The state of SDN: A cure for your hybrid cloud management headache?

The benefits of moving elements of your IT operation to the cloud are only as compelling as your network is stable and flexible. If you have a hybrid cloud infrastructure, you will be moving workloads, data, and applications between on-premises resources and those residing with your public cloud vendors—and that’s where the networking challenges lie.

Unless you're a Google, Amazon, or Facebook, you can’t afford to develop your own operating system to do hybrid cloud network management (HCM). And you certainly don’t need to optimize every aspect of your network just to keep traffic flowing smoothly. 

Could software-defined networking (SDN) provide the answer? At first blush it looks like an appealing, less cumbersome solution to today’s basic network management challenges with hybrid cloud. And it has gotten more attention over the past two years, as more organizations have adopted hybrid cloud and tasked their network engineers with figuring out the basics of connectivity, reliability, and security.

Here's a look at the state of SDN technology and practices, and the promises—and challenges—it presents for hybrid cloud management.

Ovum Decision Matrix for Multicloud and Hybrid Cloud Management 2018-19

SDN's long, slow trip

Since arriving on the scene about eight years ago as a Stanford University experiment, SDN has seen a slow but steady rate of adoption. It's been slow because networks are not easy to change. The wholesale ripping and replacing of routers isn't going to happen until the current generation reaches end of life. But the driver behind SDN adoption has been the increasing need for IT organizations to react to changing business demands, and how the network supports those demands.

If you need to create a more dynamic network in order to be more responsive to the rapidly changing needs of line-of-business managers, SDN might be an attractive option. It promises speed, some degree of automation, and a less error-prone, more secure method for network configuration.

If all you need to change is one router’s interface, traditional networking methods are just fine. (With SDN, you still have to program the router’s controller.) But if you need to make a change to 100 routers—a process that can take days, or even weeks—then SDN may be a good alternative.

What's SDN really good for?

“SDN means different things to different organizations,” says Zeus Kerravala, founder of and principal analyst with ZK Research. Businesses as large as Amazon or Facebook want to customize their software stack and run it on commodity hardware, all optimized for their highly specific network environment.

But most businesses want something simpler. They want to automate many, if not all, of the processes associated with running the network from a centralized console, and propagate that across the network, he said. "This works fine through a networking vendor’s API. It’s more turnkey, and for most companies the tuning doesn’t have to be so customized.”

The difference between those two scenarios is what happens at the router. With the highly customized approach, the network engineer uses a different command-line interface (CLI) for each hardware device. With SDN, software can drive the changes and do them programmatically. Every time there’s a prompt to change individual or multiple switches, the rules set up by the command-line layer within an SDN-enabled router can make the changes in a more automated fashion.

If your business model is so competitive that your network needs a more highly tuned set of changes—analogous, in the programming world, to dropping into assembly language and optimizing your code at the machine level—you can do that. You can issue a command that talks directly to the hardware. Most businesses just don’t need that level of tweaking, says Kerravala.

“Most companies don’t want to go through the process of, say, writing their own operating system, having to find support people for that, having to keep things up to date,” Kerravala says. One company he worked with estimated that a customized solution would cost five times as much as a turnkey system from a major network switch vendor. Most of that cost is operational.

“So you pay a little more up front for the turnkey hardware, but you cut down on your operational costs, even if that means a hardware refresh. That one-time expense is a much smaller part of TCO when it comes to networking.”
Zeus Kerravala

SDN and hybrid cloud management: The opportunity

So, your network doesn’t have to be as optimized as Facebook’s; most businesses simply need a hybrid cloud network that’s reliable. But is SDN going to help you manage it?

Vaibhav J. Parmar, networking and infrastructure consultant and partner with Pricewaterhouse Coopers (PwC), said that a hybrid cloud model does not always imply a need for SDN. He stressed that application architecture and refactoring could also play a role in whether SDN can be successful.

"[The] more you intend to use APIs, microservices, and container-based solutions, the better the opportunity for SDN."
Vaibhav J. Parmar

“The growing popularity of the hybrid cloud is a big reason we’ve seen the rise of overlay networks from vendors like VMware, with NSX, or CloudGenix,” says Andre Kindness, principal analyst with Forrester Research. (An overlay network may consist of virtual or logical links and sits on top of an underlying network.) 

While overlays are nothing new, they can solve some network configuration problems when workloads need to be redistributed across a hybrid cloud. But overlays rely on tunneling techniques.

"Ultimately, we know that tunneling is not the best approach. But it’s one way to make things work today. Some people are using these and calling that SDN for the hybrid cloud.”
Andre Kindness

Organizations using overlays are simply trying to make network connections easier. Kindness points to the current confusion regarding how to manage a hybrid cloud from a hardware and software perspective. Network overlays, he says, are a way to circumvent that.

They’re being used to deal with data center and cloud issues at the same time. You can put a virtual private cloud back at your data center inside the hypervisor, with a virtual switch on each side, and not deal with the router, he said. "If you want to connect two virtual networks, say Azure and AWS, the short-term answer is to tunnel across the hardware environments to connect the two virtual environments.”

Challenges persist

While the benefits of overlay networks and multi-cloud usage are clear to some, Jeff Loughridge, co-founder of Konekti, a Virginia-based cloud networking consultancy, says few companies he works with are actually doing that. “When they work with multiple clouds, they’re very workload-selective. For example, their web infrastructure might be AWS. But because of their ties to Microsoft over the years, they might have a tie-in with Azure."

Loughridge said his customers are really just trying to connect to the cloud. The things he sees are very basic in terms of networking.

“The CEO goes to a conference and decides, ‘All right, the next move for us is to shift our spending from capital expenditure to operational expenditure, take advantage of the flexibility and agility of the cloud.’ But they don’t know what’s secure and what’s not. They wonder if they can connect directly, or if they can get away with a VPN.”
Jeff Loughridge

For businesses just beginning to use the cloud for that flexibility, startup consultants such as Konekti have plenty to do just making sure the on-site infrastructure is cloud-ready and that they don’t have decades-old technology that's heavy on switched Ethernet networks or other features that inhibit the ability to transfer data back and forth between cloud and on-premises resources.

These organizations are not yet thinking about SDN. “We help them think about how to move workloads securely into the cloud from a networking perspective,” says Loughridge.

Understanding the software part of SDN

One reason SDN is being neglected at some businesses is the basic lack of software knowledge among networking engineers. “Many networking engineers I talk to have never even made an API call,” says Kerravala. “They look at the various APIs from the network vendors and are uncertain what to do. Plus, they’re all built differently.”

Nevertheless, the APIs available with networking hardware make reconfiguration easier than using a CLI, which requires writing a custom script. “If you want to automate something, and you do it through a vendor’s API, it’s a lot more efficient,” he says. “You’re protected in that you’re not going to accidentally disrupt some process that’s running, for example.”

Most SDN vendors support Puppet and Chef for configuration management. Network engineers don't need to become software developers, but for those willing to learn how to converse with SDN controllers by way of APIs, these tools can make the automation of business rules easier.

For SDN to become a staple in hybrid cloud management, there needs to be more education around the new types of relations between applications, infrastructure devices, and users, says PwC's Parmar. "These are driven by cloud services, including virtualized functions and container-based code. Network engineers need to become cloud-aware and cloud-native for SDN to be aligned with the [public, private, and hybrid] cloud journey."

The future of the virtualized network

Although SDN's capabilities are still in their infancy, the technology is growing in popularity. A recent study by Dimensional Research shows that a majority of businesses (57%) have either deployed or are in the process of deploying SDN within their networking infrastructure. One of the greatest impacts is that SDN has changed the way network architects are planning their future infrastructure.

Frank Bonifazi, who tracks the networking domain and works with the networking products team at Micro Focus, said it is a very complex and fast-changing landscape.

“We’re not nearly done with the technologies on which to build hybrid clouds. It’s really the intersection of the host and network worlds and will take a long time to resolve to the best model.”
Frank Bonifazi

The latest model, still mostly theoretical, is “intent-based networking” (IBN), embraced by Anuta Networks (NCX), Cisco, and several other hardware vendors. It’s a forward-looking concept that Kerravala compares to self-driving cars.

“In the future, you’ll hop in a car that has no steering wheel and state where you want to go. We are nowhere near that capability yet in self-driving vehicles. At the same time, we have some of that capability today. Parallel-park assist, you can argue, is a much-used aspect of self-driving.”

If the vision behind IBN is a network that truly runs itself, we’re far from that reality. But Cisco is automating certain tasks that have been hard for network and security teams alike. For example, its encrypted traffic analysis (ETA) solution offers a way to collect data, analyze it, and find malware in encrypted traffic. “I suppose you could do that manually, but it would be very difficult,” Kerravala says. “This is one example of intent-based networking, but it’s about as much coverage as parking assistance is to the driverless car.”

While we’re at the very early stages of intent-based capability, he believes Cisco and others will add more capability over time. “With IBN in place, I might issue the intent, ‘All IoT devices need to move to this new secure zone.’ But if the secure zone doesn’t extend to the area I have designated, the IBN will either reconfigure the new zone or let me know this isn’t possible.”

Hybrid cloud and SDN: The bottom line

For today’s hybrid clouds, the network matters more than ever. Network performance determines the operation and effectiveness of your cloud environment. The network needs to interoperate with your applications, the compute stack, and your data storage requirements.

“All three need to have an equal level of agility. If you have a highly agile storage platform, where you can move data back and forth, but your network can’t change on the fly, then that’s a hindrance for your business.”

Analyst firm Gartner has gotten behind the IBN vision and has suggested that SDN is yesterday’s approach to network management. But most experts said SDN is so new that IBN is just the latest possibility for what SDN might eventually become.

If hybrid cloud is going to live up to its promise of flexibility and greater affordability, the evolution of software-defined networking capability may well determine the success or failure of any hybrid cloud initiative. Given that so many companies are turning to SDN as a way to improve their networks, there's good reason to learn more about it and determine if SDN is right for your organization's needs. 

What are your experiences and plans regarding software-defined networking? Has it become part of your IT environment—or are you considering it? Post your comments below.

Hybrid Cloud: New Challenge For Monitoring Solutions