HyperFlex and VMware Horizon solution met the requirements so well that I better understand the hype around Cisco HyperFlex and the SpringPath HALO Architecture.
Of further interest in terms of scalability comes confirmation from Cisco that node capacity expansion beyond the current self-imposed limitation is in the works and will not be limited to hardware. External storage is also fully supported. This means you will have the capability to hyper-converge your core systems and still make use of external storage area networks (SAN) where business needs dictate.
All in all, HyperFlex is a rock solid platform with a fantastic and robust architecture that you would be wise to evaluate. Couple it with VMware Horizon for desktop deployment, and you have an infrastructure built to help your business achieve unprecedented levels of success. If you would like to learn more about HyperFlex or other converged/hyper-converged infrastructure solutions, please contact Sentinel for more information.
Strategic Solutions Advisor Rick Spatafore On HIPAA Compliance Vs. Ransomware
What was once thought of as a compliance checkbox, HIPAA (more specifically the Security Rule) is causing consternation among healthcare IT practices.
The Health Insurance Portability and Accounting Act, or HIPAA as it is known, requires that healthcare organizations protect the confidentiality, integrity and availability of your Protected Health Information (PHI). Confidentiality ensures that PHI remains private and inaccessible to unauthorized persons. Integrity keeps the PHI intact and prevents alterations or destruction in an unauthorized manner. Availability provides on demand access and usability of the PHI by an authorized person.
Healthcare IT departments are already struggling to keep up with the ever-increasing pace of technology. Now they must be ready to face a new threat to cybersecurity: ransomware. Healthcare has become a primary target for hackers to launch ransomware attacks.
A HIPAA breach is typically seen as a loss of PHI. With ransomware this changes as there is no theft of data, at least from what recent cases have shown. What ransomware does is limit access to PHI and brings the integrity of the PHI into question. Both of these acts could be construed as HIPAA violations, especially limiting the availability of PHI. Once your encrypted PHI is infected with ransomware, you have no idea what effect the breach will have on PHI or the rest of the environment.
Ransomware can be launched through different methods, but the most common are phishing attacks and software exploits. Both leave key data exposed. Healthcare organizations train users on HIPAA and how to prevent violations, but often provide insufficient instruction related to good cybersecurity practices. Healthcare organizations can improve user education on best practices by adopting comprehensive security training programs such as SANS Securing the Human.
Ransomware also targets older and unsupported middleware products. A recent campaign leveraging the SamSam variant exploits the middleware engine then proceeds to spread through the network, encrypting servers and databases that are available. This will continue to have a profound impact on the healthcare industry, as organizations and providers are typically slow to adopt new technologies and update systems. For example, many Windows XP workstations are still in use at healthcare facilities because vendors have not updated software for compliance with Windows 7, Windows 8.1 or Windows 10. This same slow adoption bleeds over in applying updates to servers and middleware. Healthcare organizations are at the mercy of their vendors to adopt secure software versions and provide updates.
Two recent ransomware incidents had two completely different outcomes. The Hollywood Presbyterian breach resulted in the hospital paying the ransom to regain access to their data. While the ransom was only 17 thousand dollars, the organization had to divert patients to other hospitals and was limited in their access to PHI for patients. The resulting damage to the credibility of their brand and loss of patient revenue is ultimately much higher than 17 thousand dollars.
A second ransomware incident occurred at Methodist Hospital in Kentucky. This incident had very different results. Methodist Hospital was able to activate their disaster recovery plan and continue to see patients while running off of their DR site. There was no need to divert patients, no need to pay the ransom, and minimal damage to their credibility.
This is where following a good security framework comes in. By following a standard like NIST Cybersecurity Framework, organizations are able to see how all systems are affected by security incidents. Many IT departments do not include backup and disaster recovery planning as a part of their security strategy when in fact they are one of the most critical parts. Having a solid backup system that is off-network and encrypted is crucial to dealing with ransomware attacks. There are ransomware variants that look for on-network backups and encrypt them, further crippling the organization. Having solid, practiced procedures to either restore your backups or run off the disaster recovery site can save critical time in ensuring access to PHI.
Adopting a layered security approach will lower your risk profile. No single technology can stop all malware, but layering technologies together can strengthen your security posture. In order to actively protect your organization, you must thoroughly understand your environment. This should be done during a Risk Assessment, which is required under HIPAA but oftentimes not performed thoroughly. Understanding your environment allows you to prioritize your cybersecurity tasks and develop a strategy to minimize your organizational risk.
Concerned and wondering about next steps? Sentinel can get you started on the right path with a Risk Assessment Audit that will determine among other things, how hardened your network is and evaluate the efficacy of your backup and DR strategy. Contact us for more information.
An Introduction to World Wi-Fi Day From Solutions Architect Tim Gustafson
Recently the Wireless Broadband Alliance announced the inaugural World Wi-Fi Day, set to take place annually on June 20th. The purpose behind it is to celebrate the role of Wi-Fi in connecting communities across the globe, and explore innovative new solutions to help bridge the digital divide.
Those of us who use Wi-Fi regularly often take it for granted. There are currently more than four billion people around the world with very limited or no access to the internet due to a lack of money and/or resources. While new initiatives such as Connected City are improving and introducing wireless to underserved urban areas, many other Wi-Fi projects still require funding and developmental support in order to become a reality.
One popular idea involves combining outdoor access points in a root and mesh topology with existing internet connectivity and wireless point-to-point solutions, which significantly expands the area of useable Wi-Fi coverage. This would enable more people to have access to reasonably priced high speed internet in places where it’s needed most.
Sentinel Technologies has been consulting, designing, and deploying indoor and outdoor wireless solutions for the past two decades, helping cities, municipalities, government, education, enterprise and small businesses improve productivity and collaboration through affordable connections. Please contact us for more information about our wireless offerings.
Data Center Solutions Team Lead Bill LaFlamme on the Dell / EMC Merger
Back in October 2015, Dell and its partners acquired EMC for $67 billion. Since then, the tech industry has begun to evolve rapidly as many of the big players realign their focus on cloud, converged infrastructure, mobile, big data and other concepts essential to the future of IT. The EMC purchase happened because the company was well established in all the right areas and Dell was smart enough to buy instead of attempting to build. This is the same strategy used by a majority of Hyper-Converged/Converged infrastructure players.
From both a sales and technical perspective, this merger makes a lot of sense. Dell does well in the SMB, SLED and mid-market space, while EMC has been very successful in the commercial and enterprise markets. No one knows exactly how the products, sales teams, channel and partner programs will be organized just yet, but there are some very smart people at both organizations in charge of figuring that out.
Dell will change their name to Dell Technologies with several brands under this umbrella, including EMC, VMware, Pivotal, SecureWorks, RSA and Virtustream. With VCE (already part of EMC’s Emerging Technologies Division) and the expanded portfolio of VCE offerings (Blocks, Racks, Rails and Appliances) extending the lead in a crowded marketplace, this is just the beginning stage of changes in our industry. The advent of IoT (Internet of Things) has created a massive surge of connected devices, people and processes to rival the industrial revolution. To quote a common phrase, “May you live in interesting times.” That certainly holds true in today’s IT.
Sentinel Technologies will continue to support our customers with offerings in best-of-breed products, multi-vendor solutions, managed services and cloud offerings. Our customers and partners are key to our success, enabling us to lead, connect, engage, deliver and motivate across the technology industry. I’m certain the Dell and EMC teams will too as they collectively and collaboratively attempt to help customers achieve their individual business goals.
Solutions Architect Geoff Woodhouse On The Advantages of Document Digitization
Many companies and cultural institutions with long histories continue to maintain archives of important data and other information in analog formats such as paper, canvas and microfilm. This might seem like an antiquated idea in our increasingly technological world, but for industries such as healthcare, finance and education, hard copies remain a necessary part of daily business. The management of a physical archive, particularly a large and complex one, can create all sorts of extra headaches for organizations. Digitization is a simple solution with significant advantages for those eager to do more with their archived data.
The primary advantage of digitization is the significant increase in data accessibility. If a museum were to digitize an ancient scroll, it could more easily and safely be shared and studied around the world by multiple people at the same time. On an enterprise level, digitization of documents and other information improves access and collaboration between employees, customers, partners and everybody in between.
Another advantage of digitization is improved search functionality. Back when I was a kid, libraries had card catalogs. All the books in the library were organized by title on these little white cards, with the Dewey Decimal numbers on the card to tell you where it was located in the building. The amount of effort to keep those thousands of cards up to date was a monumental task, and if someone stole or destroyed one it made the book much harder to find.
With digitization, we can easily search an online database for any book in the library or a neighboring library system. We can also search for books and place them on hold from our home. Digitizing the library catalog revolutionized how to use the library system around the world. This has the same application in a corporate setting, where digitization makes it more convenient than ever to locate key data quickly and from any networked location.
There’s also a great financial benefit to digitization. Keeping virtual copies of records takes up less physical space. This can lead to thousands of dollars per year in savings for legal organizations, universities, financial institutions and other compliance-related businesses. It is relatively straightforward to set up the hardware and software to store the digital files. The difficult part is scanning the old documents and learning how to use the digital storage going forward. There will be new systems and people will need to be trained on them, but typically the savings are worth it.
The last key reason is security. You can’t really backup a piece of paper, but it is easy to encrypt and secure a digital file. This way if anyone does steal it, they can’t open it. For security reasons, it could be dangerous to keep papers in a file cabinet. Things could be taken and somebody might not realize they’re missing until months or even years later! Digitization of files is a great way to secure any archived data.
Sentinel offers a wide range of digitization solutions for your business or organization. Please contact us for more information.
Sentinel CTO Robert Keblusek on the Benefits of Cisco Intelligent WAN (IWAN)
As companies embrace streaming, downloads, mobility and BYOD in the workplace, the increased demand on Wide Area Networks (WAN) can often create speed and accessibility issues across the entire enterprise. Traditional WAN solutions no longer provide the necessary scalability at a cost effective price to remain competitive and secure in today’s marketplace, which is why nearly 50% of organizations are moving to the Internet for some or all WAN services.
At Sentinel we can design Internet service for backup, best effort and even mission critical guaranteed workloads. We have had great success helping customers save money on WAN services using the Internet as a backbone while also successfully supporting quality and latency-sensitive applications such as voice and video. While Internet WAN service isn’t a fit for everyone, an increasing number of customers have found it very beneficial as they continue to grow.
Cisco’s IWAN offers transport independence, creating secure connectivity over the customer’s preferred transport option while offering path optimization to ensure the best possible performance. When combined with direct Internet access for application support and caching, new architectures become available that can improve performance and reliability. It also allows for the reduction or containment of connectivity costs over time, often with a better than one year return on investment.
When designed properly, IWAN enables distributed security and encryption with direct access to cloud services so you don’t have to use a private network for your applications. In fact, Sentinel has designed customer networks for both distributed and centralized network and internet control through our CloudSelect® INTERNETaaS offering. Developing dynamic private networks along with internet-connected wide area networks ensures optimal security and intelligent connectivity to internal and external application services.
With IWAN, Cisco has collected many years of proven technologies into a solid architecture that enhances productivity, saves money and improves security and reliability. They’ve also put together extensive training for experienced partners like Sentinel to enable our staff on designing, deploying and supporting full IWAN deployments for our customers. In addition, Sentinel has leveraged these technologies in delivering cloud services not only from our own premium CloudSelect® offerings but to other SaaS and cloud providers. Any customer looking at their next generation of wide area connectivity should consider Cisco’s IWAN architecture to create a modern network capable of delivering a rich technology experience at an affordable cost.
FAQ: CTO Robert Keblusek Answers Common Ransomware Questions
Ransomware continues to dominate headlines across the tech industry. The threat of these security breaches has many organizations, especially in the healthcare field, looking for answers. We asked our Chief Technology Officer and all-around security expert Bob Keblusek to provide insights on some of the most common questions related to ransomware.
1. What is the best solution to deploy against ransomware?
I believe it takes an architecture that includes endpoint through perimeter and mobility solutions as well as ongoing management of all involved systems.
It is critical to have a central point of management for security incidents in addition to tracking them through the duration of the security event. Having a security management platform that integrates multi-vendor solutions creates a comprehensive tool that helps uncover the highest risk areas and in turn where to best invest in security solutions with limited IT budgets.
Security is an ongoing effort, balancing access to information while keeping it protected from attack. Compromises that steal data or hold data hostage for a fee will continue to evolve and challenge traditional IT perimeter solutions. These measures often fail to keep data fully secure, which is why an expansive architecture is required along with continuous management, review and proper incident/response policies.
These events can also result in a disruption of business. Similar to how companies protect their data from a physical disaster, there needs to be a contingency plan in place should a data breach or theft occur.
2. With healthcare being targeted, how do providers protect HIPPA data from ransomware?
Within our healthcare practice we have experts that advise on best practices for securing HIPAA data as well as PCI data and more.
We have seen an increase in technology architectures that protect data both in-flight and at-rest, including encryption, endpoint protection and behavioral response systems. Some modern solutions analyze network activity within the infrastructure, and when combined with embedded network access control, are reaching a point where administrators can set policies in order to protect sensitive data.
3. How does Sentinel protect our current clients from ransomware?
Sentinel offers a complete security assessment and review with an architecture recommendation for ransomware in addition to full security solutions.
These can be as simple as a point-in-time assessment and remediation recommendations. Our CloudSelect® SECaaS offering provides complete intrusion detection as well as an incident and event management platform that integrates incident lifecycle management for a single pane of glass.
Using the threat exchange and signatures on our IDS we have this detection built into our CloudSelect® SECaaS offering. With this solution in place we can detect, alert and create a service ticket on this activity coming from any customer.
This offering also includes constant traffic detection and integrates multi-vendor security solutions into a complete management platform. When combined with a strong information security policy, the technology provides some of the best protection possible before, during and after the attack.
4. How does Sentinel utilize their partnership with Cisco for security solutions?
Sentinel is very optimistic about recent Cisco acquisitions such as StealthWatch (formerly Lancope), OpenDNS, SourceFIRE, as well as existing Cisco security products that continue to evolve. When combined with network access control we feel that we can offer a complete solution to help fight the ongoing security challenges for most organizations.
Sentinel also combines these architectures into a single platform for clients to have ongoing visibility and management capabilities. Each of these pieces solve specific security needs, and we bring them all together into a complete architecture and management solution with our CloudSelect® SECaaS to help you get the most from your security investment and protect your sensitive data from breaches and/or being held hostage.
Want more information on a solution mentioned, or want to schedule a Sentinel security assessment? Let us know at: www.sentinel.com/ContactUs.
Welcome to The Pulse
Sentinel Technologies is proud to launch our new blog! A huge aspect of our website upgrade was focused on organizing the site so visitors had the most up-to-date information on solutions, products, news and other industry topics, right at their fingertips.
In designing the site, we also wanted to create a platform that allowed us to create informative and interactive content. Our in-house experts have their finger on the pulse of the industry, and we wanted an outlet that allowed them to share that knowledge.
The Pulse is that platform. Each week different contributors will weigh in on their topic of expertise, hot trends or industry news. As experts in the field, they will be able to give guidance, advice and truly inform our readers on topics and issues dominating the industry.
Check back weekly to see what’s new on The Pulse!