This presentation everything you need to know about SDN architectures including the following topics: - 5 Essential Elements of SDN architectures - 6 Business benefits of software-defined network solutions - Why software-defined networking is the future of legacy data centers **Originally published here: https://info.5nine.com/webinar-sdn-management-and-security-best-practices

1. www.5nine.com
Tips, Tricks and Proven Methodologies to Simplify
Software-Defined Networking (SDN)Across
Private and Public Clouds

2. 5nineUnified CloudManagement andSecurity Platform
We simplify, centralize and secure the Microsoft Cloud – public, private and hybrid – so both enterprise IT and Service
Provider customers can focus on accelerating their business.
Certified for Windows Server 2016, 2012 R2, 2012, Microsoft Hyper-V, Microsoft Azure
1,000+
Customers
100+
Countries
100K+
Cloud & Virtualization
Administrators
5M+
Virtual Machines Managed &
Protected
ReduceSDNCosts.Accelerate SDNTimelines.

3. Agenda
Software Defined Networking (SDN) 101
• What is SDN?
• Who’s Responsible for SDN?
• Why Choose SDN?
• Potential SDN Challenges
Best Practices for SDN Configuration
• Planning
• Implementation
SDN Management Made Easy (HINT: Monitoring)
• Traditional Network Management vs. SDN
• SDN Management Best Practices
3 SDN Misconfigurations You Don’t Want to Make
• Common SDN Threats
• Common SDN Security Mistakes
• SDN Security Best Practices
How 5nine Can Save You Thousands of Hours Configuring
and Managing SDN
• What Sets 5nine Apart for SDN
• 5nine Demonstration
Closing Comments and Next Steps
• Q&A
• Next Steps
• Amazon Gift Card Giveaways

4. Traditional Networking Software Defined Networking
Functionality implemented through a
dedicated hardware appliance
Decouples hardware from software
(separates the control plane from the data plane)

5. Traditional Networking Software Defined Networking
Functionality implemented through a
dedicated hardware appliance
Decouples hardware from software
(separates the control plane from the data plane)
Uses routers, switches, firewalls or
application controllers
Control plane determines were to send traffic and how
the network is administered

6. Traditional Networking Software Defined Networking
Functionality implemented through a
dedicated hardware appliance
Decouples hardware from software
(separates the control plane from the data plane)
Uses routers, switches, firewalls or
application controllers
Control plane determines were to send traffic and how
the network is administered
Each appliance must be manually configured
or updated by an IT admin
Data plane carries out decisions made in the control
plane/console and forwards traffic

7. Traditional Networking Software Defined Networking
Functionality implemented through a
dedicated hardware appliance
Decouples hardware from software
(separates the control plane from the data plane)
Uses routers, switches, firewalls or
application controllers
Control plane determines were to send traffic and how
the network is administered
Each appliance must be manually configured
or updated by an IT admin
Data plane carries out decisions made in the control
plane/console and forwards traffic
100%
Centrally Managed

8. Who is Responsible for Network
Configuration?
Virtualization Admin
Hardware Defined Model

9. Storage Admin
Who is Responsible for Network
Configuration?
Virtualization Admin
Hardware Defined Model

10. Storage Admin
Who is Responsible for Network
Configuration?
Virtualization Admin
Hardware Defined Model
Network Admin

11. Who is Responsible for Network
Configuration?
Virtualization Admin
Software Defined Model
Higher
ROI

12. Who is Responsible for Network
Configuration?
Virtualization Admin
Software Defined Model
Knows how to bring up servers and virtual machines
Higher
ROI

13. Who is Responsible for Network
Configuration?
Virtualization Admin
Software Defined Model
Knows how to bring up servers and virtual machines
Knows how to bring in storage (which is essentially on the network now)
Higher
ROI

14. Virtualization Admin
Software Defined Model
Knows how to bring up servers and virtual machines
Knows how to bring in storage (which is essentially on the network now)
Know how to interact with physical hardware
Higher
ROI
Who is Responsible for Network
Configuration?

15. Who is Responsible for Network
Configuration?
Virtualization Admin
Software Defined Model
Knows how to bring up servers and virtual machines
Knows how to bring in storage (which is essentially on the network now)
Know how to interact with physical hardware
Know how to interact with open standards and protocols such as BGP
Higher
ROI

16. Who is Responsible for Network
Configuration?
Virtualization Admin
Software Defined Model
Knows how to bring up servers and virtual machines
Knows how to bring in storage (which is essentially on the network now)
Know how to interact with physical hardware
Know how to interact with open standards and protocols such as BGP
Higher
ROI

17. Advantages of SDN
 Increase operational agility and scalability
• More efficiently manage network resources
• Add bandwidth “on demand”
• Program directly into the software layer

18. Advantages of SDN
 Increase operational agility and scalability
• More efficiently manage network resources
• Add bandwidth “on demand”
• Program directly into the software layer
 Centralize network management
• Manage entire network as a single unit
• Enterprise-wide optimization and planning, including dynamic network reconfiguration
• Provides a single place for apps to interact (auth, etc.)
• Provides a centralized security control point where security information can be distributed evenly through
business networks across multiple sites

19. Advantages of SDN
 Increase operational agility and scalability
• More efficiently manage network resources
• Add bandwidth “on demand”
• Program directly into the software layer
 Centralize network management
• Manage entire network as a single unit
• Enterprise-wide optimization and planning, including dynamic network reconfiguration
• Provides a single place for apps to interact (auth, etc.)
• Provides a centralized security control point where security information can be distributed evenly through
business networks across multiple sites
 Exert external control
• Enables network apps
• Provides easy integration to leverage existing knowledge, experience and tools

20. Advantages of SDN
 Vendor neutral with an open-standards base
• Reduces risk of getting locked in on the technical side because of vendor-specific hardware requirements
• Can interface with NetFlow’s, OpenFlow’s and others from switch manufacturers

21. Advantages of SDN
 Vendor neutral with an open-standards base
• Reduces risk of getting locked in on the technical side because of vendor-specific hardware requirements
• Can interface with NetFlow’s, OpenFlow’s and others from switch manufacturers
 Easier to maintain
• Reduces the need for hardware refreshes and manual updates

22. Advantages of SDN
 Vendor neutral with an open-standards base
• Reduces risk of getting locked in on the technical side because of vendor-specific hardware requirements
• Can interface with NetFlow’s, OpenFlow’s and others from switch manufacturers
 Easier to maintain
• Reduces the need for hardware refreshes and manual updates
 Lowers barrier of entry
• Network hardware becomes a commodity, driving down costs

23. Challenges of SDN
 Controller reliability and stability

24. Challenges of SDN
 Controller reliability and stability
 Unexpected interactions between features

25. Challenges of SDN
 Controller reliability and stability
 Unexpected interactions between features
 Controller security (runs on a general purpose computer and OS)

26. Challenges of SDN
 Controller reliability and stability
 Unexpected interactions between features
 Controller security (runs on a general purpose computer and OS)
 Network sprawl
• SDNs virtual nature can make it tempting to create countless network segments, but each new network
segment introduces its own risk and security requirements

27. Challenges of SDN
 Controller reliability and stability
 Unexpected interactions between features
 Controller security (runs on a general purpose computer and OS)
 Network sprawl
• SDNs virtual nature can make it tempting to create countless network segments, but each new network
segment introduces its own risk and security requirements
 Service or application sprawl
• New services can introduce security threats as programmers and network administrators may unwittingly
introduce at-risk code
• The introduction of new services can extend the threat network wide through a centralized or partially
distributed controller

28. How to Plan for SDN
1
Determine if your environment will match hardware
and software prerequisites

29. How to Plan for SDN
1
2
Determine if your environment will match hardware
and software prerequisites
Map out your proposed network

30. How to Plan for SDN
1
3
2
Determine if your environment will match hardware
and software prerequisites
Map out your proposed network
Plan routing between networks

31. How to Plan for SDN
1
3
2
4
Determine if your environment will match hardware
and software prerequisites
Map out your proposed network
Determine vland or subject access
Plan routing between networks

32. How to Plan for SDN
1
3
5
2
4
Determine if your environment will match hardware
and software prerequisites
Map out your proposed network
Determine vland or subject access
Plan routing between networks
Map out access controls (including roles)

33. How to Plan for SDN
1
3
5
2
4
6
Determine if your environment will match hardware
and software prerequisites
Map out your proposed network
Determine vland or subject access
Address spaces on the vnet
Plan routing between networks
Map out access controls (including roles)

34. How to Plan for SDN
1
3
5
7
2
4
6
Determine if your environment will match hardware
and software prerequisites
Map out your proposed network
Determine vland or subject access
Address spaces on the vnet
Plan routing between networks
Map out access controls (including roles)
Determine peering

35. How to Plan for SDN
1
3
5
7
2
4
6
8
Determine if your environment will match hardware
and software prerequisites
Map out your proposed network
Determine vland or subject access
Address spaces on the vnet
Analyze projected traffic
Plan routing between networks
Map out access controls (including roles)
Determine peering

36. SDN Implementation
 Build out your software-defined networks

37. SDN Implementation
 Build out your software-defined networks
 Build resource groups (applications, etc.)

38. SDN Implementation
 Build out your software-defined networks
 Build resource groups (applications, etc.)
 Build out your vnet(s)

39. SDN Implementation
 Build out your software-defined networks
 Build resource groups (applications, etc.)
 Build out your vnet(s)
 Perform comprehensive testing
• Sample methods (note: vnets lack built-in testing tools)
 Build a VM for testing purposes
• Put the VM on the network
• Use Apache and open port 80
• Create a new VM and use it to ping the original VM
• Open SSH (secure shell) and use port 22
• Use the Azure Serial Console (currently in preview), especially for Linux VMs
 Compare VM to historical stats
• Look at stats such as data disks, max IPS, local SSD, and load balancing

40. Traditional Networking Management SDN Management
Set up well-known protocol parameters and
track configuration changes
Configure customized and ever-evolving software, setup data
and control plane
Management: Traditional vs. SDN

41. Traditional Networking Management SDN Management
Set up well-known protocol parameters and
track configuration changes
Configure customized and ever-evolving software, setup data
and control plane
Set up alternate routs in case of failure Configure alternate forwarding device behavior in case
of failure
Management: Traditional vs. SDN

42. Traditional Networking Management SDN Management
Set up well-known protocol parameters and
track configuration changes
Configure customized and ever-evolving software, setup data
and control plane
Set up alternate routs in case of failure Configure alternate forwarding device behavior in case
of failure
Assign and reserve bandwidth. Enforce quality of
service configuration
Monitor performance of network applications and adjust
connection quality between data plane and control
plane
Management: Traditional vs. SDN

43. Traditional Networking Management SDN Management
Control network access and prevent intrusion,
spoofing and DoS attacks
Use cloud security components, such as virtual firewalls, to
grant isolation to network applications, prevent
eavesdropping and capture of traffic
Management: Traditional vs. SDN

44. SDN Monitoring Tips
 Monitoring
• Important metrics to monitor:
 Ingress and egress of vnets

45. SDN Monitoring Tips
 Monitoring
• Important metrics to monitor:
 Ingress and egress of vnets
 Ingress and egress of your nics

46. SDN Monitoring Tips
 Monitoring
• Important metrics to monitor:
 Ingress and egress of vnets
 Ingress and egress of your nics
 Load balance network w/ a load balancer (Microsoft or 3rd party)
• Ensure the load matches your policy
• Easy to misconfigure

47. SDN Monitoring Tips
 Monitoring
• Important metrics to monitor:
 Ingress and egress of vnets
 Ingress and egress of your nics
 Load balance network w/ a load balancer (Microsoft or 3rd party)
• Ensure the load matches your policy
• Easy to misconfigure
 Monitor uptime of solutions/ services
• Ensure it is functioning at the application level and all the way down to the network layer

48. Common SDN Threats
 SDN specific threats (implement general security best practices and use cloud security solutions)
• Manipulation of information (data forging)
• Software, firmware, and API exploits
• Remote SDN app exploits
• Malicious software like viruses and malware
• Unauthorized access
• Traffic sniffing and diversion

49. Common SDN Threats
 SDN specific threats (implement general security best practices and use cloud security solutions)
• Manipulation of information (data forging)
• Software, firmware, and API exploits
• Remote SDN app exploits
• Malicious software like viruses and malware
• Unauthorized access
• Traffic sniffing and diversion
 General network virtualization threats (implement general security best practices)
• Virtualized host abuse
• Network virtualization bypassing

50. Common SDN Threats
 General network infrastructure threats (generally covered by cloud provider)
• Physical threats
• Damage/ loss
• Failures/ malfunctions
• Outages
• Disasters
• Legal

51. Common SDN Security Mistakes
 Using public IPs in your network

52. Common SDN Security Mistakes
 Using public IPs in your network
 Opening up network rules to the world

53. Common SDN Security Mistakes
 Using public IPs in your network
 Opening up network rules to the world
 Over-relying on open source packages without researching known or suspected vulnerabilities

54. SDN Security Best Practices
 Secure your own data
• By default, protect access to your VMs

55. SDN Security Best Practices
 Secure your own data
• By default, protect access to your VMs
 Use network security groups in Azure
• Control what objects and ports can ingress and egress
• Second layer

56. SDN Security Best Practices
 Secure your own data
• By default, protect access to your VMs
 Use network security groups in Azure
• Control what objects and ports can ingress and egress
• Second layer
 Control routing behavior

57. SDN Security Best Practices
 Secure your own data
• By default, protect access to your VMs
 Use network security groups in Azure
• Control what objects and ports can ingress and egress
• Second layer
 Control routing behavior
 Enable forced tunneling

58. SDN Security Best Practices
 Deploy virtual network appliances and DMZs
• Use built-in virtual firewalls or 3rd-party firewalls
• Use a security solution that includes capabilities such as:
 Intrusion detection
 Vulnerability management
 Application control
 Network-based anomaly detection
 Web filtering
 Agentless Antivirus
 Botnet protection

59. SDN Security Best Practices
 Deploy virtual network appliances and DMZs
• Use built-in virtual firewalls or 3rd-party firewalls
• Use a security solution that includes capabilities such as:
 Intrusion detection
 Vulnerability management
 Application control
 Network-based anomaly detection
 Web filtering
 Agentless Antivirus
 Botnet protection
 Avoid exposure to the Internet with dedicated WAN links

60. SDN Security Best Practices
 Deploy virtual network appliances and DMZs
• Use built-in virtual firewalls or 3rd-party firewalls
• Use a security solution that includes capabilities such as:
 Intrusion detection
 Vulnerability management
 Application control
 Network-based anomaly detection
 Web filtering
 Agentless Antivirus
 Botnet protection
 Avoid exposure to the Internet with dedicated WAN links
 Optimize uptime and performance
• Use load balancing

61. SDN Security Best Practices
 Disable RDP access to Azure VMs

62. SDN Security Best Practices
 Disable RDP access to Azure VMs
 Manage VM security posture and consistently monitor VM performance

63. How 5nine Simplifies SDN Management
Demo!

64. THANK YOU!
Questions?
Contact us:
sales@5nine.com
Learn more:
https://www.5nine.com/5nine-
manager-datacenter/