Is the network the final barrier to a Software-Defined data centre?
Anthony Poh, Solutions Architect, MTI Technology - 16 June 2016
For companies who have made the transition to the software-defined data centre, the benefits of embracing server and storage virtualisation are clear to see. The data centre network, however, has not kept pace and remains rigid, overly complex and proprietary.
Whilst network and security devices have become more sophisticated over the years, increasingly, it becomes quite clear that these hardware-centric devices pose a range of challenges for organisations. A lot of time is still being spent on manual provisioning of network services, which directly impacts application deployment times. The level of complexity and risk is further compounded by the need to ensure that network and security changes for one application do not adversely affect other applications. Configuration changes must also occur on all devices in the communication path to ensure applications can communicate correctly and securely. Studies found that roughly one-third of network outages are caused by manual configuration mistakes.
What is a Software-Defined Data Centre?
TechTarget define asoftware-defined data centre (SDDC) as “a data centre model in which all elements of the infrastructure - networking, storage, compute and security – are virtualised and delivered as a service. Deployment, provisioning, configuration and operation of the entire infrastructure is abstracted from hardware and implemented through software.”
SDDCs grant organisations a greater level of flexibility and agility as it allows you to start automating your data centre by creating policies to deploy resources or workloads. In addition, innovation occurs more frequently within a SDDC due to the intelligence and control plane residing in software. Hardware refresh cycles can typically be three to five years, whereas software releases can occur as often as every month.
Decoupling the intelligence from the physical hardware means there is no dependency on the type of server, storage or network infrastructure required, and because there are no dependencies on the physical infrastructure, you can start to span your workloads across multiple data centres and into cloud service providers allowing you to be more agile and efficient with workload placement.
Networks and new technology
VMware NSX is the network virtualisation platform for the Software-Defined Data Centre that has emerged from VMware after they acquired Nicira in 2012.
VMware’s network virtualisation approach allows data centre operators to treat their physical network as a pool of transport capacity that can be consumed and repurposed on demand. Like a virtual machine is a software container which presents logical CPU, memory and storage to an application, a virtual network is a software container that presents logical network components to connected workloads—logical switches, routers, firewalls, load balancers, VPNs and more.
By building networks in software, data centre operators can achieve levels of agility, security, and economics that were previously unreachable with physical networks.
Security and micro-segmentation
NSX brings a software approach to network security, embedding security functions right into the hypervisor. It delivers micro-segmentation and granular security to the individual workload, increasing the degree of security within the data centre. NSX allows you to decouple the network control plane from the underlying physical hardware which means each workload or VM is no longer chained to the physical switch port it communicates through, so workloads can be dynamically added or moved and all of the network and security services attached move with it.
Micro-segmentation is currently the biggest use-case for NSX. Traditional data centres still rely on a perimeter firewall for defence, and whilst it may stop the majority of attacks once they’re in, there is limited lateral control to prevent malicious traffic traversing within a data centre! Micro-segmentation with NSX, however, limits an attacker’s movement within the network even if the perimeter has been breached as it creates a separate perimeter around each individual workload or virtual machine.
NSX provides a quicker path for companies to adopt a Software-Defined Network. It helps them achieve the agility, efficiency and security of the SDDC. As NSX is an overlay technology, businesses are not required to change much to existing network infrastructure, which is very appealing in itself.