Early Enterprise SDN Deployments; Japan, Australia, and Wall Street by Infonetics Research
Upcoming SlideShare
Loading in...5
×

Like this? Share it with your network

Share

Early Enterprise SDN Deployments; Japan, Australia, and Wall Street by Infonetics Research

  • 800 views
Uploaded on

In this Continuous Research Service note, we respond to the industry need for practical SDN use cases ...

In this Continuous Research Service note, we respond to the industry need for practical SDN use cases
by describing early real-world applications of SDNs in enterprises, with 4 examples related to enterprise
data centers and 1 related to campus network.

More in: Technology , Business
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
No Downloads

Views

Total Views
800
On Slideshare
800
From Embeds
0
Number of Embeds
0

Actions

Shares
Downloads
11
Comments
0
Likes
1

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. Continuous Research Service Early Enterprise SDN Deployments: Japan, Australia, and Wall Street July 10, 2013 The initial development of SDN (software defined networking) was driven by a need for automation in very large scale data centers. Google was one of the earliest SDN players and is responsible for some of the initial use cases for very large-scale data centers and data center interconnect; they worked with the “Clean Slate” team at Stanford University, which is credited with inventing SDN. In this Continuous Research Service note, we respond to the industry need for practical SDN use cases by describing early real-world applications of SDNs in enterprises, with 4 examples related to enterprise data centers and 1 related to campus network. Organizations with live SDN covered in this note include: • Nippon Express (Japan) • Kanazawa University Hospital (Japan) • Fidelity Investments (US) • Goldman Sachs (US) • Ballarat Grammar School (Australia) NIPPON EXPRESS SDN is a hot topic for enterprises today. Quite a few vendors have announced and are shipping commercially available SDN-enabled software or hardware products—including SDN controllers—and more are on the way. Telecommunications equipment manufacturer NEC has been in the SDN game for several years and was one of the first manufacturers who had SDN software available for sale. One of NEC’s early enterprise customers is Nippon Express, a global logistics supplier that has been migrating toward a virtual environment but was facing operational challenges with its data center networks that prevented it from maximizing its investment in server virtualization. The problem: the fairly automated changes in the virtualized server environment require associated network changes, which had to be performed manually, a very laborious and error prone task as networks are not virtualized. These were the same challenges that drove Google to pursue network virtualization-that is, an SDN-based solution to automate operations for its data center network. While Google was working with Stanford, Nippon Express was working with NEC on the same issues. When a VM (virtual machine) was added, modified, or moved in the Nippon Express data center, physical and logical networks also had to be reconfigured, and for Nippon Express, this meant engaging onsite support from the network supplier. Their network was so complex that it would take minutes to reroute traffic in the event of an equipment error, causing certain applications to cease communication. This is a paid service intended for the recipient organization only; reproduction and sharing with third parties is prohibited. Copyright © 2013 by Infonetics Research, Inc. All rights reserved. 1
  • 2. CONTINUOUS RESEARCH SERVICE EARLY ENTERPRISE SDN DEPLOYMENTS: JAPAN, AUSTRALIA, AND WALL STREET Nippon Express’s new data center network architecture uses NEC ProgrammableFlow controllers to control NEC PF5240 switches, each supporting numerous servers. With this architecture, Nippon Express has been able to automate the process of adding VM and other tasks, enabling such tasks to be handled in-house. Now if an error occurs, the ProgrammableFlow PF8600 controller captures it, and an alternate route is automatically established—usually in less than 1 second, without interruption. According to Nippon Express, the switch to a virtualized data center with an SDN architected network has enabled the company to reduce server unit space by 70%, reduce power consumption by 80%, reduce failure recovery time by 98%, and eliminate the previous outsourcing fee. KANAZAWA UNIVERSITY HOSPITAL Another early SDN customer for NEC is Kanazawa University Hospital, which has an OpenFlow-based SDN network in its clinical laboratory. This application involves the use of SDN for multi-tenancy rather than DC operations efficiency. Prior to the SDN deployment, Kanazawa University Hospital was faced with the challenge of how to cope with the continuous introduction of new network-connected medical devices. The network was operated by hospital staff who struggled with the process of repeatedly adding new devices to the network. Complicating matters was the fact that different departments, or “tenants,” needed to isolate their data and connectivity from other divisions. Here, too, the solution was to install NEC ProgrammableFlow PF8600 controllers and PF5240 switches. Hospital staff now has visibility to the network’s physical and logical configurations, simplifying network operations. Importantly, individual departments are isolated via independent virtual tenant networks (VTNs) on the ProgrammableFlow network, thereby isolating individual VTNs from others. This is the basic principle of multi-tenancy on a single physical network. Simplifying the task of adding new devices to the network reduced the human workload since each device can be associated with the single VTN of the department that owns the device. FIDELITY INVESTMENTS Fidelity Investments is a huge private company (~40,000 employees, ~20,000,000 customers, and between $1.5T and $2T under management) and needed more automation and flexibility in their IT systems to deliver the scale they needed for expected growth. Fidelity believed that scale and complexity would outpace its ability to grow new business, so they had to make some fundamental changes. Fidelity has a legal requirement to isolate certain types of data in its DC from certain classes of users. The ability to isolate individual networks is also a capability important to supporting the company’s ongoing mergers and acquisitions. This is a paid service intended for the recipient organization only; reproduction and sharing with third parties is prohibited. Copyright © 2013 by Infonetics Research, Inc. All rights reserved. 2
  • 3. CONTINUOUS RESEARCH SERVICE EARLY ENTERPRISE SDN DEPLOYMENTS: JAPAN, AUSTRALIA, AND WALL STREET To meet scale and multi-tenancy needs, Fidelity developed a private cloud called the Click2Compute, or C2C, SDN initiative. C2C uses a basic capability of SDN to support multi-tenant shared networks within the DC. Though individual networks might share physical servers, they run on different VMs and different virtual networks. Fidelity says their DC SDN fully automates network configuration for specific applications and removes many steps necessary in routine network management and maintenance tasks while allowing flexibility to expand and contract bandwidth as necessary. Fidelity claims that with an SDN-architected network for their private cloud, they can now set up a virtual compute-storage-network infrastructure and new service in minutes, rather than in months using the previous systems. In a presentation at ONS 2013 in Santa Clara (Open Networking Summit, www.opennetsummit.org), Fidelity showed statistics of their first 11 months of C2C operation for VMs created and deleted. Overall configured capacity (including running, suspended, and stopped) sometimes increased 50% or more from one month to another. Fidelity has found it easier to deal with jumps in capacity requirements as a result of the extra flexibility that the SDN network enables for its private cloud in terms of deleting network or server capacity that is no longer needed. Their stats showed that more VMs were deleted than were added to the DC. Fidelity has obtained lower-cost commodity switches that employ merchant silicon. They ported Linux tools onto those switches to help configure and manage the network. Multi-tenancy and secure access controls are important enablers to the software-as-a-service (SaaS) offerings that Fidelity increasingly uses to support the sales process or sales to customers. GOLDMAN SACHS Goldman Sachs (GS) is ready to go live with the SDN network it has been talking about for several quarters. The company has not offered many details about its SDN initiative, but clearly it is deeply involved with SDN as GS is on the Board of Directors of the ONF, and executives have presented at several SDN shows over the past year, including at least one that required international travel. Goldman Sachs faces many of the same issues outlined by Fidelity. At a presentation at the 2012 SDN and OpenFlow World Congress in Darmstadt, Germany, an executive said GS was pursuing SDN with the goal of being able to rapidly introduce new services and to reprogram topology and configuration in real time, among other things. (See my December 17, 2012 CRS note Real SDN Deployments and the Big "But" of SDNs: Takeaways from the 2012 SDN and OpenFlow World Congress for additional details.) GS’s SDN network will use an OpenFlow-based controller with northbound application programming interfaces (APIs) to internally develop applications as well as third-party and operations support (OS) apps. Internally developed applications include load balancing, cloud orchestration, and application HA (high availability), while third-party and OS applications include firewall, policy management, matrix switching, and traffic engineering. This is a paid service intended for the recipient organization only; reproduction and sharing with third parties is prohibited. Copyright © 2013 by Infonetics Research, Inc. All rights reserved. 3
  • 4. CONTINUOUS RESEARCH SERVICE EARLY ENTERPRISE SDN DEPLOYMENTS: JAPAN, AUSTRALIA, AND WALL STREET The controller will have third-party southbound APIs (at least OpenFlow) to the network data plane devices, including software switches, network devices, and white boxes. Standardized interfaces allow agility and the de-coupling of architectures. GS notes that abstractions emphasize services rather than lower-layer semantics and service zones and physical topology. Goldman Sachs sees abstraction, standard interfaces, and policy definition as critical to SDN and believes this combination will ultimately decrease network operating expenses and improve time to market for new network-based offerings. BALLARAT GRAMMAR SCHOOL Along with NEC, Hewlett Packard was one of the earliest network equipment manufacturers to embrace the SDN concept. HP was the first company to put OpenFlow in its switches and focus on the enterprise DC front. They have 29 OpenFlow-enabled switches, representing virtually their entire enterprise product line. The company claims more than 15M installed OpenFlow-enabled ports and has an SDN controller box and 3 different software apps on the market. An example of how HP’s SDN-enabled equipment is being used comes from Ballarat Grammar, a large regional school with multiple campuses in Australia. The school has more than 1,400 students and 200 staff members. The school pursued SDN because it wanted to enhance network visibility and control. The network had a mixture of managed devices and “bring your own” devices owned by network users—that is, the students. It is not a surprise that the network was experiencing an increased incidence of malware and infections. Ballarat Grammar is using HP’s Sentinel Security application running on the HP Virtual Application Networks SDN controller and on HP 3800 series switches located in 5 boarding houses and 95 classrooms. The Sentinel application combines OpenFlow-enabled network devices with security intelligence from the HP Tipping Point Reputation Digital Vaccine, or RepDV, database. The school also deployed the HP Intelligent Management Center, which provides a single view of equipment from multiple manufacturers. Sentinel Security provides real-time threat detection, increasing visibility to threats and enabling more proactive IT response to those threats. The application called the school’s attention to a need to supplement its antivirus and content filtering capabilities. Previously, the school spent days manually identifying network infections and their origination points when students returned from summer break. The new security software gives staff members the ability to automatically locate and flag infected devices connected to the campus wired or wireless networks. Another important benefit to the school was to enhance student productivity through “blacklisting.” In this case, social networking applications such as Facebook are turned off during class time. This is a paid service intended for the recipient organization only; reproduction and sharing with third parties is prohibited. Copyright © 2013 by Infonetics Research, Inc. All rights reserved. 4
  • 5. CONTINUOUS RESEARCH SERVICE EARLY ENTERPRISE SDN DEPLOYMENTS: JAPAN, AUSTRALIA, AND WALL STREET Some people may not be impressed by the Ballarat Grammar application because of the network’s relatively small size. But this application illustrates one important concept: you don’t have to be a huge multi-national organization to benefit from SDN. THE BOTTOM LINE SDN originated in enterprise data centers but is now also included the campus LAN. With practical use cases, SDN is here to stay. We highlighted how several companies whose data centers are business-critical—including, Nippon Express, Fidelity Investments, and Goldman Sachs—are embracing the SDN concept and seeing substantial business results. Benefits include the ability to automate the process of configuring new applications and services, as well as enhanced network visibility and simplified network management. Some companies are also better able to meet requirements to restrict network access to certain types of data by creating multi-tenant networks—that is, separate virtual networks within the data center. The ability to use SDN to create separate virtual networks is important within an enterprise campus network, as demonstrated by Kanazawa University Hospital, an early adopter of SDN. The SDN deployment at Ballarat Grammar School illustrates that even relatively small organizations can benefit from the technology. The school uses an OpenFlow-based security application to provide real-time threat detection and to prevent students from accessing Facebook during class time. As always I welcome your feedback. Michael Howard Co-founder and Principal Analyst, Carrier Networks 408-583-3351 michael@infonetics.com This is a paid service intended for the recipient organization only; reproduction and sharing with third parties is prohibited. Copyright © 2013 by Infonetics Research, Inc. All rights reserved. 5