Current Filter: Network>>>>>Feature>

   

Most network managers love the idea of Software Defined Networking (SDN). The ability to spin up new networks as easily as they can spin up virtual servers, and to configure and secure them automatically through a central, software-based controller, could give their organisations unprecedented levels of business agility, while at the same time lowering both operational costs and the need for capital expenditure. In short, it allows IT departments to become the truly fast, flexible, ultra-responsive resource for their businesses that proponents of cloud and virtualisation have long been promising.

While fully software defined environments are clearly the way forward, reaching that nirvana is not a case of a rip and replace of existing infrastructure, rather it's a gradual transition. The size and complexity of most companies' IT estates means that swapping out all their legacy systems and networks for software defined equivalents is simply not practical in one fell swoop, nor desirable.

Companies need to make the most of their existing investments, minimise disruption to their business and work to budgets. Most systems aren't replaced unless they're due to be refreshed, so for the time being hybrid environments - ones that comprise a mix of both physical and virtualised systems - will remain the norm for most firms.

But many organisations aren't yet realising the full agility and automation benefits of the software defined components they are putting in place. In today's hybrid environments many critical business systems (even virtualised ones) need to access physical networks, databases and applications. Although modules like VMWare's NSX allow firms to secure the software defined parts of their estate without the need to configure multiple firewalls and other components, if those virtualised systems need to access physical networks and their components, organisations typically still configure and secure these elements manually.

The size and complexity of most firms' hybrid environments, and the growing number of changes the business is demanding to applications and services, is leading to serious bottlenecks as teams struggle to keep up with the deluge of work updating and configuring myriad firewalls, network hardware and software, systems and applications. This complexity, coupled with the huge volume, means that there is a huge risk of making mistakes. So much so, in fact, that manual configuration of physical components is becoming impossible without vastly increasing the risk of both network breaches and system failures.

During the transitional period to our software defined future, what's clearly needed is a way for organisations to centralise and automate control and configuration of not just their virtualised systems, but of all their physical and legacy estate as well. The IT industry has recognised this problem and has responded with a class of software known as 'security policy orchestration'. The best of these tools can analyse your entire estate and understand precisely how all of your systems and networks interact with one another. They can hook into the control interfaces of both your physical and virtualised systems and let you manage everything from one place.

Security policy orchestration tools also help understand overarching organisational compliance and security policies (set out in a logical, business context) and can translate these into the myriad configuration tweaks necessary across your entire estate, to ensure networks remain appropriately segmented and firewalls are correctly configured to enforce chosen policies. Changes required can either be flagged up for manual intervention, or equally, fully automated. The tools can also ease the process of moving workloads to the cloud, ensuring that when you do decide to move particular legacy systems onto a new platform, you can avoid unnecessary downtime and maintain business continuity - turning those virtual aspirations into measurable reality.