Thursday, October 12, 2017

Putting the "WHY" in Remote PHY

Author: Todd Gingrass, Solution Director – CCI Systems, Inc.

Todd Gingrass

As operators continue to look at facing the ever-increasing onslaught of data demand from subscribers, we must ask ourselves, “Is there a better way to do things?” We all have heard the unofficial definition of “insanity” as “doing the same thing over and over and expecting a different result,” we can’t just keep going forward blindly doing things like node splits forever as it is not a sustainable practice doing it the way it has been done for the last 5-10 years .

Invoking a New Thought Process


Step back and look at the problems we are facing and what we can actually change. So often, the industry gets so caught up in the low level “geek factor” of all the great products and technologies developed, that we forget to ask ourselves, “What problem am I actually solving?  Am I deploying this because it is new and cool or does it make sense to solve an actual problem now or one we know is coming in the near-term future?”

One of those technologies with lots of buzz right now is Remote PHY (RPHY). It is one of a few competing technologies that live in the arena of Distributed Access Architectures (DAA). At its most basic, root definition, RPHY takes the QAM modulation/demodulation portion of the CMTS and separates it to a location outside of the CMTS. This function will now typically be handled directly in an HFC node in the field or a “shelf” type unit located in a hub or cabinet. The connection between the CMTS and the Remote PHY Device (RPD) is traditional Ethernet.  But we are not here to talk about the broad technology that makes up RPHY. More importantly, we need to talk about what the benefits are and what problems it can solve. 

It is important to first start by identifying some of the more pervasive problems that an HFC operator is currently facing. The number one question is “How will I deal with the ongoing, massive expansion of data bandwidth?” There is not a single operator in the US that is immune to dealing with this, but how the problem manifests for each operator can be very different.

Let Us Explain


Take the case of a rural operator that has multiple serving territories covered by multiple Headends/hub sites. Typically, each of these sites would end up with its own CMTS due to distance limitations of RF Optics performance and the DOCSIS protocol. Many times, in the past, we might have been able to get away with smaller CMTS at these locations due to a lower bandwidth demand. If we want to start slowing down node splits by employing forward-looking technology that is more efficient with RF spectrum like DOCSIS 3.1, this may require deploying a brand new, potentially larger CMTS that is capable of the protocol. This could become quite expensive. What if instead, we could centralize the functions of the CMTS and use nearly any type of IP network to interconnect to the sites in order produce the DOCSIS carriers via a RPHY shelf? If we can connect the sites to an existing network, leased wavelength or even a data circuit, we can run Remote PHY. From this example alone, we can see benefits of hardware reduction, power savings, support cost reduction and operational ease of only having a single CMTS. Not to mention achieving the goal of deploying the more forward-looking technologies that you set out to do which may have otherwise been too costly.

On top of this example, here are a few more benefits that we can see from Remote PHY:
  • By taking the RF QAM generation out of the CMTS, it turns the platform into an IP in and IP out piece of equipment. This typically allows the CMTS platform the ability to handle more bandwidth through it if it has the proper backplane and processing capability. This, in turn, allows an operator not to have to deploy as many individual CMTS units as in the past, thus saving valuable rack space, power, cooling and common control hardware along with management time and support and maintenance contracts.
  • By moving the PHY layer of the CMTS potentially out to the node, you can have a compounding effect on how much more efficient DOCSIS 3.1 is. DOCSIS 3.1 will run at higher modulation orders when SNR gets higher. When you take out any or all the typical RF Optical link and turn it into a digital IP link, you end up removing a sizable component of the SNR that can, in turn, lead to the higher modulations. Thus, having the capability of being able to push more data through the same amount of RF spectrum as before.
  • When looking at making an outside plant architecture change of cascade reduction of anything smaller than what the operator has today all the way down to Node + 0, the potential number of transmitters and receivers needed could potentially become overwhelming from a space and powering standpoint. In contrast, Remote PHY uses high-density Ethernet switching in place of an RF combining network and the Ethernet links in place of the RF optical links. This offers the potential to greatly reduce the space considerations needed.
  • There are another two benefits of using Ethernet as the transport for Remote PHY. The first is the ability to now potentially mesh the RPHY transport into an already existing long haul and/or metro IP network. This allows for a great efficiency of getting two benefits out of the same IP transport network. The second benefit of using Ethernet is the ability to gain the potential for true redundancy further out into the network due to the resiliency of many IP protocols.

Many of these benefits were realized recently by a customer of CCI Systems that deployed a fully converged CMTS and video deployment (CCAP) over Remote PHY into a serving territory that needed to now have 1 Gbps/s services utilizing DOCSIS 3.1. This operator needed to provide all their services for voice, video, and data over a single leased circuit. This proved to be a perfect application for Remote PHY as it allowed the operator to garner much greater efficiency in density of their CMTS, minimized the footprint of gear needed to be deployed in the serving territory and increase the modulation profile of the DOCSIS 3.1 carriers that were implemented, thus giving the operator more data throughput in the same amount of RF spectrum. 

CCI Systems worked with the operator from beginning to end on the project, starting with listening to the needs to understand the problem to solve. It was quickly determined that Remote PHY would provide the operator the best technical and financial solution for not only this opportunity but also for the future for growth. CCI Systems then completely designed and procured the entire end to end solution including the CMTS, IP switching architecture, video ingestion and delivery, Outside Plant nodes and passives (N+0), and any OSP facilities needed like cabinets and powering. Moving to the delivery phase, CCI deployed the entire solution while working very closely with the customer staff so they would be able to quickly take over the solution for day to day operations.

From a solution perspective, CCI and the operator relied on multiple platforms from Cisco. The Cisco cBR-8 was used as the CMTS platform along with the GS7000 node to provide the Remote PHY delivery in the plant. Cisco switching was utilized for aggregation of the Ethernet network.  CCI also integrated multiple other 3rd party items to complete the entire solution from Headend to outside plant.

Learn More at the SCTE Cable Tec Expo


Do you want to know more about the end result of the example presented above? CCI and Cisco will be on-hand all week at the SCTE Cable Tec Expo in Denver, CO to discuss RPHY options with operators. Visit booth #1319 to speak directly with blog author, Todd Gingrass, regarding your network’s challenges and future demands and better understand what solution is right for you.

Tuesday, October 10, 2017

CCI Systems Improves Customer Experience With Help From Five9

[Blog originally written by Liz Pedro and featured on www.five9.com

“Since implementing Five9, we've seen our agent availability percentage increase by 10-15%. We've also seen less dropped calls thanks to the implementation of the queue call back, and we've been able to improve our call routing from our previous phone system setup.” - Jacob Shields, Call Center Manager, CCI Systems

CCI Systems, based in Iron Mountain, Michigan, provides across-the-network communication solutions to service providers, healthcare, educational, power, and hospitality industries. “We have two call centers, one in Iron Mountain, Michigan and one in Denver, Colorado,” explains Shields. “Our agents provide technical support for guests staying in hotels, residential and small/medium business cable modem customers, and commercial circuit (fiber) customers across the U.S.”

While CCI Systems had an existing contact center solution in place, they weren’t satisfied. “We were looking for companies that were developer friendly, scalable, easy to manage, and could make adjustments on the fly,” explains Shields. “We considered competitive solutions but chose Five9 because of the robust features, and integration with so many other solutions, with a very powerful API.”

CCI Systems implemented their Five9 solution in 2016. The benefits that CCI Systems has experienced since implementing include:

  • Agent availability increase by 10-15%
  • Added after call surveys to provide insights for improved customer satisfaction and employee coaching
  • New capability for queue callbacks which led to less dropped calls
  • Custom reporting tied into their database through the Five9 API
  • Improve call routing leading to improved customer experience

There are three main reasons Shields recommends Five9 solutions to his peers:
  1. Five9 Account Management Team: “They are some of the best to work with and made sure we were taken care through our entire customer journey.”
  2. Five9 Implementation Team: “This team is one of the best teams I have worked with. They made sure we understood everything and had a grasp on what was being deployed. They also made sure we had all the documentation and were willing to re-review if we did not understand. The follow-ups were phenomenal.”
  3. Five9 Support Team: “They are there when needed and can quickly answer most questions. If they are unsure of the answer, they worked to get us the answer or over to the right person. The follow-ups are great as well to make sure the ticket could be closed.”


For more information on Five9 visit their website at www.five9.com.

Reach out to CCI for all your customer support needs - our experienced technicians and staff are available to assist 24/7/365.


Thursday, March 9, 2017

Network Security Through the Eyes of a 'Cable Guy'

News Flash! The world of the traditional cable service provider is changing...
Written by CCI Solutions Director, Drew Kempen

We all know about how consumers are consuming video via streaming; about the growth of DOCSIS and Internet services; about how the Internet of Things (IoT) is bringing massive amounts of new devices into the network; and about how almost everything we do as a consumer continues to migrate to the ‘cloud’. In short, everything is moving to ‘IP’. 

Unfortunately, growing the capacity and speed of the network isn’t the only area of concern that comes with this change. With IP, network security becomes a huge concern. Oftentimes, security of the headend-to-consumer pipeline has been overlooked in the traditional cable service provider environment. It is also not the sort of cost that many traditional service providers are used to stomaching. So how does someone who is not a security expert, or even an IP expert, wrap their heads around security? And how can you justify requesting funds to spend on security?

Why does my system need security?

There are a number of reasons operators need to begin to take security seriously. The most overt and publically familiar concern is being maliciously hacked. This is when hackers are accessing[G1]  your network or subscribers off your network to gather personal information, business data, insert malware, or hold you digitally hostage. We all hear the horror stories of companies being hacked, identity theft, computers being taken over, networks crashing, and so on.
CCI’s Security Solutions Director, Andy Erickson, points out “Ransomware has become the malware of choice for many hackers.” Ransomware is on its way to becoming a $1 billion market (Taylor, 2016).  This issue is not getting better, it is getting worse. Yet we still see many operators continuing to play Russian roulette by putting off investing in security solutions.



Second, attacks are happening all of the time. No unprotected network is safe. Every operator experiences these attacks and most don’t know they are happening at all. Imagine running a large business with hundreds of employees, products, revenue streams and costs. Now imagine the only report you get is dollars in and dollars out. Basically, you know how much money you are making. How easy would it be to hide fraud, wasted dollars, and identify critical aspects that allow you to know how each product and employee are performing? Network security today is like that. Your IP bandwidth is that business, and everything is hiding in the IP packets. It could be legitimate traffic, it could be malicious traffic, or it could be useless or DDoS generated traffic. You only see how much traffic is used. 

Examine the large DDoS attacks we have seen in the news lately about services such as Amazon, Netflix, and so on being taken down. These are not shut down by someone from Russia hacking their sites. The hackers hack entire groups of IP devices in people’s homes and program them to request access to an IP address all at one time. Take the massive outage that occurred late last year that affected the east coast of the United States. This was a DDoS attack against Dyn where the attackers used IoT devices to effect and attack (Newman, 2016). We are talking about refrigerators, watches, phones, tablets, thermostats, etc. This happens all the time and will happen with more frequency as more and more devices come online and are unprotected. 

How do I justify the cost?

Investing in security is not as unfamiliar to cable operators as many may think it is. Consider video encryption requirements and the challenges the presented for the entire industry from both a technical and financial aspect. This was to secure the content. This introduced millions of dollars of cost to operators simply to meet requirements. Today, security is different and more complex.  However, unlike the investment in encryption, these security technologies offer the opportunity for new and next-generation revenue generating services. 

For the sake of an example, let’s assume that when your traffic is at peak burst time, that 20-25% of that actually turns out to be malicious or attack oriented bursts. You provision your entire network because of peak time traffic usage. For a cable/DOCSIS operator, that is the difference between 16 and 20 DOCSIS QAM or 24 and 32 QAM. Without visibility into this traffic, huge amounts of money may be being spent to scale a network faster than it needs to be scaled. At first glance, these percentages seem high but look no further than last January’s Arbor DDoS report that clocked the largest ever DDoS attack at 500 Gbps[G2]  (Ungureanu, 2016).  Many respondents to the report saw an over 100 Gbps[G3]  attack during the year. Again, this problem isn't getting better, it is getting worse. As more and more devices come online, this percentage will inevitably rise. Now is the time to gain visibility into this and implement solutions to stop that traffic. [G4] [G5] 

Potential Monetization

There is also a value to the consumer. Next-generation firewalls provide a huge security benefit. Coming from a cable guy, using the term ‘firewall’ for this solution is very misleading. When most people think of firewall, they think of some mass marketed software that everyone has tried, yet we always seem to get viruses on our devices one way or another. Unfortunately, this has been the only layer of security most consumers have ever had. These next-gen network firewalls actually provide many of the benefits of a desktop security solution and more. Not that you would recommend not having desktop security on a computer, but Anti-Malware detection for the entire home is part of these network firewalls. It provides an additional layer of security for the entire IP stream to that home. 

Deep packet inspection is also a key feature of these network firewalls. Malicious programs and code are hidden within the IP packets. Unless you unwrap and analyze the contents of these packets, you will not be able to find the illegitimate source code. Next-generation firewalls provide this capability which helps protect your network and your subscribers. It is important to remember that as consumers information and data continue to migrate to the digital realm, it is not just data that needs to be secured, it is their life, intimate information, and identities. 

These values can translate into and additional revenue generating service to subscribers both commercial and residential. For example, let’s assume you have a 100 MB data tier. 

Option 1:
100 MBPS Class of service- Unlimited Data = $79.99/mo

Option 2:
100 MBPS Class of service- Unlimited Data= Whole home network security, firewall, malware protection, virus prevention, all-device protection = $89.99/mo

You could throw in an option 3 ‘business class’ that offers DDoS protection as well. The primary point is that you now have the capability to realize an additional revenue stream for an area of growing importance and relevance for your subscriber base. This is valuable especially considering the shrinking revenue and income generated by traditional video.

From a solution standpoint, there are many layers of security to be considered. For example, there are network-wide options that also help with the problems, such as Cisco Umbrella (OpenDNS) and Arbor DDoS detection, and mitigation solutions. 

CCI Systems CTO Matt Reath comments regarding the value of this solution; “In this case, a service provider can setup up their network and subscribers to utilize the open DNS solution so that DNS requests are scrubbed and requests protected. Arbor looks at all packets going in and out of the network and alerts and reacts to DDoS attacks. This combined with proper end-user education and in-home firewall systems creates a multi-layered approach to security.” This multi-layered approach is critical to offering a comprehensive solution for security. 

CCI’s Security Solutions Director, Andy Erickson proposes; “From a Service Provider’s perspective, security can be implemented in a phased approach:  crawl, walk, run.  Next-generation firewalls with Cisco’s Umbrella is a great starting point and can be the foundational framework for your security to build from.” In conjunction with this solution approach, CCI offers security consulting in a crawl, walk, run method. This starts with providing visibility into network attacks that are happening and security threat assessments of the current network. 

Summary

Network security should not be looked at as optional or as an ‘insurance policy’ any longer. It should be a requirement for the foundation of any long-term strategy. How many operators sink millions of dollars to make the physical layer redundant? Fiber links, line cards, switches, etc., all to increase reliability and minimize downtime. It’s time we all start understanding the preventative nature and benefits of enhanced network security solutions, as well as the asset they are to our systems and services we can offer to our subscribers.

For more information or to discuss your network’s security strategy, reach out to CCI on social media or contact us at info@ccisystems.com.





References

Taylor, H. (2016) Ransomware Spiked 6,000% in 2016 and Most Victims Paid the Hackers, IBM finds. Retrieved February 7, 2016 from www.cnbc.com
Newman, L. H. (2016) What we know about Friday’s Massive East Coast Internet Outage. Retrieved February 7, 2017 from www.wired.com.
Ungureanu, H. (2016) Worlds Largest DDoS Attacks Breaks Records, Clocks at Massive 500 gbps. Retrieved February 7, 2017 from www.techtimes.com.

Thursday, February 2, 2017

Are we prepared for bandwidth growth?

Analyzing the 50% Growth Rate of Data

Author: Drew Kempen, Solution Director - Strategy & Consultin


Since the inception of consumer data services, history has shown that a 50% data growth CAGR on a year-over-year basis is seen. At least when averaged out over that time period. That essentially breaks down to a doubling of traffic usage every 18 months and corresponds with Nielsen’s Law (Nielsen, 1998). This continual growth rate presents a significant challenge for operators who continue to need to migrate and scale their networks. One would think that a provider that provisions their network for 50% utilization of available capacity would be smooth sailing for awhile.  In relative terms, that may be correct but it still means you may be at 100% utilization in just 18 short months. The network never stops growing.

Much of this growth over the past decade has been the gradual transition of consumers to Over-the-top streaming services. Companies like Netflix, Hulu, Amazon, YouTube and now SlingTV and DirectTV-Now have brought an entirely new experience to the subscriber. In addition, more and more data moves to the cloud. Information once stored on disks and hard drives such as video, pictures, data files, and backups are now becoming common cloud operations consuming larger amounts of downstream and upstream bandwidth. As people continue to migrate to this method of IP-delivered video, this growth trend of data usage will continue. 

One must ask the question however, will this ever slow down, or will it speed up? Many operators have a difficult time planning past 18 months. For those who are trying to be proactive, they are probably basing their growth on a 50% CAGR. Others, however, are being extremely proactive by rolling out 1 GB service initiatives today. Much debate has been had over the practicality of a 1 GB service. Other than marketing, what is the true need?  When will we really ‘need’ that much pipeline. 

At the doorstep is 4K and HDR technologies. The typical streams for these technologies can range from as low as 15 MBPS to over 30 MBPS and varies based on if it is true 4K, frames per second, and compression technologies. However, even at worst case and with a number of simultaneous streams, a household may only be pulling 100-200MB of traffic.  Certainly a hog on the aggregate bandwidth, but barely a dent in a 1 GB service. The evolution and adoption of these services via IP certainly seems to fit well into the 50% growth CAGR of data when looking at a 5-10 year period. 


For example: Assume that the peak utilization of data divided by the amount of subscribers is in the 2-3MB range today. This is certainly on the high side for most operators. At a 50% CAGR, this is how that average grows (shown in kbps per sub on average). 

2016
2017
2018
2019
2020
2021
2022
2023
2024
2025
2000
3000
4500
6125
10125
15188
22781
34172
51258
76877


This growth trend and curve fits nicely with the 50% CAGR model that we have seen. As the big push to streaming services carried that curve for the last decade, it will continue to grow by adding additional subscribers as well as the resolution quality of the video advance. 

What could change the model?
There are some reasons for a concern of a disruption of this model. All of this growth has revolved around one thing that has remained somewhat unchanged. The viewpoint of all of these screens was fixed. It was a rectangle. While size does matter in the ABR world, it is still a small viewing window relegated to the size and shape of televisions and devices.  Virtual reality is changing that model. That small window into life now becomes a full 360 viewpoint. 

If you have been to CES the past few years, you have seen the rapid adoption and development of VR technology. At first, it seemed interesting but gimmicky and far from being useful. Then it looked like the next revolution for gaming. Now it looks like the next revolution for video. Today, VR is addictive and immersive. However, content is limited and video quality is far from SD, much less HD. However, the long-term end-game of VR is exactly that. A virtual replication of reality. A 360-degree view that has the same resolution as the human eye is capable. Now, we are a ways from being able to replicate that from a screen and camera standpoint; but the resolution we can achieve today is impressive. 

There is a great article to gather more information on this referenced below where the author points out that a VR stream in 4k would use approximately 300 MBPS (Begole, 2016). That is with some pretty hefty resolution. They also do the math that a 5.2GB stream would be required to come close to replicating the human eye experience. While we may be decades from a human eye experience, 4k VR is certainly realistically achievable in the next 5 years. This would be a truly disruptive service to the traditional 50% CAGR model if these capabilities mature and the demand increases. 

Before you discount the potential of this, consider this: In the 2016 Olympic games, some of the content was made available in VR. By 2020, a much larger amount of Olympic programing will be available in VR and much better quality. Now imagine being able to watch an Olympic event from a stadium seat or floor-side viewpoint in 360 HD. Then imagine watching a basketball game from the scoring table or Saturday night live as if you were sitting in the audience. Perhaps you will be able to buy a ticket to a Broadway show and never leave your living room. The applications and potential are awesome for consumers and stomach churning for network planners! 

Will VR take off? Will people want to wear a headset? Keep in mind that VR is essentially in the ‘Nintendo NES’ phase of its technology cycle. It is going to get a whole lot better and easier to use. 

All of the sudden, a 1 GB service doesn’t just seem like a marketing ploy any longer.  Thankfully, none of this is going to happen overnight and there will be visible signs of when it will happen and the adaptation will be gradual. It is worth noting however that there are signs today that need to be taken into account. We can already see the potential that this will have on the horizon. Do the network enhancements and investments you are making today leave room for migration, scaling and adaptation for this possible disruption? 

It will be interesting to see what happens with VR and if it will disrupt the growth model most network migration plans are accounting for.

CCI can help you ‘Future-proof’ the Network
Future-proofing is in many ways an inaccurate term. Future-resistant is a better term as you never know exactly what will happen in the future. However, the ability to plan for multiple scenarios exists today. This planning is not easy. There are multiple dynamics and metrics to consider that are not easy to analyze. It can take a lot of time and resources that many operators do not have, particularly the mid to smaller operators. For a traditional cable operator, it is all too easy to fall into the fix it when it breaks or shows signs of breaking mentality. 

Fortunately, CCI has the expertise, experience, and tools to help you plan across-the-network. From analyzing growth trends and service migration to architecture migrations.  From the core/route/transport aspect to DOCSIS, HFC, and FTTx technologies. 

For more information, reach out to Drew via Twitter at @drewkempen

References
Nielsen, J. 1998. Nielsen’s Law of Internet Bandwidth. Retrieved January 25th from www.nngroup.com.
Begole, B. 2016. Why the Internet Pipes will burst when VR takes off. Retrieved January 17th from www.forbes.com.

Tuesday, January 17, 2017

CES 2017 Recap: From a Service Provider Perspective

Written by CSE,  Drew Kempen

The Relevance of CES

In order for any business to thrive and grow, it must be able to adapt and plan for changes in the market space. What is changing? When will it change? How will we make that change? What are the options? How much will it cost? Attempting to answer these questions requires a large dose of prognostication. CES is one of the best windows into the future that the service provider industry has. CES is effective because it focuses on the consumer; what they will be using and how they will be using it. This drives the migration of services that are important to consumers, thus driving network changes.

With a tagline of ‘WHOA’, CES 2017 seemed to come up short of anything mind-blowing this year. CES 2017 was essentially 2016 v1.1. We saw primarily the same technologies, slightly more refined. This is an encouraging trend for service providers. For a number of years, there has been much change and uncertainty about which directions both consumers and manufacturers would grow. We are now seeing a more stable and focused technology wave.

Last year, 4K and Virtual Reality (VR) were all the rage. This year, we had a few slight modifications to that. Almost every booth in 2016 had some version of 4k playing video in their booth, regardless of the products they were touting. This year, almost every booth had a VR experience. Also, rather than 4k being highlighted; it was HDR technology that took center stage.

All Things IP

Last year we saw an explosion of new connected devices and concepts. Very few ‘new’ ideas were demonstrated this year, however, there was a strong focus on refining these products. From Streaming boxes to VR to wearables; the focus was on better performance, better design, and more functionality. This stronger focus on technologies allow us to get a clearer picture of where services are going, thus defining which direction our network needs to grow.

4K, HDR and VR will continue to drive the next video transition. However, this transition also comes along with a migration of this video content to all IP. While video is alive and well, it is clear that traditional forms of video services are fading. Consumers are becoming more and more accustomed to on-demand, no/minimal commercial, and a seamless/mobile viewing experience. The crux of future video uncertainty currently rests with the content providers and networks. What will they do with broadcast, commercials, re-transmission rights, bundle requirements, and contract negotiations? With a-la-carte channels, skinny bundles, and quality original programming from OTT players such as Netflix and Amazon Prime; consumers continue to take back power from the networks. No one yet knows how or if they will adapt.

In the meantime, it is the OTT and direct to consumer streaming apps that are taking the lead with 4k, HDR and VR services. True 4K and HDR undoubtedly offer a mesmerizing large screen experience. Just as the theater experience continues to attract 10’s of millions of customers keeping the theater industry relevant, 4k and HDR can do that for the living room experience. As we see the OLED paper-thin televisions develop, it validates that the large screen experience is here for the long-haul.
OLED is Awesome

The thin OLED televisions were arguably the coolest piece of technology at the show. The current generation of LG W OLED TV’s are less than 4mm thick. The newest advancement which wasn’t shown at the show is less than 1mm thick, and can be rolled like a newspaper! It is not difficult to envision an entire wall of the living room becoming an OLED TV in the future essentially making your wall an IMAX theater. Looking even further out into the future, one could certainly see an entire room dedicated to 360 degree OLED essentially giving you a headset free VR experience.

VR Continues to Impress

VR once again took center stage at this show. The reason this is so interesting is that VR is truly in its infancy. In many ways, VR is currently a parlor trick. When you put on the headset, it quickly becomes immersive, fascinating and addictive. However, when you think about it in the real world, it still has a long way to go. The content is minimal, functionality is crude, and video quality is extremely poor. Yet it still is growing in use at a rapid pace. One can only imagine how more effective and desirable this service will be when it is refined and in a true HD format.

All this means one thing for service providers. The pipeline will always be growing and growing fast. Historically, a 50% CAGR for data usage has been seen. There is certainly no reason to think this will slow down and could very well me more than this for the next few years as these technology and service transitions mature.

While there are certainly challenges to service providers in continuing to grow the network, the growing requirements of large bandwidth streams and services presents a significant opportunity and welcome trend. It keeps their hardline service relevant and required to the home, potentially staving off the next generation of LTE capabilities as a peer competitor.
Virtual Traffic Jam

Finally, service providers must consider the implications of the combination of exploding wi-fi connected devices within the home, mobile streaming devices and TV’s, and the large stream rate requirements of 4k, HDR, and VR. This presents a huge wi-fi, network management, and security issue within the home. It also presents so a growing opportunity and market for new revenue-generating services of which the service provider is in an ideal situation to provide. A number of vendors were showcasing new wi-fi management platforms that provide visibility to the in-home network and devices. While these are almost all in their first software generation of functionality, the platforms provide the capabilities required to help service providers delve into these abilities today, while providing the scalability to increase capabilities and functionality with software upgrades.

Summary: Future-world

For those of us who grew up in the 70’s and 80’s, by now we should be playing in holo-decks, visiting the moon, speaking some version of pseudo English-Chinese, and flying around rather than driving. In reality, the next-generation future world lies before us. Self-driving connected cars before flying, VR before holo-decks, and obviously google translate is the mechanism that will facilitate the English-Chinese language transition. Every device, application, and execution of what we do in life is becoming connected and part of the way we live. There are few things that slam this reality into mind than your child wondering why a hotel remote has so many buttons and doesn’t know why you can’t speak to the remote. It’s no wonder the generation of knob-turners didn’t make the transition to flying cars and the moon. Perhaps our current generation of ‘remote control talkers’ will take us there. 

Stay in touch with Drew on Twitter at @DrewKempen

Wednesday, January 11, 2017

5 Consumer Technology Trends Impacting Service Providers Today

[Authored by: Matt Reath, CTO at CCI Systems]

I attended the Consumer Electronics Show (CES) in Las Vegas last week with the purpose of analyzing consumer technology trends and how those trends may or may not impact service providers. The underlying themes at CES this year were immersive video experiences with 4k, 8k, and virtual reality tech, as well as connected home and automation, connected cars, and the Internet of Things (IoT). Many of these technologies were visible at last year’s CES, though my conclusion is that they have since matured and service providers should be addressing the impacts they have on business. Based on this information, I have compiled what I feel are the five most important consumer trends and discuss specifically how those trends are impacting the service provider industry.

1.       Broadband Demand
I always refer to Nielsen’s Law of Internet Bandwidth when discussing bandwidth consumption growth by subscribers.  It states that a high-end user’s connection speed grows by 50% per year.  This has held true since 1983 (Figure 1).

Figure 1: Bandwidth consumption growth since 1983
The cloud is transforming consumption models and is driving end consumer bandwidth needs. Music and video quality is increasing with 4K/Ultra HD. Services like Apple Music and Google Play are now built into Apple TV and Roku devices so that this enhanced media can be consumed by end users. Google and Apple are utilizing cloud storage for photos, videos, and device backups. Combine these cloud services with an increased number of devices in the home and you have the potential for a bandwidth explosion.


This increased bandwidth consumption puts pressure on service providers to make network and outside plant upgrades. However, the market won’t necessarily allow price increases on these services as competitive pressures mount. This is a major challenge for providers today.

While their current revenue streams are suffering, customers aren’t spending any less.  Operators have a wide-open opportunity to adapt their service strategy and replace legacy revenue streams with a whole host of new potential streams from managed Wi-Fi, Security, Storage, Connected home, Home network management, amongst many other possibilities.

2.       Content Consumption Models
The upcoming generation of subscribers consumes content very differently than those of older demographics. The traditional method of watching TV at pre-determined times with a standard guide is dying. On demand, streaming content that can be viewed in any location on any connected device is the new normal. Conversely to traditional video which is receding, the streaming market is exploding with growth and opportunity.  

This brings into question how relevant traditional service providers can be in response to this paradigm shift. Service providers could become the “dumb” pipe for consumers to access content, leaving them out of the equation, if providers don’t constantly analyze their consumer’s behavior and trends and adapt their strategies appropriately.  Instead of purchasing content from the service provider, consumers are instead opting for streaming devices such as the Roku and Apple TVs, and content streaming services like Hulu, Sling TV, Netflix, and HBO Now, to name a few.

Despite this shift, there is still hope. TiVo and Pace/Arris have come together to create a set-top box, the MG1, that supports both traditional video content through broadcast QAM and over-the-top (OTT) application integration such as Netflix, Hulu with integrated search across the different sources. The roadmap for the MG1 includes the ability to ingest broadcast TV through the QAM interface or via multicast IP on the Ethernet interface. This allows a service provider to offer the best of both worlds and create a transition plan to get to an all-IP network, which is exactly what the NCTC has enabled for its members.

In the end, subscribers will be given the flexibility and freedom they demand by being able to purchase their own streaming devices, and installing both OTT apps and an app provided by their service provider that supports broadcast content and local content.

3.       Mobile Connectivity
At CES this year, Qualcomm had a major presence around 5G technologies and how it will enable multi-gigabit speeds with a combination of licensed and unlicensed spectrum solutions. AT&T has also released its broadband and 5G plan. These solutions have a focus on enabling IoT expansion, wireless broadband access, and advanced mechanisms for delivering quality content across the spectrum. 5G is positioned to disrupt fixed broadband access, with multi-gigabit speeds, and augment Internet delivery to the subscriber in more flexible ways. 




Adapting a strategy for delivering a combination of fixed broadband and wireless access—and in some cases, a mix delivered to the same location will be required. This will enable IoT device connectivity, UltraHD video delivery, mobile device access, connected vehicles, and other devices to communicate back to cloud-based management and analytic systems.

Service providers must partner with their predominant farming, automotive, municipal, emergency response, and other mobile industry customers to create wireless coverage and fixed broadband initiatives and strategies. These partnerships should include revenue sharing and business partnership models that are win-win for the customer and provider. 

A legitimate concern for those providers with no spectrum, no Wi-Fi solution, or no partnerships for spectrum, is that due to these advances in wireless communication, they will be unable to deliver the truly mobile solution that consumers demand.

4.       Internet of Things (IoT)
Although not clearly defined by all, and perhaps combining trends 1 and 3, the IoT is adding a multitude of devices onto networks at a rapid pace. Cisco defines the IoT as the mechanism that “links objects to the Internet, enabling data and insights never available before.” Industries are being transformed, from connected cars with thousands of sensors communicating issues back to service centers, to farmers with sensors sending data back to the cloud to analyze soil composition and weather patterns to optimize yields. The IoT is changing how we live and conduct business. The advances in Wi-Fi, 4G/LTE, and 5G technology is continuing to enable more and more IoT devices, all communicating back to management and analytics systems to create optimizations and applications that have never existed before. Cisco has published specific case studies that demonstrate the value that can be created.

This growth in IoT is putting demand on service providers to have more encompassing and reliable mobile solutions through Wi-Fi, near field communication, and LTE today and 5G in the future. Business and residential subscribers are demanding more intelligent, flexible, and reliable connectivity methods to enable these applications. Much like the mobility strategy, providers must partner with their most strategic customers and understand their IoT and mobility needs to co-create solutions that create positive impacts for both the subscriber and the provider.

5.       Home Automation
The last technology on my list is home automation. Although this technology has been around for a while, this year’s CES showed me that the technology and more specifically the management applications for mobile devices has matured. Technologies such as Zwave create a standard for other vendors to base their technology on—allowing consumers to mix and match Zwave compatible devices in their home. Zwave has created a solution guide based on common use cases in the home. By following these use cases consumers can create their customized home automation install.

These technologies in the home will require additional bandwidth, especially streaming video camera feeds, and secure home networks to isolate and protect their connected devices. Setup, installation, and support for Zwave solutions and other home automation solutions are probably out of the reach of non-technical folks. This creates some opportunity for service providers to create and perform setup, installation, and ongoing support of home automation bundles and solutions based around some of these standard technologies. 

Conclusion
Key strategies for service providers going forward will be to partner with customers to understand their mobility and IoT needs; co-develop solutions for mutual success; and should include a mobility strategy that utilizes Wi-Fi, 4G/LTE, and fixed broadband to enable IoT and home automation solutions.

Despite the challenges facing service providers in delivering high bandwidth-consuming content—especially video, they should not give up. Service providers can protect their brands and even make up any margin loss resulting from broadband growth-driven network upgrades by creating new revenue streams made possible by these changes. These additional revenue streams will include managed WiFi and IT services, cloud applications, home automation, IoT backhaul, and most importantly security services for business and residential subscribers.  The importance of adapting strategy to meet changing consumer, technology, and bandwidth-related demands cannot be stressed enough. It is a truly exciting time in the market where innovative and creative service providers will come out ahead.

Follow me on Twitter: @mpreath

Thursday, January 5, 2017

CES 2017 Kick-Off

[Authored by: Drew Kempen, CCI Cable Architecture & Strategy CSE]


Another year has passed and CES 2017 has arrived! As the show floor opens today, we are looking forward to what might surprise us or wow us. More importantly, we want to understand how the technologies available today and soon to be released are going to impact our service-provider networks.

2016 Recap:

In 2016, the theme of the show seemed to be “all things IP”. Everything was becoming connected and the age of the connected ‘man’ has arrived. The future ramifications that the Internet of Things (IoT) will have on our networks cannot be understated. It signaled the beginning of the end of the old guard of broadcast video delivery. It would probably be safe to assume the nearly 100% of most service providers growth last year was focused around growing IP service delivery capabilities.

For topics relative to video impact: We saw a focus on Streaming Devices; and the first year of aggressive promotion of ‘Skinny Bundles’, Ultra Def (4K+) video and Virtual Reality (VR). Throughout the year, the market saw tremendous growth in the adaptation of skinny bundles and a large increase in OTT streaming devices in homes. 4K still hasn’t made any significant impact and is still TBD on when, if and how hard it will hit.

VR is scary. If you haven’t tried VR, go buy a Samsung S7 version phone and the Gear VR and put it on. Call it a business research expense. Within 10 minutes, it should be apparent the potential this has to take over the world. Or at least our ability to socialize in a traditional face-to-face manner.

CES 2017: What lies in store?

In 2016, we saw the introduction of a vision of the future. The potential for the eventual ‘All IP’ world. In 2017, we will begin to see the execution of that vision. It will be interesting to see how far along technology has come into making that execution faster, easier, more scale-able and cost effective. We are at the dawn of a dramatic shift in the way people live. If feels that we have lived in the digital age for a while, but many analysts and technology experts say we are barely scratching the surface of what is to come. This is exciting for consumers but daunting for service providers. Seeing these trends and vision ahead of time is critical for developing the solutions, strategy, and plan for the growth of our networks into the future. We at CCI are committed to helping our customers successfully navigate this transition through this exciting time!

Stay tuned as we keep you updated throughout the event.

Thursday, October 27, 2016

Because They Can: Spawning of the IoT DDoS

Authored by: Keely Richmond, Sr. Cybersecurity Engineer

On September 13, 2016, the website of a US-based Cybersecurity Journalist (Brian Krebs) was hit by a DDoS attack that knocked his site offline. The resulting investigation uncovered a type of DDoS attack different in composition and scale than that of the typical DDoS attack.  In fact, this type of DDoS attack had only been seen in the wild a handful of times—the earliest known detection: April 2016.

Two pieces of malware (similar, but different), Mirai and Bashlight, were used to enslave enough Internet of Things (IoT) devices to launch a 620Gbps DDoS attack for the sole purpose of silencing a journalist whose articles threaten the livelihood and freedom of criminals.

As expected, an IoT DDoS attack sustaining 620Gbps got the attention of all types of people and organizations and the internet was soon riddled with a flurry of partial facts and theories about who, how, why, and what might be next. 

Then it happened again! 

On September 20, 2016, approximately 150,000 IoT devices (primarily DVRs and CCTVs) were enslaved to launch a 1.1Tbps DDoS attack against OVH (a French hosting company service provider). The target: Minecraft servers. The culprit: Mirai.

By September 30, 2016 the creator of Mirai decided to cut bait and released the monster (source code) into the public domain for anyone to use. This put distance between them and the source code, making the job of law enforcement more difficult because the code was now in the “possession” of virtually everyone. It also put a very powerful weapon in the hands of anyone with a moderate level of technical prowess and malicious intent.

At the same time the source code was published, the list of IoT devices targeted by Mirai (with default login credentials for each) was also published. This accomplished a few things:
  • Put the manufacturers and vendors of those devices on notice that their equipment needs to be secured or securable
  • Informed consumers (at least those who read tech news) of the lurking vulnerabilities in their homes and small businesses
  • Provided a seed list to anyone who wanted to give that source code a test drive
  • Made IoT vulnerability a hot topic for Cybersecurity specialists and service providers 
  • Caught the attention of legislators—domestic and foreign

In addition to releasing the Mirai source code, its creator touted that it had been able to enslave 380,000 IoT devices before the scrutiny following the OVH attack made such endeavors too risky. 

And then…it happened again!

On October 21, 2016 the US-based DNS provider, Dyn, was the third known victim of Mirai. The metrics of the attack have not been released to the public, but speculation puts the volume of the DDoS at 1.2Tbps. The Dyn attack impacted millions of people in the United States and Europe. Traffic destined for sites such as Twitter, Amazon, PayPal, and Netflix could not be resolved if public DNS providers (such as Dyn or Google) were used. Cisco’s OpenDNS, however, held steady because it uses smart caching.

Via a Twitter post, a hacking group called New World Hacker has claimed responsibility for the initial Dyn attack. Their motivation was simply to prove they could do it. Shortly after the attack by New World Hacker ceased, the hacker group Anonymous is said to have performed a second wave of the attack. The participation of both groups is unconfirmed at this time as the Department of Homeland Security continues to investigate.

The Mirai source code had been in the public domain for less than one month when the attack on Dyn was launched.

Now What?

"Perfection is not attainable. But if we chase perfection, we can catch excellence.”- Vince Lombardi


Devising a security strategy for IoT devices is challenging. Not all devices are created equally.  Some are patchable, some are not.  Some have configurable login credentials, some do not.  Some are “smart”, some are not. 

For Subscribers (End Users)
The recommendations offered by researchers are limited and responsibility falls squarely on the owner of the IoT device.
  • Purchase and implement IoT devices that require the password be changed upon initial setup. 
  • If possible, change the default login credentials. Unfortunately, not all devices allow the login credentials to be changed.
  • Upgrade the device firmware as new versions are released. Be mindful, however, that a firmware upgrade may reset all login credentials back to default.
  • Configure your router to point to OpenDNS for DNS resolution.
  • Disable UPnP on routers
  • If the device resides behind a firewall…
    •  Disable unnecessary ports. The Mirai attack looks for devices listening on telnet (especially ports 23 and 2323), SSH, HTTP, SMTP, etc. It’s not realistic to block those ports outright, but limiting their use to specific IPs is a good idea.
    • Monitor traffic on port 48101. Port 48101 is commonly used for the transport of malware.
    • Segment all IoT devices to a specific VLAN and restrict outbound traffic from that VLAN.

 As with any project, we must use the right tool for the job.  Relying on subscribers to build and secure their private networks isn’t the right tool for this job. 

For Service Providers

What tools are available upstream from the subscriber, at the service provider level?
  • DDoS mitigation tools (e.g. Arbor) are effective in monitoring and alerting as bandwidth usage thresholds are exceeded.
  • Ensure your IPS malware signatures are up-to-date. Because the Mirai source code was released, it will be fairly easy for vendors to write a signature.
  • Implement OpenDNS to ensure your DNS traffic is scrutinized with the most up-to-date rules in the industry and to take advantage of smart caching.
  • Use the published list of IoT vendors to seed a DENY rule that restricts traffic from those specific device types. This is feasible, but tricky because blocking all outbound traffic would also prevent those devices from pulling firmware upgrades from their manufacturers.

DDoS attacks are just one of the nefarious acts for which IoT devices are being used. An article published by Brian Krebs on October 13, 2016 explores how they’re also being used to turn consumer-grade routers into SOCKS proxy servers, anonymizing the source of suspect traffic.  Use of these hijacked routes are then offered for sale on the dark net to further the spread of various forms of cybercrime. 

What’s Next?

Device Recall
The IoT devices favored by Mirai use components built by a China-based company named XiongMai. In a statement issued on social media , XiongMai said it would be issuing a recall on millions of devices—mainly network cameras. Details of the possible recall are unknown at this time.

Growth
Per Gartner Research, there will be 6 billion IoT devices at our fingertips and on our networks by 2018. New and existing communications standards such as Wi-Fi, Bluetooth Mesh, Low Power WANs, Narrow Band IoT, and ZigBee will grow in usage as the footprint of “things” expands and smart homes grow into smart cities. 

Standardization
Encouraging or regulating the manufacturers of “things” to adhere to basic security practices is key to standardizing how those “things” can be monitored and managed on our networks.

The European Commission, in an effort to enhance the European Union’s telecommunication laws, is developing requirements to standardize security for IoT devices. At this time, there’s no indication of how security for an IoT device will be defined, measured, or monitored. Though not subject to EU regulations, we will benefit if they are successful in enforcing standardization.

CCI Systems’ Recommendations

CCI Security Engineers have studied the three recent IoT DDoS attacks and devised two lists of recommendations (one for the owners of the IoT devices and one for their service providers), each stated earlier in this article under the “Now What?” section. Ideally, the two lists should be deployed in concert, but it is not realistic to expect subscribers to have the technical knowledge to perform the recommended steps nor for the service provider to have the access or ability to monitor the security measures of privately owned networks.

Cybersecurity = Risk Management! 
  1. Employ security best practices.
  2. Design and implement enforceable security policies. 
  3. Review and incorporate the National Institute of Standards and Technology (NIST) Cybersecurity Framework into your Security Strategy.
For more information regarding your network security, or to discuss the recent DDoS attacks, reach out to us! We’ve got the expertise and know-how to keep your network protected.

References

ABC7News. 2016. ABC7News. Oct 23. Accessed Oct 24, 2016. http://abc7news.com/news/hackers-claim-responsibility-for-massive-cyber-attack/1569209/.
Akamai. 2016. Akamai. Sep 30. Accessed Oct 12, 2016. http://www.akamai.com.
Gartner. 2016. Gartner. Oct 12. Accessed Oct 12, 2016. http://www.gartner.com.
Krebs, Brian. 2016. KrebsOnSecurity. Sep 30. Accessed Oct 12, 2016. http://www.krebsonsecurity.com.
McCarthy, Kieren. 2016. The Register. Oct 21. Accessed Oct 24, 2016. http://www.theregister.co.uk/2016/10/21/dns_devastation_as_dyn_dies_under_denialofservice_attack.
NIST.gov. n.d. NIST.gov. https://www.nist.gov/cyberframework.
Savage, Marcia. 2016. Network Computing. Oct 12. Accessed Oct 12, 2016. http://www.networkcomputing.com/applications/attackers-exploit-weak-iot-security/1139771366.
US-Cert. 2016. USCert. Oct 14. Accessed Oct 14, 2016. https://www.us-cert.gov/ncas/alerts/TA16-288A.
Zeifman, Igal, Dima Bekerman, and Ben Herzberg. 2016. Incapsula. Oct 10. Accessed Oct 12, 2016. https://www.incapsula.com/blog/malware-analysis-mirai-ddos-botnet.html.
ZigBee. 2016. ZigBee. Oct 12. Accessed Oct 12, 2016. http://www.zigbee.org.