HP, Juniper to help VMware take on networks with NSX

IDG News Service - VMware's big splash in software-defined networking with its NSX network hypervisor comes with partnerships already in place to flesh out its virtual networks.

On Monday, as VMware formally announced NSX at VMworld, Hewlett-Packard and Juniper Networks announced deals with the company to tie their software-defined networking (SDN) systems in with the new network hypervisor.

NSX is VMware's strongest attempt yet to take control over enterprise networks, which puts it on a collision course with Cisco Systems, a current partner, Gartner analyst Joe Skorupa said.

"They both have the same goal, which is to be the vendor that controls all infrastructure in the data center," Skorupa said. "You can't have two."

While VMware's relationship with Cisco is showing signs of strain, the partnerships it announced on Monday with HP and Juniper could be significant for its networking ambitions, he said.

VMware wants to do the same thing for networks that it has done for servers in many enterprises already. While virtualization allows workloads to move quickly from one physical server to another, the network changes required to deal with those changes typically are more complex and time-consuming. SDN is an array of new techniques to separate the control of networks from their underlying infrastructure that handles data packets.

NSX is a network hypervisor that creates virtual tunnels across an infrastructure to accommodate the mobility of virtual machines. It brings in technology VMware acquired with SDN startup Nicira last July. Though VMware already has some network virtualization capabilities with its VXLAN tunneling technology, NSX will bring significant enhancements, including better scaling and the ability to work with non-VMware hypervisors such as Microsoft HyperV and the open-source KVM, that may be used in some parts of a VMware shop, Skorupa said.

HP and VMware plan to federate NSX with HP's SDN controller, adding HP's more fine-grained control of network hardware to its capabilities. This will let them bring physical and virtual networks together to a degree that other vendors haven't been able to achieve, according to Bethany Mayer, senior vice president and general manager of HP Networking.

The federation will offer benefits to users of all HP networking gear that includes the OpenFlow SDN protocol, which HP has been using since 2008. But it won't be available until the second half of next year, as HP and VMware still have work to do in developing the technology and bringing it to market, Mayer said. The partnership isn't exclusive, but work has been going on for about six months already and the companies each have contributed R&D resources to the project, she said.

So-called overlay solutions such as NSX can set up virtual tunnels across a network but don't automatically configure the switches and other gear that make up the network, Mayer said. Networks are constantly changing, with different configurations and new users contending for resources, so overlay systems can suffer from "blind spots," she said. That makes it harder to make the network deliver the level of service that an application demands.

HP's controller adds an "underlay" that has access to everything going on in the physical network. Working in conjunction with NSX, it will help to make tunnels work as they need to, Mayer said.

Also on Monday, Juniper announced an expansion of its partnership with VMware to let customers tie its infrastructure more tightly with VMware technologies. The work will include a VMware NSX Layer 2 Gateway function, for connectivity between virtualized and non-virtualized parts of a network.

The gateway function will be available for a variety of core, aggregation and access switches and edge routers in mid-2014. Other features will include hardware acceleration of VXLAN routing, also due in mid-2014, and closer integration with Juniper's virtual security technologies.

Stephen Lawson covers mobile, storage and networking technologies for The IDG News Service. Follow Stephen on Twitter at @sdlawsonmedia. Stephen's e-mail address is stephen_lawson@idg.com

Reprinted with permission from IDG.net. Story copyright 2012 International Data Group. All rights reserved.

View the original article here

HP, Juniper to help VMware take on networks with NSX

VMware's big splash in software-defined networking with its NSX network hypervisor comes with partnerships already in place to flesh out its virtual networks.

On Monday, as VMware formally announced NSX at VMworld, Hewlett-Packard and Juniper Networks announced deals with the company to tie their software-defined networking (SDN) systems in with the new network hypervisor.

NSX is VMware's strongest attempt yet to take control over enterprise networks, which puts it on a collision course with Cisco Systems, a current partner, Gartner analyst Joe Skorupa said.

"They both have the same goal, which is to be the vendor that controls all infrastructure in the data center," Skorupa said. "You can't have two."

While VMware's relationship with Cisco is showing signs of strain, the partnerships it announced on Monday with HP and Juniper could be significant for its networking ambitions, he said.

VMware wants to do the same thing for networks that it has done for servers in many enterprises already. While virtualization allows workloads to move quickly from one physical server to another, the network changes required to deal with those changes typically are more complex and time-consuming. SDN is an array of new techniques to separate the control of networks from their underlying infrastructure that handles data packets.

NSX is a network hypervisor that creates virtual tunnels across an infrastructure to accommodate the mobility of virtual machines. It brings in technology VMware acquired with SDN startup Nicira last July. Though VMware already has some network virtualization capabilities with its VXLAN tunneling technology, NSX will bring significant enhancements, including better scaling and the ability to work with non-VMware hypervisors such as Microsoft HyperV and the open-source KVM, that may be used in some parts of a VMware shop, Skorupa said.

HP and VMware plan to federate NSX with HP's SDN controller, adding HP's more fine-grained control of network hardware to its capabilities. This will let them bring physical and virtual networks together to a degree that other vendors haven't been able to achieve, according to Bethany Mayer, senior vice president and general manager of HP Networking.

The federation will offer benefits to users of all HP networking gear that includes the OpenFlow SDN protocol, which HP has been using since 2008. But it won't be available until the second half of next year, as HP and VMware still have work to do in developing the technology and bringing it to market, Mayer said. The partnership isn't exclusive, but work has been going on for about six months already and the companies each have contributed R&D resources to the project, she said.

So-called overlay solutions such as NSX can set up virtual tunnels across a network but don't automatically configure the switches and other gear that make up the network, Mayer said. Networks are constantly changing, with different configurations and new users contending for resources, so overlay systems can suffer from "blind spots," she said. That makes it harder to make the network deliver the level of service that an application demands.

HP's controller adds an "underlay" that has access to everything going on in the physical network. Working in conjunction with NSX, it will help to make tunnels work as they need to, Mayer said.

Also on Monday, Juniper announced an expansion of its partnership with VMware to let customers tie its infrastructure more tightly with VMware technologies. The work will include a VMware NSX Layer 2 Gateway function, for connectivity between virtualized and non-virtualized parts of a network. The gateway function will be available for a variety of core, aggregation and access switches and edge routers in mid-2014. Other features will include hardware acceleration of VXLAN routing, also due in mid-2014, and closer integration with Juniper's virtual security technologies.

Stephen Lawson covers mobile, storage and networking technologies for The IDG News Service. Follow Stephen on Twitter at @sdlawsonmedia. Stephen's e-mail address is stephen_lawson@idg.com

View the original article here

Malware hijacks mobile ad networks to siphon money

Asian cybercriminals have figured out an unusual way to use the architecture of a mobile ad network to siphon money from their victims.

The new method represents another step in the evolution of mobile malware, which is booming with more smartphones shipping than PCs. Mobile ad networks open up the perfect backdoor for downloading code.

"It's a very, very clean infection vector," said Wade Williamson, a senior security analyst at Palo Alto Networks who discovered the new trickery.

In legitimate partnerships between ad distributors and developers, the latter embeds the former's software development kit (SDK) into the app, so it can download and track ads in order to split revenue.

Unfortunately, how well developers vet the ad networks they side with varies from one app maker to another. If the developer does not care or simply goes with the highest bidder, then the chances of siding with a malicious ad network is high.

Wiliamson found one such network's SDK embedded in legitimate apps in online Android stores for several Asian countries, including Malaysia, Taiwan, and China. Once installed, the SDK accesses an Android application package file (APK) and runs it in memory where the user cannot easily discover it.

The APK typically waits until another app is being installed before triggering a popup window that seeks permission to access Android's SMS service.

"It doesn't have to go through the whole process of doing a full install," Williamson said. "It just sits there and waits on the smartphone to install something else and then piggybacks in."

Once installed, the APK takes control of the phone's messaging service to send text to premium rate numbers and to download instructions from a command and control server. About 77 percent of Android malware today wring money from victims through paid messaging services, said Juniper Networks' latest mobile threat report.

Williamson has seen more than a half dozen samples of the latest malware, which he believes is coming from one criminal group, while acknowledging multiple groups is possible.

Android users in Asia and Russia are more susceptible to Android malware, because many apps are downloaded from independent online stores. In the U.S., most Android users take apps from the Google Play store, which scans for malware and malicious ad networks.

Because of the effectiveness of the latest malware, Williamson expects criminals in the future to use the same scheme to download more insidious malware capable of stealing credentials to online banking and retail sites where credit card numbers are stored.

The same pathway could also be used to steal credentials for entering corporate networks.

"As soon as you have a vector like this, the difference between creating malware that sends spoof SMS messages versus looks for the network and tries to break in is just malware functionality," Williamson said.

View the original article here

Facebook eyes making local connections with mesh networks

Facebook has designed a system that would allow individuals and advertisers to make direct connections to those physically nearby that share similar interests or are open to receiving certain advertisements.

The company’s work was outlined in a U.S. patent filing for a “wireless social networking” system that was published this week and represents a further step towards advertising and communication that is locally targeted.

USPTOSample screens of an instant messenger app based on a proximity wireless mesh network, as shown in a Facebook patent application.

Under the envisaged system, a wireless device would establish a connection with other wireless devices nearby. The communication wouldn’t run via the Internet but would be based on a direct link between the devices. Each device might be linked to one or many other devices, depending on the density of people in a certain area, and each would be open to sending, receiving and relaying messages as part of the mesh network.

Because the network is based on direct connections, the approximate location of users can be determined. For example, if a device has a 100-meter-range then all other devices it is in direct contact with could be determined to be within 100 meters. If those devices acted as relays, then a second level of devices could be determined to be within 200 meters and so on. The number of relays, or “hops,” lies at the heart of the envisaged system.

The system outlined in the patent application envisages users setting preferences for receiving or communicating with others based on interest and proximity. Facebook calls the combination of these two factors an “interest metric.”

USPTOA concept proximity wireless mesh network, as shown in a Facebook patent application.

“In general, the wireless device may enable messaging communications with wireless neighbors that have higher interest metrics and avoid enabling messaging communications with wireless neighbors with lower interest metrics,” the application said.

Users would categorize themselves as individuals, businesses and advertisers with further sub categorize for finer distinctions.

“In one example, the neighbor type ‘restaurant’ may be sub-divided into multiple sub-groups, such as ‘Italian,’ ‘Thai,’ ‘French,’ and others. In another example, the neighbor characteristics depend on the content advertised by the neighbor, such as the specific value of store discounts. In addition, the neighbor characteristics may indicate a neighbor’s interests or social activities, such as interests in poker, science fiction, or kung-fu movies,” the application said.

“The user may assign different interest metrics to different neighbor characteristics. Hence, the user may set the interest metrics to the highest value for the individuals interested in poker, the medium value for the stores advertising free pizza, and the smallest value for stores advertising discounts on winter clothes that are less than 20 percent off. As a result, the wireless device may prevent messaging communications with the stores advertising discounts on winter clothes, because these stores’ have interest metrics that are too low for the user.”

Businesses are continually trying to refine their advertising so it only reaches consumers that might become customers. That’s especially true of local businesses, which often have limited advertising budgets.

That’s where the mesh networking trumps an Internet connection, according to the patent application.

“Finally, enabling communications based at least in part on network proximity may also assist businesses in identifying potential customers. In one example, the owner of a pizzeria may only want to advertise a ‘7:30 special’ to the customers who are close-by to the pizzeria to avoid advertising to customers who are too far away to take advantage of the ‘7:30 special.’ In another example, a department store with a large number of diverse products may tailor its promotional advertisements to the customers shopping within specific store sections. Hence, customers shopping in a ‘Women’s Shoes’ section may receive advertisements that are different from advertisements received by customers shopping in a ‘Men’s Suits’ section.”

The system wouldn’t be totally focused on advertising—and that might be key if users were ever to sign on should such a system launch. The interest list would also enable users to find others nearby that shared similar interests and hobbies or act as a filter for discovering existing friends that are in the area.

Details are included in U.S. patent application 20130208714 that was published on Thursday. It was filed with the U.S. Patent and Trademark Office on March 14 this year.

Patent applications provide insight into the types of projects that companies are working on. They are typically filed early on in the development process and the appearance of a patent application doesn’t necessarily mean a future commercial product.

Martyn Williams covers mobile telecoms, Silicon Valley and general technology breaking news for The IDG News Service.
More by Martyn Williams, IDG News Service

View the original article here