As SDN defines a framework that allows for an automated and agile way to manage networks and provide networking services, it has a direct impact on network security. Security appliances and management products can no longer be isolated from the rest of the infrastructure, but must be cognizant of real-time changes in the data center.
Security is itself a fundamental layer of IT infrastructure, as essential as compute, storage, and networking; hence security needs to become “Software-Defined” as well – in other words as agile and elastic as other data center infrastructure.
Software-Defined Networking (SDN) is one of the latest technologies in a move towards what Gartner has named “Software-Defined Everything” (SDx) – a collective term that encapsulates the growing market momentum for improved standards for infrastructure programmability and data center interoperability driven by automation inherent to cloud computing.
As SDN defines a framework that allows for an automated and agile way to manage networks and provide networking services, it has a direct impact on network security. SDN enables Software-Defined Network Security with the associated benefits of aligning real-time security within the ever-changing environment of the Software-Defined Data Center (SDDC) and the Cloud. It allows for the automation and orchestration of security services for dynamic workloads and users throughout the network and in the data center, via physical and virtual security appliances.
Such a centralized environment can effectively and rapidly adjust to the rapid changes in today’s cloud based environments and an organization’s changing IT needs.
With recent availability and vendor push of production ready SDN solutions from the likes of VMware and Cisco, SDN is starting to have a profound impact on the way networks are designed and implemented.
A Voyage – The Need for SDN
The voyage that leads to SDN started a decade ago with x86 hypervisors delivering greater IT efficiency through server virtualization, also known as Software-Defined Compute (SDC).
Compute virtualization, or SDC, has revolutionized organizations’ compute environments with the creation of private clouds (the organization’s virtualized compute resources in the data center) and has given birth to the public cloud providers, such as Amazon Web Services (AWS) and Microsoft Azure.
With SDC, Virtual Machines (VMs) are 100% software-defined and therefore provide extreme flexibility and agility – they can be created, removed, moved, be paused and more, in a matter of minutes. This creates a very dynamic environment where the data center and cloud compute environments may change daily and hourly.
The servers and applications in this dynamic environment require different networking-based services to function, such as routing, load balancing and security. “Traditional” networking, based on manual configuration and provisioning of networking elements (routers. Switching, firewalls, etc.), cannot cope with the dynamic SDC environment while providing the appropriate networking functions and services. In fact, the network’s operation and management becomes a limiting factor in the SDC environment.
SDN was born with the aim of providing a solution to the conflict between the manual and slow way traditional networking services were managed and delivered to a very rapid and dynamic SDC environment.
Security in a SDN Environment
Security is itself a fundamental layer of IT infrastructure, as essential as compute, storage, and networking; hence security needs to become “Software-Defined” as well – in other words as agile and elastic as other data center infrastructure. This is why Fortinet has introduced the Software-Defined Network Security (SDNSecurity) Framework.
While integration with the SDN controller or platform is one key means of achieving agile network security, it is equally important to be able integrate with hypervisors, cloud management, and intelligence and analytics tools. In some cases, Software-Defined Security may be deployed even ahead of implementation of SDN controllers and switching fabric.
The Software-Defined Security Framework fundamentally evolves network security in each of the conceptual layers of network architecture – the data plane, control plane, and management plane respectively:
- Virtual Appliances/Services – Augment runtime security enforcement with flexible virtualized appliances and services (Data Plane)
- Platform Orchestration and Automation – Enable agility and elasticity by coordinating with underlying networking and infrastructure platforms (Control Plane)
- Single Pane-of-Glass Management: Provide unified management of policy, events and analytics across physical, virtual and cloud infrastructure (Management Plane)
Security appliances and management products can no longer be isolated from the rest of the infrastructure, but must be cognizant of real-time changes in the data center. Security solutions therefore must be built on an extensible platform that can integrate and communicate with other infrastructure through programmable API’s and other interface points. These could either be through open standards or proprietary interfaces – both have their pros and cons historically for interoperability, time-to-market, and other considerations. To achieve this, Fortinet provides out-of-the-box integration with SDN solutions such as Cisco ACI and VMware NSX and support for open interfaces to other SDN solutions, such as OpenFlow support and integration with HP VAN.
