Feeds

I want SDN and I want it now!

Laziness? Or automating the mundane?

Application security programs and practises

Sysadmin Blog A recent demonstration of Juniper's Software Defined Networking (SDN) showed a level of automation that makes me loathe the mundanity of my day job all the more.

Software defined networking is a collection of technologies that could free me to do far more business-critical things with my time, like research, automating more difficult-to-commoditize business processes, and so forth.

Indeed, it is automation that is at the heart of the matter: the business case for SDN is that of the improvements to health, sanity and pocketbook that automation of IT mundanities can bring. I'm tired of typing routes into Webmin. I'm tired of scripting. I'm tired of adding the MAC address of a new VM into DHCP, configuring the IDS, setting a password and opening ports for remote access.

Budget woes

The sign of a well run and adequately funded IT department is that common tasks are automated. This indicates both that the operations staff aren't dealing with so much outdated, broken or incompatible crap that their hair is constantly on fire and also that they spend their idle time solving problems instead of playing video games.

I automate where I can, but for several clients, everything is a band-aid on top of a band-aid on top of a band-aid. Something will break and cause us to make a change without proper change control and half the scripts will be thrown into chaos.

Worse, the brass could wander into the office to demand the moon on a stick for $24.99. Implementing said wild scheme will invalidate months of previous attempts to tackle the problem. A month's worth of meticulously crafted GPOs go out the window thanks to a business reorg, or a carefully crafted security plan is vetoed because everyone needs access to everything "just in case."

Vendor provided automation

If I could burn it all down and build it anew there are technologies today to help with automation that simply didn't exist 10 or 15 years ago. Puppet is my weapon of choice and if I had the time to build a new network from scratch, nothing would be allowed onto it without Puppet support. Automate early and automate everything.

Sadly, it is very rare that I gain access to that happy world of greenfield deployments. On most networks I don't have the tools to detect (let alone prevent) clandestine IT. What little automation I can reasonably get away with typically boils down to automating the parts of IT operations that other staff members don't ever see, let alone understand.

Automating automation

Cloud computing and mobile devices have made everyone think that IT is easy and sysadmins are just holding out on them. In some cases, our jobs have gotten easier. Compute and storage virtualization have made a significant impact. Networking, however, still eats way too much of my day. This is where SDN comes in.

SDN is basically a nice pushbutton interface that allows me to create everything necessary for a new virtual machine or physical server without actually putting any real thought into it. Choose a class of workload, push a button and poof: everything from VLANs to firewall rules, routing, VPNs, intrusion detection, port mirroring and so forth is configured.

It also takes care of things like switch reconvergence if the janitor pulls out the wrong cable, and it allows us to move from a world where every server change has to be meticulously planned to ensure it doesn't disrupt the network to one where we can just run the cable to the nearest switch and add more links between switches if a path starts looking full. The software will take care of the rest.

What I'm on about, in essence, is change management. More specifically, the lack thereof. Every business – regardless of size – that I work with increasingly wants IT to be able to adapt to change faster. Whether that's provisioning a new VM more rapidly or planning and executing a migration of the financials package to a new vendor, everything is demanded yesterday.

Automating automation

Before compute virtualization I maintained a massive library of imaging tools, automated install batch CDs, gigabytes of vendor hardware diagnostics, and terabytes of drivers. When a system would fail a complicated series of scripts would cast a spell on a RARball somewhere and a failed system would be reborn on backup hardware in three to six hours.

Today, VMware detects a failed host and 30 seconds later the VM is back up and running.

Before storage virtualization, moving a VM required powering it down, dragging it to centralized storage and then pushing it back up to the next host. Backups were multi-tentacled hydras that kept spawning new heads. Today I have storage vMotion, snapshots, replicas, and live-cloning.

I could write a series of scripts to automate everything network related that has been talked about in this article. I question if I could maintain them in the face of an ever-changing set of customer environments. More to the point, I really, really don't want to.

And that, in my mind, is the case for SDN. ®

Bridging the IT gap between rising business demands and ageing tools

More from The Register

next story
Auntie remains MYSTIFIED by that weekend BBC iPlayer and website outage
Still doing 'forensics' on the caching layer – Beeb digi wonk
Attack of the clones: Oracle's latest Red Hat Linux lookalike arrives
Oracle's Linux boss says Larry's Linux isn't just for Oracle apps anymore
THUD! WD plonks down SIX TERABYTE 'consumer NAS' fatboy
Now that's a LOT of porn or pirated movies. Or, you know, other consumer stuff
Apple fanbois SCREAM as update BRICKS their Macbook Airs
Ragegasm spills over as firmware upgrade kills machines
EU's top data cops to meet Google, Microsoft et al over 'right to be forgotten'
Plan to hammer out 'coherent' guidelines. Good luck chaps!
US judge: YES, cops or feds so can slurp an ENTIRE Gmail account
Crooks don't have folders labelled 'drug records', opines NY beak
Manic malware Mayhem spreads through Linux, FreeBSD web servers
And how Google could cripple infection rate in a second
prev story

Whitepapers

Top three mobile application threats
Prevent sensitive data leakage over insecure channels or stolen mobile devices.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Application security programs and practises
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
The Essential Guide to IT Transformation
ServiceNow discusses three IT transformations that can help CIO's automate IT services to transform IT and the enterprise.