At the start of a new year, it is always good to reflect and take stock as we consider what 2014 will bring. With the pace of transformation building daily, we can be sure of one thing: the insatiable hunger for connectivity shows no sign of slowing.
Just as cloud computing ushered in the “as a service” era, the internet of things will herald the next wave of computing to make a transformational impact on how networks are designed and managed. The network is now expected to handle pretty much anything that is thrown at it. We are already seeing this with the increase in online services and the variety of devices that rely on it for connectivity. These devices not only include desktop PCs, tablets and smartphones, but systems such as CCTV cameras, ATMs, self-service airport kiosks and retail chill cabinets. And this is just the beginning. Tomorrow everything could be connected to the internet, such as lights, domestic appliances and smart textiles. And for every device that needs connecting, a unique identifier is needed to match it to a specific network address.
Welcome to the internet of things. A world where objects and machines, as well as computer devices, are connected to each other via smart applications. Gartner predicts that, in six years, 30 billion connected “things” will be in use – to put that in context, five years ago there were only 2.5 billion. Early-stage internet of things (IoT) projects are already well underway across healthcare, energy, industrial, transportation and even education sectors. App developers are creating ways to give consumers the ability to program and set rules for their connected devices – the US start-up Wigwag is a great example.
So how can we help enterprises prepare for this new world and plan for the year – indeed decade – ahead? Alongside other major transformation technologies – such as software-defined networking and network virtualisation – there are two areas that should take priority for planning in any enterprise network project: domain name system (DNS) security; and IPv6 deployment and migration.
DNS infrastructure, with its distributed architecture, is a vital component of internet functionality and availability. DNS has already demonstrated is scalability and flexibility to ensure a “human-friendly” way to connect with IP address-based devices on the network all over the globe.
In the IoT world, DNS will play an even more central role, with the explosion of machine-to-machine connections. The DNS service will establish and maintain the association between an object and its network addresses, from which information about such objects (for example, status and location) can be extracted.
The IoT has important consequences at the DNS security level. Today, DNS is a key target for attacks and customers will need greater security mechanisms to protect against distributed denial of service (DDoS) attacks and cache poisoning. There are three key areas which, when addressed together, are seen as instrumental to creating a more secure internet protocol (IP) network infrastructure.
- Domain name system security extensions (DNSSEC): DNS was not originally designed to include security. DNSSEC plays a key role in ensuring the integrity and authenticity of DNS data and helps to eradicate the risks of data corruption.
- Domain name system response rate limit (DNS RRL): An enhancement to the DNS protocol that can look at the pattern of packet requests and responses to identify and decrease the power of DNS amplification attacks.
- Mixture of DNS engines to mitigate attacks: This approach is highly effective but does require being able to maintain a single view across heterogenous server environments.
The road to IPv6
The internet of things has been made possible with internet protocol version six (IPv6), which extends the addressing space to support unlimited internet-enabled devices. While the design of IPv6 enables more secure communications, its complex addressing structure is not seen as “human-friendly” and requires software to organise, follow and manage IPv6 address block allocations.
Automation is key in an IoT world. Many of the IP management tasks currently handled manually by network teams will not be sustainable when it comes to IPv6. It will be virtually impossible to manage the volume and speed of change requests that these new environments will generate. By automating these tasks, valuable resources and expertise can be freed up for more strategic work.
By applying stronger and more advanced security to the network foundation itself through key protocols embedded in the IP – DNS, dynamic host configuration protocol (DHCP) and IP address management (IPAM), collectively known as DDI - enterprises can not only improve security but reduce the effort required in IT departments to administer it.
If an enterprise didn’t have a rock solid foundation for its network before the influx of devices, it is going to need one now, more than ever. Enterprise solution providers in the channel have a golden opportunity to help their customers put in place the processes, defences and systems that will help them respond to changing times ahead.
Nick Itta is channel manager at EfficientIP
This was first published in February 2014