Last week, we travelled to the European ATF (Avaya Technology Forum) Conference in Dublin. During the conference, more than 600 networking and unified communications specialists came together to hear about Avaya’s vision on the smart digital world. The conference was a mixture of plenary presentations, hands-on demos and best practices sharing in breakout sessions.
Avaya Stealth Networking
The very first thing we saw was Avaya Stealth networking. It is one of the security features of Avaya Fabric. There are no IP addresses connecting the hosts because the fabric only operates in layer 2 mode. So, if we put all our IP addresses in layer 2 VSNs, then the network topology is completely invisible for any IP scan. As a result, the attacker will not know what lives on the network nor which technologies were used. And of course: you can’t attack what you can’t see.
Stealth networking is, however, not available for everyone. If you need to have services enabled towards the outside, your DMZ will still be visible. The advantage that stealth networking can provide in this situation is that the attacker will only see the presence of the DMZ, but not of the internal network. Therefore, only your DMZ has the risk of being breached.
ATF Dublin: what is new?
One of the new features at the ATF conference was the Avaya Fabric Orchestrator (AFO). It is the ultimate all-in-one network management solution because it has all the required applications to manage the SDN Fx enabled features namely:
- the configuration tool
- the monitoring
- the inventory
- the backup & deployment
- the flow management
These features are all included and ready to use. No further installation is required. On top of that, even though it is not yet available, the AFO will be able to be an SDN controller in the near future (based on Open Daylight). It will allow integrations with OpenFlow scenarios.
One of the demo sessions we attended was about that controller. They showed us the using and automating deployment of ONA (Open Network Adaptor). The ONA can be used in the health sector for instance to connect medical equipment and to put it in its private network thanks to the Avaya Fabric.
Another platform made to support workflows is Avaya Breeze. It allows automation of endless use cases. To make decisions, it uses information exchange between IoT devices, the network and analytics.
In order to support 802.11ac Wave 2, 1GB interfaces are no longer enough. That is why Avaya will introduce 2.5 GB interfaces on its ERS 5900. Those interfaces also support UPoE in order to provide more power for IoT-devices.
The benefits of a simple multicast configuration
Another really interesting part, was the configuration of multicast inside the Fabric. In a traditional network, you need PIM to route multicast. That requires a rather complicated configuration and CPU processing power. The Avaya fabric does not require additional CPU power since the multicast streams are mapped towards i-sids inside the fabric and they are distributed as normal Ethernet frames. Therefore the switch can do what it is designed for: switching! Using that in combination with L2 or L3 VSNs and IGMP snooping will ensure that your multicast can not be detected by other parts of the network.
Another advantage of using separate L3 or L2 VSNs is that you can use the same multicast addresses multiple times in your network because they are completely separate. If you want to configure this inside a fabric connect or fabric attach network you only need 4 commands! That simplifies the configuration which will result in less mistakes.
Wifi in the Fabric
The Avaya Wifi portfolio has now been fully integrated in the SDN Fx. First of all, that implies automatic network configuration thanks to theFabric Attach (FA). Its signaling allows automatic usage of local VLAN and of services throughout the Avaya Fabric. So, the access point is configured without errors and more rapidly. On top of that, the idea is to create an ‘RF cloud’ that provides the right connectivity to the end-users. This goes beyond the classical VLAN assignment linked to user authentication. Just like Fabric Attach signaling, the VLAN and its corresponding Service ID in the Fabric on the edge switches, are distributed and configured automatically.
Putting users in a quarantine network without notice
We attended to an interesting demo in which a contractor was launching a DDoS attack. When detected, it launched a workflow in Breeze whichput that user in a quarantine network without his tool noticing it. Furthermore, it redirected its traffic to a security analysis tool in that sandbox environment. Palo Alto Networks is one of Avaya’s security partners. Through API integration, Palo Alto makes it possible to completely pull that user out of the network when malicious behavior is detected.
So to wrap it up, we saw more innovative solutions than we expected. Avaya has clearly reinvented itself as a software company in this digital world, especially when it comes to hyper converged datacenters and software based reactive solutions. Their focus is now on developing solutions that help customers really stand out in their market and that will cope with the different threats we are facing when it comes to security. That includes the ability to build and transform secure environments with existing assets and breaking down silos of information.