Network Services Virtualization
Challenging conventional wisdom about today’s networks
By: Ken Ferderer
Jan. 26, 2010 03:30 PM
Data center virtualization is changing the way we think about today's networks. Stress fractures have begun to appear in the network triggered by the increasing adoption of virtualization around datacenter compute and storage platforms. The virtualization of datacenter resources, while good for the efficient utilization of costly physical resources, is placing enormous demands on the underlying network and operational support teams in terms of increasing support costs and time spent implementing changes to the infrastructure driven by the dynamic nature of virtual services. Traditional network designs and the tools that control and manage them cannot keep pace with the dynamic nature of virtual services.
This sharp increase in cost and time is a direct result of the amount, and the complexity, of changes that are required across deployed devices and active configurations in order to maintain access and security models for dynamic virtual resources and services being delivered to end users. While the increase in cost/time is troubling, more alarming is the constant changes being made to the infrastructure exposes gaps in existing security models and enterprise security frameworks that could mean disruption of access, the loss of critical business services or even worse, the destruction or loss of data and other valuable assets of the enterprise.
As the pulse of virtualization continues to push the limits of the infrastructure and the tools that control and manage the devices, configurations and services, it is apparent a new holistic approach is required to support the day-to-day demands of a highly virtualized dynamic network infrastructure. This need is even more evident in cloud computing models where the demand on network infrastructure is even more intensive and being driven by the instant-on, real-time delivery of virtualized compute/storage services.
In cloud-based service delivery the access model defining connectivity to the cloud as well as the security model that defines how that access and data is protected is created dynamically and deployed automatically as the service is requested. No longer are teams of IT and network engineers able to design, test and rollout infrastructure services over a period of weeks or months. Cloud services are turned on and off like a light bulb based solely on end-user need. The infrastructure that comprises these services - virtualized compute, storage and the underlying network infrastructure - must be able to respond to that "flick-of-the-switch" automatically, without error and without exposing other services or the enterprise at large to security risk.
In traditional infrastructure delivery models the network is constructed to connect everything together using a generally open access model judiciously layered with security applied at various levels via firewalls, VLANs, ACLs and user authentication enforced at both end points (network access and application).
In the emerging world of cloud and virtualization this traditional model has been overwhelmed as datacenter services (servers, storage and applications) are now as transient as the users on the network. Access and security models have to be adjusted as frequently as users move around the network or virtual machines are created, moved or destroyed. Support teams are being overloaded by demand, and the existing network management tools they have available have not been designed to deal effectively with this volume or type of network change. Existing management tools have simply reached their limits.
Existing Tool Categories - Functions and Limitations
Configuration Management and Automation Engines
Inventory and Capacity Management
Network Alarm and Correlation Management
Each of these categories has a necessary place in the control of the infrastructure - even highly dynamic virtual and cloud environments. What is missing from this list is a solution that allows network engineers to build and deploy truly "fluid" network architectures that respond automatically to the ever-changing needs of virtual computing and cloud delivery models without sacrificing control or increasing security risks. This is where network service virtualization becomes essential.
A New Approach - Network Services Virtualization
The orchestration capabilities that are inherent with network services virtualization enable physical or virtualized compute/storage resources to be combined with network access and security models into a single holistic service - a cloud service - that is fully automated and can be deployed, on-demand, to selected end users. Policies define and capture the discrete elements of a loud service and translate those elements into actual device services and configuration syntax that is automatically disseminated to the appropriate devices across the network in order to initiate the requested service.
From the activation of a policy that defines a new cloud service, network services virtualization automatically initiates the creation of the required virtual machines (VMs). As the VMs are coming online, the network services virtualization engine defines and deploys the network access and security models across all required infrastructure devices (routers, switches, firewalls) as needed to deliver the cloud service to the defined end users. The entire process is completed in seconds and can include the setup and deployment of network routes, VPNs, VLANs, ACLs, the deployment of security certificates, the configuring of Firewall rules and DNS entries, all defined via the business policy and deployed automatically without any chance of command-line mistakes by overtaxed network engineers who may introduce security gaps.
Once the business policy is implemented and the cloud service is active, the access and security models are bound to the end-point resources and persisted. As users move to new locations, the access model that defines their connection to virtual resources and the specific security settings move with them. As VMs are relocated, access and security models for end users are adjusted automatically. As business Policies that define cloud services are deactivated, VMs are destroyed and deployed network access and security settings are removed from network devices.
This unique ability to create, deploy, persist, modify and tear down network services in a fully automated fashion based on policies that provide governance and control is what separates network service virtualization platforms from the rest of the traditional management tools. The ability to transform a static non-responsive infrastructure into a fluid, responsive infrastructure without compromising control, compliance or security is what enables enterprises and service providers to automate the deployment of cloud services.
As most early adopters of highly virtualized and cloud networking environments are realizing, true on-demand computing can only be fully realized when the underlying network infrastructure is as flexible and liquid as the dynamic needs of the business end users. Network services virtualization transform the legacy infrastructure into a responsive, dynamic delivery apparatus that are essential to creating a fluid, dynamic networking environment.
Reader Feedback: Page 1 of 1
Latest Cloud Developer Stories
Subscribe to the World's Most Powerful Newsletters
Subscribe to Our Rss Feeds & Get Your SYS-CON News Live!
SYS-CON Featured Whitepapers
Most Read This Week