Context-Aware, Cisco Borderless Networks Accelerate the Adoption of Cloud services
According to a recent Cisco Enterprise customer poll, 50% of those surveyed are interested in deploying some type of cloud infrastructure – whether it is public, private, or a hybrid. According to Forrester, (“Sourcing Groups Prepare For 2011 — Cloud Is Key Initiative 11/10”) Cloud adoption is already over 25% in North America, and continues to grow in Europe.
There are many reasons for migration to Cloud, including application portability on any device, business agility to deliver services and expand into new business models, and operational simplicity.
While many headlines talk about the Cloud, there is little mention of the role of the network in enabling Cloud services.
As organizations move to the cloud, and the varied devices and connection types accessing private and public cloud services, they become prone to malware or Web vulnerabilities. There’s also the risk of data loss. Ultimately, IT is faced with “can the network secure these connections, users, and data in a manner that ensures reliability and seamlessness?” It is no wonder that a Forrester blog cited that Security is the #1 barrier for cloud adoption.
Another concern is network performance. 83% of CIOs considered performance a top
concern for cloud services in an IDC Enterprise panel. Management of virtualization has also become more complex. According to an Enterprise Strategy Group study, 44% of IT consider virtualization to have a major impact on network and server management.
In this short interview, Praveen Akkiraju, SVP/GM of Services Routing Technology Group will discuss how Cisco is enabling organizations to accelerate adoption of cloud services by extending Borderless Networks to deliver secure, reliable, and optimized cloud services, “The Critical Role of the Network in Supporting Cloud-Based Solutions”.
As I travel the world, I ask my customers two simple questions:
First, are you virtualizing your data center? (Universally the answer is yes.)
Second, have you deployed any virtual security solution? (Universally the answer is no.)
Wow. How can this be? Does a virtual data center not need security? Not a chance. It needs security more than ever. Most customers are confining their virtualized infrastructure into secure zones, or virtual local area networks (VLANs). That’s useful for a first phase, but excessive VLAN segmentation holds us back from achieving the efficiencies of the utility computing model—and it also gets really complicated really quickly.
Some vendors and analysts contend that the network just connects boxes and all you need is a tactical infrastructure, capable of addressing current requirements. But with all the challenges today around security, plus mounting evidence that the winners in today’s market are those that are differentiating themselves with innovative customer experiences, I can’t help but ask, “why?” The tactical, ‘good-enough’ network is not only shortsighted; it’s potentially harmful. A disrupter? Yes, but not the desirable kind.
Building a forward-looking network that can evolve through today’s business challenges into the future is not pie in the sky. In fact, it’s a smart business decision that can ultimately save lots of IT dollars while beefing up your capabilities and security. More importantly, it’s key to creating a platform that doesn’t give out on or frustrate your end users—employees, customers, and partners.
At Cisco Live, I stopped for a quick chat about the next generation network. Listen in, below:
To learn more about the Cisco next generation network, go to cisco.com/go/borderless. In the meantime, though, please share your thoughts. What stands in your way when it comes to building a smart, strategic network?
Bitcoin is an emerging technical and economic phenomenon, based upon a self-published paper by Satoshi Nakamoto. Many sites have taken notice of Bitcoin and have published some very thoughtful “what is Bitcoin,” “How-to get started” documentation. But the resources available to address Bitcoin are few, and primarily oriented toward enthusiasts, casual hobbyists, or those interested in making and securing a profit off of Bitcoin generation (“mining”). In this post, we make an effort to extend the Bitcoin security body of knowledge, but from an organizational perspective: what are the risks associated with adopting Bitcoin, intentionally or unintentionally.
I started my professional life using a mainframe. Back then the people running the mainframe world were known as the “data center guys.” These guys had a certain DNA combination that created an expanding waistline, a retreating hairline, a belt buckle the size (and shape) of Texas, and a penchant for big iron. This crowd ruled the data center for a long time, but virtualization in the data center is now driving a radical shift that seems to be changing everything.
Instead of having an application running on a dedicated tower of hardware power, apps are now free from the limitations of the infrastructure underneath. Hardware is evolving rapidly into dynamic blocks of utility computing (and storage and networking) that can be standardized, widely deployed, and efficiently utilized. This change is good news, as it can cut data center costs by 50 percent or more. If the big iron crowd from the mainframe days doesn’t adopt this fundamental shift, they’ll be hanging up their Texas belt buckles in the computer museum next to the punch card, the VAX, and a replica of the ILLIAC.
The same shift is also happening with security. Since most security products are primarily software based, it is not much of an effort to repackage these products as “virtual security.” But merely repackaging security products misses the point. Today’s security architecture was built at a time when the workplace was very different than it is today. End users would come into the office and work on a PC, which sat on a desk and was connected by a wire to a port on the wall. At this time, the IP address was a pretty good proxy for the user’s identity. And applications would each run on their own tower of power—hardware that was often running in a unique data center rack or racks. Therefore segmenting the data center in this era was relatively easy; it was based on IP address ranges and, later, on virtual LANs (or VLANs).
But the workplace of today (and tomorrow) looks very different. We’re no longer tied to a specific lump of hardware. We expect to access our apps in the cloud from any device, at any time, from anywhere. Therefore the IP address is a less useful means of defining data center boundaries.
We need a new capability that allows the security team to maintain its meaningful policy enforcement capability, while enabling that policy to be relevant across all infrastructure—physical and virtual. An important nuance here is that the policy should be consistently enforced across physical infrastructure as well as across virtual infrastructure from any virtualization vendor. This level of enforcement requires special access to the hypervisor. Without this access, a virtual security solution can’t see traffic between two virtual machines (VMs).
How the various security vendors plan to address hypervisor access is still an open question. And how that question gets answered is significant—and is likely to reshape the security vendor landscape.
So as we consider various virtual security solutions, simply repackaging today’s security software as a VM running in a cluster of other VMs is extremely uninteresting. Instead we must reimagine the way that we build and deploy security solutions. How do we bridge the policy model from today’s hardware-based firewalls to the virtual firewalls of tomorrow? How can we maintain a separation of duties, so that security policy definition is separate from traditional network operations? And how will we orchestrate all of these components in the dynamic, nimble data center of tomorrow? These are not small issues. But of course, that’s what makes my job fun.