Network Management Strategies for the CIO
How does your concept of collaboration apply to the emerging field of desktop
virtualization?
Desktop virtualization is another perfect example where we can no longer get by without some sort
of collaboration between the users of the network and the network itself. There are two types of
desktop virtualization today. You have the light client like Citrix, where you have a back end in
the data center. The second area is running virtualization software like hypervisors on end
stations to manage different environments and personas. That second [area] is where a huge number
of opportunities [exist] to really simplify the experience for the end users. I don't think the
model of virtualization that's used in the data center should directly apply to the desktop. It's a
little bit too much administrative management. For me, if I'm an enterprise IT organization
managing desktops, the value proposition lies in being able to create a corporate [desktop] image
that I can secure and put in a virtual machine that can be locked up and managed. People can take
it home on their laptop or have it on their desktop. But we can secure it properly so we don't have
to worry about the data threat.
There is opportunity for success with collaboration between the hypervisor and the network. What we really want is that corporate image virtual machine to always be connected to the network in exactly the same way. In other words, to have that virtual machine think it is always
Requires Free Membership to View
on the
corporate network, regardless of where it is -- Starbucks, at home, at a customer site. The way we
do that is to have the networking function built into the hypervisor, which collaborates with the
actual network outside to provide a VPN service, to have more knowledge about where it's connected,
what its capability is so it can properly translate and communicate in the most efficient fashion.
You have begun promoting this notion that enterprise networks and the people who manage them must
start collaborating more with the consumers of network services. What do you mean by this? |
|
|
|
|
|
I believe a new relationship between the users of the network and the network [itself] is going to be required going forward. It's really the result of convergence. We've all heard the term convergence, but what is the real impact of convergence as we move forward on some of these technologies? The real impact is the need for collaboration between users of the network and the network itself. Typically, we have a service provider-consumer kind of model. But what needs to take place as we add more capability into the network and converge on technologies is really more of a collaborative kind of environment rather than a provider-consumer environment.
One of the key thrusts of that is security. To me the next big thing in security is really about
the vulnerabilities of the control system and securing the infrastructure and securing the
end-to-end conversations. That brings a challenge of having the network do its normal operation of
reverse engineering everything that flies through it in order to add advanced features. If you look
at IDS, IPS or a firewall, all they do is get a packet and they try to reverse engineer where it
came from and what happened so they can apply some kind of policy. As speeds go up and capabilities
go up and encryption begins to show its face a little more, that just isn't a scalable model. So
one of the key things that come up is collaboration between the network provider and the network
consumer that is beyond the expectations of today. What does this collaboration look like?
You've got to look at the various services that the network is providing you and how you can ensure
delivery of those services in order to get a sense of what the collaboration needs to look like. As
we move toward more media-rich communication, there is obviously a need for a more finely grained
quality of service (QoS) control. If you want to stream video or do video conferencing and even go
down to the VoIP level, you need to have some differentiation of your traffic. Somehow, we need to
first establish trust between the network and consumers of the network so they can begin that
collaborative experience.
Maybe we will have something that is like the return of RSVP [Resource Reservation Protocol], but obviously without the scalability issues, where applications can signal to the network some of their intentions and their needs. If we do that in a secure fashion and establish trust between those two, we can reliably begin to put the controls in place to do that without the network having to reverse engineer everything. The applications work as they do and the network tries to figure out what they do. There's no requirement to converge the management schemes or to have a trusted conversation. But again, as we scale in performance and technology and the need to secure the infrastructure and secure conversations, that gets a little more challenging to implement.
|
||||
|
|
|||
|
||||
You can look at this in the data center, another place where we are converging the
infrastructure. We are trying to get both storage and compute running over Ethernet, and we're
getting networking embedded in the server itself from virtualization. We have this need to
collaborate on the management tools, collaborate on how things are provisioned, and what kind of
requirements each application needs in order to provide the experience you need. This leads into
the notion of converged data centers and converged Ethernet, which is emerging as a hot topic right
now. What is ProCurve's approach to data center convergence, and what do networking professionals
need to know about it?
We believe in a distributed model of computing and switching, not so much a centralized command and
control. I think Cisco's UCS model is really all about making the network the command center for
everything in the data center. They have all the traffic following that same path to the command
center. You're forwarding everything up into the middle of the network so you can do your advanced
networking on it. We believe in a much more distributed environment where we push more of the
capability toward the edge of the network. We establish this collaborative environment between the
hypervisors and the network. We've been pushing on the VEPA standard. And we've been pushing Flex-10 as a capability for multiplexing multiple servers over a single
physical wire. We give people a choice of where they want their traffic delivered, and it's not
mandated by a proprietary system. How will the need for more collaboration manifest itself in a
converged data center and with converged Ethernet?
Today, we have network administrators who manage network and server administrators who are
provisioning servers, and storage administrators doing that for storage, and all these guys have to
collaborate to make the data center function properly. We recognize that data centers have
processes and business functions aligned with those roles, and we're not trying to eliminate those
roles by any means. What we're trying to do is optimize the relationships between those roles. At
HP, with our FlexFabric vision, we're creating a common vision tool, and we're abstracting
many of the functions within the data center so that different disciplines can manage and configure
those abstractions from a common database.
For example, with Data Connection Manager from ProCurve, a network administrator can define the needs of a network connection -- what VLAN it is, what ACLs (access control lists) are associated with that, what routes and quality of service settings. We define all the networking knobs and parameters that give the right end experience, and we label that -- this connection type for Web servers or that connection type for SQL application servers. Then we plug that into a database. So there's this label that represents the network configuration. Then the server guy -- when he's provisioning the actual application and the server -- goes to that database and requests one of those types of connections. And all he has to do is say, "I need a database connection or Web server connection." He doesn't have to get into ACLs and VLANs and quality of service settings. Those have already been set up by the networking guy.
So our common tool allows these guys to collaborate and build provisioning off that. Over time,
as we smooth out the implementation of that and get it into a resource where these guys can make it
part of a business process, we can then streamline those business processes, and you can begin to
conceive of an administrator who takes on a role [that is] more data center wide and not asked to
be myopically compartmentalized into one discipline or another. You're still going to need network
specialists, but perhaps at a higher layer we can streamline the process. How will ProCurve's
products evolve to fit into the converged data center vision articulated by HP?
What we have today are traditional switches inside a blade enclosure. Then you have Virtual Connect
that is helping to abstract for the security guy. Then you look at the industry technologies we are
defining -- VEPA, Flex-10. You can imagine there is no reason not to have that all wrapped into a
single function. So I want a switch -- a network function -- that is abstracted by the server to
provide network interfaces or virtual system interfaces (VSIs) so that all the server guy needs to
deal with is NICs. But he also has the right APIs, protocols and outward facing support for a
network guy. So I can run the multi-pathing schemes; I can run routing if I need to; I have rich
topology management, QoS settings and all that stuff. We will really combine those different
functions that you see today into an independent product, and many of these features will become
common capabilities. That will take time. We want to move customers easily with that. We want to
make sure we have the right tools in place to make that migration seamless.
Join the conversationComment
Share
Comments
Results
Contribute to the conversation