SDDC and Networking
One important trend in Cloud Computing is the virtualization of the Data Center. A Software-Defined-Data-Center or SDDC, is an environment which provides the encapsulation of the underlying physical and network infrastructure, rendered as a software service. The basic premise is the same as that of a Virtual Machine (VM). In a VM, hypervisor software manages multiple application access to the underlying server-compute and networking resources. Depending on its type, the hypervisor can support a single operating system, or many operating systems.
The benefits of server virtualization are obvious and have led to the development of ‘Cloud’ or remote computing with its core characteristics including scalability, availability, capacity utilisation, remote access, and demand based consumption of services.
Part of ‘Cloud Transformation’ is the virtualization of the physical data center. A key component of this is the virtualization of networking and turning the network into a software component. Network, compute and storage assets are being turned into pools of resources to be automatically deployed, management and configured by software. This sensibly maps back to ‘Agile’ processes and methods, which are a central feature of dynamic IT development and building Information Systems to support the Business strategy and related processes. This need for a better architecture is a strong argument for transforming the network through virtualization.
Apps are becoming portable
The rise of server virtualization means that applications are no longer yoked to a single physical server in a single location. We can now replicate or copy applications to another data center, for backup, or recovery, and we can move them from one corporate data center to another, creating hybrid architectures of varying complexity.
A key problem area with this approach is the network. Usually a network configuration is tied to the physical hardware, so even if applications can be ported between platforms, the hard-wired networking connections could present a major problem. Networking services tend to be very different from one data center to another, and from an in‐house data center to a cloud. This will usually entail a fair amount of network-customization to make applications work in different network environments. That’s a major barrier to application portability.
There is no way to dynamically and easily automate the provisioning of a network, when the associated compute and storage is created, moved, snapshotted, clone, or deleted. The current hardware‐centric approach to networking restricts workload mobility to individual physical subnets and availability zones. To reach available compute resources in the data center, network operators are usually forced to perform box‐ by‐box configuration of switching, routing, and firewall rule configuration. This is called a Black Box.
In a black‐box approach to networking, there are custom operating systems, ASICs, CLIs, and management, all complicating operations and support. This approach locks you into your current hardware and probably limits the IT development group’s ability to innovate and improve. Recent studies indicate:
- IT makes, on average, ten changes to the corporate network in a 12‐month period that require a maintenance window. The average wait for maintenance windows is 27 days each.
- Businesses spend a total of 270 days a year waiting for IT to deliver a new or improved service.
- Larger enterprises require significantly more of these changes and wait even longer for maintenance windows.
Configuration processes are manual, slow, and error prone
On a day‐to‐day basis, physical networks force your network team to perform a lot of repetitive, manual tasks. If a line of business or a department requests a new application or service, you need to create VLANs, map VLANs across switches and uplinks, create port groups, update service profiles, and on and on. On top of this, this configuration work is often done via clunky CLIs.
The rise of software‐defined networking (SDN) will allow program-controlled hardware, but we still need to build multiple identical networks to support development, test, and production environments and teams, with the added complexity of having to map and deploy virtualized compute and storage. Manual processes are of course error prone and lead to extraordinary IT support, production and performance, costs and delays.
Networks and security
Many of the widely publicized cyber-attacks of recent years share a common characteristic, namely once the data center perimeter is compromised, malicious code within a domain can be quickly moved from server to server, collecting data, or shutting down applications (ransom-ware). Most physical network architectures do not have enough network-segmentation or firewalls.
A virtualized network will operate in the same way as a virtual machine which presents a software container and logical compute services to an application. A virtual network is a software container that presents logical network service including logical switching, logical routing, logical firewalls, load balancing, logical VPNs, to connected workloads. These network and security services are delivered in software and require only IP packet forwarding from the underlying physical network. The workloads are connected with a software representation of a physical network. This allows for the entire network to be created in software.
Figure: Network Virtualisation Overview
Network virtualization coordinates the virtual switches in server hypervisors and the network services pushed to them for connected VMs, to effectively deliver a platform or a form of network-hypervisor for the creation of virtual networks.
Firms may also provision these virtualized networks using a CMP or Cloud-Management-Platform, to request the virtual network and security services for the corresponding work-loads. The controller then distributes the necessary services to the corresponding virtual switches and logically attaches them to the corresponding workloads.
Figure: Network Hypervisor
This approach not only allows different virtual networks to be associated with different workloads on the same hypervisor, but also enables the creation of everything from basic virtual networks involving as few as two nodes, to very advanced constructs that match the complex, multi-segment network topologies used to deliver multitier applications.