SSL VPNs are easier to deploy than IPsec as a result of they use the net browser already gift on most desktops and dynamic Java/ActiveX purchasers rather than put in VPN consumer programs. They use protocols that pass a lot of simply through perimeter firewalls and network address translation. They let the VPN server dictate tunnel security parameters rather than requiring client-side configuration. they provide safer support for common remote user authentication strategies like passwords and tokens. and that they will typically apply a lot of granular access rules — as an example, letting individual users reach selected applications or application objects (URLs, files, etc) rather than connecting remote hosts to entire networks.

In some cases, an SSL VPN’s granular access rules is also safer than IPsec. If a home computer has been infected with a worm, that worm is a lot of possible to propagate into your company network over an full-IP tunnel than an SSL-protected session to a particular application. If a public computer is infected with an overseas access trojan, that trojan cannot route IP traffic over an SSL session into your company network. several SSL VPN product will consider location and device — as an example, providing email-only access when Joe connects from an untrusted public computer, whereas allowing broader access when Joe connects from his trusted company-managed laptop.

For information privacy and integrity, IPsec and SSL tunnels will use several of constant security measures, like DH key exchange, AES encryption, and SHA1 hashed messages authentication. TLS 1.0 eliminates support for a few of the less secure algorithms included in SSL three.0, therefore ought to be used whenever attainable. Ultimately, security depends on how a VPN server is configured, therefore it’s essential to match your VPN product — IPsec or SSL — along with your desired security policy.

SSL VPNs do have sure security drawbacks. SSL VPN servers are inherently a lot of susceptible to TCP-based DoS attacks, and may be deployed behind a fringe firewall that gives robust DoS protection. SSL VPN purchasers could “leak” non-tunneled traffic or leave non-public information behind on public PCs unless more measures are used. And allowing any degree of access from unknown, potentially-compromised devices involves a lot of risk than allowing access solely by trusted devices.

To mitigate these risks, several SSL VPNs give endpoint security measures, either built-in or through integration with third party product. as an example, the Citrix Access Gateway that you just asked concerning will perform an endpoint security check when SSL VPN sessions are established, verifying anti-virus, personal firewall, and different endpoint resources before permitting remote access. It uses a Java-based VPN consumer that avoids split tunneling by default. It applies context-sensitive rules which will limit resource exposure in less trustworthy environments. as an example, “kiosk mode” transmits all application info as pictures, never sending any text that might doubtless be left on a public computer. you’ll conjointly limit kiosk users to chose screen-sharing applications like VNC or Windows Remote Desktop.

With regard to using transportable devices to more strengthen security, the foremost common VPN add-on is token or sensible card authentication. The Citrix Access Gateway are often used with SafeWord PremierAccess or RSA SecurID hardware tokens that neutralize vulnerabilities related to plain-text passwords. By requiring users to demonstrate that they possess one among these physical tokens when logging in, access credentials cannot be inappropriately shared with others or stolen by key loggers. To deploy either choice, you’ll have an identical authentication server somewhere within your company network, to be consulted by the VPN gateway whenever users try and connect. Alternatively, you’ll authenticate users by certificates, stored on USB sensible cards.

Another add-on security device that may interest you may be a transportable operating surroundings, like RedCannon Fireball KeyPoint. as an example, KeyPoint for Citrix is at USB storage device that mixes the Citrix Remote Access Suite with RedCannon’s endpoint security resolution. Remote users would carry a USB thumb drive containing the Citrix ICA consumer, a stealth browser, a spyware scanner, an RSA SoftID consumer, and a secure information vault. This thumb drive are often utilized in any Windows computer while not putting in drivers or software. This lets your users carry constant trusted operating surroundings with them as they move between home and public PCs.

For a wonderful in-depth SSL VPN study, browse my friend Joel Snyder’s December 2005 NWW article, SSL VPNs Dissected. That article provides a head-to-head comparison of eleven SSL VPN product. though Citrix isn’t among them, you’ll still notice a wealth of valuable SSL VPN info in Joel’s article.

Today this static, walled-fortress security paradigm is giving thanks to a dynamic approach that additional closely resembles the human body’s immune system. The new security paradigm emphasizes organic, unified defenses and distributed detection and response technologies that enable the network to actively defend itself at each affiliation. As an integral a part of this additional refined approach, admission management technology is poised to play a outstanding role within the evolving art of network self-defense.

A complex security landscape
Although it’s still necessary to manage perimeter access and safeguard crucial info resources, applications, and services, IT should currently take under consideration many new factors when coming up with a proactive security strategy. Among the factors that have modified the network security landscape in recent years are:

A diversity of network users—onsite staff, remote employees, vendors, partners, and guest users—many of whom carry computing devices with them and hook up with the network within the firewall
An array of endpoints—desktop devices, servers of each description, and transportable devices that embrace not solely laptops however PDAs, ministorage devices, and even iPods
A variety of access methods—wired LANs/WANs, wireless LANs/PANs (Wi-Fi, Bluetooth), VPNs using IP Security (IPSec), broadband (DSL, cable, WiMAX wireless), dial-up, and Web/HTTP
An ever-growing profusion of network services and applications—traditional e-mail and file exchange, voice over IP (VoIP), XML net services, document sharing, enterprise resource coming up with (ERP), client relationship management (CRM), endlessly
A new generation of malware that spreads very quickly and may be terribly clever at hiding itself—Flash threats, worm-driven DDoS, phishing, spyware, and additional sorts rising a day
A gradual transfer of management and responsibility from IT directors to finish users as “anytime, anywhere” connections proliferate
All this network complexity and heterogeneity means countermeasures ought to be placed on each networked communication device to make sure adequate security. And a broad-based consortium of network and security vendors must collaborate to create positive gaps in defenses do not open up as new users, devices, entry points, services, and exploits arrive on the scene.

Patting down the endpoints
Even with firewalls and intrusion protection, viruses and worms that grow increasingly virulent and aggressive still disrupt business networks, leading to downtime, loss of productivity, and costly, time-consuming recovery efforts.

“Day-zero” and alternative opportunistic attacks which will metastasize widely during a matter of seconds are a challenge to reactive containment. for instance, the recent W32/MyDoom-0 e-mail worm propagates itself not solely by canvassing the victim device’s arduous disk for e-mail addresses, however conjointly by sending queries to web search engines to search out additional addresses based mostly on constant domain names. And it’s been estimated that the notorious 2003 Blaster worm hit concerning 128 million systems within the initial 3 minutes.

Because there are such a large amount of doable network connections, hosts that are not compliant with the most recent antivirus, OS, and application patch levels are tough to detect. Locating and isolating infected devices takes up time and resources, however if the matter is not noticed and handled quickly the injury will mount up exponentially. resultive} thanks to avert the risks posed by noncompliant endpoints is to forbid them from connecting to the network in the least — in effect, to provide them a “pat down” search before entry. that is where network admission management comes into play.

Unlike ancient ID management that simply verifies the identity of users, an admission management system checks to create positive the device complies with network security policies before it’s allowed to attach. and in contrast to ancient antivirus and OS patch controls that solely shield the hosts within which they reside, admission management extends these defenses to shield the complete network.

Network admission management may be deployed at the most enterprise campus, in branch offices, on remotely located and home-based devices, on wireless networks, and in extranets. The technology dramatically improves network security and helps guarantee resilience and availability, whereas conjointly increasing the worth of existing security investments.

Security checkpoints everywhere
Think of network admission management as a sort of security checkpoint. It’s almost like what you’d encounter at an airport, however distributed to every endpoint on the network — and plenty easier and quicker to go through than airport security if your device is compliant.

At an airport checkpoint, security employees make sure that passengers have valid price tickets and conjointly check IDs to verify that the name on the ticket matches the person in front of them. Identities are compared against a current list of doable malefactors. Passengers conjointly go through a metal detector, and their carry-on baggage is inspected. based mostly on profiles derived from established policies, bound passengers is also singled out for additional intense scrutiny in an adjacent space before they’re allowed to still the gate and onto the plane.

Network admission management works in a lot of constant manner. An endpoint should pass muster before it will enter the network. This prevents viruses and worms from gaining a position, particularly the foremost recent threats which will not be outlined in antivirus software, or threats that exploit an unpatched OS vulnerability.

In a network admission management system, a nonintrusive software agent residing in every endpoint plays the role of the airport security guard, giving the network a distributed self-defense dimension. This “trust” agent is a middleware element that enables the host to interact with multivendor security software residing on the host and elsewhere on the network. The access management agent works in tandem with alternative security agent software on the endpoint designed to shield against port scans, varied malicious mobile codes, spyware/adware, and alternative immediate threats and annoyances. The result’s a dynamic, adaptive immune system deployed at the endpoint level.

When the endpoint seeks a affiliation, the admission management agent makes positive the endpoint’s credentials are so as — that’s, it examines the configuration of the machine and appears for the presence and standing of behavior-blocking, personal firewall, antivirus, and patch software. The agent then delivers this info by suggests that of a router, switch, or VPN concentrator to at least one or additional access management servers (ACSs), that confirm whether or not or not the endpoint’s configuration and postures are according to current policies. An authentication, authorization, and accounting (AAA) policy server informs the ACS concerning the policies and authorization parameters. If the endpoint is out of compliance, the ACS has the associated router block the endpoint’s IP address, effectively preventing affiliation to the network.

Carrying the airport security analogy additional, a network admission management system will build use of the agent embedded within the host to grant restricted access to the network, or it will direct an endpoint to a quarantine space for additional attention.

Just as a ticketed air passenger is also allowed access to the gate space, however should have a boarding pass to board the plane, an endpoint is also permitted to attach solely to a particular section of the network based mostly on policies set by the organization. And simply as choose passengers is also shunted to a cordoned-off space where they’re frisked and their bags is sniffed for suspicious chemical residues, the network admission management system will quarantine an endpoint during a restricted network space for additional inspections. The quarantine zone may additionally embrace a remediation server which will install the suitable software on the endpoint and purge the device of malware before it’s allowed entry.

In sharp distinction to airport security, however, all the network admission management precautions are applied nearly instantaneously. Compliant users get a quick pass and a fast affiliation.

The multivendor NAC initiative
Because of its comprehensive, multilevel nature, admission management should be delivered as a partnership among networking trade suppliers, antivirus and patch management vendors, and posture assessment firms. Cisco Systems has brought of these players along as a part of the Network Admission management (NAC) initiative that currently includes quite forty five trade leaders, as well as laptop Associates, IBM, McAfee, Sophos, Sygate, Symantec, and Trend Micro. quite thirty partners have delivered or are scheduled to deliver NAC solutions by mid-2005.

This multivendor, systems-based approach to admission management lets IT exploit previous security investments and avoid having to overhaul existing security infrastructure. The NAC initiative conjointly can build it doable to roll out solutions additional quickly, while not waiting months or years for a customary to be formulated and approved. The NAC program is drawing on established standards like 802.11x, Extensible Authentication Protocol (EAP) and RADIUS, and is seeking IETF approval for specific technologies.

Because the NAC program is meant to foster trade collaboration, APIs are furnished to vendors for product integration, testing, and certification. Participants within the program integrate the interfaces into their applications and take a look at the applications at an freelance certification facility to make sure compliance.

In section a pair of of the NAC initiative, support are going to be extended to switching and IPsec remote-access VPN platforms, the IEEE 802.1 security protocol, and an expanded set of endpoint OSs. Future support can embrace firewalls, wireless access points, and alternative platforms. the last word goal is to extend the vary of NAC-enabled solutions — as well as antivirus and patch-management software, additionally as compliance and remediation product from a good vary of vendors — with the eventual aim of integrating the technology with vulnerability assessment, security info management, and alternative security capabilities to make a additional unified deterrent to network threats.

Whether you are talking concerning airports or router ports, network admission management adds a crucial enforcement dimension to the safety infrastructure. And it conjointly helps come a live of management back to the IT administrator while not inconveniencing compliant users. By putting a security checkpoint at each connected endpoint, admission management represents a major stage within the evolution toward comprehensive network self-defense.

The firm can pay $900 million for the unit, Nortel’s Government Solutions cluster and DiamondWare Ltd., a Nortel-owned maker of softphones. Avaya also will contribute a further pool of $15 million for an employee retention program. That value is almost twice what Avaya was initially said to be shopping for the enterprise business for back in July before auction bidding kicked in.

Slideshow: the increase and fall of Nortel

Avaya has sought Nortel’s enterprise business in hopes of boosting its share of the enterprise telephony and unified communications markets, and obtaining a lot of customers to migrate to its IP line of communications merchandise.

The sale, expected to shut later this year, is subject to court approvals within the U.S., Canada, France and Israel further as regulatory approvals, alternative customary closing conditions and bound post-closing purchase value changes. Telecom carrier Verizon, however, is anticipated to contest the sale on the grounds that Avaya doesn’t commit to retain client support contracts between Nortel and Verizon.

Nortel customers hope the deal works out in their interest.

“Nortel earned the trust of our user cluster members by delivering innovative, reliable communications solutions and guaranteeing high-levels of service and support, ” said Victor Bohnert, government Director of the International Nortel Networks Users Association, during a ready statement. “With the announcement of today’s purchase by Avaya, we glance forward to extending that relationship forward to serve the business communications desires of our constituency base across the world.”

Nortel can obtain Canadian and U.S. court approvals of the proposed sale agreement at a joint hearing on September fifteen, 2009. The sale shut is anticipated late within the fourth quarter. In some EMEA jurisdictions this transaction is subject to info and consultation with employee representatives.

As previously announced, Nortel doesn’t expect that its common shareholders or the well-liked shareholders of Nortel Networks restricted can receive any price from the creditor protection proceedings and expects that the proceedings can lead to the cancellation of those equity interests.

The net result, says Alan Baratz, senior vp and president for international Communication Solutions at Avaya, is expanded capabilities, reduced prices and fewer disruptive amendment.

Promising to accomplish a major a part of this among the year is an aggressive goal which will impress Nortel customers yearning for a gorgeous path to unified communications, says Zeus Kerravala, an analyst with the american cluster.

Delivering on time is vital as a result of former Nortel customers that wish to aggressively pursue UC will not wish to attend and wait, he says. Avaya CEO Kevin Kennedy’s time at Cisco could facilitate owing to that rival’s expertise in shopping for alternative firms and integrating them smoothly, he says.

“Every Nortel client goes to own a competitive vendor making an attempt to make a path to their own unified communications answer,” he says. Fumbling will not be fatal, Kerravala says, however it may mean a loss of the spectacular twenty fifth marketshare he says Avaya has amassed in telephony.

As for the specifics of the road map, adding an important SIP layer into the communications hierarchy are going to be accomplished via Avaya Aura, the company’s SIP-based communication software platform that may be sandwiched between communications infrastructure – like PBXs – and services – like voice, video, messaging, conferencing and mobility.

With Aura in place, legacy Avaya and Nortel PBXs can interoperate with SIP-based VoIP gear. thus Nortel Communication Server a thousand IP PBX with Aura layered on high of it may interface with SIP-based phones plugged into the Aura aspect of the network. All the phones would have CS a thousand options and also the same button sequencing so as to navigate those options, Baratz says. Also, legacy Nortel phones may be plugged into the Aura aspect of the network.

This move can scale back value of adopting unified communications as a result of it reduces the necessity for replacing PBXs and phones further because the value of retraining finish users in how new phones work, he says.

The set up needs software integration and it will not happen overnight, Baratz says, however it’ll be accomplished by the top of this year, probably in November, Baratz says. Nortel’s Business Communications System Manager are going to be incorporated into Aura, as can Nortel’s Agile Communications atmosphere (ACE), that permits infusing applications with communications capabilities.

The changes are going to be distributed as software upgrades to current Aura customers.

This strategy is not shocking, Kerravala says, as a result of Aura was designed to embrace an SIP-based gear, despite who the seller. Integration with Nortel equipment ought to be easier as a result of Avaya owns each sets of assets thus will build their SIP implementations compatible. Standards-compliant implementations of SIP will vary enough that they do not interoperate, he notes.

In the space of contact centers, Avaya has set that Nortel’s Contact Center are going to be integrated into the merchandise line in lieu of Avaya’s. Over consecutive six to 9 months, revisions of Nortel’s Contact Center can prepare it to become the Avaya giving for midsize businesses instead of Contact Center specific.

The contact center software from Nortel are going to be more developed to include all of the architectural options Avaya envisions for contact centers, then more developed thus it will scale to enterprise proportions. These 2 revisions can take six to 9 months every. At that time the software can become an upgrade to interchange Avaya’s high-end Contact Center Elite.

Baratz says that even before the acquisition of Nortel, Avaya acknowledged that Nortel’s midsize contact center was higher. “It was terribly near the last word product we tend to needed,” he says.

Avaya plans to slowly scale back the amount of telephony choices accessible for little and midsize enterprises. It plans to bring legacy Avaya Partner and Integral five key systems further as Nortel Norstar systems underneath the umbrella of its IP workplace gear.

IP workplace are going to be developed to support Norstar systems and Nortel Business Communications Manager hybrid PBXs, and some years down the road can replace them. however within the meantime, Norstar and BCM can stay accessible. “Nothing abrupt goes to happen here,” Baratz says.

Nortel’s Software Communications System SIP appliance can be a part of the portfolio as is. there’s no analogous Avaya product.Nortel brought along a portfolio of switches, network security and wireless gear that Avaya has no competing equipment. Avaya plans to sell these product and develop them to interoperate a lot of closely with its unified communications infrastructure, Baratz says.

For instance, the wireless gear and switches is tweaked to present a lot of complete knowledge concerning the presence of mobile employees. Currently they reveal whether or not a private is on the market via voice. With higher integration they might say that the individual is on the market on a mobile device and where it’s located, he says.

But Kerravala says that Avaya must develop its gear to be competitive with alternative infrastructure vendors feature for feature, not simply to own switches and routers that augment communications. He says Avaya owns five-hitter of the infrastructure market by virtue of shopping for Nortel and may let it operate as a separate division directly taking over Cisco, HP and others. “It’s an enormous put in base,” he says.

In a statement issued Thursday, Redmond said ranging from 2013, hardware vendors should submit annual sustainability reports on their adherence to the necessities within the existing Microsoft Vendor Code of Conduct. The code sets standards for legal compliance, business ethics, labor and human rights standards, environmental protection, and respect for intellectual property.

This new reporting mechanism “complements and strengthens Microsoft’s existing auditing and assurance programs”, that embody third-party monitoring of its contract hardware makers, and conjointly drive sustainability enhancements in its provide chain, the technology big said.

The aim is to reinforce info shared regarding its vendors’ commitment to social and environmental policies, programs and performance within the company’s annual Citizenship Report, and facilitate shareholders, customers and others perceive how Microsoft and its suppliers are meeting their expectations for social responsibility, it added.

According to Microsoft, the initiative was in response to a shareholder proposal from the big apple town Comptroller John C. Liu, on behalf of recent York town Pension Funds. “We appreciate and price the discussions we’ve had with Comptroller Liu’s workplace and therefore the chance to continue our collaborative work with shareholders on initiatives that additional demonstrate our commitment to company citizenship,” said Brad Smith, Microsoft’s general counsel and government vp of legal and company affairs, within the statement.

Environment activists welcomed the move. Casey Harrell, an environmental analyst at Greenpeace International, told computer World that Microsoft’s new effort was “generally headed within the right direction”. However, she expressed skepticism on how effective or “game-changing” the initiative are.

“In general, a lot of knowledge is good–especially if this is often cross-referenced with alternative audits. This reporting work becomes {much a lot of|far more|rather more|way more} helpful if Microsoft is to truly need its suppliers to stick to more stringent standards than the law permits,” she said, emphasizing the necessity for specific, yet as high, standards.

Gartner reported Thursday that world expenditure on datacenter hardware in 2011 is predicted to be a rise of twelve.7 p.c over 2010′s US$87.8 billion. Datacenter hardware covers servers, storage and enterprise datacenter networking equipment, said the analysis firm.

Jon Hardcastle, analysis director at Gartner, noted in a very statement that worldwide spending in datacenter equipment can “finally reach and surpass 2008 levels”. within the report, he noted that growth in rising regions, particularly in BRIC countries Brazil, Russia, India and China, is about to create up for continued weakness in Japan and Western Europe, compared to pre-downturn levels.

Spending in storage can boost this year’s datacenter hardware purchases. Hardcastle explained that whereas spending on storage represented solely 1 / 4 of total hardware expenditure for knowledge centers, virtually 1/2 the expansion in spending are from the storage market.

According to Hardcastle, ancient on-premise knowledge centers are underneath attack from “three sides”. “Firstly, virtualization technologies are serving to corporations to utilize their infrastructure a lot of effectively, inhibiting overall system growth,” he said.

“Secondly, knowledge centers are becoming a lot of economical, resulting in higher system deployment densities and inhibiting demand for floor area,” he added. “Thirdly, the move to consolidated third-party knowledge centers is reducing the variety of midsize knowledge centers.”

While midsize knowledge centers can face the crunch, Hardcastle noted that the most important knowledge center category can have the benefit of the increase of cloud computing.

Gartner reported that enormous knowledge centers, outlined as those with quite five hundred racks of kit, are set to extend spending–accounting for twenty six p.c of total expenditure in 2015, from twenty p.c in 2010. Spending by such giant facilities are driven by the cloud and also the shift from internal datacenter provision to external, it said.

The policy, which went into effect March 16, states that “when acquiring technical support, all hardware systems must be supported (e.g., Oracle Premier Support for Systems or Oracle Premier Support for Operating Systems) or unsupported.”

It includes all systems running Solaris version 10.9 or later, those running Enterprise Linux and Oracle VM, as well as “all hardware systems for which you have applied services received under a technical support contract for another hardware system (including sharing of updates, patches, fixes, security alerts, work-arounds, configuration/installation assistance or parts).”

Customers who don’t purchase support for hardware systems aren’t allowed to obtain “maintenance releases, patches, telephone assistance, or any other technical support services.”

Machines that have reached the end of their useful life, or which are registered as “retired,” are not affected by the policy.

The policy also lists costs that will incur in the event a customer’s hardware support contract lapses for longer than 90 days, or if one was never originally purchased.

These systems must be determined “service ready” by Oracle, which requires customers to “acquire the Premier Support Qualification Service (at the then current fees) and meet all requirements set forth by the service team to obtain a qualification certificate for your hardware system.”

A reinstatement charge also applies. The fee amounts to “150% of the last-paid support fee, or 150% of the list technical support price for the covered hardware system, prorated from the date technical support is being ordered back to the date technical support lapsed (or the hardware order date if technical support was never purchased).”

Customers also must buy the “Premier Support Qualification Service” when they want to move up from operating system support to Premier Support for Systems.

Citing time constraints due to Oracle’s quarterly earnings report, which will be released Thursday, an Oracle spokeswoman said she could not immediately provide comment on the new policy. Pricing information for the support tiers was also not available Thursday.

Since Oracle moved to acquire Sun Microsystems, observers have speculated about how it will derive more revenue from the hardware business it gained, as hardware has lower profit margins than Oracle is used to making on software licenses and maintenance fees.

The hardware support policy is “an indication to us that Oracle is starting to inject its discipline in the Sun business,” JMP Securities analyst Patrick Walravens said in a research note.

“Our view is that Oracle is likely to take a harder line in terms of enforcing its support policies than Sun did, particularly in the small to medium-sized business market,” Walravens wrote. “Our checks suggest that some of these customers sometimes used patches from supported machines on unsupported machines.”

SMBs might look to alternatives as a result, but Oracle’s move may prove effective with bigger customers, Walravens added. “To avoid the hassle of registering each machine, larger accounts may increasingly move to site license arrangement. In the end, our checks suggest Oracle is focused on the higher-end customers who want support and are willing to pay for it on every machine.”

Oracle is pushing a vision of soup-to-nuts systems spanning storage and servers to applications, saying the tight integration of all those components will pay big dividends for customers.

“The question is, can Oracle deliver such amazing performance by owning the [entire] stack that the big customers will want to stay with them?” Walravens said in an interview.

But enterprises are also looking for “a single point of accountability,” instead of the finger-pointing that can occur over problems when multiple vendors are involved in a system, Walravens said.

The company is already offering a software, hardware and services package for small to medium-size U.S. hospitals that are developing electronic health care records systems, said James A. Champy, chairman of Dell Services’ Consulting Practice. Dell Services now sees an opportunity to expand this strategy to other niche markets, he added.

“We will provide Dell hardware, provision the hardware, install the software and run it as a package if the client wants us to,” Champy said.

CIOs have found it too expensive to selectively pick best-of-breed pieces of technology. Customers now want a combination of software, services and hardware at a lower cost, Champy said. “If the deal is priced well, they will buy it,” he said.

For regular services contracts, Dell will still sell services if a customer wants different hardware, Champy said. However, for the software, hardware and services packages, customers must buy the Dell hardware, he said.

When announcing its plan in September to buy Perot Systems for US$3.9 billion, Dell said one of it its objectives was to supply its computers to even more Perot customers.

Perot, which is now part of Dell’s global services business, derived a majority of its revenue from the health care and government markets. Dell Services now plans to grow its business in other markets like banking and financial services, Champy said. The share of these vertical markets in overall services revenue will not change dramatically in the next few years, but the scale of each of the businesses will go up, he said.

Many of its services will come from low-cost locations like India where talent is easily available, Champy said. Of the about 42,000 staff currently in Dell Services, about 14,000 are in India. The company also has other offshore centers in the Philippines, Romania and Mexico.

“We see India both as an undeveloped market for us from the services side and also as a platform to support our business growth in Asia and other regions,” Champy said.

The PTX Series Packet Transport Switch platform, of which the first products will ship in the first quarter of next year, will combine two technologies that carriers use to bypass routing at the center of their networks. Routing involves the processor-intensive work of examining every packet, and it often isn’t necessary for traffic that is just traversing the core of the network. Instead, carriers use MPLS (Multiprotocol Label Switching) and optical switching, neither of which requires full routing intelligence, to move traffic through the core.

The PTX platform combines these approaches in the same box and is not designed as a router at all. Juniper wants to relegate routers to the edges of the network and devote the PTX chassis to switching. This will allow the company to focus the processing power of the new system on the tasks required of the core, Juniper said.

Carriers are under pressure to boost their network capacity to handle fast-growing traffic loads. They want to do so economically, because they continue to bring in about the same amount of revenue from their subscribers even as third-party service and content providers deliver more bandwidth-hungry offerings such as video, analysts said. By optimizing the PTX for switching instead of routing, and integrating optical technology into the same chassis, Juniper may cut carriers’ costs while bolstering their network capacity, they said.

For enterprises and consumers who buy services from carriers, this might mean a slower rise in their monthly bills or better services for the same rates.

“Because of some of this cost being reduced … you would hope that this kind of reduces the cost per bit and therefore is passed down to the IT guys,” said analyst Ray Mota of ACG Research.

Adding optical switching to a packet switch brings Juniper into a totally new market and could dramatically change carriers’ network operations over time. Today, carriers feed packets from their core routers into a separate optical infrastructure, which places the traffic on separate wavelengths of light for fast transmission. The traffic needs to be converted from the electronic to the optical realm, and then back again on the other end of the network. Putting both in the same chassis simplifies the network and removes those costly conversions, while also making it easier to scale up the infrastructure, Juniper said.

The company claims the PTX platform can cut network capital expenditures by between 40 percent and 65 percent compared with a traditional multiprotocol routing architecture and by 35 percent compared with an IP-only routing system.

The announcement of the PTX sets Juniper on a new architectural path for the second time in just two weeks. Last Wednesday, the company unveiled QFabric, a converged enterprise network platform that creates a single logical switch throughout an entire data center. Like the new carrier-network infrastructure, QFabric is designed to eliminate multiple layers of switches and reduce the number of required devices. The overall architecture, which Juniper calls the Converged Supercore, will also include ROADMs (reconfigurable optical add-drop multiplexers), management systems and other components, Juniper said.

The promise of the PTX systems also will change the role of the T4000, a traditional core router that Juniper announced last November and is not even scheduled to ship commercially until the fourth quarter of this year. A PTX switch will be able to take the place of a T4000 in the cores of networks, offering greater throughput and efficiency. In such an architecture, the T4000 would be Juniper’s option for the edge of the network, where it can also carry out high-end functions such as service management along with routing.

“I was impressed that [Juniper] took the step of competing with themselves and other core router companies by building this MPLS switch,” said analyst Michael Howard of Infonetics Research.

Each slot of the PTX switch chassis has double the 240G bps capacity of a T4000 slot, and its initial 480G bps slot capacity can be expanded to 2T bps. The PTX line will start out with two systems, the PTX 5020, with a total capacity of 8T bps, and the PTX 9020, with 16T bps. The architecture ultimately will be able to scale up to 32T bps, which Juniper said is 10 times the scale of competing products. Among the interface line cards available for the PTX switches will be four-port 100-Gigabit Ethernet modules, a step up from the one-port or two-port 100GE cards that other vendors are offering today.

Many carriers have been looking for pure MPLS switching for their network cores, according to Howard. In addition, large carriers maintain separate staffs of engineers for optical and electronic switching, as well as separate management systems, and they want to converge those infrastructures eventually, Howard said. The PTX switches could allow those big carriers to consolidate their staffs over time, he said. Those struggling with the most exploding traffic are looking to consolidate the technologies in two or three years, while others may take five to eight years, he said.

Juniper has a reasonable shot at getting into the optical equipment market, currently served by rival Cisco Systems as well as specialists such as Ciena, Mota of ACG Research said. He estimates the company’s optical revenue opportunity at $2 billion per year.

The new “Softbank 4G” network will initially provide via modem, the small mobile wireless networks for computers and other devices that have traveled with the company to urban centers in the country in April 2013. It is compatible with a standard that more and more Chinese media reports say that Apple’s support, which means that future iPhones on Softbank network access to blazing download speeds could have.

“As cloud computing comes into practice, something that we can not help but reach high speeds for the mobile Internet,” said Softbank CEO Masayoshi Son, in an interview with journalists and industry representatives during a demonstration in downtown Tokyo. “This network is among the fastest speeds, also in the world.”

Softbank will begin offering a modem-size soap, up to 76 Mbps download and a wireless connection for up to 10 devices, which will go on sale in February. The machine starts networking Softbank existing data, if they are not within the reach of the new system.

The network, which provides additions to 15 Mbps will be based on a format called AXGP, an enhanced version of an old standard Japanese Personal Handy-phone System (PHS). Softbank said it was “well tolerated” with TD-LTE, a standard Chinese also know that the LTE TDD, which is becoming increasingly popular throughout Asia. Have media reports, Apple said on the support of the standard required in future devices.

The carrier also announced a new series of smartphones, many with sparkling buttons and functions such as e-mail decoration and image editing features that customers, especially women, who are yet to win with traditional mobile phones. These new mobile phones are sold to Japanese manufacturers such as Sharp, Panasonic, Kyocera, and Dell and Huawei, which will go on sale later this year or early 2012.

“Smartphones are already no longer an item only for men who love to be new technology,” said son, who at once brought to the stage with many young people, the phone wielding female models.

Softbank manages the smallest of Japan’s three major mobile operators in respect of contracts, but was higher than that of its competitors by adding new users to the son, the iPhone exclusive rights to Apple’s maintained and iPad over the network and plans are for aggressive pricing and advertising communication.

The monopoly on Apple products at the end of next year, when the No. 2 carrier KDDI also began the implementation of the iPhone, according to many local media. Repeatedly about the upcoming release of the new iPhone and the end of the monopoly of Apple, Softbank, Son normally loquacious questioned repeatedly declined to comment.