Portal Home | IS News Menu | Portal Menu | ISB Menu | Main Content
Protecting the Network Immune System
28 Nov 05:28

By Mark Pearce of Enterasys Networks

Just over five years ago, at the height of the dot-com frenzy, organisations were engaged in a spending spree with servers at the top of their shopping list. These 'commodity' machines were inexpensive to purchase, but it soon became quite clearly evident that they were far from being economical to run.

The pressures of the time stemmed from the challenge of provisioning new servers in a timely and cost effective manner how to manage them more efficiently where to find the skilled staff required to do this where to find the space to maintain them and, most urgently of all, how to align server requirements against real business needs - how to avoid buying three times more capacity than was really necessary.

Today, organisations are still asking most of the same questions. The main difference in 2006 is that real progress is being made in the charge to overcome the remaining hurdles. Widespread server consolidation has already played a role in stunting the increased maintenance costs that threatened to bankrupt data centre operators five years ago virtualisation technology and its ally, blade computing, are beginning to answer the provisioning and capacity issues and new systems automation technology will soon begin to have a similarly profound effect on IT teams ability to dynamically map physical data centre resources to the practical demands of their business.

At one time, it appeared that corporate data centres were destined to become mausoleums for the legacy systems of an earlier era. It is reasonable to claim that the data centre is once again a centre for innovation. But unfortunately this innovation does not come without a price. The burgeoning mass of servers in the data centre once meant that estate costs were a significant factor. Today's data centres bring their own challenges, with security at the forefront.

The enterprise data centre is at the heart of all network IT infrastructures, with the prime objective of ensuring the secure and timely delivery of the applications that run the business. All aspects of a data centre from transport and network to IT management tools support this mandate. If an application is not available when its needed, then the data centre has failed in its primary purpose and the effects on the organisation can be significant and costly. Watertight security is therefore an absolute prerequisite.

According to industry estimates, more than 70 per cent of IT budgets are dedicated to sustaining existing application environments within the data centre. As a consequence, there are wide-scale trends to reduce total cost of ownership (TCO) by improving data centre operational efficiencies through data centre, server, and storage consolidation and the deployment of technologies such as blade systems.

These trends have led to significant changes in the underlying networking infrastructure of modern data centres, introducing requirements for technologies such as server load balancing, line-rate Gigabit Ethernet and 10-Gigabit Ethernet. These have the scalability to meet the ever-growing requirements of the enterprise marketplace. Based on past experience, organisations do consider the impact that an oversubscribed component can have on their business when determining the network design.

What organisations need is advanced interoperability and communication between applications, security technology and an integrated network infrastructure. Such an environment can support immediate data centre requirements for consolidation, business continuity and security, while enabling emerging applications and concepts such as service-oriented architectures, virtualisation, storage area networks (SAN), network attached storage (NAS), grid computing, web services, browser-based applications and many others.

A sensible approach to securing the data centre in a cost-effective manner is to prevent single points of failure. This can be achieved by adopting an architectural approach to the actual data centre infrastructure and by segmenting it into three integrated layers (the secure router layer, server aggregation layer and the wide area network). Security can be enhanced further within this environment by placing redundant paths between the layers.

The bottom line is that organisations need to realise you can have a fully secure data centre at a reasonable price, and that the days of spiralling costs and unpredictable performance are over. A lack of ongoing information from the industry means that they have been left in the dark and its time for perception to catch up with reality.

[I agree completely with Mark that an architectural approach is required. Preventing single points of failure is not enough, though. It is also necessary to prevent common-mode failures. Furthermore, Mark's argumentation only pertains to the operational level of the infrastructure. This is important but must be placed inside a business-driven enterprise security architecture - and of course supported by some sort of maturity-driving overarching maintenance and management structure. So, things are not quite as simple as suggested in the article. However the 'bottom line' is absolutely correct. --Ed].

Related links: (Open in a new window.)
External link www.enterasys.com/

View Printable View printable version (opens in new window)
Back Back