Where Should Orchestration Reside in the SDN?

Network orchestration is vital to SDN. Which vendors are up to the challenge?

By Arthur Cole | Posted Jul 20, 2016
Page of   |  Back to Page 1
Print ArticleEmail Article
  • Share on Facebook
  • Share on Twitter
  • Share on LinkedIn

Network orchestration is emerging as a key element of software-defined architectures, and while nobody ever said it was going to be easy, it is proving to be even more complicated than many had hoped.

On the one hand, orchestration requires a sophisticated software layer that can track network resources and pull them together in some semblance of order based on the needs of individual workloads and applications. Not a walk in the park, but certainly doable. But the challenge isn’t just deploying and integrating software. It's also determining exactly where and how this system is housed, and then making sure it has the reach and visibility to maintain control over increasingly distributed and ill-defined network infrastructure.

Glue Networks says it is the first to come up with an SDN orchestration platform that can deliver full automation across multi-vendor environments on both the LAN and the WAN. Its latest Gluware release aims to bring order to both newly deployed and legacy environments, forging ties between top vendor solutions ranging from Cisco and Juniper to A10 and Arista. The platform claims to enable high degrees of automation without a hardware rip-and-replace; the company has even released a community edition with an integrated development kit for standards-based custom application development. Executives at Glue note that while SDN and virtual overlays vastly improve network flexibility in the enterprise, it takes a broad-based, multi-vendor solution to extend control to both physical and application-layer resources, vital in the transition to a fully digital business model.

But can a single platform really provide all of the enterprise’s orchestration needs? With the very nature of data networking changing at a rapid clip, shouldn’t orchestration become more of a design principle than a piece of software? According to Frost & Sullivan, orchestration is becoming a major component of network access control systems, along with endpoint visibility, bidirectional integration with security platforms, and a host of other functions. This becomes increasingly necessary as the Internet of Things pushes the network edge closer to the user, diminishing the effectiveness of traditional firewall and fortress-style security and management constructs. By adding context to traditional controls, the NAC can act as the lynchpin for advanced network orchestration.

This is backed up by further data from ABI Research that suggests orchestration and automation are vital when it comes to data breaches and other cyber-events, which are increasing in frequency as the world becomes more digital-dependent. The firm goes so far as to say that “security policy orchestration sits at the core of the transition from static defense to agile and adaptive response,” which is why the market is poised to top $1 billion in revenues by 2020. In the very near future, then, security without an advanced orchestration component will put enterprise data in an extremely risky position.

Orchestration will also have to work hand in hand with visibility, since you cannot very well orchestrate resources if you don’t know they are there. Gigamon recently released added automated network topology visualization to its Visibility Fabric, providing the ability to track network components and interfaces across large data center environments. The platform leverages the Link Layer Discovery Protocol (LLDP) and the Cisco Discovery Protocol (CDP) to provide automated discovery of attached networks, and then links them to its own Security Delivery Platform to track abnormalities to the individual interface. When paired with REST APIs, workflow automation and other tools, the setup provides for a fully orchestrated data environment spanning multiple security stacks.

This is not to say that orchestration should become a facet of security, or vice versa, but if future networks are to support a container-based, service-oriented DevOps model, they’ll need to replace the isolated stacks of security, management, automation and other functions with more integrated, holistic architectures.

Comment and Contribute
(Maximum characters: 1200). You have
characters left.
Get the Latest Scoop with Enterprise Networking Planet Newsletter