With the need for speed becoming greater than ever, in IT terms, there is increasing interest in virtualised, cloud computing to deliver new levels of operating speed to organisations on a global basis.
As a result, practical investments in the cloud are proliferating as more organisations move away from traditional, dedicated server deployments to environments designed to optimise and accelerate public, private and hybrid cloud services.
Two of the early barriers to the widespread adoption of cloud computing were the old bugbears; security and privacy, the top-ranking concerns in most surveys of IT decision-makers around the world.
Early cloud applications, such as software as a service (SaaS), had to rely on separate user accounts or the strict maintenance of individual databases in order to achieve data segregation together with a reasonably acceptable level of security and privacy. More sophisticated cloud-based incarnations, such as platform as a service (PaaS) and infrastructure as a service (IaaS), provide improved security through data segregation in both data sets and on individual network components.
Stepping back
However, in order to further ramp up security in the cloud, network architects are now taking a step backward by first building multi-tenant networks in the corporate data centre environment.
Multi-tenant networks, as opposed to single-tenant or dedicated networks, are segmented and logically divided into smaller, isolated networks. They are ideally placed to prepare an organisation's infrastructure for the all-important leap into the cloud.
Network managers should already have the fundamentals of a multi-tenant network strategy in place.
Martin May is regional director of Enterasys Networks.
An apt description of multi-tenant networking comes from author and technical editor, Michael Brandenburg, who, on SearchNetworking.com, says: “...like tenants in an apartment complex, multi-tenant networks share the physical networking gear but operate on their own network without any visibility into the other logical networks. While the capability to separate networks into logical units has been available for some time through the use of VLANs and virtualised data centres, cloud computing concepts have brought multi-tenancy back to the attention of network administrators.”
Steady on
A key advantage of a multi-tenant model is its inherent stability. This is beneficial when an organisation moves from the corporate realm into the cloud. By taking the multi-tenant model with it into the cloud, the security of local data and applications during the transition phase is enhanced - as well as the privacy of critical information.
Ted Schadler, writing for the Forester Research blog on ZDnet, says the future of cloud-based collaboration is clearly multi-tenant for two economic reasons: “Multi-tenant enables the fundamental economic benefits of a shared resource... and multi-tenant is a much faster way to deploy improvements.”
Because there is a single instance of the code in a multi-tenant cloud solution, says Schadler, the innovation is continuous, incremental and globally available.
Seeing the value of the cloud, network managers are, in my opinion, more likely to opt for a cloud/multi-tenant solution to resolve specific problems - rather than put the ball in the court of their IT departments.
This means many network managers should already have the fundamentals of a multi-tenant network strategy in place together with an approved approach to isolating network traffic within their environment.
Perhaps the easiest approach is to isolate application servers on an independent physical network. However, it might be too simplistic a strategy, bearing in mind that in today's age of server virtualisation, limiting access based on physical ports is not a practical choice.
Brandenburg suggests a more matter-of-fact alternative. He says it is preferable to define virtual switches (vSwitches) for each application. “As with physical switches, vSwitches can put all relevant virtual machines together on one logical switch. The advantage of this approach is that like the virtual machines themselves, vSwitches could move within the cloud environment.”
Another Brandenburg option is configuring VLANs while creating separate networks for each of the applications in the cloud deployment.
“By defining VLANs on physical switches or enabling 802.1Q VLAN tagging on virtual switches, the network administrator can isolate traffic between any mix of physical and virtual machines,” he explains, adding that the only limiting factor on the VLANs would be the maximum number of configurable VLANs available on either the physical switches or virtual switches within the data centre.
An important step towards the formulation of a multi-tenant network is the development of an 'application-aware' network. Such an infrastructure will need to be cognisant of the performance and security demands of each application deployed and be able to facilitate their operation within the boundaries of these parameters.
Moreover, such an infrastructure must be truly supportive of the strict security/privacy levels within today's cloud. For example, it will be aware of the source and destination of every data packet and it will understand the requirements of the applications associated with each packet.
In an application-aware network, all the applications would become the tenants on the network, receiving the appropriate isolation and security based on each application's specific requirements. The readiness of this infrastructure for cloud deployment would be complete.
* Join Martin May on Facebook: http://www.facebook.com/martin.may.enterasys
Share