How to drive intelligence into your next-gen networks
By Mark Micallef July 8, 2014
- Network fragilities make change management challenging
- Future of next-generation networks lies in app-aware SDN
THE IT landscape has witnessed rapid change and developments in recent years, with growth in the consumerisation of IT, the Bring Your Own Device (BYOD) trend, and the adoption of cloud computing.
Implementing changes, such as onboarding new applications (apps) or equipment upgrades, is difficult on a network not equipped to meet the needs of advanced compute and storage virtualisation solutions.
These networks may even complicate and convolute the entire IT implementation, impeding enterprises from reaping the true benefits of the cloud.
Unlike compute and storage layers, the vast majority of data centre networking gear is 'app-unaware' – blindly forwarding packets amongst users, apps and other networking services.
More intervention is required by network administrators to manually deploy, configure and maintain networking infrastructure to support a myriad of demands from hundreds of apps.
Network fragilities make change management challenging in today’s app-driven environment. To reduce network fragility, network configuration models have to be app-aware in order to be app-driven.
To securely maximise enterprise cloud efficiency, I would like to share some key steps organisations need in order to break barriers of network fragility.
Step 1: Leverage SDN and equip IT with app-driven control
IT is all about delivering applications. Hence, the first step towards smarter next-generation networks is to create an app-centric and app-aware automated network environment. [NOTE: SDN = software-defined networking]
One way to do this is to separate the control panel and the data-forwarding panel, and abstract the control panel from the network hardware and implement it in software instead – offloading its functions to a centralised controller.
This way, IT is equipped with a convenient interface to program the network to create more efficient and automatic network management and provisioning. With the centralised controller, IT can also allow other applications to control network resources and influence forwarding decisions in order to find the optimised route to delivery network services.
In addition, app-centric networking gear, such as application delivery controllers, next-generation firewalls and mobility gateways, can also be leveraged to help control the delivery of application services.
These devices maintain information such as app state and resource requirements that can be intelligently mined to optimise overall app functions.
This will help enterprises build an app-aware platform they truly need, one that unifies advanced network services while preserving the ability to select best-in-class functionality.
Step 2: Consolidate automated delivery and orchestration of apps
By centralising network management into a single intelligent control entity instead of having distributed controls embedded in each individual network element, administrators can define policies tied to a specific application.
IT is able to simplify initial deployment by pre-packaging network services and their associated topology according to the unique requirements of individual apps.
Authorised IT personnel will also be able to easily allocate resources and balance bandwidth. The end-to-end network visibility, full network-policy and service-chain automation optimises the network.
Furthermore, the open and programmable nature of the network facilitates service integration. This provides organisations with an extensible, elastic and scalable virtualisation framework that supports seamless and secure onboarding of additional services, while retaining full isolation and independence between these services.
Altogether, this increases the value of existing network computation resources, giving organisations the ability to promptly adapt and scale network behaviour and characteristics to suit the ever-evolving needs of customers, which are constantly susceptible to volatile changes.
Step 3: Tighten security with granular security and control policies
With change comes uncertainty, and the transition to unfamiliar grounds might seem like opening a can of worms in terms of security management. However, when approached the right way, SDN helps boost network security.
The high level of automation in SDN improves security postures through virtualisation, by mitigating or even eliminating human errors. This gives IT better visibility, as well as a more streamlined, orderly and optimised policy deployment process.
Deploying a network-wide policy architecture can create, distribute and monitor security rules based on a contextual language, such as who, what, where, when and how.
The security enforcement includes blocking access to data or devices, and initiating data encryption. For instance, when an employee connects to the corporate network from a smartphone, the network identifies the device and user, as well as the privileges granted them.
The policy engine not only establishes policies for the device and user, but also shares these policies with all points on the network, and instantly updates information when a new device appears on the network.
With just one flick of a switch, businesses can intelligently redirect network traffic to enforce granular security and control policies. By better defining app requirements, SDN becomes a security solution instead of a security problem.
Smarter network for virtualised world
As apps take centrestage in the business world today, the new enterprise IT landscape, which includes cloud services, mobility and BYOD, calls for a change in network architecture as network traffic and bandwidth requirements have progressed to support richer workloads with lower latency.
In order to fully embrace cloud-based apps and services, organisations need smarter network solutions to deliver quality services for their business.
The future of next-generation networks lies in app-aware SDN. With the right governance and usage policies in place, enterprises could find themselves with a fully automated, broadly dynamic network infrastructure, capable of accommodating virtually any requirement users throw at it.
Mark Micallef is the Asean area vice president at Citrix.