As cloud adoption grows, IT's perception of the technology changes and enterprises embrace new ways to make cloud more efficient. New technologies like software-defined networking have been thrust into the IT industry spotlight. And while SDN and cloud can drive greater efficiency and agility in your IT environment, they also present unique challenges to overcome.
To reach its full potential, a cloud service must be highly automated and under department admin -- not cloud admin -- control. Software-defined networking (SDN) can help meet those goals. SDN is a networking approach that separates control from the data flow and physical infrastructure. SDN also uses network functions virtualization (NFV) to virtualize switching and other network functions.
SDN and NFV entice both private and public cloud users. They eliminate the need for cloud admins to build VLAN structures using script languages. Some SDN tools enable policy-based operation with templates that simplify VLAN configuration and reduce errors. Overall, these approaches to network orchestration save admins a significant amount of time.
Virtualized networking migrates switches and routers to a bare-metal model, reducing hardware costs. Control software is moved back to the server farm and virtual server instances. This allows scaling as workloads change. But, more importantly, it eliminates the vendor lock-in that has kept switching and routing prices so high.
OpenFlow, an open source SDN standard developed by the Open Networking Foundation, also helps to eliminate proprietary networking gear. It's worth mentioning, however, that Cisco has proposed an alternative that maintains a software-defined structure while using proprietary hardware. With standards such as OpenFlow defining interfaces between new-age network elements, there is an explosion of startups offering not only traditional control software, but new and innovative data services as well.
Encryption challenges with SDN and cloud
SDN and cloud are not yet a perfect match. Problems exist, especially around encryption. For example, choosing where to encrypt data flow isn't easy; general-purpose instances lack the hardware needed for fast encryption and decryption. Nonetheless, with large and highly automated networks in the cloud, encrypting data in motion and data at rest is critical to avoid man-in-the-middle and other attacks.
Eventually, cloud server chipsets may evolve to feature built-in encryption. However, it may take time, since source encryption implementations are currently a challenge. That said, recent high-profile attacks might make them a priority among CEOs.
With encryption in place, virtual networking strengthens the security and compliance of multi-tenant clouds. The Virtual Extensible LAN (VXLAN) protocol replaces VLANs and allows scaling to 16 million logical networks. These effectively block traffic from unauthorized users. Still, even with encryption protecting the SDN fabric, the data owner alone must handle key management to remain compliant.
Building robust security into SDN and NFV environments likely won't be a priority until we learn more about the technology itself. But the dangers of a network hack are good enough reason to start thinking about security today. SDN and NFV are the future of cloud networking. However, improvements, such as those needed for security, must be made.
About the author:
Jim O'Reilly was Vice President of Engineering at Germane Systems, where he created ruggedized servers and storage for the US submarine fleet. He has also held senior management positions at SGI/Rackable and Verari; was CEO at startups Scalant and CDS; headed operations at PC Brand and Metalithic; and led major divisions of Memorex-Telex and NCR, where his team developed the first SCSI ASIC, now in the Smithsonian. Jim is currently a consultant focused on storage and cloud computing.
Is cloud data encryption still necessary?
Encryption crucial to prevent cloud breaches
Security is far from just a cloud issue