When It Comes to Computer Networks, Trust No One and No Thing

By: John Shepler

Network security is a major headache for business. It almost makes one long for the days of one computer per desk and nothing connected to anything else.

Almost. Those air-gapped computers weren’t all that secure either. Sneaker networks, meaning running around with floppy discs, allowed malware to spread and sensitive files to be copied. It’s just that today’s networks with LANs, local data centers, multi-clouds, and the Internet make it really hard to know who’s sneaking in where and what they are up to.

One breach in a corporate network can run up a cost in the millions. If ransomware is involved, the bill can be a lot higher… and a lot more disruptive. What can you do? Don’t be so trustful. Make sure your system is suspicious of everybody and everything all the time. The buzzword for that is “zero trust security.”

What is Zero Trust and How is it Different?
Traditional network security is sometimes compared to a castle with a moat. The castle is your corporate network. Everybody inside the castle is considered to be friendly and trustworthy. Everybody beyond that moat is suspected to be an enemy. The drawbridge is your firewall. It works to keep the bad actors away from the castle while allowing trustworthy visitors access. It assumes that everything bad is going to come through the Internet.

There are a couple of weak links with this approach. First is that some bad actors can already be inside the castle. There are spies and infiltrators and even trusted employees that have turned rogue. Of course we want to trust our colleagues, and that’s how we get in trouble. Even worse when we automatically trust our vendors and customers.

Then there is the famous tale of the Trojan Horse. Gee, it sure looks safe enough. Let’s open the firewall and bring it in. You can just imagine some well-meaning but naive individual in your company doing just that. Of course the gullible Trojans got the worst of that deal since once the Greeks were inside they had the run of the city.

Moral of the story: It’s too easy to have your organization destroyed by one little misstep. Trust no one and no thing. Network security is not an insult to your integrity. It’s a way to make everyone more secure and prevent little slips from becoming major disasters. That means high security processes both inside and outside the network.

What Makes Zero Trust Work?
It starts with having everybody and every thing, meaning anything attached to the network, prove that it is approved for access and what they are approved for. You can’t really say that because someone has been cleared by, say, logging-on, that they should be able to access all the files and every peripheral on the net.

Oh, no. You must have a need to know for everything you want to access. That leads to segmenting the network into much small pieces that each have to be accessed separately. You may have access to one set of information to be able to do your job, but no way are you getting into some of the companies trade secrets or even financial data. Access to HR files? Fat chance… unless you are specifically authorized to see them.

Each use and each device will have a profile constructed that says what they can do and where they can do it. These lists will be used by the network administration to grant or refuse access. You may find that your access times out and you have to log in again to keep using a particular resource. Multi-Factor Authentication, like password plus a code sent to a mobile phone or a hardware key that must be plugged-in, is especially valuable for access through the Internet or to highly sensitive data.

Zero Trust Security does take some doing to implement and maintain, but it can also be the means that keeps hackers and scammers of all sorts from stealing your information or damaging your systems. Are you feeling vulnerable? Learn more about how to secure and safeguard your network and get a complementary quote appropriate for your business.

Gigabit and 10 Gigabit Metro Fiber Ethernet

By: John Shepler

Have you ever wished that you could stretch your LAN to cover other locations around the block or around an entire city and suburbs? You can. Best of all, you don’t have to do it personally. A Metro Fiber Ethernet connection will plug into your LAN at one location and plug into your LAN at another location.

The Problem Connecting Multiple LANs
Most all private networks are now Ethernet LANs or Local Area Networks. Within your realm, you have complete control. You string the cabling. You provide the switches and routers. You hook up the user equipment. You manage the entire network operations.

It doesn’t matter what the company next door or across town is doing. They won’t be bothering your network. They have their own to serve their employees.

This is all well and good until you get another location that is not on your campus. What are you going to do to tie them together? You could go into the business of pulling a fiber bundle across town. Just get the rights of way, bring in the trenching equipment and get to work. It keeps you in control, but it gets really expensive really fast. It also takes forever and may be blocked by city organizations that just don’t want you doing it.

The Internet Will Interconnect Your Locations… Sort of
Hey, the Internet is available. It goes everywhere. You probably have service at each of your locations already. Why not simply exchange files and route phone calls over the Internet?

Actually, this works after a fashion. You can connect anything to anything over the Internet. However, you need to be mindful about how you do this or you’ll find out it is nowhere near the expectation of a transparent line connection.

The Internet is so available and so cheap because of scale. It does connect everybody to everybody else, and they are all on one big party line. No way do you have any say over priority of traffic or who is accessing that traffic. It’s a big happy family and everybody potentially has their nose in everybody’s business.

There are ways to make this work better. First, get dedicated access. No, you won’t have a private connection through the Internet, but you can order a private line to the Internet. That helps greatly with keeping your service consistent.

Also, make sure you encrypt the daylights out of anything you send through a public network. If not, you are just asking for eavesdroppers to lick their chops as they read through all your sensitive documents or tap into your phone calls and video conferences.

To really make the Internet seem like your private lane, take a look into SD-WAN, or Software Defined Wide Area Networking. This is a technique of combining multiple internet connections of different types, such as wireless, fiber, copper, and cable, using software to pick the best path for each packet despite constantly changing network conditions. It sets priorities and knows that data backups take a back seat to interactive cloud services.

Better Yet, Go Private
Now we’re getting to Metro Fiber Ethernet. It’s a service provided by a commercial carrier but not part of the Internet. You get a LAN to LAN connection between your locations. You can set it up as point to point, like a direct line. You can also set it up as multipoint to multipoint for any number of locations in the area. They’ll all be on that one big LAN. Another flavor of this service is a direct to cloud connection that connects you to your cloud service provider through a local data center.

Sometimes the Metro designation is a bit limiting. You need to connect to cloud services or branch offices in another city, state or even country. Many fiber optic network providers have connections that go far beyond your city and may have interconnections with other networks to extend the reach across International borders.

You can also contract with a private service provider called an MPLS or Multi Protocol Label Switching network. These are wide area service providers that are privately owned and not accessible by the general public. They will guarantee performance and connect your far flung empire with low latency and high bandwidth. Security is enchanted because this type of network has its own protocol that differs from what runs on the Internet.

Do you have a need to interconnect business locations with speed, reliability and privacy? Gigabit and 10 Gigabit Metro Fiber Ethernet might be just what you need at a reasonable cost. For even higher performance 100 Gbps bandwidth are also supported in key metro areas.

Are T1 Lines Obsolete?

By: John Shepler

Have you been using a T1 line for years, perhaps decades? Yes, they’ve been around that long. At the dawn of the Internet, a T1 line offered business a solid, reliable, high bandwidth connection that made dial-up phone line modems look glacially slow. Nowadays similarly priced bandwidth options make those venerable T1 lines seem equally pokey. So, are T1 lines still a good business solution or in their twilight years?

The T1 Story
T1 lines are a product of Bell Labs, which created them to serve the telephone industry. The idea was to replace 24 analog phone lines with two pair that carried a digital multiplex of all the phone calls. There were two advantages, It saved copper wiring and reduced background noise. That was especially true for long distance calls that used analog multiplexing to send multiple calls over a single line. If you remember the switchover from analog to digital toll calls, it seemed almost eerie to no longer hear hiss and garbled conversations during your phone conversations.

T1 lines got a an additional use when they were released to business for Internet access. A protocol conversion interface on each end took care of the translation between synchronized phone channels and Ethernet packets. Businesses only knew they had a highly reliable 1.5 Mbps always-on Internet connection. In the late 1990’s and into the first decade of the 2000’s, that 1.5 Mbps was speedy bandwidth.

A variation of T1 lines, called ISDN PRI, still used T1 for multiple phone lines to corporate PBX phone systems. T1 has been a mainstay of phone and FAX communications for businesses since.

The T1 Twilight Years
Two factors are driving T1 lines into retirement. The first is the need for much higher bandwidths. You might have increased your bandwidth in 1.5 Mbps increments by bonding additional T1 lines to make one larger pipe. There is no economy of scale. Three T1s cost three times the price of one line. It's also hard to get above 10 Mbps with this approach.

Today, we think in terms of hundreds of Mbps and 1 to 100 Gbps as the right level of broadband to support cloud services. That means fiber optic rather than copper based line services. T1 is relegated to smaller business applications such as credit card verification, security alarms, multi-line phone systems and email service. Even so, with the increasing availability of fixed wireless access and fiber optic service, prices on the newer technologies are coming down and T1 isn’t becoming more affordable.

The second factor is the local telephone companies that own the twisted pair copper connections needed to bring in T1 lines. The telcos themselves are switching out copper in favor of fiber and chosing to abandon their copper assets. In some larger cities, copper lines are pulled out of conduits so that fiber cables can take their place.

Even smaller businesses are shunning older telco tech such as DSL and T1 in favor of very low cost broadband and telephone from their Cable providers. The newer DOCSIS modems can support gigabit level broadband delivered over traditional coaxial cable.

Are T1 Lines Still Used?
In some areas T1 lines are still being sold and provisioned. They can be especially valuable in rural areas where fiber, cellular and cable services haven’t yet reached. Some businesses may choose to keep their existing phone systems and FAX machines which are supported by the T1 protocol. A T1 line for these applications and fiber or cable for broadband can make a nice combined solution.

The issue is how long T1 service will still be offered. It’s really a question of time. At some point you may find that new T1 lines can’t be ordered and eventually you may get a letter saying that your T1 service will not be renewed. At that point there is no choice but to move on. Cellular 4G LTE modems designed for business can take over many T1 functions where available. Most companies will be switching to fiber optic connections and cloud based phone and FAX solutions.

What is Best For Your Company?
Business grade fiber optic services are now priced much lower on a per Mbps basis than T1, DS3 and other legacy telco services. Fixed wireless using 4G LTE or 5G can be installed quickly and offer higher bandwidths. Gigabit cable broadband is also a great option for many applications. Find out now what bandwidth services are available for your business location so you can make the best decision for your needs.

How Managed SD-WAN Can Help Your Business

By: John Shepler

Digital transformation is a wonderful thing for business… until you run into snags trying to implement it. One of those unanticipated snags is the need for WAN bandwidth connections far beyond what you ever thought you’d need. You can slug it out trying to make everything work and not break the bank. Or, you can enlist the help of managed SD-WAN to make your connectivity something you don’t even think about anymore.

How Did Connectivity Get to Be Such a Big Deal?
Chances are that when your business was primarily bricks and mortar, you installed a broadband connection for when you needed to access the Internet and that was plenty good enough. It works for point of sale. It works for online ordering. It’s even good enough for a brochure-style web site so that potential customers can easily find you.

Then the transformation began. First it was VoIP phone to replace the old analog landlines. Then came online ordering for both you and your customers, followed by automatic restocking, customer relationship management, financial and tax accounting in the cloud, lead generation, online advertising management, factory planning and on, and on and on. Under the weight of too many software packages to keep track of, eventually some these processes relocated to cloud servers, with some still in your local data center.

That good old broadband service that got you started with the Internet is no longer satisfactory. Even upping the speed as much as you can still doesn’t make it work right. Phone calls get garbled, but not all the time. Workflow slows to a crawl, but not all the time. This inconsistency is driving everybody crazy. You never know when things will zip along seamlessly or when it will all slow to a crawl for a few seconds or a few minutes or the entire afternoon. You need better and you can get it.

The Expensive Solution: Build Your Own WAN Network
You can avoid many of the vagaries of the Internet, especially on shared broadband connections, by building a private network for your operations. This means getting everything off the Internet that you can. All connections to branch offices, warehouses, factories, and any cloud providers can be made with dedicated private lines. As you might expect, each line costs plenty and you’ll need lots of them.

MPLS networks with guaranteed performance levels can reduce the cost when operations are spread over long distances. MPLS is a privately run Wide Area Network with a special protocol that makes it more secure than the Internet. The general public also has no access. It’s business subscribers only and they are only admitted if the network can handle the traffic. For multiple locations, MPLS is less expensive than private lines, but still pricey.

Managed SD-WAN Is More Cost Efficient
SD-WAN stands for Software Defined Wide Area Networking. The software defined aspect is where the savings come from. The managed aspect takes the burden of running all of it off your back. If done correctly, Managed SD-WAN makes your connectivity invisible. You don’t have to worry about it. It just works.

Here’s briefly how SD-WAN does its magic. The trick is to use the least cost connections that will get the job done, but make sure that quality doesn’t suffer. Take the Internet. The least costly connections are shared bandwidth, like cable broadband and wireless, but these are also the most likely to get congested and vary in performance. The most costly are dedicated private lines, but these may be wasted on low priority traffic that doesn’t need low latency and jitter and isn’t bothered by a bit of congestion. If you aren’t using a private line, it’s just idling and you are paying for it anyway.

SD-WAN needs at least two connections in order to make traffic decisions. These can be a mix of cable broadband, Ethernet fiber optic WAN, fixed wireless access, satellite broadband, LTE or 5G cellular, MPLS network and even older wireline services such as T1, PRI or DS3.

What SD-WAN does is continuously monitor each connection’s performance so that it knows the available bandwidth, latency, jitter, and packet loss on a moment by moment basis. When you have traffic in the form of packets, it notes the quality of service you require and then picks the best connection for those packets. Phone conversations and video conferences need very stable connections to work well, so they get a higher priority and QOS requirement. Backups to off-side storage aren’t so demanding and can live with a lower quality link. Other processes are assigned to the right connections for their needs.

Better Performance, Less Cost, Fewer Headaches
Managed SD-WAN is handled by your provider so that you don’t have to worry about day to day connectivity issues. You add locations or policies as you need to. The supplier figures out how to program the system to make everything work. It’s all transparent to you and the cost is considerably lower than trying to optimize a morass of connections yourself.

Are you frustrated with your current connections enough to want an easier and more reliable solution? If so, get a competitive quote for your needs by one or more SD-WAN providers and see if they can save you money and improve performance at the same time.

10 Gbps Dedicated Internet Access Availability

By: John Shepler

Once considered a massive bandwidth suitable only for carriers, 10 Gbps is rapidly becoming the in-demand connectivity for businesses, municipalities, medical centers, content providers, and e-commerce. But is this bandwidth level readily available at a reasonable price? Indeed, it is.

Where is 10 Gbps Dedicated Internet Available?
Most municipalities have 10 Gig Ethernet readily available because of the rapid deployment of fiber optic infrastructure. Fiber is necessary to provide the bandwidth to support 4G LTE and 5G cell towers, replacing legacy T1 copper lines. Fiber is also at the heart of cable systems even though the connection to the cable modem is still coaxial copper. Cities are now installing fiber infrastructure as a utility to serve all homes and businesses.

Once you have fiber optic cables, getting Gigabit and 10 Gigabit broadband is a piece of cake. Each strand can transport 10 Gbps with only one channel. Those same strands can be set up to use multiple wavelengths to carry numerous Gigabit and 10 Gigabit services. A fiber cable can bundle a few to over a hundred fiber strands. Rest assured, there is plenty of 10 Gbps capacity to go around.

What 10 Gbps Options Are Available?
The universal service in demand is Dedicated Internet Access. Dedicated means that your connection to the Internet carries only your traffic. Any capacity that you aren’t using at the moment is idle and available. There is no competition with other companies sharing your line.

Dedicated Internet Access gives you the best consistency and lowest latency way to access the core of the Internet. This is important if your company has remote servers in the cloud or colocation hosting. It’s also key if you are doing business over the Internet and want your customers to have the best online experience.

There are also 10 Gbps private lines that connect point to point between your business locations or from your company to your cloud service provider. This is a step above using the Internet for access. Private lines give you the lowest latency and least congestion. Having a dedicated private line makes your servers seem like they are right down the hall even if they are on the other side of the country.

Cable broadband is now offering a shared bandwidth service that enables 10 Gbps in the download direction using DOCSIS 3.1 and will offer 10 Gbps symmetrical service with DOCSIS 4.0. By sharing Internet access with other users, you can save a significant amount of money, but with the vagaries of varying bandwidth and congestion.

How about wireless? In some metro areas, microwave wireless broadband can give you bandwidths as high as 10 Gbps with no wired connections. Service can be installed rapidly, sometimes within a matter of days or a week.

What About Pricing?
Fiber optic service prices used to be sky high, but that has changed in recent years due to intense competition among service providers and the economies of scale that come from having so many more customers using high bandwidths. If you haven’t checked 10 Gbps prices lately, you owe it to yourself to get a set of current quotes from multiple providers. Yes, there are likely several carriers that can meet your needs right now.