Co m en ts of Gary Sloper & Mark Wilkins im Managing Volatility Through DNS pl Edge Resiliency Edge Resiliency Managing Volatility Through DNS Gary Sloper and Mark Wilkins Beijing Boston Farnham Sebastopol Tokyo Edge Resiliency by Gary Sloper and Mark Wilkins Copyright © 2018 O’Reilly Media All rights reserved Printed in the United States of America Published by O’Reilly Media, Inc., 1005 Gravenstein Highway North, Sebastopol, CA 95472 O’Reilly books may be purchased for educational, business, or sales promotional use Online editions are also available for most titles (http://oreilly.com/safari) For more information, contact our corporate/institutional sales department: 800-998-9938 or corporate@oreilly.com Editor: Virginia Wilson Production Editor: Melanie Yarbrough Copyeditor: Octal Publishing Services, Inc September 2018: Proofreader: Christina Edwards Interior Designer: David Futato Cover Designer: Karen Montgomery Illustrator: Rebecca Demarest First Edition Revision History for the First Edition 2018-08-30: First Release This work is part of a collaboration between O’Reilly and Oracle Dyn See our state‐ ment of editorial independence The O’Reilly logo is a registered trademark of O’Reilly Media, Inc Edge Resiliency, the cover image, and related trade dress are trademarks of O’Reilly Media, Inc The views expressed in this work are those of the authors, and not represent the publisher’s views While the publisher and the authors have used good faith efforts to ensure that the information and instructions contained in this work are accurate, the publisher and the authors disclaim all responsibility for errors or omissions, including without limitation responsibility for damages resulting from the use of or reliance on this work Use of the information and instructions contained in this work is at your own risk If any code samples or other technology this work contains or describes is subject to open source licenses or the intellectual property rights of others, it is your responsibility to ensure that your use thereof complies with such licenses and/or rights 978-1-492-04036-1 [LSI] Table of Contents Edge Resiliency Is Critical to Your Business What You Will Learn Intended Book Audience 3 Exposing Buried Threats to Your Business Network Vulnerability When the Internet Is Your Network Backbone Virtualization and Outsourcing of Services Vulnerabilities Within Your Own Organization Looming Security Threats Unpredictable, Uncontrollable Problem Sources Conclusion 11 12 Strategies to Meet the Challenges 13 Strategy 1: Consider the End-to-End User Experience Strategy 2: Embrace Processing at the Edge as Part of Your Total Design Strategy 3: Engage with Your Cloud Provider to Arrive at the Optimal Topology Strategy 4: Increase Redundancy and Reliability with Multicloud and Hybrid Cloud Strategies Strategy 5: Involve DevOps Staff in All Aspects of Edge Services Planning and Implementation Strategy 6: Inject Chaos to Find Weaknesses Before They Affect Customers in Production Strategy 7: Use Managed DNS Functionality to Limit Endpoint Exposure and Network Volatility Conclusion 13 14 14 15 16 16 18 19 iii Managed DNS Services 21 Benefits of DNS DNS Routing When to Consider a Managed DNS Conclusion 21 23 25 29 Choosing a Managed DNS Provider 31 Evaluation Period Business-Critical Availability A Focus on Security Support Easy-to-Use Tools Conclusion iv | Table of Contents 31 31 32 32 32 33 CHAPTER Edge Resiliency Is Critical to Your Business In today’s 24/7 global business environments, resiliency is not only an assumption by your customers, it’s a requirement for your suc‐ cess Simply defined, IT resilience is an organization’s ability to maintain acceptable service levels, no matter what challenges arise From CTOs to networking IT staff, the threats and challenges to services that live at the edge of the network—including both the user edge and the site edge—pose the potential for unplanned and cer‐ tainly unwanted business disruptions To understand the implications and solutions of resiliency at the edge, we first need to understand what the term “edge” really means here In reality, there are multiple edges The user edge is where the end user sits and first interacts with the internet The network edge is in front of the content or service that the user is trying to reach (think transit, content delivery network [CDN], domain name sys‐ tem [DNS], and so forth) The site edge is typically at the datacenter or cloud infrastructure where the content or service resides Your goal is to get control as close to the user edge as possible Sources that trigger instability for the myriad internet services that today’s enterprises depend on range from simple misconfigurations, to large-scale natural disasters, to nefarious targeted attacks, as well as business-driven internet routing decisions to meet traffic and sovereignty requirements The user edge is your customers’ first (and possibly only) interaction with the application or service that they’re trying to access It’s where impressions are made—or fail Traditionally, companies have focused on the user experience as they interacted in expected, or unexpected, ways across the network However, just as important, each edge location can also be a portal for instability and threats These can come from unintentional side effects such as attempts to meet high-traffic requirements, physical infrastructure challenges (e.g., from a natural disaster), or deliberate attacks from bad actors The simple reality is that if your company relies on cloud-hosted applications, which more and more are these days, internet volatility now has a greater impact on your business than at any given time in the past The large numbers of medium-to-large enterprises that have been moving into hybrid and multicloud implementations only magnifies the scope and likelihood of an impact For the past few years, medium- to large-sized enterprises have been transitioning away from doing everything in-house to using hosting providers to support a sophisticated global presence This is a natu‐ ral evolution as organizations scale, so this book will touch on the due diligence they need to perform; the problems they might encounter; and what they can to optimize their performance, security posture, balance workloads, and steer traffic more effi‐ ciently in a hybrid cloud or multicloud environment The shift from hosting corporate applications on-premises to using cloud-based service providers is an accepted practice for doing busi‐ ness today And, like any key corporate resource, companies need to safeguard and protect it Network resiliency (especially at the user edge) is your insurance policy against internet-based disruptions Additionally, more organizations have begun to deploy multicloud environments using additional vendors or a private infrastructure to support their businesses This dynamic will continue to grow, taking advantage of diversity and performance-based cloud services Granted, when you depend on internet services that are a “black box,” some aspects will be out of your direct control In those areas, your business must rely somewhat on trust—trust in those who have constructed today’s complex internet, trust in the partners you work with, and trust that the infrastructure you’ve invested in will mostly work reliably and appropriately However, trust is not a strategy: 24/7 global businesses face new exposures each day To combat these challenges, businesses must take responsibility for resiliency In this | Chapter 1: Edge Resiliency Is Critical to Your Business way, they can gain direct control to insure against the risks And it all starts by understanding the approaches that you can take to accomplish this goal What You Will Learn In the remaining chapters, we discuss these approaches and offer insight and strategies for creating resiliency at the edge The goal is to stabilize internet volatility, whatever the source The critical topics we cover include the following: • Recognizing volatility sources • Optimizing performance and balancing workloads amid inter‐ net volatility • Steering traffic more efficiently • Strengthening your security posture—not just in a traditional datacenter, but also in a hybrid and/or multicloud environment • Working with DNS infrastructure, managed DNS, and edge services We discuss common challenges and present clear examples to demonstrate the benefits of using managed DNS infrastructure to strengthen edge resiliency And we offer assessment criteria for when you are deciding whether to incorporate a managed DNS pro‐ vider into your resiliency strategy This, will, in turn, provide options and strengthen your ability to manage, challenge, and work around any internet threats, disruption, or volatility Intended Book Audience We wrote this book for IT managers to help them proactively enable a resiliency strategy in the face of planned and unplanned events from the user edge to the applications and services those users are trying to reach Our goal is to help you prevent challenges that could have a negative impact on customer satisfaction and business out‐ comes Business leaders must be aware and plan for these challenges before they happen, because today, our customers, our employees, and our reputations are all “living on the edge.” What You Will Learn | what you should know about it as you consider it as a potential solu‐ tion 20 | Chapter 3: Strategies to Meet the Challenges CHAPTER Managed DNS Services A managed DNS solution might represent the best near-term strat‐ egy for protecting a business from the challenges that face today’s networks at the edge In this chapter, we dive deeper into what bene‐ fits it can provide At a high level, we can define a managed DNS service as a service sourced through a specialized DNS service provider that enables users not only to manage DNS traffic, but also to access advanced features, including active failover, load balancing, dynamic IP addresses, and geographically targeted DNS Each managed DNS service provider brings its own value proposi‐ tion to users looking for such services We’ll explore some of the typical provider services later in this chapter But first, it’s worth dis‐ cussing where you can use traditional DNS services as a foundation for understanding what a managed DNS provider can offer Benefits of DNS Some of the many uses to which organizations apply their DNS ser‐ vice include the following: Performance You can use geolocation load balancing for performance opti‐ mization; routing the request to the server closest either to the user edge or to the endpoint 21 Cloud migration Ratio load balancing allows for a gradual transition to the cloud; you can migrate some traffic to new cloud-hosted resources environments to test and validate access and then slowly move more traffic when ready Availability Active failover allows you to establish a second endpoint or multiple alternate endpoints to which the first can fail over to ensure availability and health of the connection path Containers Containers can be published to multiple clouds, but are the clouds themselves load balanced? DNS traffic steering enables users to keep containers highly available, load balanced, and performant In the sections that follow, we look a little more closely at three areas: performance, availability, and security These benefits apply whether the DNS is delivered from a managed DNS service provider or bundled with services from a CDN, a local ISP, a web application firewall (WAF) provider, or even your own data center staff Performance Internet traffic is at an all-time high and shows no signs of slowing down Correspondingly, network infrastructure in most companies is struggling to keep up In any number of scenarios today, servers (whether physical or virtual) can become overloaded Any time a server is at or near capacity, it can have a direct negative effect that can ripple throughout the network By taking advantage of the rout‐ ing capabilities of DNS, traffic and requests can be routed to alterna‐ tive systems not experiencing as much load To truly make this effective though, there must be a predetermined plan that is put into action quickly (preferably automated) Another, less obvious, benefit is being able to direct traffic to test systems for performance testing Using DNS infrastructure, the developer can run test environments in real time To move traffic from test to production, developers can change time-to-live (TTL) settings, redirecting traffic to the chosen location On a related point, using decentralized DNS for nameservers to resolve your queries inherently reduces latency and maintains a 22 | Chapter 4: Managed DNS Services smooth user experience It can also eliminate the need to trouble‐ shoot unidentified performance issues with your telco provider Availability Outages can happen at any time If your business has multiple data‐ centers or uses a service with multiple datacenters, DNS can be the traffic diverter from the outage area to another location that keeps your customers in business Where practical, you can also this on a small scale with other failover/clustering technologies You can also utilize DNS to route traffic away from your legacy data‐ center during maintenance times Having the ability to take control at the DNS layer and reroute traffic in a quick, transparent way pro‐ vides a key advantage in continued availability to your customers Security Increased levels of security threats are occurring at the DNS level every day These arise from DDoS attacks, malicious bots, malware, and other application vulnerabilities that propagate via the network back roads Access via DNS must be guarded, but it also becomes the first place the threats can begin with mitigation Often, DNS amplification or reflection attacks are prime suspects during a DDoS event DNS Routing DNS has a significant role to play in providing edge resilience, pro‐ tection, and stability It has close proximity to the edge and we can also use it to direct traffic where we need it to go—transparently to the customer Think about how traditional failover occurs at the network or server layer Deploying an intelligent DNS network that can steer traffic at the apex of a domain would be faster versus rout‐ ing to an end node and then making a decision This is important when reducing latency and quickly issuing a new session should a failure occur in order to serve your clients Note that none of these scenarios we have discussed required a man‐ aged DNS service—just DNS It is possible with enough staff, plan‐ ning, and priority responses to utilize DNS without utilizing other additional tooling as a shield Beyond that, it is also possible to DNS Routing | 23 automate some aspects of a DNS strategy in-house, assuming resources are available DNS Anycast Networks Anycast is a one-to-many network routing scheme in which a desti‐ nation address has multiple routing paths to a variety of endpoints (at least two) Anycast DNS routing allows traffic to be distributed to multiple datacenters, providing global active-active load balanc‐ ing A DNS anycast network offers several benefits With a DNS anycast network, you can route requests to the closest PoP for the best response; take advantage of the one-to-many relationship between IP addresses and their associated nameservers; distribute traffic from a single IP address to different nameservers based on the ori‐ gin of the request; and add multiple telco providers to these name‐ servers, adding another level of redundancy at these PoPs Why does all this matter? By routing requests to the closest nameserver, the resolution time is greatly reduced, and users experience improved overall perfor‐ mance This effect is magnified for websites that include multiple DNS lookups for additional files and assets that need to be loaded before a page completes Web apps must resolve various compo‐ nents for the user edge to become successful, and this is where DNS can potentially make or break the online experience Some organiza‐ tions believe their cloud provider or telco speeds and feeds drive performance—and this is true—but DNS and CDN networks also contribute An intelligent edge positions your organization to deliver continued optimal responses to: • Planned interruptions resulting from routine maintenance or a switch to new cloud services • Unplanned outages due to inclement weather, power failures, or faulty fiberoptic lines • Redundancy based on having multiple anycast PoPs or multiple transit providers per PoP 24 | Chapter 4: Managed DNS Services When to Consider a Managed DNS What, then, are the benefits that you can get from a managed DNS service? In simplest terms, you can think of managed DNS as mag‐ nifying the capabilities of DNS—putting armor around the edge of your application through automation, scalability, self-service, moni‐ toring, and key services tuned for your business To understand more, let’s take a closer look at the kinds of services that are typically offered Intelligent Monitoring At its most basic level, intelligence at the network edge is the simple act of monitoring the edge to determine whether your resources are available If there is a problem, decisions and next steps can happen first at the DNS layer, before affecting datacenter and hybrid-cloud environments For example, if a primary fiber cut occurs, intelligent DNS allows you to see that the environment is not available and make routing decisions at the service edge, before the endpoint is affected This action from the edge can save milliseconds in failover response time That time might seem small, but it does make a difference According to the Aberdeen Group, a 1-second delay in page load time equals 11% fewer page views and a 16% decrease in customer satisfaction.1 Active Failover Active failover is a DNS service that moves traffic to a healthy end‐ point host in the event of degraded service During such impacts, active failover enables your website or web-based application to remain reachable When the system detects an outage, traffic is automatically rerouted to an alternate, predefined endpoint—or even to multiple endpoints in succession This ensures that your traffic finds a route to a healthy location as quickly as possible Active failover is configured to check on service endpoint health by running HTTP, HTTPS, Ping, SMTP, and TCP protocols to verify AberdeenGroup, “The Performance of Web Applications,” p 4, November 2008, reprinted 2015 When to Consider a Managed DNS | 25 that the site is still responding When the primary service fails to respond, traffic is redirected to an alternate endpoint Active failover considers both the endpoint’s ability to serve the user and the condi‐ tion of the path used to reach that endpoint Traffic Steering Traffic steering makes intelligent, policy-based decisions on where to send user traffic via DNS Factors that determine routing include proximity of user to content, node availability, and overall route per‐ formance Using intelligent responses, the traffic steering can be adjusted to take a different route This operates at the level of the root of the user’s domain A basic example of intelligent traffic steering is to “round-robin” traffic across multiple cloud or datacenter locations for load balanc‐ ing A more sophisticated example might involve taking into account the geographic location of the user to decide which servers to which to route requests For example, a query from London could be routed to a European-based point of presence (PoP), whereas a request from San Francisco can be routed to a western US-based location You can also factor additional information gathered from monitor‐ ing, such as availability and load balancing, into traffic steering deci‐ sions These capabilities can also help monitor your digital edge and DNS environment to detect and mitigate threats and anomalies— including routing You can use traffic steering to shift traffic away from threats before they have a negative impact on your infrastruc‐ ture, especially if you have an outage Using DNS for intelligent traffic steering is also good news from a marketing standpoint Although some executives might not intuit the details of DNS at the edge, the benefit of being able to target spe‐ cific content to specific audiences without significant additional investments is clear For example, routing users to a specific geo‐ graphic location allows you to serve different content This capabil‐ ity is particularly beneficial to retailers Federated Load Balancing The term “federated” is used to describe different kinds of imple‐ mentations working together to provide a full solution In this case, it refers to two different kinds of load balancers working together to 26 | Chapter 4: Managed DNS Services provide a comprehensive load-balancing solution for your business It is a tiered approach that brings together multiple disparate com‐ ponents into a single, unified solution that focuses on steering traffic based on balancing control and asset awareness As we noted in Chapter 1, there are two different kinds of edges we can talk about with our business networks: the user edge, where users first come into contact with our network; and the site edge, where the network first comes into contact with our infrastructure that holds the sought-after content or service Each of these edges has access to unique information The load bal‐ ancers running there have the flexibility to steer traffic along differ‐ ent dimensions This simple description sums up the differences well: • The user edge is powered by DNS and steers user traffic to des‐ tination endpoints based on how the request is resolved • The site edge or local load balancers are responsible for direct‐ ing traffic to the most available compute or storage resource to service that request The local rules take into account resource availability, load, session maintenance, and security The DNS load balancers at the user edge are commonly referred to as global load balancers (in contrast to the local load balancers at the site edge) These two types of load balancers complement each other well Here are some examples: • Global load balancers have the big picture view of the available paths, hence the term global • Global load balancers ensure that users are routed to the best, or available, endpoints • Global load balancers can provide weighted, round-robin, and geography-based routing • Local load balancers have knowledge about the available site resources • Local load balancers ensure that the site is operating efficiently and is able to serve up resources These two types of load balancers also work together in the feder‐ ated model to serve end users For example, a problem occurs at a When to Consider a Managed DNS | 27 defined site where a load balancer is not available or able to steer traffic If other sites are configured, a DNS-based global load bal‐ ancer can automatically redirect traffic to an alternate “healthy” site “Secondary” or Multiprovider DNS Implementations Service providers with a global DNS infrastructure can enable you to add a secondary global DNS service A secondary DNS service can help provide resiliency at the DNS layer for use cases such as when your primary DNS service faces an outage or suffers a mali‐ cious attack In such cases, the redundant service remains fully operational for your users However, the window is not infinite as the secondary DNS servers receive updates from the primary Latency might increase because application requests must travel a bit further The functionality of a secondary DNS is often misunderstood A common misconception is that a secondary DNS architecture is for backup only, meaning that it sits idle and begins working only when the primary architecture fails But not think of a secondary DNS as a traditional server pool configuration or a virtual router redun‐ dancy protocol (VRRP) design A secondary DNS can actually sit in delegation for an organization, delivering requests on queries if it happens to be faster than the primary server It can be a workhorse in the event of a disruption to the primary nameserver but can also potentially resolve queries in real time As a secondary solution, the primary DNS server holds the “master copy” of the data for a zone, and secondary servers have copies of this data that they synchronize with the primary server through zone transfers These zone transfers happen at intervals or when prompted by the primary nameserver When implementing any sort of secondary DNS, be sure it can receive DNS Notifys utilizing, for example, a successful incremental or asynchronous full zone trans‐ fer (IXFR/AXFR), to ensure proper zone updates You can also con‐ figure secondary DNS to complement an existing in-house approach One method called hidden master uses your existing DNS behind the firewall for management and configuration and then uses a cloud-based DNS for resolving queries Note that having a secondary DNS does not necessarily mean it sits idle In some cases, your secondary DNS providers might be able to 28 | Chapter 4: Managed DNS Services provide faster local responses than your primary DNS environment Proper configuration is key to ensuring the best results Outage Mitigation At the provider level, managed DNS has an important role to play in today’s dispersed, multicloud environments In much the same way that a traffic-steering service routes users to alternate regions for the best experience, intelligent DNS can route connections to an alter‐ native cloud site during an unplanned outage, for continued service minus the session impacted You can use this same functionality to take control at the DNS layer for planned outages For example, if you are aware that your cloud provider has an upcoming maintenance window and you want to steer traffic completely away from that node during the outage win‐ dow, this mitigation strategy can accomplish that An additional use of this kind of functionality can benefit develop‐ ment and deployment processes When applications are being moved to the cloud, intelligent DNS provides developers with more flexibility at the network edge to control production traffic By being able to tune the traffic targeted for a new release of an application, developers and IT staff can gather useful information about how it performs and any potential issues under load Conclusion A managed DNS can provide significant value across multiple dimensions of vulnerability Adopting this can be an effective way to implement comprehensive edge protection for existing networks This service has multiple tools available in its toolbox that you can use to fix or prevent many of the common threats your network might encounter as well as build a stronger, more efficient end-toend path for your customers But it must also have the right tools for your needs Even the most sophisticated and powerful screwdriver is largely ineffective if you need to nail two boards together Ensuring that you are making the right choice here requires awareness and forethought To assist with that, we next look at some suggested business criteria for evaluating managed DNS offerings Conclusion | 29 CHAPTER Choosing a Managed DNS Provider There are many providers of managed or intelligent DNS solutions It is impossible within the scope of this book to elaborate on all the facets to consider, so here we suggest some of the criteria to weigh if you want to further explore a managed DNS service There is no specific ordering by importance given that each reader’s priorities are their own Within these considerations, the differentiator should be the needs of your business Evaluation Period As you consider a managed DNS service, you want to make sure that you are offered the opportunity to evaluate, pilot, and imple‐ ment a redundant DNS service Ideally, you can this in a coloca‐ ted environment—without introducing risk or disruption to your current DNS infrastructure Business-Critical Availability In terms of availability, there are several factors to look for, such as operation centers based out of geographically distributed PoPs You should award bonus points for centers that are on separate power grids, floodplains, and fault lines to protect against disasters Redun‐ dant server configurations should always be in place to protect against hardware failures And multiple Tier transit providers at each PoP can provide additional confidence in the provider’s resil‐ iency 31 A Focus on Security Providers should employ a variety of security measures to establish trust, defend against threats and malicious attacks, and mitigate risk Moreover, they should have dedicated security personnel who closely monitor industry trends and can easily explain the nature of threats and solutions A plan should also be in place to regularly update their data center systems Support No matter how good the automated services of a provider, they mean little when something isn’t working Having 24/7/365 techni‐ cal support from a team operating in your geography’s office hours and trained DNS experts on-call can be crucial to preventing down‐ time for your customers If the provider has different tiers of sup‐ port, you’ll want to pay careful attention to the SLA offered by the services utilized by each of the tiers and not just the cost There should be clear, easy-to-access online documentation that is frequently reviewed and updated A bonus is standard datagathering tools to harvest log and system information for easy inter‐ action with technical support during problem resolution Easy-to-Use Tools Most providers will have basic tools available to customers An example would be a GUI to create policies for executing failover if resources become unavailable or unreachable in a key market Based on how your IT staff operates, there are multiple things to consider around the provider’s tools: • Are they online or you need to install them? • Do they run on the favored operating systems and/or browsers that your teams rely on? • Are there mobile apps to interface with the system? • What security protocols you need to access them? 2FA? Bio‐ metric? Single sign-on? • How often are they updated and can you choose when to take the updates? 32 | Chapter 5: Choosing a Managed DNS Provider • How well documented are they? And, if you plan to build custom solutions on top of their platform, you need to understand the frameworks they provide Most com‐ monly and ideally, this will be a well-defined set of APIs for your developers to interface with, along with clear examples to draw upon Conclusion A complete solution for resiliency at the edge involves an eyes-wideopen assessment of the vulnerabilities and needs of your particular situation After that is clear, you are in a position to consider which strategies will best serve your needs and address your concerns If you are considering adding a managed DNS, it is important to think about the criteria that are most important to you in a potential solu‐ tion and how well a provider might or might not meet those needs We hope this book has been useful to you and has provided insights and ideas that you can incorporate in the short and long terms to safeguard your network, your customer interactions, and ultimately your success To learn more about the growing need for distributing IT resources and services to the edge of a company’s network, closer to user populations, we recommend reading Gartner’s report “The Edge Manifesto” by analyst Bob Gill In closing, we leave you with one key thought that applies when dealing with edge resiliency just as it does for all other challenges Intent is not enough to solve your business problem Learning and taking action are the dual strategies that will get you where you want to go We wish you continued success Conclusion | 33 About the Authors Gary Sloper is a vice president at Oracle Dyn Gary brings over 20 years of experience to his leadership of the global solutions engi‐ neering and customer success teams His organization architects and implements cloud-based edge services, including providing deliverability and security services to help customers monitor, con‐ trol, and optimize their CDN and hybrid cloud workloads As course director for Global Knowledge (GK), Mark Wilkins developed and taught many technical seminars including Configur‐ ing Active Directory Services, Configuring Group Policy, and Cloud and Virtualization Essentials Mark also developed courseware for the Microsoft Official Curriculum 2008 stream: Managing and Maintaining Windows Server 2008 Network Services, and Active Directory Services Mark’s published books include Windows 2003 Registry for Dummies (IDG), Windows System Policies, Administering SMS 3.0, and Administering Active Directory (McGraw-Hill) Mark’s latest book is Learning AWS, due to be published by Pearson Educa‐ tion in 2019 ... resiliency at the edge, we first need to understand what the term edge really means here In reality, there are multiple edges The user edge is where the end user sits and first interacts with... significant role to play in providing edge resilience, pro‐ tection, and stability It has close proximity to the edge and we can also use it to direct traffic where we need it to go—transparently to the... Evaluation Period Business-Critical Availability A Focus on Security Support Easy-to-Use Tools Conclusion iv | Table of Contents 31 31 32 32 32 33 CHAPTER Edge Resiliency Is Critical to Your Business