Comments
Networking, Security, And Grand Unified Theory
Newest First  |  Oldest First  |  Threaded View
MarciaNWC
50%
50%
MarciaNWC,
User Rank: Strategist
4/24/2014 | 6:48:58 PM
Re: Software or Hardware?
I second the nomination!
Susan Fogarty
50%
50%
Susan Fogarty,
User Rank: Strategist
4/24/2014 | 5:13:59 PM
Re: Software or Hardware?
Plus 1! I nominate jgherbert as winner of the comment of the day!!!
jgherbert
100%
0%
jgherbert,
User Rank: Ninja
4/24/2014 | 4:04:56 PM
Software or Hardware?

"software-defined Unified Theory"?


Ohhh no you dit-'nt, girlfriend. SDUT? Minus one point for putting "Software Defined" in front of yet another concept. ;-)

To run with your Grand Unified Theory story, and quote Wikipedia (please forgive me):

"As of 2012, all GUT models which aim to be completely realistic are quite complicated, even compared to the Standard Model, because they need to introduce additional fields and interactions [...]. Due to this difficulty, and due to the lack of any observed effect of grand unification so far, there is no generally accepted GUT model."

In other words, it's a nice idea but we'll have to see if it eventually pans out the way it's hoped. What I'd say is that while the separation of networking and security is a current truism, that's mainly because security has by necessity (for scale and management) been deployed as separate dedicated devices. Now that we have this wonderful handle on distributed compute and virtualization, we can scale firewalls in a very different way, if we have the CPU cycles spare and the money to pay the appropriate licensing costs to instantiate all these firewalls.

I strongly believe that pushing security functions to the edge is a valuable step forward, not least because it's better to stop stuff before it wastes networking resource than once it has already used it and arrived at the destination. So at least within our sphere of influence, we can get more out of the network.

On the other hand, there's also no reason why such security functionality has to be distributed to hypervisors. In the last few paras you mention the concept of defining policies in more friendly terms, but once you have software in place to do that, it's a matter of taste whether you push that to a firewall, a hypervisor or, heaven forbid, a programmable edge switch. Protocols like Openflow (as an example) would facilitate using the network hardware to implement security for you.

Ultimately then, it comes down to the management plane as much as it does having security capabilities in the network or server hardware. Integrating that management with awareness of virtualization is critical, as well as being synced into any other automation processes so that the security device is aware of all deployments.



Slideshows
Cartoon
Audio Interviews
Archived Audio Interviews
Jeremy Schulman, founder of Schprockits, a network automation startup operating in stealth mode, joins us to explore whether networking professionals all need to learn programming in order to remain employed.
White Papers
Register for Network Computing Newsletters
Current Issue
Research: 2014 State of the Data Center
Research: 2014 State of the Data Center
Our latest survey shows growing demand, fixed budgets, and good reason why resellers and vendors must fight to remain relevant. One thing's for sure: The data center is poised for a wild ride, and no one wants to be left behind.
Video
Twitter Feed