The data-center network is a critical component of enterprise IT\u2019s strategy to create private and hybrid-cloud architectures. It is software that must deliver improved automation, agility, security and analytics to the data center network. It should allow for the seamless integration of enterprise-owned applications with public cloud services. Over time, leading edge software will enable the migration to intent-based data-center networks with full automation and rapid remediation of application-performance issues.\nThis article evaluates the data-center networking requirements for private enterprises that manage their own internal IT resources. It excludes the data centers of hyperscale cloud providers, as their requirements and resources are radically different that those of typical IT organizations.\n\nChanging data center requirements\nThe popularity of SaaS and public cloud creates pressure on IT to modernize internal enterprise data-center operations. The enterprise data center needs to support multi-tenancy, be operationally efficient and cost effective. The data center needs to support a wide range of physical and virtual workloads and adapt to the new style of application development, including support for containers. Because security breaches can take months to discover, software in the data center should alert operators to suspicious traffic flows and recommend corrective action. IT leaders need the ability to link the internal applications and internal resources including private-cloud with public-cloud resources to create hybrid cloud architectures.\u00a0\nWhat is the software-defined data-center network (SDDCN)?\nThe abstraction of networking hardware from networking software (software-based networking) enables significant changes in how networks are built and operated. The two places in the network most impacted are the wide area network \u2013 the software-defined WAN - and data-center network software. The SDDCN combines with compute resources (virtual machines and containers) and storage (disk and flash) to deliver specified performance for private-cloud applications. Via software abstraction, data-center resources can be easily reallocated to address changing application requirements without changing the underlying physical compute, storage or network elements.\nSDDCN requirements\nInternal IT operations now compete for internal resources with SaaS applications and public cloud platforms. Internal data centers must rapidly provision new services, be agile in their ability to deliver the required performance for mission critical applications, be secure and be able to quickly fix any data-center operational challenges. The SDDCN is a key enabler of successful private cloud operations. It enables IT to quickly provision and manage large numbers of high-speed (25GB to 100GB)\u00a0 physical network links. The short list of SDDCN requirements includes:\n\nNetwork performance at scale\nEase of provisioning of networking, compute and storage resources for new applications\nAbility to rapidly scale bandwidth up and down by application\nWork-load migration between internal data centers and public cloud\nProviding application isolation to enhance security and support multi-tenancy\n\nData-center network-software architecture will also enable customization via open APIs, programmability and must easily integrate with third-party applications, including security, application acceleration and performance management.\nSDDCN architecture\nThe abstraction of network software from network hardware in the data center enables the rapid adaptability of the network. The software must work with network hardware to handle the massive increases in data flows created by new applications such as Big Data and micro-services architectures. The network software needs to scale its performance to handle rapid east-west traffic flows and to easily provision virtual network switches (vSwitches) and virtual LANs (vLANs).\nThe SDDCN must be able monitor and analyze traffic flows to provide its quality of service (QoS) guarantees to critical applications. This includes support for time of day scheduling, low-latency traffic (video and VoIP) and traffic bursting, such as storage replication. Network analytics provides the clues to remediate any application-performance issues or slowdowns. The SDDCN must track traffic flows and enable application communications across physical servers, to remote data centers and to public-cloud resources as in a hybrid cloud. Distributed organizations require high-speed connections to multiple data centers in geographically separate locations. The SDDCN should be able to \u201cstretch\u201d applications across data centers, provide for business continuity and disaster recovery via active\/active network links.\nSecurity and network segmentation\nServer virtualization and hybrid cloud have spelled the end of a hardened security perimeter. While most IT organizations still deploy UTM\/firewall appliances in the data center, they must also provide internal data-center security due to the risk that a breach of one VM or container will allow the attacker to access other data-center applications or data via trusted east-west traffic flows. Data-center network software enables internal segmentation of applications which allows IT to isolate applications, work groups and divisions to protect sensitive data and provide for compliance requirements. SDDCN provides the ability to monitor data traffic to identify attacks and to alter the network to remediate specific threats. A defense-in-depth strategy requires SDDCN to connect via open APIs to multiple layers of security encompassing many security elements from third-party suppliers such as leading security vendors.\nAutomation and intent-based networking\nOne critical goal of the SDDCN is to automate the previously manual process of provisioning network resources for new or changing application requirements.\u00a0\u00a0\u00a0 This automation enables data centers to scale and helps IT personnel keep up with data-center changes by shifting network configuration from people to software. Current SDDCN products help architect the provisioning process. For example, they can provide appropriate networking resources and security profiles. They can also adjust traffic flows based on set variables including type of application and security.\n\nIntent-based networking in the data center abstracts network complexity and improves automation by reducing manual configurations. Its goal is to enable IT personnel to use natural-language requests for network resources. For example, IT could request via a simple software command increased performance for a critical application and the network would deliver without manual intervention. In the data center, intent-based networking can automatically adjust IP addresses, configure vLANs and, via analytics, provide insights into network-performance issues.\n\n\n\n\n\nNetworking meets storage in the data center\nThe increases in compute capacity and the demands of new applications including big data, video and IoT continue to drive massive increases in storage capacity and network performance. The goal for the SDDCN is to reduce the complexity and cost of delivering storage capacity where and when it is needed. SDDCN needs to offer the ability to rapidly provision storage capacity, scalable performance and the ability to support any type of storage with any type of compute and application. Modern data-center network architectures converge data and storage traffic on one Ethernet network, but they must support virtual paths for storage traffic to deliver on low-latency requirements.\u00a0\nSupport for containers\nContainers are an emerging technology in the enterprise data center that provides server virtualization and application portability without the overhead associated with a hypervisor. Containers enable micro-services-based architectures and often require the migration of applications\/data between local and cloud-based platforms. When the number of containers on a given server tops 100, they can require tremendous east-west bandwidth. Key challenges for networking containers include performance, automated provisioning of appropriate network resources, and visibility\/network management.\u00a0 \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\nChallenges to SDDCN implementation\nSDDCN supports a wide range of advanced capabilities, but is not necessarily easy to deploy and implement, especially in existing data centers. SDDCN lacks the depth of standards to enable multi-vendor interoperability. Most current solutions are single-vendor and largely proprietary. The SDDCN is well not necessarily integrated with other data-center software elements \u2013 storage virtualization, security, application performance monitoring and systems management. Intent-based networking is in its very early stages and needs to mature to provide automation, application assurance and proactive security.\nNetwork software has the capability to deliver on its promises to simplify, automate, secure and accelerate the provisioning of network services to new and changing applications.\u00a0 It provides the glue to connect and secure a wide range of traditional applications, virtualized resources, and micro-services on containers across the data center.\u00a0 It can ease workload migration challenges in a hybrid cloud architecture.\u00a0 SDDCN challenges include lack of standards, single vendor solutions and poor integration with other software elements in the data center, including storage, security, and systems management.