Welcome!

Omar Sultan

Subscribe to Omar Sultan: eMailAlertsEmail Alerts
Get Omar Sultan via: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn


Related Topics: Cloud Computing, Twitter on Ulitzer

Cloud Computing: Article

Services in a Cloud Computing Environment

Expect to see some interesting things in the future around services for the virtualized data center

Omar Sultan's Blog

Once we cut through the cloud-hype and start looking at the practicalities of implementing things like workload portability, I think the lessons of the past will re-assert themselves, this time with things like security and L4-7 services.

Quite a few years ago, when we we positioning the concept of the intelligent network, we had a slide that showed how features moved from servers or dedicated hardware to the the network over time. The trigger was usually when a service, say name resolution, became broadly used. At that point, it was seldom workable to have that service delivered by a place in the network--it needed to be ubiquitous...and highly available...and scaleable...and manageable...and usually ended up as a network service.

Reading a recent post by the ever fearless Christofer Hoff and the related Twitter exchange got me thinking about this again. Once we cut through the cloud-hype and start looking at the practicalities of implementing things like workload portability, I think the lessons of the past will re-assert themselves, this time with things like security and L4-7 services. There was a time when security=firewall, in essence, security was associated with a specific place in your network. Now, to be effective, security needs to be pervasively deployed and deliver security services that ubiquitous and consistent--no matter where a workload runs (my desktop, my data center, someone else’s data center) the security policy must be consistently implemented.

In short, models that depend on services such as security or load-balancing being associated with a specific place in the the network or a specific piece of infrastructure will not survive the transition. We need to be able to implement services wherever they are needed--the ability to provide security services to a given workload cannot be constrained by whether that workload happens to be running on a server that happens to be plugged into a firewall--it would be like saying you can only call certain area codes from certain certain extensions in your house--”Oh, you want to call New York? You’ll have to use the phone in the guest bedroom...”

For us, this is in our DNA--you plug into the network, you get access to all its goodness. As an example, our SAN solutions are built upon the concept of and intelligent fabric, where critical services are a function of the network,not a specific box. This means that I don’t have to worry about a server dying and taking my VSAN routing with it. It also means my capacity and performance automatically scale-up and scale-down with the number of switches in the network.

Unified fabric is an extension of this concept: plug into a unified fabric and you automatically have access to all your storage resources--no HBAs, no fiber runs, no fabric switches--access to storage is no longer a function of having specific infrastructure deployed. VN-Link and the Nexus 1000V are also a logical extension of this concept: no matter where a workload (VM) ends up running, its security policy will stay with it, so application of security policy is no longer a function of having a workload running in a specific location.

As you may guess we are continuing to expand on this concept, so expect to see some interesting things in the future around services for the virtualized data center.

 

More Stories By Omar Sultan

Omar Sultan is a regular contributor to Cisco's Data Center Blog.

Comments (0)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.