What is a Software Defined Datacenter (SDDC)? The new wave in technology is to virtualize much more than just servers, which we have been doing for years now. Switching, routing, firewall, VPN, QoS, Load Balancing and other security edge technologies are all being virtualized.
Several companies are launching SDDC initiatives, including the ones we highlight here: VMware and Cisco.
In 2012, VMware acquired Nicira and was able to incorporate their network virtualization technology and launch NSX, their network virtualization platform. NSX is like a network hypervisor that overlays the ESX hypervisor layer. Distributed virtual switch, firewall and load balancer capabilities are all controlled by the NSX manager but not dependent. If the NSX manager would be down, no traffic would be stopped. No new rules or appliances could be created until it was restored. Automated provisioning is achieved with vRealize Orchestrator to make provisioning of network resources almost as easy as spinning up a VM from a template. The physical network can be bridged and Virtual Extensible LANS (VXLANS ) are used to carry the traffic over the physical VLANS.
All of this is to get security closer to the guest VM. As the security and firewall rules are applied, they stay with the guest VM whether it travels to a new host in the cluster, another datacenter in our environment or to the cloud.
This also cuts down on traffic out to your physical routers and firewalls. Handled all inside the virtual ecosystem, you can provide security not just north to south but east to west as well. That is micro-segmentation which lets you apply policies down to the VNIC’s (Virtual Network Interface Card) to isolate workloads in the datacenter like never before.
Network micro-segmentation is the ability to establish granular layer 2 network segments. For example, adding the app, database and web VNICs in a firewall rule to allow traffic. This would have been nearly impossible before network virtualization due to the sheer volume of internal traffic. Now we can isolate internal traffic, limiting the threat points if one VM is compromised.
Move forward with your current infrastructure choices by leveraging VMware’s large, proven ecosystem of partners to eliminate hardware lock-in with the broadest choice of server vendors. Continue to use your preferred third party software for data protection, file services and more.
Cisco ACI (Application Centric Infrastructure)
Cisco’s ACI is a policy-based architecture that automates security, management and visibility while provisioning network, storage and compute resources based on application policy profiles. The main benefits are to reduce operating costs and accelerate application delivery, thus increasing IT agility. This works in both physical and virtual environments, including multi-hypervisor.
At its core is an Application Policy Infrastructure Controller cluster. This is the central point for automation, policy enforcement, network and application health monitoring and management. It manages to do all of this while being out of the data path. If the cluster should be off-line, data still flows; just no new policies or updates could occur. From a physical switch standpoint, the Nexus 9000 series will offer ACI mode models that will require a license to connect to ACI.
While Both VMware’s and Cisco’s solution are similar, they are different enough to also complement each other.
At CSB, we understand the balance it takes IT Managers to walk the line between security and speed. Everyone today knows the need for security to protect patient information, company files, employee files, credit card information, etc., but we don’t want to compromise the speed at which we do business. Enter SDDC! CSB has two engineers with VCP-NV certification, and can help your company protect itself, improve your business practices and not compromise your work speed. Contact us today at firstname.lastname@example.org or 717-689-3990.