Issue link: https://hub.radisys.com/i/859795
FierceTelecom.com 14 13 M ay 2 0 13 M ay 2 0 13 FierceTelecom they're not one and the same. SDN is more of a toolkit for making the network more dynamic and having those dynamics driven by higher level applications." So for Ciena, SDN becomes the toolkit of underlying application tools. Whatever it's called, both companies have the same goal: help their customers make networks more efficient, more open to quick change and, in the end, "elastic" in how they handle changing traffic demands. "SDN is being applied to enable bandwidth-on-demand or performance-on-demand, which is bandwidth plus quality of service," Auster said. "For service providers, the network is more optimally utilized. Instead of building a network and overprovisioning it based on some expected peak demand … the network can be allocated and re-allocated based on the actual requirements." The term "elastic" comes up every time vendors explain what SDN does. Simply put, static networks become elastic when an operator gets automated control of what bandwidth is being consumed for what reasons. "The big issue in the networking industry today is that networks are hard wired in an environment where you have dynamic compute and elastic compute," said Joe Cumello, chief marketing officer at Cyan. With SDN, the hard wired network environment gets the opportunity to catch up with the elastic compute environment so "you must have vendors and network partners working together in a way that's open," Cumello added. An elastic network is a money-making—and money- saving—network, Auster said. "The network is used more efficiently and it provides op ex reduction. The network becomes more valuable because it can be used more precisely, more punctually by these applications. Network operators can tie the willingness to pay and the value of the application to the network resources consumed and actually charge for those resources," Auster said. l An elastic network is a money-making— and money-saving—network. mitchell auster, senior aDvisor, portfolio architectures for ciena compute workloads across hosts and networks, and tolerant of disruption and faults, yet remain very deterministic in behavior when operating in a shared, multi-tenant environment subject to distinct service levels. For software defined security to successfully serve a software defined datacenter, security controls need to programmatically respond to the infrastructure whether it be at the abstracted compute, network or storage level. For those security controls providing traditional anti-virus/ anti-malware (AV/AM) functions, file access is typically monitored within the guest virtual machine (or its associated host) and the applicable storage array mapped to that compute resource. In the case of the software defined network, security needs to be able to function within multiple virtual networks, whether these networks reside on a single host or across geographically distributed hosts and data centers. Perhaps the most common security technology on the network after firewall services themselves is intrusion detection and prevention (IDP). In today's threat landscape, nearly half of all threats are detected through IDP like services, so leveraging security in a SDN environment is critical to protecting the infrastructure and any tenants assets in scope. As networks are provisioned, security virtual appliances need to be deployed into these SDN's and delivered the policy definitions necessary to protect those virtual machines assigned to these networks. These security virtual appliances must be programmatically accessible via things like a service catalog, thus requiring that all available security services must register with the infrastructures management framework. Security policies may include one or many tiers of technology to be applied against virtual machines running within a network , and may include performance or QoS parameters as well depending on the overall capacity of the shared resource. And should any of these virtual machines change networks, its security policy needs to programmatically follow these workloads and their assigned security control to ensure compliance with applicable service levels. Only in a software defined datacenter and its accompanying software defined network can this level of responsiveness exist, thus ensuring the full stack of services can quickly respond to the elasticity and movement demanded of the next generation of IT service infrastructure. l With compute virtualization, the focus was reducing capex costs through greater server consolidation. Security vendors were asked to reduce or remove their in-guest agent and provide shared security services on the host. As another level of infrastructure abstraction, software defined networking (SDN) has similarly challenged security vendors to rethink how security is delivered in an environment where services are much more quickly provisioned across hosts and networks. In many cases, this added level of flexibility serves as the foundation of the software defined datacenter, and advances concepts like IT as a Service. If we look at security in the context of a software defined model, let's call this software defined security, we find that the appropriate security controls embodied as security virtual appliances must be easily provisioned and configured within a dynamic infrastructure, responsive to change and movement of security is Core to sDn success By chIP E PP s, P RINcIPA l P R Oduc t M A N AgE R IN s y M A N t Ec 's sEc uRI t y gR OuP sponsored Content