In my first blog in this series ‘Cloud Security – what’s all the fuss about’ I introduced the concept of clean clouds and the need for a comprehensive end to end security architecture. In this blog I look at the Data Center aspects of secure cloud services.
Unlike the continual advances seen in the areas of compute and storage, the data center network has until recently languished in the tree topologies first deployed in campus networks ten or more years ago. Anyone remember ‘collapsed backbone’ architectures? If you do, you’ll get my point!
These tree topologies have long been the ‘marketecture of choice’ for switch vendors; ideal for positioning an array of platforms and ultimately more boxes into their solutions. Today however, most of us have realised that although the earth may not be flat, it should be; at least where data center networks are concerned.
But flat architectures are not just about performance benefits; any to any single hop and low latency connectivity. What may be less apparent is the impact a flat architecture has on the security services of a modern data center. Cutting down the number of tiers inherent in tree topologies can have a marked impact on the deployment of security technologies.
For physical security devices, a flat architecture has the effect of expanding the footprint of a single appliance. Whereas in previous deployments the security appliance could only enforce and protect within the ‘shadow’ it cast over its particular branch of the network, appliances can now be used to enforce policy across the entire data center.
Fig 1: Removing Service Shadows with a Flat Network Architecture
What was once the remit of multiple smaller appliances now becomes the responsibility of fewer, more powerful appliances and is changing the way vendors are building security technology for the data center.
In addition to the physical appliance, recent innovations in virtual security appliances operating within the hypervisor means that an integrated security policy can be deployed and managed consistently across the physical and virtual domains, independent of the location of the application within the network architecture.
This ability to extend the reach and integrate physical and virtual security enables service providers to fully leverage the agility implicit within a dynamic, virtualised data center and releases the full potential of application services in a multi-tenant, customer facing service environment.
In the videos below, Georgina Schaefer of Juniper talks about the security challenges posed by the modern virtualised data center and Andrew Buss of Freeform Dynamics gives his view on the opportunity for service providers.
Data Center Security Analyst Headlines Behind the Headlines
Next month I’ll be looking at the access security trends relating to cloud services.
Head of Cloud and Managed Services Marketing, EMEA
Juniper End to End Cloud Security Web Site. 2012