Distributed Data Centers

August 28th, 2008 by Mitja Robas

Are you building a backup data center (BDC) and experiencing headaches due to the related expenses? Or perhaps you already have a BDC and want to reduce the operational expenses?

One way to cut expenses is to look at the second data center as the active data center, and utilize its resources by deploying a distributed data center. The benefits are clear:

  • reduced expenses per resource utilization
  • load distribution (and thus scalable performance) among data center resources
  • high availability of applications and data access for any user
  • improved client response time due to client proximity, etc.

Read the rest of this entry »

New IINS 1.0 Remote Labs!

August 27th, 2008 by Bojana Stucin

In addition to providing IINS classroom training, NIL offers the ability to test various aspects of security remotely on real equipment. With no extra costs and concerns about equipment, you simply order IINS remote labs and practice the task-oriented exercises to extend your Cisco IOS network security knowledge. Available for ILT and token users.

View more information on NIL Remote Labs.

View NIL Remote Labs portfolio.

New CVOICE 6.0 Remote Labs!

August 26th, 2008 by Bojana Stucin

Have to deliver a Cisco Voice over IP (CVOICE) 6.0 course, but missing hands-on labs? NIL CVOICE 6.0 Remote Labs support your instructor-led training! Course labs consist of comprehensive, task-oriented exercises. Individual startup configurations ensure that students concentrate on the current task; no errors are left behind from previous exercises. Remote Labs provide a fully remote solution - the only classroom equipment you need is student PCs with an Internet connection. With the easy accessibility of NIL CVOICE 6.0 Remote Labs, your Cisco Voice over IP 6.0 class can start today!

See also other NIL Remote Labs for ILT users available for classroom training support.

Learning Practices Change, But Learning Principles Remain

August 21st, 2008 by Marjan Bradesko

Remote labs. Google. Wikis and other Web 2.0 tools. That is how we practice and learn today. All the activities are performed outside of our production network - one of the many benefits of remote labs. We configure devices, progress through exercises, monitor and compare the effects of our actions with information in the lab guide. Curious, we try things that we are not told to do. When observing things that we do not completely understand (maybe in the command output), we consult the almighty web - go to Google, and check wikis, forums, blogs - and join communities. We try all the second-generation Internet tools that are available.

But is this principle of learning new? Not at all. Only the medium has changed since the days when I had to learn something practical. Let me share my instructor story from the last decade of the previous millennium. No, I am not »ancient history«, but the story is about legacy - a legacy technology called IBM Systems Network Architecture (SNA). This great technology influenced several IT principles we use today. I had to teach a Cisco SNA course for multiprotocol administrators - who, in addition to IP, needed to master some »obscure« protocols. I had to teach the course for the first time, in a foreign language, far away from my home country, to an unknown audience. I attended the course in March, passed the exam in April, and had to teach the course in the second week of May. Tough schedule. There were several labs in the course, hundreds of acronyms, thousands of lines of strange output from routers….

Read the rest of this entry »

Book review: Deploying Cisco Wide Area Application Services

August 18th, 2008 by Ivan Pepelnjak

Majority of the network performance issues would never occur if someone would force the application developers to use their own solutions across a slow-speed high-delay wide area connection. But since they’re allowed to work in high-speed LAN environments, we’re stuck with inefficient transport protocols, file sharing solutions, software distribution methods or applications.

The Wide Area Application Services (WAAS) from Cisco is a solution that is (when deployed correctly) transparent to the applications, but it still needs lots of cooperation from other network elements to work properly. The Deploying Cisco Wide Area Application Services book by Cisco Press is a perfect source of design and deployment knowledge you need if you want to introduce WAAS into your network. The authors introduce the concept of WAAS, various hardware models (with the focus on where each model could fit into a large network) and a variety of design options. Individual chapters cover the planning/analysis, network integration and network management phases, both for the basic WAAS deployment as well as for advanced WAN optimization and CIFS acceleration. The most valuable part of the book are the integration chapters, which present various non-redundant or redundant design options for branch offices and data centers, including complete device configurations. After reading these chapters, I’m positive you’ll be able to select the best integration method for your network, design the WAAS integration and deploy the solution.

Unfortunately, the book skips the dirty details that come after the successful deployment. There’s almost no information on monitoring and troubleshooting and the configuration sections are biased toward GUI interface (for example, the CLI configuration commands needed to configure user authentication on WAAS devices are not covered anywhere in the book), but to be fair, the cover text (”Design and deploy Cisco WAN optimization and application acceleration solutions”) gives you a very honest insight in what you’ll get from the book. Since every successful network deployment project starts with good planning, analysis and design phases, this is without doubt the first book you need to have before you start thinking about deploying WAAS in your network.

Find out more about WAAS.

A Quick Comparison of DDC Site-Selection Methods

August 12th, 2008 by Mitja Robas

When setting up a distributed data center (DDC), the architect has to decide which method will be used for site selection to distribute client traffic between the sites. The distribution is done using global server load balancing (GSLB), typically via HTTP redirect, DNS-based site selection or route health injection (RHI) combined with L3 routing.

What are the advantages of each method?
HTTP redirect:

  • independent of any GSLB devices or mechanisms
  • offers persistence to the selected site by default
  • can be complemented with any other method for more sophisticated site selection

Read the rest of this entry »

PKI Hell, Part 3: Non-global PKIs and Some PKI Humor

August 7th, 2008 by Jan Bervar

In parts 1 and 2 of this series I bashed some aspects of the current state of real-life PKI implementations, the “global PKI,” and the use of self-signed certificates. What we have left are PKIs that are not global, nor do they use self-signed certificates. I am talking about private PKIs and public PKIs that are not part of the “global PKI” (i.e., their CAs’ public keys are not embedded in your OS or browser).

Such PKIs are typically used in the following ways:

  • Internally by companies (often to chase the Holy Grail of single sign-on). For instance, NIL uses a single private PKI for Lotus Notes, internal web servers, remote-access VPN, wireless and LAN 802.1x authentication.
  • Externally by companies to provide a key management service for externally facing applications (extranets, electronic banking, and so on).
  • Offered as a managed PKI service that is not part of the “global PKI” (i.e., “untrusted roots”).

Read the rest of this entry »

The impact of consolidation on WAN

August 5th, 2008 by Mitja Robas

Remember the early data centers that used proprietary protocols and platforms? Since those days, data centers have evolved to a decentralized architecture. But “retro” is in, and data centers are evolving to a centralized architecture again.

Seriously, data centers are being re-centralized to consolidate computing resources (namely, servers). Consolidating data center resources brings the following benefits:

  • Server virtualization is possible.
  • Performance can be scaled more easily.
  • High availability is easier to achieve.
  • Operational manageability presents less overhead to administrators.
  • Duplication of resources can be eliminated.
  • Expenses are reduced.

Read the rest of this entry »

Designing Site-to-Site IPsec VPNs

August 1st, 2008 by Mojca Parkelj

When designing a network solution, we often are faced with a myriad of parameters that influence the design process and the selection of the final solution. A network designer ideally would want to control as many parameters as possible apart from the business requirements, which is the basic set of requirements that guide us to the right solution. In this IP Corner article, Boštjan Šuštar, the Internetworking Expert at NIL Data Communications, describes how to design a network solution for an IPsec-based site-to-site virtual private network (VPN) by using crypto maps.

This is the first in a series of articles describing various methods of implementing IPsec in Cisco IOS.

View article

More NIL IP Corner articles

IT is not meant to work like this

July 30th, 2008 by Milan Jelicic

Every time someone sends email to our Remote Lab Support alias, a trouble ticket is opened in our issue tracking system and an engineer is notified so that we can try to resolve the problem as soon as possible. Sometimes we find the resolution so fast that it surprises our users! Darren, who recently got stuck while using our Remote Labs, sent us the following message after we resolved his problem:

Well,

I have to say im disappointed.

a) Your reply worked
b) You replied in under an hour
c) NIL labs continue to be of great assistance to my learning

IT is not meant to work like this! It all feels strange……

Cheers

Happy to disappoint you, Darren! Seriously, we are always glad to hear that the service we provide is helping our users. Thanks for letting us know!