Working with SDN ecosystems

Networks were easy to understand when IT engineers worked with physical servers with physical network interfaces and unique IP addresses. This was easy to understand and configure. We saw it and we touched it. However, there are increasingly applications and servers, which are hosted in virtual platforms or into the Cloud, where these applications and servers are available from anywhere at any time, and they have virtual network interfaces with virtual IP addresses. This is difficult to understand for those who have always been working with physical infrastructures. However, applications and servers are no longer physical. If we want to take advantage of new technology, we should learn, understand and study how this new virtual world works.

Lately, I’ve been writing about Public Clouds, such as AWS Cloud or Microsoft Azure, where everything is virtual and we even don’t know exactly where our applications are hosted. However, if we create our virtual Data Center or deploy a Private Cloud, we can use Software-Defined Networking (SDN) and Security solutions, such as VMware vCloud Networking and Security (vCNS), which are useful for creating virtualized networks as well as protecting our applications. For instance, these solutions, based on SDN, help us to deploy virtual firewalls and load balancers into our own platform.

Software-Defined Networking and Security
VMware NSX is the next generation of vCNS and it’s more than a Software-Defined Networking (SDN) and Security solution but it’s a Software-Defined Data Center (SDDC) solution which help us to create virtual distributed firewalls and load balancers as well as enabling micro-segmentation or configuring VxLAN. This is a solution to build network architectures in software which also enhances security into the virtual ecosystem. Nothing about physical network interfaces and nothing about hardware appliances. Everything is virtual and everything is software.

Software-Defined Data Center (SDDC)
One of the greatest change in this new virtual world is, from my point of view, firewalling. Today, there are security engineers who still think about the traditional firewall model, which allows or denies traffic into the perimeter network. However, you have to throw away your firewalls because this is not enough, and applications should also be protected from inside the datacenter. For instance, Amazon Security Groups and VMware NSX help us to configure firewall rules for each virtual machine, protecting applications from inside the datacenter.

Intuitive Firewall Rules with VMware NSX

Once we choose to deploy Software-Defined Networks (SDN), it seems more difficult to deploy security platforms such as IDS/IPS systems but it’s not impossible. Most virtual and cloud platforms have also networking and security features for log analysis and traffic analysis, which are useful for troubleshooting as well as for integrating with IDS/IPS virtual appliances. Thanks to port-mirroring features into virtual switches, we can keep analysing traffic of virtual machines.

VMware Port-Mirroring
I think, Software-Defined Networks (SDN) are just the beginning. We’ll increasingly see Software-Defined Data Center (SDDC) where we’ll enable micro-segmentation and workflows for virtual machines and we’ll forget buying lots of hardware servers.

This is the new ecosystem. The virtual ecosystem. Are you ready?