©NemertesResearch2016!www.nemertes.com!888-241-2685!DN4746

1

Re-ArchitectingtheEnterprise:TheTimeisNow

ByJohnaTillJohnson

CEO,NemertesResearch

Executive Summary

It’s no secret that network, data center, and security infrastructure is undergoing a

majorparadigmshift.Enterpriseshavealreadyvirtualized their existingdatacenters.

Nowthey’removingtocloud(bothprivateandpublic)andrethinkinghowtomakethe

entire infrastructure as agile and cost-effective as their cloud services—without

sacrificing security. That means developing and delivering a next-generation

infrastructure that delivers agility, cost savings, and enhanced security across the

enterprise,includingcampusandbranchnetworks.

Compass Direction Points:

± Nowisthetimetore-architecttheenterprisenetworkandsecurity

infrastructure,inlightofthemomentumtowardscloud,mobility,bandwidth-hungryapps,andadvancedsecuritythreats.

± Startbysettingdesigngoalsthatincludeloweredoperationalcost,improvedagilityandflexibility,scalabilityandcapacity,andembeddedsecurity.

± Toachievethosegoals,developasetofdesignprinciplesthatminimizingcomplexity,enablingautomation,enhancingsecurity,relyingonvirtualization,andintegratingintoanecosystem.

©NemertesResearch2016!www.nemertes.com!888-241-2685!DN4746

2

The Issue

AsenterpriseITprofessionalshavebeenembracingnewtechnologiesandservice-deliverymechanisms—fromvirtualizationtocloudtosoftware-definedeverything--they’veoftenforgottentothinkabouttheinfrastructureacrosswhichthey’retodeliveringthesetechnologiesandservices—particularlywhenitcomestocampusandbranchnetworking.Manycampusandbrancharchitectureshaven’tbeenmeaningfullyrefreshedsincethelastcentury(althoughthedevicesthemselvesmayhavebeenupgraded).Butseveraltrendsareconvergingtodriveenterprisearchitectsandengineerstorethinkenterpriseinfrastructure—andnowistheperfecttime.

Why Now? Key Drivers and Trends

Whatarethesetrends,andwhyaretheconvergingnow?Thefirstistheincreasingcomplexityofcampusandbranchnetworking(PleaseseeFigure1).Campusandbranchnetworkarchitecturesinmanyenterprisesdatebacktotheearly1990s(althoughthedevicesthemselveshavebeenupgraded).Thismeansthatenterprisenetworkengineersarestuckwithmanualdeviceconfigurationsthatincreasefragilityanddecreasereliability.

Figure1:ConvergingTrendsDriveArchitectureShift

©NemertesResearch2016!www.nemertes.com!888-241-2685!DN4746

3

Moreover,thesearchitecturesnolongeraccuratelyreflecttrafficflowsacrossthenetwork,particularlygiventheshifttomobileandcloud-basedparadigms.Theunprecedentedmovetoclouddeliveryisinfactthenextmajordriver.Virtuallyeveryenterpriseisrelyingoncloud,bothpublicandprivate.Morethanhalf(56%)ofenterpriseorganizationsaredeployingcloudin2015,andthemomentumcontinuestowardsacloud-enabledinfrastructure,largelyforincreasedagility.It’snosecretthatwirelessandmobilityisanothermajordriverfortheenterprisearchitectureshift.Roughlyathird(32.5%)ofenterpriseemployeesnowuseWLAN,cellular,orotherformsofwirelessastheirprimarynetworktechnology.Asignificantpercentageofmanyworkercategoriesnowrelyontabletsastheprimaryworkingdevice(PleaseseeFigure2).Andofcoursethere’stheinrushofpersonalandBYODmobiledevices,augmentingthoseprovidedbyenterprisestotheiremployees.Theupshot?Mobiletechnologiesareplacingunprecedenteddemandsoncampusandbranchswitchesandrouters.

Figure2:PercentageUsingTabletasPrimaryWorkingDevice

Enterprisesarealsoexperiencingafundamentalshiftinapplicationsaswell.Foronething,there’samonotonicincreaseinthebandwidthrequiredbyexistingapplications.Nearlyhalf(49%)oforganizationssaythey’reexperiencingbandwidthgrowth,andthatgrowthissignificant:250%yearoveryear.Thetopdriverforthisgrowthis“generalincreaseindatatraffic”.Companiesarealsoinvestinginnewtypesofapplications,particularlyvideo,unifiedcommunicationsandcollaboration(UCC),andvirtualized-desktopenvironments.Aparticularcharacteristicofalltheseappsisthattheyrequireextremelyhigh-qualitynetworkinfrastructure,withlowlatencyandjitter.

©NemertesResearch2016!www.nemertes.com!888-241-2685!DN4746

4

Asifthatweren’tenough,atthesametimeenterprisesarebecomingexposedtoagreaterrangeofsecuritythreatsandattacksthaneverbefore.Attackershavemovedupthespectrumfrom“hackingforfunandfame”---attacksdesignedprimarilytoshowofftheexpertiseoftheirinstigators—towardshactivismandcyberwarfare(PleaseseeFigure3).Thetypesofattackshaveproliferated,fromsimplevirusesandDOSthroughadvancedpersistentthreats(APT)andpolymorphicattacks.Andthepenaltiesforbeingbreachedcontinuetorise,asregulationsalsoproliferate.Nolongerisitenoughforthechiefsecurityofficeratabreachedorganizationtostepdown;thesedaystheCEO,Chairman,andboardmembersarealsovulnerable.

Figure3:TheEvolvingThreatandRegulatoryLandscape

Afinaltrendisthenear-simultaneousemergenceofaportfolioofdisparatemanagementtoolsandtechnologiesthat,takenindividually,increasethepowerandeffectivenessofITprofessionals,andtakentogether,candeliveraparadigmshiftinspeedandeffectiveness.Theseincludecloudorchestrationandautomation;theDevOpsdevelopmentmethodology;andtowardssoftware-definednetworking(SDN).Althoughasoflastyear(2014)64%ofcompaniesdidnotyethavefirmplansforimplementingSDN,leading-edgefirmshadastrategyinplaceandweredeployingSDN,with67%deployinginitiallywithinthedatacenter.TopdriversforimplementingSDNincludeagilityandflexibility;theabilitytodeliverenhancedservices,andthedesiretoreduceoperationalsupportcosts.

Regulations

Threats

National Breach Disclosure

Amended FRCP HIPAA, GLBA, Sarbanes Oxley

HITECH PCI-DSS Breach Notification

2001 - 2010 2011 - 2015 1990 - 2000

Organized Cybercrime Hacking for Fun and Fame Cyber Warfare

Botnets/ DDOS Silent BOTNETS DOS

Worms/Trojans Polymorphic Attacks/ APT Viruses

XSS and SQL Injection Website Defacement

Phishing/Identity Theft

Hactivism

CyberSec Exec Order

©NemertesResearch2016!www.nemertes.com!888-241-2685!DN4746

5

The Challenges: Complexity, Cost, and Vulnerability

Theaforementionedtrendsposeanunprecedentedsetofchallenges,however.Thetopthreeareanincreaseincomplexity,anincreaseincost,andanincreaseinvulnerability(bothtooutagesandtoattacks).Complexitystemsfromtwoprimarycauses.Oneistheslowaccretionoflegacysystems—layersofswitches,routersandvLANsthathavebeenconfiguredinyearspast,andthatITprofessionalsarereluctanttostanddownbecausethey’refunctional(andpaidfor).ThesecondisthatenterpriseITprofessionalshavebeendeployingpoint-productsinanefforttoaddressspecificchallenges:Load-balancerstoimproveperformance;firewallsandsecureWebgatewaystoenhancesecurity;andincreasingly,SDN-enabledtechnologyinthedatacenterandatbranchoffices.Eachnewcomponenttypicallyaddressestheneedathand,butalsobringsadditionalmanagementcomplexity,asITteamsmustconfigure,manage,andtroubleshootthenewdevices,andconcomitantcost.Therelationshipbetweencostandcomplexityisbothintuitivelyobviousandmaddeninglyfrustratingtoquantify.In2012,Nemertesconductedextensiveresearchintothequestionofwhetherhomogeneous(single-vendor)networkinfrastructuresarenecessarilylower-costthanheterogeneous(multi-vendor)ones,withthefindingthatoverall,heterogeneousnetworksarenearlytwiceasexpensivetooperateashomogeneousones(anaverageofnearly$20,000perdeviceversus$10,000perdevice).

However,thebulkofthecostdifferentialliesinoperationalcosts,specificallystaffsupport—andmostorganizationsfailtokeeptrulyaccuraterecordsofhowtheirstaffsspendtime,sothesecostsaremerelyroughestimates.Moreover,thedifferentialvarieswidelybasedonwhichnetworkcomponentweassessed:theWAN(routersandswitchescomprisingthecorewide-areanetwork);accessnetworks(routersandswitchesinbranchoffices);orthedatacenter.

Allthatsaid,thebottomlineisthatcostincreaseswithcomplexity,andcomplexityhasbeenincreasingdramaticallyoverthepastfewyears.Thisistrueevenwithtechnologiesthataimtosimplifydeliveryofservices,suchascloud:Nearlyaquarteroforganizations(23%)ratetheircloudeffortsaslessthansuccessful,andthebiggestissueisaninabilitytoeffectivelymanagecloud-basedinfrastructure.Insum,theemergingtrendsandthechallengestheyposeareconvergingtodriveenterprisearchitectstorethinktheirinfrastructurearchitecture—andnotamomenttoosoon.

©NemertesResearch2016!www.nemertes.com!888-241-2685!DN4746

6

Design Goals for a Next-Generation Architecture

Thebestwaytostartwithanewdesignistoleadwiththegoalsforthatdesign--thatis,tofocusonwhatthedesignneedstoaccomplish(PleaseseeFigure4).Therearefourkeygoalsforanext-generationarchitecture:1) Reducedoperationalcosts.Giventhatexistingarchitecturesarerelatively

expensivetooperate,akeyareaoffocusshouldbetoreduceoperationalcosts.Specifically,thelessahumanneedstomanuallyconfigureadevice(eitherphysicallyorremotely),thebetter.Aswe’lldiscussinthenextsection,thereareseveralwaystoachievereducedoperationalcosts,includingincreasedintegration,inherentreliability,andautomation.

2) Improvedagilityandnimbleness.Anext-generationarchitectureshouldfunctionatthespeedofbusiness,whichisincreasinglydemandingreal-timeresponsiveness.Technologieslikevirtualizationandcloudhavesettheexpectationthatinfrastructurecanbeconfigured(andreconfigured)withinseconds—forgethours,days,orweeks.(AsoneNemertesclientputit:“Thesecondisthenewminute.).

3) Scalabilityandcapacity.Anotherconceptthathasgonebythewaysideisthenotionofahighly-predictablegrowthcurve.Asnotedearlier,oftheenterpriseorganizationsanticipatingbandwidthgrowth,theaveragegrowthisaneye-popping250%yearoveryear.Yetthatsinglefiguremasksawidedisparityinanticipatedgrowth:Manyorganizationsarepredictinglittletonogrowth,whileothersarepredictingseveralordersofmagnitude.Moreimportantly,bandwidthgrowthislesspredictablethanever:applicationslikeVDIandvideocanincreasecapacityrequirementsinastepfunction,ratherthanasanorderlylinearprogression.Thebottomlineisthatanynext-generationarchitectureshouldbeabletoaccommodateordersofmagnitudegrowthwithoutrequiringaforkliftupgrade.

4) Embeddedsecurity.It’snosecretthatcurrentsecurityapproachesaren’tworking.Afundamentalproblemisthatinmanyarchitectures,securityislayeredonasanafterthought,ratherthanembeddedfromthehardwareonup.Moreover,manysecurityappliancesandsolutionshavelimitedintegrationwithinfrastructurecomponents.Whendesigninganext-generationinfrastructure,architectsshouldconsiderembeddedandintegratedsecurityasakeyrequirement.

©NemertesResearch2016!www.nemertes.com!888-241-2685!DN4746

7

Figure4:FromPrinciplestoGoals

Design Principles for a Next-Generation Infrastructure

Ifthedesigngoalsarewhatthenext-generationinfrastructuremustdo,designprinciplesarehowtheinfrastructureshoulddoit.Designprinciplesnecessarilyvaryacrossorganizations,asdifferentcompaniesmayhavedifferenttechnologystrategies.Butoverall,thereareahandfulofprinciplesthatholdupwellforthemajorityofenterprises.Theseinclude:

• Minimizecomplexity.Whereverpossible,minimizecomplexity.Thistypicallymeansreducingthenumberofdiscretecomponents,theamountofheterogeneity,andthenumberoftopologies.Whenassessingsolutions,selecttheonewiththefewestcomponents,thefewestconfigurationoptionsthatcandeliverrequiredfunctionality,andthemosthomogeneity.

• Enableautomation.Asnoted,automationiskeytoreducingoperationalcostsandenhancingreliability.Whenchoosingamongalternatives,selecttheonesthataremostautomated(oreasiesttoautomate).

• Enhancesecurity.Giventhatembeddedsecurityisadesigngoal,aprincipleforachievingthatgoalistoselectproductsandtechnologiesthatincreasethesecuritystance.

• Relyonvirtualization.Virtualizedproductsandtechnologiesdeliverbothreducedoperationalcostsandenhancedagility.Whenselectingamongalternatives,gofortheonethatismorefullyvirtualized.

Minimize'complexity'

!

!

!

Rely'on'virtualization'

!

!

!

Enable'automation'

!

!

!Enhance'security'

!

!

!

Reduced'operational'costs'

!

!

!

Embedded'security'

!

!

!

Improved'agility'

!

!

!Scalability'and'capacity'

!

!

!

Integrate'into'an'ecosystem'

!

!

!Design'Principles' Design'Goals'

©NemertesResearch2016!www.nemertes.com!888-241-2685!DN4746

8

• Integrateintoanecosystem.Althoughitmayseemtoruncountertotheprincipleofreducingcomplexitybymaintaininghomogeneity,therealityoftoday’snetworkandsecurityinfrastructuresisthatnosingleproductorvendorcandoitall.Soanimportantcriterioninselectingproductsandtechnologiesistoselecttheonesthatarepre-integratedintoan“ecosystem”ofproductsandtechnologiesthatdelivercomplementarycapabilities.

Conclusion and Recommendations

Inlightoftheacceleratingmomentumtowardscloud-enablement,bandwidth-hungryapps,SDN,proliferatingsecuritythreatsandadvancedmanagementcapabilities,enterprisetechnologistsshouldstronglyconsiderrevisitingtheirnetworkandsecurityarchitecturestoensuretheappropriatedegreeofreliability,security,andperformanceend-to-end.Indoingso,theyshouldseektodevelopadesignthatdeliversonthedesiredgoalsofloweredoperationalcost,improvedagilityandflexibility,scalabilityandcapacity,andembeddedsecurity.Tomeetthesegoals,theyshoulddevelopasetofdesignprinciplesthatinclude(butmaynotbelimitedto)minimizingcomplexity,enablingautomation,enhancingsecurity,relyingonvirtualization,andintegratingintoanecosystem.

AboutNemertesResearch:NemertesResearchisaresearch-advisoryandstrategic-consultingfirmthatspecializesinanalyzingandquantifyingthebusinessvalueofemergingtechnologies.YoucanlearnmoreaboutNemertesResearchatourWebsite,www.nemertes.com,orcontactusdirectlyatresearch@nemertes.com.