1
© 2002 IBM Corporation
IBM Research
Internet Act II November 25, 2004
Internet: Act II
Krishna NathanVP ServicesDirector Zurich Research Laboratory IBM Research
IBM Research
Internet Act II November 25, 2004 © 2004 IBM Corporation 2
Internet: Act II
Number of users
Number of devices
Speed/bandwidth
Amount of content
Number of applications
The Internet Revolution is far from complete
We are entering a new phase of Internet
applications
IBM Research
Internet Act II November 25, 2004 © 2004 IBM Corporation 3
Technology Revolutions
Mainframe Revolution
Internet Revolution
Pervasive Revolution
PC Revolution
IBM Research
Internet Act II November 25, 2004 © 2004 IBM Corporation 4
Mainframe Revolution
Internet Revolution
Pervasive Revolution
PC Revolution
e-business
Improve intra-organizational productivity
Streamline business processes between organizations
Introduced new business models
Technology Revolutions
Internet Revolution
Pervasive Revolution
IBM Research
Internet Act II November 25, 2004 © 2004 IBM Corporation 5
Mainframe Revolution
Internet Revolution
Pervasive Revolution
PC Revolution
Technology Revolutions: Business Benefits
Pervasive Wireless enabling the On Demand Era
Real time sense and response to core applications
Access to mission critical data from any location
Connect people, data and processes on demand
Decision making and communication without human intervention (Autonomic computing)
Pervasive Revolution
IBM Research
Internet Act II November 25, 2004 © 2004 IBM Corporation 6
Any Device
There will be over one trillion devices by 2005
Number of communicating data devices growing from 2.4 billion to 23 billion in 2008 and one trillion by 2012
Source: IDC Research 02/2004
RFID &Interactive Sensors
All devices can communicate with and understand one another
IBM Research
Internet Act II November 25, 2004 © 2004 IBM Corporation 7
Any Data
0
200,000
400,000
600,000
800,000
1,000,000
1,200,000
2003 2004 2005 2006 2007 2008
Amount of data accessed will explode to 1.075 Zettabytes (1018) by 2008
Variety of Data
Driving the need for a flexible architecture
Creating opportunity for business transformation
Amount of data received or transmitted by device (in Petabytes/Day)
Computers
IndustrialAutomobile
Mobile
Entertainment
Seamlessly communicate exploding amount of data on demand, to support people and business processes
IBM Research
Internet Act II November 25, 2004 © 2004 IBM Corporation 8
FutureSystem-on-Chip
MEMS BBDSP
AFE
Multi- or SingleStandard Radio(MSR or SSR)
Advanced Radio Technologies
Source: IBM modified after Intel Source: IBM
MSR: Data Concentrator
SSR-MSR: Control Point
SSR: Sensor or Actuator
Link to Network Infrastructure
Meshed Sensor, RFID and Control Networks
Advanced Radio Technologies
Wireless capability will be incorporated into devices, appliances, sensors, etc. as “standard equipment”
Multi-standard radios (MSR) supporting all types of wireless computing platforms will enable anytime, anywhere connections
Low power single-standard radios (SSR) will enable sensor networks
Emerging radio technologies will penetrate non-PC devices and accelerate pervasive connectivity
IBM Research
Internet Act II November 25, 2004 © 2004 IBM Corporation 9
Directional Shift in Network Traffic
1:50
Web Server
Client Server
1:1
VoIP Conversation
Client Server
1:1
P2P File Sharing
Client Server
100:1
Sensor/RFID System
Sensors Server
The massive deployment of smart, networked sensors will dramatically affect network volume and traffic patterns
Traditionally, client requests accommodated by caching
In future, computation will move to the edge of the network to aggregate, synthesize and filter data
IBM Research
Internet Act II November 25, 2004 © 2004 IBM Corporation 10
Future Networks
Supporting very large number and variety of devices
Wireless communicators: Cell phones, PDA’s, pagers …
Interactive “smart” sensors: health monitors, environmental sensors …
RFID tags
Enabling “true” mobile computing Complete range of service (internet,
TV, VoIP, …) Self-configuring Seamless roaming On demand remote storage
Data, voice and multimedia will be carried over a heterogeneous physical network running IP
PAN
Server
Gateway
PSTN Enhanced IPCore Network
Base station
WLAN
Access-point
Intelligent networkelements
CellularRadio
AccessRouter
Location-based
Services
On Demand Storage
PAN
Distributed storage
Edge of NetworkServices
SAN
Smart Sensors / RFID tags
IBM Research
Internet Act II November 25, 2004 © 2004 IBM Corporation 11
IPv6 is key to the next phase
Uniform global address space Ample supply of addresses
Eliminates the problem of ambiguous “private” addresses and network address translation
Automatic configuration
Complete Mobile IP solution
Global addressability allows end to end security
Number of people
Number of unique IPv4 addresses
Trillion nodes squeezed into 4.3 billion IPv4 addresses ?
IPv6: 340 billion, billion, billion, billion addresses !
IPv6 represents a major step in the Internet’s ability to scale and support new applications
IBM Research
Internet Act II November 25, 2004 © 2004 IBM Corporation 12
Semantic Connectivity
Future pervasive IP-based networks Today, applications implement the network and transport functions needed to
facilitate the seamless mobility of users in the application layer In the future, the internet protocol stack will be augmented (layer X) to provide
the semantics and application layer information required for intelligent routing
Layer 6: Presentation
Layer 5: Session
Layer 4: Transport
Layer 3: Network
Layer 2: Media Access
Layer 1: Physical Access
Layer 7: ApplicationDiscovery,Addressing,Routing
Layer 6: Presentation
Layer 5: Session
Layer 4: Transport
Layer 3: Network
Layer 2: Media Access
Layer 1: Physical Access
Layer 7: Application
Routing,Fixed Addresses
Traditional Current
Layer 6: Presentation
Layer 5: Session
Layer 4: Transport
Layer 3: Network
Layer 2: Media Access
Layer 1: Physical Access
Layer 7: Application
Layer X: Discovery, Addressing
Future
IBM Research
Internet Act II November 25, 2004 © 2004 IBM Corporation 13
Web Services Complete the Internet Protocol Stack
TCP/IP
Network
Computer
Business Process
Person
BPELSOAP
Application
Presentation
Session
Transport
Network
Data Link
Physical
1995
Tannenbaum, 1981
A New Programmingmodel and computingplatform is emerging
Based on collections of web services (not networks of computers)
Complex sets of distributed services will appear as though they exist and run on a single "machine" - a virtual computer
A runtime environment will be required to support the semantics and expectations associated with this new programming model
BPELSOAPXMLHTMLHTTP
IBM Research
Internet Act II November 25, 2004 © 2004 IBM Corporation 14
Virtual Computer Abstraction
Virtual Middleware
Virtual OS
Virtual Engine
New Apps
Cross system frameworks for business integration and other common functions
Set of distributed services
that transparently manages
processes & resources
Distributed, heterogeneous set
of computers, operating
systems and networks
Virtual Abstraction Physical Resources
Virtual Computer
IBM Research
Internet Act II November 25, 2004 © 2004 IBM Corporation 15
The World of "On demand"
On Demand Business Responsive in real-time Variable cost structures Focused on what's core and differentiating Resilient around the world, around the clock
On Demand Operating Environment Integrated Open Virtualized Autonomic
www.ibm.com/ondemand
The Grid is a key part of the foundation for On Demand e-business
IBM Research
Internet Act II November 25, 2004 © 2004 IBM Corporation 16
On Demand Operating Environment
Integrated New Interaction
Paradigm Empowering People Efficient information
routing
Open Standards Web Services Components based assembly Declarative not procedural
Virtualized Virtual Computer Distributed
Autonomic Manageable
complexity Resource utilization Resilient
Linux
OGSA
SOAP
WSDL
XML
A new game changing IT platform is emerging
IBM Research
Internet Act II November 25, 2004 © 2004 IBM Corporation 17
Security and Privacy
Increased connectivity, diversity of devices, global resource sharing and richer applications increase complexity, amplifying the vulnerability of the network and escalating the privacy concerns
New security and privacy policies will be required
Establishment of “trusted” devices, servers and gateways will be required to accommodate dynamic network infrastructure and provide end-to-end security
Pervasive connectivity and on demand computing will increase security and privacy concerns, requiring new software and hardware solutions
Low
High
1980 1985 1990 1995 2000
Passwordguessing
Self-replicating code
Password cracking
Exploiting Known Vulnerabilities
Disabling audits Burglaries
Back Doors
Sweepers
Hijacking sessions
Sniffers
Network management diagnosis
Packet spoofing
GUI
Automated probes and scans
Denial of service www attacks
"Stealth" / advanced scanning techniques Distributed attack
tools
Cross-site scripting
Staged attack
Low
High
Internet availability of attack scripts
Intruder Sophistication
Attack Sophistication
Attack sophistication increases while intruder sophistication decreases
Source: Network Infrastructure Security (C) 2002 Gary McGraw
IBM Research
Internet Act II November 25, 2004 © 2004 IBM Corporation 18
Notoriously Difficult Security Problems
Massive inflow of vulnerabilities Time to exploitation is shrinking Increasing sophistication of attacks vs. automation of malware
Poorly designed software Poor engineering, poor usability
Minimal outflow Well-known vulnerabilities do not get fixed, exploitation peek often after
release of patch
Growing complexity of (security) management Complex set-up and administration, many ways to do the same thing Never changed standard passwords and settings/profiles Helpdesk and other social attacks
OS, routers, application monocultures Write once, attack everywhere
Secure Internet protocols (IPSec, SSL, ..) do not
address these problems
IBM Research
Internet Act II November 25, 2004 © 2004 IBM Corporation 19
Application owner sets the domain policy
Strong isolation on the platform protects the app component from
other apps
Virtual Trust Domain BVirtual Trust Domain A
Well-defined control points for inter-trust domain interactions
TPMs on all devices provide anchor for strong authentication
Virtualization Virtualization
Virtualization Virtualization Virtualization
AApp
AApp
AApp
Virtualization
AApp
BApp
BApp
BApp
Towards a More Secure Infrastructure
All comm. is authenticated and protected
IBM Research
Internet Act II November 25, 2004 © 2004 IBM Corporation 20
Privacy Research Roadmap
Today’s focus: Assessment and
descriptions of practices
Enforcement and audit Building tools
The next steps: Cross-domain privacy
and identity management Design methods and
process design tools Privacy patterns and
tools for specific applications
The challenges: Privacy by default Predictable and measurable
trust and privacy Privacy in times of pervasive
sensors, virtually unlimited storage and computing power, and totally connected systems
New business models that favor privacy
IBM Privacy Research Institutewww.research.ibm.com/privacy
IBM Research
Internet Act II November 25, 2004 © 2004 IBM Corporation 21
Internet: Act II
Pervasive connectivity: One trillion of connected devices by 2012
Grid computing evolving into “on demand computing”
IPv6 represents a major step in the Internet’s ability to scale and support new applications
Security and privacy are critical to the future of Internet
We are entering a new phase of Internet applications
IBM Research
Internet Act II November 25, 2004 © 2004 IBM Corporation 22
Seeing Old Things in New Ways
IBM Research
Internet Act II November 25, 2004 © 2004 IBM Corporation 25
New disruptive technologies, such as WiMax, may also offer potential threats to wireless operators’ voice and data revenues
Q1-2004 Q2-2004 Q3-2004 Q4-2004 Q1-2005 Q2-2005 Q3-2005 Q4-2005
Tech
no
log
y E
volu
tion
Pre 802.16
802.16a
802.16ePilot
Strateg
ic R
ation
aleP
rod
uct
Evo
lutio
n
Broadband DeploymentLaunch wireless broadband service to areas without broadband access
Triple PlayUse 802.16 standard technology to offer voice, video, and data in selected markets
Enhance customer retention Provide for revenue growth Bundle with other IP services
Compete with Cable Fully leverage the economics of 802.16
Test technology, service delivery, and project economics
Pilot
IBM Research
Internet Act II November 25, 2004 © 2004 IBM Corporation 26
Example of Network Convergence
Converged applications over data networks VoIP - Growing rapidly in enterprises
• Cable companies offering VoIP service Delivery of entertainment (TV, video-on-demand, games, etc.)
2001 2002 2003 2004 2005 20060
20
40
60
80
100
120
140
Th
ou
sa
nd
s
Circuit Switched Voice MinutesIP Telephony Voice Minutes
Enterprise Circuit vs. IP Telephony Minutes
Relative Use of Voice and Data in Enterprise Private Exchange
Voice
Data
0%
20%
40%
60%
80%
100%
2000
2001
2002
2003
2004
2005
2006
2007
2008
2009
2010
Per
cen
t o
f T
raff
ic
IBM Research
Internet Act II November 25, 2004 © 2004 IBM Corporation 27
Business companies are increasing installing IP equipment with IP enablement but uncertainties remain on VoIP usage
At the start of 2004 largest companies were using VoIP• 25% to 30% of American companies
23% of Japanese companies• 15% to 20% in Europe where the UK then northern Europe are
leading the way
Drivers and inhibitors to VoIP’s deployment
Drivers Obstacles
Reduced on-net traffic charges Investments
Removal of a portion of phone access Security
Traffic sharing on a single network Difficulty of calculating ROI and TCO
Savings on human resources Reconfiguration of the internal network
Cost reductions when moving offices, extending services and changing sites
Increased productivity and mobility
IBM Research
Internet Act II November 25, 2004 © 2004 IBM Corporation 28
VoIP systems are ideal for businesses that interface with customers by phone and need to improve customer service
VoIP enables applications that reside on the converged network VoIP makes a better alternative to more traditional customer service solutions as it supports:
wireless access high-performance teleworker solutions improved unified communications
In call centers VoIP is more effective than traditonal solutions It enables to add remote teleworkers seamlessly to staff calls Since the calls can be routed anywhere seamlessly, remote workers will have the same
information about the caller and account information. It can eliminate long distance charges, offering expert resources anywhere in their
network It allows the latest applications to be networked anywhere, providing more features
and added scalability The cost of call center applications will come down, making call center applications
(IVR, CTI and speech recognition) more affordable to smaller businesses and remote locations.
Key benefit of VoIP is the ability to manage and measure customer interactions through the use of sophisticated network-wide reporting and management tools and the ability to quickly make changes across the network to improve customer interactions.
IBM Research
Internet Act II November 25, 2004 © 2004 IBM Corporation 29
What is SIP?Session Initiation Protocol A signaling protocol for setting up multimedia sessions
between endpoints
Fundamental shift from PSTN : infrastructure consists of software on standard servers
SIP designed in line with other Internet protocols by the IETF
Uses overlay control network consisting of SIP Proxies to route SIP messages : Media path (RTP/UDP) decoupled from signaling
name@domain addressing; message syntax similar to HTTP
SIP provides Session setup/modification/handoff/tear-down :
Voice/ Video over IP - Mobility control Presence & Instant Messaging : Signaling message
carries the IM as payload (SIMPLE) Publish/subscribe mechanism : SUBSCRIBE/
NOTIFY to events Supports calls to/from PSTN
Examples of SIP adoption VoIP : Vonage, CableVision,… IM : Lotus Sametime Push-to-talk : Sprint PCS, Verizon Wireless Collaboration software : Microsoft Live Office
SIP proxy
RTP/UDP packets
SIP proxy SIP
proxy
Router Router
200 OK
ACK
INVITE sip:[email protected]
sip.victormoore.com
SIPUser Agent
Client
SIPUser Agent
Server
BYE
200 OK
Media Stream
IBM Research
Internet Act II November 25, 2004 © 2004 IBM Corporation 30
Major benefits of IPv6
Automatic configuration stateless, for manager-free networks stateful (DHCPv6), for managed networks help for site renumbering
Better aggregated routing tables than IPv4 Complete Mobile IP solution Global addressability allows IPSEC end to end.
mechanisms for secure firewall traversal will come Simplified header format with clean extensibility.
allows effective header compression Provision for a QOS flow label.
3.4 * 10^38 addresses!
IBM Research
Internet Act II November 25, 2004 © 2004 IBM Corporation 31
Critical advantages of IPv6 for a services oriented architecture such as the ODOE or a Grid
Uniform global address space eliminates the problem of ambiguous “private” addresses and network address translation
Potential for massive scaling Avoid interworking units within a VO
Autoconfiguration and ample supply of addresses are a big plus for flexible infrastructure configuration
Grids and Web Services use transport and application level security, but IPv6 network level security is also an advantage
IBM Research
Internet Act II November 25, 2004 © 2004 IBM Corporation 32
Security and Network Architecture Protection (NAP)
Security is a lot more than IPsec Transport level (TLS/SSL) and applications level (e.g. Web
Services Security) remain fundamental
NAP: By combining features of IPv6, such as using globally routeable addresses, unique local addresses, and privacy addresses appropriately, a network domain can be effectively protected against many forms of attack at least as effectively as by using IPv4 NAT, but without the operational disadvantages of NAT.
New IETF draft on this just published (IBM, Cisco, TTI Telecom) draft-vandevelde-v6ops-nap-00.txt
IBM Research
Internet Act II November 25, 2004 © 2004 IBM Corporation 33
IPv6: IBM status
IBM intends to enable IPv6 on all significant platforms and middleware, in response to evolving market needs Released IPv6 stacks on our main operating systems Linux also has good IPv6 support Plans for all major middleware products in the next 2-3 years
Thus far NO application or middleware developer reports special difficulty in upgrading to support IPv6 as well as IPv4. "It's just work.“
IBM SWG is tackling this, largely in response to the DoD requirements - but it takes time, as every component has to be checked.
Top Related