CSCTechTalk

11/2 CSC Technology Town Hall
Secure Digital Networks
   4 years ago
#CSCTechTalk10/13 CSC Technology Town HallNext Gen Agile Hybrid Cloud
   3 years ago
#CSCTechTalk2/9 CSC Technology Town Hall2017: A Look Ahead
Dan Hushon
Anyone know if we could build SDN plans in Agility yet? Here's a blueprint! http://www.via-cc.at...
Ganesh Swaminathan
That is pretty cool
Dan Hushon
I like how we might drag a component onto the canvas, and it might bring a FW configuration with it
vittal krishnasamy
Agility gives a ready made advantage because of its metadata management. It will be easily define the segments/topology and layout and then fire it out
Stephen Sandifer
The better question is, does Agility enforce policy at a level to prevent administrators from detonating their network? Will check.
Dan Hushon
From a delivery standpoint, we could be "blueprinting" for delivery with specific monitoring (out) and control (in-out) channels
Howard Smith
I think the power of executable/actionable blueprints in the form of pictures is one of the most powerful ways to engage customers. We did the same in BPM era with workflow designs. And EA tools for that matter.
Sunil Sharma
If Agility can push such configuration to FW for east-west and north-south traffic, it will be a great value add to FW security policy administration. I am not sure if such function can be achieved with agility automation with a firewall.
Randy Arthur
We have a lot of that capability in BizCloud VMware already. We are trying to keep a flat network and use security groups and distributed firewall rules to microsegment within a virtual datacenter
Randy Arthur
Even though it is very easy to create very small network segments in SDN, we didn't want to waste the unused IPV4 addresses and we can get equivalent (or better) isolation and security with security groups
Randy Arthur
Plus it is a whole lot easier to manage and operate
Dan Hushon
what do you mean "waste" IPV4 networks... we can use a ton of em... tell me you can use up 10.,192. in our estate.. much less other routable that we can re-use
Vijay Kumar
vSphere NSX LoadBalancer as a service model along with Workloads using agility blueprint work is in progress.
Randy Arthur
Waste in the sense that if are given a routable IPV4 range from a client then we have to watch how quickly we burn through them. Not all workloads do well with NAT and an overlapping IP address model.
Randy Arthur
In BizCloud VMware, we are not quite at the point where we can get the scope of the microsegmentation in a virtual datacenter to the Blueprint level. But as you can see from Vijay, we are actively working on it.
Frédéric Lé
What are the relationships between infrastructure as code and SDN?
Randy Arthur
I think a lot of it depends on what your execution environment is. For example if you use Softlayer or VMware on AWS, you will grab your hypervisor machines and maybe a VLAN or two and then you will have to instantiate the network fabric
Chris Swan
APIs provide the connective tissue between configuration management and the network config
Randy Arthur
In BizCloud, we have the notion of a common external edge network with virtual datacenters "hanging off" that transit network protected by an SDN router/firewall. The parameters for that need to be well defined for the particular client
Dan Hushon
NFV must still have some bearer fabrics which could be infrastructure as code, and then we talk about application networks as code.
Randy Arthur
We instantiate these networks through a combination of Agility calls to the API of the SDN and other standalone utilities outside of the Agility environment
Dan Hushon
@randyarthur will be interesting to see the intersections of NSX with AWS Network Controllers
Randy Arthur
Yes Dan - I am particularly interested to see how that handoff will work. Especially in the complex topologies we normally deal with
vittal krishnasamy
at present NSX works with only EXSi and vSpehere6.x plus only, I guess.
Dan Hushon
still interesting to understand how a "stem cell" could be built for even a vmware configuration and then late-bound to a topology
Glen Robinson
Wow, the bar is super high for this month's technologists of the month. Well done to the team leading the way. Automation, AWS, DevOps, Hololens. Great to see.
Lisa Braun
Yes, congrats to our Technologists of the Month for November! Across all regions, great work with clients, standardization, moving solutions to offerings.
Ganesh Swaminathan
Yep. Continuous Improvement ....
Ganesh Swaminathan
Congratuations to all
Ganesh Swaminathan
micro-segmentation using SDN - can it adapt to new and unfolding threat situations - something that you can's see today but can unfold tomorrow? making it truly agile and responsive.
Sunil Sharma
micro-segmentation alone can't do it, will require analytic platform to predict the attack patterns, but can be possible with combination of technologies.
Rafat Shaheen
Indeed! The programatic aspect of SDN using software constructs making this very possible improving agility and operational efficiency.
Dan Hushon
sure but analytic platforms are intensive, and SDN allows you to apply "expensive" resources as dynamic elements in your prosecution vs. static = huge improvement
Rafat Shaheen
It is argued that security is the killer app for modern networks' use of SDN and NFV.
Martin Lee
@ShaheenRaf I am believing more and more that this is so, that security will be the killer app, not just for SDN and NFV, but of the NextGen architecture, covering all aspects of the modern infrastructure.
Kristen Sawyer
What role does SDN play in the Modern Platform getting ready to be offered from CSC?
Chris Swan
SDN is an optional component of Modern Platform - so with the VMware flavour we can add NSX to provide segmentation
Howard Smith
For many companies, developing a network strategy is a significant activity or consultative project in its own right. If green field easier, but often a transformation journey to be planned, in detail, as part of 'engagement'.
Dan Hushon
but if it's all L3, and the network can "grow" organically less so?
Heather Simpson 🌈🍃
What role does SDN play in cloud deployments?
Chris Swan
the hyperscale cloud service providers have all built their own SDNs that they're exposing as part of the overall IaaS API surface area
Randy Arthur
It's integral to BizCloud VMware and BizCloud Openstack. Certainly within CSC BizClouds, our latest generation supports SDN as an integral part of the offering.
Darryl Cauldwell
Its also going to be key to extending networking across cloud providers, for example vSphere local to AWS
Heather Simpson 🌈🍃
How do you see SDN playing a role in our clients' organizations?
Chris Swan
segmentation seems to have been the use case that's stuck, but migration of entire apps with their network dependencies will become more popular
Howard Smith
I think SDN is a big deal, and a major part of the shifts to "public" infrastructures, since C-teams are no longer willing to let details of 'complex IT' hold back their digital initiatives and the agility they need to be proactive in markets
Lisa Braun
@smithh So it comes down to agility, flexibility, scalability, yet it's complex. Is the modern network a difficult sell? Or, as @hayley_smitty once asked, what is the elevator pitch?
Matt Vita
I think as clients look to renew their environments, the biggest push will be to reduce footprint (virtual 1for1), then slowly make use of compartmentalization and segregation for security, blueprint designs fordeployment speed, etc.
Howard Smith
I do not think CSC will be credible with elevator pitches for SDN per se. Those will come from the SDN providers. In fact, CSC presumably has to define its role wrt SDN solutions. I believe it should be bundled.
Darryl Cauldwell
the three most typical use cases I've seen are, micro-segmention, load balancer on demand (haproxy), orchestrating delivery of overlapping L2 networks presented through NAT on demand
Howard Smith
But I have not given it a lot of thought, but would be willing to brainstorm with SDN solution team if asked.
Rafat Shaheen
since SDN is about constrcuting flows than connecting devices, we can leverage SDN iteratively and incrementally for a sepcific use/service/user without impacting the rest - this risk-management approach makes SDN practical starter.
Rafat Shaheen
@potato_heads It is argued that Security is the killer app to energize SDN, it could be
Joe Champlin
How can SDNs better defend against #botnets and the increase in #DDoS attacks?
Glen Robinson
For me, it's the speed at which they can detect and react, shape traffic, and keep systems running, which is key. It's still far from perfect, but better than what we have today.
Chris Swan
I think we'll see adoption of Manufacture Usage Descriptions (MUDs) to define what devices are allowed to do, and better network segmentation to enforce that
Sunil Sharma
Botnet based DDOS can be managed better with SDN and use of OpenFlow flow interface. It can perform a dynamic NAC function to mitigate / contain DDOS attacks.