Most companies by now have virtualized a large percentage of its datacenter infrastructure.One mistake that may be made is to rely on existing physical security devices only to protect your virtual infrastructure . A physical servers traffic normally traverses our physical network devices but inter vm traffic may never leave your hypervisor hence an intruder who gains access to one improperly secured Virtual Machine may be able to compromise additional virtual machines without being detected by a physical Intrusion prevention system or firewall,since inter vm traffic flows exists within virtual switches.In order to properly protect virtual machines hypervisor level firewalls are required,these Vfirewalls are virtual comstructs managed like a physical device and providing visibility into virtual network traffic flows.
Category Archives: Technology
The Cloud means many things to many different persons,but personally I view a Cloud as a distinct pool of computing resources that can be manage centrally, provides the ability to scale resources via pre configured policies and lastly provides the ability to automate manual requests such as Virtual Machine creation and deployment.
Though not recommended by many IT professionals, I am planning on making our IT department an internal service provider. In this vain it is my vision to build out a Private Cloud that can provide self service to authorized internal clients such as our developers and application administrators.Currently we utilize a Vmware Vsphere platform, but in another few months this platform will possess all the attributes of a true cloud.To provide the functions necessary I have decided that we will look at the Open Source Eucalyptus platform.
Eucalyptus is Open Source so it reduces our initial capital expenditure ,it is compatible with Vmware and it has the ability to support Amazon based workloads thus providing a Hybrid platform mangement tool.
At Stage one, we will roll out a Private Cloud that will allow authorized internal clients to perform various tasks related to a an assigned blocked of computing resources.
At Stage two we will seek to allow the migration of workloads between Amazon and our Vmware based private cloud,this should provide Disaster recovery and scalability benefits to our group.
Vmware V-motion requires physical hosts to be in the same layer two domain. This goes against the grain in networks that were built around the principle of reducing the size and reach of broadcast domains.Layer 2 broadcast domains reduces the bandwidth available to our applications due to effect of frame flooding and also because Spanning tree’s operation disables redundant paths in our layer 2 networks.
Vmotion’s layer 2 requirement may be one of major reason why Flat layer 2 networks are being optimized.These optimization’s mitigate against the effects of broadcasts and unknown Unicast flooding which wastes network bandwidth.TRILL which is not really necessary to support Vmotion, has been developed to replace spanning tree in bandwidth intensive use cases that need all links to be forwarding at once. The existence of applications that require huge Flat networks will ensure the continued evolution of the layer 2 switching space and thus augment the simple plug N play nature of Ethernet networks that most people appreciate.
Dell has hit a home run with their force10 line. Born in the world of high frequency trading, Force10 with its huge output buffer provides Dow Jones, twitter and Facebook with low latency switching infrastructures. At prices lower than the nexus line and providing a command line that is syntactically similar to Cisco’s IOS. Force10 represent bridge to a hybrid network where Cisco IOS and force10 FTOS in concert with open standards such as lldp and gvrp gives the enterprise the ability to ensure that we receive the best features at the lowest pricepoints.
The failure of links in software defined networks based on Open Flow will result in the need to converge on a new topology which will be the same at layer 2 or 3 since open flow seems to merge the control and data planes resulting in unified logical topologies. Since Open Flow utilizes flow tables the concept of feasible successors can be applied to flow tables by inserting alternate paths as less preferred flow entries. The use of successor routes will result in no need to contact a controller on link failures.
The primary goal i would be seeking to meet when i decide to implement Open Flow or some other SDN framework is management simplicity.Below i have listed two things that i hope SDN will address when it becomes main stream in enterprises.
Automatic VLAN Grafting
Connectivity issues resulting from the absence of Vlans on trunk links is a common problem that network techs face when provisioning access ports.SDN can be really valuable if it is able to graft vlans to trunk links based on learnt layer two traffic flow.
Advanced Optimized Edge Routing that integrates QOS
Currently OER/PFR is unable to implement QOS policy decisions on flows that are not operating within a certain threshold. An OPEN FLOW controller that implements QOS policies while managing policies below edge devices such as those in the network core would greatly enhance policy based routing design and overall network architecture design.
Mobile Applications are the rage right now and as they like to say they is an APP for everything or almost everything.
With the move to mobile, users are now able to access services from anywhere using any of three popular Mobile Operating Systems,this convenience is cool but comes with a few disadvantages that i feel will lead to Apps becoming a thing of that past on mobile devices,especially smart phones.
The memory used by some apps make them unsuitable for lower end devices.
The functionality of some mobile apps such as facebook for android is way below that of a Web Browser on a PC
Mobile Apps require frequent updates which have to be downloaded to your device,A HTML5 browser based app can be upgraded from the server side
The development effort required in app development may be a little higher than native wep app development. While most mobile apps are developed in JAVA there will still be some tweaking required on a per OS basis for things to work out. If apps are developed in a device agnostic manner, developers will be able to quickly reach a wide market and a larger ecosystem in one development cycle.
HTML5 has the potential to not only replace FLASH but also to provide app functionality in a web browser. HTML5 supports offline apps, Multimedia APIs and Built-in database support. Drag an drop functionality along with with the ability to utilize existing scripting language means that existing web programmers will still be able to leverage existing skills to create rich application experiences. By executing complex code on the server side,low end phones with a capable browser may be able to provide their owners with the capabilities currently provided by apps.