Software-Defined Infrastructure: The Convergence of Networking, Security and Cloud-Based Software

save
Share and earn Cybytes
Facebook Twitter LinkedIn Email

Software-defined Infrastructure: The Convergence of Networking, Security and Cloud-based Software - Cybrary

“Software-defined” is one of the hottest buzzwords around. What it means, in practical terms, is vague at best. The notion of “software-defined” touches on a couple of key drivers of IT infrastructure innovation: speed and cost. Like any other service provider, IT needs to move at the speed of its customers (the business) and adapt to emerging requirements including Cloud access, mobile connectivity, data security and more. It also needs to cut the cost of services by reducing the cost of the infrastructure it owns and maintains.

 

The reality is that hardware appliances with embedded software (the most common implementation of networking and security solutions) are too slow to evolve and too expensive to run. In the past, it was a necessary evil. Networking equipment was purpose-built using custom hardware to be able to keep up with the increase in traffic speeds. It was slow to evolve, but it was unavoidable.

 

Enters software-defined networking (SDN). Originally, the concept of SDN emerged as a way to unbundle a hardware networking device (like a router) into a software-based control plane and a hardware-based data plane. Under this model, the control plane provided the brain of the system while the data plane moved the data along the path determined by the control plane. This architecture enabled the control plane to evolve quickly and independently of the hardware layer that is responsible for packet forwarding. SDN was also vendor neutral (with the introduction of the OpenFlow standard), but key vendors like Cisco and VMware deviated from the standard (probably, to maintain a competitive customer lock-in for their solutions).

 

While SDN is an important concept, it is moving slowly through the datacenter due to the complexity of the environment and the co-opetition between vendors that provide the virtual network functions (VNFs). Where SDN has traction is within the discipline of SD-WAN. SD-WAN is a narrower implementation of SDN concepts. SD-WAN uses a software-based control plane to drive on-premise edge devices to dynamically allocate Wide Area Network (WAN) traffic between MPLS and Internet links. Virtual desktops and Voice Over IP (VOIP) are two applications that are latency sensitive and must use a low-latency link such as MPLS while regular web browsing will work fine over an Internet link. SD-WAN is effective because it is “self-contained” (i.e. does not require standards and cross-vendor cooperation) and addresses a narrow IT problem.

 

SD-WAN is just a first step. We now have an opportunity to create something truly new and exciting: Software-defined infrastructure – the integration of software-defined networking and software-defined network security.

 

Let’s start with the network. Imagine of a fully integrated control plan AND data plane all in software – a full SDN. Is this event possible without custom hardware? Apparently, standard servers with optimized, yet standard, Intel hardware and DPDK-enabled software stack can handle multi-gigabit network workloads. Moreover, it is also possible to develop totally new data plane protocols that take into account the way the Internet works in 2015 and not the way it was built in the 80s (i.e BGP). Software makes custom hardware for routing obsolete – we can now implement and rapidly evolve new protocols, optimizations, and other enhancements without being subject to the painfully slow hardware development cycle.

 

What if we could build an SDN security layer directly into the network? This  layer will protect the network traffic as it flows through the SDN stack without being packaged into separate hardware appliances with specialized acceleration and encryption capabilities.

 

The core networking and network security layers of the IT infrastructure remained separate for more than 20 years. There seems to be a justification for this separation. Security needed to move faster due to changes in the threat landscape while networking remained stable (some say, stagnant) and subject mostly to capacity-driven enhancements. Networking and security needed to be separate because they needed to evolve at a different pace.

 

With SDN and Security, these layers can evolve rapidly, and in tandem. IT can achieve unprecedented speed in deploying new secure networking capabilities to address a wide range of business requirements.

Share this post and earn Cybytes
Facebook Twitter LinkedIn Email
Follow
2432 Followers
About Cato Networks
Cato Networks is rethinking network security from the ground up and into the Cloud. Cato has developed a revolutionary new Network Security as a Service (NSaaS) platform that is changing the way network security is delivered, managed, and evolved for the distributed, Cloud-centric, and mobile-first enterprise. Based in Tel Aviv, Israel, Cato Networks was founded in 2015 by cybersecurity luminary Shlomo Kramer, who previously co-founded Check Point Software Technologies and Imperva, and Gur Shatz, who previously co-founded Incapsula.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Support Cybrary

Donate Here to Get This Month's Donor Badge

 
Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel