Organizations spanning all industries are undergoing major technological shifts by leveraging software defined infrastructure to improve efficiency, increase customer engagement and enhance operational agility. Internet of Things (IoT) solutions represent a solid use case for digital transformation by extending software control of physical devices to optimize operational processes and physical assets to enhance flexibility, create differentiation and enable new business models for creating competitive advantages at scale.
The scale that these emerging environments represent is massive and growing at tremendous rates, as indicated by IDC’s prediction that by 2025, there will be 41.6 billion connected IoT devices. The challenge is that all of these IoT devices and networks that are used for analytics and telemetry, also represent a significant expansion of the attack surface, especially at the edge. Attack vectors range from physical network and RFID attacks, to unmanaged IoT devices which further expand the attack surface from increasingly sophisticated threats. Lack of awareness and lack of line of sight visibility by infosec departments are among the causes of the surge in attacks. The problem is that IoT edge security platforms need to evolve in order to improve security event detection, automate compliance and either prevent or significantly reduce the recovery time for breaches.
IoT Edge Reference Architecture
To address these threats, VMware Validated Designs (VVDs) utilize Software-Defined Data Center (SDDC) architectures built from best-of-breed components to deliver a reference architecture for an IoT Edge Security Platform which is documented in this white paper. The IoT Edge Security Platform was designed and implemented to provide a validated framework for companies to build consistent, compliant and certified security infrastructure in a SDDC architecture.
The IoT Edge Security Platform, delivered through a partnership between VMware, Accenture, Splunk and Infinidat enables organizations to reduce the risk, liability and reputational damage associated with IoT edge security breaches. Through a comprehensive, automated Governance Risk and Compliance (GRC) framework, it reduces the cost and time to deploy best of breed tested and validated software defined data center platform for IoT edge security. Learn more by reading the white paper here.
Figure 1: IoT Edge SDDC Architecture Overview
This IoT Edge SDDC architecture, as shown in Figure 1 is a VVD based platform that consists of modular pods designed to deliver scalable services that were built and tested in Accenture labs. The architecture consists of Management Pods, Edge Pods, Compute Pods and Storage Pods. This implementation includes VMware vSphere, VMware NSX, VMware vSAN, VMware vRealize Suite; Splunk Security Information and Event Management (SIEM) for real-time security monitoring and threat detection and Infinidat’s InfiniBox as the storage platform in the Storage Pods. This tested and proven solution enables Telco’s and IoT Edge network owners to achieve the parity in security infrastructure required to significantly reduce risks while cost-effectively meeting governance and compliance mandates.
The VVD architecture consists of a set of validated designs that encompass the entire suite of VMware software-defined infrastructure to provide a standardized approach to help build consistent and certified hybrid cloud infrastructure with the same ease of operation of public clouds. Advantages of this approach is that it provides the automation, orchestration, services management and lifecycle management blueprints and tools which can be deployed in weeks, not months or longer. The result is a fully integrated end-to-end solution that provides unified infrastructure management that’s adaptable and extensible. By integrating the SDDC into your data center management, this reference architecture delivers the ability to monitor and meter your environment with a consistent user experience. Maintaining compliance with all existing government rules, policies and regulations is another key advantage while being extensible to changes, reducing the complexity and accelerating time to value. All business controls and compliance demands are tracked to maximize efficiency and reduce total cost of ownership. The IoT Edge Security Platform architecture also supports Governance Risk and Compliance (GRC) best practices generating real world business value while addressing multiple regulations leveraging an architectural design that provides repeatable outcomes.
Learn More and the Path Forward
VMware Validated Design is a family of solutions for data center designs that span compute, storage, networking, and management, serving as a blueprint for your Software-Defined Data Center (SDDC) implementation. Documentation for VVDs consists of succeeding deliverables for all stages of the SDDC life cycle and can be found here. Specifically for security and compliance as it relates to National Institutes of Standard and Technology (NIST) 800-53, the VMware Validated Design Security and Compliance Configuration for NIST 800-53 provides step-by-step configuration for securing a software-defined data center based on the VMware Validated Design for Software-Defined Data Center for compliance with the NIST 800-53 standard and can be found here.
Going forward, as deeper integration is achieved so that VVDs can be deployed within VMware Cloud Foundation, there are a number of potential integration points that provide higher degrees of alignment between what can be deployed today using the guidance of a VVD and the promise to automate much of this functionality through VMware Cloud Foundation (VCF) and SDDC Manager. In addition, as this integration deepens many of the capabilities that are carried out within the prescriptive guidance of a VVD, could in the future potentially be automated within VCF as a way to achieve these predictable outcomes with higher degrees of automation, requiring less FTEs and delivering consistent business outcomes. For moving workloads out to the Edge, VCF Remote Clusters provide a mechanism to deploy full stack HCI technology out closer to the IoT Edge without requiring technical staff at these edge locations. Stay tuned to this blog for more updates as we continue this journey together.