Many of the existing switch and wireless infrastructures that were deployed 5 or more years ago were not designed for BYOD, pervasive mobility, advanced security, SDN and more. Let us look at these trends and the benefits of upgrading the network infrastructure to the latest switching and wireless products.
BYOD and Mobility
There are multiple dimensions in which BYOD and mobility are pressuring the existing network. An average user now has 3x more devices. A company of 1,000 users seems like a company of 3,000 users. And, Internet of Things devices like sensors, CCTVs, and building automation are being connected to the network. Yesterday’s network cannot sustainably handle the exponential growth of these devices and applications. Upgrade to the latest switches and wireless infrastructure will give you more performance in terms of higher switching capacity, converged wired-wireless access & more processing power to handle the growth of devices/apps. The benefits are network can scale easily to support the influx of mobile & connected devices and their applications and your users get the same excellent experience whether wired or mobile. Read More »
Recently, the conversations I have been having about Software Defined Networks have shifted from supplying agile networking for VM provisioning and live migrations to looking at the problem through the lens of the application team. In the past, I spoke about provisioning VMs and moving VMs as a surrogate for the application. An application and a VM are not always in a one-to-one ratio. This is a convenient simplification for everyone except perhaps the IT operations teams provisioning multi-server, tiered, or distributed server applications.
In this blog post, I want to complement Gary Kinghorn’s blog, The Promise of an Application Centric Infrastructure (ACI), to briefly share insights from talking with many IT operations managers and architects responsible for traditional enterprise applications as well the new distributed applications for cloud infrastructure. What they are saying has profound implications for cloud infrastructure.
Conventional IT organizations have dedicated teams managing their applications, compute, network, security, and storage infrastructure. These functional organizations must work together much like runners in a relay race to manage the lifecycle of the applications used by an enterprise. These runners need to be agile but the racecourses are not the same every race.
When you look at some categories of applications side by side, the implications on business agility – the speed that a business can execute on a strategy (esp. one dependent on IT) – and the requirements on applications, network and security teams become apparent.
Productivity applications like Microsoft Exchange and Web 2.0 applications like SharePoint for collaboration support lots of client -- server traffic (this is North – South traffic) for the hundreds or thousands of end users of these applications within the enterprise. Characteristic of these server deployments as they scale up users, the load is balanced across the edge servers using server load balancers or applications delivery controllers. Additionally, since these applications are highly exposed to threats from the external network, these applications have priority requirements for security devices to prevent Denial of Service attacks and deliver secure access.
To scale I/O intensive applications such as SQL Server databases, IT organizations use clustered data base servers to handle the transactions or queries with deterministic network performance between servers and storage arrays which can be measured by latency and assured bandwidth.
New distributed cloud and big data applications like Hadoop can employ tens or hundreds of servers with unique I/O patterns between servers and terabytes of collected data which require guaranteed I/O characteristics for optimal performance between servers, local data, and the big data repositories. The traffic patterns are between servers and shared storage within the data center and are often characterized as heavy East-West data center traffic patterns.
Every installation has its unique fingerprint of application requirements but the chart below is useful to provide a comparison and contrast of the requirements for these categories of applications.
Source: Cisco interviews with leading IT DevOps administrators, 2013
IT organizations that want to work faster need to define applications requirements according to these major dimensions and learn to accelerate the workflow of application deployment across pooled network, security, compute and storage infrastructure.
Last June, Cisco revealed its vision for Application Centric Infrastructure, an innovative secure architecture that delivers centralized application driven policy automation, management and visibility for physical and virtual networks from a single point of management. It provides a common programmable automation and management framework for the network, application, security, services, compute, and operations teams, making IT more agile while reducing application deployment time.
Last week at the RSA Conference in San Francisco, I had the pleasure of speaking to thousands of security professionals about the opportunities and risks associated with using Software Defined Networking (SDN) for security, which will be the underlying fabric of our next generation data centers and networks. SDN-enabled security will provide a better way to secure our most valuable applications, users and data, now and in the future.
Each vendor has a different definition of how the network is changing, and there are many different terms being used, such as software defined data center and software defined storage. Cisco calls this Application Centric Networking, for example, because we are introducing programmable APIs with a focus on distributed control plane intelligence so that applications can get value directly from the network.
It’s obvious why the networking industry is embracing SDN: lower operational costs and the ability to deploy applications and network services in a quicker, more scalable manner. Cloud bursting, which is about flexible compute in the cloud, is another SDN benefit that gives us the ability for applications to interact directly with the network in ways that do not happen today. For example, applications will be able to query the network for location of users to manage Quality of Service and deliver highly targeted content.
So why should the security industry care about SDN? As the threat landscape evolves, the opportunity is to make Security a key application for SDN. We can use SDN to build a Network-based Threat Defense System. I see three key elements to this system:
There’s an incredible amount of hype and excitement these days around Software Defined Networking (SDN), which promises to herald in a new age of flexibility, business agility and automation to our existing data center and campus networks. Since there are very few, if any, SDN networks in production environments today, though, we know there are a lot of implementation details to work out before the industry achieves the lofty benefits of network programmability. Cisco opened its kimono this week on its strategy around programmable networks (an even broader concept than what we believe the traditional definition of SDN is), called Cisco Open Network Environment. (Get Omar’s take on Cisco ONE).
If you are like a lot of people, you might think that SDN is synonymous with OpenFlow, the leading standards-based approach for SDN today. However, we are already seeing folks across the industry extending the SDN vision beyond what OpenFlow is currently envisioned to do, so we think the definition of SDN will probably evolve over the next year or so to include additional programming models and protocols. Cisco ONE, for example, includes three approaches to network programmability: 1) our own onePK set of API’s to Cisco network operation systems and devices, 2) a portfolio of agents and controllers that will support OpenFlow, among other things, and 3) our Nexus 1000V-based portfolio for building virtual network overlays.