It has been just more than six months since we finished our first commercial Software defined networking (SDN) product launch. Prior, we had completed several commercial, what might be considered today as Network Functions Virtualization (NFV), deliveries based upon virtualized platforms and embedded system designs. And throughout the same period, we concluded numerous cloud orchestration integrations. There are similarities among all of the designs, including software based solution delivery, automated provisioning and application centric workflows resulting in better network services. They all started as separate, compelling and potentially disruptive campaigns geared towards reducing complexity, time and cost of deploying expert systems. Today, I can’t help but think about SDN, NFV and application level orchestration as one large system requirement coming together to significantly improve service acquisition, workload execution and quality of experience, while lowering cost.
From a technical perspective, the mass-market adoption tipping point for SDN, NFV and orchestration arrives when application intelligence is combined with distributed network resource’s programmability based on user identity. This is a synchronization of end-to-end resources in a software defined network which moves beyond cost reduction into a new paradigm of functional improvement. Given an effort to over simplify something as complex as a large end-to-end system, most people speak about these technologies as islands of resources capable of doing all things based on the potential of a theoretically unlimited resource. And although early adopters may be introducing the technology in this fashion, there is a clear need to maintain the notion of hierarchical role and functionality definitions to maintain or improve the balance required to avoid injecting unacceptable latency as more control layer applications move to centralized processing of end-to-end flows. With that being said, the strict hierarchical definition that once guided network architectural best practices has moved away from network definitions, to having context specific to each and every control plane application. And it is the flexibility available in the underlying technology that lends itself to offering each application a unique perspective on how they individually manage policy on behalf of users in an end-to-end flow. Therefore, when combining the perspective of multiple centralized control plane applications, ultimately combining application intelligence, with a dynamic way of introducing change back into the end-to-end system, we arrive at a much better solution than when each individual control plane application or service makes individual decisions with limited scope.
Let’s pick a topic such as security to bring a specific example to life. If you look at users entering a system and moving inward towards the spine, and eventually the application resources, the scope of user identity policy is changing as traffic flows throughout the system. This scope is also relative to the control plane application or service dynamically controlling the network based on its perspective of a specific User. The tipping point is realized when one application has the ability to influence another based on leveraging the strengths of two different perspectives. Let’s go further. Imagine a user is infected with an unknown botnet. The user is compliant at the access level of the system, simply because the user’s up-to-date anti-virus protection is unaware of the user’s infection. Now this Botnet begins to propagate throughout the system looking for new hosts to infect. Meanwhile, a DDoS application recognizes this malware propagation event given its behavioral anomaly intelligence and has the ability to reroute the specific user’s malicious traffic for botnet validation and attack vector characterization. Once the footprint of this botnet is confirmed, the DDoS application notifies the user access and device management application to associate this infection to the user, while provisioning the network to block this specific signature on the access point based on the user’s dynamic location. When the user moves, so does the signature, now associated with the user’s Identity. We could continue to describe how the anti-virus protection application can take further action to remove the new botnet and eventually influence the removal of this policy from the system for efficiency. But the most important point here is that the user and the system never experienced service disruption while dynamically managing a complete protection life cycle event autonomously.
The point in the end is that SDN, NFV and orchestration are fundamental requirements leveraged in different parts of a distributed system governed by a hierarchy defined by the perspective of intelligent applications leveraging the network. The workload automation then improves service quality while decreasing costs. The outcome of these intelligent applications working in concert is a tipping point for end-users to enjoy improved functionality, thus making the adoption of this technology compelling enough to buy.