Treating management, security as one

In the new data center, technologies that protect and control will work more closely together.

Network management software and security devices lead separate lives today, but in the new data center, the two disciplines will come together to form a not-so-odd couple. Together they will speed problem diagnosis, detect potential threats, automate change management and enforce security and compliance policies.

Such is the vision of Scott Raymond, network manager at OMD, a New York media buying agency that is constructing a new data center architecture. Raymond recently pooled network connectivity across 10 locations into a centralized data center in New York. The move enables him to track more than 95% of the company’s traffic from one location. Yet Raymond says automated change management software would put his mind more at ease.

“We saw the need to put our resources in a resilient data center, but one of the issues many companies have is tracking changes that have been made to network equipment,” Raymond says. An automated tool that would log changes and check those against how things are supposed to be configured would prevent him from leaving his data center vulnerable to attack while tracking down the source of a problem. “It makes sense to bring [management and security] together. To be able to say that an outage in Atlanta correlates to this security breach on this router would decrease troubleshooting time,” Raymond says.

Ultimately, as new data center technology evolves, Raymond should realize this vision. He should be able to deploy the automation and predefined rules of management software in combination with security event and compliance data to ensure servers, switches, routers and other network devices are properly patched and configured. Technologies such as event correlation, policy-based management, and configuration and change management will comprise equal parts security and management. This will let IT managers support a data center that lets outsiders in – without putting the business at risk.

“The last thing you want to do when securing your data center is shut out revenue-generating partners or customers,” says Rich Baich, CIO at Choicepoint, an Atlanta provider of identification and credential verification services for the insurance industry. “Right now, isolated security events occur. What has to happen is the centralization of that security information on a management console that makes intelligent decisions and takes action.”

Self-provisioning, self-protecting and self-managing capabilities begin with data sharing, says Glenn O’Donnell, a research director at Meta Group. “The processes for handling security events and more generalized event management should and can be similar if not identical,” he says.

Today software from BMC Software, Computer Associates, IBM and HP monitor network events. Niche players such as ArcSight, e-Security, netForensics and Network Intelligence deliver products to help filter and make more sense of security events generated from firewalls, intrusion-detection systems (IDS) and other security devices. In the new data center, one management system will collect network and security events, and correlate the events for quick identification of the source of network performance problems or security breaches.

“Event correlation is the key to bringing management and security together,” Baich says.

Network executives should be able to write policies, which when enforced by the management software, would be able to detect when a security event is threatening network performance. For example, a Web server getting relentlessly pinged by an unauthorized external address would begin missing pre-set performance thresholds and start overloading management software with error messages. With integrated IDS data, the management software would immediately recognize the source of the network degradation as related to an attack on that server.

The availability of advanced provisioning software also becomes crucial. These tools would not just enable the rollout of new servers, applications and patches as they do today, but also would store secure and accurate configuration data for switches, routers and servers. Enterprise IT managers would first input configuration data, including software versions, patches applied and licensing agreements. When a server is provisioned automatically, they could rest easily, assured that the server is up to date on patches and configured to support applications in line with pre-set performance baselines, for example.

Intrusion-prevention systems can use configuration data to scan the data center, identify attacks and block nefarious traffic.

And, regular vulnerability and compliance scans can prompt management software to apply patches where needed. “Knowing how things should be configured and tracking all changes made will enable more automation,” O’Donnell says. “And it will protect servers from internal and external attacks.”