As CIOs work to improve the network for services delivery in the digital age, software-defined networking for enterprises has seen a steady rise in adoption. For those in the early decision stages, the question of how to integrate SDN into networking architecture through migration is top of mind.
Although the migration process will require network changes that will affect the entire enterprise, having a rule-based approach to integration is the best way to ensure successful outcomes. To start that process, here are 11 rules for software define networking integration.
#1. Plotting a course based on need rather than technology
Organizations should first think about their reasons for choosing to go the SDN route and what they want to get out of it before looking at platforms. Businesses and IT needs will be different for each organization and sector such as manufacturing and financial institutions, so SDN will be applied in different ways.
Specific needs could be centralizing and improving enterprise network management and security or improving costs. Needs assessment must go beyond words like “agile” to reach the heart of deployment objectives. These needs determine the technical process and platform. The goal is to determine how the migration, integration and operation of SDN will affect the business across departments, divisions and enterprise wide.
#2. Discovering application connectivity and Improving the network
In this pre-migration stage, organizations will discover and map business application network flows and dependencies, which are crucial to making the changes needed for the SDN migration. Complex networks and data flows can make this difficult, but machine-readable traffic flow records can lessen the challenge. This stage will also require updating of switches and ports to align with a virtualized SDN environment.
#3. Aligning the infrastructure with the right SDN platform
While there are a number of SDN platforms available, most organizations will choose between ACI and NSX. Rather than discuss their differences, it will be sufficient to say that some organizations may be partial to the VMware solution or the Cisco solution based on their current affiliated networking systems.
#4 Looking beyond automation
SDN migration projects require following a highly detailed process for success, so vendors offering automatic conversions should warrant heavy skepticism. Despite heavy doses of automation, IT teams will still need to discover, model, migrate, and test business applications in digestible chunks. Only with proper planning, testing and management can organizations migrate applications and begin to see SDN benefits.
#5. Preparing the organization
At this stage, organizations will begin the skill set assessment and training process to support SDN and infrastructure changes. Key IT personnel will need to be trained to think about the control plane in addition to the data plan. For example, the operations engineers and administrators accustomed to CLI will need to adapt to an SDN dashboard.
#6. Lab testing the platform
Most SDN products are available in a test lab environment due to the portability of software. Software portability makes it possible to conduct this implementation testing using onsite and cloud-based virtual lab environments, which enables:
- SDN controller testing by emulating switches in different topologies
- SDN switch performance testing
#7. Develop a SDN security strategy
Software-defined networking can deliver robust security through its system architecture’s design possibilities such as:
- Data packet routing through a single firewall to make IDS and IPS data capture more efficient
- Continuously adaptable data protection measures that can be seen in the case of SDN for PCI compliance across enterprise sectors.
- Segmentation that can harden security and reduce attack surfaces
While these and other SDN security measures can be highly effective, lack of a detailed security strategy can open the network to attacks due to uncontrolled traffic. This strategy requires extremely accurate implementation and programming designs that are based on network security priorities and SDN technology understanding.
#8. Managing the migration process
Since application dependencies are mapped and the current network architecture has been optimized for SDN, the migration and integration process can begin. However, this is not something you can do overnight. The work involved in application migrations can vary depending on the size and complexity of the network, and on what the organization is looking to get out of the project. It’s a good idea to take a gradual, step-by-step approach. All applications can’t be migrated at once, so an incremental migration should be built on migration strategy stages that include:
- IP address allocation and server workload assignment to new addresses
- Application software reconfiguration to the new IP addresses
- Application traffic discovery policy writing
- Policy deployment and validation
- Application functionality testing
- Moving the application to production
- Decommissioning the legacy version of the application connectivity
#9. Start small
Reaping the enterprise network management and security benefits of SDN is not an all or nothing proposition in terms of integration. Organizations should consider starting small with automation tools that they can add to the existing network today to gain immediate benefits and improvements. This can be followed by more software that provides application optimization based on policies for traffic routing and performance improvement. A modular approach can set the organization up for success with a broader SDN integration that can be accomplished faster and more assuredly based on need.
#10. Post-integration management
The next step after application migration to the software-defined network is development and implementation of ongoing security policy management. This requires access to change tracking and auditing as well as risk and compliance reporting. As business applications change over time, administrators will need to modify network policies.
Implementation of a holistic, automated change-request system is the best approach to handling security policy management. Keep in mind that the system must be capable of supporting SDN firewalls and security controls as well as the traditional firewall.
#11. Find an Integration Partner
Software-defined networking for enterprises is continually evolving and does come with a learning curve. This is an important reason to partner with a skilled networking integration partner with a track record in SDN deployments like Acadia Technology Group. Having that experience gives the business constant access to a wealth of knowledge on best practices for integration and management. An approach like this can ensure that the SDN integration successfully meets business needs today and tomorrow.
To learn more about emerging security threats in 2018, download the free white paper.