Software-defined Infrastructure:The convergence of Networking, Security and Cloud-based Software

April 20, 2016

“Software-defined” is one of the hottest buzzwords around. What it means, in practical terms, is vague at best. The notion of “software-defined” touches on a couple of key drivers of IT infrastructure innovation: speed and cost. Like any other service provider, IT needs to move at the speed of its customers (the business) and adapt to emerging requirements including Cloud access, mobile connectivity, data security and more. It also needs to cut the cost of services by reducing the cost of the infrastructure it owns and maintains.

The reality is that hardware appliances with embedded software (the most common implementation of networking and security solutions) are too slow to evolve and too expensive to run. In the past, it was a necessary evil. Networking equipment was purpose-built using custom hardware to be able to keep up with the increase in traffic speeds. It was slow to evolve, but it was unavoidable.

Enters software-defined networking (SDN). Originally, the concept of SDN emerged as a way to unbundle a hardware networking device (like a router) into a software-based control plane and a hardware-based data plane. Under this model, the control plane provided the brain of the system while the data plane moved the data along the path determined by the control plane. This architecture enabled the control plane to evolve quickly and independently of the hardware layer that is responsible for packet forwarding. SDN was also vendor neutral (with the introduction of the OpenFlow standard), but key vendors like Cisco and VMware deviated from the standard (probably, to maintain a competitive customer lock-in for their solutions).

While SDN is an important concept, it is moving slowly through the datacenter due to the complexity of the environment and the co-opetition between vendors that provide the virtual network functions (VNFs). Where SDN has traction is within the discipline of SD-WAN. SD-WAN is a narrower implementation of SDN concepts. SD-WAN uses a software-based control plane to drive on-premise edge devices to dynamically allocate Wide Area Network (WAN) traffic between MPLS and Internet links. Virtual desktops and Voice Over IP (VOIP) are two applications that are latency sensitive and must use a low-latency link such as MPLS while regular web browsing will work fine over an Internet link. SD-WAN is effective because it is “self-contained” (i.e. does not require standards and cross-vendor cooperation) and addresses a narrow IT problem.

SD-WAN is just a first step. We now have an opportunity to create something truly new and exciting: Software-defined infrastructure – the integration of software-defined networking and software-defined network security.

Let’s start with the network. Imagine of a fully integrated control plan AND data plane all in software – a full SDN. Is this event possible without custom hardware? Apparently, standard servers with optimized, yet standard, Intel hardware and DPDK-enabled software stack can handle multi-gigabit network workloads. Moreover, it is also possible to develop totally new data plane protocols that take into account the way the Internet works in 2015 and not the way it was built in the 80s (i.e BGP). Software makes custom hardware for routing obsolete – we can now implement and rapidly evolve new protocols, optimizations, and other enhancements without being subject to the painfully slow hardware development cycle.

What if we could build an SDN security layer directly into the network? This  layer will protect the network traffic as it flows through the SDN stack without being packaged into separate hardware appliances with specialized acceleration and encryption capabilities.

The core networking and network security layers of the IT infrastructure remained separate for more than 20 years. There seems to be a justification for this separation. Security needed to move faster due to changes in the threat landscape while networking remained stable (some say, stagnant) and subject mostly to capacity-driven enhancements. Networking and security needed to be separate because they needed to evolve at a different pace.

With SDN and Security, these layers can evolve rapidly, and in tandem. IT can achieve unprecedented speed in deploying new secure networking capabilities to address a wide range of business requirements.

What about cost?

By placing software-defined infrastructure in the Cloud, we can achieve a zero Capex model for enterprises to leverage a fully integrated networking and security solutions. Instead of routers, MPLS links, WAN optimization solutions and network security appliances, enterprises can collapse a full set of capabilities into a fully integrated, SDN and security stack in the Cloud. No need to buy, deploy, upgrade, maintain and manage individual point solutions across the entire business.

Take a peek at the future. software-defined and Cloud-based networking and security infrastructure, available from Cato Networks.

Yishay Yovel

Yishay Yovel

Yishay directs Cato Networks’ worldwide marketing. Yishay has over 25 years of experience in marketing, defining and deploying enterprise IT software solutions in the areas of security, storage, business continuity and mobile computing.