Traditional vs Software Defined Networking

Similar documents
1.1.1 Introduction to Cloud Computing

TECHNICAL WHITEPAPER. Author: Tom Kistner, Chief Software Architect. Table of Contents

Embracing Microsoft Vista for Enhanced Network Security

BYOD Networks for Kommuner

A Mock RFI for a SD-WAN

Lecture 02b Cloud Computing II

Network Design Best Practices for Deploying WLAN Switches

Information Security Services

EVOLVING ENTERPRISE NETWORKS WITH SPB-M APPLICATION NOTE

SolarWinds Log & Event Manager

The evolution of data connectivity

Business Phone Systems. Managed IT Services

SAFE-T RSACCESS REPLACEMENT FOR MICROSOFT FOREFRONT UNIFIED ACCESS GATEWAY (UAG)

VPN. Date: 4/15/2004 By: Heena Patel

ForeScout CounterACT. Device Host and Detection Methods. Technology Brief

The new edge of the network: Preparing your network for the consumerization of IT. Geoff Mattie Global Solutions Architect Dell Inc.

Database Security, Virtualization and Cloud Computing

CounterACT Plugin Configuration Guide for ForeScout Mobile Integration Module MaaS360 Version ForeScout Mobile

Symantec Client Management Suite 8.0

Trademark Notice. General Disclaimer

A Look at the New Converged Data Center

Secure WiFi Access in Schools and Educational Institutions. WPA2 / 802.1X and Captive Portal based Access Security

Robust security is a requirement for many companies deploying a wireless network. However, creating a secure wireless network has often been

Password Management Evaluation Guide for Businesses

Penetration Testing //Vulnerability Assessment //Remedy

Alcatel-Lucent Services

Industrial Network Security for SCADA, Automation, Process Control and PLC Systems. Contents. 1 An Introduction to Industrial Network Security 1

Software Defined Networking (SDN)

Identity & Access Management in the Cloud: Fewer passwords, more productivity

White paper Contents

Optimizing Service Levels in Public Cloud Deployments

This section will focus on basic operation of the interface including pan/tilt, video, audio, etc.

THE BLUENOSE SECURITY FRAMEWORK

AT&T. ip vpn portfolio. integrated. IP VPN solutions. for the enterprise. Communication Systems International Incorporated

WHITE PAPER SPLUNK SOFTWARE AS A SIEM

software networking Jithesh TJ, Santhosh Karipur QuEST Global

Solution Brief. Aerohive and OpenDNS. Advanced Network Security for Retail Stores

Cloud Management. Overview. Cloud Managed Networks

Open networks: Turning the vision into reality

Network Virtualization Solutions - A Practical Solution

Network Virtualization Network Admission Control Deployment Guide

Delivering Managed Services Using Next Generation Branch Architectures

Automated Firewall Change Management. Ensure continuous compliance and reduce risk with secure change management workflows

New ways to a secure IT Management

Secure Networks for Process Control

Cisco Advanced Malware Protection for Endpoints

CIP- 005 R2: Understanding the Security Requirements for Secure Remote Access to the Bulk Energy System

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. Chapter 5 Firewall Planning and Design

Multi- Path Networking Is a Key to Maximizing Cloud Value

The Payment Card Industry (PCI) Data Security Standards (DSS) v1.2 Requirements:

Table of Contents. Application Vulnerability Trends Report Introduction. 99% of Tested Applications Have Vulnerabilities

2016 Firewall Management Trends Report

EMC Data Domain Boost and Dynamic Interface Groups

Software-defined networking

Datasheet FUJITSU Cloud Monitoring Service

ADDING NETWORK INTELLIGENCE TO VULNERABILITY MANAGEMENT

G DATA TechPaper #0275. G DATA Network Monitoring

STRATEGIC WHITE PAPER. Securing cloud environments with Nuage Networks VSP: Policy-based security automation and microsegmentation overview

Securing Virtual Applications and Servers

Windows Server 2003 migration: Your three-phase action plan to reach the finish line

Highly Available Unified Communication Services with Microsoft Lync Server 2013 and Radware s Application Delivery Solution

Introduction to Software Defined Networking (SDN) and how it will change the inside of your DataCentre

The Economics of Cisco s nlight Multilayer Control Plane Architecture

PLUMgrid Toolbox: Tools to Install, Operate and Monitor Your Virtual Network Infrastructure

Is Your Identity Management Program Protecting Your Federal Systems?

EVALUATING INDUSTRIAL ETHERNET

The Network and The Cloud: Addressing Security And Performance. How Your Enterprise is Impacted Today and Tomorrow

Wireless Local Area Networks (WLANs)

VitalQIP DNS/DHCP & IP Address Management Software and Appliance Solution

Optimizing and Securing an Industrial DCS with VMware

How To Create An Intelligent Infrastructure Solution

Leveraging SDN and NFV in the WAN

Virtualization, SDN and NFV

Software-Defined Networking for the Data Center. Dr. Peer Hasselmeyer NEC Laboratories Europe

Avaya Fabric Attach. avaya.com 1. Table of Contents. Fabric Attach the Ecosystem and Solution

Smarter wireless networks

SDN and NFV in the WAN

F5 BIG DDoS Umbrella. Configuration Guide

IP SAN Fundamentals: An Introduction to IP SANs and iscsi

GMI CLOUD SERVICES. GMI Business Services To Be Migrated: Deployment, Migration, Security, Management

WHITEPAPER. SECUREAUTH 2-FACTOR AS A SERVICE 2FaaS

Securing the Journey to the Private Cloud. Dominique Dessy RSA, the Security Division of EMC

Compliance Guide ISO Compliance Guide. September Contents. Introduction 1. Detailed Controls Mapping 2.

Intrusion Detection and Cyber Security Monitoring of SCADA and DCS Networks

VIA COLLAGE Deployment Guide

How WAN Design Needs to Change

White Paper. What is an Identity Provider, and Why Should My Organization Become One?

Georgia College & State University

Data Center Migration Lift and Shift Use Case Scenario

White Paper. Anywhere, Any Device File Access with IT in Control. Enterprise File Serving 2.0

Verizon Managed SD WAN with Cisco IWAN. October 28, 2015

SCADA SYSTEMS AND SECURITY WHITEPAPER

Microsoft Azure Multi-Factor authentication. (Concept Overview Part 1)

Alfresco Enterprise on Azure: Reference Architecture. September 2014

Cortado Corporate Server

DMZ Virtualization Using VMware vsphere 4 and the Cisco Nexus 1000V Virtual Switch

Meeting the Five Key Needs of Next-Generation Cloud Computing Networks with 10 GbE

Testing Software Defined Network (SDN) For Data Center and Cloud VERYX TECHNOLOGIES

CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL

Netwrix Auditor for SQL Server

Transcription:

Traditional vs Software Defined Networking

Why a new perspective on network management is inevitable IT industry has enjoyed innovation such as virtualization in computing and storage. The end is nowhere in sight: technology will continue to evolve in years to come. On the contrary, networking has experienced limited innovation over the past 20 years. This stagnation has led to overly complex and inflexible networks no longer meeting current business requirements. In this white paper, we ll describe: 1) The basics of traditional networking technologies 2) Why there is need for a new perspective on network management 3) Software Defined Networking - the basics & expected benefits 4) What to look for in a SDN solution Today, business and technical network requirements include enhancing performance and realizing broader connectivity. Companies have to meet more and more industry-specific security regulations and there is a growing demand for mobility. In order to comply with all of these criteria, networking protocols have evolved significantly over the last few decades. However, the way traditional networks are set up, deploying one protocol to realize these needs organization-wide is quite the challenge. Traditional network configuration The traditional approach to networking is characterized by two main factors: 1) Network functionality is mainly implemented in a dedicated appliance. In this case, dedicated appliance refers to one or multiple switches, routers and/or application delivery controllers. 2) Most functionality within this appliance is implemented in dedicated hardware. An Application Specific Integrated Circuit (or: ASIC) is often used for this purpose. Organizations are increasingly confronted with the limitations that accompany this hardware-centric approach, such as: Traditional configuration is time-consuming and error-prone Many steps are needed when an IT administrator needs to add or remove a single device in a traditional network. First, he will have to manually configure multiple devices (switches, routers, firewalls) on a device-by-device basis (see figure 1). The next step is using device-level management tools to update numerous configuration settings, such as ACLs, VLANs and Quality of Service. This configuration approach makes it that much more complex for an administrator to deploy a 2

consistent set of policies. As a result, organizations are more likely to encounter security breaches, non-compliance with implications. Conclusion: the highly administrative hassle that is traditional configuration interferes with meeting business networking standards. Multi-vendor environments require a high level of expertise The average organization owns a variety of equipment of different vendors. To successfully complete a configuration, an administrator will therefore need extensive knowledge of all present device types. Traditional architectures complicate network segmentation A development further complicating networking matters, is the connectivity evolution that is currently taking place. In addition to tablets, PCs and smartphones, other devices such as alarm systems and security cameras will soon be linked to the internet. The predicted explosion of smart devices is accompanied by a new challenge for organizations: how to incorporate all these devices of different vendors within their network in a safe and structured manner. Many traditional networks place all types of devices in the same zone. In case of a compromised device, this design risks giving external parties access to the entire network. This can be hackers exploiting the internet connection of smart devices or vendors who can remotely log onto their devices. In both cases, there is no apparent reason for giving them access to all network components. However, the administrative hassle described earlier makes network segmentation a complex process and quickly leads to network clutter. In conclusion, to overcome these and other traditional networking limitations, the time has come to introduce a new perspective on network management. Embracing change: Software Defined Networking Networking Software Defined Networking (SDN) is rapidly becoming the new buzzword in the networking business. Expectations are that this emerging technology will play an important role in overcoming the limitations associated with traditional networking. But what exactly is SDN? Even though a universally agreed upon definition for SDN has not yet been formulated, decoupling hardware from software is often mentioned when this topic comes up. This concerns the two network device planes, i.e.: 1) The plane that determines where to send traffic (control plane) 2) The plane that executes these decisions and forwards traffic (data plane) Decoupling these two planes involves leaving the data plane with network hardware and moving the control plane into a software layer. By abstracting the network from the hardware, policies no longer have to be executed on the hardware itself. Instead, the use of a centralized software application functioning as the control plane makes network virtualization possible. This process is similar to server virtualization: Server virtualization The process of creating various VMs (virtual machines) and decoupling them from physical servers. 3

Network virtualization The process of creating virtual networks which are decoupled from physical network components. SDN Business Benefits Software Defined Networking is expected to have several business benefits, including: More configuration accuracy, consistency and flexibility As described earlier, traditional networking requires configurations to be executed on a manual, deviceby- device basis. A key characteristic of the SDN approach, is automating this process, enabling an administrator to manage the entire network as if it were a single device (see figure 2). In addition to increasing configuration accuracy and consistency, this method also boosts a networks responsiveness. In case network conditions change, an administrator can adjust existing configurations much quicker. Data flow optimization A second expected business benefit of the SDN approach, is the optimization of data flows. Instead of having a single path from the source of communication flow to its destination, a SDN controller is able to identify multiple paths per flow. Furthermore, this approach allows the flow s traffic to be split across multiple nodes. Network performance and scalability is enhanced by optimizing the network path for a particular data flow based on the source and destination nodes 1. What to look for in a SDN solution Given that SDN solutions are a relatively new product category, it can be difficult to find indicators to evaluate whether the solution fits your organizational needs. Therefore, we have formulated four focus points that should be taken into account when choosing a suitable SDN solution. In addition, we described how SDN solution Ocedo handles these points. Ocedo is an up-and-coming Secure Automated Networking solution that offers the advantages of SDN. 1. Integration A SDN solution should be able to play nicely with your current network, meaning it should integrate seamlessly into existing setups. Ocedo accomplishes enterprise integration by offering the following functionalities: Hardware Instead of coercing third-party hardware into playing with the controller, Ocedo offers their own gateways, switches, and access points. These integrate seamlessly into existing setups, no matter if you want to only deploy a couple of Wi-Fi access points or use the complete solution. Directory Services The Ocedo System allows syncing Users and selected User Groups from Active Directory and Google Apps directory services. User credentials are not queried by or stored in the Ocedo Controller. In case of an on-premise Active Directory installation, the connection to the 4

domain controller can be securely made through any deployed Ocedo appliance, without the need for firewall rules or exposing the AD to the internet. 2. Visibility & reporting Despite of the many advantages SDN has to offer, the success of this technology is inextricably linked to the degree of network visibility. Before, it was only possible to get insight in individual components or stand-alone logging information. A suitable SDN solution should correlate data and combine previous individual reporting in a logical manner, giving an administrator a clear overview of all network activity. Ocedo tracks and reports network activity across the whole enterprise network. Features include: Device visibility Ocedo keeps track of all known devices on your network, the users or groups associated with them, their most recent location, as well as the quality of their Wifi experience. Unknown detected devices are shown with available OS, vendor and owner information, if available. The Ocedo System keeps track of IP addresses used by devices. Current device location and connection information is also shown. Device traffic activity can be tracked in Traffic reporting. Events & alerts Next to device visibility, the Ocedo System offers continuous automatic monitoring and alerting/ notification on network events. The event log offers live updates on changes in the network status, as well as an ongoing audit trail for configuration changes. Traffic reporting Traffic reporting enables a full view on all generated internal and external traffic, filtered by user, site and date/time. Reporting uses the same Application Groups, Applications and web categories as the policy engine, so the reported results can directly be converted to policy rules if needed. Security What a SDN solution has to offer in terms of security measures should not be overlooked. For instance, does the solution provide high quality filters? Can an administrator easily isolate one network component from another? What type of authentication functionalities does the solution offer? The Ocedo system contains several security measures, including: Network Zoning Administrators can easily create different zones for different device or user groups. These isolated zones provide extra layers of protection to the entire network. If a device gets hacked, an intruder does not get immediate access to the complete network. Instead, the leak is confined to one zone. It is possible to assign accessing clients to different network zones. This can either be done with AD through the RADIUS/NPS server, or by setting tags on Zones and User Groups or Users. SSID & authentication (Wifi) The Ocedo System supports defining WPA SSIDs with password as well as enterprise authentication against RADIUS /NPS servers. 5

Live Threat Protection Connectivity to hundreds of botnets or otherwise infested servers known to be in the w i l d i s blocked by the network. Port Security Only known and allowed devices get network access. Authentication through MAC learning or 802.1x. Onpremise hosting In some cases, security policies include specific hosting requirements. Ocedo s cloud console is hosted in Ocedo s own data center, but can also be hosted on partner or customer premises. Reliable connectivity Finally, it is important to evaluate what measures a SDN solution offers to assure a reliable connection at all times. This can be examined by formulating different connectivity scenario s. For instance, many SDN controllers are cloud-based. Therefore, it s important to choose a solution with a data plane that is always fully operational, even when the cloud connection is temporarily down. Another aspect worth evaluating is the way internal and external traffic is distributed. In terms of connectivity, the Ocedo concept contains several functionalities, including: Offline measures Executed configurations always remain active, since they run locally. So even if the cloud connection encounters some down-time, the Ocedo system does not. Also, all reporting is stored until the cloud controller is up and running again. Uplink Balancing Internet and WAN traffic is intelligently balanced across multiple providers, increasing bandwidth and reliability. Traffic Priorization State of the art Quality of Service (QoS) algorithms prioritize network users and applications, e.g. video conferencing. Conclusion SDN is an emerging technology that is likely to revolutionize traditional networking business. By embracing network automation, organizations will save a tremendous amount of time and significantly improve a network s flexibility. How do you prepare for this transition? Extensively evaluating which solution meets your business needs best in terms of integration, visibility & reporting, security and reliability is an important first step. Taking enough time to do this thoroughly will be an investment worthwile to prepare for this inevitable networking transition. 6

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information