CSCTechTalk

That is pretty cool

I like how we might drag a component onto the canvas, and it might bring a FW configuration with it

Agility gives a ready made advantage because of its metadata management. It will be easily define the segments/topology and layout and then fire it out

The better question is, does Agility enforce policy at a level to prevent administrators from detonating their network? Will check.

From a delivery standpoint, we could be "blueprinting" for delivery with specific monitoring (out) and control (in-out) channels

neat

I think the power of executable/actionable blueprints in the form of pictures is one of the most powerful ways to engage customers. We did the same in BPM era with workflow designs. And EA tools for that matter.

If Agility can push such configuration to FW for east-west and north-south traffic, it will be a great value add to FW security policy administration. I am not sure if such function can be achieved with agility automation with a firewall.

We have a lot of that capability in BizCloud VMware already. We are trying to keep a flat network and use security groups and distributed firewall rules to microsegment within a virtual datacenter

Even though it is very easy to create very small network segments in SDN, we didn't want to waste the unused IPV4 addresses and we can get equivalent (or better) isolation and security with security groups

Plus it is a whole lot easier to manage and operate

what do you mean "waste" IPV4 networks... we can use a ton of em... tell me you can use up 10.,192. in our estate.. much less other routable that we can re-use

vSphere NSX LoadBalancer as a service model along with Workloads using agility blueprint work is in progress.

Waste in the sense that if are given a routable IPV4 range from a client then we have to watch how quickly we burn through them. Not all workloads do well with NAT and an overlapping IP address model.

In BizCloud VMware, we are not quite at the point where we can get the scope of the microsegmentation in a virtual datacenter to the Blueprint level. But as you can see from Vijay, we are actively working on it.

I think a lot of it depends on what your execution environment is. For example if you use Softlayer or VMware on AWS, you will grab your hypervisor machines and maybe a VLAN or two and then you will have to instantiate the network fabric

APIs provide the connective tissue between configuration management and the network config

In BizCloud, we have the notion of a common external edge network with virtual datacenters "hanging off" that transit network protected by an SDN router/firewall. The parameters for that need to be well defined for the particular client

NFV must still have some bearer fabrics which could be infrastructure as code, and then we talk about application networks as code.

We instantiate these networks through a combination of Agility calls to the API of the SDN and other standalone utilities outside of the Agility environment

@randyarthur will be interesting to see the intersections of NSX with AWS Network Controllers

Yes Dan - I am particularly interested to see how that handoff will work. Especially in the complex topologies we normally deal with

at present NSX works with only EXSi and vSpehere6.x plus only, I guess.

still interesting to understand how a "stem cell" could be built for even a vmware configuration and then late-bound to a topology

Yes, congrats to our Technologists of the Month for November! Across all regions, great work with clients, standardization, moving solutions to offerings.

Yep. Continuous Improvement ....

Congratuations to all

micro-segmentation alone can't do it, will require analytic platform to predict the attack patterns, but can be possible with combination of technologies.

Indeed! The programatic aspect of SDN using software constructs making this very possible improving agility and operational efficiency.

sure but analytic platforms are intensive, and SDN allows you to apply "expensive" resources as dynamic elements in your prosecution vs. static = huge improvement

@DanHushon Agreed

It is argued that security is the killer app for modern networks' use of SDN and NFV.

@ShaheenRaf I am believing more and more that this is so, that security will be the killer app, not just for SDN and NFV, but of the NextGen architecture, covering all aspects of the modern infrastructure.

SDN is an optional component of Modern Platform - so with the VMware flavour we can add NSX to provide segmentation

For many companies, developing a network strategy is a significant activity or consultative project in its own right. If green field easier, but often a transformation journey to be planned, in detail, as part of 'engagement'.

but if it's all L3, and the network can "grow" organically less so?

the hyperscale cloud service providers have all built their own SDNs that they're exposing as part of the overall IaaS API surface area

It's integral to BizCloud VMware and BizCloud Openstack. Certainly within CSC BizClouds, our latest generation supports SDN as an integral part of the offering.

Its also going to be key to extending networking across cloud providers, for example vSphere local to AWS

segmentation seems to have been the use case that's stuck, but migration of entire apps with their network dependencies will become more popular

I think SDN is a big deal, and a major part of the shifts to "public" infrastructures, since C-teams are no longer willing to let details of 'complex IT' hold back their digital initiatives and the agility they need to be proactive in markets

@smithh So it comes down to agility, flexibility, scalability, yet it's complex. Is the modern network a difficult sell? Or, as @hayley_smitty once asked, what is the elevator pitch?

I think as clients look to renew their environments, the biggest push will be to reduce footprint (virtual 1for1), then slowly make use of compartmentalization and segregation for security, blueprint designs fordeployment speed, etc.

I do not think CSC will be credible with elevator pitches for SDN per se. Those will come from the SDN providers. In fact, CSC presumably has to define its role wrt SDN solutions. I believe it should be bundled.

the three most typical use cases I've seen are, micro-segmention, load balancer on demand (haproxy), orchestrating delivery of overlapping L2 networks presented through NAT on demand

But I have not given it a lot of thought, but would be willing to brainstorm with SDN solution team if asked.

since SDN is about constrcuting flows than connecting devices, we can leverage SDN iteratively and incrementally for a sepcific use/service/user without impacting the rest - this risk-management approach makes SDN practical starter.

@potato_heads It is argued that Security is the killer app to energize SDN, it could be

For me, it's the speed at which they can detect and react, shape traffic, and keep systems running, which is key. It's still far from perfect, but better than what we have today.

I think we'll see adoption of Manufacture Usage Descriptions (MUDs) to define what devices are allowed to do, and better network segmentation to enforce that

Botnet based DDOS can be managed better with SDN and use of OpenFlow flow interface. It can perform a dynamic NAC function to mitigate / contain DDOS attacks.