CIOs considering SDN have a lot to think about. What changes will it bring, what are its use cases and business benefits, and what challenges does it create?
No concept has captured the networking world's imagination in recent years quite as much as software defined networking. Companies of all stripes, from major names like Cisco to startups like PLUMgrid, are pushing an array of SDN visions. It's an exciting time. But what concrete value can SDN bring to businesses? And how might it transform the data center and the IT department?
In a recent interview with Enterprise Networking Planet, Steve Shah, senior director of product management for the NetScaler Product Group at cloud, virtualization, and networking vendor Citrix, discussed the potential of software defined networking and what CIOs need to know as they transition into the software-defined future. Shah has been in the Application Delivery Controller (ADC) market for fourteen years, and "at the forefront of the transition to virtualized data centers now for about 4 years, since we introduced a virtualized product," he said, giving him a clear view of the revolution happening in the data center.
DevOps demands network virtualization
Like some others in the space, Shah sees the programmability of software-defined networks as tied to the rise of DevOps. To understand the importance of this, he said, one must step back and look at the virtualization story as a whole. Server virtualization attracted businesses looking to gain additional business agility within their data centers. That led to the concept of DevOps, and DevOps offers major benefits to IT.
"As everything becomes software and you can move it from anywhere to anywhere within the data center, you can make the whole process highly programmable. And if you automate those steps, you can transform the way you do IT infrastructure," Shah said. Rather than needing someone to physically pull out, re-rack, and stack hardware on the data center floor, virtualization enables IT departments to simply move virtual infrastructure around as needed from their desks by writing software. But servers aren't the end of the story. In fact, they're only half of the story, according to Shah. Much of the power of DevOps lies in how it enables automation, and to Shah, automation and network virtualization go hand in hand. Without network virtualization, automation cannot do all that it promises.
"If I want to achieve that grand vision of moving infrastructure around within my data center, I quickly realize that while it's great that my virtual machines can move around, if my network, my storage, and all the services I require to make an application work aren't virtualized as well, I can't go and have all of their pieces get automated too," he said. The scripts will eventually hit a wall and require a human to take over in the data center. Automation won't be able to fulfill its potential. But if network infrastructure becomes abstracted, it can achieve the level of programmability required to move to a highly automated, DevOps-oriented model that improves business flexibility and agility.
SDN and regulatory compliance
When asked to provide some use cases for SDN, Shah brought up regulatory compliance, an increasingly important—and complex—issue for many enterprises. Bringing in auditors to evaluate software for PCI compliance is extremely costly, he pointed out. Enterprises might decide to instead purchase equipment that gets them compliant. But to insert that equipment into a data center and integrate it with hundreds or thousands of applications could take hundreds of man-months and as long as a calendar year to complete. "It's a huge project that carries a lot of risks," Shah observed.
In a completely virtualized data center that leverages SDN, the process can be much shorter and easier, not to mention cheaper. "I can write a script that goes to each application and changes its rules to tell it that a service it needs to consume is this device that will provide PCI compliance. The rules of the network stitch in that compliance piece, and we can do that in a couple of days, test it, and roll it out in the course of two weeks, with a single software engineer driving most of the functionality," Shah said. Even if the process actually takes a little longer or requires a few more engineers than the scenario he described, the cost and time savings are still clear.
They hold true for HIPAA compliance as well. One of HIPAA's requirements, Shah said, is that all data be encrypted. "So as a business, maybe I have my HR systems that need to gain compliance. I could either get and move pieces of equipment that provide encryption into my network, or I could leverage that programmability, leave my infrastructure where it is, redefine what the virtual network looks like so that encryption equipment is now part of the network that's for the HR software, and have a script reconfigure all those settings to pull in that component and automatically stitch it into the flow of traffic," he said.
Being able to quickly integrate new devices into the network is key. In a physical network, the equipment needs to be placed in close physical proximity to whatever other gear it provides a service to. Cables need to be plugged in; boxes need to be configured. Firewalls and other adjacent infrastructure need to be taken into account and often reconfigured, too. "There are a lot of discrete steps that are all error-prone," Shah said. Scripts, on the other hand, can be tested and figured out as a single process and then applied to the production network in one go.
Next page: What SDN means for IT staffing, and what challenges CIOs must address
Photo courtesy of Shutterstock.
What SDN means for IT staffing
These major changes to enterprise IT processes will mean major changes to IT departments themselves, according to Shah. SDN won't kill networking jobs, but it will demand a change in skillsets as it shifts the balance of IT staff. Enterprises will need fewer junior-level employees for manual management of data center equipment and more senior-level DevOps staffers, who combine programming and IT backgrounds, he said.
These engineers don't need to know how to write operating systems, Shah clarified. "They're more oriented towards scripting, tool chains, basically the type of programming required in an IT context. And the drivers for these engineers and how they operate will really be around what the business requires and how they can optimize business operations." This new IT workforce will be well-positioned to help CIOs achieve greater business value for their organizations.
Related to the transition to DevOps will be the convergence of IT silos, which Shah predicted will "absolutely" happen.
"If I'm a CIO, what I have to worry about is this spiraling need of expertise across a variety of domains. I can't hire the super senior person across all these different domains. So I'm going to leverage somebody that can look over multiple domains and understand how to get them configured and up and running. This is where DevOps is transformational. I now get someone who's got deep expertise in automation scripts," he said. This person will be able to look at the end-to-end flow of data center operations and program the infrastructure to make it work.
Also key to SDN's impact on IT will be the greater ease of monitoring and maintenance that virtualized infrastructures can provide by virtue of their reporting abilities. "If I have everything existing in a manner that's exposable to software, I also have something that can be instrumented to give me a lot of readings," Shah said. Those readings can provide a comprehensive view of the health of the network, unified in a single dashboard for administrators' consumption. In addition, vendors can write their software to provide guidance on identifying and resolving problems, reducing the need for an expert to triage and diagnose the issue.
Current challenges of SDN
Before CIOs can achieve the changes SDN promises, however, they need to address some challenges. Top on the list of challenges, Shah said, is education. At this point, enterprise networks have had a solid two decades to evolve into their current state, and so have enterprise networking and IT departments. "There's a lot of legacy that we have to overcome. Getting the escape velocity is going to be tricky," he said. To overcome that legacy, Shah insists that CIOs learn everything they can about SDN. "There are no strong certification classes you can take around SDN or the surrounding technology yet—that will likely change in the next year or two, but it's still at a nascent stage," he said. In the absence of structured opportunities for SDN education, Shah recommends reading about SDN online and inviting vendors to discuss SDN solutions.
"There's a degree of cynicism whenever someone running a data center talks to a vendor, because a vendor obviously has an agenda, but it gives you a frame of reference," Shah said. Vendors can put the products you already have, and with which you are already familiar, in context and explain how their SDN offerings would change your data center. "At least at that point you can make an educated decision about whether that's the way you want it to go, and figure out your strategy based on that," he told me.
Closely tied to the problem of education is the change in tools that SDN will bring to the data center. "We've got a lot of tools and an intuitive understanding of our networks, and those will all change. We need to reexamine what our tool chain looks like and what kinds of things we need to successfully run a data center network," Shah said. Here, meeting with different vendors to understand what SDN solutions they offer, and how those solutions work, may also prove helpful.
Next page: SDN and virtualization vendors to watch
SDN and virtualization vendors to watch
Shah named a number of vendors he considers important to the space. Cloud networking provider Amazon Web Services has "set the bar in terms of automation. Everything is programmable and everything has an API, which is a fundamental shift to how things are built," Shah said. SoftLayer, recently acquired by IBM, "also gets automation," he added. Shah called Duke Skarda, SoftLayer's CTO, "a very bright guy who clearly articulates how crucial automation will be to next-gen data centers to fulfill the cost and agility targets that CIOs are looking for."
Shah also mentioned VMware, who "has a lot to say on the matter," and Juniper. "They don't quite have the market share [of Cisco], but they are making concrete steps in this direction, and what they're doing is going to be important," he said.
But the vendor that got Shah's highest acclaim was Cisco. "Given their market share for their infrastructure—everyone's got Cisco—watching what they do becomes important. They've already taken some steps in the space, and they're continuing to accelerate that pace," he said. He agrees with Cisco's Application Centric Infrastructure approach to software-defined networks. It is something that "resonated well for a lot of CIOs," Shah observed, since at the end of the day, the applications are the point of the data center.
No vendor should be taken off the table at this point, according to Shah. Despite recent advancements in the technology, SDN is still at a relatively early stage, "still climbing" its Gartner hype curve. But "we're getting close to the peak," he said.
The past year has seen major developments in SDN, developments which have taken it from a little-understood buzzword to something approaching accepted reality. Driven by these developments, enterprise mindsets are also evolving. What else do CIOs need to know about SDN? Let us know in the comments.
Jude Chao is executive editor of Enterprise Networking Planet. Follow her on Twitter @judechao.