Feeds

I want SDN and I want it now!

Laziness? Or automating the mundane?

Protecting against web application threats using SSL

Sysadmin Blog A recent demonstration of Juniper's Software Defined Networking (SDN) showed a level of automation that makes me loathe the mundanity of my day job all the more.

Software defined networking is a collection of technologies that could free me to do far more business-critical things with my time, like research, automating more difficult-to-commoditize business processes, and so forth.

Indeed, it is automation that is at the heart of the matter: the business case for SDN is that of the improvements to health, sanity and pocketbook that automation of IT mundanities can bring. I'm tired of typing routes into Webmin. I'm tired of scripting. I'm tired of adding the MAC address of a new VM into DHCP, configuring the IDS, setting a password and opening ports for remote access.

Budget woes

The sign of a well run and adequately funded IT department is that common tasks are automated. This indicates both that the operations staff aren't dealing with so much outdated, broken or incompatible crap that their hair is constantly on fire and also that they spend their idle time solving problems instead of playing video games.

I automate where I can, but for several clients, everything is a band-aid on top of a band-aid on top of a band-aid. Something will break and cause us to make a change without proper change control and half the scripts will be thrown into chaos.

Worse, the brass could wander into the office to demand the moon on a stick for $24.99. Implementing said wild scheme will invalidate months of previous attempts to tackle the problem. A month's worth of meticulously crafted GPOs go out the window thanks to a business reorg, or a carefully crafted security plan is vetoed because everyone needs access to everything "just in case."

Vendor provided automation

If I could burn it all down and build it anew there are technologies today to help with automation that simply didn't exist 10 or 15 years ago. Puppet is my weapon of choice and if I had the time to build a new network from scratch, nothing would be allowed onto it without Puppet support. Automate early and automate everything.

Sadly, it is very rare that I gain access to that happy world of greenfield deployments. On most networks I don't have the tools to detect (let alone prevent) clandestine IT. What little automation I can reasonably get away with typically boils down to automating the parts of IT operations that other staff members don't ever see, let alone understand.

Automating automation

Cloud computing and mobile devices have made everyone think that IT is easy and sysadmins are just holding out on them. In some cases, our jobs have gotten easier. Compute and storage virtualization have made a significant impact. Networking, however, still eats way too much of my day. This is where SDN comes in.

SDN is basically a nice pushbutton interface that allows me to create everything necessary for a new virtual machine or physical server without actually putting any real thought into it. Choose a class of workload, push a button and poof: everything from VLANs to firewall rules, routing, VPNs, intrusion detection, port mirroring and so forth is configured.

It also takes care of things like switch reconvergence if the janitor pulls out the wrong cable, and it allows us to move from a world where every server change has to be meticulously planned to ensure it doesn't disrupt the network to one where we can just run the cable to the nearest switch and add more links between switches if a path starts looking full. The software will take care of the rest.

What I'm on about, in essence, is change management. More specifically, the lack thereof. Every business – regardless of size – that I work with increasingly wants IT to be able to adapt to change faster. Whether that's provisioning a new VM more rapidly or planning and executing a migration of the financials package to a new vendor, everything is demanded yesterday.

Automating automation

Before compute virtualization I maintained a massive library of imaging tools, automated install batch CDs, gigabytes of vendor hardware diagnostics, and terabytes of drivers. When a system would fail a complicated series of scripts would cast a spell on a RARball somewhere and a failed system would be reborn on backup hardware in three to six hours.

Today, VMware detects a failed host and 30 seconds later the VM is back up and running.

Before storage virtualization, moving a VM required powering it down, dragging it to centralized storage and then pushing it back up to the next host. Backups were multi-tentacled hydras that kept spawning new heads. Today I have storage vMotion, snapshots, replicas, and live-cloning.

I could write a series of scripts to automate everything network related that has been talked about in this article. I question if I could maintain them in the face of an ever-changing set of customer environments. More to the point, I really, really don't want to.

And that, in my mind, is the case for SDN. ®

Choosing a cloud hosting partner with confidence

More from The Register

next story
Wanna keep your data for 1,000 YEARS? No? Hard luck, HDS wants you to anyway
Combine Blu-ray and M-DISC and you get this monster
Google+ GOING, GOING ... ? Newbie Gmailers no longer forced into mandatory ID slurp
Mountain View distances itself from lame 'network thingy'
US boffins demo 'twisted radio' mux
OAM takes wireless signals to 32 Gbps
Apple flops out 2FA for iCloud in bid to stop future nude selfie leaks
Millions of 4chan users howl with laughter as Cupertino slams stable door
Students playing with impressive racks? Yes, it's cluster comp time
The most comprehensive coverage the world has ever seen. Ever
Run little spreadsheet, run! IBM's Watson is coming to gobble you up
Big Blue's big super's big appetite for big data in big clouds for big analytics
Seagate's triple-headed Cerberus could SAVE the DISK WORLD
... and possibly bring us even more HAMR time. Yay!
prev story

Whitepapers

Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
The next step in data security
With recent increased privacy concerns and computers becoming more powerful, the chance of hackers being able to crack smaller-sized RSA keys increases.