1 / 33

Internet: Act II

Internet: Act II. Krishna Nathan VP Services Director Zurich Research Laboratory IBM Research. We are entering a new phase of Internet applications. Internet: Act II. The Internet Revolution is far from complete. Number of users Number of devices Speed/bandwidth Amount of content

naida-vang
Download Presentation

Internet: Act II

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Internet: Act II Krishna Nathan VP Services Director Zurich Research Laboratory IBM Research

  2. We are entering a new phase of Internet applications Internet: Act II The Internet Revolution is far from complete • Number of users • Number of devices • Speed/bandwidth • Amount of content • Number of applications

  3. Pervasive Revolution Internet Revolution PC Revolution Mainframe Revolution Technology Revolutions

  4. Technology Revolutions e-business • Improve intra-organizational productivity • Streamline business processes between organizations • Introduced new business models Pervasive Revolution Internet Revolution Internet Revolution PC Revolution Mainframe Revolution Pervasive Revolution

  5. Technology Revolutions: Business Benefits Pervasive Wireless enabling the On Demand Era • Real time sense and response to core applications • Access to mission critical data from any location • Connect people, data and processes on demand • Decision making and communication without human intervention (Autonomic computing) Pervasive Revolution Internet Revolution PC Revolution Pervasive Revolution Mainframe Revolution

  6. Any Device All devices can communicate with and understand one another • There will be over one trillion devices by 2005 • Number of communicatingdata devices growing from 2.4 billion to 23 billion in 2008 and one trillion by 2012 RFID & Interactive Sensors Source: IDC Research 02/2004

  7. Any Data Seamlessly communicate exploding amount of data on demand, to support people and business processes • Amount of data accessed will explode to 1.075 Zettabytes (1018) by 2008 • Variety of Data • Driving the need for a flexible architecture • Creating opportunity for business transformation Amount of data received or transmitted by device (in Petabytes/Day) Industrial Automobile Entertainment Mobile Computers

  8. BB DSP MEMS AFE Advanced Radio Technologies Emerging radio technologies will penetrate non-PC devices and accelerate pervasive connectivity • Wireless capability will be incorporated into devices, appliances, sensors, etc. as “standard equipment” • Multi-standard radios (MSR) supporting all types of wireless computing platforms will enable anytime, anywhere connections • Low power single-standard radios (SSR) will enable sensor networks Advanced Radio Technologies MSR: Data Concentrator SSR-MSR: Control Point SSR: Sensor or Actuator Future System-on- Chip Multi- or Single Standard Radio (MSR or SSR) Link to Network Infrastructure Meshed Sensor, RFID and Control Networks Source: IBM modified after Intel Source: IBM

  9. Directional Shift in Network Traffic The massive deployment of smart, networked sensors will dramatically affect network volume and traffic patterns • Traditionally, client requests accommodated by caching • In future, computation will move to the edge of the network to aggregate, synthesize and filter data Server Client Client Server Client Server Server Sensors 1:1 1:50 1:1 100:1 VoIP Conversation Sensor/RFID System P2P File Sharing Web Server

  10. Future Networks Data, voice and multimedia will be carried over a heterogeneous physical network running IP • Supporting very large number and variety of devices • Wireless communicators: Cell phones, PDA’s, pagers … • Interactive “smart” sensors: health monitors, environmental sensors … • RFID tags • Enabling “true” mobile computing • Complete range of service (internet, TV, VoIP, …) • Self-configuring • Seamless roaming • On demand remote storage Edge of NetworkServices On Demand Storage Location-based Services Server Distributed storage SAN Gateway PSTN Enhanced IP Core Network • Intelligent networkelements AccessRouter Cellular Radio WLAN PAN PAN Access-point Base station Smart Sensors / RFID tags

  11. Number of people Number of unique IPv4 addresses IPv6 is key to the next phase IPv6 represents a major step in the Internet’s ability to scale and support new applications • Uniform global address space • Ample supply of addresses • Eliminates the problem of ambiguous “private” addresses and network address translation • Automatic configuration • Complete Mobile IP solution • Global addressability allows end to end security Trillion nodes squeezed into 4.3 billion IPv4 addresses ? IPv6: 340 billion, billion, billion, billion addresses !

  12. Future Traditional Current Discovery, Addressing, Routing Layer 7: Application Layer 7: Application Layer 7: Application Layer 6: Presentation Layer 6: Presentation Layer 6: Presentation Layer 5: Session Layer 5: Session Layer 5: Session Layer X: Discovery, Addressing Routing, Fixed Addresses Layer 4: Transport Layer 4: Transport Layer 4: Transport Layer 3: Network Layer 3: Network Layer 3: Network Layer 2: Media Access Layer 2: Media Access Layer 2: Media Access Layer 1: Physical Access Layer 1: Physical Access Layer 1: Physical Access Semantic Connectivity • Future pervasive IP-based networks • Today, applications implement the network and transport functions needed to facilitate the seamless mobility of users in the application layer • In the future, the internet protocol stack will be augmented (layer X) to provide the semantics and application layer information required for intelligent routing

  13. Application Presentation Session Transport Network Data Link Physical Web Services Complete the Internet Protocol Stack A New Programming model and computing platform is emerging • Based on collections of webservices (not networks of computers) • Complex sets of distributed services will appear as though they exist and run on a single "machine" - a virtual computer • A runtime environment will be required to support the semantics and expectations associated with this new programming model Person BPEL SOAP XML HTML HTTP BPEL SOAP Business Process 1995 Computer TCP/IP Network Tannenbaum, 1981

  14. New Apps Virtual Middleware Virtual OS Virtual Engine Virtual Computer Abstraction Virtual Abstraction Physical Resources Cross system frameworks for business integration and other common functions Set of distributed services that transparently manages processes & resources Virtual Computer Distributed, heterogeneous set of computers, operating systems and networks

  15. The World of "On demand" The Grid is a key part of the foundation for On Demand e-business • On Demand Business • Responsive in real-time • Variable cost structures • Focused on what's core and differentiating • Resilient around the world, around the clock • On Demand Operating Environment • Integrated • Open • Virtualized • Autonomic • www.ibm.com/ondemand

  16. Linux XML WSDL OGSA SOAP On Demand Operating Environment A new game changing IT platform is emerging • Open Standards • Web Services • Components based assembly • Declarative not procedural • Virtualized • Virtual Computer • Distributed • Autonomic • Manageable complexity • Resource utilization • Resilient • Integrated • New Interaction Paradigm • Empowering People • Efficient information routing

  17. High High Cross-site scripting Staged attack "Stealth" / advanced scanning techniques Distributed attack tools Denial of service www attacks Automated probes and scans GUI Attack Sophistication Packet spoofing Intruder Sophistication Network management diagnosis Sniffers Sweepers Hijacking sessions Back Doors Internet availability of attack scripts Disabling audits Burglaries Exploiting Known Vulnerabilities Passwordguessing Password cracking Low Low Self-replicating code 1980 1985 1990 1995 2000 Security and Privacy Pervasive connectivity and on demand computing will increase security and privacy concerns, requiring new software and hardware solutions • Increased connectivity, diversity of devices, global resource sharing and richer applications increase complexity, amplifying the vulnerability of the network and escalating the privacy concerns • New security and privacy policies will be required • Establishment of “trusted” devices, servers and gateways will be required to accommodate dynamic network infrastructure and provide end-to-end security Attack sophistication increases while intruder sophistication decreases Source: Network Infrastructure Security (C) 2002 Gary McGraw

  18. Secure Internet protocols (IPSec, SSL, ..) do not address these problems Notoriously Difficult Security Problems • Massive inflow of vulnerabilities • Time to exploitation is shrinking • Increasing sophistication of attacks vs. automation of malware • Poorly designed software • Poor engineering, poor usability • Minimal outflow • Well-known vulnerabilities do not get fixed, exploitation peek often after release of patch • Growing complexity of (security) management • Complex set-up and administration, many ways to do the same thing • Never changed standard passwords and settings/profiles • Helpdesk and other social attacks • OS, routers, application monocultures • Write once, attack everywhere

  19. App App App App App App App A A B A B A B All comm. is authenticated and protected Towards a More Secure Infrastructure Strong isolation on the platform protects the app component from other apps TPMs on all devices provide anchor for strong authentication Virtualization Virtualization Virtualization Application owner sets the domain policy Virtualization Virtualization Virtualization Virtual Trust Domain B Virtual Trust Domain A Well-defined control points for inter-trust domain interactions

  20. Privacy Research Roadmap The challenges: • Privacy by default • Predictable and measurable trust and privacy • Privacy in times of pervasive sensors, virtually unlimited storage and computing power, and totally connected systems • New business models that favor privacy The next steps: • Cross-domain privacy and identity management • Design methods and process design tools • Privacy patterns and tools for specific applications Today’s focus: • Assessment and descriptions of practices • Enforcement and audit • Building tools IBM Privacy Research Institute www.research.ibm.com/privacy

  21. Internet: Act II We are entering a new phase of Internet applications • Pervasive connectivity: One trillion of connected devices by 2012 • Grid computing evolving into “on demand computing” • IPv6 represents a major step in the Internet’s ability to scale and support new applications • Security and privacy are critical to the future of Internet

  22. Seeing Old Things in New Ways

  23. Being lucky

  24. MERCITHANK YOU

  25. 802.16a Technology Evolution Pre 802.16 802.16e New disruptive technologies, such as WiMax, may also offer potential threats to wireless operators’ voice and data revenues Q4-2005 Q1-2005 Q2-2004 Q3-2004 Q1-2004 Q4-2004 Q3-2005 Q2-2005 Pilot Broadband Deployment Product Evolution Launch wireless broadband service to areas without broadband access Triple Play Pilot Use 802.16 standard technology to offer voice, video, and data in selected markets Strategic Rationale • Enhance customer retention • Provide for revenue growth • Bundle with other IP services • Compete with Cable • Fully leverage the economics of 802.16 • Test technology, service delivery, and project economics

  26. Example of Network Convergence • Converged applications over data networks • VoIP - Growing rapidly in enterprises • Cable companies offering VoIP service • Delivery of entertainment (TV, video-on-demand, games, etc.) Enterprise Circuit vs. IP Telephony Minutes

  27. Business companies are increasing installing IP equipment with IP enablement but uncertainties remain on VoIP usage At the start of 2004 largest companies were using VoIP • 25% to 30% of American companies • 23% of Japanese companies • 15% to 20% in Europe where the UK then northern Europe are leading the way Drivers and inhibitors to VoIP’s deployment

  28. VoIP systems are ideal for businesses that interface with customers by phone and need to improve customer service • VoIP enables applications that reside on the converged network • VoIP makes a better alternative to more traditional customer service solutions as it supports: • wireless access • high-performance teleworker solutions • improved unified communications • In call centers VoIP is more effective than traditonal solutions • It enables to add remote teleworkers seamlessly to staff calls • Since the calls can be routed anywhere seamlessly, remote workers will have the same information about the caller and account information. • It can eliminate long distance charges, offering expert resources anywhere in their network • It allows the latest applications to be networked anywhere, providing more features and added scalability • The cost of call center applications will come down, making call center applications (IVR, CTI and speech recognition) more affordable to smaller businesses and remote locations. • Key benefit of VoIP is the ability to manage and measure customer interactions through the use of sophisticated network-wide reporting and management tools and the ability to quickly make changes across the network to improve customer interactions.

  29. SIP proxy SIP proxy SIP proxy SIP User Agent Client SIP User Agent Server INVITE sip:vic@victormoore.com RTP/UDP packets 200 OK ACK Router Router Media Stream BYE 200 OK sip.victormoore.com What is SIP?Session Initiation Protocol • A signaling protocol for setting up multimedia sessions between endpoints • Fundamental shift from PSTN : infrastructure consists of software on standard servers • SIP designed in line with other Internet protocols by the IETF • Uses overlay control network consisting of SIP Proxies to route SIP messages : Media path (RTP/UDP) decoupled from signaling • name@domain addressing; message syntax similar to HTTP • SIP provides • Session setup/modification/handoff/tear-down : Voice/ Video over IP - Mobility control • Presence & Instant Messaging : Signaling message carries the IM as payload (SIMPLE) • Publish/subscribe mechanism : SUBSCRIBE/ NOTIFY to events • Supports calls to/from PSTN • Examples of SIP adoption • VoIP : Vonage, CableVision,… • IM : Lotus Sametime • Push-to-talk : Sprint PCS, Verizon Wireless • Collaboration software : Microsoft Live Office

  30. Major benefits of IPv6 • Automatic configuration • stateless, for manager-free networks • stateful (DHCPv6), for managed networks • help for site renumbering • Better aggregated routing tables than IPv4 • Complete Mobile IP solution • Global addressability allows IPSEC end to end. • mechanisms for secure firewall traversal will come • Simplified header format with clean extensibility. • allows effective header compression • Provision for a QOS flow label. 3.4 * 10^38 addresses!

  31. Critical advantages of IPv6 for a services oriented architecture such as the ODOE or a Grid • Uniform global address space eliminates the problem of ambiguous “private” addresses and network address translation • Potential for massive scaling • Avoid interworking units within a VO • Autoconfiguration and ample supply of addresses are a big plus for flexible infrastructure configuration • Grids and Web Services use transport and application level security, but IPv6 network level security is also an advantage

  32. Security and Network Architecture Protection (NAP) • Security is a lot more than IPsec • Transport level (TLS/SSL) and applications level (e.g. Web Services Security) remain fundamental • NAP: By combining features of IPv6, such as using globally routeable addresses, unique local addresses, and privacy addresses appropriately, a network domain can be effectively protected against many forms of attack at least as effectively as by using IPv4 NAT, but without the operational disadvantages of NAT. • New IETF draft on this just published (IBM, Cisco, TTI Telecom) • draft-vandevelde-v6ops-nap-00.txt

  33. IPv6: IBM status • IBM intends to enable IPv6 on all significant platforms and middleware, in response to evolving market needs • Released IPv6 stacks on our main operating systems • Linux also has good IPv6 support • Plans for all major middleware products in the next 2-3 years • Thus far NO application or middleware developer reports special difficulty in upgrading to support IPv6 as well as IPv4. "It's just work.“ • IBM SWG is tackling this, largely in response to the DoD requirements - but it takes time, as every component has to be checked.

More Related