SDN proponents often tout the benefit of automation, specifically the term “automated provisioning.” But what does this mean exactly? We often limit our concept of provisioning to the creation and implementation of some sort of device. Actual provisioning of a device includes not only the virtual machine or hardware block, but the services, protocols and security policies required to integrate that device with the network. Take the example of the provisioning of a new virtual server. The server not only requires data, network and CPU resources, but requires an IP address, a DNS registration and endpoint security protection to start with.
SDN isn’t about devices though, it’s about applications. SDN doesn’t create applications, it creates and deploys the network configurations that support these applications in rapid fashion. Traditionally, application deployment was everything but rapid due to the lack of cohesion between apps and infrastructure. Networks have depended on human middleware to manually perform intricate configuration processes to provision boxes, many times using the command line interface (CLI), an interface process that hasn’t changed for decades. What companies have been clamoring for is a new model that automates and merges virtual and physical infrastructure together. The reason is simple. Outside of the IT department, boxes are an expense and outflow, offering no value to the bottom line of the organization. Applications are what add value to an organization. The faster these applications can be deployed, the sooner the time to value can be achieved.
TIME IS MONEY FOR ENTERPRISE APPLICATIONS
The term ‘application’ can be misleading as we often think of a single application that resides on our personal device. Enterprise applications are usually far more complicated. A web application for instance is many times composed of three tiers:
- Web tier (where the users connect to a web server)
- Application tier (which may reside on the web server or another server)
- Backend tier (which usually hosts some type of database in which the application integrates)
As mentioned, each of these web component devices will need IP addresses, DNS records and possible NAT assignments. On top of this, the application traffic may require a separate VLAN throughout the switch network along with QoS assignments. Routers may have to have access control lists and routing tables may be modified as well. Traditionally, this type of undertaking within a large enterprise could consume weeks if not months and in today’s global hyper competitive economy, time is money.
It’s not just the dynamic implementation of new applications that needs to be automated, but the decommissioning of applications as well. Application specific VLANs and routing entries need to be erased from the devices they were robotically created on in the first place, minimizing the footprint of these devices in order to maximize both security and performance. To sum it up, enterprise infrastructures must become application aware and more agile to support dynamic application instantiation and removal.
Imagine the following scenario for the implementation of a highly complex enterprise application such as an ERP system. Relying on your IT staff to configure the network for such a mammoth software implementation would be highly time consuming and hiring an outside consulting team would be expensive. But what if the application vendor provided you with an SDN ready configuration that could simply be pushed out onto all of your data plane devices? Imagine how much time and money that would save. Believe it or not, this scenario is completely plausible with SDN solutions that are readily available today such as Cisco ACI.
STREAMLINE THE APPLICATION DEPLOYMENT PROCESS WITH CISCO ACI
Cisco ACI stands for Application Centric Infrastructure. Automation is built from the ground up with Cisco ACI. Their design efforts were directed under a mandate of simplicity and as a result, Cisco developed a fresh approach to networking that completely streamlines the application deployment process.
At the core of ACI is the Application Policy Infrastructure Controller or APIC. The APIC is a centralized clustered controller that provides the programmability and centralized management that in term governs the network fabric in order to provide an optimized ecosystem for desired applications. Underneath the APIC lies a simple two tiered switch architecture rather than the traditional three-layer system embraced by traditional networks. Though well suited for the traditional client-server traffic of yesteryear, the traditional 3-layer switch design is poorly suited for the east-west traffic flow patterns that are typical of today’s data center.
Cisco’s two layered approach, referred to as a leaf-and-spine architecture, creates a redundant and highly efficient mesh fabric that allows for nearly unlimited scalability. Spine switches are the core devices, but instead of being a large, chassis-based switching platforms (as is characteristic of traditional core switches), the spine is composed of many high-throughput Layer 3 switches with high port density. Leaf switches make up the access layer; providing network connection points for servers, as well as uplink to the spine switches.
The real genius of ACI lies in what Cisco refers to as the Network Application Profiles which they describe as an automated deployed cisco validation design. The NAP contains all of the configuration information required by the app for the supporting network devices such as VLAN, ACL and firewall settings. Essentially the application network profile is the end to end connectivity and policy requirements for an application. Once created, the NAP can be deployed within minutes. What’s more, complicated application vendors can simply supply you a preconfigured NAP as part of your application package. Implementation can be completed the day of purchase.
IT’S ABOUT THE VALUE ADD
It is totally possible that SDN will be for the IT industry what the assembly line proved to be for the automotive industry. Prior to the assembly line, the provisioning of an automobile was completely unscalable due to the inhibiting manual intensive process. As a result, it was beyond reproach for all but the wealthiest of consumers. The assembly line streamlined the provisioning process to such a degree that this invaluable product became affordable for the common man.
SDN has the potential to impact application deployments in similar fashion as value added apps can be deployed within hours if not minutes. By eliminating these labor intensive configuration practices, your IT staff can concentrate on strategic value added projects that may ensue in the fruition of new applications that will bring additional compound worth to the organization.
