The Smart-Fat and Smart-Thin Edge of the Network

Data center consolidation, server virtualization, and web applications change data center networking

Take a look at ESG Research or other day and you'll see a number of simultaneous trends. Enterprises are consolidating data centers, packing them full of virtual servers, and hosting more and more web applications within them. This means massive traffic coming into and leaving data centers. Yes, this traffic needs to be switched and routed, but this is actually the easiest task. What's much harder is processing this traffic at the network for security, acceleration, application networking, etc. This processing usually takes place at the network edge, but additional layers are also migrating into the data center network itself for network segmentation of specific application services. Think of it this way: There is a smart-fat network edge that feeds multiple smart-thin network segments. The smart-fat network edge aggregates lots of network device functionality into a physical device, cluster of devices, or virtual control plane. This is the domain of vendors like Cisco, Crossbeam Systems, and Juniper Networks for security and companies like A10 Networks, Citrix (Netscaler), and F5 Networks for application delivery. These companies will continue to add functionality to their systems (ex. XML processing, application authentication/authorization, business logic, etc.) to do more packet and content processing over time. It wouldn't surprise me at all if security vendors added application delivery features and the app delivery crowd added more security. Once the smart-fat network edge treats all traffic, packets and content will be processed further within the data center (i.e. smart-thin network edge). This will most likely be done using virtual appliances like the Citrix VPX. Why? Virtual appliances can be provisioned on the fly with canned policies or customized for specific workloads. They can also follow applications that migrate around internal data centers or move to public clouds. A few other thoughts here: 1. I'm sure we'll see new startups focused on smart-thin virtual appliances but I don't expect them to succeed. Existing vendors will simply deliver virtual appliance form factors and dominate this business. 2. Legacy vendors have the best opportunity here as many users will want common command-and-control for the smart-fat edge and the smart-thin edge. Nevertheless, this further network segmentation does provide an opportunity for aggressive vendors to usurp customer accounts and marketshare. 3. Smart-fat edge systems are delivered as physical devices today but this isn't necessarily true for the future. I can see virtual appliances with horizontal scalability running on Dell, HP, or IBM blade servers in the future. The smart-fat, smart-thin architecture is already playing out in cloud computing and wireless carrier networks today and I expect it to become mainstream in the enterprise segment over the next 24 months. The technology is ready today but many users have no idea how to implement this type of architecture or capitalize on its benefits. Vendors who can guide users along with knowledge transfer, best practices, and reference architectures are most likely to reap the financial rewards.

Copyright © 2010 IDG Communications, Inc.

8 pitfalls that undermine security program success