Nnw Virtualized Dc Wp

THE STATE OF THE

VIRTUALIZED DATA CENTER

n eBOOK DATA CENTER

CHAPTER 1: Business Trends

CHAPTER 2: SDN & Virtualization

CHAPTER 3: Virtualization: Why You Need a Simplified Architecture

CHAPTER 4: Business Continuity and Disaster Recovery

CHAPTER 5: Physical and Virtual Security

CHAPTER 6: Management and Automation

CONCLUSION

CHAPTER 1: BUSINESS TRENDSAGILITY. It’s impossible to read an article in the trade press or attend a webinar without the word coming up. And thanks to the increased adoption of virtualization, IT leaders have gotten a taste of what it means to be agile.

Organizations today increasingly look to the data center network for competitive differentiation. It’s no longer just about speeds and feeds and big pipes. Virtualization has changed that equation. Case in point: The results of the 2013 Computerworld State of the Enterprise survey1 suggest that IT departments are becoming adept at linking even routine investments—like networking—to business objectives. When asked how impor-tant infrastructure technologies were to creating a competitive advantage for their companies, a majority of respondents rated data center-related technologies, including IT and network services management (57 percent) and virtualization (56 percent), as either very important or critical.

57% 56%

n eBOOK THE STATE OF THE VIRTUALIZED DATA CENTER 2

That emphasis is showing up in investment plans for the network and data center. The 2012 Network World State of the Network study2 showed 34 percent of the respondents were ready to roll out or were planning to roll out, 17 percent were investigating what direction to take, and 30 percent were already fully deployed.

IT and network services management

Desktop/storage/ network virtualization

Virtualization

IMPORTANCE OF INFRASTRUCTURE TECHNOLOGIES TO

CREATING A COMPETITIVE ADVANTAGE

FOR COMPANIES

NETWORK/DATA CENTER INITIATIVES New to us

Investigating what direction to take

Ready for rollout within next 12 months

Planning for rollout in next 1–3 years

Fully deployed

Not on our radar

30%

15%

16%

18%

17%

4%

These plans are being built on a proven track record for virtualization: Over the past decade, data center agility has dramatically increased with the virtualization of compute and storage resources. Applications have transitioned from client/server architectures—where each application was tied to a specific physical server—to virtualized architec-tures where software abstracts the application from the physical server, allowing the application to reside literally anywhere. Storage, meanwhile, has transitioned from phys-ical resources dedicated to specific applications or servers to shared pools.

But IT understands that the infrastructure is not as agile as it could be—or as it needs to be. While data center agility has greatly increased due to application, server and storage virtualization, the IT infrastructure is still not agile enough to meet business demands.

The problem is the network. Virtualization is dependent on the network, and the network is incredibly complex. So complex, in fact, that it brings resource provisioning to a standstill. It’s not just network virtualization that’s being held back; this holds true across all virtualization strate-gies. A 2013 survey conducted by Network World on behalf of Juniper Networks showed that at least half of IT leaders said network complexity is holding back virtualization for networks, storage, applications and servers.

This e-book looks at the virtualization trends uncovered in the survey conducted by Network World on behalf of Juniper Networks and offers advice for optimizing data center agility through network virtualization in a simple, open, smart manner.

1 Computerworld, 2013 State of the Enterprise Survey. http://marketing.computerworld.com/CW_State_of_Enterprise_2013.pdf 2 Network World 2012 State of the Network Study http://marketing.networkworld.com/pdf/NWW_StateoftheNetwork_2012.pdf


Virtualization is dependent on the network, and the network is incredibly complex. At least half of IT leaders said network complexity is holding back virtualization for networks, storage, applications and servers.

SOURCE: 2013 SURVEY CONDUCTED BY NETWORK WORLD ON BEHALF OF JUNIPER NETWORKS

CHAPTER 2: SDN & VIRTUALIZATIONOrganizations are increasingly considering software-defined networking (SDN) to reduce the complexity of

network operations. In fact, more than half of the respondents to the Network World survey said they are

either currently evaluating or plan to evaluate SDN in the next 24 months as a way to automate and simplify

network operations.

SDN enables direct programmatic control of the network (in line with end-user application needs) rather

than programming around the network. Here’s how: SDN separates the network control plane from the data

plane. In other words, control of the network is taken out of individual network elements and centralized in

a controller. Instead of individually managing and configuring devices on the network, network administra-

tors can automate and centrally manage them via the controller, which provides complete visibility into the

network. What’s more, SDN gives network administrators more granular control. They can prioritize, de-prior-

itize and block specific types of packets without having to touch individual network switches.

Unfortunately, deploying SDN technologies isn’t without its challenges. Nearly half of survey respondents say

an IT skills gap is the biggest challenge they have encountered or expect to encounter when deploying SDN,

and for good reason. In a software-defined network, applications at Layer 7 can interact and automate down

to Layer 2. As a result, network engineers must think more broadly about the decisions they are making.

They must be able to architect workloads across multiple pieces of infrastructure and determine how those

workloads should be treated under varying conditions. In addition, as the network becomes increasingly

automated, network architecture and design skills will become increasingly valuable.


18%

52%18%

16%

Respondents in the finance, education and high tech industries are more likely than those in manufacturing to be evaluating or have plans to evaluate SDN.

MORE THAN ONE-HALF WILL EVALUATE SDN WITHIN THE NEXT 2 YEARS.

In the process of evaluating

Will evaluate in the next 12 months

Will evaluate 12–24 months from now

TOTAL

The lack of a proven return on investment (ROI) is the second biggest challenge organizations report facing when deploying SDN technologies. However, there are plenty of quantifiable benefits that organizations can use to determine the ROI for their SDN deployment. For example, organizations should consider the effi-ciency gains SDN enables and the impact they have on the organization’s ability to deliver IT services faster. Organizations can also factor in lower operating expenses as a result of centralizing network management. They also stand to reduce capital expenditures by becoming less dependent on proprietary hardware, dedi-cated appliances and application-specific devices.


Challenges Encountered/Expect to Encounter in Deploying Software-Defined Networking Technologies

NEARLY ONE-HALF HAVE ENCOUNTERED OR EXPECT TO ENCOUNTER IT SKILL GAPS WHEN DEPLOYING SDN TECHNOLOGIES. ORGANIZATIONS ALSO CITE THE LACK OF PROVEN ROI AS A TOP OBSTACLE TO DEPLOYMENT.

IT skill gaps

Unsure of ROI/immature technology

Integrating with current technology

Staff resource constraints

Cultural barriers within IT (change management)

Business disruption/downtime during transition

49%

48%

43%

39%

26%

24%

CHAPTER 3: VIRTUALIZATION: WHY YOU NEED A SIMPLIFIED ARCHITECTURE

Virtualization is maturing, and organizations are realizing its benefits. More than half of the respon-dents to the Network World survey report full or pervasive virtualization at their organizations. The increased virtualization and outsourcing to the cloud is most often being driven by business-continuity and disaster-recovery (BC/DR) initiatives. The desire to improve application performance and agility is also a top driver. Meanwhile, in larger companies, anticipated cost savings, as well as moves, consolidations and mergers, are more likely to be driving virtualization and cloud initiatives.

But getting virtualized has its challenges. The majority of respondents report that network complexity is a barrier to increased virtualization. This is because the network cannot keep up with the speed of change made possible by server virtualization and cloud computing. Servers can be spun up in hours, even minutes, but network resources require days or weeks, with multiple touch points often handled by multiple people. The complexity of the network has made it a bottleneck.

And that brings us to another challenge organizations encounter when virtualizing: IT silos. Networking, storage, server and application teams work independently, doing their part to prepare an IT resource for user consumption, then pushing it along to the next group with minimal automation.

Many of today’s organizations understand the need to reduce network complexity before embarking on a network virtualization project. That means preparing both the network itself and the staff responsible for the network. Case in point: Nearly 50 percent of survey respondents said they plan to change the structure of their IT organizations to accelerate virtualization and cloud. Among organizations with more than 1,000


Plans for Changing IT Structure to Accelerate Virtualization and/or Cloud Initiatives over Next 12 Months

NEARLY 50% HAVE PLANS TO CHANGE THE IT STRUCTURE TO ACCELERATE VIRTUALIZATION AND CLOUD. ONE IN FIVE ARE CREATING NEW IT TEAMS DEDICATED TO RE-ARCHITECTING THE NETWORK.

Consolidating/merging IT teams or silos (e.g., networking, storage,

server, application teams)

Creating a new IT team dedicated to re-architecting the network

Creating other new IT teams

Other

No changes planned to IT’s structure 51%

3%

7%

20%

37%

employees, that percentage reaches 67 percent. These organizations are either consolidating or merging IT teams or silos (e.g., networking, storage, server and/or application teams), or creating new IT teams dedicated to rearchitecting the network.

As far as the network itself goes, 56 percent of organizations plan to make changes or upgrades to the network to better support virtualization. This is incredibly important because the physical network serves as the foundation for the virtual network. Any issues in the physical network are likely to manifest in the virtual network as well.

The physical network must have certain characteristics before it is virtualized. For example, the physical network must enable any-to-any connectivity with fairness and non-blocking behavior. This ensures deter-ministic performance of the virtual network on top of the physical network, and that network behavior will not change based on the location of a virtual machine (VM). The physical network must also be low latency and low jitter, and have no packet drops under congestions.

When it comes to upgrading the network, 30 percent of organizations prefer a full solution stack when choosing network vendors. The remaining respondents prefer best-of-breed solutions or do not have a strong preference. Furthermore, nearly seven in 10 organizations are likely to outsource components when making network upgrades/improvements, including solution implementation (40 percent), network design (35 percent) and post-implementation support (32 percent).


Plans for Changes/Improvements to Network to Accelerate Virtualization and/or Cloud Initiatives over Next 12 Months

MORE THAN HALF (56%) ARE PLANNING TO MAKE CHANGES OR UPGRADES TO THE NETWORK IN ORDER TO BETTER SUPPORT VIRTUALIZATION, WHILE 2% WILL VIRTUALIZE THE ENTIRE NETWORK.

We are planning significant changes or upgrades to the network in order to

better support virtualization in other areas

We are planning moderate changes or upgrades to the network in order to

better support virtualization in other areas

We are planning to virtualize the entire network

Minimal changes or improvements to the network are planned

Don’t know

17%

39%

36%

2%

6%

CHAPTER 4: BUSINESS CONTINUITY AND DISASTER RECOVERYNearly all survey respondents report that BC/DR is a consideration when planning network changes or upgrades. More specifically, organizations most often consider network availability, network security and user connectivity.


Aspects of Business Continuity/Disaster Recovery Taken into Consideration when Planning Network Changes/Upgrades

NEARLY ALL RESPONDENTS REPORT BC/DR IS A CONSIDERATION WHEN PLANNING NETWORK CHANGES OR UPGRADES. ORGANIZATIONS MOST OFTEN CONSIDER NETWORK AVAILABILITY, NETWORK SECURITY AND USER CONNECTIVITY.

Legacy infrastructure is the top challenge organizations face when improving BC/DR, cited by 42 percent of survey respondents. Operating multiple virtualized Layer 2 networks can help solve this problem. Applica-tions can be connected between multiple virtual networks within a single data center or between physical data centers. The objective is to create location independence in the network so the application provides the same performance from any server within the data center and from any data center location. To achieve this, organizations must have universal SDN connectivity to be able to programmatically move the applica-tion anywhere for BC/DR purposes, and to deliver consistent behavior from the virtualized networks.

Network availabillity

Network security

User connectivity

Ensuring continuous data access

Data protection

Data replication

85%

74%

64%

61%

59%

52%

Universal SDN gateways provide the advanced and flexible physical and virtual network routing and bridging connections and translations required for inter-, intra- and cross-virtual network communications. A universal SDN gateway allows you to move compute resources between networks, either within physical data centers, between physical data centers, or between a physical data center and a cloud environment.

Virtual overlay networks are designed to imitate all aspects of the underlying physical network, subjecting the overlay network to performance, degradation and reliability issues when broadcast, unicast or multicast packets are flooded to all devices within a broadcast domain. Broadcast, unicast and multicast flooding is standard network behavior that physical network equipment is designed to handle. However, broadcast, unicast and multicast flooding places an exponential burden on the servers hosting the virtual network, which does not scale, potentially degrading the virtual network.

Hardware-based overlay replication available on universal SDN gateways offloads broadcast, unicast and multicast packets from the virtual network and allows purpose-built hardware-based devices to convert these packets into standard broadcast, unicast or multicast packets. These packets are then forwarded to their intended receivers to deliver performance, scale and reliability as well as consistent behavior from the virtualized network.


Top Challenges to Improving Business Connectivity/Disaster Recovery

LEGACY INFRASTRUCTURE IS CITED AS THE TOP CHALLENGE IN IMPROVING BUSINESS CONTINUITY AND DISASTER RECOVERY.

Legacy infrastructure

Multiple failure points

Security gaps

Infrastructure built without clearly identifying application

requirements

Inconsistent management and security policies

Infrastructure sprawl

Practicing manual backup and configuration

Traffic is not prioritized based on application relevance,

causing performance issues

42%

28%

28%

27%

26%

23%

22%

19%

CHAPTER 5: PHYSICAL AND VIRTUAL SECURITYVirtualization has changed the face of the data center. Today’s data centers are a mix of physical servers and virtual workloads, and require a more pervasive range of security as a result. With nearly every organization implementing some degree of cloud computing, virtualization security is as integral a component as tradi-tional firewalls are in today’s networks.

This is evidenced by the results of the Network World survey. At 59 percent, the majority of respondents report that network security is an upfront consideration when implementing new network technology. Network security is important because it’s the backbone of the larger security ecosystem. In the past, security measures were largely reactive. But IT organizations are becoming more proactive. They want to have a strategy in place as they implement initiatives around virtualization, cloud services, consolidation and modernization. And the strategy must be balanced with convenience and speed. Applications and Infrastructure-as-a-Service can be provisioned in minutes. Organizations need the ability to scale and flex the network and security to assure it serves the interest of the application. It is unacceptable for security to take a couple of months to catch up with the virtualized resources. Security should be constantly scaled and flexed in tandem with the physical network or SDN network or both.


A MAJORITY OF RESPONDENTS REPORT THAT NETWORK SECURITY IS AN UPFRONT CONSIDERATION WHEN IMPLEMENTING NEW NETWORK TECHNOLOGY.

Upfront consideration — we usually update our security

environment to keep pace with network changes as they happen.

Mid implementation — we try to anticipate changes in security require-ments as network changes occur, but

this doesn’t always work out.

Post data center implementation —when network design changes are made, security is typically built in

at a later stage.

59%

28%

7%

Consideration of Network Security When Implementing New Network Technology

Performance is also a concern when evaluating network security solutions to support a virtualized environ-ment. In fact, 80 percent of respondents to the Network World survey consider it highly important to be able to support new services and technologies without sacrificing performance. This tends to be a problem when perimeter security solutions are retrofitted for the virtual environment rather than purpose-built for VMs. It can be compared to putting a heavy coat of armor on a little machine that wants to move around. The armor weighs—and slows—the VM down. Furthermore, because VMs are in a multitenant environment, it is impor-tant to secure them north to south with other physical perimeter security measures, but also east to west to protect them from other VMs that might be sitting on the same server. Security must double-down—making sure no one is coming in from the outside or the VM sitting next door—but without slowing performance.

Workloads must also be secured in a consistent manner, and the policies that apply to physical workloads must apply to virtual workloads regardless of where they reside. Organizations must be able to manage them with a consistent policy in mind so that zones defined for the physical network can also be articulated in the VM. If the policy says this workload is associated with financial information and the data moves to another cloud provider, the policy should travel with that workload and adhere to the zone policy established for the physical network. Managing policies once for both the physical and virtual environments reduces operational overhead. It also ensures there will be no mistakes that can leave the organization vulnerable to attack or falling out of compliance with regulatory requirements.

Organizations should also consider the firewall technology they deploy in the data center. Some providers insist that their next-generation firewall solution can help protect the virtualized data center. However, this technology has a specific use case in an office or campus environment. The application visibility and control capabilities are aimed at keeping people from inadvertently contracting a virus. These capabilities are not needed in the data center, nor are they effective at protecting the infrastructure. The majority of security professionals who responded to a 2013 Ponemon Institute report commissioned by Juniper Networks indicated that current next-generation firewalls and IP reputation feeds address only part of the cybersecurity threat, leaving significant exposure to the most concerning attacks. Applications and infrastructure reside in the data center, which is why it requires a high-performance, highly scalable firewall-based gateway.


WHEN EVALUATING NETWORK SECURITY SOLUTIONS TO SUPPORT A VIRTUALIZED ENVIRONMENT, 80% CONSIDER IT HIGHLY IMPORTANT TO BE ABLE TO SUPPORT NEW SERVICES AND TECHNOLOGIES WITHOUT SACRIFICING PERFORMANCE.

Support new services and technologies without sacrificing

performance/end-user experience

Virtualized security policy is consistent and integrated with

physical security policy

Detailed reporting/logging of access events and traffic to support SLAs

and compliance requirements

Full visibility and access control over all traffic flowing through VMs

Level of Importance When Evaluating Network Security Solutions to Support a Virtualized Environment

Critical Very important Somewhat important Not very important Not at all important

31%

26%

26%

19% 44% 35%

37% 29% 6%

48% 24%

49% 18% 1%

1%

1%

1%

1%

2%

2%

56% of respondents say securing web traffic is their biggest security concern.

However, 61% of respondents say emerging network security technologies only address part of the cyber security threats facing their organization.SOURCE: Ponemon Institute© Research Report

CHAPTER 6: MANAGEMENT AND AUTOMATIONJust as organizations need a common approach to securing both physical and virtual environments, they also need a common approach to managing and automating networks. With the introduction of the virtual environment, multiple groups within an organization are responsible for different parts of the network. For example, the server administrators may own the virtual network while the network team maintains ownership over the physical network. When problems arise, it will be natural for one group to point to the other to avoid blame. This will make it difficult to identify the source of the problem and remediate it in a timely manner. Thus, organizations require a single network management interface that provides visibility into both the virtual and physical networks. This centralized interface can help organizations identify where a packet is flowing and where an issue may lie, whether it’s a physical network misconfiguration issue or an overloaded hypervisor in the virtual network dropping packets.

The same requirement goes for automation as well. Organizations need a single interface to automate behavior across the entire network—whether physical or virtual.



CONCLUSIONIn an effort to achieve the level of agility that business demands, many IT organizations have virtualized their data center resources. With applications, servers and storage virtualized, IT is able to react more quickly to business needs. However, these virtualization efforts go only so far before network complexity brings efficiencies to a halt. To achieve greater levels of agility, IT must address the network.

That means simplifying the infrastructure and operations with virtualization. Juniper Networks MetaFabric™ Architecture—a simple, open and smart approach to data center design—accelerates the deployment and delivery of applications within and across multiple virtualized data centers. It provides location-independent coordination and management of devices across multiple sites, maximizing data center resources and ROI to allow you to establish a solid physical network foundation and address the security and BC/DR requirements needed for network virtualization success.

FOR MORE INFORMATION, VISITwww.juniper.net/datacenter

Documents

Nnw Virtualized Dc Wp