- Steve Zurier, ZFeatures
The same principles that make software-defined networking attractive in the data center -- among them, programmability, automation and policy enforcement -- also make it appealing for use in local area networks.
But cost and management complexities associated with SDN have made it challenging to deploy the entire gamut of software-defined networking technology in the campus. Instead, companies are exploring the use of some of SDN's most intriguing components to take advantage of its most compelling benefits.
Call it SDN-lite, if you will.
Scentsy Inc., a fragrance company in Meridian, Idaho, is among a growing number of enterprises exploring how SDN elements can reduce time-consuming manual tasks by adding more software-based capabilities to its LAN.
"Users are much too mobile today. There has to be a way to automate policies so the IT staff can keep up," said Kevin Tompkins, a network architect at Scentsy. With software performing functions that otherwise require manual coding, "we can set a policy for finance, IT administrators, marketing and guests. We'll set a policy for the financial people to access financial data, but not for administrative access to the servers in the data center."
Scentsy, whose network serves 1,000 users and 150,000 independent consultants, uses Cisco's SD-Access software -- running on its Catalyst 3750 and 3850 switches -- to manage everything from boosting security to making it easier for users to connect to the network.
Among other capabilities, Tompkins said SD-Access lets Scentsy set centralized policies for all its switches directly at the switch port the user plugs into. Administrators set policies by user group, so individual policies don't have to be set up for each user.
In the past, when users wanted a network connection in a conference room or some other location at the company, Tompkins said the IT staff would have to set policies for each location. Creating access control lists for each location was time-consuming. With SD-Access, Tompkins can set policies that follow users wherever they go. SD-Access' foundation also helps Scentsy better secure its network through the use of microsegmentation -- bringing data center-class security features to the LAN.
"What I think has happened at a lot of companies is that the IT staff simply doesn't do this level of segmentation, which leaves users open to attack," Tompkins said. "Now, we can spend the time required to do the right level of documentation, integrate applications with network monitoring and add security features we wouldn't have had time for in the past."
Gartner analyst Andrew Lerner said, while there isn't much "pure" SDN in the LAN, there are many products coming out from Cisco, Aerohive Networks, Hewlett Packard Enterprise and others that boast "software-centric" features like policy- and role-based management, automated configuration and centralized management.
"By pure SDN, we're talking about a complete separation between the control plane and the forwarding plane," Lerner said. "The SDN conversation is ultimately what led to software innovations such as SD-WAN. But the reality is that regardless of whether they are 'true' SDN or not, many of these features in the LAN are highly desirable and are making organizations more productive."
Seeing SDN around campus
The Institute of Agriculture at the University of Tennessee (UT), in Knoxville uses software-defined networking technology in a different way -- to oversee its network of Dell SonicWall firewalls, Dell N-Series switches and Aerohive wireless access points, according to Mike Stanley, a system architect at the university. The institute spans 110 locations statewide, encompassing the College of Veterinary Medicine, 10 agriculture research centers, UT's extension school and the College of Agricultural Sciences and Natural Resources.
"We especially like the cloud management piece in Aerohive HiveManager. That gives us many of the SDN capabilities," he said.
Stanley said the software-defined networking technology the institute takes advantage of includes centralized policy management and role-based administration. On the policy front, the institute has set up a new service set identifier (SSID) for internet of things (IoT) devices like Apple TVs and gaming systems. It also takes advantage of the role-based administration, which gives Stanley more granular control over the network.
"We can give [IT] people full administrative access, or we can give [general users] operator access, in which they can't change the licensing or account settings," Stanley said. "For a lot of the remote locations, we give them monitor access, which lets them view the traffic. And if they see an issue, we can modify the policy."
In addition, the institute uses HiveManager to enforce policies across the Dell switches. That will also allow the institute to beef up its application consumption capabilities, giving Stanley more precise information about which applications are being used.
"Users may tell us that the network is slow, but we can look in HiveManager and see that a certain client is running Netflix in the middle of the day," he said. "We could then set a policy for people to only run Netflix at lunch so the network doesn't run slow during business hours."
Driven to SDN
At Vantage Mobility International, a minivan manufacturer for handicapped drivers, in Phoenix, Michael Kell, director of IT, said the company is ready to tap into software-enabled management features to make the most of a newly installed Aruba system. For now, the company is using the Aruba system to let engineers diagnose and troubleshoot assembly line problems via Wi-Fi. It's also using beacons to track the progress of vehicles as they progress along the line.
But in addition, Kell wants to use Aruba's Meridian management software to segment traffic to assign bandwidth more efficiently. He also wants to use the app to upgrade firmware from a centralized location.
"We'll also be able to set policies from a central location, but we've only had this system for four months, so we haven't gotten into that just yet," Kell added.
A new era for SDN in the LAN
It's precise functions like these -- centralized management, automation and policy enforcement -- that could usher in an era of software-defined networking technology for LANs. Vendors are taking note. Cisco, for example, is betting the recently announced upgrade of its network operating system will redefine how companies use software to underpin their campus networks. Instead of manual coding, IOS 16.6x will let organizations simplify and automate how they program their switches and other components.
Other vendors, including Extreme Networks, Riverbed Technology and more, are allowing their customers to use software to manage a wider variety of devices and components -- or to integrate functions like WAN optimization and wireless connectivity.
Clearly, organizations need to provide more services and support to their users. And they need better tools to do that; software-defined networking technology in the LAN -- even if it's SDN-lite -- offers the aid they'll need.
SDN and policy control: How many controllers are needed?
Understanding the onset of SDN and where the technology is going
Guide to SDN in the LAN
- Network Evolution: Software-defined networking in action –SearchNetworking.com
- CW500: A roadmap to software-defined everything – Paddy Power Betfair –ComputerWeekly.com
- Computer Weekly – 19 November 2013: Software-defined networking explodes –SearchSecurity.com
- SDN Across the Data Center and the Network: Expert Insight –SearchSecurity.com