• United States



Contributing Writer

Aligning data center networking with L4-7 services

Jun 16, 20114 mins
Check PointCisco SystemsCitrix Systems

New networking and virtualization technology changes network services

Several data center technologies, such as flat layer 2-3 network fabrics and virtual appliances, are currently in their early stages of development and deployment. I believe that each of these technologies are transformational on their own but dare I say that they may be revolutionary when they are implemented together.Why am I so bullish? Flat layer 2-3 network fabrics promise low latency links between any two points in the network. This fundamentally changes data center network design. Rather than bringing L 4-7 services to the network, you will be able to bring the network to L 4-7 services. Want to add firewalling or application load balancing capabilities to an application? Simply change network configuration, add some VLAN tags and voila. If OpenFlow catches on, this process could become even easier. The story has the potential to be even better with virtualization. Let’s take security for example. Using something like Check Point software blades, I can create virtual firewall instances to support multi-tenancy in the data center. In this way, I can point multiple applications at the same physical firewall and use virtualization to segment network security, enforce Role-based Access Control policies, and meet regulatory compliance mandates. Again, combine this with OpenFlow and you’ve got multi-layer multi-tenancy for cloud computing. The final possibility here is to go eschew hardware appliances and simply implement L4-7 services as virtual appliances. This gives me the benefits of creating standard images, rapid provisioning, and VM mobility. ESG Research indicates that most enterprises haven’t jumped on the data center virtual appliance bandwagon yet but they are very interested in doing so in the future. As Intel roles out higher-density multi-core services, large organizations will run more VMs on each physical server. As this happens, virtual appliances will certainly become more attractive.The ultimate benefit here is flexibility — data center managers can quickly bring the network to L 4-7 services in a number of form factors. As this happens, data center networks will really be able to support virtual data centers, multi-tenancy, and cloud computing. So which vendors stand to capitalize on this trend? Here’s a brief top-of-mind list:1. Cisco. In spite of its recent troubles, Cisco sees this data center networking evolution as clearly as anyone. In fact, its Unified Network Services mantra is something like “any service, any location, any form factor,” which is spot on. Cisco has recently doubled down on its focus on security after lagging for a few years. It needs to do the same with WAAS and ACE.2. Juniper. Juniper has almost as many components as Cisco does and has strong momentum with SRX for security and QFabric. Juniper is missing some ADC pieces however. Although there is a bit of overlap, Juniper would be well served to buddy up with Citrix or F5 here.3. HP. HP has the data center fabric covered but is limited to TippingPoint on the L 4-7 side. Not sure where it stands with partners that invested in the HP ProCurve ONE program but never saw much ROI. Rumors always abound that HP will buy a firewall company (Palo Alto, Fortinet, and SonicWall have been mentioned) or swing for the fences by buyng F5 or Riverbed.4. Brocade. Very good data center fabric story and best positioned with the politically powerful storage crowd. Brocade is also reaping rewards from its network security partnership with McAfee and it has some little known but pretty cool ADC technology of its own. Additional partners could help Brocade in the broader market.Other vendors like Arista, Avaya, Enterasys, Extreme, and Force 10 are smaller and will partner with L 4-7 providers as needed. Citrix, F5, and Riverbed will be big winners here. A10 Networks and Blue Coat could be acquired. Check Point should be working with everyone except Cisco and Juniper. Crossbeam Systems and Sourcefire should also win here.One final note: The vision I described above is certainly compelling, but many enterprise IT and networking professionals I speak with have no idea how it will play out in their environment. Networking vendors who can help these folks with the right messaging, educational services, field engineering, and systems integration will be in the best position.

Contributing Writer

Jon Oltsik is a distinguished analyst, fellow, and the founder of the ESG’s cybersecurity service. With over 35 years of technology industry experience, Jon is widely recognized as an expert in all aspects of cybersecurity and is often called upon to help customers understand a CISO's perspective and strategies. Jon focuses on areas such as cyber-risk management, security operations, and all things related to CISOs.

More from this author