JJ'Studio - Fotolia
SDN service for sale ... from a healthcare provider?
Early NSX adopter BayState Health is weighing the possibility of a future as an SDN service provider -- using multi-tenancy to run other organizations' networks parallel to its own.
In a sense, the evolution of network architect Mike Weisse's career mirrors that of IT itself. Weisse, who worked on IBM mainframes -- the "dinosaurs" of computing -- in the 1980s, is now tackling cutting-edge software-defined networking technology as a network architect at BayState Health.
Weisse has spent the past couple of years helping the healthcare provider, based in Springfield, Mass., become an early adopter of hyper-converged infrastructure and VMware NSX. Now, he believes BayState Health may have a future as a small-scale SDN service provider, using microsegmentation and multi-tenancy to securely run other organizations' networks parallel to its own.
We spoke with Weisse to learn more about his work with VMware NSX, microsegmentation and multi-tenancy, and the possibility of an SDN service offering from BayState.
Editor's Note: This interview has been lightly edited for length and clarity.
How long have you worked in networking?
Mike Weisse: I've been doing this for 36 years now. I first started as a programmer. I was a civil engineering major in college and kind of fell into a programming course. So I wrote assembler and COBOL programs for a couple of years and then in the '80s I started doing system programming on IBM mainframes. I worked for a manufacturing company and a bank and then actually got recruited to come to BayState Health. I stayed in systems programming with mainframes until the early '90s. Pretty much nobody in the health system -- which was just a hospital at the time, called BayState Medical -- really managed the local area networks. They were scattered about in different departments. I just volunteered to pull them all together, and they were happy someone wanted to do it.
Tell me about your introduction to software-defined networking.
Weisse: A couple of years ago, we had a turnover in our leadership. We had a company come in called VertitechIT, and they were tasked with building a new data center. Our CIO decided that the data center would be too expensive, so VertitechIT had another idea -- software-defined networking.
We already had a converged infrastructure using VMware for many years, which gave us the ability to build virtual machines on a physical host. VertitechIT suggested expanding on that and becoming hyper-converged. A hyper-converged infrastructure shares storage, server and compute resources across multiple sites -- one of those sites being the new data center that we were potentially going to build out.
So that project started two years ago, using VMware NSX. NSX adds the ability to share your network the way you share your virtual machines. We also adopted vSAN, which is VMware's storage mechanism.
That was quite a big thing to throw on our plate. Personally, I had no experience with SDN. My background is in the physical network -- switches, routers and firewalls. A software-defined network takes all of those switching, routing and firewall concepts and puts them in software. That's what we had to learn.
What was that learning curve like?
Weisse: It was huge. I'm familiar with the concepts, because I've worked with switching and routing for 20 years, but putting them onto a software-defined topology and understanding that -- that was a challenge. They put some of us in a class for a week to teach us NSX, and then we had to teach ourselves the rest of it. That was quite a huge task; it was daunting. But after a while we embraced it, because it was something that was going to save us money, and give us a lot of flexibility.
When you have a virtual machine, you have the ability to move it from one physical host to another -- it's just a software function. Before we had software-defined networking, you could only do that within one site, because the IP addressing would have to change from one site to the other. You have to honor the physical layer of networking. But with software-defined networking, the address travels with it, so you can move from site to site. So that -- along with the vSAN storage component -- allows us to have redundancy and disaster recovery capabilities built right into the network.
We have a three-site software-defined network, so if we were to lose a site, everything that was running on the host at that site would come up within minutes at another site. It's pretty cool stuff. It was a big paradigm shift for us too, because the way we used to work was -- I mean we worked with the storage guys and the server guys -- but we were kind of independent of each other. We really only met and talked when we needed something from each other. Now because it's so tightly integrated, we don't do anything without talking to each other. We plan things together; we meet once a week and go through what are called Knowledge Base Articles. Those are the weekly articles that come out from VMware -- we review those together. I really enjoy the collaborative effort that we were kind of thrust into. It's been a really good thing.
What are you working on currently? I understand you could have an SDN service in the works.
Weisse: The project that I'm working on now -- which builds upon the hyper-converged infrastructure and SDN -- involves microsegmentation and Multi-tenancy. With microsegmentation, I can implement what are basically firewall rules in any of those virtual machines that are running on our software-defined network. That was something that was harder to do in the physical world, because you needed a physical separation. In this world, you're separated virtually.
Microsegmentation allows us to get so granular that I can segment it down so that a server only needs to serve a particular set of people and machines. So you don't have a server that's open to everyone in the hospital -- only to the people that it needs to be open to. That server doesn't talk to all the other servers, so you reduce your security risks that way -- from hacking or from viruses. We're under PCI rules, and so we have to segment out certain devices and machines.
We're currently moving our physical servers and our legacy virtual servers into this structure, and as we do that, we segment them. Our target for this year is to get completely off the physical hardware and our legacy virtual hardware and get everything into the software-defined network.
Multi-tenancy allows me to use the software-defined network to actually build a foundation where another company could run on the same network and use the same IP addressing, because there's a logical separation. They can share storage and server capacity on the physical host. So you could have two companies running the same network on the same physical host but be virtually separate.
Right now we are looking to -- we're a nonprofit -- but we're looking to make our infrastructure attractive to some other companies, maybe other hospitals, that might want to buy an SDN service from us. We might be able to bring revenue into the hospital. The idea is we could leverage the technology we have and get more use out of it, and it could pay for itself.
What advice would you give to young networking professionals just starting their careers?
Weisse: Embrace the new technologies. Seek out online labs, for instance -- there's so much stuff out there now. Volunteer. If you see something that nobody's really doing or needs a champion, volunteer. Don't be afraid to ask questions, and be a team player.