At Cisco Live, Cisco announced its next Cloud Scale ASIC. Specifically, it announced it's 25.6 Tbps (512x56G) ASIC for shipment in early 2021. Cisco became the third vendor to announce a 25.6 Tbps ASIC this year, which we see as a higher volume class of ASIC than 12.8 Tbps ASICs. At the same time, Cisco also announced a new line card on the Nexus 9500. Cisco's ASICs have ramped significantly in the Nexus 9K since the platforms market introduction and has continued to gain traction is the DC ASIC business as the Nexus 9K ramps in the Cloud as a strong alternative to Broadcom.
The company continued to push for 800G QSFP-DD, maintaining the companies position of DD as the form factor of choice for optics instead of OSFP as industry consensus on form factor is still fractured.
The Nexus 9K continues to strengthen the software features and offerings for Enterprise and Cloud customers, and we expect the Nexus 9K to expand more into the DCI space with 400 Gbps compared to previous iterations of the Nexus 9K. We believe Cisco's tools around telemetry and security will make for compelling solutions in today's multi-cloud environment.
Microsoft acquired Israeli startup, CyberX Labs today in a move that gets Microsoft Azure into the IoT security market. We have been tracking CyberX for a couple years and have generally categorized it as an emerging player in the Operational Technology Access Control (OTAC) market. More recently, it has smartly repositioned itself as an IoT network discovery, posture assessment and management company. We see OTAC as an adjacent market to an existing, more IT-oriented security market called Enhanced Network Access Control (ENAC). Microsoft explains that CyberX will extend its Azure IoT security capabilities towards devices used in industrial IoT, Operational Technology and infrastructure scenarios, and that, it will allow customers to discover their existing IoT assets, manage and improve security posture of these devices.
We see this move by Microsoft as encroaching into the network security space a bit further than it had before. And, it is using IoT and industrial operations as a means to enter. We sill see the CyberX portfolio as an OTAC company, but since many IoT devices are just Internet Protocol (IP) connected devices, the CyberX portfolio can perform many of the tasks of that of an ENAC system. And so, this puts Microsoft quite closely in competition with the existing leaders in the much-larger ENAC market, namely, Cisco, HPE Aruba, Forescout and Fortinet (listed as a partner on the CyberX Labs website). Cisco and Forescout have announced OTAC products recently, as well. HPE Aruba, a big player in ENAC, had integrated CyberX into its Clearpass ENAC product in 2019 and featured CyberX at its user conference in 2019.
So, given Microsoft is acquisitive these days and clearly has an interest in beefing up its Azure IoT capabilities, and given that Forescout is in the midst of a failed merger bid from investor Advent, perhaps it is time for Microsoft to take a closer look at Forescout.
Network Deployments of MACsec ARE Expanding Inside and Between Data Centers as more Links and Security Concerns are Driving Encryption at All Layers of the Network
Every day consumers put more data in the Cloud and enterprises increase their utilization of Cloud services to conduct business. The Cloud and the digital content it holds continue to make up an increasing portion of the world's economy - even more so with COVID-19 causing a rapid shift and acceleration in digital transformation projects in companies.
To keep up, modernizations that previously took years to deploy are being pushed through quickly because of COVID-19. 2020 is now the year where it is truly Cloud-first, whether that be consumers using Cloud services more for personal activities ranging from interacting with loved ones via Social Media websites to e-learning or the rapid shift to work-from-home (WFH).
With enterprises relying on the Cloud for daily operations, the importance of end-to-end security is increasing every day. In the Ethernet Switch (L2) and Routing market (L3/L3+), the interest in MACsec increases with each speed transition. There is a higher attach rate of MACsec with 400 Gbps products compared to 100 Gbps, and we expect with the data center rapidly moving towards 100G per Lambda and 112 Gbps SerDes that MACsec will play a pivotal and significant role in the 800 Gbps market.
Cloud providers and Telco Service Providers continue to increase their use of MACsec, both inside the data center and between data centers (Figure 1).
Figure 1. MACsec deployment inside and between data centers
End-to-end encryption from the server, often via a SMartNIC, is becoming more common. In the case where a packet crosses between two locations, MACsec encryption secures user/enterprise data from the moment it leaves a Cloud’s data center to the moment it enters. As applications use edge computing resources and become distributed across multiple availability zones and countries, data sovereignty and security become more important and top-of-mind for data center architects.
As Cloud providers and Telco Service Providers adopt 400 Gbps and look toward 800 Gbps, we expect to see more purpose-built MACsec solutions. The data center networking market is also transitioning away from Modular chassis, and toward more Fixed CLOS architectures, we expect more Fixed 1RU solution with MACsec, especially in the DCI layer. DCI will be a new market for Ethernet platforms, and vendors will look towards new features beyond the ASIC, like MACsec, to compete in this space.
- Alan Weckel, Founding Technology Analyst at @650group
Throughout the years, I’ve attended Aruba’s Atmosphere conferences. This year, I missed the in-person connections of the previous years, but Aruba did a great job transitioning over to a virtual event with engaging content…and some green screens. At Aruba’s user conference, Atmosphere, the company informed attendees of its new single-pane, cloud-native platform called ESP. We were impressed not only with ESP but how well it delivered the message under tough circumstances, using Zoom webinar. We want to highlight the ESP launch because it launches the company into a new category, that of single-pane management. We expect that customers value the capability to manage Wi-Fi, Switching, SD-WAN, 5G and IoT using the same system, without “swivel-chairing” between multiple software interfaces. And, by combining all these different “edge” systems to a single manager, this allows for a unified policy, security and insights system.
ESP. What we learned about Edge Services Platform (ESP) at the Atmosphere show. ESP is an automated, all-in-one platform that operates in the cloud or on-premises, and is designed to deliver a cloud experience at the edge. Large or small companies can use ESP, and it is also available on its controller-less APs, and can be used across large campuses down to branches and to remote worker locations. Now, with the launch of ESP, data gathered from APs, switches, IoT devices, user devices and SD-WAN connections are retained in a single location, and thus this data can be analyzed together. Since all the telemetry data is in one place, the company can now use Artificial Intelligence (AI) to improve insights into how the network is performing, to improve the throughput (the company claims 15%), and reduce to the time to resolve issues (the company claims a 90% improvement). Aruba shared with attendees that it has 10M APs at customer sites – we see this large installed base, spinning off a lot of telemetry, as being a key advantage to Aruba, because AI systems get better with more data.
Greenlake. Aruba ESP can be consumed either as a service in the cloud or on-premise, as a managed service delivered through Aruba partner. Customers can also consume it as a network as a service through GreenLake. Greenlake is a Network as a Service offering recently introduced by Aruba that allows customers to pay for equipment and services monthly, as opposed to as an up-front expenditure.
Other new product announcements. UXI-6 sensor - the company announced a new sensor for gathering information from IoT and user systems. This data can be leveraged by software and services to enable asset tracking, contract tracing and other systems. Additionally, the company announced a new Ethernet Switch, the CX 6200 Switch Series. The new switch can run on enterprise campuses, branch access and data centers.
Contact Tracing. The company is also innovating for the future hybrid work environment. They are releasing a new set of contact and location tracing tools, and are working with a partner, Plexus. It uses a variety of data sets: Wi-Fi, BLE/Bluetooth, location-capabilities inherent in the infrastructure, wrist-bands, keycards, or Aruba asset tags. Wi-Fi-only is the base case and is the minimum data set that gets customers started immediately. As additional data sources, primarily those leveraging Bluetooth to improve tracking and capabilities of the contact tracing system. For expanded capabilities, Aruba Technology Partners integrate with Aruba infrastructures to monitor social distancing and group sizes, and generate contract tracing trees of potentially exposed individuals.
On May 28, 2020, we published a paper that shows our thoughts on the importance of using contract tracing, hotspot tracking, and other services that can decrease the risk to employees who are returning to work after companies open up their doors.
Please download this paper for more information.