Ads 468x60px

Featured Posts

19 de febrero de 2018

Working with SDN ecosystems



Networks were easy to understand when IT engineers worked with physical servers with physical network interfaces and unique IP addresses. This was easy to understand and configure. We saw it and we touched it. However, there are increasingly applications and servers, which are hosted in virtual platforms or into the Cloud, where these applications and servers are available from anywhere at any time, and they have virtual network interfaces with virtual IP addresses. This is difficult to understand for those who have always been working with physical infrastructures. However, applications and servers are no longer physical. If we want to take advantage of new technology, we should learn, understand and study how this new virtual world works.

Lately, I’ve been writing about Public Clouds, such as AWS Cloud or Microsoft Azure, where everything is virtual and we even don’t know exactly where our applications are hosted. However, if we create our virtual Data Center or deploy a Private Cloud, we can use Software-Defined Networking (SDN) and Security solutions, such as VMware vCloud Networking and Security (vCNS), which are useful for creating virtualized networks as well as protecting our applications. For instance, these solutions, based on SDN, help us to deploy virtual firewalls and load balancers into our own platform.

Software-Defined Networking and Security
 
VMware NSX is the next generation of vCNS and it’s more than a Software-Defined Networking (SDN) and Security solution but it’s a Software-Defined Data Center (SDDC) solution which help us to create virtual distributed firewalls and load balancers as well as enabling micro-segmentation or configuring VxLAN. This is a solution to build network architectures in software which also enhances security into the virtual ecosystem. Nothing about physical network interfaces and nothing about hardware appliances. Everything is virtual and everything is software.

Software-Defined Data Center (SDDC)
 
One of the greatest change in this new virtual world is, from my point of view, firewalling. Today, there are security engineers who still think about the traditional firewall model, which allows or denies traffic into the perimeter network. However, you have to throw away your firewalls because this is not enough, and applications should also be protected from inside the datacenter. For instance, Amazon Security Groups and VMware NSX help us to configure firewall rules for each virtual machine, protecting applications from inside the datacenter.

Intuitive Firewall Rules with VMware NSX

Once we choose to deploy Software-Defined Networks (SDN), it seems more difficult to deploy security platforms such as IDS/IPS systems but it’s not impossible. Most virtual and cloud platforms have also networking and security features for log analysis and traffic analysis, which are useful for troubleshooting as well as for integrating with IDS/IPS virtual appliances. Thanks to port-mirroring features into virtual switches, we can keep analysing traffic of virtual machines.

VMware Port-Mirroring
 
I think, Software-Defined Networks (SDN) are just the beginning. We’ll increasingly see Software-Defined Data Center (SDDC) where we’ll enable micro-segmentation and workflows for virtual machines and we’ll forget buying lots of hardware servers.

This is the new ecosystem. The virtual ecosystem. Are you ready?

12 de febrero de 2018

Amazon CloudFront



There are companies who would like to deliver their information such as web pages, video, documents, audio, etc to the greatest number of user as possible into a high resilience architecture thus content delivery networks are increasingly important for these companies. Today, thanks to cloud service providers and content delivery networks, users can watch streaming videos or listen live music easily and without disruptions from anywhere and, meanwhile, companies can pay as they go to the cloud where cloud providers charge based on usage.

A Content Delivery Network or CDN is a network of computers hosted in different regions around the world which store a copy of data that can be delivered to users based mainly on proximity. For instance, if we were a spanish company who deliver video in EMEA and LATAM, we could upload our video to the CDN to be delivered quickly to end users based on geography. We shouldn’t confuse CDN with Global Server Load Balancing (GSLB) because GSLB provides load balancing between data centers thus load balancing our services, while CDN is based on GSLB architecture.

AWS Regions

There are many companies who offer CDN services like Amazon, Akamai or Cloudflare. All of them have data centers available on five continents to deliver content quickly. For instance, Amazon has more than 11 data centers where we can create our virtual Data Center with AWS Elastic Load Balancing for high availability, we can protect our services with AWS Shield & AWS WAF, and we can also accelerate our web applications with Amazon CloudFront. On the other hand, Cloudflare is well known by his powerful network which is able to reach high throughputs and protect our services against DDoS attacks. However, Akamai has always been, from my point of view, a content delivery provider.

High Availability and Scalability Architecture

Amazon CloudFront is a global content delivery network integrated with AWS services which help us to deliver highly available and scalable applications with high performance and it’s also able to secure content at the edge. In addition, it’s cost effective because we pay only for the data transfer and requests used to deliver content to our customers. Amazon CloudFront is easy to use and deploy from AWS Management Console, where we have to choose the viewer protocol policy and allowed HTTP methods as well as caching and encryption configuration. What’s more, distribution settings like price class, security protection and HTTP/2 support can be chosen as well as logging and IPv6 compatibility.

Amazon CloudFront Distribution Settings

As IT engineers, when we have to design high available, scalable and reliable architectures, we have to take into account many things. First, we have to design our services thinking about failures thus we should design avoiding single point of failures. Multiple servers with a load balancer help us to meet this requirement. Second, one data center may not be enough thus we’ll need multiple data centers balanced with GSLB in different regions and databases should also be replicated and synchronized. Finally, monitoring is a must for dynamic scalability. Many requests, more servers. Few requests, less servers. On the other hand, we can use content delivery network services like Amazon CloudFront, Akamai or Cloudflare to deliver our web pages, video or audio easily without thinking about networking or load balancing.

What are you thinking about? Are your services highly scalable and available?
Related Posts Plugin for WordPress, Blogger...

Entradas populares