Posts Tagged‘network’

Fiber’s Future Looks Bright with Frequency Combs.

Fiber is the future of all communications, that’s a fact that any technologist will be able to tell you. Whilst copper is still the mainstay for the majority its lifetime is limited as optics are fast approaching the point where they’re feasible for everything. However even fiber has its limits, one that some feel we were going to hit sooner rather than later which could cause severe issues for the Internet’s future. However new research coming out of the University of California, San Diego paves the way for boosting our fiber network’s bandwidth significantly.

Fiber Optics

 

Today’s fiber networks are made up of long runs of fiber optic cable interspersed with things called repeaters or regenerators. Essentially these devices are responsible for boosting up the optical signal which becomes degraded as it travels down the fiber. The problem with these devices is that they’re expensive, add in latency and are power hungry devices, attributes that aren’t exactly desirable. These problems are born out of a physical limitation of fiber networks which puts an upper limit on the amount of power you can send down an optical cable. Past a certain point the more power you put down a fiber the more interference you generate meaning there’s only so much you can pump into a cable before you’re doing more harm than good. The new research however proposes a novel way to deal with this: interfere with the signal before it’s sent.

The problem with interference that’s generated by increasing the power of the signal is that it’s unpredictable meaning there’s really no good way to combat it. The researchers however figured out a way of conditioning the signal before it’s transmitted which allows the interference to become predictable. Then at the receiving end they’ve used what they’re calling “frequency combs” to reverse the interference on the other end, pulling a useful signal out of interference. In the lab tests they were able to send the signal over 12,000KM without the use of a repeater, an absolutely astonishing distance. Using such technology could drastically improve the efficiency of our current dark fiber networks which would go a long way to avoiding the bandwidth crunch.

It will be a little while off before this technology makes its way into widespread use as whilst it shows a lot of promise the application within the lab falls short of a practical implementation. Current optical fibers carry around 32 different signals whereas the system that the researchers developed can currently only handle 5. Ramping up the number of channels they can support is a non-trivial task but at least it’s engineering challenge and not a theoretical one.

VMware VIM SDK Gotchas (or Ghost NICs, Why Do You Haunt Me So?).

I always tell people that on the surface VMware’s products are incredibly simple and easy to use and for the most part that’s true. Anyone who’s installed an operating system can easily get a vSphere server up and running in no time at all and have a couple virtual machines up not long after. Of course with any really easy to use product the surface usability comes from an underlying system that’s incredibly complex. Those daring readers who read my last post on modifying ESXi to grant shell access to non-root users got just a taste of how complicated things can be and as you dive deeper and deeper into VMware’s world the more complicated things become.

I had a rather peculiar issue come up with one of the tools that I had developed. This tool wasn’t anything horribly complicated, all it did was change the IP address of some Windows servers and their ESXi hosts whilst switching the network over from the build VLAN to their proper production one. For the most part the tool worked as advertised and never encountered any errors, on its side at least. However people were noticing something strange about the servers that were being configured using my tool, some were coming up with a “Local Area Network 2” and “vmxnet3 Ethernet Adapter #2” as their network connection. This was strange as I wasn’t adding in any new network cards anywhere and it wasn’t happening consistently. Frustrated I dove into my code looking for answers.

After a while I figured the only place that the error could be originating from was when I was changing the server over from the build VLAN to the production one. Here’s the code, which I got from performing the same action in the VIClient proxied through Onyx, that I used to make the change:

            NameValueCollection Filter = new NameValueCollection();
            Filter.Add("name", "^" + ServerName);
            VirtualMachine Guest = (VirtualMachine)Client.FindEntityView(typeof(VirtualMachine), null, Filter, null);
            VirtualMachineConfigInfo Info = Guest.Config;
            VirtualDevice NetworkCard = new VirtualDevice();
            int DeviceKey = 4000;
            foreach (VirtualDevice Device in Info.Hardware.Device)
            {
                String Identifier = Device.ToString();
                if (Identifier == "VMware.Vim.VirtualVmxnet3")
                {
                    DeviceKey = Device.Key;
                    NetworkCard = Device;
                    Console.WriteLine("INFO - Device key for network card found, ID: " + DeviceKey);
                }
            }
            VirtualVmxnet3 Card = (VirtualVmxnet3)NetworkCard;
            VirtualMachineConfigSpec Spec = new VirtualMachineConfigSpec();
            Spec.DeviceChange = new VirtualDeviceConfigSpec[1];
            Spec.DeviceChange[0] = new VirtualDeviceConfigSpec();
            Spec.DeviceChange[0].Operation = VirtualDeviceConfigSpecOperation.edit;
            Spec.DeviceChange[0].Device.Key = DeviceKey;
            Spec.DeviceChange[0].Device.DeviceInfo = new VMware.Vim.Description();
            Spec.DeviceChange[0].Device.DeviceInfo.Label = Card.DeviceInfo.Label;
            Spec.DeviceChange[0].Device.DeviceInfo.Summary = "Build";
            Spec.DeviceChange[0].Device.Backing = new VMware.Vim.VirtualEthernetCardNetworkBackingInfo();
            ((VirtualEthernetCardNetworkBackingInfo)Spec.DeviceChange[0].Device.Backing).DeviceName = "Production";
            ((VirtualEthernetCardNetworkBackingInfo)Spec.DeviceChange[0].Device.Backing).UseAutoDetect = false;
            ((VirtualEthernetCardNetworkBackingInfo)Spec.DeviceChange[0].Device.Backing).InPassthroughMode = false;
            Spec.DeviceChange[0].Device.Connectable = new VMware.Vim.VirtualDeviceConnectInfo();
            Spec.DeviceChange[0].Device.Connectable.StartConnected = Card.Connectable.StartConnected;
            Spec.DeviceChange[0].Device.Connectable.AllowGuestControl = Card.Connectable.AllowGuestControl;
            Spec.DeviceChange[0].Device.Connectable.Connected = Card.Connectable.Connected;
            Spec.DeviceChange[0].Device.Connectable.Status = Card.Connectable.Status;
            Spec.DeviceChange[0].Device.ControllerKey = NetworkCard.ControllerKey;
            Spec.DeviceChange[0].Device.UnitNumber = NetworkCard.UnitNumber;
            ((VirtualVmxnet3)Spec.DeviceChange[0].Device).AddressType = Card.AddressType;
            ((VirtualVmxnet3)Spec.DeviceChange[0].Device).MacAddress = Card.MacAddress;
            ((VirtualVmxnet3)Spec.DeviceChange[0].Device).WakeOnLanEnabled = Card.WakeOnLanEnabled;
            Guest.ReconfigVM_Task(Spec);

My first inclination was that I was getting the DeviceKey wrong which is why you see me iterating through all the devices to try and find it. After running this tool many times over though it seems that my initial idea of just using 4000 would work since they all had that same device key anyway (thanks to all being built in the same way). Now according to the VMware API documentation on this function nearly all of those parameters you see up there are optional and earlier revisions of the code included only enough to change the DeviceName to Production without the API throwing an error at me. Frustrated I added in all the required parameters only to be greeted by the dreaded #2 NIC upon reboot.

It wasn’t going well for me, I can tell you that.

After digging around in the API documentation for hours and fruitlessly searching the forums for someone who had had the same issue as me I went back to tweaking the code to see what I could come up with. I was basically passing all the information that I could back to it but the problem still persisted with certain virtual machines. It then occurred to me that I could in fact pass the network card back as a parameter and then only change the parts I wanted to. Additionally I found out where to get the current ChangeVersion of the VM’s configuration and when both of these combined I was able to change the network VLAN successfully without generating another NIC. The resultant code is below.

            VirtualVmxnet3 Card = (VirtualVmxnet3)NetworkCard;
            VirtualMachineConfigSpec Spec = new VirtualMachineConfigSpec();
            Spec.DeviceChange = new VirtualDeviceConfigSpec[1];
            Spec.ChangeVersion = Guest.Config.ChangeVersion;
            Spec.DeviceChange[0] = new VirtualDeviceConfigSpec();
            Spec.DeviceChange[0].Operation = VirtualDeviceConfigSpecOperation.edit;
            Spec.DeviceChange[0].Device = Card;
            ((VirtualEthernetCardNetworkBackingInfo)Spec.DeviceChange[0].Device.Backing).DeviceName = "Production";
            Guest.ReconfigVM_Task(Spec);

What gets me about this whole thing is that the VMware API says that all the other parameters are optional when its clear that there’s some unexpected behavior when they’re not supplied. Strange thing is if you check the network cards right after making this change they will appear to be fine, its only after reboot (and only on Windows hosts, I haven’t tested Linux) that these issues occur. Whether this is a fault of VMware, Microsoft or somewhere between the keyboard and chair is an exercise I’ll leave up to the reader but it does feel like there’s an issue with the VIM API. I’ll be bringing this up with our Technical Account Manager at our next meeting and I’ll post an update should I find anything out.

4G and The National Broadband Network: They’re not in Competition.

Telstra was a brilliant example of why natural monopolies should never be put in the hands of private share holders. Whilst the situation has improved quite dramatically over the past decade thanks to strict regulation and enhanced competition we’re still suffering a few headaches of not jumping on the broadband bus earlier than we should have. Still though the Australian government is being no slouch when it comes to charging forward into the future with the National Broadband Network which, if fully implemented, will see Australia able to count themselves amongst the top tier of Internet enabled nations. Still with the high cost and long implementation timeline many are looking at alternatives that can provide similar benefits, and the first place they turn to is wireless.

Today the issue was brought into the spotlight again as Telstra announced their plans to do a nation wide rollout of 4G LTE (Long Term Evolution) wireless broadband services. The comparisons to the NBN flowed thick and fast, with many questioning the benefits of having both:

Telstra will significantly upgrade its mobile network to take advantage of fast 4G technology that will allow users to obtain speeds similar to home broadband connections while on the go.

The announcement comes on the back of a government-commissioned report warning uptake to its $36 billion network could be stifled by wireless technologies.

Long time readers will know I’ve touched on this issue briefly in the past after having a few long conversations with fellow IT workers over the NBN. On a pure theoretical level 4G wins out simply because you get similar speeds without having to invest in a large scale fiber network and you get the speeds wherever you have coverage. The problem is whilst the 4G specification does make provisions for such high speeds there’s a lot of caveats around being able to deliver it at that level, and they’re not all just about signal strength.

Upgrading the current 3G network to support 4G is no small task in itself, requiring all towers to be upgraded with additional transceivers, antennas and supporting infrastructure. Whilst upgrading the towers themselves won’t be too difficult the real problem comes in when people start wanting to use this new connection to its fullest potential, attempting to get NBN speeds from their wireless broadband. This at the very least requires an infrastructure upgrade on the scale of Fiber to the Node (FTTN) as the bandwidth requirements will outstrip the current infrastructure if they are used as a replacement for the NBN. Most critics looking to replace the NBN with wireless neglect this fact and in the end not upgrading the backhauls from the towers means that whilst NBN speeds would be possible they’d never be realised in practice.

Wireless is also no replacement for fixed line as it is much harder to provide a guaranteed level of service, something businesses and government entities rely on. Sure many of the limitations can be worked around with good engineering but it will still lack the scalability of a fixed fiber solution that already has implementations in the multi-gigabit range. Wireless might make sense for some low use consumer products (I’d love to get my mobile videos faster) but the fact is that if you’re relying on your Internet connection for critical business functions you’re not going to be doing them over wireless. Heck I don’t think anyone in the 4G enabled parts of the USA is even attempting to do that.

In reality the NBN and Telstra’s 4G network shouldn’t really be seen as being in competition with each other, they’re really 2 completely different products. The NBN is providing the ground level infrastructure for an Internet revolution in Australia, something that will bring extremely high speed Internet access to the masses. 4G should be seen as an evolutionary step in the mobile sector, enabling much more rich Internet services to be delivered to our handsets whilst offering some of the capability of a fixed line when you’re on the go. The sooner everyone realizes this the better as playing them off each other is just a waste of time and won’t lead to anything positive for Australia as a nation.

Norton Internet Security 2011: My How Things Have Changed.

It’s been a long time since I used a Norton product. Way back when I had just started working for Dick Smith Electronics I can remember happily recommending their products to nearly every customer that walked through the door and rarely did I get any complaints back from them. That all changed when I moved onto actually fixing people’s computers where upon I discovered that Norton’s latest incarnation (then 2004) was actually worse than the problems it was trying to solve. So many times I’d fully clean up a PC only to have it bog down again when I put Norton back on so you can imagine my scepticism when I was approached to review their latest version, Norton Internet Security 2011. Still I thought that they couldn’t have continued on if their product range continued down the path they had all those years ago so I decided to give it a go to see how far (or not) they had come.

Still I wasn’t entirely ready to risk my main machine with this so I fired up a Windows 7 virtual machine on my server and began the installation process on it. Installing Norton took just under 10 minutes, including the time it took to download the updates. Interestingly the installer updated itself before attempting to install on my system which is definitely a welcome change from updating afterwards. Doing so before installation means that Norton should be capable of detecting threats that might try to subvert the installation process, if you’re trying to clean an already compromised system. Unfortunately before the install will complete you have to provide your registration key, meaning there’s no free trial should you want to give your friends the software to trial before they buy it. Still the retail copy allows you to protect up to 3 PCs for the one purchase, enough to cover most households. Part of the installation process will also ask if you want to participate in the Norton Community which I’d definitely recommend you do (more on this later).

The user interface is a worlds away from the Norton that I remembered. The main screen is very well laid out with all the needed features available right on the main screen, I rarely had to dig more than one or two layers deep to find a setting I was looking for. The map at the bottom of the screen shows the recent cyber crime incidents across the world (although how they define this is a bit of a mystery) and is pretty cool to watch as ticks slowly over the past 24 hours. By itself though it doesn’t really add much value for the regular user apart from possibly piquing their curiosity about the events.

At this point a regular user could close the program and leave it at that since everything else is taken care of automatically by Norton Internet Security. This was why I used to recommend Norton products to people as they required the least amount of intervention from users to ensure that they kept working as intended. For the super and power users however there’s a fair bit more value that can be unlocked if you want to go digging a little deeper into Norton Internet Security, as I’ll show you below.

Before I get into the guts of this program let me talk about the performance of this application. Talk to any long time Windows administrator and they’ll tell you that anti-virus programs can be some of the most performance degrading applications you can install on your PC. This isn’t through any fault of their own, more it’s because to provide the maximum level of security they have to be constantly active, ensuring they’re ready for any incoming threats. Norton used to be the worst of the lot in this regard often bringing top of the line equipment to its knees in order to keep it safe.

Norton Internet Security 2011 however has progressed quite significantly since my encounters with its previous incarnations. Keen readers would’ve noticed that the main screen of Norton had a Performance link on it which reveals the screen shown above. The period shown before the two large spikes was completely idle and you can see that Norton does a good job of keeping its resource usage low during these periods. The two large spikes are from me performing a scan across about 600GB of data and doing that will use up most of your available system resources whilst the scan is running its course. This isn’t unique to Norton however and the scanning itself was quite quick, taking just under an hour to complete. The System Insight section provides an overview of what has been happening on your system over the past month. For an administrator like me such information can be quite valuable especially when trying to diagnose when some problem may have originated.

The meat of any AV program however is in its ability to catch potential problems before they can do any harm, which Norton Internet Security seems quite capable of doing.

The EICAR file is a virus test file designed to trigger any AV product. Upon downloading it I was greeted with a little pop up in my browser that said it was scanning the file for viruses and not too long after I was presented with this. As you can see not only does Norton identify the file and remove it before it has a chance to inflict any damage it also provides a wealth of information about the potential threat it removed from your system. This is where the power of the Norton Community comes in as it provides you with some idea about how widespread a threat might be and what it might do to your system if it was infiltrated. This kind of information is great for empowering users making them aware of what’s happening and hopefully educating them to avoid such things in the future. Most users probably won’t take advantage of this but it’s still quite useful for power users or system administrators.

The feature even extends to running processes which becomes quite handy for something you might be suspicious of but aren’t quite sure about. Again this kind of information might not be particularly useful to the user directly but it could prove quite valuable to administrators or super users attempting to troubleshoot issues.

The second feature set is the network protection section which encompasses two interesting features: Vulnerability Protection and the Network Security Map.

Vulnerability protection is an interesting idea. In essence Norton Internet Security can protect against flaws in particular programs, preventing the exploit from working. Whilst the vast majority of these exploits have been patched not all users are rigorous with their updates and Norton can help cover the gap for them. Additionally this also allows Norton to respond to threats quite quickly, nullifying their effects whilst the software vendors work on releasing a patch. Since there’s usually a month between patch cycles this feature goes a long way to securing a user against imminent threats that they might not even be aware of.

The network security map gives you a broad overview of the network you’re on and the other devices connected to it. This kind of thing can be helpful for users who are on public internet connections and want to be sure that their safe. Whilst this can’t detect any of the advanced threats (like a compromised access point running a man in the middle attack) it does give the users some much needed guidance on when they should and shouldn’t be doing things over a public connection. The information on other hosts is interesting too as its basically an IP and port scanner. Normal users probably won’t care about the information contained in here but after the hassle I went through to spoof a MAC address for free wifi in Los Angeles this kind of thing is quite valuable (if for all the wrong reasons ;)).

Lastly there’s the Web Protection section which contains an identity safe, credit card store and a parental controls section. Whilst there are already many password saving solutions out there the fact that Norton includes one is a good step towards improving a user’s security. Using a password store means that should you be compromised with a keylogger a malicious attacker won’t be able to get ahold of your passwords when you type them in. Sure there’s the possibility they’ll crack the store but it’s another layer of security that can help reduce the impact of a compromised system. The same can be said for the credit card store as whilst credit card details are one of the few things you don’t want to store anywhere on your computer the use of this store provides similar benefits to that of the password safe.

I didn’t get into the parental controls section much as it was very much geared towards fretting parents who require fine grained control over their child’s online experience. It provides all the useful goodies of being able to see what you’re kids are doing online and creating rule sets for browsing but probably the most useful part of it would be the online resources for educating children on safe web behaviour. Personally I’m a fan of keeping the PCs in a communal area and being an active online participant yourself instead of trying to approach the problem at arms length with tools like this. Still it wouldn’t be in the product if the users hadn’t been begging for it so I’m sure many users will appreciate its inclusion.

To be honest I went into this review with a great deal of scepticism, thinking that Norton wouldn’t have changed their sinful ways despite their continued existence. I’m glad to say that my experience with their latest product, Norton Internet Security 2011, changed all that and they’ve delivered a program I wouldn’t hesitate to recommend and use myself. Harnessing the power of their large user base in order to empower them with the information they gather is an excellent way to improve security and for power users like me it’s something that will give me just that little bit of an edge when dealing with unknown issues. Before I reviewed this product I didn’t think I’d need to pay for anti-virus ever again as things like Microsoft Security Essentials covered all the required functionality. Now however I can now see the vast difference between a paid product like this and their free cousins and I couldn’t bring myself to say that buying Norton Internet Security would be money wasted any more. If you’re looking for a paid anti-virus product with a wealth of features you wouldn’t go wrong with Norton Internet Security 2011.

Norton Internet Security 2011 is available from most software stores and online for AU$69.99. A copy of this software was provided to me free of charge for the purposes of reviewing it. All testing was conducted on a Windows 7 virtual machine running on VMware ESXi with 2 vCPUs, 2GB RAM and a 40GB HDD.