Are You Ready for SDN?
By: Darin Barton CISSP, CISA
Someone recently referred to SDN (Software Defined Networking) as “Still Done Nothing” which I found amusing; but it’s true. While I’ve been touting the merits of SDN for a few years now, and the technology provides exciting advancements and capabilities, I know of very few organizations who have adopted it.
The concept of SDN was created in 2005 in a Stanford University thesis co-authored by Martin Casado who has also been the leading SDN champion. But, it wasn’t until 2013 that SDN made headway into the tech-sector as a networking game changer.
Every so often the IT world experiences a paradigm shift challenging what we think we know about how data should be stored, secured and communicated. Great examples of this are wireless networking, server virtualization and cloud based computing – all of these technologies experienced a very slow adoption rate but are now mainstream in most business networks worldwide.
Is SDN the next shift within the IT world?
I think it is, and I predict that by 2020 it will be well on its way to becoming mainstream within most North America businesses.
Canadian organizations have been very slow to deploy SDN. Why is that? The most common reasons are cost and confusion. The two major SDN players today are VMWare’s NSX and Cisco’s ACI solutions. The confusion is that a clear winner has yet to emerge between these two technologies and the cost of these solutions remains abnormally high (this is true for most new technologies while they try to find their natural market price point).
In all fairness, while these solutions try to accomplish similar goals, they are very different and they may appeal to different organizations for different reasons. So, a clear winner may not be quick to emerge on the horizon, and you may soon see an influx of competitive SDN products which will inevitably drive the price point way down.
In the nutshell,
SDN is meant to be an agile method of making the network layer completely programmable. In other words, the control is separated from the hardware and implemented in software. This allows network administrators to shape how network traffic travels throughout the network, how it is prioritized, and how they apply security controls and policies against that traffic “on the fly”. Perhaps you can now see why SDN is so important within Cloud environments – it allows for superior and flexible Layer 3 security controls within a multi-tenant architecture.
Envision the ability to quickly spin up a dedicated VLAN infrastructure, with full segmentation, security controls and traffic priority and full Layer 3 routing throughout your entire LAN/WAN/Cloud environment. You now have full East-West & North-South enforcement – the networking and security possibilities are endless.
Hardware SDN offers better throughput and higher connection rates but your hardware will need to be upgraded to support the SDN API. As you can imagine, the cost to upgrade your switching infrastructure could be high but if you are in the midst of a network refresh then this might make sense.
Personally, I like NSX
NSX operates completely within the VMWare platform and no new hardware is automatically required. VMWare has simply added a network hypervisor to the ESXi platform. While this solution is still costly, you can now envision an entire Layer 3 network, security and server architecture hosted on a few beefy boxes.
With SDN, you can simplify your internal, WAN and Cloud infrastructure without compromising the levels of security and the protection you expect. Once competition grows and costs become more aligned with business budgets, SDN will be the new normal within the Canadian IT marketplace.
:Darin Barton CISSP, CISA is a senior security professional in Toronto Canada, with 20+ years experience in cybersecurity and investigations and currently employed with Access 2 Networks Inc. (A2N).