A Migration Path to Software-Defined Networking (SDN) in an Enterprise Network

Similar documents
The top 3 network management challenges

Firewalls: on-premises or in the cloud?

Save time. Save money.

Sanko Printing Co. Ltd

Demystifying Software-Defined Networking (SDN)

Easing the Enterprise transition to IPv6

Reducing the burden of network management

Success Story. Kanaiwa Hospital

Software Defined Networking

Solutions Guide. Resilient Networking with EPSR

10 Reasons To Consolidate Threat Management

Solutions Guide. Secure Remote Access. Allied Telesis provides comprehensive solutions for secure remote access.

Matsumoto Kyoritsu Hospital

Solutions Guide. Ethernet-based Network Virtualization for the Enterprise

Penola Catholic College

St Mary MacKillop College

Case Study Ministry of Agriculture, France

SDN and the changing face of Enterprise networks

Dyrehavsbakken Amusement Park

Solutions Guide. High Availability IPv6

Network Access Control (NAC)

Juniper Networks MetaFabric Architecture

Top 14 best practices for building video surveillance networks

Hokkaido Institute of Technology

Solutions. Secure, Intelligent Infrastructure for Healthcare

VCStack - Powerful Simplicity. Network Virtualization for Today's Business

Solutions Guide. Education Networks

A Coordinated. Enterprise Networks Software Defined. and Application Fluent Programmable Networks

configure WAN load balancing

How To Configure Some Basic OSPF Routing Scenarios. Introduction. Technical Guide. List of terms

SOFTWARE-DEFINED NETWORKS

Junos Space Virtual Control

How To Use An At9924 For A Long Distance Connection On A Powerline On A Ppltd Network (Powerline) On A Superfast Network (Networking) On An At 9924 (Powerplt) On The P

Wedge Networks: Transparent Service Insertion in SDNs Using OpenFlow

IP Security and Surveillance Allied Telesis Enhanced IP Camera Video Surveillance Solutions

Configure Policy-based Routing

Software-Defined Networks Powered by VellOS

Allied Telesis provide virtual customer networks

Realizing the True Potential of Software-Defined Storage

Solution Network Virtualization. Allied Telesis - delivering value with Network Virtualization

Out-of-Band Security Solution // Solutions Overview

SDN and NFV in the WAN

Case Study 1i Limited. 1i and Allied Telesis supply TV distribution system to luxury properties in the Algarve, Portugal

Solution Profile. i-net Infrastructure

AlliedWare Plus OS How To Use sflow in a Network

Testing Challenges for Modern Networks Built Using SDN and OpenFlow

Solution Profile. Branch in a Box

Extreme Networks CoreFlow2 Technology TECHNOLOGY STRATEGY BRIEF

Networks that know data center automation

Virtual CPE and Software Defined Networking

Dallas Medical Center

SDN Architecture Overview. Version 1.1 November, 2014 ONF TR-504

Simplifying Data Data Center Center Network Management Leveraging SDN SDN

Leveraging SDN and NFV in the WAN

Whitepaper Unified Visibility Fabric A New Approach to Visibility

National Hospital Organization Chiba Medical Center

SDN in the Campus LAN Offers Immediate Benefits

SINGLE-TOUCH ORCHESTRATION FOR PROVISIONING, END-TO-END VISIBILITY AND MORE CONTROL IN THE DATA CENTER

Facilitating a Holistic Virtualization Solution for the Data Center

Achieving Business Agility Through An Agile Data Center

SMART Considerations for Active Directory Migration. A Strategic View and Best Practices for Migrating the Corporate Directory

SECURITY POLICY MANAGEMENT ACROSS THE NEXT GENERATION DATA CENTER

Customer Benefits Through Automation with SDN and NFV

When SDN meets Mobility

SDN CENTRALIZED NETWORK COMMAND AND CONTROL

Business Case for NFV/SDN Programmable Networks

Simplifying Virtual Infrastructures: Ethernet Fabrics & IP Storage

SDN and FTTH Software defined networking for fiber networks

White Paper. SDN 101: An Introduction to Software Defined Networking. citrix.com

Tested Solution: Network Configuration and Inventory Management using Upgrade Manager

Network Virtualization Solutions - A Practical Solution

Product VioCall Express Connect. VioCall Express Connect VoIP Solution for SMB/SME Market

Christ s College, Canterbury New Zealand College network infrastructure updated with state-of-the-art Allied Telesis switching technology

Business Cases for Brocade Software-Defined Networking Use Cases

Cisco Unified Access Technology Overview: Converged Access

Boosting Business Agility through Software-defined Networking

WHITE PAPER. Data Center Fabrics. Why the Right Choice is so Important to Your Business

Virtualizing the SAN with Software Defined Storage Networks

How OpenFlow -Based SDN Transforms Private Cloud. ONF Solution Brief November 27, 2012

AlcAtel-lucent enterprise AnD sdnsquare sdn² network solution enabling highly efficient, volumetric, time-critical data transfer over ip networks

AlliedWare Plus NEXT-GENERATION FIREWALL OVERVIEW

Open SDN for Network Visibility

Virtualization, SDN and NFV

x900 Switch Access Requestor

5 Key Reasons to Migrate from Cisco ACE to F5 BIG-IP

8000 Intelligent Network Manager

How To Use An Ipad Wireless Network (Wi Fi) With An Ipa (Wired) And An Ipat (Wired Wireless) Network (Wired Wired) At The Same Time

Cloud Infrastructure Services for Service Providers VERYX TECHNOLOGIES

Configure WAN Load Balancing

This How To Note describes one possible basic VRRP configuration.

A Software-Defined WAN Is a Business Imperative

The Promise and the Reality of a Software Defined Data Center

OpenFlow -Enabled Cloud Backbone Networks Create Global Provider Data Centers. ONF Solution Brief November 14, 2012

The Ultimate WLAN Management and Security Solution for Large and Distributed Deployments

Data Sheet: Endpoint Security Symantec Network Access Control Comprehensive Endpoint Enforcement

The Financial Benefits of Using LiveAction Software for Network QoS

Software Defined Networking (SDN)

Software Defined Networking (SDN)

SDN Security Considerations in the Data Center. ONF Solution Brief October 8, 2013

Software Defined Networks Virtualized networks & SDN

Transcription:

White Paper A Migration Path to Software-Defined Networking (SDN) in an Enterprise Network Introduction Bringing software control into an Enterprise network does not have to be an abrupt overnight change. In fact, transitioning from a traditional network to one that is based on Software-Defined Networking (SDN), can, and should, occur in a gradual manner. There are a number of reasons why an abrupt transition to a completely software-defined network is extremely difficult to execute. For a start, the amount of planning that is required to ensure the continued operation of all current network services makes it prohibitively difficult there are innumerable details to consider and analyze, and too many unexpected behaviors to foresee. Testing the new solution is also problematic. It is not possible to pre-test the whole system, as that would mean setting up an entire parallel data network. It is only feasible to test limited subsets of the network. Furthermore, the logistics of completing a network cutover to SDN in an acceptable outage window are extremely challenging. The reality is that migrating to a software-defined network is necessarily a progressive process, which should occur in a series of steps, each of which addresses a particular need. Contents Introduction... 1 Why change to SDN?... 2 Cost reduction... 2 Increased flexibility... 2 Greater security... 3 Improved user experience... 3 A three-phase process... 3 Phase 1: unified management... 3 Phase 2 OpenFlow hybrid... 4 Phase 3 optimum deployment of SDN... 4 Secure Enterprise SDN a real SDN solution for the Enterprise... 4 Delivering the goals of Enterprise SDN... 5 About Allied Telesis, Inc... 6 alliedtelesis.com

Why change to SDN? The data network is a tool of the Enterprise, and the only reason for altering the operation of the network is to make it a tool that better serves the Enterprise. Putting time and money into reworking the network, simply to make it a different-looking network without any added value, is pointless. The starting point of this transition is to identify the ways in which the business expects to get more value from its new, softwaredefined data network. The major benefits of introducing software control into the network are: Cost reduction ۼۼ Increased flexibility ۼۼ Greater security ۼۼ Improved user experience ۼۼ These benefits are explained in more detail in the following sections. Cost reduction Network operating costs can be reduced in two main ways: simplifying complex tasks, and automating routine tasks. Clever software is the key to achieving both. Software assistance simplifies complex tasks such as: Troubleshooting problems ۼۼ Bulk reconfiguration ۼۼ Predicting resource contention ۼۼ Unifying the network under software control enables the reliable automation of routine activities, such as: Configuration backups ۼۼ Software upgrades ۼۼ Replacing faulty units ۼۼ Reducing the amount of time that needs to be spent on these activities enables IT engineers to use their valuable hours performing more skilled tasks. Increased flexibility Mobility, convergence, and the proliferation of applications have all rapidly increased the number of capabilities that are now expected of an Enterprise network. These new capabilities must be delivered, and in a manner that conforms to organizational policies. As a result, today s networks must operate in an increasingly agile manner which takes into account a large number of factors including user identity, application content, device context and usage policies. Gaining consistent levels of content awareness and dynamic behavior across the entire network would require capabilities that network nodes typically do not possess. Centralizing content awareness, context awareness and decision making, and then pushing instructions out to the network nodes, is the most practicable means of achieving the required dynamic behavior throughout a network. 2 Migrating Path to SDN in an Enterprise Network alliedtelesis.com

Greater security A strong trend in advanced persistent threats is the installing of a Trojan horse application into the network. This Trojan will perform actions within the network, and may only very infrequently communicate with hosts outside the network. Hence, threat protection systems that only monitor data exchanged with the Internet, will often miss the signs of a Trojan having been installed within the network, or will pick up the signs too late. Effective security increasingly needs to monitor activity within the network, and be able to react swiftly when suspicious activity is detected. Again, the data analysis and decision making capabilities required for accurate threat protection are beyond the means of most network nodes, and so must be centrally provided. Centralized protection software can instruct network nodes to block the sources of suspicious traffic as it is detected. Improved user experience Increased flexibility, responsiveness and threat protection, together with reduced downtime, all add up to an improved user experience. The majority of users give very little thought to the network infrastructure except when it malfunctions. What users want is highperformance access to their services and applications, when and where they need it. The best way to provide this experience is to optimize the network behavior, by means of responsive intelligent control. A three-phase process Gaining software control is a three-phase process: Phase 1: unified management ۼۼ Phase 2: OpenFlow hybrid ۼۼ Phase 3: optimum SDN deployment ۼۼ Each phase is described in more detail in the following sections. Phase 1: unified management The first step towards bringing software control into a network is to unify the management of the network, so that it can be managed as a single entity. Allied Telesis unifies network management with Allied Telesis Management Framework (AMF), which embeds an intelligent management framework into a network. AMF provides: Automatic creation of a management communication path throughout the network ۼۼ Automation of routine tasks such as backups, software upgrades and device health-checking ۼۼ Zero-touch replacement of failed units, and provisioning of new network nodes ۼۼ Simultaneous configuration of multiple network nodes ۼۼ Collection of troubleshooting information from multiple nodes concurrently ۼۼ These facilities achieve the bulk of the cost-reduction needs when transitioning to a software-controlled network. Furthermore, AMF facilitates the introduction of control applications. The ability to configure multiple nodes simultaneously is a key enabler of event-based network control applications. Such programs can easily alter filters, QoS settings, VLAN parameters or routing policies across the whole network, based on such factors as time of day, server load, sustained WAN congestion, and many more. Migrating Path to SDN in an Enterprise Network 3

Introducing AMF into an existing network is straightforward it simply requires a few configuration commands on each device. Importantly, AMF can operate in a mixed-vendor network. AMF connections can be tunneled across non-amf-capable networks, thereby enabling it to be extended across the Internet or other WAN service. This is a low-impact first step, which yields a high return in cost savings and centralized network control. Phase 2: OpenFlow hybrid Whilst AMF provides unified network management, the key to direct programmatic control of network data flows is OpenFlow. OpenFlow is an open-standards interface that allows fine-grained control over how a network device forwards or drops data streams. Once OpenFlow is enabled on network nodes, detailed programmatic control becomes possible. Fortunately, OpenFlow can be brought into a network in a staged fashion. A network can operate quite successfully for an extended period in a hybrid OpenFlow mode. The hybrid mode can apply to the network as a whole, in a situation where some nodes in the network support OpenFlow while others don t. Furthermore, nodes themselves can operate in hybrid mode, whereby some ports or VLANs are controlled by OpenFlow and some are not. So, for example, OpenFlow can be introduced on a set of edge switches maybe those in a particular department and perhaps even on just some ports of those switches. In this way, software for network control can be trialed on a subset of users. These users data can then be controlled by centralized software applications. For instance, the policy routing and bandwidth limits applied to their data streams can be controlled by instructions from the centralized software, rather than by static configuration on the switches. The performance of this new mode of operation, and its ability to apply finer control based on network conditions, can then be evaluated and optimized. The hybrid mode of operation provides a suitable environment in which to determine which SDN applications truly add value to the organization, and which are of limited, or no benefit. Phase 3: optimum SDN deployment The transition from a hybrid network to a completely software-defined network may be very gradual, or may in fact never be complete. The deployment of SDN may only provide distinct benefit in certain sections of the network, and not be extended to other sectors. On the other hand, in some networks, the benefits of SDN are so clear that it is quickly deployed to the whole network. Whatever the case, the peaceful coexistence of traditional and software-defined networking means that the optimum level of SDN in the network can be discovered over time, and regularly reviewed as the technology develops. 4 Migrating Path to SDN in an Enterprise Network alliedtelesis.com

Secure Enterprise SDN a real SDN solution for the Enterprise Allied Telesis have created a true, practical, Enterprise SDN solution, called Secure Enterprise SDN. The elements of this solution are: AMF, to provide unified network management ۼۼ OpenFlow, to provide an open-standards control interface to the networking nodes ۼۼ Secure Enterprise SDN Controller (SESC) Allied Telesis Openflow controller ۼۼ Security, mobility and user/device management applications ۼۼ This solution can be implemented in the multi-phase manner described above, pausing at any step along the way, or can be taken quickly through to a completely SDN-controlled network. Irrespective of the extent to which the network is transferred to SDN control, the solution is an effective framework within which to bring SDN into the network. The policies applied to groups of users can be defined in an HR-facing application, and back-end software converts these policies into instructions which are delivered, via the SDN controller, to individual network nodes. The network recognizes the identities of connected users and dynamically applies access restrictions, service levels, and device usage permissions, based on user profiles defined in the HR application. Device security postures defined as high-level policies are applied in a granular fashion to each connected device, and nonconformant devices are automatically quarantined. Rules for the use of mobile devices are applied as filters that block certain traffic to/from mobile devices, and as disconnection of devices being operated outside of allowed locations. Traffic security is applied at the heart of the network, immediately recognizing threat-related traffic, and rapidly disconnecting the source device from the network. Delivering the goals of Enterprise SDN The SES solution delivers the expected benefits of SDN in the Enterprise, by Using software to translate business rules into network control, rather than requiring IT staff to perform that translation, and ۼۼ manually implement it as network node configuration commands. Ensuring unfailing security scanning of connected devices, and rapid, automated response to security threats detected in the ۼۼ network. costs. Reducing the time spent on network control and configuration thereby reducing network operating ۼۼ experience. Providing users with a consistent, reliable network ۼۼ Conclusion Transitioning from a traditional network to one that is based on SDN can, and should, occur in a gradual manner. The migration to a software-defined network should ideally be a three-phase process, in which each step towards gaining software control addresses a need, and thus provides a benefit. Managing the migration in this way avoids potential problems, issues and outages, and allows the network to meet the major benefits of introducing software control - cost reduction, increased flexibility, greater security, and an improved user experience. Migrating Path to SDN in an Enterprise Network 5

About Allied Telesis, Inc. For nearly 30 years, Allied Telesis has been delivering reliable, intelligent connectivity for everything from Enterprise organizations to complex, critical infrastructure projects around the globe. In a world moving toward Smart Cities and the Internet of Things, networks must evolve rapidly to meet new challenges. Allied Telesis smart technologies, such as Allied Telesis Management Framework (AMF) and Enterprise SDN, ensure that network evolution can keep pace, and deliver efficient and secure solutions for people, organizations, and things both now and into the future. Allied Telesis is recognized for innovating the way in which services and applications are delivered and managed, resulting in increased value and lower operating costs. Visit us online at alliedtelesis.com North America Headquarters 19800 North Creek Parkway Suite 100 Bothell WA 98011 USA T: +1 800 424 4284 F: +1 425 481 3895 Asia-Pacific Headquarters 11 Tai Seng Link Singapore 534182 T: +65 6383 3832 F: +65 6383 3830 EMEA & CSA Operations Incheonweg 7 1437 EK Rozenburg The Netherlands T: +31 20 7950020 F: +31 20 7950021 alliedtelesis.com 2016 Allied Telesis, Inc. All rights reserved. Information in this document is subject to change without notice. All company names, logos, and product designs that are trademarks or registered trademarks are the property of their respective owners. C613-08035-00 RevA

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information