While software-defined networking technology still isn't mainstream, network pros are looking at how 'SDN-lite' principles can improve LAN automation and flexibility.
The same principles that make software-defined networking attractive in the data center -- among them, programmability, automationand policy enforcement -- also make it appealing for use in local area networks
But cost and management complexities associated with SDN have made it challenging to deploy the entire gamut of software-defined networking technology in the campus. Instead, companies are exploring the use of some of SDN's most intriguing components to take advantage of its most compelling benefits.
Call it SDN-lite, if you will.
Scentsy Inc., a fragrance company in Meridian, Idaho, is among a growing number of enterprises exploring how SDN elements can reduce time-consuming manual tasks by adding more software-based capabilities to its LAN.
"Users are much too mobile today. There has to be a way to automate policies so the IT staff can keep up," said Kevin Tompkins, a network architect at Scentsy. With software performing functions that otherwise require manual coding, "we can set a policy for finance, IT administrators, marketing and guests. We'll set a policy for the financial people to access financial data, but not for administrative access to the servers in the data center."
Scentsy, whose network serves 1,000 users and 150,000 independent consultants, uses Cisco's SD-Access software -- running on its Catalyst 3750 and 3850 switches -- to manage everything from boosting security to making it easier for users to connect to the network.
Among other capabilities, Tompkins said SD-Access lets Scentsy set centralized policies for all its switches directly at the switch port the user plugs into. Administrators set policies by user group, so individual policies don't have to be set up for each user.
In the past, when users wanted a network connection in a conference room or some other location at the company, Tompkins said the IT staff would have to set policies for each location. Creating access control lists for each location was time-consuming. With SD-Access, Tompkins can set policies that follow users wherever they go. SD-Access' foundation also helps Scentsy better secure its network through the use of microsegmentation -- bringing data center-class security features to the LAN.
"What I think has happened at a lot of companies is that the IT staff simply doesn't do this level of segmentation, which leaves users open to attack," Tompkins said. "Now, we can spend the time required to do the right level of documentation, integrate applications with network monitoring and add security features we wouldn't have had time for in the past."
Gartner analyst Andrew Lerner said, while there isn't much "pure" SDN in the LAN, there are many products coming out from Cisco, Aerohive Networks, Hewlett Packard Enterprise and others that boast "software-centric" features like policy- and role-based management, automated configuration and centralized management.
"By pure SDN, we're talking about a complete separation between the control plane and the forwarding plane," Lerner said. "The SDN conversation is ultimately what led to software innovations such as SD-WAN. But the reality is that regardless of whether they are 'true' SDN or not, many of these features in the LAN are highly desirable and are making organizations more productive."
Seeing SDN around campus
The Institute of Agriculture at the #UniversityofTennessee (UT), in Knoxville uses #softwaredefinednetworking technology in a different way -- to oversee its network of #DellTechnologies #SonicWall firewalls, #DellNetworking N-Series switches and #Aerohive wireless access points, according to Mike Stanley, a system architect at the university. The institute spans 110 locations statewide, encompassing the College of Veterinary Medicine, 10 agriculture research centers, UT's extension school and the College of Agricultural Sciences and Natural Resources.
"We especially like the cloud management piece in Aerohive HiveManager. That gives us many of the SDN capabilities," he said.
Stanley said the software-defined networking technology the institute takes advantage of includes centralized policy management and role-based administration. On the policy front, the institute has set up a new service set identifier (SSID) for internet of things (IoT) devices like Apple TVs and gaming systems. It also takes advantage of the role-based administration, which gives Stanley more granular control over the network.
"We can give [IT] people full administrative access, or we can give [general users] operator access, in which they can't change the licensing or account settings," Stanley said. "For a lot of the remote locations, we give them monitor access, which lets them view the traffic. And if they see an issue, we can modify the policy."
In addition, the institute uses HiveManager to enforce policies across the Dell switches. That will also allow the institute to beef up its application consumption capabilities, giving Stanley more precise information about which applications are being used.
"Users may tell us that the network is slow, but we can look in HiveManager and see that a certain client is running Netflix in the middle of the day," he said. "We could then set a policy for people to only run Netflix at lunch so the network doesn't run slow during business hours."
No comments:
Post a Comment