Building Blocks of a Software Defined Infrastructure

Posted in SDN, Uncategorized

As software defined networking and SD-Wan technologies begin to reach a state of maturity, the ongoing marketing in the industry is setting the agility and new new capabilities as primary agenda items. And this is for good reason, with a proliferation of services and net new IT requirements, optimizing cost structures and efficiency are key strategic IT initiatives.

The figures are hard to argue with. When evaluating a ROI for these technologies, a CFO may be highly interested in what operational cost saves he may expect to see in staff reduction. While there will be cost savings, these are likely to manifest in many larger enterprises as a cost avoidance. The rationale behind this is simple : When was the last time your job became easier? When was the last time you sat back, content in a technology you mastered 5 years ago, happy that it would last you the next ten years, thus becoming a knowledge workers annuity.

That isn’t reality. The reality is we need more technical people now than we ever have in the past. Regulations are getting tighter, the breaches bigger, and the internet of things is about to upend the industry in new protocols and access methodologies. In cloud parlance, we need to optimize our operations so we can move our mode 1 “run the business” people into mode 2 “innovate” resources. So the challenge will be to transform our organizations to become truly digital companies, and to have the capabilities to strategically align our IT resources to combat the disruptive innovators entering our traditional markets (Uber, AirBnB, Square). This will be critical for an organizations long term survival.

But in building out our software defined infrastructure it is paramount to understand how we transition to a software defined infrastructure. It isn’t just about moving fast. Like in football, its about moving fast but with purpose. Not falling. Not getting injured. The difference between adopting SDN and adopting SDN successfully, and optimally, will be based around focusing on transitioning what we do today, into tomorrow, without compromising our ability to deliver services.

The key components to building out a software defined infrastructure is to must focus on ensuring Availability, enforcing Security, creating Agility, and developing our People.

image

 

I will expand on each these key components below.

Availability

The first rule to driving a fast car, is don’t crash it. Availability has long been the sought after maxim for creating an infrastructure upon which an enterprise can run their applications. This is prescient as the infrastructure does not exist to serve itself, it exists to serve the applications, and the applications in turn exist to serve an underlying business process. Network, Compute, and Storage resources all provide shared infrastructure for running the applications that serve the business. The reason availability is the critical component is that these shared resources need to provide a consistent level of service to their end business processes, availability of your infrastructure is the bedrock upon which your business will function.

Some critical questions to understand regarding any software defined infrastructure is:

1) How does this technology fail? Will it fail open, or fail closed? Where does it fail?

2) Are there any single points of failure, or any risks of a split brain scenario which should be architected around? What are the critical components?

3) When it fails, as technology is wont to do, what is the expected restoral time, and will that meet the businesses RPO/RTO targets? How are backups managed?

4) What is the scalability of this solution in a real world environment? (I had the opportunity to deploy and replace, through three vendors, big iron aggregation routers carrying 50% of Arizona’s internet, in the mid 2000’s. This was because the documented scale numbers could not be realized… software complexities manifest in irregular ways under stress. When your choosing an entire system you will want to ensure you are not repeating the mistakes we have all made over the past 20 years. It’s all about tested and verified scalability, choosing anything less could be career limiting.

5) What protocols does this technology use, and how will they fit in the ecosystem of protocols that is your infrastructure?

 

Security

The second thing to be aware of when driving a fast car, is the most important components are the brakes (and the seat belt), This section really doesn’t need an analogy, the costs of cybercrime have been estimated at 445 Billion dollars annually. Whereas IT has been the efficiency engine for business for the past decades, we’ve created a digital economy reliant on technology, and it is one we must protect. Security should be absolutely top of mind, from top to bottom, in any enterprise. And regulators are taking note, in 2015 the bank regulators made cyber security a board level priority, similar to how SOX made financial reporting a board level requirement, going forward a CxO will need to back the reliability of these organizations cyber security programs. Other industries are likely to follow, if they have not already.

Thus the ability to architect and operate a secure system is critical with any technology expense.

Key considerations to evaluate:

1) Lifecycle: historically this has been overlooked, but in terms of being able to get ongoing software support and patches to critical vulnerabilities, it is one of the more pressing issues. in 2015 financial regulators began to make the language more explicit, changing it from “you need to keep critical infrastructure within patch management”, to “you need to have a plan for managing end of life products to ensure you can patch them”.

Put simply, do the partners you are working with, have an end of life policy that can ensure you will have ongoing patch management support for the duration of the assets expected life? (or rather, can you actually fully depreciate the solution, and if your depreciation schedule is greater than your partners ability to patch, do you need to adjust your depreciation schedule to ensure you can meet security and regulatory requirements?)

2) Compliance: What compliance requirements does your industry have? What security frameworks does your organization adhere to?

2) Patch Management: Who and How will you manage patches? Who will provide the patches, and who will be responsible for deployment?

4) Logging and Audit: what are the capabilities of the proposed solutions, and do they fit into your existing requirements? Can you enforce non repudiation via centralized logging?

5) Integration with third party security tools: All organizations have their chosen security tools, both commercial off the shelf, and homegrown. How does the newer technologies fit in with these existing security tools?

The security ramifications of the end solution will be critical to understand at the outset of any software defined project.

 

Agility

The third most important aspect in driving a fast car is the maneuverability, the suspension that allows you to adjust your trajectory to avoid obstacles and take more optimal paths as they become available. One of the greatest values the software defined infrastructure will bring to an organization is the ability to have a much greater operational efficiency and bring agility to the IT organization. This capability will enable provisioning of new services, as well as provisioning of existing OAMP (ACL and Qos management), at the speed of software. This does not indicate a removal of process, but will allow for rapid deployment of authorized and tested services. There will be work to ensure your organizational processes align around an agile capability, and that the agility does not compromise the security or availability.

Some considerations for how to ensure your getting the agility you anticipate:

1) Will the agility apply to a subset of my infrastructure, or will I be able to have a long term plan to improve my entire enterprise? Will the cost saves in software/labor arbitrage apply to my existing enterprise?

2) Will the solution have open northbound API capabilities to expose the agile instrumentation to an orchestration system, to ensure workflow management?

3) Are the agility capabilities solving the most pressing labor and process constraints?

4) How will this solution fit into existing operations and management processes?

5) Will there atomic commit and rollback capabilities, such that if a change needs to be backed out of, a course correction can be made?

6) Lab testing will need to be an organizational competency to ensure successful deployments of any changes, and must be automated through test cycles to ensure the bottleneck does not move to testing, with the logical next steps of shortcuts being made in test to achieve the time to deployment envisioned.

7) Automated security scan tooling should be incorporated as part of the rapid deployment processes, to ensure changes which affect numerous systems are able to be vulnerability tested in near real time.

 

People

The driver is critical to winning any race, and the final piece to successful deployment of a software defined technology, is having the right people, in the right place, and with the right KNOWLEDGE to adequately support the technology. Many enterprises lack the organizational competency to effectively architect, deploy, operate, and optimize the newer generations of technologies. There are new toolsets, new languages to learn, and fundamental shifts in operational skills that need to occur, and it starts with the employee. It’s not just retooling the people, but we also have to retool the organizational processes for monitoring and change management. The process is just the behavior shaping constraints we make for our people, we also need to ensure adequate skill sets.

1) Once we push aside power point slides and things get technical, do you have the right resources to engineer and architect a highly available and secure infrastructure?

2) Do you have day 2 resources to properly troubleshoot the problem?

3) What is the technology adoption in terms of, how difficult will it be for an IT organization to hire resources with this skill set? Are there adequate feet on the street to operationalize the solution?

 

I will have a follow on blog on how an enterprise can, cost effectively, create a structure and culture for ongoing development with their employees as we retool towards the next generation of the internet. Spoiler alert it couples to disparate concepts, the power of recognition and incentives on human behavior, and new learning methods, to ensure that training is 1) relevant, 2) absorbed, and 3) cost effective.

Because while technology is intended to make things easier, in aggregate it has become exponentially fast moving, significantly fundamental to every business transaction, and increasingly fragile/risky. I need an army of talented people to help me ensure that commerce as a fundamental to modern society, will remain an ongoing concern.

So lets go!

 

 

——————-

Errata :

Regarding the section on availability, there is a hidden message for teenagers on why your parents should buy you two cars.

Unknown's avatar

Published by William Nellis

Twitter @williamnellis phoenix suns, az cardinals, rock climbing, running, mba, msisa, ccie, ccde, all things open, simplicity, structure, elegance

One thought on “Building Blocks of a Software Defined Infrastructure

  1. Pingback: Building Blocks of a Software Defined Infrastructure – William Nellis

Leave a comment