Day 1 at Interop 2015: Part 2
Arguably the most popular topic this year at Interop 2015 has been Software-Defined Networking, or SDN. With a major announcement from Extreme Networks, as well as solutions showcased by other vendors, it is hard to argue that this is the future of network infrastructure, as we know it. However, there seems to be widening concern on the security aspect of SDN architecture.
In a great morning session I attended hosted by Jason Nash, CTO at Varrow, he focused on how to leverage SDN offerings to help ease the pain of implementing robust security in the data center. Network and server administrators have struggled with implementing data security in the data center without resorting to complex designs and configurations. Regulations such as PCI and HIPAA have proven cumbersome and difficult to meet using traditional tools and methods. Jason also covered how to use SDN to deploy policy-based security in both physical and virtual environments in much simpler ways than were previously possible.
Jason started by outlining key messaging around becoming “Software Defined”. He stated that Software Defined allows us to define and apply policies in software rather than on individual hardware appliances. The idea is that we want to be able to define a policy, and then have those policies applied through whatever infrastructure is in place. However, Software Defined does not mean that everything must be done in software!
He outlined that Software-Defined Networking is enabling organizations to accelerate application deployment and delivery, dramatically reducing IT costs through policy-enabled workflow automation. SDN technology enables cloud architectures by delivering automated, on-demand application delivery and mobility at scale.
However, Jason brought to light some problems with data center security. Applying basic security policies within a data center has added complexity due to extra segmentation, changing data flows, and service modules/extra hardware. Then came along virtualization and made it even more difficult because traffic may not leave the virtualization host, it is easier to make administrative mistakes, as well as additional overhead. There have been several attempts to integrate good security in to the data center and virtualization with things like virtual firewall appliances, integrated network security functions, and storage and encryption overlays, but they often create more problems than they solve.
The old data center is not sufficient – the move to microsegmentation seems to be taking hold. SDN is still very new; implementations have risen over the past six months, but things will become a lot clearer over the next six months.
Jason outlined a very important question which a lot of people have, which is how can SDN help? He included a few way in which SDN technologies can help secure the data center:
- Policy-based management – Managing individual servers and endpoints is too cumbersome, and there is easy configuration by creating standardized policies and apply them to groups
- Easy integration – SDN gives you the ability to leverage existing knowledge, experience and tools
- Less reliance on specific hardware infrastructure – Jason made it clear that this does not mean you should go and buy the cheapest gear available; it still needs to be reliable and robust. Also, by abstracting policy definition from policy application, it makes the transitions easier.
- Greater flexibility – You are no longer tied to complex traffic flow configurations
The big question that is left is in regards to compliance. Jason explained that SDN technologies and products are a set of tools. They do not immediately solve compliance issues, but what they can do is make meeting requirements easier through documented reference architectures and provide easier use of mixed environments.
Is your organization looking towards an SDN-centric architecture? Have you already implemented SDN? Is data center security a major concern of yours with SDN? I’d love to hear your feedback!
Be sure to check out my Day 1: Part 1 blog from earlier today as well!