This approach federate the data centers of both the enterprise customer and cloud service provider so that all compute, storage, and networking assets are treated as a single, virtual pool with optimal placement, migration, and interconnection of workloads and associated storage. This "data center without walls" architecture gives IT tremendous operational flexibility and agility to better respond and support business initiatives by transparently using both in-house and cloud-based resources. In fact, internal studies show that IT can experience resource efficiency gains of 35 percent over isolated provider data center architectures.

However, this architecture is not without its challenges. The migration of workload between enterprise and public cloud creates traffic between the two, as well as between clusters of provider data centers. In addition, transactional loads and demands placed on the backbone network, including self-service customer application operations (application creation, re-sizing, or deletion in the cloud) and specific provider administrative operations can cause variability and unpredictability to traffic volumes and patterns. To accommodate this variability in traffic, providers normally would have to over-provision the backbone to handle the sum of these peaks — an inefficient and costly approach.

Getting to Performance-on-Demand

In the future, rather than over-provisioning, service providers will employ intelligent networks that can be programmed to allocate bandwidth from a shared pool of resources where and when it is needed. This software-defined network (SDN) framework consists of virtualizing the infrastructure layer — the transport and switching network elements; a network control layer (or SDN controller) — the software that configures the infrastructure layer to accommodate service demands; and the application layer — the service-creation/delivery software that drives the required network connectivity — e.g. the cloud orchestrator.

SDN enables cloud services to benefit from performance-on-demand

The logically-centralized control layer software is the lynchpin to providing orchestrated performance-on-demand. This configuration allows the orchestrator to request allocation of those resources without needing to understand the complexity of the underlying network.

For example, the orchestrator may simply request a connection between specified hosts in two different data centers to handle the transfer of 1 TB with a minimum flow rate of 1 Gb/s and packet delivery ratio of 99.9999% to begin between the hours of 1:00 a.m. and 4:00 a.m. The SDN controller first verifies the request against its policy database, performs path computation to find the best resources for the request, and orchestrates the provisioning of those resources. It subsequently notifies the cloud orchestrator so that the orchestrator may initiate the inter-data center transaction.

The benefits to this approach include cost savings and operational efficiencies. Delivering performance-on-demand in this way can reduce cloud backbone capacity requirements by up to 50 percent compared to over-provisioning, while automation simplifies planning and operational practices, and reduces the costs associated with these tasks.

The network control and cloud application layers also can work hand-in-hand to optimize the service ecosystem as a whole. The network control layer has sight of the entire landscape of all existing connections, anticipated connections, and unallocated resources, making it more likely to find a viable path if one is possible — even if nodes or links are congested along the shortest route.

The cloud orchestrator can automatically respond to inter-data center workload requirements. Based on policy and bandwidth schedules, the orchestrator works with the control layer to connect destination data centers and schedule transactions to maximize the performance of the cloud service. Through communication with the network control layer, it can select the best combination of connection profile, time window and cost.

Summary

Whether built with SDN or other technologies, an intelligent network can transform a facilities-only architecture into a fluid workload orchestration workflow system, and a scalable and intelligent network can offer performance-on-demand for assigning network quality and bandwidth per application.

This intelligent network is the key ingredient to enable enterprises to inter-connect data centers with application-driven programmability, enhanced performance and at the optimal cost.

Written by Jim Morin, Product Line Director, Managed Services & Enterprise at Ciena

Read full story: NPR

"Netflix has more than 36 million subscribers. They watch about 4 billion hours of programs every quarter on more than 1,000 different devices. To meet this demand, the company uses specialized video servers scattered around the world. When a subscriber clicks on a movie to stream, Netflix determines within a split second which server containing that movie is closest to the user, then picks from dozens of versions of the video file, depending on the device the viewer is using. At company headquarters in Los Gatos, Calif., teams of mathematicians and designers study what people watch and build algorithms and interfaces to present them with the collection of videos that will keep them watching."

I suspect at the end of the day the US government will approve the pipeline as GDP growth and potential job losses will always trump concerns over the environment.

However, the US government has been putting on a lot pressure on Alberta to improve its environmental standards as a quid pro quo for approving the pipeline. In response Alberta is exploring expanding their current CO2 emissions program to a $40/tonne carbon levy. In the past, all of the funds raised by Alberta's carbon emissions program was returned to industry to invest in dubious energy efficiency programs. But Alberta could really have a much more meaningful impact in terms of reducing CO2 emissions, that would more than compensate the emissions from the oil carried in the Keystone XL pipeline, if it invested some of this money into its local universities and R&E network — Cybera.

Although on the production side the tar sands are one of the biggest sources of CO2 emissions, the Information and Communication Technologies (ICT) industry, globally is the fastest growing and soon will be the largest source of CO2 emissions on the consumption side of the equation. ICT emissions are produced indirectly from the coal generated electricity that is used to power all of our devices. Currently it is estimated that ICT consumes around 10% all electrical power growing at about 6-10% per year. According to the OECD and other studies ICT equipment in our home now consumes more energy than traditional appliances.

New studies suggest that the growth in wireless networks could be the single largest component of that growth in CO2 emissions from the ICT sector. In a recent report by the Centre for Energy-Efficient Communications, at the University of Melbourne-based research centre claimed that by 2015, the energy used to run data centres will be a "drop in the ocean", compared to the wireless networks used to access cloud services. The report predicts that by 2015 energy consumption associated with 'wireless cloud' will reach 43 terawatt-hours, compared to 9.2 terawatt-hours in 2012. This is an increase in carbon footprint from 6 megatonnes of CO2 in 2012, up to 30 megatonnes of CO2 in 2015, which is the equivalent of an additional 4.9 million cars on the road, the report states.

More worrisome is another report from Sweden KTH that predicts will need to increase the density of wireless base stations by 1000 times to meet the insatiable demand for the "wireless cloud". If this came to fruition, it would be incredibly huge jump in the demand of electricity by the ICT sector.

The wireless industry in particular is an ideal sector to be powered by local renewable energy sources such as solar panels and windmills. Already many wireless towers in the developing world are powered by renewable energy (but unfortunately often with diesel backup). Because of it is inherently distributed, lower power architecture the wireless industry is ideally suited to be powered by local renewable energy.

I have long advocated that universities and R&E networks are the ideal environment for deploying wireless networks that are powered solely by local renewable power sources. By integrating WIfI and 4G networks with multiple over lapping cells it would be possible to provide seamless service zero carbon wireless services.

For more details see:

High Level Architecture for Building Zero Carbon Internet Networks , ICT products and services

Alberta could be a world leader in deploying such zero carbon networks starting first at universities in partnership with Cybera. The global CO2 impact of developing such technology in terms of removing additional 4.9 million cars from the road would be much greater than expected emissions from the oil to be carried in the proposed Keystone XL pipeline

Additional pointers:

Cloud's real ecological timebomb: Wireless, not data centres

Thousand times greater density of base stations
J. Zander, P. Mähönen, "Riding the Data Tsunami in the Cloud – Myths and Challenges in Future Wireless Access", IEEE Communications Magazine, Vol 51, Issue: 3 (March 2013), pages 145-151 http://theunwiredpeople.com/author/jenz/

Solar powered WiFi allows control of bugs instead of using pesticides

ICT industry on track to be largest sector for CO 2 emissions

Solar Powered DIY Portable HotSpot

More on revenue opportunities for R&E and open access networks – building next generation "5G" wireless network

Written by Bill St. Arnaud , Green IT Networking Consultant

Al Iverson over at Spamresource has a great round-up of the news, if you haven't managed to catch the news, go check it out, then come on back, we'll wait ...

Of course, bad guys are always mad at Spamhaus, and so they had a pretty robust set-up to begin with, but whoever was behind this attack was able to muster some huge resources, heretofore never seen in intensity, and it had some impact, on the Spamhaus website, and to a limited degree, on the behind-the-scenes services that Spamhaus uses to distribute their data to their customers.

Some reasonable criticism, was aimed at the New York Times, and Cloudflare for being a little hyperbolic in their headlines and so on, and sure, it was a bit 'Chicken Little'-like, the sky wasn't falling and the Internet didn't collapse.

But, don't let the critics fools you, this was a bullet we all dodged.

For one, were Spamhaus to be taken offline, their effectiveness in filtering spam and malware would rapidly decay, due to the rate at which their blocklists need to be updated. The CBL anti-botnet feed and the SBL list both have many additions and deletions every day. These services are used to protect mail servers and networks against the most malicious criminal traffic. If they go down, a lot of major sites would have trouble staying up, or become massively infected with malware.

There are also a ton of small email systems that use the Spamhaus lists as a key part of their mail filtering (for free as it turns out). Were those lookups prevented, or tampered with, those systems would buckle under the load of spam that they dispense with easily thanks to Spamhaus.

To put it into perspective, somewhere between 80% & 90% of all email is spam, and that's the stuff Spamhaus helps filter. So it doesn't take a Rocket Scientist to figure out that if filters go out, so do the email systems, in short order. AOL's Postmaster famously said, at an FTC Spam Summit a decade ago, before the inception of massive botnets, that were their filtering to be taken offline, it'd be 10 minutes before their email systems crashed.

Due to some poorly researched media reports (hello, Wolf Blitzer!), there is a perception that this is a fight between two legitimate entities, Spamhaus and Stophaus; some press outlets and bloggers have given equal time to the criminals (we use that word advisedly, there is an ongoing investigation by law enforcement in at least five countries to bring these people to justice). Nothing could be further from the truth. The attackers are a group of organized criminals, end of story. There is nothing to be celebrated in Spamhaus taking it on the chin, unless you want email systems and networks on the Internet to stop working.

So yeah, it was a big deal.

Written by Neil Schwartzman, Executive Director, The Coalition Against unsolicited Commercial Email - CAUCE

Over the last 10 years, the principle of security by design has been gaining popularity within software engineering. This concept should also be incorporated into the SDDC and cloud architectures, to ensure that organizations leveraging the promise of cloud computing will not be compromised for their forward looking thinking.

I guess it would be fair to say that perimeter security is currently the most widely used protection for IT infrastructure. By implementing firewalls, VPNs, intrusion prevention, attack detection and the like, it has been possible to deploy reasonably secure private computing environments. To complement the perimeter security, most organizations are taking further measures inside their enterprise networks, to make sure that threats are promptly detected and dealt with.

With all this in mind, it is no wonder that information security professionals are skeptic about public and hybrid clouding models. After all, both introduce a number of new attack vectors into the secured environments. But what if the hybrid cloud did not require communication with applications and servers running in the public Internet, but rather involved an architecture that was secure by design?

The problem with most IaaS cloud offerings out there today is that their hybrid offering usually relies on public IP addresses. The customers are expected to network to the extra capacity over the Internet. While this may be an easy solution for an IaaS cloud provider leveraging standard cloud stacks and DHCP, the publicly routed IP addresses assigned to the workloads introduce a new attack vector to the end-user's private network environment.

The simplest way to overcome this security issue is to create a secure tunnel between the IaaS cloud and its end-users' enterprise networks, and to assign every single workload an IP address that matched with the IP addressing scheme used in end-users' private networks. While Cisco says that VXLAN is intended for intra data center connectivity only, for example VPN could be used for tunneling just as well.

This straightforward solution brings about two major benefits. First, since the IP addresses in the IaaS cloud are part of every end-user's own IP addressing scheme, the hosts will have no trouble networking between the cloud and the enterprise network back home. Second, if the VLANs in which the workloads are deployed are not routed to the public Internet at all, they will be less prone to various security threats lurking there.

When an IP addressing model described above is merged with a dynamic DNS provisioning engine, the outcome becomes extremely powerful. After all, what organization would not want to tap into is the economics of an IaaS cloud, knowing that it was as secure as their enterprise network. This proposition becomes even more compelling when the workloads have names and IP addresses that match with end-users' own enterprise networks, making the IaaS cloud a transparent extension of one's own computing resources.

In the context of orchestrated cloud application deployment, the technologies I've outlined in this trilogy are generally related to release parameters. So rather than talking about DHCP, IP addressing or DNS as isolated technologies, I argue that they should be merged into automated and holistic Release Parameter Provisioning (RPP). More importantly, rather than trying to make cloud orchestration solutions perform tasks they are not good at, I claim that RPP merits its own layer in the SDDC and cloud stacks, functioning as a neat bridge between the SDN and the cloud orchestration layers.

Written by Juha Holkkola, Managing Director of Nixu Software

Nixu NameSurfer 7.3 Series introduces the following features:

• An extended Application Programming Interface (API) developed in cooperation with cloud orchestration solution vendors;
• New IP Address Management (IPAM) features designed in cooperation with Managed Service Providers (MSPs) leveraging multitenancy in connection with their Infrastructure-as-a-Service (IaaS) offerings;
• More than 50 enhancements based on customer requests and feedback.

"Since our inception in 2006, Nixu Software has been an avid advocate of software-based networking. After becoming VMware Technology Alliance Partner in 2007, we have been implementing virtualized IPAM and edge services such as DNS, DHCP and L2/L3 in some of the most demanding networking environments in the world" said the Managing Director of Nixu Software, Juha Holkkola. "Along with the release of Nixu NameSurfer 7.3 Series, we have taken our vision further by expanding our IPAM solution into a virtualizable platform that can be used to connect the orchestration systems and virtualized networks in the Software-Defined Network stack" he continued.

Find out more about Nixu NameSurfer Suite and download a free 30-day trial.

"EPA's deployment of a SIEM tool did not comply with Agency requirements for deploying IT investments."

"EPA did not follow up with staff to confirm that corrective actions were taken to address known information security weaknesses. ... Office of Management and Budget Circular A-123, 'Management Accountability and Control,' states managers are responsible for taking timely and effective actions to correct identified deficiencies."

— EPA, Office of Inspector General, "Improvements Needed in EPA's Network Security Monitoring Program," Report No. 12-P-0899, September 27, 2012

A report from EPA's Office of Inspector General found serious deficiencies in EPA's network security. These shortcoming raise concern about the integrity of agency data. Specifically, the report states that EPA's Office of Environmental Information

"which is responsible for securing EPA's network from internal and external exploits, has not developed a process to verify that known weaknesses have been addressed. As a result, known vulnerabilities remained unremediated and key steps to resolve those weaknesses remain unaddressed, which could leave EPA information exposed to unauthorized access.” [Emphasis added]

The Harms From Unauthorized Access to EPA Data

The possibility of unauthorized access to EPA information raises an array of concerns since EPA-held data includes various types of Confidential Business Information, scientific research data, environmental databases, agency plans for responding to "incidents of national significance” and other security-related matters, and environmental monitoring data used in regulatory enforcement actions. Thus, the dangers from unauthorized access to EPA data range from disclosure of sensitive business information to the alteration/manipulation of environmental data so as to trigger, or not trigger, an investigation or enforcement action.

EPA has been warned before about their security shortcomings. One section of the OIG report is titled, "EPA Did Not Address Recommendations From Internal Reviews." The OIG found that EPA did not act on three separate analyses of the agency's information security, including one by Carnegie Mellon's Computer Emergency Response Team (CERT) Program and one by Booze Allen Hamilton that provided recommended steps for cyber security improvements. One of the Booze Allen recommendations noted by the OIG was that "EPA must adopt automated tools to achieve continuous monitoring for threats."

It is worth noting that EPA's continuous monitoring practices are at sharp variance with the Best Practice Principles developed by the Center for Regulatory Effectiveness (CRE). In its study of Information Security Continuous Monitoring Best Practices, CRE found that agencies need security professionals who are trained to take advantage of the capabilities of advanced software tools.

The OIG, however, found that EPA's Technology and Information Security Staff "did not develop a structured training plan to use with the SIEM tool" and "Without a structured training curriculum, users' needs are not being met and the continued use of the SIEM tool by EPA's information security staff will be of limited value in performing information security activities."

The importance of continuous monitoring to agency cybersecurity should not be underestimated. As the report succinctly states, "Continually monitoring network threats through intrusion detection and prevention systems and other mechanisms is essential."

Information Security: A Data Quality Act Requirement

The Data Quality Act (DQA) sets quality standards for virtually all information disseminated by Executive Branch agencies. The Office of Management and Budget's government-wide Information Quality Guidelines state, "Agencies are directed to develop information resources management procedures for reviewing and substantiating (by documentation or other means selected by the agency) the quality (including the objectivity, utility, and integrity) of information before it is disseminated." [Emphasis added]

OMB's binding guidelines define "integrity" as referring "to the security of information — protection of the information from unauthorized access or revision, to ensure that the information is not compromised through corruption or falsification." The guidelines state that "agencies may rely on their implementation of the Federal Government's computer security laws...to establish appropriate security safeguards for ensuring the 'integrity' of the information that the agencies disseminate."

In EPA's case, however, the OIG report makes clear that the agency is not in compliance with essential elements of the federal security requirements and these lapses "could leave EPA information exposed to unauthorized access."

The question becomes, how can EPA continue to substantiate the integrity of its information under the DQA given the serious problems with its intrusion detection capabilities and non-compliance with federal IT security requirements?

The question is not a trivial one. If the agency cannot substantiate the integrity — the cybersecurity — of data in its possession, it can't by law disseminate that data or information based on that data. EPA could find itself silenced on key issues where its voice is needed.

It is important to recognize that the DQA requirements are not minor technicalities that can be ignored. Instead, the statue establishes the right of affected persons the right to "seek and obtain" correction of information not meeting quality standards — including the integrity standard. Thus, an agency study or report could be subject to challenge under the DQA on the grounds that the underlying data may have been corrupted.

Agency reports, studies and other information disseminations may be used in rulemakings, act as warnings regarding certain types of products, and/or be used in litigation. Thus, affected persons have a significant incentive to seek and obtain retraction of any study based on altered/tampered data. They also have the legal tools.

The concept of "informational standing," i.e., the right of affected persons to seek judicial review of a harmful, non-regulatory federal information disseminations, is well established in case law.

Moreover, the US Court of Appeals for the DC Circuit has explained that OMB's guidelines implementing the DQA are "binding" and in doing so cited the Supreme Court's Mead decision regarding rules carrying the force of law. It is noteworthy that the DC Circuit refused to modify their Opinion even after its primary implication, that DQA decisions are subject to judicial review, became clear and the subject of a Justice Department petition.

Thus, the cyberinsecurities identified by the EPA OIG have wide ranging environmental and legal ramifications. The most important lesson that can be drawn from the OIG report, however, a lesson applicable to all federal organizations, is that cybersecurity is not merely an internal housekeeping matter, it is the underpinning of every agency's ability to carry out their mission.

Written by Bruce Levinson, SVP, Regulatory Intervention - Center for Regulatory Effectiveness

Nominum, the world's leading provider of integrated subscriber, network, and security solutions for network operators, today announced that they have become an IBM Big Data and an IBM PureSystems Business Partner. Through this, IBM joins the Nominum IDEAL™ ecosystem of application providers. Nominum and IBM deliver a first-class offering that enables their network operator customers to gain deeper insights at the network and application level from the 1 trillion plus DNS queries processed daily by the N2 platform.

The collaboration between Nominum and IBM has resulted in two business partnership agreements as follows:

• IBM Big Data Business Partner – Nominum's engines and N2 Platform connect and share DNS data with IBM's industry leading Big Data Applications; IBM InfoSphere BigInsights and InfoSphere Streams.
• IBM PureSystems Business Partner – Nominum's engines and N2 Platform have certified configurations that can be turnkey delivered on IBM PureSystems, IBM PureFlex System hardware and virtual appliances.

"The work we have done with Nominum's IDEAL ecosystem expands our analytics options for customers and significantly improves a previously time intensive process, in addition to providing them with deeper, quicker insights," said Bruce Weed, program director, IBM Big Data. "Our customers produce massive amounts of data and Nominum's technology is powerful enough to process the vast size while also producing actionable insights that are easy to incorporate into applications. We are pleased to partner with companies like Nominum that share our goal of creating strategic solutions for network operators."

"Nominum's N2 Platform complements IBM's solutions because it provides a richer understanding of network activity that has been historically difficult and expensive to extract and increases IBM customers' return on investment," said Daniel Blasingame, vice president of OEM Solutions at Nominum. "This integration work also serves to reflect Nominum's belief that Big Data is a major opportunity for network operators and enterprises. The integration of our N2 platform with the IBM Big Data solutions allows network operators to utilize insights from network and subscriber activity for increased monetization."

Nominum and IBM are making the announcement from IBM's annual Information On Demand (IOD) show in Las Vegas, Nevada. IBM utilizes the show as a place to showcase the full breadth of IBM Information Management technologies and experts. At the show, Nominum will showcase for the very first time, the fully integrated version of the N2 and the IBM Big data platforms to illustrate the power of the combined technologies.

Additional information about the Nominum-IBM partnership can be found here: http://www.nominum.com/partners/overview/ideal/alliance/

To learn more about the Nominum N2 platform, visit: http://www.nominum.com/technology/components/n2/

The Data (Information) Quality Act (DQA, aka IQA) sets standards for the integrity of data used by federal agencies in public information disseminations. Since cybersecurity breaches have the potential to compromise the integrity of federal data, OMB has defined the integrity provisions of the law to encompass FISMA and other federal information security policies.

Moreover, the DQA's Integrity, Objectivity and Utility requirements apply to third-party data used and relied on by federal agencies as well as to federally-generated data. In explaining the applicability of the DQA to third-party data, then Office of Information and Regulatory Affairs Administrator Graham stated, "If third-party submissions are to be used and disseminated by federal agencies, it is the responsibility of the federal government, under the Information-Quality Act, to make sure that such information meets relevant information-quality standards."

The question arises therefore, as to whether the DQA provides the federal government with the authority to issue regulations protecting the integrity of data obtained from third parties, prior to its submission to the government, given the federal responsibility of making sure that such data "meets relevant information-quality standards."

The DQA states that the "Director of the Office of Management and Budget shall...with public and Federal agency involvement, issue guidelines under sections 3504(d)(1) and 3516 of title 44, United States Code, that provide policy and procedural guidance to Federal agencies for ensuring and maximizing the quality, objectivity, utility, and integrity of information (including statistical information) disseminated by Federal agencies..."

Based on a plain reading of the text, the answer appears to be no since the law authorizes guidance to federal agencies, not regulations binding on the private sector. Although this straightforward reading of the statute may well prove to be correct, it's worth exploring the scope of OMB's authority under the Act given the two sections of the Paperwork Reduction Act (PRA) cited in the DQA. In particular, as discussed below, OMB's DQA authority needs to be understood in light of the law's interpretation by the US Court of Appeals for the DC Circuit.

44 USC 3504(d)(1), part of the US Code's Subchapter on Federal Information Policy, states that with "respect to information dissemination, the Director shall develop and oversee the implementation of policies, principles, standards, and guidelines to — (1) apply to Federal agency dissemination of public information, regardless of the form or format in which such information is disseminated;"

This section of the Code gives the Director permission to take actions with respect to virtually all information publicly disseminated by the Executive Branch. By citing 3504(d)(1), the DQA is granting the Director broad authority, on an intra-governmental level, to protect the integrity (and objectivity and utility) of data disseminated by agencies.

The other section of the Code referenced by the DQA, 3516, states that the "Director shall promulgate rules, regulations, or procedures necessary to exercise the authority provided by this subchapter." Thus, even though the DQA refers to "guidance," by utilizing section 3516 of the PRA, Congress appears to grant the Director the authority to issue binding rules and regulations to carry out the DQA, including protecting the integrity of data disseminated by agencies.

The DC Circuit Court's decision in Prime Time Int'l Co. v. Vilsack provides additional insight into the Director's authority under the DQA. In a unanimous opinion the court stated that "Congress delegated to OMB authority to develop binding guidelines implementing the IQA...." Moreover, in deferring to OMB's reasonable construction of the statue, the decision stated, "See United States v. Mead, 533 U.S. 218, 226 — 27 (2001)."

The Center for Regulatory Effectiveness (CRE), in groundbreaking analysis opined,

The citation of Mead at those particular pages is significant. The only statement by the Supreme Court in Mead that overlaps those two pages is the following: "We hold that administrative implementation of a particular statutory provision qualifies for Chevron deference when it appears that Congress delegated authority to the agency generally to make rules carrying the force of law, and that the agency interpretation claiming deference was promulgated in the exercise of that authority.” (Emphasis added)

A detailed analysis of the Prime Time decision by Multinational Legal Services, PLLC supporting CRE's statement may be found here. The MLS analysis explained that:

The Mead opinion makes clear that when an agency issues a rule that is entitled to Chevron-level deference, "any ensuing regulation is binding in the courts unless procedurally defective, arbitrary or capricious in substance, or manifestly contrary to the statute."

It is important to note that the Department of Justice, representing USDA, took exception to CRE's interpretation of the Prime Time decision. So strong was DOJ's disagreement with CRE's understanding of the opinion that they filed a Petition for a Panel Rehearing of a case they had already won, asking "the panel amend its opinion to clarify that the Court did not decide whether the Information Quality Act ("IQA") creates judicially enforceable rights." DOJ took the extraordinary step of including a printout of CRE's website as Exhibit B of their petition. The court rejected the DOJ petition.

Thus, we can see that the DQA gives OMB: 1) the duty to protect the integrity, utility and objectivity of data used in federal information disseminations; and 2) the authority to create binding rules carrying the force of law in order to fulfil its DQA duties. Moreover, we have seen that the scope of the DQA encompasses data collected by agencies from third parties that is then used in federal information disseminations.

Does this mean that the DQA gives OMB the authority to issue regulations protecting the integrity of third-party data used in federal information disseminations? Not necessarily but the issue is worthy of further analysis.

Written by Bruce Levinson, SVP, Regulatory Intervention - Center for Regulatory Effectiveness

There were many ideas put forth but nothing really panned out and things kinda fell on the back burner.

Some of the questions raised during these discussions were:

• This effort will require community support. We can't imagine having insight into every planned and unplanned outages.
• Initially we see this effort having an administrative/scaleability burden since we'll need (trusted or vetted) folks who can keep it current/meaningful.
• Since providers (carriers, colo, hosting, etc) guard their (un)planned outages close to their chest, not sure even as a customer, one can release the information to a public calendar when you as a customer are bound by their policy.

For further read you can checkout the results of this survey at outages blog site.

So how do we move forward? Basically we had to start somewhere.

Twitter is the first place people go when a major event takes place, especially major downtime events. External monitoring is limited by the transactions you define, and passive monitoring doesn't tell you when people can't access your site or API.

Crowdsourcing your monitoring may end up being the only way for major online services to know when something is wrong.

After months of tinkering we came up with tracker which is an initiative to crowdsource information about data outages critical to Internet Infrastructure. The project aims to crowdsource, primarily from twitter and other mediums like Web, Email(s), Smartphone Apps. The primary aim of tracker will be to collect data from people and make it accessible in various formats and provide it back for public use if interested. Our focus will be aimed at large-scale network-savvy content providers, access networks, global internet peering ecosystem, DNS root servers, major carrier failures, major data center, carrier hotel, COs, etc.

Tracker data is crowd sourced and is licensed under Public Domain Dedication and License, which means anyone is free:

1. To Share: To copy, distribute and use the database.
2. To Create: To produce works from the database.
3. To Adapt: To modify, transform and build upon the database.

Without any restriction, as the data is generated by the crowd (people) it belongs to them.

What's the point?

This has many potential uses in developing a better understanding of demand for network availability; users can hopefully use the data to ask their providers pointed questions.

Why?

Well that's because (IMO), it makes sense that since the end user is the final determiner of the status of the Internet. It is the end user that will be affected, it seems reasonable to gather information from a user perspective. The key of all this is to be sure that whatever information is collected is relevant to the condition of the Critical Internet Resources.

The 64 bit question is, how can we engage and /or encourage providers to be more forthcoming and report outages w/o being concerned about the bottom line and instead put their customer's interest first? I will even go on a limb and say this, its matter of time the heavy handedness of government aka "regulation" will force companies into a corner if things continue when it comes to close door outages reporting and this will further diminish the "free market".

Given the reluctance of the providers to publicly report their service as "bad", especially if not everyone has to report on the same basis and/or the measurement is not universally recognized. Even with the existence of a protective agreement, no one wants to report.

I really hope that network service providers, carriers and network operators around the globe will see the benefit of tracker as an unbiased central source and take a lead by posting events so everyone could benefit from it — including themselves. It seemed reasonable that providers should report outages as opposed to having external sources report them that "impact the end-user community".

These aren't issues we will solve immediately. They take time to build and they will ebb and flow. But as you diligently pursue staying on top of them, you will be locking in that legacy you desire for others to participate.

As I like to say, "we engineers shape networks, and afterwards outages shape us”.

Grateful thanks!

Written by Virendra Rode, Network Consultant

I'm curiously puzzled, but not entirely surprised, how a company such as Amazon (NASDAQ: GS) allowed its servers to be interrupted for any length of time due to severe storm damage in northern Virginia this past weekend. Companies using cloud servers are both expectant and dependent on being able to pull information from cloud sources to operate their businesses without interruption. After all, IT professionals have been preaching the security and reliability of the cloud for quite some time to manage large data off-site. Steps for Amazon to repair credibility should be transparent and swift.

Redundancy Issues 101

Failing to address possible redundancy issues early on in cloud infrastructure is a basic design-maintenance (101) issue, which can become extremely expensive.

• Did backup generator design properly address power load requirements in a long-term outage?
• Was (regularly planned generator testing) implemented for inclement weather situations, or other emergencies?
• An adequate and properly maintained generator is the first line of defense in outages and should be highest on the maintenance list
• What surge-protection plans were implemented for grid-spikes which can disrupt and even destroy electronic equipment, or interfere with telecommunication operations?

This issue, reported by news outlets as a downtime factor, should be the addressed openly and honestly with constituents early on. Credibility and believability in cloud support 24/7, is at stake.

Utility Service Provider Design

Obviously the external electric grid design plays a role in any outage, no matter their cause. Early planning stages in design and control are key factors in redundancy, efficiency and reliability.

Did through collaboration exist between utility and customer in facility design process?

• What redundancy features did utility provide in design phase of cloud site?
• What site factors led Amazon to believe this area utility was capable of handling unforeseen outages through prevention techniques?
• How much utility infrastructure is above-ground vs. underground therefore susceptible to damage by weather or other contingency factors?
• Are back-up substations available to redirect power if local grid goes down?
• What is the utilities track-record on outages, repairs to infrastructure, and down-time?
• Where does the cloud site stand in the hierarchy of restoring service, high, medium, low?

Off-Site Redundancy-Backup Facility

Inherently, these type utility outages will occur due to a national infrastructure grid that is aging and vulnerable to costly disruptions. Above ground utility pole grid is notoriously aged and lacks design upgrades to protect critical areas from massive outages. This is a known fact which businesses must work around, building on site and off-site redundancy.

Amazon's cloud services for the Eastern U.S. should have been automatically switched to a redundant system, such as its West Coast Operation. Why this did not happen is a mystery, but Amazon should own up to its design miscalculations and move to inform customers on future plans regarding eliminating down-time.

Image Repair - Epitaph

Move candidly and quickly to report steps to correct outage issues. Hire a PR Firm to manage media campaign designed to restore credibility. Hopefully this is not an epitaph for Amazon Cloud Services. The problem remains that many companies, not just Amazon, are risking their business operations on poorly designed redundancy. Since proper design and maintenance is not a revenue-driven expenditure, sadly it does not get the attention needed. It is a striking example of how an ambivalent policy can get organizations into embarrassing situations which, expectedly, get highly covered by media outlets.

This evaluation of what happened, and its causes, are introspections on Amazon Cloud Services site in Northern Virginia and does not reflect actual events at the time. It is an educated guess as to what could have happened based on public knowledge.

Written by Leonard Grace, Founder & Editor - Broadband Convergent

More importantly they are making the hardware and software design of their CDN servers freely available. That means any network can deploy Netflix CDN boxes deep into their network to significantly reduce traffic volumes and improve performance for users. In addition to the Netflix announcement the IETF has started up a working group called CDNi which is looking at developing standards for interconnection and distribution of CDN networks globally.

These initiatives will have a significant impact for R&E networks in terms of Big Data, ensuring the Internet remains open and for creating new revenue opportunities. It is not only movies and commercial web sites that benefit from CDN networks. Any large data set that requires wide distribution, especially to mobile wireless devices can benefit from a CDN network. The high energy physics LHCONE network is a good example of a CDN network designed for a specific big data application. But there are many other large data sets in genomics, astronomy, social sciences, etc that could benefit from a generalized R&E CDN facility. Researchers and educators, like everybody else, want access to their data any time, any place and on any device. CDNs are critical to realizing such a vision.

To date CDN facilities have not been critical for R&E networks because of the ample bandwidth, but as more and more users are accessing the R&E networks through wireless connection, or through the commercial Internet (i.e. for Citizen Science or courseware applications), performance and throughput can be significantly enhanced with a CDN network. It is not only receiving content and data that CDN networks are important, but also for delivering content to the global Internet community. Unfortunately most commercial CDN networks do not carry research data or any type of public content such as courseware, public service multimedia, etc. That is why it is important that R&E networks deploy their own CDN networks, and like other CDNs deliver this content to commercial ISPs at IXPs and other facilities. In countries like Canada delivering content from small Canadian multimedia businesses and other organizations to fellow Canadians and the global community is also an important role for R&E CDN networks.

Deploying a CDN network could also be a revenue opportunity for R&E networks in delivering content to commercial ISPs and community networks at IXPs on behalf of public broadcasters, museums, and other public entities. Public broadcasters such as PBS, CBC, TVO, BBC, etc. are seriously looking at using OTT (Over The Top) distribution networks (e.g. Netflix) for their future direction. R&E networks could significantly reduce costs for these public broadcasters (and yet still earn significant revenue for the R&E network) in delivering this public content to the global community.

Working in partnership with community network initiatives, such as UCAN, Gig.U and public supported IXPs could be mutually beneficial for both R&E CDN networks and IXPs. A good example, as I mentioned in a previous blog the Canadian Internet Registration Authority (CIRA) is working with regional R&E networks to help deploy community IXPs with integrated support for multiple CDN suppliers. BCnet is another example which has deployed IXPs in small communities and is now looking at deploying CDN services to these IXPs as well.

NORDUnet and AARNet are also well positioned to be global players in deploying public CDN networks and insuring the communities they serve have a global voice for their content. Both networks have major peering connections at a number of major international IXPs. Initially these connections were intended to reduce costs of Internet transit, but in the longer run they may serve as an important infrastructure for delivering Nordic and Australian data and content to the world.

Finally the most important aspect of R&E CDN networks is that they can be designed to be powered solely by renewable energy. The beauty of CDN architectures is that users can be redirected to an alternate CDN node if the local node is out of service for one reason or another. Often CDN networks also do redirection if a user requests content that is not available in the local cache. So, for example, if a local node is powered by a wind mill, and it is a windless day, users can be redirected to another nearby CDN node. As opposed to other follow the sun/follow the wind architectures there is no need to transfer large data files with a CDN network. The Greenstar network demonstrated this capability where they can transfer a live HD video stream from one Greenstar node to another, anywhere in the world without a single glitch in the video stream.

Various estimates suggest that CDN networks already deliver over 40% of world's Internet traffic. On some networks CDN content is now approaching 90% of traffic volumes in peak times. It is time R&E networks take a leadership role to ensure that there remains a public CDN facility, and that carriers do not entirely capture and lock this market inside their walled gardens. We are already seeing this happen with recent initiatives from Verizon and Comcast and ongoing disputes with Level 3 etc.

Written by Bill St. Arnaud , Green IT Networking Consultant