Home > Blogs > VMware Accelerate Advisory Services > Tag Archives: software-defined network

Tag Archives: software-defined network

Understanding Software-Defined Networking for IT Leaders – Part 1

Reg Lo By Reg Lo

Software-defined networking (SDN) is revolutionizing the datacenter much like server virtualization has done. It is important for IT leaders to understand the basic concepts of SDN and the value of the technology: security, agility through automation and cost-savings. This blog post explores some of the security benefits of SDN using a simple analogy.

DomiNations

Courtesy of the game DomiNations, Nexon M, Inc.

My kids are playing DomiNations – a strategy game where you lead your nation from the Stone Age to the Space Age. I recruited their help to illustrate how SDN improves security. In this analogy, the city is the datacenter; walls are the firewall (defense against attackers/hackers), and the workloads are the people/workers.

The traditional way of defending a city is to create walls around the city. In the same manner, we create a perimeter defense around our datacenter using firewalls. However, imagine there is a farm outside the walls of the city. Workers need to leave the protection of the city walls to work in the farm. This leaves them vulnerable to attack. In the same way, as workloads or virtual machines are provisioned in public or hybrid clouds outside the datacenter firewalls, what is protecting these workloads from attack?

DomiNations

Courtesy of the game DomiNations, Nexon M, Inc.

In an ideal world, let’s say my kids have magical powers in the game and they enchant the city walls so they can expand and contract to continuously protect the workers. When a worker goes to the farm, the walls automatically extend to include the worker in the farm. When they return back to the city, the walls return to normal. SDN is like magic to your firewalls. Instead of your firewalls being defined by physical devices, a software-defined firewall can automatically expand into the public cloud (or the part of the hybrid cloud that is outside of your datacenter) to continuously protect your workloads.

This ability to easily and automatically configure your firewalls provides another benefit: micro-segmentation. As mentioned before, in a traditional city, the city walls provide a perimeter defense. Once an attacker breaches the wall, they have free range to plunder the city. Traditional datacenters have a similar vulnerability. Once a hacker gets through the firewall, they have free range to expand their malicious activity from one server to the next.

DomiNations

Courtesy of the game DomiNations, Nexon M, Inc.

Micro-segmentation of the network is like having city walls around each building. If an attacker breaches the outer perimeter, they can only destroy one building before having to re-start the expensive endeavor of attacking the next line of defense. In a similar fashion, if a hacker penetrates one application environment, micro-segmentation prevents them from gaining access to another application environment.

Software-defined networking can improve information security. Every few months there is a widely publicized security breach that damages a company’s brand. CIOs and other IT leaders have lost their jobs because of these breaches. SDN is a key technology to protect your company and your career.

In Part 2 and 3 of this series, “Understanding Software-Defined Networking for IT Leaders,” we’ll explore how SDN increases agility and drives cost savings.


Reg Lo is the Director of VMware Accelerate Advisory Services and is based in San Diego, CA.  You can connect with him on LinkedIn.

Cloud, End-User Strategies Guard Against Data Breaches

Author: Alex Salicrup

The Fifth Estate hits theaters October 18, and with it a reminder of the corporate and government secrets exposed when WikiLeaks founder Julian Assange obtained breached classified data and released it to the world.

Assange and WikiLeaks, as we know, gained access to classified documents through US Army Private Bradley Manning, an intelligence analyst who was recently sentenced for espionage. In addition to this breach, there was Edward Snowden, the contractor for the National Security Agency (NSA) who outed the organization’s telecommunications monitoring programs.  — See related by Richard Rees on the VMware Consulting blog: The Snowden Leak: A Windfall for Hybrid Cloud?

In the 80s and 90s the spy scandals centered on individuals passing secrets to enemies of the state, like Aldrich Ames and Richard Hanssen, government employees who sold sensitive information to Russia for big bucks.

These days data breaches are more likely to be driven by a cause than cash. Widely described as hacktivism, breaches and malware attacks are made against corporations—not just governments—often by organizations that see themselves as the arbiters of online justice (like Anonymous). Two-thirds of all data breaches last year were made by installing malware on corporate systems. Almost all breaches were made from external sources.

Since its breach, the NSA, which already had plans to build a private cloud, has accelerated its implementation, largely because it sees automation as a key to eliminating the need for contractors like Snowden. In my experience, this is a good start, but only when it is followed by security policies focused on data classification rather than per application or system.

One of the advantages I see to software-defined networking is that it allows better visibility into where data, platforms, and infrastructure reside as part of the larger virtual infrastructure. The closer to a software-defined data center a corporation gets, the more control and visibility it has over its data security.

I was recently part of a deployment where the client designed innovative ways to classify and secure data, making it harder to breach, easier to monitor, and mostly automated. That’s a scalable solution that delivers enhanced security of precious data.

End-user computing (EUC) is another area where the right strategy needs to safeguard data accessible from devices that can potentially be accessed by someone besides the intended user. In my experience, if a company does not employ a comprehensive EUC solution, staff members will eventually bypass data security policies in order to have access data on their mobile devices.

Organizations will do well to start an internal assessment of how well-positioned they are to manage their data securely in the age of hactivism. Are there opportunities to enhance data security using virtual infrastructure and software-defined networking? Which is more cost effective and efficient? How much would a breach potentially cost? Is your organization capable of managing the infrastructure needed to support virtualization and EUC initiatives?

Let’s face it: No one expects to have their data breached. And yet, the majority of US corporations are victims to it every year. Why risk being one of them?

=====

Alex Salicrup is a business solutions architect for VMware Accelerate Advisory Services.