• noelsmit

Don't Lose Sleep Over Firmware

Firmware is active in most IT infrastructure components, servers, network components and storage units. This specific type of software allows the hardware to function correctly. Often it includes the entire operating system of the device, with all functions for control, monitoring and data manipulation being performed. Today, firmware is not unique to IT infrastructure anymore, but it can also be found in the many forms of consumer equipment.

The Current Generation of Firmware

When the firmware is loaded into the equipment it is usually stored in so-called non-volatile memory devices such as ROM, EPROM or flash memory. The advantage of storing it in this form of memory is that it remains available when the device is switched off. The next time the device is switched on, it is immediately available. Changing firmware for consumer equipment is done in rare occasions. However, when looking at the firmware of the IT infrastructure, we see that vendors regularly come up with newer versions (usually called releases). This usually happens at least twice a year and there are various reasons for making a new version available. It could be to fix errors in an existing version, to add new functionality, or it can be a combination of both.

As mentioned, the firmware is intended to let the hardware function in a certain way. In practice, this means that different types of equipment require their own specific firmware. As an example, when using switches, routers and security devices it means you are dealing with three different types of firmware. There is often a compatibility issue because firmware x which is active on the switch can only work with a certain version of firmware y on another device. Particularly in mixed environments, it can take a lot of time to set up a correct upgrade plan to carry out a "refresh" of the infrastructure. And besides, even though the goal is to refresh only the network infrastructure, it means in certain cases that the firmware of a device connected to your network needs to be updated as well. Because of this complexity, many companies fail to regularly update their network infrastructure, even though it is an absolute must. Strada Networks is happy to advise/assist you with this activity.

Another tendency we have seen over the years is that the size of firmware keeps growing. At one of the OEM’s the firmware for a certain (SAN) switch grew from about 600MB to just over 1GB. This is something that you have to take into account in advance if you have a larger number of switches with a slower management connection for the uploads when you need to update. The reason for such growth could be that the original core has been supplemented with corrections to errors found and/or has been extended with new functionality. This functionality is not always applied because it sometimes concerns "extra" features that can only be activated against payment for a license. In other words, you have something you need to maintain, but which you do not fully use. Firmware is often made as one large building block. Although this makes it easier to build the new firmware in your system it can also lead to problems. Managing sources and isolating errors, for example, allow a single process to easily consume the entire processor or cause the entire device to fail.

We have discussed the limitations of most firmware currently available:

  • Multiple release trains and software versions, many times device specific, which delay network upgrades with extensive inventories, tests, qualifications and training;

  • "One large building block" architectures, which influence network stability, performance and security;

  • Complex, error-prone management tasks, which not only add time and effort to routine activities, but also multiply the risk of human errors that can lead to failure or create security vulnerabilities.

A need for simplicity in Firmware

What OEM’s should deliver is standardized solutions that not only work on a single product model (or a number in a certain category), but can be applied to multiple, preferably all products in their portfolio. This would greatly simplify the management of the environment because compatibility problems are greatly reduced. In addition, it is easier for the employees because they can focus on less different programs (with different versions). For management, this will ultimately have a positive effect on the total cost of ownership.

Industry-leading OEM’s are starting to focus more on a modular structure of the software. On a solid core (nowadays usually a Linux core), modules should be implemented dynamically according to the needs of the customer. This prevents the installation of initially "cumbersome" programs which often make the installation process unnecessarily long. In addition, no resources will be allocated that are not used (think of features that are 'asleep' but will only be used after activation of a license).

Positive changes are happening

However, the world is changing. Fortunately, OEM’s listen to the wishes of the customer.

One of the partners of Strada Networks, Juniper, was one of the first to identify those problems and introduced one operating system that can be used on three different platforms (switching, routing and security). The advantage of this is that one release train and software version will suffice. This greatly simplifies an upgrade of your network.

In addition, the Junos control system is modular. The biggest advantage of this is that a small problem in one of the functions does not immediately endanger the entire system, but in the worst case only the specific module to which it belongs. Due to newer techniques, 'errors' will be caught, and an error message will tell you that there has been a problem and how it has been 'automatically' solved. Another advantage of the modular structure is that if new functionality is to be added, this can be done by building a new module and placing it next to the already existing modules (on top of the core).

However, despite the changes that are going on, the complexity of a firmware upgrade for clients can still be a challenge. A dangerous way to deal with this is to ignore the complex upgrade and think "let's postpone it, it works ....". Indeed, it works for now, but if an error occurs, it can have many more significant consequences than if you regularly upgrade (and unfortunately too often we assist customers who ended up in this situation).

Is a firmware upgrade for your organization too challenging or do you want to know more about this subject, do not hesitate to contact us. Our employees have extensive experience in this area, and we can provide you with the right advice and/or take care of the activities for you.