Your SlideShare is downloading. ×
Virtual Infrastructure C27_B259, MSCS building, UNE, Armidale ...
Upcoming SlideShare
Loading in...5

Thanks for flagging this SlideShare!

Oops! An error has occurred.


Saving this for later?

Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime - even offline.

Text the download link to your phone

Standard text messaging rates apply

Virtual Infrastructure C27_B259, MSCS building, UNE, Armidale ...


Published on

  • Be the first to comment

  • Be the first to like this

No Downloads
Total Views
On Slideshare
From Embeds
Number of Embeds
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

No notes for slide


  • 1. Virtual Infrastructure C27_B259,  MSCS building, UNE, Armidale, NSW, Australia on Friday, 25th May 2007 from 12 to 1pm. by Dr. Charles R. Watson School of Maths, Stats and Computer Science University of New England, Armidale NSW 2351 URL:
  • 2. Overview
    • Digital Communications Technology
    • Voice over IP
    • Integrity and Availability
    • Security
    • Discussion: cost-neutral improvement of our virtual infrastructure
  • 3. Transmission Media
  • 4. Wireless LAN Architecture
  • 5. Ethernet: CSMA/CD Carrier Sense Multiple Access with Collision Detection
  • 6. Protocol Analyzers Traffic displayed by protocol type
  • 7. Wide Area Network
  • 8. Gateways
  • 9. Client/Server Communication
  • 10. Satellite Internet Access
  • 11. Satellite Internet Access (continued) Dial return satellite Internet service
  • 12. WAN Technologies Compared
  • 13. WAN Technologies Compared (continued)
  • 14. Voice-over-IP
    • Cisco AS5300 is the core AARNet Gateway.
    • Voice card for Cisco 3660
    • Skype is a peer-to-peer Internet telephony network founded by the Niklas Zennström .
      • It competes against existing open VoIP protocols such as SIP , IAX , and H.323 .
      • Rapid growth in free and paid services .
      • Features include
        • free voice and video conferencing,
        • its ability to use peer to peer (decentralized) technology to overcome common firewall and NAT ( Network address translation ) problems
  • 15. VoIP (continued) Accessing a VoIP network from traditional telephones
  • 16. VoIP (continued) Accessing a VoIP network from IP phones
  • 17. Internet Group Management Protocol
    • Network layer protocol that manages multicasting allowing one node to send data to defined group of nodes
    • Routers use IGMP to determine which nodes belong to multicast group and to transmit data to all nodes in that group
    • IGMP can be used for online video and gaming, and allows more efficient use of resources
    • UDP - User (Unreliable) Datagram Protocol is faster and more efficient than TCP for lightweight or time-sensitive purposes, e.g. IPTV, audio-visual streaming media
  • 18. Real world example
    • One hour of video encoded at 300 kbit/s (this is a typical broadband video for 2005 and it's usually encoded in a 320×240 pixels window size) will be:
      • (3,600 s · 300 kbit/s) / 8,388.608 = 128.7 MiB of storage
    • If the file is stored on a server for on-demand streaming. If this stream is viewed by 1,000 people using a Unicast protocol, you would need
    • 300 kbit/s · 1,000 = 300,000 kbit/s = 300 Mbit/s of bandwidth
    • This is equivalent to 125.73 GiB per hour. Of course, using a Multicast protocol the server sends out only a single stream that is common to all users. Hence, such a stream would only use 300 kbit/s of bandwidth.
  • 19. Integrity and Availability
    • Integrity refers to the soundness of network files, systems, and connections
    • Fault tolerance is a system’s capacity to continue performing despite unexpected hardware or software malfunction
    • A UPS is a battery power source that prevents undesired features of the power source from harming the device or interrupting its services
    • Backup rotation provides excellent data reliability without overtaxing network or requiring much intervention
    • Disaster recovery is the process of restoring critical functionality and data after an enterprise-wide outage
    • Critical servers often contain redundant NICs, processors, and/or hard disks to provide better fault tolerance
    • Server mirroring involves utilizing a second, identical server to duplicate the transactions and data storage of one server
    • Clustering links multiple servers together to act as a single server
  • 20. Redundant Array of Independent (or Inexpensive) Disks RAID Level 5—disk striping with distributed parity
  • 21. Fully redundant T1 connectivity Redundancy provides load balancing and fault tolerance .
  • 22. Security
    • Choosing secure passwords is one of the easiest and least expensive ways to guard against unauthorized access.
    • A security policy identifies an organization’s security goals, risks, levels of authority, designated security coordinator and team members, responsibilities for each team member and each employee, and strategies for addressing security breaches.
    • A firewall is a specialized device that selectively filters or blocks traffic between networks.
    • A proxy service is a software application on a network host that acts as an intermediary between the external and internal networks, screening all incoming and outgoing traffic.
  • 23. Physical Security Badge access security system
  • 24. Authentication A RADIUS server providing centralized authentication
  • 25. Domains = Organizational Units
  • 26. Trust Relationships
  • 27. Trust Relationships (continued) Explicit one-way trust between domains in different trees
  • 28. Public Key Encryption
  • 29. Proxy Servers A proxy server used on a WAN
  • 30. Network Address Translation
  • 31. Deep packet inspection
    • Deep packet inspection ( DPI ) is a form of computer network packet filtering that examines the data part of a through-passing packet , searching for non-protocol compliance or predefined criteria to decide if the packet can pass. This is in contrast to shallow packet inspection (usually called just packet inspection) which just checks the header portion of a packet.
    • DPI devices have the ability to look at Layer 2 through Layer 7 of the OSI model . This includes headers and data protocol structures. The DPI will identify and classify the traffic based on a signature database
    • A classified packet can be redirected, marked/tagged (see QoS ), blocked, rate limited, and of course, reported to a reporting agent in the network.
    • Many DPI devices identify flows rather than a packet by packet analysis.
    • DPI allows phone and cable companies to "readily know the packets of information you are receiving online--from e-mail, to websites, to sharing of music, video and software downloads" [1] .
    • DPI is also increasingly being used in security devices to analyze flows, compare them against policy, and then treat the traffic appropriately (i.e., block, allow, rate limit, tag for priority, mirror to another device for more analysis or reporting).
  • 32. Project Management
  • 33. NCRIS
    • National Collaborative Research Infrastructure Strategy (NCRIS) projects
    • http:// /
      • 5.16 Platforms for collaboration
      • 5.16.1 Data access and discovery, storage and management
      • 5.16.2 Grid enabled technologies and infrastructure
      • 5.16.3 Technical expertise
      • 5.16.4 High performance computing
      • 5.16.5 High capacity communications networks
    • "Platforms for Collaboration" will develop our strengths in other NCRIS categories:
    • Evolving Bio-molecular Platforms and Informatics
    • Integrated Biological Systems
    • Biotechnology Products
    • Networked Bio-security Framework
    • Structure and Evolution of the Australian Continent
    • Terrestrial Ecosystem Research Network
    • Population health and clinical data linkage
  • 34. Discussion
    • Future virtual infrastructure
    • Email spam
    • voice-over-IP
    • multicasting
    • firewall configuration
    • federated identity management
    • intellectual property protection
    • cost-neutral deployment
    • rapid obsolescence