Page 26 - GCN, May 2016
P. 26

Software-Defined NetwoF
rking can deliver on promises of security and functionality.
OR YEARS, enterprises and government agencies have relied on networks and security designed to support traditional client-server environments. Just as the cloud has disrupted storage and opera-
had application teams, network teams, compute teams, and security teams. When they look at software-defined networking, they ask, “Should this go to my application team? Should it go to my compute team? Should it go to my security or network team?” The answer is yes. It should go to all of them.
Successful agencies have also had leadership
that ponders the question, “How can this paradigm shift empower us to enable the mission in a different way?” More often than not, though, the conversation starts with, “We’ve been compromised. We need to change the way we do things now.”
Therefore, substantial changes have typically happened after the fact. But it takes that leadership, whether from the top or within the silos, to say, “We’re going to bring these teams together who historically didn’t work together day in and day out, to be a better service provider to our agency.”
An Evolution in IT
SDN is the next evolution in networking. However, this is truly a cultural change more than a technol- ogy change. Agencies are seeing benefits in the way they approach the mission, and not just reordering the way they use technology to execute the mission. It’s an evolution in every aspect of IT.
Agencies can learn from this convergence that leadership can have a positive impact on this evolution. They’ll also learn that managers from any one silo who drag their feet or dig in their heels can greatly hamper progress.
Combining micro-segmentation with SDN leverages the full power of today’s cutting-edge tech- nology. By removing themselves from the physical cabling and limitations of the traditional network, federal agencies can realize the full potential of
both the firewall for broad perimeter protection and application-level security to limit exposure to insider threats. That combination will provide agencies with the next level of security and functionality.
Matthew Schneider, Senior Director US Public Sector, VMware.
tions, software-defined networking (SDN) is now disrupting that traditional network model. The new SDN model better supports the demands of today’s applications and big data.
Software-defined networking is helping agencies apply technology in places they haven’t been
able to before because of historic environmental limitations. Now developers are building and introducing applications as systems. That means more network traffic is “east-west,” running from server to server within the data center.
The historic networking model is far different. It was designed to deliver traffic back and forth from the server to the user, not machine to machine. SDN helps system managers master their infrastructure and segment the network at a level much closer to the application. This type of segmentation greatly improves security.
Think of the network and its applications as being set up like a house. If someone leaves a window open in a house, a thief can get into that room. In a traditional environment, the thief would now be able to get into every room in the house. With segmentation, he won’t be able to get into the next room because each room’s door is locked.
This trend is called micro-segmentation, and it’s changing the way agencies address security. In fact, it’s one of the principles defined in the Federal Information Technology Acquisition Reform Act (FITARA). FITARA recommends segmenting down to the lowest level possible to protect applications and better understand what those applications do when they’re running in the data center.
Obstacles to Success
The primary roadblocks to the widespread use of effective SDN are operational silos within the agencies themselves. Agencies have historically

   24   25   26   27   28