- Michael J. Martin, Fast Packet Blogger
If virtualization demands a unified IT organization without separate teams for applications, systems, networking and storage, then the first step is a full IT infrastructure audit that goes well beyond old-school network documentation.
Today’s network engineers have a tough challenge before them: They've got to provide high-availability network infrastructure that can handle traditional applications, as well as virtualized multihost systems and access by smart devices.
Both virtualization and smart device management demand an IT organization that is not broken into separate camps for applications, systems, storage and networks. What most people don't realize is that this type of unified organization starts with an IT infrastructure audit and network documentation strategy that reaches across all of these camps.
A unified IT organization isn't a new concept
Oddly enough, there was a time when application, systems and networking engineering were considered joint tasks that were conducted by so-called IT generalists. The separation of these functions and teams that we tolerate today can be attributed to the move to make IT resources more widely available throughout the ranks of a corporation. As the number of applications grew and the network became more complex, enterprises created IT teams that could protect each group of resources respectively.
Read more Fast Packet blogs
Fast Packet blogger Josh Stephens loves virtualization as much as the next IT guy, but what about VM sprawl?
Fast Packet blogger Greg Ferro debates: Cisco Cius vs. Ipad
Seeking 10 GbE optimization? Fast Packet blogger Michael J. Martin says hardware alone won't help.
On the up side, this separation reduced organizations' risk to exposure. By reducing an individual’s focus to a single functional area, less knowledge is required for a person to perform effectively. However, the separation of knowledge artificially inflates the value of that knowledge. The net result is that this knowledge is not shared openly, which blocks the road to organization-wide wisdom. As a result, IT teams often find themselves at odds, blaming the other for not understanding the technology.
Virtualization and application layer technologies demand unification
However, virtualization and other application layer technologies demand the removal of “team” borders. Simply put, you can't build a great infrastructure unless it is tailored to handle specific applications. Networks have to be aware of virtualized machines and network managers have to manage virtual traffic within virtual machines. Going further, not every application can be moved to a new OS version as some are created by combines that have long ago disappeared.
The first step to creating a unified IT department that can build application-aware infrastructure is creating an inventory system that reflects all of these resources that were once held in silos. Your unified IT organization should be able to answer the following questions:
A. Does your documentation describe the server interdependencies that exist to support all of the corporation's applications?
B. How many different applications utilize the network’s bandwidth and how much capacity do they typically use?
C. Have network performance and transactional baselines been performed on core network-dependent applications?
D. Does an inventory exist of each server's network service and utilization profile?
E. Does an inventory exist of the different operating systems, applications and network service daemons?
F. What percentage of applications utilizes data encryption on the network?
G. If an application or system were compromised on the network, what kind of network layer events would indicate this condition?
If all seven questions can be answered, look at step 4 below. If five or more of the questions above could be answered, look at step 3. If only four or less could be answered, look at step 1. If none of the questions could be answered ... you've got a very large problem.
The following steps help work toward a unified documentation and inventory:
- Step 1: Conduct a documentation review. When implementing network layer services it is critical to know what applications, protocols, data exchange and service dependencies exist between the servers that support applications.
- Step 2: Conduct an audit. Teams need different kinds of data to perform their functions. A collective effort is required here to design a bottom-to-top audit.
- Step 3: Update documentation. Once the audit is complete, that data should be used to update documentation. This sounds obvious, but collected data often collects dust. Furthermore, an accommodation to refresh the data in a timely manner needs to be made. Otherwise, you will quickly find yourself back at step 2.
- Step 4: Use this information to pilot a new technology. With all of this information in place, you can asses a new technology, such as virtualization. Your audit data should serve as your baseline and your success criteria should in part be based on how those baseline elements will be affected by implementation.
- Understanding the pros and cons of network virtualization –SearchSecurity.com