Virtualization Technology News and Information
Article
RSS
VMblog Expert Interview: Aruba Explores The Dawn of the Distributed Services Architecture

interview-aruba-gray 

With the Cloud moving to the Edge, distributed services continue to disrupt everything from AI/ML, to 5G and virtualization. To learn more, VMblog reached out to industry expert John Gray, Data Center Marketing Lead at Aruba, a Hewlett-Packard Enterprise Company. 

VMblog:  What is happening with data centers, and what should we expect in the future?

John Gray:  Historically, data centers and related connections and services were centralized, namely because this was the most efficient means to service a limited numbers of connections, applications and related services, there was low mobility and far fewer devices compared to modern times. While data center networking has evolved over the past decade providing higher-performing 25/100/400G leaf-spine topologies to address the volume and velocity of emerging application architectures - security architectures had really not evolved. 

VMblog:  What specifically is happening today with network traffic?

Gray:  With the explosive growth of east-west traffic in data centers in recent years, centralized security appliances have proven to be inefficient, expensive and difficult to manage. Simply put, hair-pinning traffic to an appliance sitting at the data center edge introduces heavy performance penalties, steep costs and operational penalties.  The problem is further exacerbated by microservices-based applications, where traffic may not even need to leave a physical host to go from one service to another. This means some application traffic may never be inspected by a hardware firewall, IPS, or other security devices, leaving enterprises vulnerable to attack from within the enterprise itself.

new-architectures-required 

VMblog:  It's 2022; What is needed today?

Gray:  Now architectural approaches to data centers and applications must be edge-centric, cloud-enabled, and data-driven. With that there is a clear need for data centers to evolve to a distributed architecture. This provides better support of edge-cloud ‘centers of data'.  What is specifically needed is a unique blend of performance, scale and automation for distributing advanced networking and security services where it's impractical and costly to force traffic back and forth across the network to a centralized policy enforcement point and instead simply apply these services at the services network access layer edge where the applications are running.

VMblog:  What was the primary problem with approaches of the past?

Gray:  Centralized security appliances are inefficient and expensive at inspecting and protecting east-west application traffic within the data center. Hair-pinning traffic to an appliance sitting at the data center edge comes with heavy performance and cost penalties. The problem is exacerbated by microservices-based applications, where traffic may not even need to leave a physical host to go from one service to another. This means some application traffic may never be inspected by a hardware firewall, IPS, or other security device-leaving enterprises vulnerable to attack from within the enterprise itself.  This is quite different than the approach to building capacity and resiliency in decades past.

VMblog:  How would this differ for either security on premises or private vs. public clouds?

Gray:  For on-premises: A distributed services architecture is compelling to support advanced services to the data center edge with unified network and security automation along with policy management. With this, network bandwidth and performance are optimized, eliminating the traditional centralized chokepoint, helping to eliminate appliance sprawl, complexity and costs. 

For securely interconnecting with Public Cloud Providers: The cost of encrypting access to the public cloud using traditional appliances can quickly become unaffordable. Yet, many enterprises must meet a compliance mandate to encrypt all access to public facing cloud resources. A distributed service architecture provides a combination of edge routing, line-rate encryption, firewall and NAT, with end-to-end telemetry for public cloud dedicated connections from either on-premises or co-location data centers.

VMblog:  In summary: how does this meet goals of improved security?

Gray:  A distributed services architecture provides an optimized security architecture and reduces an organization's IT blast radius and risk. The two objectives being met are first to extend a Zero Trust Network Architecture deeper into the data center improving the security posture by enforcing security closer to where workloads are processed. And the second objective is to simplify operations through unified network and security automation and policy management.

##
Published Friday, July 29, 2022 7:31 AM by David Marshall
Filed under: ,
Comments
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
Calendar
<July 2022>
SuMoTuWeThFrSa
262728293012
3456789
10111213141516
17181920212223
24252627282930
31123456