Introducing Software Defined Networking (SDN)
SDN has revolutionized telecommunication networks! Its benefits include flexibility, automation, virtualization and orchestration. The SDN solution helps to optimize the networking layer of operations, allowing direct programmability of the network traffic flow through a single interface. Instead of the network hardware, a software controller application now configures and manages the routers and switches.
SDN treats compute, storage, networking, and security services as virtualized building blocks. Applications can then program, deploy and monitor these resources on demand, to run applications or perform other business tasks. This architecture helps simplify network design and operations, which can promote innovation in services and applications. Improved network flow and agility results from this centralization, which can also lower capital and operational expenditure.
SDN-enabled Cloud Providers
All leading public cloud infrastructure providers have incorporated SDN in various flavors for private, public, and hybrid clouds. Providers can now host millions of virtual networks without using isolation methods such as legacy VLANs. Cloud providers use both proprietary and open source technology for their SDNs. Google’s proprietary development of the Andromeda controller is used to provision, configure and manage virtual networks in its public cloud. Amazon’s in-house development provides strong network isolation including overlapping IP ranges in its VPCs, implemented by software over a networking hardware stack. The Rackspace Cloud is is also powered by SDN technology with an OpenStack orchestration layer.
SDN, Cloud and the CISO’s Wish List
SDN helps Cloud Service Providers (CSPs) deliver better, more flexible and granular Infrastructure service. Organizations using cloud services definitely benefit from a better IaaS; however, there are still several items vital to CISOs that are not addressed by current cloud offerings, such as:
- The ability to build a Virtual Private Cloud network across any number of data-centers and infrastructure providers
- The ability to fully control the IP addressing and routing in a cloud network
- The ability to control security policies, including identity-based firewall rules and encrypt data in-transit when required (and control the keys for doing that)
The motivations for the above ‘wish-list’ requirements are operational as well as IT security-driven. In order to fulfil the above, namely to have full control on network architecture, connectivity and security, CISOs need to have the SDN controls in their possession. Since the CSPs cannot (or will not) provide this flexibility to their customers, a new type of ‘customized’ cloud SDN is required.
Next on the Agenda
This post introduces our series discussing Cloud SDN. Stay tuned as we discuss how such an SDN solution can be implemented, be highly available, and facilitate security mechanisms like firewall, encryption and identity-based access rules.