Posted on Oct 29th, 2014 by Ofer Or

The benefits of making the move from physical to software defined networking technologies are well documented. During our most recent webinar we ran a poll to find out how many organizations have plans to adopt software-defined data centers (SDDC). It may be surprising to some to learn that 60 percent of our respondents claimed to not yet even be considering adopting SDDC. We weren't particularly surprised. Why? Because the migration itself to SDDC is currently viewed as very challenging.

Software Defined Data Center - Benefits

Challenges from a network security perspective

  1. Technology – decisions have to be made now for the future. One decision on vendor or technology made now may have big complications for network security down the line.
  2. Security Policy Orchestration – How do you define the security policy in the SDDC? Usually legacy policies are made up of a series of best practice decisions – adding and patching – made over time, meaning enterprises have limited visibility to the security policy that's being used and enforced. This means that when implementing a new data centre, it's not always easy to remember why things were working the way they were before.
  3. Transition  - takes time. You must be able to align the security policy with both the new data centre and also the existing one. Specific applications may require connectivity to both the old and the new data centre. Also how do you take the automation benefits from SDDC and carry them over to the physical legacy networks?
  4. Application transition – needs to be rapid and safe. To do this the admin needs to be able to map the apps on the network and the resources they consume – quite a tricky exercise. But even if they can do this, they still need to find a way to move the app or aspects of it without losing connectivity and minimising down time. Plus minimise the risk of introducing new breaches in the network.
  5. Automation – can cause concern. Network admins have to explain to auditors why certain rules have been added and why firewalls rules have been changed. They perceive automation as a lack of visibility and worse, control.

A second poll we asked during the webinar revealed that challenges resonating most with our audience are that it's unclear how to align physical and new virtual infrastructure (32 percent) and defining the security policy (26 percent).

In the webinar I've outlined a number of ways each of these challenges can be addressed. But to summarize, steps that must be taken are:

  • Create a unified and trusted Security Policy Orchestration plane that spans physical, virtual and cloud infrastructure.
  • Enable the SDDC promise of enhanced security and agility through a trusted, automated and multi-vendor management platform.
  • Implement a consistent policy across the entire network with each platform enforcing it at its own level.

The move to SDDC is undoubtedly challenging but it doesn't mean it's impossible. If managed carefully the benefits outweigh the risks.