NETWORK VIRTUALIZATION
Instructions:
Guidelines for the format of the paper are as follows:
• The paper should be 10-12 pages of text in length. (This minimum and maximum length should not include the title page, separate figures and tables, or the list of references);
• The paper should include a one paragraph abstract, an introduction, and a conclusion – think as if you were writing for a professional journal;
• The paper should use APA format (double-spaced, 12-point Times New Roman font, one inch margins, page numbers with running head in upper right corner, section titles, citations, and references in accordance with the APA standard).
Solution
NETWORK VIRTUALIZATION
Business and IT sectors demand an IT infrastructure that is not only more dynamic and responsive to the rapid speed of business and IT transactions, but also less costly. Dynamism means the ability to bring forth new applications at a pace which is responsive to market demands while fostering and promoting competitive differentiation. For many organizations, managing down IT expenditures as a fraction of revenue is a top priority. To meet these industry needs IT experts resorted to virtualization technology and services. These emergent technologies represent a new IT epoch, which redefined existing notions and IT deployment systems (Wen, Tiwary & Le-Ngoc, 2013).
Network virtualization connects hardware-based connectivity services to a business system providing a wide array of IT services that have commercial and corporate value. Network virtualization enables improved application performance by dynamically increasing network asset usage while minimizing operational needs. There are various aspects of network virtualization including virtualized dual backbones, virtual service orchestration, virtualized networks, network IO virtualization, hosted network storage virtualization, service network virtualization, etc. These network virtualization systems are said to be building blocks since network virtualization as a whole is an improved way to design business networks and allocate the availed resources. These building blocks are deployed one after the other or layered to give value as per business demands.
There are many advantages of network virtualization, they range from the generation of revenue, reduced expenses and heightened customer satisfaction to list a few. For organizations and businesses that have employed network virtualization the results have been handsome and the experiences largely positive. This scenario has informed much business and IT organizations decisions to insist that network virtualization is a part of annual IT plans.
Even though all of the network building blocks can be separately deployed, network service virtualization is an effective strategy to consolidate several appliances together, this move simplifies network operations while reducing acquisition cost. Network Service Virtualization (NSV) virtualizes a service like an IPS software instance or firewall module by distributing the software image around enabling it to be accessed on demand among the many varieties of applications arriving from a common hardware base (Wen, Tiwary & Le-Ngoc, 2013). NSV eliminates the need to acquire multiple devices for every time the network service is requested by using the software instance from the same physical hardware. A good example of NSV implementation is Cisco’s Application Control Engine Module. It can support over 300 individual instances of network service software imaging. NSV is the next level in the natural evolution of packaging and network service delivery.
Network security is another excellent example of this trend. To effectively defend networks and systems from attacks or to contain their consequences, dynamic threat defense technology is growing in two interdependent directions: vertical and virtualization. Network security products initially introduced to the market as one purpose appliances. These appliances have now evolved and come bundled as a combination of security functions inside one appliance. For example, firewalls are included in offers on special purpose hardware. So are VPN (Virtual Private Network), NBAD (Network-Based Anomaly Detection) IPS (Intrusion Protection System), as well as other security products (Kusnetzky, 2011).
The vertical evolution towards adaptive threat defense systems is nowadays integrating amongst others firewalls, VPNs (IPSec and SSL), IPS systems, etc., into single appliances. This consolidation allows for wider software collaboration amongst security elements, lowering acquisition costs and streamlining operations. For example, alarms arising from an IPS function scanning VPN flows could force the firewall software to intervene by changing its rules to stop this VPN flow. On top of network security software cooperation, virtualizing a network’s security software stretches its ability as well as an IT organization’s defense (Wen, Tiwary & Le-Ngoc, 2013). The importance of NSV cannot be downplayed. 1). Management interfaces become more flexible since network operators have the option to either manage many network service instances together or individual instance on their own using other management interfaces. The latter is particularly handy as network operations procedures, processes, and management interface similarity remain identical even after the network service is virtualized. 2.) The cost of management is brought down when network services delivery is taken from physical gadgets to a software (digital) image stretching its coverage without the need to add dedicated hardware for every instance a network service is requested. 3.) A network service is expanded with ease and effectively as a virtualized entity, thus improving application performance (Kusnetzky, 2011).
The Virtualized Networks (VN) building block divides a network into various isolated logical networks possessing unique qualities such as switching, routing, security, quality of service, bandwidth, independent polices, etc. VN is seen as a single-to-many group of virtualization, by separating a common network into several individual logical partitions. These logical network partitions come in as many varieties as the businesses they serve. For example, network users may be categorized into either corporate employees or consultants and perhaps guests. These groups of users are further linked with logical partitions which may be divided into partners, departments, suppliers, a new consolidated company entity, a department removed from the corporate structure for regulatory requirements or even deployed for specific applications. VN builds relies on network switching and routing functionalities and delivers qualities not possible with the same hardware devices previously. In summary, VN provides high-security logical isolation for users, departments or applications on an end-to-end dedication throughout a business or IT network. Virtual Networking logical isolation of networks enables organizations to consolidate their infrastructure, protect assets while adhering to corporate regulations.
The VN architecture is comprised of three main parts. The first VN part involves controlling network access and stratifying user classes. Network users are authenticated and authorized, either by giving permission or denied access to the logical partition. Users are categorized into employees or consultants or guests with specific access to the available IT assets. This component identifies and verifies users authorized to access the network, then routes them into their allocated logical partition. The second critical component in the making of a virtual network is the isolation of paths inside the network. This move enables network isolation through the whole process from edge to the campus to WLAN then back again. This component allows traffic to be partitioned in a routed infrastructure and then transports the traffic over as well as between isolated partitions. The mapping of isolated paths to virtual LANs as well as to virtual services also takes place in component two as well. The third component is referred to as virtual services. This functionality gives access to shared or private network services such as IP, DNS, telephony call management, DHCP, etc., This component is also involved in overseeing policy per partition as well as isolating application scenarios when required.
There are increasing business applications for VN, across many sectors of the economy. By consolidating these varying WAN networks into a single VN, organizations are not only able to significantly reduce WAN charges but also turn them into profit making centers. Apart to this projected change of financial fortune, organizations have the flexibility to experiment with new ideas and incorporate the most promising as soon as possible, in a matter of days not over many months.
As services become digitalized and virtual with the businesses community planning to scale IT abilities both up and down to satisfy demand, clever management of resources in networks becomes critical to this goal (Wen, Tiwary & Le-Ngoc, 2013). The three building blocks as described above address network infrastructure virtualization, which improves network output and the ratio of cost to existing applications. Virtual Service Orchestration (VSO) seeks to revamp IT service delivery by virtualizing the link between computers, storage as well as networking. VSO enables an abstraction for the physical infrastructure and the software applications running on that particular infrastructure. VSO will ultimately provide greater variety in choosing, management, and providing resources to better compliment the rapidly changing business landscape. One of the prerequisites needed for end-to-end service orchestration is the virtual service elements creation.
Each service element is an abstract copy of of the physical element contains the entire needed configuration for a specific application service. The perks of this strategy are that physical resources can be consolidated together and used whenever needed. Physical infrastructure is no longer stretched to meet increased demand or 1:1 heightened availability needs. The same physical resources are employed throughout all application services, thus driving down capital expenditures. For example, in the case of a physical server failing, VSO will detect it, take a different server from a spare server group and take the place of the failed server. The configurations for storage and network that are needed to activate the new server are put together automatically. A number VSO systems including Cisco’s VFrame Data Center employs a remote boot model. The OS image of the failed server is superimposed to the newly activated server – to the users, the new server will appear similar to the failed server.
A majority of applications begin with a pre-set of business needs or business structure, which dictates application architecture. Application architecture is then transformed into physical equivalent or a plan meaning storage, computing, networking, etc. In the old way of creating an application, a group of architects would develop a design and then partition that blueprint into several entities: the network administration, server administration, core administration etc. Each group of engineers rolls out their part and builds their end of architecture. At the end of the process, an infrastructure to run the application is deployed. The VSO, on the other hand, takes that infrastructure, digitalizes it and virtually represent it as an abstract the application meanings and tasks. The VSO then takes the application architecture and instantiates it the physical system.
Usually, a network architect will begin by coming up with an application architecture, which determines choices for physical and logical infrastructure including operating system, network devices, data base, load balancing, the size of storage required, firewalls, and a number of computer etc. VSO detects the physical and virtualized parts representing a data center within the application architecture. With the ability to discover and template, VSO can go through the application architecture and come up with the number of servers as well as the capacity required to generate results well within the desired performance environment. Most network architects will go through the design abstraction process to clearly map out a web service. VSO uses various templates to deliver applications. A template is just a logical design derived from existing application infrastructure. For example, if a web service has a firewall, load balancer, switch, set of servers and storage facilities all linked to each other. A service template is defined as the logical representation that has the same properties but no direct links to physical infrastructure. To connect the physical architecture VSO must discover what is available on the network as well as its associated capacity (Wen, Tiwary & Le-Ngoc, 2013).
VSO discovery covers multiple fronts. It hinges its presence on the network for discovery. The implementation discovers servers linked to the network as well as storage space connected and IP addressing. Part of the discovery involves building an inventory of various devices available on the network and their abilities, both physically and virtually. A set of present resources is being generated during the discovery. Once the generated set of resources is interpreted, VSO can begin with the task of deployment. VSO maps out the requirements set aside by design in the template to the capabilities that were discovered in the discovery phase. VSO then chooses the right resources from the discovery pool and configures them accordingly. To conclude, VSO divides the initial provisions of the various data center resources available to support the application. For the web service above, VSO possesses a template web service off which a network architect can create a particular number of instances from that web service. For every instance an architect creates, VSO explores the discovered set of resources available, then maps it onto the physical and logical network. The system then configures the resources making sure the new web service application is ready.
In the case of servers being moved, storage added or reduced, VSO discovery schedules are determined by operations. Should new storage be added, it will be discovered in the subsequent discovery phase and added to the collections of resources that will be divided accordingly. The same process is the same for servers or other network assets. If application performance slows down, one of the most common ways to deal with this problem is to increase computer capacity. VSO understands the relationships among various components as integral to the application network abstraction and discovery. VLANS the server is required to connect, whether the service should be load balanced, etc. For a web services application, VSO is programmed to know how to proceed with load balancing, IP addressing, and the needs of firewall rules to, so that client traffic arrives at the new server. A group of automatic collaborative actions needs to be activated to support server addition that is made possible by VSO’s virtualized infrastructure. Network architects now have the necessary information about the data centers logical and physical resources including associated capacity. The architects are not only able to optimize initial provisioning, but also able to adjust the automatic run time behavior of the application. Processes in the data center are more automated with VSO due to its capacity to virtualize IT network assets. VSO implementations are based on the appliance and are set in the data center to provide control and management. VSO works as a management feeder and controller designed to upgrade service delivery and orchestration.
The importance of VN to business and IT sectors at least four levels. One, VN provides new low-cost business models as the retail needs (Kusnetzky, 2011). There is a lot of evidence to justify that organizations conduct diligence exercises to determine how VN can improve their operations. Two, security is heightened via path isolation and user classification. Three, the overall cost of network ownership is minimized via network consolidation. This scenario is true especially in places wide area networking is the norm. Four, by isolation of specific applications and users, gives VN ability as regulatory compliance enabler. VSO enables template powered provisioning, optimization of storage operations, automation of server failover, a Service-focused architecture SOA-derived application development operation, as well as a normalized network connectivity between the front- and back-end. VSO tightly connects application deployment and management to systems in a manner that was impossible before. VSO acts like a glue that brings together networks, computers, and storage to support fast changing business demands by virtualizing the orchestration of IT services (Wen, Tiwary & Le-Ngoc, 2013).
Some building blocks are relatively novel concepts, which can create a management concern for the end user. The concerns normally are reported on network virtualization management. For instance, when several building blocks are deployed at the same time, an enterprise may respond by creating a huge virtual domain, which is hard to manage. Since virtual entities are linked a change in the network will affect other parts linked, potentially triggering a domino effect of changes. Troubleshooting is also a concern. As network services become virtual, troubleshooting aids need to give both physical and logical points of view as well as tools to enable the operations staff to identify the root cause of troubles and work on them. Visibility into a virtualized network is paramount (Kusnetzky, 2011). To mitigate these problems, vendor choices, as well as the pace of deployment, need to be synchronized. During vendor selection, an in-depth review of network management aids and views will come in handy in product selection. The deployment pace is also key with pilots, then synthesized solutions to both test functionality and enlighten staff on tools used in management and thus building trust within the network virtualization vendor’s products and clientele (Kusnetzky, 2011).
Another expressed concern is the central collection of software images which virtualization relies on becoming a single point of failure. The centralization is made possible by the consolidation of software on few hardware devices to service a large number of applications. To address this concern IT experts review high availability and disaster recovery plans to eliminate single points of failure. Many IT executives analyze available resources to come up with the correct consolidation balance with regards to redundancy and standby back up to deploy in case of failure. The complexity of the VSO building block is another Achilles’ heel for the system. VSO is a complicated building block that has tentacles on all sections of IT infrastructure. Many businesses and IT executives predict a numerous pilot deployment schedules to test the waters and build trust before an all-out roll-out.
Sources Cited
Wen, H., Tiwary, P., & Le-Ngoc, T. (2013). Wireless Virtualization (1st ed., pp. 12, 33). Berlin: Imprint: Springer.
Kusnetzky, D. (2011). Virtualization (pp. 55,122,201). Sebastopol: O’Reilly.