The news of high-profile targeted data center attacks has dominated security news recently. But data center attacks are even more prevalent than those headlines suggest. In fact, a survey conducted last summer by Network World suggests that 67 percent of data center administrators experienced downtime due to malware and related attacks in the previous 12 months.
A key challenge is that many of today’s security solutions are simply not designed for the data center, with limitations in both provisioning and performance. The situation will likely get worse before it gets better as data center traffic grows exponentially and data centers migrate from physical, to virtual, to next-generation environments like Software-Defined Networks (SDN) and Application Centric Infrastructures (ACI).
I consider myself to be a reasonably intelligent individual. Well, perhaps “reasonably” is a debatable term; just ask my friends. Or my wife. (Then again, don’t ask my wife.)
Reasonable or not, though, I’ve been trying to wrap my head around what all this “software defined” stuff is supposed to mean, and I have to confess it’s been a bit circular: it’s almost as if you have to already know the information you’re trying to learn.
So where are the Napkin Dialogues written for people like me? Is everyone a super-genius programmer-cum-networker-cum-programmer and I just missed the boat? People are throwing around these “Open” terms left and right (e.g., OpenStack, OpenFlow, OpenDaylight, etc.) as if it’s an “open” and shut case.
Well shut. The. Front. Door. I’m going to have to be on the receiving end of my own napkin then. For me, it’s been feeling like I’ve been dropped into the middle of a maze with the lights turned off.
[Screenshot of "Dark Maze" game by Zomg Games Studio]
Yeah, kinda like that.
If you already ‘get’ this stuff, feel free to help a poor storage networking guy along in his journey, because I already know this iceberg goes all the way down.
To someone who is familiar with tried-and-true Data Center designs, I’m just having a hard time getting my head wrapped around 1) getting from here to there, and 2) just where there is! Read More »
A subject very close to my heart at the moment is what skills I will need to have in order to support the Next Generation of Software Defined and Application Centric networks.
It is of no surprise that Networking like most other towers in IT has embraced abstraction as the way forward to provide levels of flexibility and agility never before seen in the Network.
What is perhaps a bit of a surprise, is the speed in which these new concepts are being developed and deployed. It seems like only last year terms like SDN were still viewed as “Way down the line” technologies. But here we are at the start of Q2 2014 and it seems like if you don’t already have an SDN plan you’re already behind.
So what skills will we need in order to design, support and deploy these new networks? Read More »
Many of the existing switch and wireless infrastructures that were deployed 5 or more years ago were not designed for BYOD, pervasive mobility, advanced security, SDN and more. Let us look at these trends and the benefits of upgrading the network infrastructure to the latest switching and wireless products.
BYOD and Mobility
There are multiple dimensions in which BYOD and mobility are pressuring the existing network. An average user now has 3x more devices. A company of 1,000 users seems like a company of 3,000 users. And, Internet of Things devices like sensors, CCTVs, and building automation are being connected to the network. Yesterday’s network cannot sustainably handle the exponential growth of these devices and applications. Upgrade to the latest switches and wireless infrastructure will give you more performance in terms of higher switching capacity, converged wired-wireless access & more processing power to handle the growth of devices/apps. The benefits are network can scale easily to support the influx of mobile & connected devices and their applications and your users get the same excellent experience whether wired or mobile. Read More »
Recently, the conversations I have been having about Software Defined Networks have shifted from supplying agile networking for VM provisioning and live migrations to looking at the problem through the lens of the application team. In the past, I spoke about provisioning VMs and moving VMs as a surrogate for the application. An application and a VM are not always in a one-to-one ratio. This is a convenient simplification for everyone except perhaps the IT operations teams provisioning multi-server, tiered, or distributed server applications.
In this blog post, I want to complement Gary Kinghorn’s blog, The Promise of an Application Centric Infrastructure (ACI), to briefly share insights from talking with many IT operations managers and architects responsible for traditional enterprise applications as well the new distributed applications for cloud infrastructure. What they are saying has profound implications for cloud infrastructure.
Conventional IT organizations have dedicated teams managing their applications, compute, network, security, and storage infrastructure. These functional organizations must work together much like runners in a relay race to manage the lifecycle of the applications used by an enterprise. These runners need to be agile but the racecourses are not the same every race.
When you look at some categories of applications side by side, the implications on business agility – the speed that a business can execute on a strategy (esp. one dependent on IT) – and the requirements on applications, network and security teams become apparent.
Productivity applications like Microsoft Exchange and Web 2.0 applications like SharePoint for collaboration support lots of client -- server traffic (this is North – South traffic) for the hundreds or thousands of end users of these applications within the enterprise. Characteristic of these server deployments as they scale up users, the load is balanced across the edge servers using server load balancers or applications delivery controllers. Additionally, since these applications are highly exposed to threats from the external network, these applications have priority requirements for security devices to prevent Denial of Service attacks and deliver secure access.
To scale I/O intensive applications such as SQL Server databases, IT organizations use clustered data base servers to handle the transactions or queries with deterministic network performance between servers and storage arrays which can be measured by latency and assured bandwidth.
New distributed cloud and big data applications like Hadoop can employ tens or hundreds of servers with unique I/O patterns between servers and terabytes of collected data which require guaranteed I/O characteristics for optimal performance between servers, local data, and the big data repositories. The traffic patterns are between servers and shared storage within the data center and are often characterized as heavy East-West data center traffic patterns.
Every installation has its unique fingerprint of application requirements but the chart below is useful to provide a comparison and contrast of the requirements for these categories of applications.
Source: Cisco interviews with leading IT DevOps administrators, 2013
IT organizations that want to work faster need to define applications requirements according to these major dimensions and learn to accelerate the workflow of application deployment across pooled network, security, compute and storage infrastructure.
Last June, Cisco revealed its vision for Application Centric Infrastructure, an innovative secure architecture that delivers centralized application driven policy automation, management and visibility for physical and virtual networks from a single point of management. It provides a common programmable automation and management framework for the network, application, security, services, compute, and operations teams, making IT more agile while reducing application deployment time.