chris - Fotolia
What to consider before you deploy NSX
An SDN like VMware's NSX can provide your organization with agility, automation, microsegmentation and cloud capabilities. However, you must still think carefully before you adopt.
The SDN market has gained traction over the years, but some organizations have struggled with implementing the technology. Problems tend to stem from managerial rather than technical issues, but companies can invest in training, evaluate their current capabilities and consider future requirements to minimize any potential misstep. VMware offers NSX as a simple, easy-to-use software-defined networking platform.
VMware NSX offers many potential benefits, but it can be difficult to deploy and manage. To get the most out the platform when they deploy NSX, organizations must determine whether they require an SDN, then take steps to invest in their staff, evaluate their application needs and start implementation processes slowly.
Does your company need a SDN?
Corporate interest in SDNs continues to rise: Revenue will increase from $3.9 billion in 2018 to $7 billion in 2023, with a 12.3% compound annual growth rate, according to the IDC.
However, the market research firm, based in Framingham, Mass., lowered its growth rate projections in its last market update, according to Brad Casemore, a research vice president at IDC.
"Workloads determine whether or not an enterprise needs an SDN," Casemore said.
SDNs are built for dynamic workloads -- those that continuously change -- but many business applications remain static. Legacy, premises-based data center systems move information in set patterns, so many corporations do not require the dynamism that SDNs deliver.
Cloud configurations, however, do change frequently. Cloud-based applications utilize virtualization, containers and microservices and make a better fit for NSX.
Invest in the staff
"When moving to an SDN, corporations need a plan for their technical teams as well as the computer systems," Casemore said.
SDNs introduce new technology, such as network virtualization; cloud technology, including containers and microservices; as well as automation and multi-cloud connectivity. Most legacy system technicians do not have familiarity with these concepts. Consequently, they must get educated to understand both the similarities and differences between the "old-school" networking approach and "new-school" systems such as NSX.
Brad Casemore Research vice president, IDC
The move to software-defined data centers breaks down the traditional IT system silos of servers, virtualization, networking and storage. As a result, modern IT staff must understand the complete computer infrastructure rather than specialize in one or two elements. When working with NSX, staff must not only possess deep and specific networking knowledge -- for example, how Layer 2 and Layer 3 operate -- but also application dependencies.
"Investing time and money in training is always up to management," said Dan Rheault, product manager of security solutions at Tufin, a network security company based out of Boston. "Sometimes, corporations do not provide enough time or money for their IT staff to develop new skills."
Make security a high priority
Organizations often adopt a SDN to gain agility -- the ability to deploy network resources more quickly -- but they also must ensure they take that step in a secure fashion. SDNs introduce virtual network security policies not tied to specific devices. Implementing such policies consistently can create security challenges.
With virtual networking, spinning up new connections becomes easier. In effect, devices can establish connections in a free-form manner, meaning any device can connect to any other device. Organizations must understand not only what device communicates with what other device, but also ensure that when these devices make those connections, the new elements adhere to company security policies.
Microsegmentation breaks the network up into small pieces, so businesses can put extra security checks around the elements that carry the most sensitive information. Businesses can also use an overlay network with SDNs. An overlay network runs on top of the physical network infrastructure and ensures only authorized individuals can work with confidential information.
Start slowly
SDNs like NSX are designed for large, complex corporate networks. Organizations often have trouble determining where to start with their SDN deployments. They sometimes try to do too much too soon by replacing all of their network functionality in one fell swoop.
"Corporations need to start small, maybe even a prototype in a test lab, so they get a taste of how SDNs work," said Roi Alon, product manager at Tufin. Once the business gains experience, it can extend NSX to more use cases.
When making the change, businesses sometimes take the easiest path: migrating their existing network infrastructure to the new environment.
"Not making any changes to the network configuration replicates the business's technical debt," Rheault said.
When organizations do this, they often miss the opportunity to examine the network, identify weak areas and make improvements. Rather than simply lift and shift their infrastructures, companies should retool existing processes, automate manual functions and ensure policy compliance more consistently before they deploy NSX.