I had an opportunity to talk to Manfred Arndt about HP Networking's UC&C or Unified Communications and Collaboration strategy, and called into Manfred's #HPNetworkDay presentation to listen to the discussion.

The session started with a lively debate over the definition of UC&C - and whether it is best delivered as a service via public clouds; or as an enterprise offering through a IT hosted by the enterprise as a private cloud.  The point was also made that one size does not fit all, and that UC&C requirements vary depending on your business needs, the individual role within an organization, and demographic/geographic preferences – for example, with a hospital taking advantage of wireless voice and location based services, but a call-center needing a completely different set of applications.  Greg (@etherealmind) suggested that his iPhone delivered enough UC&C for his needs.

Click through to the article to read more about how UC&C isn't just voice or video, how an open standards-based network is critical to support UC&C, and how you can build the business case to move to UC&C. The slides from the presentation are embedded at the end of the post.

I’m excited to be one of the hosts for HP’s Tech Bloggers Day(s) this week (Aug. 23-24, Twitter hashtag #HPNetworkDay). The list of blogger attendees includes: Jeremy Gaddis (http://evilrouters.net), Greg Ferro (http://etherealmind.com), Alex Williams (http://www.readwriteweb.com/enterprise), John Obeto (http://absolutelywindows.com), and Andy MCaskey (http://sdrnews.com). Naturally, I’ll be covering HP Networking’s recent security news and strategy, particularly our focus on the data center and recent news about security virtual environments and our Secure Virtual Framework (SVF).

Security for virtual environments is known to be a challenging technology, and it’s increasing in importance as organizations continue to consolidate their data centers, while both server and network virtualization becomes ever more prevalent. I usually sum up the problem for audiences by pointing out the dichotomy of having the industry’s leading in-line IPS appliance from TippingPoint, and the challenge of placing any physical device “in-line” in a virtualized data center environment where: 1) applications and virtual machines are always migrating between hosts (if not data centers) and 2) may not even hit a “real” network when two virtual machines on the same host share east-west traffic that, by policy, should be analyzed and secured. Security devices, of course, whether an IPS or Firewall, have to be in-line with the network flow to enforce policies and block malicious traffic.

There are few optimal solutions to this challenge, and even fewer standards between the various constituent vendors, but the approach developed by HP TippingPoint is rather elegant in design, simple to deploy and manage in large data centers, and takes advantage of the best features of our S-Series IPS appliances. The SVF consists of: 1) a highly scalable N-Platform IPS appliance, 2) a software layer deployed into the Hypervisor that redirects relevant traffic (per the security policy desired) to the external (outside the host server) IPS box, and 3) management extensions to the VMware management platform that manages and configures the virtual machines and hypervisors and defines the security policies to be enforced.

In the case of two applications resident on the same server host, this kind of traffic redirection introduces some network hops that may not otherwise be required, but the overall latency is extremely minimal when you consider that only the east-west traffic ever would require inspection (north-south traffic can be handled as it enters the data center), and that only certain east-west traffic applies, depending on application zones and policies. This inspection policy may apply to only PCI-related data accessed from applications outside a particular trust zone, which the redirection engine in the hypervisor can determine and redirect.

Arguably (and this is why technology is so fun, there are always design issues and points of contention, aren’t there?), a better approach could be to put an entire IPS in software in the hypervisor or the virtual machine itself. This may result in better overall performance, but greatly depends on the amount of traffic being inspected and what is being analyzed by the IPS. The HP TippingPoint appliances are purpose designed for high-throughput and parallel processing of various analytical filters that no software-based IPS can compare to. But ultimately, both approaches are valid and customers will want to have the choice.

We look forward to the vigorous debate, sharing more details, and a demo of SVF for our blogger guests, as well as sharing more details and strategy of our HP TippingPoint S-series product family.

Editor's note: We captured a short video of Gary just after his presentation in which he summarizes what he discussed: