INF-VSP1365 - Software Defined Security & Networking
The 4 main layers of making Software Defined Networking & Security work from Bottom Up is
- Abstraction
- Pooling
- Service Insertion
- Administration
Today our networking and security structures are built around the physical entities that we setup. As such the design is tied to the physical entities and how they are setup. In the HyperVisor world, where VMs and services can be tied together into virtual datacenters, the physical entities are the limiting factors to better containment of security.
With Software Defined Networking, it is now possible to take that set of VMs which are tied together into a vApp container and apply security/network together around that container. Not just tied to the physical or IPs, can be the entirety of the VM container. This changes the conversation of security to talking about the smallest realistic entity of the OS instance instead of just one property of that OS instance (being IP address).
VMware has been working with some integrations in this space with F5, RiverBed, Symantec, SafeNet, Brocade, Emulex as a short list.
f5, one of the leaders of load balancing, is helping speed up application provisioning. Today it can easily take 4+ weeks in some businesses due to the internal process of throwing over the wall with high failure rates. Setting up the policy for infrastructure and then selection/application of the policy from the service catalog. f5 has reduced down to 25 mins to fully automatically deploy these rules. f5 does this by integration of their Enterprise Manager through the vShield Manager API.
RiverBed Cascade product is another integration point with vXLAN. One of the big challenges is the Loss of Network Visibility & Control. RiverBed can do this with IPFIX monitoring in Q4 this year. They can dig into the vXLAN protocol with deep inspection. This does it by reading into the Virtual Distributed Switch. It gives Performance Management for the Software Defined Networking. It can break down and work across the multi-tenancy design.
Symantec who is a heavy weight for security has some heavy integrations and some overlays. Not much to be said here and depends on which product line that is examined.
The thing that makes this possible is the simplicity of the integration capabilities. For many of these Partners they can continue to focus heavily on their products and be able to create a view into their data via a vCenter Plugin reasonably easily.
Intuit, maker of Quicken, has been working hard to delivery of Software Defined Datacenter. They have many steps from R&D to production. They go from Dev -> Test -> Performance -> Pre-Production -> Production -> Ongoing Compliance. As such they need to support this on top of adding security, stability and HA/DR needs. And of course lower the costs. At the end the goal is to provide IT Agility.
Legacy designs meant they had to create unique zones of systems include physical routers and firewalls to handle public, private, dev and sensitive compartmentalization. Very slow and difficult to provision new systems for teams to use. The average app is a 3-Tier application. Very high CapEx costs and there is no isolation within each zone. This set of over the wall throwing of tickets means it takes 3+ weeks at best to get something setup.
The new design allows Intuit to pool everything together into a virtual hosting zone for the business to get systems from. This software defined datacenter is their new solution. They capture all the inforamation in a "blueprint form". They include VM, Storage, ACLs, Network and various customizations needed. This gets fed into the request and is built out for them. From there they have distinct provider zones that are compartmentalized. By doing this set of abstractions they have 3x CapEx improvement, 2x Density, secure multi-tenancy and it is self service based. This now takes on average about 30 mins to deploy from start to finish.
This change in viewpoint and approach has allowed IT at Intuit to turn from IT Provider to Customer Enabler. This has given significant change to what IT folks have been doing in their day to day jobs.