Strategic Points of Control: Hype or Help?
Every time we hop into our cars and head onto city streets or highways, we immediately become part of a complex system that, for the most part, we take for granted. Most days, we get to our destinations safely (and in a reasonable amount of time), thanks to stop signs, traffic signals, yield signs, roundabouts, merge lanes, on ramps and off ramps. These mechanisms are integrated into roads and highways at strategic locations to help control and guide the flow of traffic and keep us safe. The key words here are strategic and control. Imagine what traffic would be like if we had none of these controls on roads and highways or, worse yet, if every intersection were controlled by unsynchronized traffic signals. Chaos and gridlock would ensue. The challenge in controlling the flow of traffic and minimizing traffic jams is to implement the right mechanisms at the right locations, typically where traffic converges -- in other words, at strategic points of control.
Successfully directing and controlling the flow of traffic in computer networks is not much different; it requires similar strategic points of control. Without them, IT is forced to respond to new business demands on a case-by-case basis with solutions that aren't integrated into the existing architecture. That's sort of like building a new road every time you want to travel to a new destination instead of planning a logical route using existing roads and highways.
In the context of the data center, strategic points of control are the locations at which decisions are made about how best to deliver applications and data. These often occur at aggregation points -- the points through which all traffic flows. One of the most important points of aggregation is at the network perimeter. In the same way that a drawbridge across a mote provides the only access to a castle, a network router and firewall provide the only outside access to the network. Because the router and firewall are on the network's perimeter, it's a logical place to implement and enforce access policies. (Even kings had "access policies" of sorts -- although failing to meet them might land you in the dungeon.)
Once inside the firewall, there are other strategic control points within the data center architecture. Virtualized storage, which controls access to the resources it manages and gives IT visibility into all storage resources, is a point at which IT can apply security policies. An application delivery solution is also a strategic point of control. Because all application requests and responses are funneled through it, it is a logical place where application security, acceleration and optimization can be applied.
Another strategic control point that's becoming more common in the data center is the virtual network -- it provides more efficient connectivity between virtual machines than a traditional network does. In a traditional network, communication between applications deployed on a single server with virtual machines and virtual switches might require exiting and re-entering the server's network card. In a virtual network, however, that physical path along which data travels (and the latency associated with it) no longer exists, so communication between virtual machines is more efficient. The network layer is a prime location to enforce access policies, especially in public cloud environments where multi-tenancy is a probability.
These three strategic control points -- virtualized storage, application delivery solutions and the virtualized network -- share one thing in common: They are all points at which virtualization, and by extension, aggregation, occurs. Aggregation is an example of the traditional "many-to-one" type of virtualization (typically associated with load balancers and other proxy-based solutions) that makes multiple resources appear to be a single resource. A many-to-one type of virtualization solution also provides a strategic point of control because all traffic must flow through that solution. That makes it a perfect point at which to apply access and security policies in a single, centrally managed location.
Although the many-to-one type of virtualization is not new -- it has been around since the mid 1990s -- it has evolved over the years to give IT more precise control over the data that traverses strategic points in the network. Again, "strategic" and "control" are the key terms. Any point in the network is considered strategic if it offers the opportunity to consistently and efficiently apply policies (i.e., control) to data at a single point in the data path.
Today, many IT organizations are still struggling with the static one-to-one connections between technologies that they have had for years. This forces IT to respond to new business demands with manual, one-off technology fixes (remember the idea of building a new road every time you want to go someplace new?). In contrast, having strategic points of control throughout the infrastructure gives IT the ability to add, move or redefine services on demand. In turn, IT can create, modify and scale the infrastructure in line with changing business demands -- and without compromising the organization's long-term objectives.
Posted by Karl Triebes on 08/24/2010 at 12:47 PM