Software-defined technology is changing the way networks are managed, provisioned and secured. A few key tips can help IT teams avoid some mistakes along the way.
vCORE Technology Partners
Centralized management. Rapid provisioning. Granular, workload-based security.
The benefits of software-defined networking are well documented, and more enterprise IT teams are using the technology to modernize their network infrastructure. But successfully integrating software-defined solutions into an existing environment can be a challenging task.
While guiding numerous clients along various parts of their software-defined journey, vCORE’s network team has seen first-hand the complexities and challenges that come along with IT transformation. During a recent Network Roundtable event at our corporate headquarters in Arizona, an expert panel from vCORE and a few of our partners shared some valuable tips to keep in mind when evaluating and implementing software-defined network technology.
1. Understand and document your application dependencies.
Perhaps the biggest mistake we’ve seen clients make before deploying software-defined networks is a lack of documentation and understanding of application dependencies, according to vCORE Sr. Solutions Architect JR Garcia.
“You can’t automate something if you don’t understand what that process looks like,” Garcia said. “You can’t do micro-segmentation if you don’t understand those application dependencies.”
Bringing in a tool like vRealize Network Insight can help clients gain visibility into security groups, firewall rules, virtual networks, and infrastructure components. Turning on NetFlow, which is a woefully underutilized tool, provides visibility into all intra- and inter-host traffic for firewall policy planning
(micro-segmentation) and flow monitoring.
“One of the biggest mistakes I’ve seen is customers moving toward an SDN solution without understanding those back-end processes or those dependencies first,” Garcia said. “You need to do that discovery work — document, figure out the processes, interview people, figure out what those things look like — before you start investing in these technologies. If you don’t do that, the technology isn’t going to do you any good.”
2. Be ready for the learning curve.
It’s easy for network teams to take software-defined solutions for granted, believing that because they are familiar with VLANs and virtual switches that the transition to Cisco ACI or VMware NSX will come naturally.
In reality, they need to prepare for the learning curve that comes with making the software-defined leap, said Chris McCain, director of product management for VMware, who participated in the vCORE roundtable.
“A lot of people think, ‘Oh, we’ve been doing virtual switching, we’ve been doing VLANs, we know what SDN is,'” McCain said. “You don’t know what it is. You know the concepts, and those carry over, but you have to learn new tools, new ways to manage, new ways to operate.”
At Cisco, new software-defined solutions are radically changing the way end-users implement the fabric in the physical infrastructure and extending into the cloud. VMware, meanwhile, is rebuilding the idea of just doing virtual switching into full-scale network virtualization.
Relying on a proven, certified partner like vCORE to help design, deploy and support software-defined network infrastructure can help IT teams bridge the skills gap and accelerate their movement through the learning curve.
3. Begin with micro-segmentation and security.
For organizations yet to embark on a software-defined journey, where is a good place to begin? In many cases, it is IT security groups, not networking teams, that are the ones driving SDN projects within an organization. The capabilities that come with micro-segmentation, including greater ability to secure east-west traffic, has caught the attention of enterprise CISOs around the world.
Find best practices and more information in our micro-segmentation workshop presentation here.
Solutions such as VMware NSX and Cisco ACI have security built in, which allows IT organizations to simplify their security solution stack. Rather than bolting on 15 different security apps from 15 different vendors, they can deploy SDN with integrated security and add two or three security products based on specific needs.
As a result, the security use case tends to be a good way to experience a quick win with software-defined networking, before moving on to full network virtualization and automation.
Learn more from vCORE
Software-defined solutions, from SD-WAN to network security, are a key component of vCORE’s network practice. Our team has validated expertise in design, deployment and support of industry-leading SDN technology from multiple global vendors. To learn more or request information about vCORE’s solutions and services, visit vcore.com/solutions/networking.