The final article of this four part series focuses on SDN being the glue that provides seamless networking from your data center to the branch.
Throughout the series I’ve explained the shift in mindset that SDN provides for the networks within the business, particularly the data center and wide area . That’s a great start. However to drive a change across the whole business these two critical network islands need to operate in concert -- and that means removing any management boundaries that separate them.
The key to seamless interworking revolves around the use of a single management system that distributes business policies and network intelligence across both domains. SDN provides the opportunity to achieve this.
If SDN is controlling the network that underpins your cloud applications and is managing the connectivity across the wide area towards the applications end users (employees and/or customers) then centralizing this intelligence onto an overarching policy and control framework makes sense.
The central policy engine would contain the key templates (applications and branches) so that all network management actions can be enforced from the same point regardless of the domain (data center or wide area) being impacted. This provides uniformity in end-to-end network control with an applicable user based permissions structure.
Significant network operational benefits can be delivered from this SDN based network implementation. As alluded to previously, the manually intensive processes of today’s networking can be completely automated and audited. A simple example would be a periodic password change on all branch routers in accordance with security best practice or regulatory compliance.
With traditional networking, this in the best case revolves around network scripting and machine-to-machine connections to each router to make the change, then a second machine-to-machine connection to audit the successful change. At worse case it would be a human resource that would undertake the change on a per router basis, again with a repeat resource (presumably someone else) to verify.
With SDN and a comprehensive policy framework, the password change across all routers could be introduced via template and automatically instigated at the frequency the business needs to comply with. Compliance auditing would be simplified with a log of when/where any password change was made.
Another example where a single policy framework across data center and wide area reduces operational complexity is the deployment of a new business application with access sensitivities.
An example of this would be if the business is rolling out a new research and development application for specialist employees working on the company’s next product launch. With SDN the application deployment, network access and security profiles for the traffic would be applied on the network the instant the application deploys. The user permission framework of the policy engine would set the actions that can be undertaken by the team deploying the new application, for instance security.
The security team sets the security policies of the business. Once they have created the security templates -- maybe one for standard branches, one for R&D facilities, and one for each of the main application types (general, financial, R&D) -- these templates are stored for use by the deployment teams.
Due to permissions these deployment teams can instigate the template but cannot modify its functions. This ensures that a uniform level of security is implemented for each application and/or branch on the network. For the deployment team this simplifies their tasks to identify the application, application type (R&D in this instance), and branch locations and the centralized policy engine will deploy the necessary network configuration automatically.
In this series I’ve covered some of the important benefits SDN can bring to your business and how it can assist with the progression to Cloud IT.
I firmly believe that SDN needs to be viewed as more than just a set of networking capabilities, though, but as the foundation for a rethink (mindset shift) around the purpose and operation of the network(s) you own.
As a point solution SDN can significantly improve the key network islands -- namely the data center and the wide area -- and these can be separately enriched. But to gain the full benefits SDN provides, you should be viewing any migration towards an SDN solution that has a strategic direction to cover both the data center and the wide area.
After all, to truly benefit from the shift to Cloud IT you need to support both the locations where your applications are hosted (data center) and the locations where your employees consume them (branch).
About the Author
James McInroe is Marketing Director for the Nokia (News - Alert) (formerly Alcatel-Lucent) Software Defined Network venture Nuage Networks. He is focused on the key product and solution launches for network virtualization of the data center network and beyond including the launch of Virtualized Network Services (VNS), and is a frequent and popular blogger on the subject.
Edited by Peter Bernstein