This Changes Everything

Steve Bishop, CTO/ Co-Founder, VeriStor Systems | Friday, 08 July 2016, 12:37 IST

These limitations represent major roadblocks for IT organizations trying to keep pace with ever- increasing demands for agility, efficiency, and most importantly, security.

"Software-Defined Networking (SDN) and Network Virtualization (NV) are closely-related technologies aimed at overcoming a number of significant limitations inherent to current network architectures"

Current network architectures are simply incapable of supporting the challenges IT organizations are now facing. More often than not, the network has become the problem. Something has to change. And while many web-scale entities and carriers already operate completely on SDN-based architectures, enterprise and mid-market organizations are facing critical challenges as well as challenges that SDN/NV technologies address directly.

Investments and developments in this space have come quickly. In 2012, VMware acquired Network Virtualization startup Nicira in a $1.26B transaction, sending shockwaves through the industry that are still reverberating today. This established VMware firmly in networking and illustrated how visible it was to them that the network, as currently deployed and managed in most organizations, was quickly becoming the biggest obstacle to continued datacenter transformation. VMware saw the need to transform networking through virtualization in the same way it transformed the datacenter through server virtualization.

As a result of these and other developments, my firm established a practice in 2013 focusing specifically on Software Defined Networking and Network Virtualization, with a primary focus on VMware NSX and OpenFlow-based HP Networking. Fast forward a couple years and we are now seeing tremendous momentum in this space and are leveraging these technologies to create revolutionary solutions to our customers’ challenges. The transition from ‘Educate and Evangelize’ to ‘Position and Prepare’ to ‘Let’s do this.’ has accelerated dramatically over just the last 6 months.

Today there are a number of players leading the effort, including established industry players such as Cisco with ACI, HP through its support of OpenFlow, and now VMware with NSX. There is also a wide range of startups, as well as numerous open source projects and initiatives. Perhaps most important is the third-party ecosystem support that has developed, with companies such as Palo Alto Networks and Trend Micro now integrating with these SDN/NV platforms to deliver advanced services much more easily.

The fundamental objectives shared by both SDN and NV implementations are to make the network completely ‘software-controllable’ and to be able to leverage that software-control to enforce network and network security policy as granularly as possible. There are other factors that may come into play. One is the potential desire to be hardware-agnostic for networking equipment. Another is to abstract the logical network from the underlying physical infrastructure as much as possible. This is where the ’Network Virtualization’ element comes into play. We believe this virtualization element brings some important benefits for many organizations, in terms of ease of deployment and operational flexibility.

Fundamentally, this leads to two initial drivers for enterprise adoption of SDN/NV: Micro-Segmentation–to support Security, and Automation–to support Operations.

Arguably, automation and micro-segmentation go hand in hand and together solve an even wider variety of challenges, ranging from BYOD to cloud workload mobility and even DevOps-enablement (through automated infrastructure to support CI/CD pipelines).

We are also leveraging Network Virtualization now to introduce new and important capabilities to existing networks. One example is implementing an ‘availability zone' model similar to some public cloud architectures, delivering a higher level of availability to the network as well as additional overall resource efficiency across the datacenter. We are uncovering new uses for these technologies every day.

The concept of micro-segmentation is a critical element of all of this, especially from a security perspective. Many organizations are desperately seeking to move away from the legacy ‘Perimeter’ security models that have quickly proven inadequate in today’s environments. Add BYOD, Hybrid Cloud, and Internet of Things (IoT) into the mix and things get even more challenging.

The answer is to move toward a ‘Zero Trust’ security model, where the concept of ‘trusted’ networks and devices goes away completely. For effective security, every device on the network must be profiled and monitored and have network and security policies enforced and updated in real-time. These real-time configuration changes are based on a variety of inputs and conditions, ranging from zero-day threat updates, changes to compliance requirements, suspicious activity, and even changing location as devices and workloads move around the network.

Automation then comes into play in a variety of scenarios. Clearly the pace and volume of change required to meet even these ‘basic’ security requirements begins to demand full network automation capabilities. There are many other use-cases that benefit from API-driven automation of network configuration as well. Private- Public- (and Hybrid) Cloud Deployments, DR/BC, IaaS / User Self Service / Automated Provisioning are just some examples. More and more services require network automation capabilities. The network is becoming more and more dynamic every day.

The bad news is that effectively supporting these levels of security and automation on today’s networks is all but impossible. The good news is that products like NSX not only make all this possible, they can make it easy.

While VMware’s NSX isn’t the only SDN/NV platform we work with or support, it is becoming clear to us that it will be the platform that introduces most enterprise organizations to the power and capability of this technology. This is for a few different reasons: One is VMware’s continued market share leadership in the enterprise. Another is the fact that NSX can be quickly deployed (as an overlay) onto existing networks. NSX is also arguably the most mature offering in the space. Altogether, this equates to a large number of organizations capable of easily deploying this technology today.

It’s a pretty good bet that ‘Security’ is relatively high on any organization’s priority list, if not number one. ‘Mobility’, ‘Private/Hybrid Cloud’, ‘Automation/Operations/DevOps’, and ‘Disaster Recovery/Business Continuity are likely up there somewhere as well. Software-defined Networking and Network Virtualization technologies are quickly becoming requirements to supporting these initiatives effectively.

As result, we believe strongly that an SDN/Network Virtualization initiative should be toward the top of the list for any organization with any significant IT infrastructure. Not just because it’s some of the coolest tech we’ve worked with in a long time, but because of how impactful it has become in solving some of our customer’s most difficult and critical IT challenges.