Академический Документы
Профессиональный Документы
Культура Документы
DATA CENTER
n eBOOK
57%
IT and network services management
56%
Virtualization
That emphasis is showing up in investment plans for the network and data center. The 2012 Network World State of the Network study2 showed 34 percent of the respondents were ready to roll out or were planning to roll out, 17 percent were investigating what direction to take, and 30 percent were already fully deployed.
4%
New to us
30%
15%
Fully deployed
n eBOOK
These plans are being built on a proven track record for virtualization: Over the past decade, data center agility has dramatically increased with the virtualization of compute and storage resources. Applications have transitioned from client/server architectureswhere each application was tied to a specic physical serverto virtualized architectures where software abstracts the application from the physical server, allowing the application to reside literally anywhere. Storage, meanwhile, has transitioned from physical resources dedicated to specic applications or servers to shared pools. But IT understands that the infrastructure is not as agile as it could beor as it needs to be. While data center agility has greatly increased due to application, server and storage virtualization, the IT infrastructure is still not agile enough to meet business demands. The problem is the network. Virtualization is dependent on the network, and the network is incredibly complex. So complex, in fact, that it brings resource provisioning to a standstill. Its not just network virtualization thats being held back; this holds true across all virtualization strategies. A 2013 survey conducted by Network World on behalf of Juniper Networks showed that at least half of IT leaders said network complexity is holding back virtualization for networks, storage, applications and servers. This e-book looks at the virtualization trends uncovered in the survey conducted by Network World on behalf of Juniper Networks and offers advice for optimizing data center agility through network virtualization in a simple, open, smart manner.
Virtualization is dependent on the network, and the network is incredibly complex. At least half of IT leaders said network complexity is holding back virtualization for networks, storage, applications and servers.
SOURCE: 2013 SURVEY CONDUCTED BY NETWORK WORLD ON BEHALF OF JUNIPER NETWORKS
n eBOOK
MORE THAN ONE-HALF WILL EVALUATE SDN WITHIN THE NEXT 2 YEARS.
Respondents in the nance, education and high tech industries are more likely than those in manufacturing to be evaluating or have plans to evaluate SDN.
In the process of evaluating
TOTAL
52%
SDN enables direct programmatic control of the network (in line with end-user application needs) rather than programming around the network. Heres how: SDN separates the network control plane from the data plane. In other words, control of the network is taken out of individual network elements and centralized in a controller. Instead of individually managing and conguring devices on the network, network administrators can automate and centrally manage them via the controller, which provides complete visibility into the network. Whats more, SDN gives network administrators more granular control. They can prioritize, de-prioritize and block specic types of packets without having to touch individual network switches. Unfortunately, deploying SDN technologies isnt without its challenges. Nearly half of survey respondents say an IT skills gap is the biggest challenge they have encountered or expect to encounter when deploying SDN, and for good reason. In a software-dened network, applications at Layer 7 can interact and automate down to Layer 2. As a result, network engineers must think more broadly about the decisions they are making. They must be able to architect workloads across multiple pieces of infrastructure and determine how those workloads should be treated under varying conditions. In addition, as the network becomes increasingly automated, network architecture and design skills will become increasingly valuable.
n eBOOK
NEARLY ONE-HALF HAVE ENCOUNTERED OR EXPECT TO ENCOUNTER IT SKILL GAPS WHEN DEPLOYING SDN TECHNOLOGIES. ORGANIZATIONS ALSO CITE THE LACK OF PROVEN ROI AS A TOP OBSTACLE TO DEPLOYMENT.
The lack of a proven return on investment (ROI) is the second biggest challenge organizations report facing when deploying SDN technologies. However, there are plenty of quantiable benets that organizations can use to determine the ROI for their SDN deployment. For example, organizations should consider the efciency gains SDN enables and the impact they have on the organizations ability to deliver IT services faster. Organizations can also factor in lower operating expenses as a result of centralizing network management. They also stand to reduce capital expenditures by becoming less dependent on proprietary hardware, dedicated appliances and application-specic devices.
n eBOOK
NEARLY 50% HAVE PLANS TO CHANGE THE IT STRUCTURE TO ACCELERATE VIRTUALIZATION AND CLOUD. ONE IN FIVE ARE CREATING NEW IT TEAMS DEDICATED TO RE-ARCHITECTING THE NETWORK.
Plans for Changing IT Structure to Accelerate Virtualization and/or Cloud Initiatives over Next 12 Months
Consolidating/merging IT teams or silos (e.g., networking, storage, server, application teams) Creating a new IT team dedicated to re-architecting the network Creating other new IT teams
n eBOOK
employees, that percentage reaches 67 percent. These organizations are either consolidating or merging IT teams or silos (e.g., networking, storage, server and/or application teams), or creating new IT teams dedicated to rearchitecting the network. As far as the network itself goes, 56 percent of organizations plan to make changes or upgrades to the network to better support virtualization. This is incredibly important because the physical network serves as the foundation for the virtual network. Any issues in the physical network are likely to manifest in the virtual network as well. The physical network must have certain characteristics before it is virtualized. For example, the physical network must enable any-to-any connectivity with fairness and non-blocking behavior. This ensures deterministic performance of the virtual network on top of the physical network, and that network behavior will not change based on the location of a virtual machine (VM). The physical network must also be low latency and low jitter, and have no packet drops under congestions. When it comes to upgrading the network, 30 percent of organizations prefer a full solution stack when choosing network vendors. The remaining respondents prefer best-of-breed solutions or do not have a strong preference. Furthermore, nearly seven in 10 organizations are likely to outsource components when making network upgrades/improvements, including solution implementation (40 percent), network design (35 percent) and post-implementation support (32 percent).
MORE THAN HALF (56%) ARE PLANNING TO MAKE CHANGES OR UPGRADES TO THE NETWORK IN ORDER TO BETTER SUPPORT VIRTUALIZATION, WHILE 2% WILL VIRTUALIZE THE ENTIRE NETWORK.
Plans for Changes/Improvements to Network to Accelerate Virtualization and/or Cloud Initiatives over Next 12 Months
We are planning signicant changes or upgrades to the network in order to better support virtualization in other areas We are planning moderate changes or upgrades to the network in order to better support virtualization in other areas We are planning to virtualize the entire network Minimal changes or improvements to the network are planned
Dont know
n eBOOK
NEARLY ALL RESPONDENTS REPORT BC/DR IS A CONSIDERATION WHEN PLANNING NETWORK CHANGES OR UPGRADES. ORGANIZATIONS MOST OFTEN CONSIDER NETWORK AVAILABILITY, NETWORK SECURITY AND USER CONNECTIVITY.
Aspects of Business Continuity/Disaster Recovery Taken into Consideration when Planning Network Changes/Upgrades
Network availabillity
Network security
Data replication
Legacy infrastructure is the top challenge organizations face when improving BC/DR, cited by 42 percent of survey respondents. Operating multiple virtualized Layer 2 networks can help solve this problem. Applications can be connected between multiple virtual networks within a single data center or between physical data centers. The objective is to create location independence in the network so the application provides the same performance from any server within the data center and from any data center location. To achieve this, organizations must have universal SDN connectivity to be able to programmatically move the application anywhere for BC/DR purposes, and to deliver consistent behavior from the virtualized networks.
n eBOOK
LEGACY INFRASTRUCTURE IS CITED AS THE TOP CHALLENGE IN IMPROVING BUSINESS CONTINUITY AND DISASTER RECOVERY.
Security gaps Infrastructure built without clearly identifying application requirements Inconsistent management and security policies Infrastructure sprawl Practicing manual backup and conguration Trafc is not prioritized based on application relevance, causing performance issues
Universal SDN gateways provide the advanced and exible physical and virtual network routing and bridging connections and translations required for inter-, intra- and cross-virtual network communications. A universal SDN gateway allows you to move compute resources between networks, either within physical data centers, between physical data centers, or between a physical data center and a cloud environment. Virtual overlay networks are designed to imitate all aspects of the underlying physical network, subjecting the overlay network to performance, degradation and reliability issues when broadcast, unicast or multicast packets are ooded to all devices within a broadcast domain. Broadcast, unicast and multicast ooding is standard network behavior that physical network equipment is designed to handle. However, broadcast, unicast and multicast ooding places an exponential burden on the servers hosting the virtual network, which does not scale, potentially degrading the virtual network. Hardware-based overlay replication available on universal SDN gateways ofoads broadcast, unicast and multicast packets from the virtual network and allows purpose-built hardware-based devices to convert these packets into standard broadcast, unicast or multicast packets. These packets are then forwarded to their intended receivers to deliver performance, scale and reliability as well as consistent behavior from the virtualized network.
n eBOOK
10
A MAJORITY OF RESPONDENTS REPORT THAT NETWORK SECURITY IS AN UPFRONT CONSIDERATION WHEN IMPLEMENTING NEW NETWORK TECHNOLOGY.
59% 28% 7%
Performance is also a concern when evaluating network security solutions to support a virtualized environment. In fact, 80 percent of respondents to the Network World survey consider it highly important to be able to support new services and technologies without sacricing performance. This tends to be a problem when perimeter security solutions are retrotted for the virtual environment rather than purpose-built for VMs. It can be compared to putting a heavy coat of armor on a little machine that wants to move around. The armor weighsand slowsthe VM down. Furthermore, because VMs are in a multitenant environment, it is important to secure them north to south with other physical perimeter security measures, but also east to west to protect them from other VMs that might be sitting on the same server. Security must double-downmaking sure no one is coming in from the outside or the VM sitting next doorbut without slowing performance.
n eBOOK
11
WHEN EVALUATING NETWORK SECURITY SOLUTIONS TO SUPPORT A VIRTUALIZED ENVIRONMENT, 80% CONSIDER IT HIGHLY IMPORTANT TO BE ABLE TO SUPPORT NEW SERVICES AND TECHNOLOGIES WITHOUT SACRIFICING PERFORMANCE.
Level of Importance When Evaluating Network Security Solutions to Support a Virtualized Environment
Critical Very important Somewhat important Not very important Not at all important
Support new services and technologies without sacricing performance/end-user experience Virtualized security policy is consistent and integrated with physical security policy Detailed reporting/logging of access events and trafc to support SLAs and compliance requirements Full visibility and access control over all trafc owing through VMs
31%
49%
1% 18% 1% 2% 1%
26%
48%
24%
26%
37%
29% 6% 1% 2% 35% 1%
19%
44%
56% of respondents say securing web trafc is their biggest security concern. However, 61% of respondents say emerging network security technologies only address part of the cyber security threats facing their organization.
SOURCE: Ponemon Institute Research Report
Workloads must also be secured in a consistent manner, and the policies that apply to physical workloads must apply to virtual workloads regardless of where they reside. Organizations must be able to manage them with a consistent policy in mind so that zones dened for the physical network can also be articulated in the VM. If the policy says this workload is associated with nancial information and the data moves to another cloud provider, the policy should travel with that workload and adhere to the zone policy established for the physical network. Managing policies once for both the physical and virtual environments reduces operational overhead. It also ensures there will be no mistakes that can leave the organization vulnerable to attack or falling out of compliance with regulatory requirements. Organizations should also consider the rewall technology they deploy in the data center. Some providers insist that their next-generation rewall solution can help protect the virtualized data center. However, this technology has a specic use case in an ofce or campus environment. The application visibility and control capabilities are aimed at keeping people from inadvertently contracting a virus. These capabilities are not needed in the data center, nor are they effective at protecting the infrastructure. The majority of security professionals who responded to a 2013 Ponemon Institute report commissioned by Juniper Networks indicated that current next-generation rewalls and IP reputation feeds address only part of the cybersecurity threat, leaving signicant exposure to the most concerning attacks. Applications and infrastructure reside in the data center, which is why it requires a high-performance, highly scalable rewall-based gateway.
n eBOOK
12
n eBOOK
13
CONCLUSION
In an effort to achieve the level of agility that business demands, many IT organizations have virtualized their data center resources. With applications, servers and storage virtualized, IT is able to react more quickly to business needs. However, these virtualization efforts go only so far before network complexity brings efciencies to a halt. To achieve greater levels of agility, IT must address the network.
That means simplifying the infrastructure and operations with virtualization. Juniper Networks MetaFabric Architecturea simple, open and smart approach to data center designaccelerates the deployment and delivery of applications within and across multiple virtualized data centers. It provides location-independent coordination and management of devices across multiple sites, maximizing data center resources and ROI to allow you to establish a solid physical network foundation and address the security and BC/DR requirements needed for network virtualization success.
www.juniper.net/datacenter