• United States

How to plan a software-defined data-center network

Jun 28, 20187 mins
Data CenterHybrid CloudNetworking

Architectures for software-defined data centers can address the need for flexibility and agility, but implementing them is difficult and calls for coordinating a host of complex features including containers, security, provisioning, scaling and migration to hybrid cloud.

woman technician in network room looking at server
Credit: Getty Images

The data-center network is a critical component of enterprise IT’s strategy to create private and hybrid-cloud architectures. It is software that must deliver improved automation, agility, security and analytics to the data center network. It should allow for the seamless integration of enterprise-owned applications with public cloud services. Over time, leading edge software will enable the migration to intent-based data-center networks with full automation and rapid remediation of application-performance issues.

This article evaluates the data-center networking requirements for private enterprises that manage their own internal IT resources. It excludes the data centers of hyperscale cloud providers, as their requirements and resources are radically different that those of typical IT organizations.

Changing data center requirements

The popularity of SaaS and public cloud creates pressure on IT to modernize internal enterprise data-center operations. The enterprise data center needs to support multi-tenancy, be operationally efficient and cost effective. The data center needs to support a wide range of physical and virtual workloads and adapt to the new style of application development, including support for containers. Because security breaches can take months to discover, software in the data center should alert operators to suspicious traffic flows and recommend corrective action. IT leaders need the ability to link the internal applications and internal resources including private-cloud with public-cloud resources to create hybrid cloud architectures. 

What is the software-defined data-center network (SDDCN)?

The abstraction of networking hardware from networking software (software-based networking) enables significant changes in how networks are built and operated. The two places in the network most impacted are the wide area network – the software-defined WAN – and data-center network software. The SDDCN combines with compute resources (virtual machines and containers) and storage (disk and flash) to deliver specified performance for private-cloud applications. Via software abstraction, data-center resources can be easily reallocated to address changing application requirements without changing the underlying physical compute, storage or network elements.

SDDCN requirements

Internal IT operations now compete for internal resources with SaaS applications and public cloud platforms. Internal data centers must rapidly provision new services, be agile in their ability to deliver the required performance for mission critical applications, be secure and be able to quickly fix any data-center operational challenges. The SDDCN is a key enabler of successful private cloud operations. It enables IT to quickly provision and manage large numbers of high-speed (25GB to 100GB)  physical network links. The short list of SDDCN requirements includes:

  • Network performance at scale
  • Ease of provisioning of networking, compute and storage resources for new applications
  • Ability to rapidly scale bandwidth up and down by application
  • Work-load migration between internal data centers and public cloud
  • Providing application isolation to enhance security and support multi-tenancy

Data-center network-software architecture will also enable customization via open APIs, programmability and must easily integrate with third-party applications, including security, application acceleration and performance management.

SDDCN architecture

The abstraction of network software from network hardware in the data center enables the rapid adaptability of the network. The software must work with network hardware to handle the massive increases in data flows created by new applications such as Big Data and micro-services architectures. The network software needs to scale its performance to handle rapid east-west traffic flows and to easily provision virtual network switches (vSwitches) and virtual LANs (vLANs).

The SDDCN must be able monitor and analyze traffic flows to provide its quality of service (QoS) guarantees to critical applications. This includes support for time of day scheduling, low-latency traffic (video and VoIP) and traffic bursting, such as storage replication. Network analytics provides the clues to remediate any application-performance issues or slowdowns. The SDDCN must track traffic flows and enable application communications across physical servers, to remote data centers and to public-cloud resources as in a hybrid cloud. Distributed organizations require high-speed connections to multiple data centers in geographically separate locations. The SDDCN should be able to “stretch” applications across data centers, provide for business continuity and disaster recovery via active/active network links.

Security and network segmentation

Server virtualization and hybrid cloud have spelled the end of a hardened security perimeter. While most IT organizations still deploy UTM/firewall appliances in the data center, they must also provide internal data-center security due to the risk that a breach of one VM or container will allow the attacker to access other data-center applications or data via trusted east-west traffic flows. Data-center network software enables internal segmentation of applications which allows IT to isolate applications, work groups and divisions to protect sensitive data and provide for compliance requirements. SDDCN provides the ability to monitor data traffic to identify attacks and to alter the network to remediate specific threats. A defense-in-depth strategy requires SDDCN to connect via open APIs to multiple layers of security encompassing many security elements from third-party suppliers such as leading security vendors.

Automation and intent-based networking

One critical goal of the SDDCN is to automate the previously manual process of provisioning network resources for new or changing application requirements.    This automation enables data centers to scale and helps IT personnel keep up with data-center changes by shifting network configuration from people to software. Current SDDCN products help architect the provisioning process. For example, they can provide appropriate networking resources and security profiles. They can also adjust traffic flows based on set variables including type of application and security.

Intent-based networking in the data center abstracts network complexity and improves automation by reducing manual configurations. Its goal is to enable IT personnel to use natural-language requests for network resources. For example, IT could request via a simple software command increased performance for a critical application and the network would deliver without manual intervention. In the data center, intent-based networking can automatically adjust IP addresses, configure vLANs and, via analytics, provide insights into network-performance issues.

Networking meets storage in the data center

The increases in compute capacity and the demands of new applications including big data, video and IoT continue to drive massive increases in storage capacity and network performance. The goal for the SDDCN is to reduce the complexity and cost of delivering storage capacity where and when it is needed. SDDCN needs to offer the ability to rapidly provision storage capacity, scalable performance and the ability to support any type of storage with any type of compute and application. Modern data-center network architectures converge data and storage traffic on one Ethernet network, but they must support virtual paths for storage traffic to deliver on low-latency requirements. 

Support for containers

Containers are an emerging technology in the enterprise data center that provides server virtualization and application portability without the overhead associated with a hypervisor. Containers enable micro-services-based architectures and often require the migration of applications/data between local and cloud-based platforms. When the number of containers on a given server tops 100, they can require tremendous east-west bandwidth. Key challenges for networking containers include performance, automated provisioning of appropriate network resources, and visibility/network management.             

Challenges to SDDCN implementation

SDDCN supports a wide range of advanced capabilities, but is not necessarily easy to deploy and implement, especially in existing data centers. SDDCN lacks the depth of standards to enable multi-vendor interoperability. Most current solutions are single-vendor and largely proprietary. The SDDCN is well not necessarily integrated with other data-center software elements – storage virtualization, security, application performance monitoring and systems management. Intent-based networking is in its very early stages and needs to mature to provide automation, application assurance and proactive security.

Network software has the capability to deliver on its promises to simplify, automate, secure and accelerate the provisioning of network services to new and changing applications.  It provides the glue to connect and secure a wide range of traditional applications, virtualized resources, and micro-services on containers across the data center.  It can ease workload migration challenges in a hybrid cloud architecture.  SDDCN challenges include lack of standards, single vendor solutions and poor integration with other software elements in the data center, including storage, security, and systems management.

lee doyle

Lee Doyle is principal analyst at Doyle Research, providing client-focused targeted analysis on the evolution of intelligent networks. He has over 25 years’ experience analyzing the IT, network, and telecom markets. Lee has written extensively on such topics as SDN, SD-WAN, NFV, enterprise adoption of networking technologies, and IT-Telecom convergence. Before founding Doyle Research, Lee was group vice president for network, telecom, and security research at IDC. Lee holds a B.A. in economics from Williams College.

More from this author