In data centres across the world the principles of server virtualisation, and their impact on how server resources can be allocated, managed and secured, have been established over the past decade and are now part of mainstream IT.
While similar ideas have taken some time to infiltrate into the logical and physical architectures of our communications networks, they are now reaching the mainstream - in the shape of Network Function Virtualisation (NFV) and Software Defined Networking (SDN).
The former (NFV) enables an opening up of networking functionality, while the latter (SDN) speaks to the ability to orchestrate and control networking functions as a result. Together, they separate the control plane from the networking layer, enabling networks to be created more flexibly than was possible in the hardware-defined days of ‘big iron’.
In addition, they present the opportunity to create closer, more efficient linkages between the networking layer and the IT layer, between cloud and in-house systems. The suggestion is that in the longer term, networking and IT teams will be able to work together more effectively, potentially even merging over time.
So far so good, but this transition brings some inevitable challenges. Increased flexibility also suggests increased complexity, an issue characterised in server-land as “Virtual Machine sprawl” for example. Management of more flexible environments needs to be more tightly controlled rather than less, even if individual controls are lighter-touch.
As this illustrates, migrating towards an SDN/NFV environment is more of an operational transformation than a technical transition, and therefore requires a great deal of prior thought.
Options exist not only in terms of what functions need to be available, but also who should run them - for example, which services can be provided in house and which could be delivered using partner or cloud services? Note that these questions are as valid for enterprise organisations as for Communications Service Providers.
Then next piece of the puzzle is concerns network analytics, not only to guide the agility of the SDN-powered NFV network but also to drive revenues, e.g. increasing revenues through better targeting of advertising.
Finally of course, more flexible networks will bring another set of security risks, in terms of both risks inherent to SDN and NFV, the data they create, the new usage models and operational scenarios that they enable. In fact the level of dynamicity will be such that the old separation of security from the initial deign will make it just impossible to run. Workloads will change at the level of the micro second which will force security automation to be part of the initial design such as the immune system of a living system. We will explore this area as a great business opportunity in a follow up article.
Building on all of the above, what becomes clear is that management platforms also need to be more dynamic. This is not only in terms of making logical changes to the architecture, but also pulling together more complex pools of data to enable the resulting threats to be identified and quantified.
At Symantec we know we already have many pieces in place to enable better management and security of SDN/NFV environments and the data they depend upon. Indeed, we are already partnering with equipment providers, software providers and consulting firms to ensure our solutions fit the evolving needs of our customers.
We also recognise, however, that communications networks are at the beginning of a journey towards their complete transformation. For CSPs and enterprises alike, future success will be based on how organisations make best use of a rapidly evolving set of capabilities.
The days of multi-year amortisation periods for networking infrastructure hardware are coming to an end, driving the need for completely new thinking in how both business priorities and technology strategies are set.