Blog

Office Ethernet- You have options!

2011-01-05T15:52:00Z

Metro Ethernet is a perfect fit for new companies looking for Dedicated Internet Access in their office. A new office needs Dedicated Internet Access for their basic Internet needs. Internet Access for their email requirements, phone service, browser access, even for staging and testing a new server for mission-critical applications. You can create separate vlans for voice and data so there are no collisions in the services. Metro Ethernet is much easier to manage than DSL, Cable, or T1/T3. It is an Ethernet hand-off that is treated like any other Ethernet service. In otherwords, if you know how to plug an Ethernet cable into your laptop or computer then you know how to use Metro Ethernet. Plus you have the option for 10, 100, & 1,000Mbps which gives plenty of flexibility.

Business Ethernet Services

2010-12-23T01:15:00Z

Metro Ethernet Service has significantly altered the value to performance ratio for inter-connecting LANS in metro areas. Leveraging fiber optic speed and reliability, Metro Ethernet Service is extending the scalability, flexibility and ubiquity of Ethernet protocol to provide more powerful LAN connectivity in response to accelerating data needs and shrinking IT budgets. Metro Ethernet Service delivers a simple migration to higher performance and value. It leverages your existing LAN infrastructure and IT staff resources, eliminating cost intensive customer premises equipment purchases and IT staff training. New technology has allowed for Ehternet over copper where fiber is not available. I like this service becuase it allows the following:

Fully Synchronous Speeds ranging from 5Mbps to 45Mbps
Unique alternative to competing bonded T-1’s and DS-3’s
Fully Managed Router available
Fully Managed Firewall available with DCHP
Pro-active Monitoring is included
Bridge Device included. Plug-and-Play!!

DDoS Mitigation and Steps to 1-hour Mitigation

2010-11-20T21:15:00Z

Every day, servers are attacked. A distributed denial-of-service (DDoS) attack is one in which a multitude of compromised systems attack a single target, thereby causing denial of service for users of the targeted system. The flood of incoming messages to the target system essentially forces it to shut down, thereby denying service to the system to legitimate users. How can you protect your organization against such an attack. Under a large scale attack, your firewall is not going to be able to handle the amount of traffic forced at it. You need a Transit vendor with a large network presence in multiple cities. This means that incoming DDOS attacks arrive through different upstreams and peering connections. In each city, customers are placed behind a firewall and are able to set up their own policies and rules for their incoming traffic. This setup is similar to what many other ISPs do. During regular traffic levels or a low-scale DDOS, there is no real difference between a distributed setup and a normal isp-level shared firewall. But when a sustained DDOS larger than a pre-determined amount occurs, your vendor's network operation center (NOC) is notified. Once they have determined that the attack is sustained, you have the option of going into distributed mode. Once you are in distributed mode, the vendor takes the attacked subnet of IPs and redirects it to the firewall closes to the ingress point of the attack. This distributes the attack so that it is now spread out over the capacity of the entire network instead of targeted towards a single city location.

After the DDOS traffic hits a firewall, it is inspected and dropped if necessary. The legitimate 'scrubbed' traffic is then GRE tunneled back to the city where your servers reside, where it carries on to your network. Your online presence can function normally through most high-level DDOS attacks that would have otherwise crippled your network. The following information is what I need to set-up protection asap when the attack is occuring. Basically, all traffic good and malicious is routed to our routers, where we filter and determine if the traffic is legitimate. All malacious traffic is dropped during one of our many filtering layers, the rest is sent to you from one of our proxy servers. In essence, your web server only communicates with our servers and is hidden from the general internet.

Step 1. Obtain a clean IP from your network provider/ISP, preferably one on different network segment. This new IP Address will be known as your "origin server IP". Configure the fresh/new IP onto your server.
Step 2. Let us know via email what your new origin IP is so we can setup the configuration on our side.
Step 3. If you require SSL on this server, email us the cert and private key in .PEM format. This should be in plain text and may be copied and pasted and included in the "step-2" email.
Step 4. If you have a firewall or other ACL's in your network please ensure that you allow those IP blocks access to your servers and I will need to forward you our IP Blocks so they will have access.
Step 5. We will send you and IP Address. Make a DNS change to point your domain(s) to the IP Address we sent you. Ensure your TTL is set to 5 minutes or less.
Step 6. Remove the old IP Address from the server.

At this stage your traffic will start finding it's way to us where we will apply the required filters and send your server the legitimate traffic. One of our engineers will be in communication with you throughtout this process, to ensure everything is functioning as expected.

That's it. All things considered, the whole process should take about an hour.

New York Ethernet

2010-09-27T00:13:32Z

We are proud to announce our new service and website NEW YORK ETHERNET. We now offer Layer-2 for organizations that would like to connect (2 or more) datacenters or an office and datacenter, etc. and Layer-3 to organizations that need 5 Mbps to 1 Gbps of full-duplex Internet Access to their office or remote location. Our Layer-3 Metro Ethernet comes with two options- (1) Metro-E over Copper with speeds from 5Mbps to 45Mbps. This service is a good alternative to business-grade DSL, Bonded T1's, and DS3's at at fraction of the costs. The second option is Metro Ethernet over Fiber for clients that require 10Mbps to 1Gbps over fiber. The beauty of this service is that we can create separate vlans for voice traffic so you get a dedicated segment of your connection for VoIP and Data applications. Typically it takes a few hours for a quote and 15-business days for service. Please contact me if you would like more information. I can be reached at 917-710-5226 or woody@new-york-ethernet.com.

Datacenters for Gaming Servers

2010-05-19T16:53:33Z

On Wednesday, May 19th at 10:00am ET, the House Ways and Means Committee will hold a hearing to discuss tax proposals related to legalizing and regulating the Internet gambling industry in the United States. The proceedings will be held in Room 1100 of the Longworth House Office Building. Check out the details of the Ways and Means Committee hearing._ Over the last several years, gaming sites have become a daily activity for office workers, stay-at-home-Moms, and likely it is the number one clicked url in a bookmark folder. All gaming sites are based outside of the United States however 240M gamers are US citizens. The US is not stopping gambling but if they regulate it they can control problem gamblers. Most beneficial is the econmic factor- it will create jobs and there is an obvious tax revenue advantage. Also, off-shore operators are not mandated to have safeguards in place. If the Committee finds that it is in their best interest to legalize Internet gambling it will be very beneficial to the datacenters in the United States that can support the IT requirements of running these sites. The most likely beneficiaries of this movement will be established IT Providers, hardware vendors, and IT Consultants.

Hourly Backup for MS-SQL

2010-03-07T16:46:50Z

Yes! You now have an option for hourly backup for MS-SQL. IBM Tivoli Storage Manager (TSM) allows you to perform online backups and restores of Microsoft SQL Server Databases hourly. Now in addition to daily and weekly backups you have hourly backups available without having to create a flat file. TSM allows reduction of recovery time for your Database to just a few minutes after your Data is compromised. You can have point in time restores within an hour of your lost Database and this is available with any provider using the Tivoli Storage Manager Software and it is available today. Please contact us for a free consultation or if you would like to give it a try. We can load the Client for you or provide you the link to do it yourself.

Co-location versus Cloud

2009-08-24T00:38:00Z

Every day we read more about Cloud Computing and the benefits of using Cloud Computing. You have surely heard IBM and Microsoft touting the service. One the leading, or should I say "better known" orgainzations offering Cloud Computing is Amazon's Web Services . Though they tend to focus on the low-end of the market, they are probably the best known. A recent survey by the IT Industry Council (ITIC) found that 85% of companies will not implement either a public or private cloud in 2009 because of fears that service providers may not be able to adequately secure sensitive data. With that said, there are some seemingly obvious advantages to using Cloud Computing like - hardware (server,etc) savings, software (licenses) savings, management and internal resource savings, etc. You would need a consulting company to do the analysis that would take an individual months to evaluate. Well, no worries. McKinsey & Co has done all the work for us and the report is very interesting. The most common thought is "if I don't have to buy any more servers I will save money." Wrong! Your application will need to be re-designed to run in a Cloud environment, tested, re-worked, and stress-tested again. That takes time and labor. In addition to redesign there is managing another vendor relationship, additonal software licenses, data transfer, re-IP, and then there's the provider's longevity. What if they go under? Even a well-executed Disater Recovery strategy will have some issues and even minor challenges will disrupt data flow. The cost to run an application in a Cloud environment would cost double what the same application would cost in a co-location environment! Not only will you not save money, as most Cloud proponents exclaim, but you will lose money. Either way, it will be 3-5 years before anyone other than SMBs begin moving towards Cloud Computing. For more information about this report you can check out The UPtime Institutes review at UptimeInstitue.com. You will need to register but there is a lot of great information there. Or I can be reached at woody@75BroadStreet.com or 917-710-5226.

DoS Mitigation

2009-05-08T00:34:00Z

Last week, one of my clients had multiple DDOS attacks, such as Syn-flood, UDP network attacks, and HTTP get floods at rates of 90K to 700K packets per second. DDos and http get attacks was so large that it shut down their web-servers which resulted in a complete network outage for several days. Once we were notified of the problem, the facility manager, Mike Mazzei and our Engineer, Payam TarverdyanChychi, initiated our DDos Shield service to mitigate their traffic. Our DDos Shield utilizes the latest bleeding edge technology devices which is made up of multiple vendors.

Our DDos Shield uses high end ASIC boards to process/analyze the packetswhich decreases latency when new devises are introduced into the mesh.This allows the security devices to scrub the packets to determine goodvs bad packets based not only on signatures but also behavioral aspectsand sourced based filtering. In a severe attack (over 200KPPS ordepending on how large the traffic rate is) our DDoS Shield will workwith our Cisco/Juniper Routers to distribute traffic over several of our upstream providers to allow multiple ingress points for the attack and as such reduces the changes of saturating any given transit or transport. Once the distributed mode has been activated, all traffic will beautomatically routed within the peer1 backbone and sent to designated locations designed to handle attacks upwards of 10 Million packets/second up to 5gigs/sce. This number will drastically increase in the weeks to come.

This customer operates a social networking site that was enabled during these attacks. Once on our DDoS Shield service he was back up after initiating the service. If you would like more information regarding our DDoS Shield or any of our services you can contact me at woody@75BroadStreet.com or 917-710-5226.