nemertes dn4746 re-architecting the enterprise the time …€¦ · re-architecting the enterprise:...
TRANSCRIPT
©NemertesResearch2016!www.nemertes.com!888-241-2685!DN4746
1
Re-ArchitectingtheEnterprise:TheTimeisNow
ByJohnaTillJohnson
CEO,NemertesResearch
Executive Summary
It’s no secret that network, data center, and security infrastructure is undergoing a
majorparadigmshift.Enterpriseshavealreadyvirtualized their existingdatacenters.
Nowthey’removingtocloud(bothprivateandpublic)andrethinkinghowtomakethe
entire infrastructure as agile and cost-effective as their cloud services—without
sacrificing security. That means developing and delivering a next-generation
infrastructure that delivers agility, cost savings, and enhanced security across the
enterprise,includingcampusandbranchnetworks.
Compass Direction Points:
± Nowisthetimetore-architecttheenterprisenetworkandsecurity
infrastructure,inlightofthemomentumtowardscloud,mobility,bandwidth-hungryapps,andadvancedsecuritythreats.
± Startbysettingdesigngoalsthatincludeloweredoperationalcost,improvedagilityandflexibility,scalabilityandcapacity,andembeddedsecurity.
± Toachievethosegoals,developasetofdesignprinciplesthatminimizingcomplexity,enablingautomation,enhancingsecurity,relyingonvirtualization,andintegratingintoanecosystem.
©NemertesResearch2016!www.nemertes.com!888-241-2685!DN4746
2
The Issue
AsenterpriseITprofessionalshavebeenembracingnewtechnologiesandservice-deliverymechanisms—fromvirtualizationtocloudtosoftware-definedeverything--they’veoftenforgottentothinkabouttheinfrastructureacrosswhichthey’retodeliveringthesetechnologiesandservices—particularlywhenitcomestocampusandbranchnetworking.Manycampusandbrancharchitectureshaven’tbeenmeaningfullyrefreshedsincethelastcentury(althoughthedevicesthemselvesmayhavebeenupgraded).Butseveraltrendsareconvergingtodriveenterprisearchitectsandengineerstorethinkenterpriseinfrastructure—andnowistheperfecttime.
Why Now? Key Drivers and Trends
Whatarethesetrends,andwhyaretheconvergingnow?Thefirstistheincreasingcomplexityofcampusandbranchnetworking(PleaseseeFigure1).Campusandbranchnetworkarchitecturesinmanyenterprisesdatebacktotheearly1990s(althoughthedevicesthemselveshavebeenupgraded).Thismeansthatenterprisenetworkengineersarestuckwithmanualdeviceconfigurationsthatincreasefragilityanddecreasereliability.
Figure1:ConvergingTrendsDriveArchitectureShift
©NemertesResearch2016!www.nemertes.com!888-241-2685!DN4746
3
Moreover,thesearchitecturesnolongeraccuratelyreflecttrafficflowsacrossthenetwork,particularlygiventheshifttomobileandcloud-basedparadigms.Theunprecedentedmovetoclouddeliveryisinfactthenextmajordriver.Virtuallyeveryenterpriseisrelyingoncloud,bothpublicandprivate.Morethanhalf(56%)ofenterpriseorganizationsaredeployingcloudin2015,andthemomentumcontinuestowardsacloud-enabledinfrastructure,largelyforincreasedagility.It’snosecretthatwirelessandmobilityisanothermajordriverfortheenterprisearchitectureshift.Roughlyathird(32.5%)ofenterpriseemployeesnowuseWLAN,cellular,orotherformsofwirelessastheirprimarynetworktechnology.Asignificantpercentageofmanyworkercategoriesnowrelyontabletsastheprimaryworkingdevice(PleaseseeFigure2).Andofcoursethere’stheinrushofpersonalandBYODmobiledevices,augmentingthoseprovidedbyenterprisestotheiremployees.Theupshot?Mobiletechnologiesareplacingunprecedenteddemandsoncampusandbranchswitchesandrouters.
Figure2:PercentageUsingTabletasPrimaryWorkingDevice
Enterprisesarealsoexperiencingafundamentalshiftinapplicationsaswell.Foronething,there’samonotonicincreaseinthebandwidthrequiredbyexistingapplications.Nearlyhalf(49%)oforganizationssaythey’reexperiencingbandwidthgrowth,andthatgrowthissignificant:250%yearoveryear.Thetopdriverforthisgrowthis“generalincreaseindatatraffic”.Companiesarealsoinvestinginnewtypesofapplications,particularlyvideo,unifiedcommunicationsandcollaboration(UCC),andvirtualized-desktopenvironments.Aparticularcharacteristicofalltheseappsisthattheyrequireextremelyhigh-qualitynetworkinfrastructure,withlowlatencyandjitter.
©NemertesResearch2016!www.nemertes.com!888-241-2685!DN4746
4
Asifthatweren’tenough,atthesametimeenterprisesarebecomingexposedtoagreaterrangeofsecuritythreatsandattacksthaneverbefore.Attackershavemovedupthespectrumfrom“hackingforfunandfame”---attacksdesignedprimarilytoshowofftheexpertiseoftheirinstigators—towardshactivismandcyberwarfare(PleaseseeFigure3).Thetypesofattackshaveproliferated,fromsimplevirusesandDOSthroughadvancedpersistentthreats(APT)andpolymorphicattacks.Andthepenaltiesforbeingbreachedcontinuetorise,asregulationsalsoproliferate.Nolongerisitenoughforthechiefsecurityofficeratabreachedorganizationtostepdown;thesedaystheCEO,Chairman,andboardmembersarealsovulnerable.
Figure3:TheEvolvingThreatandRegulatoryLandscape
Afinaltrendisthenear-simultaneousemergenceofaportfolioofdisparatemanagementtoolsandtechnologiesthat,takenindividually,increasethepowerandeffectivenessofITprofessionals,andtakentogether,candeliveraparadigmshiftinspeedandeffectiveness.Theseincludecloudorchestrationandautomation;theDevOpsdevelopmentmethodology;andtowardssoftware-definednetworking(SDN).Althoughasoflastyear(2014)64%ofcompaniesdidnotyethavefirmplansforimplementingSDN,leading-edgefirmshadastrategyinplaceandweredeployingSDN,with67%deployinginitiallywithinthedatacenter.TopdriversforimplementingSDNincludeagilityandflexibility;theabilitytodeliverenhancedservices,andthedesiretoreduceoperationalsupportcosts.
Regulations
Threats
National Breach Disclosure
Amended FRCP HIPAA, GLBA, Sarbanes Oxley
HITECH PCI-DSS Breach Notification
2001 - 2010 2011 - 2015 1990 - 2000
Organized Cybercrime Hacking for Fun and Fame Cyber Warfare
Botnets/ DDOS Silent BOTNETS DOS
Worms/Trojans Polymorphic Attacks/ APT Viruses
XSS and SQL Injection Website Defacement
Phishing/Identity Theft
Hactivism
CyberSec Exec Order
©NemertesResearch2016!www.nemertes.com!888-241-2685!DN4746
5
The Challenges: Complexity, Cost, and Vulnerability
Theaforementionedtrendsposeanunprecedentedsetofchallenges,however.Thetopthreeareanincreaseincomplexity,anincreaseincost,andanincreaseinvulnerability(bothtooutagesandtoattacks).Complexitystemsfromtwoprimarycauses.Oneistheslowaccretionoflegacysystems—layersofswitches,routersandvLANsthathavebeenconfiguredinyearspast,andthatITprofessionalsarereluctanttostanddownbecausethey’refunctional(andpaidfor).ThesecondisthatenterpriseITprofessionalshavebeendeployingpoint-productsinanefforttoaddressspecificchallenges:Load-balancerstoimproveperformance;firewallsandsecureWebgatewaystoenhancesecurity;andincreasingly,SDN-enabledtechnologyinthedatacenterandatbranchoffices.Eachnewcomponenttypicallyaddressestheneedathand,butalsobringsadditionalmanagementcomplexity,asITteamsmustconfigure,manage,andtroubleshootthenewdevices,andconcomitantcost.Therelationshipbetweencostandcomplexityisbothintuitivelyobviousandmaddeninglyfrustratingtoquantify.In2012,Nemertesconductedextensiveresearchintothequestionofwhetherhomogeneous(single-vendor)networkinfrastructuresarenecessarilylower-costthanheterogeneous(multi-vendor)ones,withthefindingthatoverall,heterogeneousnetworksarenearlytwiceasexpensivetooperateashomogeneousones(anaverageofnearly$20,000perdeviceversus$10,000perdevice).
However,thebulkofthecostdifferentialliesinoperationalcosts,specificallystaffsupport—andmostorganizationsfailtokeeptrulyaccuraterecordsofhowtheirstaffsspendtime,sothesecostsaremerelyroughestimates.Moreover,thedifferentialvarieswidelybasedonwhichnetworkcomponentweassessed:theWAN(routersandswitchescomprisingthecorewide-areanetwork);accessnetworks(routersandswitchesinbranchoffices);orthedatacenter.
Allthatsaid,thebottomlineisthatcostincreaseswithcomplexity,andcomplexityhasbeenincreasingdramaticallyoverthepastfewyears.Thisistrueevenwithtechnologiesthataimtosimplifydeliveryofservices,suchascloud:Nearlyaquarteroforganizations(23%)ratetheircloudeffortsaslessthansuccessful,andthebiggestissueisaninabilitytoeffectivelymanagecloud-basedinfrastructure.Insum,theemergingtrendsandthechallengestheyposeareconvergingtodriveenterprisearchitectstorethinktheirinfrastructurearchitecture—andnotamomenttoosoon.
©NemertesResearch2016!www.nemertes.com!888-241-2685!DN4746
6
Design Goals for a Next-Generation Architecture
Thebestwaytostartwithanewdesignistoleadwiththegoalsforthatdesign--thatis,tofocusonwhatthedesignneedstoaccomplish(PleaseseeFigure4).Therearefourkeygoalsforanext-generationarchitecture:1) Reducedoperationalcosts.Giventhatexistingarchitecturesarerelatively
expensivetooperate,akeyareaoffocusshouldbetoreduceoperationalcosts.Specifically,thelessahumanneedstomanuallyconfigureadevice(eitherphysicallyorremotely),thebetter.Aswe’lldiscussinthenextsection,thereareseveralwaystoachievereducedoperationalcosts,includingincreasedintegration,inherentreliability,andautomation.
2) Improvedagilityandnimbleness.Anext-generationarchitectureshouldfunctionatthespeedofbusiness,whichisincreasinglydemandingreal-timeresponsiveness.Technologieslikevirtualizationandcloudhavesettheexpectationthatinfrastructurecanbeconfigured(andreconfigured)withinseconds—forgethours,days,orweeks.(AsoneNemertesclientputit:“Thesecondisthenewminute.).
3) Scalabilityandcapacity.Anotherconceptthathasgonebythewaysideisthenotionofahighly-predictablegrowthcurve.Asnotedearlier,oftheenterpriseorganizationsanticipatingbandwidthgrowth,theaveragegrowthisaneye-popping250%yearoveryear.Yetthatsinglefiguremasksawidedisparityinanticipatedgrowth:Manyorganizationsarepredictinglittletonogrowth,whileothersarepredictingseveralordersofmagnitude.Moreimportantly,bandwidthgrowthislesspredictablethanever:applicationslikeVDIandvideocanincreasecapacityrequirementsinastepfunction,ratherthanasanorderlylinearprogression.Thebottomlineisthatanynext-generationarchitectureshouldbeabletoaccommodateordersofmagnitudegrowthwithoutrequiringaforkliftupgrade.
4) Embeddedsecurity.It’snosecretthatcurrentsecurityapproachesaren’tworking.Afundamentalproblemisthatinmanyarchitectures,securityislayeredonasanafterthought,ratherthanembeddedfromthehardwareonup.Moreover,manysecurityappliancesandsolutionshavelimitedintegrationwithinfrastructurecomponents.Whendesigninganext-generationinfrastructure,architectsshouldconsiderembeddedandintegratedsecurityasakeyrequirement.
©NemertesResearch2016!www.nemertes.com!888-241-2685!DN4746
7
Figure4:FromPrinciplestoGoals
Design Principles for a Next-Generation Infrastructure
Ifthedesigngoalsarewhatthenext-generationinfrastructuremustdo,designprinciplesarehowtheinfrastructureshoulddoit.Designprinciplesnecessarilyvaryacrossorganizations,asdifferentcompaniesmayhavedifferenttechnologystrategies.Butoverall,thereareahandfulofprinciplesthatholdupwellforthemajorityofenterprises.Theseinclude:
• Minimizecomplexity.Whereverpossible,minimizecomplexity.Thistypicallymeansreducingthenumberofdiscretecomponents,theamountofheterogeneity,andthenumberoftopologies.Whenassessingsolutions,selecttheonewiththefewestcomponents,thefewestconfigurationoptionsthatcandeliverrequiredfunctionality,andthemosthomogeneity.
• Enableautomation.Asnoted,automationiskeytoreducingoperationalcostsandenhancingreliability.Whenchoosingamongalternatives,selecttheonesthataremostautomated(oreasiesttoautomate).
• Enhancesecurity.Giventhatembeddedsecurityisadesigngoal,aprincipleforachievingthatgoalistoselectproductsandtechnologiesthatincreasethesecuritystance.
• Relyonvirtualization.Virtualizedproductsandtechnologiesdeliverbothreducedoperationalcostsandenhancedagility.Whenselectingamongalternatives,gofortheonethatismorefullyvirtualized.
Minimize'complexity'
!
!
!
Rely'on'virtualization'
!
!
!
Enable'automation'
!
!
!Enhance'security'
!
!
!
Reduced'operational'costs'
!
!
!
Embedded'security'
!
!
!
Improved'agility'
!
!
!Scalability'and'capacity'
!
!
!
Integrate'into'an'ecosystem'
!
!
!Design'Principles' Design'Goals'
©NemertesResearch2016!www.nemertes.com!888-241-2685!DN4746
8
• Integrateintoanecosystem.Althoughitmayseemtoruncountertotheprincipleofreducingcomplexitybymaintaininghomogeneity,therealityoftoday’snetworkandsecurityinfrastructuresisthatnosingleproductorvendorcandoitall.Soanimportantcriterioninselectingproductsandtechnologiesistoselecttheonesthatarepre-integratedintoan“ecosystem”ofproductsandtechnologiesthatdelivercomplementarycapabilities.
Conclusion and Recommendations
Inlightoftheacceleratingmomentumtowardscloud-enablement,bandwidth-hungryapps,SDN,proliferatingsecuritythreatsandadvancedmanagementcapabilities,enterprisetechnologistsshouldstronglyconsiderrevisitingtheirnetworkandsecurityarchitecturestoensuretheappropriatedegreeofreliability,security,andperformanceend-to-end.Indoingso,theyshouldseektodevelopadesignthatdeliversonthedesiredgoalsofloweredoperationalcost,improvedagilityandflexibility,scalabilityandcapacity,andembeddedsecurity.Tomeetthesegoals,theyshoulddevelopasetofdesignprinciplesthatinclude(butmaynotbelimitedto)minimizingcomplexity,enablingautomation,enhancingsecurity,relyingonvirtualization,andintegratingintoanecosystem.
AboutNemertesResearch:NemertesResearchisaresearch-advisoryandstrategic-consultingfirmthatspecializesinanalyzingandquantifyingthebusinessvalueofemergingtechnologies.YoucanlearnmoreaboutNemertesResearchatourWebsite,www.nemertes.com,[email protected].