Tag Archive | nsx

Software defined security (SDS) could this be the SDN “killer outcome”

Software defined networking (SDN) continues to be a major customer discussion within both the specialist networking and enterprise datacenter arenas. After bubbling under in the mindshare league well below cloud, virtualisation and mobility for quite a while SDN is starting to move up the ranking. ‎However this is not without a fair degree of murmured discontent.

Enterprises, whilst digesting the technical concepts behind SDN are struggling to understand the most effective SDN solution design approach and focus in on the business problem / outcome resolved by SDN. At the highest most strategic level, there are numerous benefits that can include operation efficiencies, network agility and simplicity to name a few. But however compelling they all are, they currently do not seem compelling enough (unless a convenient infrastructure upgrade requirement is often factored into the SDN discussion). This could be the result of looking at something so hard that the some of the more obvious benefits are overlooked and in the case of SDN one said benefits is certainly security.

Networking in software (prior to SDN) had already found its home in the middle of a hypervisor as part of a virtualised compute environment, with the result some degree of understanding of the use of software in enterprise computing to realise networking outcomes is already known. But with the unrelenting growth of server virtualisation beneath a hypervisor with the resulting change to network traffic flows (much of it remaining within the hypervisor or physical host) a hidden challenge became the norm – securing virtualised workloads. The drive by many towards a virtualised enterprise changes decades of traditional design norms of physical perimeter security device placement with the requirement to reproduce a revised ideal for the virtualised workload world.

Enter software defined security (SDS) included within or as a by-product of an SDN strategy. The ability to micro Security image 2segment virtual workloads using internal virtualised firewalls and controls in software with the reduced need for traffic to flow out of the virtual environment and back to determine the security state is surely a “killer outcome mobilised by SDS or SDN. And before you state it, a secure environment in a virtualised context can be realised today without the use of SDN and software defined security implementation, but SDN makes it much easier, tightly couples it with management and automation frameworks with the result reduced time to value. There are numerous software defined security approaches from standard functionality within specialist SDN overlay networks through to dedicated SDS (software defined security) solutions from specialist vendors with next generation security at the heart. And with enterprises wrestling with the urgent need to secure physical, virtual, hybrid and cloud environments working together as one, a new approach to solving this KEY enterprise IT infrastructure security challenge is surely required.

Software defined security alone isn’t the answer, SDN in isolation isn’t the answer but they are both serious and viable considerations to deliver security outcomes today aligned with problems of tomorrow. To that end, software defined security (SDS) may well be the “killer outcome” that kick starts the SDN change.

Until next time.

Colin W

Twitter: @colinwccuk



Don’t do SDN, don’t get SDN – do “networking outcomes defined by software”.

Don’t do SDN. Quite simply there is nothing to be done as such. If the current industry hype is compelling you to “do SDN” or “get SDN” you may find you already have it (or a version of it). If you are a user of server virtualisation solutions with hypervisors and virtual switches you are already leveraging networking elements defined and delivered by software (but elements the MUST still drive hardware). To extend the discussion further if your organisation uses carrier based services (delivered by one of the major telecoms companies) you are already using network services like MPLS and VPLS that massively leverage elements defined in software to deliver the networking outcome you need (many call this network function virtualisation but this is somewhat semantic).

Therefore are you missing anything now or are you already a customer of the next big thing but were blissfully unaware? Enter that horrible response “Yes and Yes”, modern enterprise customers have embraced software defined networking ideals for quite a while however equally the software defined storyboard has been somewhat invisible to all but those learned technologists employed to design, build and support the platforms in question.

But now those more recent networking elements defined in software and grouped together under the SDN banner, paint a totally different picture even if many of the legacy network infrastructure elements are retained. The brave new defined world of SDN is all about open standards (preventing vendor lock in), accelerated innovation (by using open source ideals), potential for cost reduction (due to the hardware abstraction or any network hardware vendor ideology), true network agility (massively reducing time to market of applications and new business services) and most compelling of all, application awareness (to ensure applications control the network not vice versa).

It means that striving to “do SDN” makes little sense unless you are clear on the business outcome aligned aspects that are essential to realise.  With that in mind the “big tip” is to understand the SDN or network virtualisation elements that can deliver tangible value against a realistic operational plan. This must be the primary action for now, not an unchecked move to a new platform based on a features biased evaluation.

To that end now is the time to evaluate how ready your current networking platform (and security footprint) that underpins your business is to deliver the speed, agility and dynamism your business requires. And maybe is not a valid response. By understanding and leveraging the most viable elements of traditional networking approaches, interfaced with validated software defined and network virtualisation outcomes, the best of both worlds has the potential to deliver the best in the world outcome for your organisation.  The new dawn of the software defined IT enterprise will potentially be your best dawn ever……

Big claims maybe – try me !

Until next time

Colin W

Twitter @colinwccuk