IT Focus Area: digital
August 11, 2015
5 Network Qualities of Secure Application Transport
Editor's note: Sirius and Forsythe are now one company. Sirius acquired Forsythe in October 2017 and we are pleased to share their exceptional thought leadership with you.
Each day United Parcel Service (UPS) delivers more than 18 million packages across the world. The systems and processes in place to make that happen smoothly are critical. Now, imagine if each day they were asked to deliver packages for which the origin and destination could change at any moment.
This is tantamount to what is required of today's networks.
The days when applications ran on a single server in a single data center accessed by desktop personal computers (PCs) over wired enterprise networks are over.
Virtualization has enabled organizations to create multiple instances of applications, databases, and server farm clusters, but it has been constrained by traditional network infrastructure and processes. Infrastructure that supports an application’s ability to dynamically transit both static and scalable environments will deliver the “business value” required of the network in a modern environment.
Today, companies run applications that integrate different components that may reside in very different locations:
A client-owned data center (on a private cloud or on legacy systems)
A third-party cloud service provider in a public cloud
A combination of geographically separated components in a hybrid data center model
On the client side, the users may access these applications from anywhere at any time, with the expectation of a fast and easy user experience. The universe of users is also transforming. As the Internet of Things (IoT) greatly expands, the “who” and “what” is changing.
To achieve the fast and consistent application transport required to meet the demands of today’s environment, the enterprise network must be business centric and SMART: Scalable, Manageable, Available, Reliably performing, and Tough.
Meeting these challenges requires a number of new strategies, processes, tools and technologies across the data center and out to the universe of users.
Can your organization meet the high standards of today’s network?
5 Network Qualities of Secure Application Transport
Consider these five qualities to achieve efficient and secure application transport in your data center and beyond:
If a network has the ability to scale to its designed limits, it provides the assurance that the system will support the current user base and planned (and often unplanned) future growth. Organizations are able to immediately respond to new operational requirements without having to deploy additional resources or staff. This also allows them to try new ideas and services while enabling innovation for those just-in-time requirements.
If your organization is planning to scale into the cloud, as many are today, ensure your data center to cloud interconnections have flexible and scalable bandwidth so they don’t impede with your ability to rapidly scale your applications and services.
Management and visibility are required for proactive successful application planning. This is especially true when delivering application performance that has low-latency requirements such as server/database clustering. The dawning capabilities of software-defined networks are quite likely to increase manageability complexity initially as new personnel (programmers, system administrators, etc.) start interacting directly with network services/functions. The five functional areas of the International Organization for Standardization (ISO) FCAPS (fault-management, configuration, accounting, performance, and security) management remain critical as networks expand outwards on both the client side and the data center/cloud side:
Fault Management: Clients and application developers typically name the network as the culprit for most issues. Fault management allows you to find (and possibly fix) your network problems before they get reported by the users, at least for those times when the problem is actually caused by a network issue.
Configuration Management: This includes configuration aspects of network devices, such as configuration file management, inventory management, and software management. Mis-configurations on infrastructure equipment are prevalent in every network. They often result in unexpected network communication failures that would not occur with the proper configurations.
You can increase your network’s availability and automation readiness by keeping all of your device and system configurations consistent and having the capability to quickly make changes across multiple devices.
Accounting Management: Do you know who is accessing your network and when? Accounting management provides critical usage information of network resources so that you know who has access and when.
Performance Management: You should monitor and measure various aspects of performance so that overall quality can be maintained at an acceptable level. This is usually the trickiest monitoring to setup, since performance can be affected by so many factors at different times.
Security Management: End-to-end security has to be managed and the weakest link is where you'll most likely be attacked. The weakest link is often a network service that is left enabled for convenience or is not managed by the same team that manages other network infrastructure (such as DHCP, DNS, NTP, etc.) Only provide access to network devices and corporate resources to authorized individuals, and audit that access regularly to ensure that former employees no longer have access.
Availability allows your users and clients to have consistent access to services delivered over your network. Availability can be measured during a steady state condition, where the design is operating as expected, or during a failed condition, such as the loss of a network circuit.
An infrastructure that doesn't guarantee availability (access) to the applications will cripple your business very quickly.
An application aware transport facilitates your disaster recovery and business continuity services. It allows organizations to effectively map production resources to their counterpart business continuity and disaster recovery (BC/DR) services at scale.
A modern data center network allows you to do virtual slicing of the infrastructure into clean development and live data systems. This drives an optimal business centric infrastructure to deliver the application versions needed with the least amount of resources or staff to support
4. Reliable Performance
Organizations should provision for consistent network performance and fault tolerance that will provide ongoing services with minimal (or no) disruption in the event of a failure.
Consistent performance is one of the most difficult network characteristics to architect/design. Bandwidth is not the only thing needed. Low latency can be achieved with the proper L2 and L3 best practice configurations. High availability is implemented with redundant, resilient paths everywhere in the network. The network must be built to a best-practice standard at L1 through L3 in order to perform consistently and predictably. The parts of your network that may not be under your direct control, such as cloud-based platforms, must have the appropriate contracted service levels (SLAs and SLOs) to match the needs of your business and be comparable to the performance designed into the rest of your network.
Having 99.999% ("Five '9's") availability is the industry gold standard. But, this has traditionally been designed for redundant platforms that are monolithic at scale, which cost organizations valuable agility/flexibility. Worse, the Five '9's have also been traditionally designed for the network infrastructure, not the application. Applications are what the users want to see reliable performance from, and the “good enough” application performance is in fact not good enough for your users or clients.
For tough infrastructure, security is paramount. This includes reviewing security policies as well as physically protecting data and your applications within the infrastructure. By building an infrastructure that can withstand diverse threats, you will be protecting the service environment from intended or unintended interruptions.
The integrity of your applications and the information being provided to your users is absolutely at risk if your network isn't tough. It is no longer good enough to simply protect the perimeter of your enterprise network because many security threats will come from inside your network or through "trusted" WAN/Cloud connections. Every part of your network infrastructure should be tough and secure.
Meet Demands with a SMART Network
Assessing the maturity of your application transport architecture is critical to moving your business applications forward. Could your network withstand the expectations equivalent to a single day of high volume UPS deliveries? Would it facilitate delivery through applications at a high performance, without experiencing errors and delays? Would your users be aware of errors before you are?
It is important to meet user standards and business needs. An environment that is scalable, manageable, available, reliably performing, and tough will give your network the agility demanded by an application-centric world.