Networking

At home, an internet outage is an annoyance, but nothing more. Aside from interrupting whatever you’re watching on Netflix, a brief break in online access for an hour or two is no big deal. At your business, on the other hand, even an hour-long outage can have serious repercussions on productivity and profits. That’s why, when you’re looking for an internet service provider for your small business, you should look for more than just high speeds and low prices. Reliability is at the absolute top of the list, backed up by service level agreements that clearly spell out what you’re buying. That’s followed closely by support, which should be available 24/7 and knowledgeable enough to quickly handle problems so an outage doesn’t ruin your day. Business internet providers offer a feature set that consumer cable companies won’t touch, including upload speeds that are as fast as download speeds, a detail that matters for design firms that routinely exchange massive video and CAD files with remote business partners. Prices are, unsurprisingly, higher than corresponding consumer plans but typically include no data caps. Using dedicated IP addresses, you can keep a permanent high-speed connection to a branch office or run your own public-facing server. Neither of those scenarios are possible (or advisable) with a consumer-focused internet plan. And business internet providers typically offer attractive add-ons like email and phone service for a relatively small surcharge. For this guide, we’ve focused on large, nationwide internet providers in the United States. Depending on where your office is located, you might be able to find excellent local and regional options, but we don’t have the space or the bandwidth to track down the hundreds of options in that category.

Premium services at premium prices

As one of two Tier 1 internet providers in this list (the other is AT&T), Verizon has more control over its network than competitors that have to purchase access from upstream providers. Fios is a fiber-based service that is available in three tiers, starting at 100 Mbps and going up to 940/880 Mbps, at prices ranging from $69 to $249 per month. The highest-priced plan include a single digital voice line for your business as well, and you can get additional discounts for bundling with Verizon Wireless plans or Fios TV. Verizon also offers Internet Dedicated Services, at speeds ranging from 10 Mbps to 1 Gbps, with the fastest connection costing $855 per month with a three-year commitment. For an extra charge, you can add 4G LTE wireless backup, which will keep critical services like point of sale systems running in the event of an outage. Unlike some of its competitors, Verizon charges additional fees for equipment and some services, so be sure to include the full list of charges when comparing prices. 

View Now at Verizon Business

Best for those who want to create a custom package

As one of the biggest brands on the internet and a Tier 1 provider, AT&T offers a dizzying array of options, with broadband, wireless, and Dedicated Internet plans available for the choosing. Special terms and pricing are available for government agencies, schools, and libraries. Wired broadband plans start at $40 per month, with wireless backup available as an option. Wireless plans begin at $80 a month and top out at 100 Mbps speeds. Dedicated Internet access, offering speeds of up to 1 Tbps with traffic prioritization, will cost at least $550 per month and can run into the thousands of dollars monthly for a Gigabit connection. Although you can start your search online, getting a detailed price quote means filling in an online form or speaking with a sales rep. 

View Now at AT&T Business Internet

For best rates, you’ll need to sign a two-year contract

Comcast Business, unlike its consumer cousin, has no data caps, and it offers dedicated, round-the-clock support for business customers. But this is still Comcast, as you’ll realize when you discover that the best prices require a two-year contract. Expect to pay $80 to $500 per month for download speeds starting at 35 Mbps and going up to 1 Gbps. In our review of Comcast Business pricing, we found that internet packages that bundled a single phone line were actually cheaper than the internet-only versions. For the first two years, at least. Comcast offers a slew of add-ons for business customers, including Wi-Fi options to secure your corporate network from the one you allow guests to use, as well as a backup option called Connection Pro, that provides a 4G LTE modem with battery reserve for up to 8 hours, so you can maintain connectivity in the event of an outage. If those speeds are too sluggish, you can get Ethernet dedicated internet, with symmetrical download/upload speeds up to 100 Gbps and two permanent IP addresses. Border Gateway Protocol (BGP) router is optional. Be prepared to pay, though. 

View Now at Comcast Business

Best for those looking for a low-priced bundle

As expected from a division of cable giant Charter Communications, Spectrum Business plans come with a dizzying array of prices that vary based on contract length and whether you’ve bundled phone or TV service with your internet access. Speeds range from 200 Mbps to 940 Mbps, at prices from $65 to $250 per month with a 12- or 24-month contract. The entry level plan includes domain name registration and email service, with higher-priced plans bundling voice service as well. Add-ons include a $20-per-month Wireless Internet Backup plan, static IP addresses (1 for $15, up to 29 addresses for $60 monthly), and a variety of Wi-Fi options. 

View Now at Spectrum Business

Fiber performance, if you live in their coverage area

Frontier’s network covers huge swaths of the United States, including the Southwest from California to Texas, the entire Southeast, and every state that borders the Great Lakes, including Illinois and New York. There are some noteworthy gaps in the coverage map, however, including the Pacific Northwest, Colorado, Virginia/Maryland/D.C, and the upper Northeast from Massachusetts to Maine. Frontier’s claim to fame is its 100% fiber-optic network, which allows it to offer upload speeds that are as fast as downloads, depending on the plan. That’s the same network that Frontier’s consumer customers use. Frontier’s website focuses mostly on its consumer offerings and is thin on what it offers business customers, and the only way to get details on a business plan is to call their business sales line. That leads us to believe that the main difference is easier access to support lines. Still, if you’re in Frontier’s service area, it’s probably worth a call to figure out whether their no-contract plans are right for your business. 

View Now at Frontier Business Internet

No billing surprises, if you live in the right city

Does Google have a nationwide network? Well … sort of. Google Fiber business plans are available to a large segment of the United States population, but only if you live in one of the 19 cities that are part of the network. You can expect to pay $100 a month for 250 Mbps service and $250 monthly for the 1 Gbps. On Google Fiber plans, upload and download speeds are identical (equipment permitting) and there are no hidden fees or data caps, nor is a contract required. The monthly price includes installation and required networking equipment, although you’re welcome to bring your own router if you prefer.

View Now at Google Fiber

What type of internet connection is best for businesses?

For most office-based small businesses, a regular broadband connection with wired access to each desktop or laptop PC is the best choice, and you can easily add wireless connectivity. Businesses that are more spread out, with common areas for customers and employees, might prefer an all-wireless option. Be sure to check the terms of service carefully, however, as some providers restrict access to bars, restaurants, hotels, and other establishments that serve the public. If you data needs are especially demanding, with employees routinely transferring large files or doing HD video streaming, a dedicated connection is pricey but probably worth it.

If you work from home, do you need business internet?

Home-based employees can use large amounts of data, sometimes enough to exceed data caps that are common with consumer internet plans. Paying for unlimited access is usually still cheaper than signing up for a dedicated business plan. Consider a business plan if you need fast upload speeds (most consumer providers limit uploads to a fraction of download speeds) or if you need to run your own server (which is prohibited under the terms of service for most consumer plans).

What internet speed is appropriate for business use?

Each tier of increased speed comes at a higher price, sometimes significantly higher, so it’s important to sign up for only as much bandwidth as you need. For lightweight office use by one or two users plus point-of-sale transactions, even the most modest package will probably do. As you add workers, especially if they routinely transfer large files, you’ll want to expand speeds significantly. Businesses that do intensive work with large files, such as graphic design shops and videographers, should get as much bandwidth as they can afford.

How we narrowed the fieldWe looked at national internet service providers that offer plans dedicated for business use, with support staff that are trained to work with business networks of all sizes. We encourage you to use your local business connections to see if a smaller regional option might be a smaller alternative. All of these plans include 24/7 support, options for dedicated IP addresses, email and security add-ons, and symmetrical upload/download speeds.How to choose a business internet providerStart by using the provider’s online form to see if service is available at your address. If your business is located in space you rent or lease, you’ll also want to check with the owner to confirm that you’re allowed to do any work required as part of the installation. We recommend getting a detailed quote that includes all one-time charges as well as a firm estimate of monthly charges, including taxes and fees. If a long-term contract is required, be sure to find out what the monthly charge will be after the contract ends if you stay on a month-to-month basis. 

Finally, look at any available add-ons, including business phone service, email, wireless backup, and business Wi-Fi that uses secure authentication rather than a simple password. You might find that those options can provide some extra savings and give you a single point of contact for support. 

ZDNet Recommends More

When then-President Donald Trump’s Federal Communications Commission (FCC) tried to destroy net neutrality in 2017, everyone knew that millions of comments in favor of breaking net neutrality were bogus. As then-New York Attorney General Eric Schneiderman said at the time, two million net neutrality comments were fake. Schneiderman said: “Moving forward with this vote would make a mockery of our public comment process and reward those who perpetrated this fraud to advance their own hidden agenda.” Schneiderman was wrong. His successor, Letitia James, found after a multi-year investigation that there had been “18 million fake comments with the FCC,” including over 500,000 fake letters sent to Congress in support of the repeal.

Behind this vast majority of this astroturfing campaign was Broadband for America, a marketing group funded by the country’s top ISPs. In classic 1984 doublespeak, it claims to be in favor of net neutrality while, in reality, being a group of its greatest enemies. Its members include AT&T, CenturyLink, Charter, CTIA – The Wireless Association, Comcast, Cox, NCTA – The Internet & Television Association, Telecommunications Industry Association (TIA), and USTelecom-The Broadband Association.James reported: “After a multi-year investigation, we found the nation’s largest broadband companies funded a secret campaign to influence the FCC’s repeal of net neutrality rules — resulting in millions of fake public comments impersonating Americans. These illegal schemes are unacceptable.”Altogether, 80% of all public FCC comments filed on its net-neutrality proposal four years ago came from the scammers. There was never, as Ajit Pai, then-FCC chairman and a former Verizon attorney claimed at the time, any mass support for destroying net neutrality. Pai, after leaving office, was hired as a partner by private equity firm Searchlight Capital Partners, where he works on telecom and ISP acquisitions.  James continued: “The broadband industry hired marketing companies that co-opted and created identities and filed nearly 18 million fake comments with the FCC and sent over half a million fake letters to Congress in support of the repeal. This practice was also used to influence other policies. Today, we stopped three of these marketing companies from continuing their illegal behavior and recommended reforms to stop this type of fraud in the future.”

MORE ON NET NEUTRALITY

These three companies are Fluent, React2Media and Opt-Intelligence. They all settled with the attorney general’s office and agreed to pay fines. They did not, however, admit to any wrongdoing. They did agree to get permission from anyone they quote in the future in comments purporting to represent public opinion. These businesses and at least three other companies were paid $4.2 million by Broadband for America. The investigation into this hack of democracy is still ongoing. Where did the fake comments come from? The Office of the New York Attorney General (OAG) found that Broadband for America couldn’t rely on real grassroots support since the public overwhelmingly supported robust net neutrality. So, it created them via co-registration lead generation. In coregistration, consumers are offered rewards, such as gift cards, sweepstakes entries, or an e-book, for providing personal information and responding to advertisements. These include everything from discounted children’s movies to free trials of products. To conceal the comments’ true source, Broadband for America’s contractors also created web pages for the conservative-leaning advocacy groups. Few comments, however, were submitted via these web pages. But they gave the impression that comments the FCC received came from Trump supporters. In fairness, it wasn’t just the anti-net neutrality forces that generated fake comments. A 19-year-old college student who supported net neutrality filed over 7.7 million pro-neutrality comments with the FCC. Unlike Broadband for America, he didn’t use the names and addresses of real people without their consent. Instead, he automatically created comments using software-generated fake names and addresses. The FCC, in theory, should have been able to spot this activity. In practice, it was clueless and didn’t detect that millions of submissions were coming from a single IP address. The OAG also identified another group of 1.6 million pro-neutrality comments that were submitted using fictitious identities but hasn’t been able to find out where they came from. In the course of the investigation, the OAG found the FCC wasn’t the only one being targeted by big business. The OAG found that fraudulent comment campaigns had also targeted policy decisions at the Environmental Protection Agency and the Bureau of Energy Management at the US Department of the Interior. Looking ahead, the OAG recommends several reforms to root out the deception and fraud that have infected public policy-making. These areAdvocacy groups to take steps to ensure they have obtained valid consent from an individual before submitting a comment or message to the government on their behalfAgencies and legislatures that manage electronic systems that receive comments and messages to hold advocacy groups and their vendors more accountable for the comments they submit on behalf of individualsLawmakers to strengthen laws to deter the submission of deceptive and unauthorized comments to the governmentAgencies to adopt technical safeguards to protect against unauthorized bulk submissions using automation.Hopefully, all these changes will happen sooner than later. Democracy has enough trouble as it without businesses pretending to be millions of citizens. Related Stories: More

Multi-access Edge Computing (MEC) was pitched like this: Virtualization can make a selected part of a very broad and distributed data center cloud look like the entirety of an enterprise data center network. Already, this seems like a trick that Amazon AWS, Microsoft Azure, Google Cloud, and the others pull off with ease.

“The key element in the MEC architecture is the MEC host,” stated a 2018 white paper published by the European standards group ETSI [PDF]. The paper went on to define a MEC host as “a general-purpose edge computing facility that provides the computing, storage and other resources required by applications such as IoT data preprocessing, VR/AR, video streaming and distribution, V2X, etc.”With a bit of marketing prestidigitation, the telecommunications industry could get into the cloud data center game without having to follow the lead of Equinix, Digital Realty, and their ilk, and enter the commercial real estate market. They could use the real estate they already own or lease for their base transceiver stations (BTS), subdivide their data center installations amongst a plethora of smaller buildings (micro data centers, or µDC), and leverage the fiber optic data network they’re already building to provide the backhaul they need for 5G Wireless, to provide the virtual connections these facilities would need, so they appear contiguous to commercial customers. A highly diversified network of prefabricated tool sheds could appear no different to the customer than a hyperscale cloud facility.Or, as is their wont, telcos may take MEC in an entirely different direction, both physically and virtually speaking. With the flip of a switch called local breakout (LBO) — a physical switch that they own — they could direct traffic into their own facilities, which are not “micro” by any means. Those facilities could then serve as gateways to familiar public cloud services, as has been the case for Verizon with AWS’ Wavelength service since late 2019, and AT&T with Google Cloud the following March.”You have to be able to provide the same types of capabilities you would have in a traditional data center hosting environment,” explained Thierry R. Sender, Verizon’s director of edge computing strategy.  “I wouldn’t necessarily say it’s a colo. . . but it’s a full-on data center environment.”To become a phenomenon with anywhere near the scale of cloud computing, edge computing needs to be scalable. Whatever ends up being responsible for orchestrating the system’s workloads needs to perceive the system as a whole as something more than the sum of its parts. That’s hard when your deployment facilities are small by design, and separated by hundreds of miles of fiber optic cable, the vast majority of it linking BTS facilities to one another, rather than customer premises.It might make sense — perhaps — if dozens, and potentially hundreds, of smaller facilities throughout the world were capable of being networked together. You could use every edge collectively like one big cloud, or selectively like a cafeteria, depending upon the requirements of each workload at the time. Or perhaps, alternately, it might be more convenient for telcos in particular if all the edges were conveniently folded into one giant shape, and co-located — to borrow a phrase — in one or two existing facilities.MinionsNot everyone bought into the 5G MEC pitch. An edge-merging capability such as this would need to rely upon a degree of service-provider agnosticism that security-intensive telcos simply cannot permit.

Network slicing is the subdivision of physical infrastructure into virtual platforms, using a technique perfected by telecommunications companies called network functions virtualization (NFV). As originally conceived, NFV was a way for the functions that telcos made available to consumers through their own data networks to become portable and deployable on-demand at or near the customer’s point-of-contact. It was telcos’ first attempt at putting edge computing to work for them.Throughout 2018 and 2019, AT&T executives and engineers declared that slicing their networks into company-owned and customer-leased segments (and reserving NFVs only for the former segment) may have been both legally and technically impossible to achieve. They may have been right. But amid the least hopeful year in many folks’ memories, 2020 gave rise to what seemed to be a workable model for containerized network functions (CNF): a way to orchestrate a highly-distributed, multi-tenant network, Kubernetes-style, whose area maps would look less like stripes than freckles. The open source community could once again hold the key.Surprise: CNF isn’t a dance in the park either. As Kubernetes’ own co-creator Craig McLuckie told me last July for Data Center Knowledge, when realized on a telco scale, CNF would require an entirely different orchestration method than Kubernetes uses for the enterprise — essentially validating AT&T’s earlier objections.Last November, one attempt to derive such a model emerged. Called Clovisor, and championed by a Google software engineer named Stephen Wong, it’s an effort to extend a reliable service mesh between telco networks in such a way that it includes the control plane of the virtual network. This is the part that’s separated from the data plane, and that determines how packets are forwarded, and to where.Stephen Wong,  Google software engineer.”Going back to MEC, or any kind of edge data center or micro data center, you are trying to run single applications, whose components expand across both edge and cloud,” explained Wong, introducing his work during the most recent KubeCon virtual conference. As an example, he cited a machine learning system whose inference engines — the components that determine which parts of the ingested data are worth learning — are distributed across a very broad area, but whose neural net is singular and running on a centralized cloud platform.”It makes a lot of sense to run a single mesh across the cloud and edge sites, for this kind of application,” continued Wong.  “Once you do that, you have a consistent network policy and telemetry model, across single applications.”It’s something MEC’s designers hadn’t yet taken into account when they conceived it during the 4G LTE era: Distributed applications are bigger than networks. You could make a case for slicing telco clouds into strips and apportioning one strip per tenant, if all applications were singular virtual machines — gelatinous blobs traversing network pipes and emerging intact.But what the consumers of a distributed cloud service presently want — and may actually be willing to pay a premium for — is a way to selectively geo-position the pieces of applications that actually need to be distributed — and not the entire package. This would require some type of framework capable of supporting the sum of all infrastructure that hosts any part of a distributed application.Wong points to service mesh as an enterprise-class architecture that enables a mode of service discovery: a way for functions in a network to find one another, connect, and exchange data. Such an architecture makes perfect sense in a world where the enterprise is the entire network. But when the base of the network has to be striped, and then stripes have to be doled out to individual tenants, this particular architecture of service mesh may become not just improbable, but perhaps exactly as impossible as AT&T first suggested.For a network control plane this complex, he explained, it would appear better to have a policy arbiter that’s centralized, making it easier to scale. One project that tried this approach in 2018 was championed by Huawei, as part of a project it marketed at the time as the Service-Oriented Core (SOC). As part of this concept, a system called Clover (from which Clovisor would later flow) would establish a service mesh-based framework that re-envisioned virtual network functions (VNF) not just as CNFs, but as fully-distributed microservices.Slide from a 2018 presentation by Futurewei Technologies, the US-based research arm of Huawei.In a Kubernetes cluster, pods are the containment units for active functions. Clover apportioned each pod its own sidecar, which served as a proxy for communicating with the broader service mesh. Avoiding a re-invention of the proverbial wheel, Clover used the existing Istio service mesh, which uses Envoy sidecars. The telemetry and policy functions for each proxy sidecar would be funneled through an Istio component called Mixer. Deployed cleverly, Mixer could be configured pretty much on-demand, changing its stripes, if you will, to serve a variety of benefactors concurrently. Think of a traffic cop that could change uniforms whenever different districts’ cars showed up at the intersection, and you get a bit of the idea.

If you’re familiar with the kinds of bottlenecks that produce the weakest links in a network, you already see where this discussion is heading.  “Just by hearing that,” said Wong, who served as Clover’s project team leader, “you would know that it’s actually pretty terrible to run that on the edge.”The edge outside the cloudWhen we discussed the topic of 5G MEC last September, we referred to the structure to which it gave rise as an “edge cloud.” As always, there are various permutations as to what that phrase means, depending upon who utters it. But the general idea is, an edge cloud would bring disparate hosts across multiple edges together collectively as a single, variable cluster — as fuzzy as the cloud.It’s much harder to draw a fuzzy analogy than to orchestrate a fuzzy cluster.”The edge — the way I would describe it is as a geo-caching architecture,” explained Vijoy Pandey, Cisco’s vice president of engineering, in a recent interview.  “It’s a set of services, on top of which you can build applications. But what kinds of applications make sense there? The resources that are available to those services, differ widely from a cloud, to on-prem, to all kinds of edge locations all the way down to a camera or phone. So why would I place an application in place X versus place Y? That’s a decision somebody has to make. Why can’t I place everything in my data center, or in the public cloud, or in a branch location? There is a reason to pick-and-choose one of these things.”Just before the pandemic hit, Pandey explained to us that microservices (the small parts of distributed applications) are being spread thinner and thinner across networks. To the software developer as well as to the end user, the connections between them need to be invisible. The network or networks that bind them, should be transparent.Now Pandey takes this idea further, suggesting that edge architecture may be neither about the customer nor the service provider, but instead the application.For example, he cited an unnamed customer of Cisco’s Meraki cameras that happens to operate thousands of coffee houses worldwide.  This customer has designs to utilize these cameras for remote inventory maintenance, for ensuring mask wearing during the pandemic, and occasionally peeking in how well the baristas are serving their customers. Theoretically, it would be a single application with perhaps the most distributed edge deployment of any retail operation, anywhere on the globe.”All of these things have a direct revenue value on their business,” the engineering VP continued.  “Now, you cannot take this across hundreds of thousands of stores globally, and make it work in a public cloud model. It’s just not going to scale. By the time that insight comes back, the customer’s already gone.”While many in this business tout the need to keep things simpler for the software developer, arguably, a deployment model which separates the data gathering function of a real-time video analysis application, from the frame-by-frame analysis function, would be the simplest for a team of developers to devise. But from the standpoint of deployment and maintenance (the “-Ops” side of DevOps), all that back-and-forth would be difficult enough for a small retail chain, let alone a coffee colossus with 33,000 worldwide locations.What would make this even harder would be the requirement to share the same network with the telecommunications provider that owns it.For 5G MEC to work, customer applications would not only need to be concurrently orchestrated. They would be pressed to share space and time with telcos’ own 5G core components such as the Radio Access Network (RAN), along with all the other services that find themselves incorporated into the 5G Wireless portfolio. As of now, the questions of which services get divided into slices, as well as how that happens and who’s responsible, remain unresolved.One scenario mobile operators envision for 5G network slicing.
Next Generation Mobile Networks Alliance
T-Mobile and others have suggested that network slices could divide classes of internal network functions — for instance, compartmentalizing eMBB from mMTC from URLLC. Others, such as the members of the Next Generation Mobile Networks Alliance (NGMN), suggest that slices could effectively partition networks in such a way (as suggested by the NGMN diagram above) that different classes of user equipment, utilizing their respective sets of radio access technologies (RAT), would perceive quite different infrastructure configurations, even though they’d be accessing resources from the same pools.

Another suggestion being made by some of the industry’s main customers, at 5G industry conferences, is that telcos offer the premium option of slicing their network by individual customer. This would give customers willing to invest heavily in edge computing services more direct access to the fiber optic fabric that supports the infrastructure, potentially giving a telco willing to provide such a service a competitive advantage over a colocation provider, even one with facilities adjacent to a “carrier hotel.””I believe it will become the norm,” remarked Verizon’s Sender, “that we will have micro-edge implementations; private, on-site implementations; MEC in the public network; regional, local capabilities, all across the compute environment, all supporting one use case for our customer. These things don’t really compete; they’re complementary.”There are diametrically split viewpoints on the subject of whether slicing could congregate telco functions and customer functions together on the same cloud. Some have suggested such a convergence is vitally necessary for 5G to fulfill the value proposition embodied in China Mobile’s original proposal for Cloud Radio Access Network (C-RAN). Architects of the cloud platforms seeking to play a central role in telcos’ clouds, such as OpenStack and CORD, argue that this convergence is already happening — which was the whole point to begin with. AT&T has gone so far as to suggest the argument is moot and the discussion is actually closed: Both classes of functions have already been physically separated, not virtually sliced, in the 5G specifications, its engineers assert. It launched its own 5G MEC initiative in January 2019 statement, stating at the time, “The data that runs through AT&T MEC can be routed to their cloud or stay within an enterprise’s private environment to help increase security.” Yet AT&T may yet wish it had not attempted to close the issue so soon. 5G’s allowance for smaller towers that cost less and cover more limited areas is prompting ordinary enterprises to seek their respective governments’ permission to become their own telecommunications providers, with their own towers and base stations serving their own facilities.Divide and conquerIn March 2019, Germany’s Robert Bosch GmbH launched a partnership with Qualcomm, enabling the manufacturer to apply for and receive dedicated spectrum from German government authorities. Evidently aggravated with the pace of the network slicing argument, Bosch hard-wired its own 5G Wireless and 5G MEC services for its own factories. Auto maker Volkswagen followed suit the next month, apparently for the same reasons. These may represent the most extreme edge computing use cases, said Pandey. But they didn’t take back the power of their own communications systems from telcos, just to hand it over to a different class of tech giant.”They want all that decision-making to happen within that edge manufacturing location,” said Pandey.  “It depends on what the edge vertical is, but all of these things have the same bottom line: There is a volume of data, there is a cost of doing business on a volume of data, and there is a cost of shuffling that data across [from edge to cloud and back].”For years, the viability of network security policies depended upon hard compartmentalization. One network couldn’t be leveraged to break into another network, if there were no connections between them. Likewise, for applications that build their own virtual networks around themselves, one app can’t be leveraged to break into another app, if they don’t share the same namespace.In 2015, VMware turned this entire idea on its head, with a concept called microsegmentation. Rather than dividing networks into large segments, the policies that determined what data gets routed where could be written in such a way as to only recognize restricted sets of addresses for each application, as though all the other addresses didn’t exist. Imagine a satellite map of a city where all the unimportant houses and buildings disappeared, redacted from history, but you don’t notice it because you ignore unimportant things by design. You can’t break into something you don’t believe in.Since that time, this model has been expanded into newer, bolder security models such as the Software-Defined Perimeter (SDP). A network’s entire structure can be defined by policy alone: by a set of rules that, by restricting access only to what exists, implies that nothing else does.In this frame from his Clovisor demo, Stephen Wong shows how Clovisor running in the upper left node successfully injects network routes into three isolated nodes, starting with the upper right node.This is essentially how Clovisor works: by “injecting” rules directly into each pod’s map of the network, using a policy mechanism rather than some administrator-only override.For Huawei’s SOC vision to be viable, such a network map would need to be centralized within Istio’s Mixer component. Maybe, like Cisco’s Pandey projected, the central location for Mixer would be picked-and-chosen, but that would probably happen just once, and that choice would likely be a public cloud platform.And as Wong further explained, that would be a bad idea.”If all your [policy] requests have to go to the cloud just to get Mixer to say yes,” remarked Wong, “that’s the kind of delay that’s completely unacceptable.”It turned out this rule holds true across the board, for any application that makes use of a service mesh. By the end of last year, Mixer was officially deprecated as a part of Envoy. In its place is a mechanism that enables Clovisor to safely inject the ingress and egress points of the mesh, directly into pods. This way, each pod manages its own version of the active policy — not unlike the way DNS servers maintain local maps for resolving domain names to IP addresses.By decentralizing the control plane mechanisms, Clovisor could conceivably give Bosch, Volkswagen, and enterprises of their scale and caliber, exactly the tools they need to manage their communications systems and edge computing platforms, on their own terms. And that’s a problem, at least for the original, would-be vendors of 5G MEC services — the communications service providers that bought into China Mobile’s all-out cloud migration plan in the beginning.The solution to the network striping issue — if, indeed, that’s what this is — may borrow a page from microsegmentation. Instead of a hard subdivision made physically real by a toggled circuit breaker, Clovisor or something like it could create edge networks out of bits and pieces of pods, segmented and isolated on an as-needed basis.Yet here is how the outcome of this solution changes everything: MEC started out as a way for telcos to get into the cloud services business, opening up new revenue channels using commercial customers. Unable to break into a market dominated by AWS, Azure, Google Cloud, and to a far lesser extent, “Other,” telcos settled for partnering with existing cloud service providers, offering customers commercial data services as part of their 5G contracts. But that business model is only viable if cloud functionality is the service being consumed by communications, and not vice versa.If 5G MEC ends up looking like a culmination of Clovisor, edge deployments could instead end up as premium options for existing commercial cloud service contracts. In other words, it wouldn’t be AT&T, Verizon, or T-Something that sends the bill to its phone-using customers, but instead AWS, Azure, and GCP inserting line-items into their SLAs. Economically speaking, telcos would find themselves tossed into the back seat. Sure, they’d have new revenue sources, but it wouldn’t be the same as drumming up excitement and enthusiasm for something else with the “5G” moniker. And perhaps the one thing that ends up going right for 5G these past several years, would see someone else soaking up all the credit.[Portions of this article are based on material that appeared in a previous edition of a ZDNet Executive Guide to 5G Wireless, which has since been revised.]LEARN MORE  More

TPG Telecom is set to join Telstra in offering 5G fixed-wireless services on an invite-only basis from next month. Speaking at the company’s AGM, CEO Inaki Berroeta said TPG has over half a million customers on its 5G network, with coverage available in over “500 suburbs in cities and major centres”. “Take-up of our fixed wireless services has been encouraging as we expand the service across more brands and channels,” he said. “Watching video is what customers do most on their devices — and our mobile network has been built for video.” By the end of 2021, TPG wants to have 85% population coverage for its 5G network within Sydney, Melbourne, Brisbane, Perth, Adelaide, and Canberra. “At the end of last year we renewed our tower arrangements with Axicom allowing us to upgrade our Axicom sites to 5G,” the CEO said. “It will also increase the speed of our 5G roll out with more than 400 Axicom sites to be upgraded with 5G equipment.” Berroeta added the company has integrated over 400 small cells into its mobile network, and was deploying fibre to mobile sites ahead of schedule.

With the merger between Vodafone Australia and TPG being implemented 10 months ago, the CEO said the new company was working to have “culture as a primary company asset”. “From a cultural integration point of view, and I am pleased at how well our people are working together to deliver our strategic priorities,” he said. “Together we are building a new culture at TPG Telecom. It will be a culture with customers at the heart and one which encompasses the best parts of the two businesses.” At the AGM, Jack Teoh was successful in being elected to the board, following his father and brother departing in March, and TPG announced its CFO Steve Banfield was leaving after more than 20 years with TPG. Related Coverage More

Image: Getty Images
The federal government has announced it is ploughing an additional AU$130 million into the “hugely popular” Regional Connectivity Program (RCP) ahead of handing down its budget on May 11. The funding is broken down into AU$106 million for a second round of the RCP, of which AU$45.6 million has been “quarantined” for Northern Australia, and almost AU$25 million for additional “shovel-ready” projects in round 1.

Australian Budget 2021

“The pandemic has shown many Australians the value of the regions, both as economic powerhouses and as desirable destinations to live, work, and raise a family,” Minister for Regional Communications Mark Coulton said. “In order to ensure regional Australians can continue to do the heavy lifting the nation asks of them, the government recognises — and is investing in — the need for improved connectivity.” Last month, the government announced it had selected 81 sites to carve up the AU$90 million available under the first round. Thanks to co-funding arrangements with recipients of the grants, state and local-level governments, regional businesses, and community organisations, the total spent will be in excess of AU$180 million. Many details on the successful projects are not released, however since then, Telstra and Western Australia have opened up on some of the projects.

Telstra said earlier this week it is set to be involved in 30 projects at a cost of AU$16 million from the telco, AU$13 million from state and local governments, and AU$26 million from the Commonwealth. One big ticket item is the AU$9.8 million project to provide a six-fold upgrade to King Island connectivity and set up a 110km radio link across Bass Strait back to Victoria. At the same time, Telstra announced it was opening a AU$200 million co-investment fund for regional mobile coverage to run over the next four years. The telco said it will be looking to partner with governments, local councils, and businesses to make regional projects viable. Meanwhile, Western Australia detailed the projects that will make up the AU$23 million of RCP improvements. The federal government is kicking in AU$17.1 million, while WA puts forward AU$5.88 million of funding. Among the projects are eight mobile coverage improvements from Telstra, two mobile coverage upgrades from Pivotel, three projects upgrading fixed wireless coverage, two improving satellite broadband connectivity, and one project in excess of AU$3 million to shift from satellite coverage to fibre to the premise in Halls Creek. Related Coverage More

Australian Budget 2021

The Australian government has said it will be handing over AU$16.4 million in mobile connectivity grants as part of its 2021 Budget set to be unveiled on May 11. The grants will be focused on bushfire-prone peri-urban areas, the outskirts and transition areas between urban and rural landscapes, and given the abbreviation PUMP for Peri-Urban Mobile Program. “Improving coverage on the peri-urban fringe will help communities access vital information during emergencies, seek help if needed and stay in touched with loved ones,” Communications Minister Paul Fletcher said. “PUMP will also improve the quality and reliability of available mobile services, providing benefits on a day-to-day basis for those living and working in these communities.” The grants will cover “new and improved” mobile connectivity, with Fletcher adding it will complement the Mobile Black Spot Program, which is now on round 5A. Fletcher also said the Australian Communications and Media Authority (ACMA) would also get AU$4.2 million to “support the implementation and administration” of the News Media and Digital Platforms Mandatory Bargaining Code. “Our investment will enable ACMA to fulfil its functions under the Code, including administering an eligibility scheme, registering news businesses, and maintaining a register of arbitrators,” the minister said.

“We welcome the reports that Google and Facebook have reached commercial agreements with some news businesses for the use of their content, and encourage the parties to continue to negotiate deals in good faith. “This is powerful evidence the Code is already doing its job.” Related Coverage More

Shares of content distribution networker Fastly, which hosts traffic for the TikTok app, plunged in late trading after the company reported Q1 revenue and profit that both missed Wall Street’s expectations, and an outlook that missed as well.  The company said CFO Adriel Lares is leaving the company, but will stay on for a period of time while a successor is sought. “CFO Adriel Lares will be stepping down after five years of service,” said CEO Joshua Bixby.  He will continue in his role for a transition period during which we expect to appoint a successor and for a period of time after as an advisor to ensure a smooth transition. We thank Adriel for his many contributions to our company during formative milestones, including becoming a public company, and we wish him well in his future endeavors.  The report sent Fastly shares down almost 18% in late trading.  Bixby called the quarter “outstanding,” adding, “we are observing that many of the trends that emerged last year appear to have become permanent, even as the world begins to reopen.  “Fastly is uniquely positioned to serve companies as they adjust to this new reality, by seamlessly combining delivery, edge computing, and security. 

Also: TikTok bandwidth provider Fastly’s shares sag as Q4 revenue, forecast mostly in line with Wall Street estimates “We are more confident than ever in our ability to deliver on our edge cloud mission and will continue investing in it to position our company for future growth.” In a letter to shareholders, Bixby remarked that the company “Saw strong demand in the beginning of 2021 as we continued to bolster our edge cloud and security offerings.” Revenue in the three months ended in March rose 35%, year over year, $84.85 million, yielding a net loss of 12 cents a share. Analysts had been modeling $85.08 million and negative 11 cents per share. For the current quarter, the company sees revenue of $84 million to $87 million, and net loss in a range of 16 cents to 19 cents. That compares to consensus for $92 million and an 8-cent loss per share. For the full year, the company sees revenue in a range of $380 million to $390 million, and a net loss of 35 cents to 44 cents per share. That compares to consensus of $382 million and a 37-cent loss per share. Of the outlook, Bixy noted that it “Reflects our strong top-line growth momentum, our strategic investments in security and cloud computing, and the incremental expense from the Signal Sciences acquisition.  “Given our usage-based business model, we base our revenue guidance on current and expected platform usage. Consistent with prior years, we expect to gain additional visibility as the year progresses.”

Tech Earnings More

Juniper Networks is introducing a new cloud-based security portal designed to help organizations transition to a SASE architecture without undercutting their existing security deployments. 

The portal, called Security Director Cloud, distributes connectivity and services to an organization’s different sites, their users and applications. What sets it apart from other SASE offerings, according to Juniper, is its ability to automatically import existing security policies.  “The customer can go ahead and register, and it will automatically import all of their policies, and they don’t have to do anything,” Samantha Madrid, VP Product Management, Security Business & Strategy at Juniper, explained to ZDNet. “They don’t have to rewrite anything, they can decide whether they want to import all or just some. It’s entirely up to them, and it’ll remain in constant sync.”This allows customers to migrate to a SASE architecture at their own pace, she said. It also reduces operational overhead during that transitional period to a new security environment. With other cloud-based SASE offerings on the market, Madrid said, organizations “can’t use what they already have in their environment, they have to completely start from scratch.”Interest in Secure Access Service Edge (SASE) services is growing as organizations become increasingly dispersed — a trend driven by technological advancements like 5G, as well as the onset of the Covid-19 pandemic. Security Cloud Director lets customers create unified policies across traditional and cloud-delivered security platforms — covering users, devices or applications. That could mean policies for user-based or application-based access, IPS, anti-malware or web security policies. 

The portal offers the Security Director Insights feature, which provides correlated visibility into attacks across the entire network. Customers can integrate detection from other vendors’ products, which are populated in an attack timeline.”We’re giving [customers] not only the ability to bridge their existing with their future transformations, we’re giving them integrated security orchestration and integrated insights into the overall risk posture.”Prior and related coverage: More