This is a guest blog post by Joni Leskinen of Tieto, a vCloud Air Network Service Provider, and Marwan Semaan of VMware.
The virtualization journey begun with the compute layer, then storage, and now, network virtualization. Network virtualization is the most important step in the journey, taking the step to maximize efficiency and cost reduction in IT, resulting in reducing Tieto customers’ total cost of ownership through high-quality standardized cloud services and automation.
In the traditional datacenter different subnets are separated using VLANs. These vLANs communicate across firewalls and physical switches connecting the subnets together. Every change or update on any subnet, requires reconfiguration of the physical network node, for example adding a new firewall in real time between local vLANs to secure an existing application, or updating load balancer to meet the scaling needs by an application, these configurations are time consuming, risky and expense.
Figure X: Traditional Network and Traditional Security
Tieto has spent time evaluating the network virtualization requirements within their new datacenter and has deployed VMware NSX to provide the Software Defined Networking (SDN) functionality.
Networks within the new Tieto datacenter environment are encapsulated into a suitable tunneling protocol whereby these subnets are separated using vxLAN overlay to communicate within the same virtual network protected by NSX virtual firewalls accessed via NSX virtual load balancers. The functionality of networking (Switching, Routing, Firewalling, Load Balancing) is decoupled from the physical devices, and embedded directly into the hypervisor which in its turn guarantees tremendous performance (and offloading of traffic or hairpinning) and places networking and security over the physical network beneath utilized by the virtual environment enabling dynamic, context-based decisions to be made or automated.
With SDN every change or update on any network configuration or vxLAN is instant and requires no change at all to any of the physical layer. For example, a newly created VM can be extended with virtualized network services e.g. firewall, VPN or load balancing and is configured and setup in minutes, something which traditionally took weeks.
Network Virtualization – SDN Network
Success Factors for an SDN Implementation
around 10 years ago it was considered bleeding edge to be able to order servers from a self-service portal, today customers are expecting more. They need the whole running infrastructure to be managed in self-service manner. VMware’s NSX technology provides network specialist tool sets directly to application architects. By using self-service tools and API driven systems, network requirements can be deployed “on the fly”.
Network security in cloud environments is a critical aspect, applications must be protected and running on complaint infrastructure, the traditional 3-tier application segment model (front-end, application and database) where the compute was often on the same segment for performance reasons is not secure. A breach can result in intruders accessing all the servers within the same segment. With NSX – micro segmentation. Every server is in its own logical segment. Only permitted protocols are allowed between servers providing East-West security where, previously, there has been little to none.
Handling network configuration separately from compute and storage creates silos inside operational systems. Changes are ordered and delivered from external systems with limited visibility for application architects and service managers. With the concept of application blueprints or templates, the application owners have the ability to export configurations, make changes and re-deploy or re-use a blueprint as many times its needed, with assurance that systems are deployed correctly according the design every time and secure
Tieto’s new datacenter, utilizes these key SDN attributes e.g. Flexibility, Security and Quality to address the market need and the market driven initiatives e.g. mobile applications, Internet of Things (IoT), Big Data, and Agility, initiatives requires that modernization of IT infrastructures to succeed.
To learn more about Tieto and the vCloud Air Network, click here.