With the new year come new projects. In 2015 network engineers and managers will be tackling the usual switch refreshes...
and upgrades. But as new technology emerges, new approaches to networking necessarily follow.
We asked networking pros from a variety of industries to share their 2015 networking projects with us. Several common themes emerged. Cloud adoption is changing how enterprises design their networks, both in the data center and the WAN. Mobility is driving wireless investments. And the relentless onslaught of high-profile data breaches has networking pros exploring new approaches to network security.
Shrinking data center networks
Plenty of networking pros told us they are refreshing switches in their data centers, but some are doing things a little differently in 2015. Some enterprises are shrinking their data center network footprints as demand for ports drop. In some cases the expanded use of cloud-based applications has translated into fewer workloads in the data center that need connectivity. Virtualization has also consolidated workloads onto fewer servers. The bandwidth requirements on server access links are growing, but the actual number of required ports is shrinking.
"I'm going to do [data center] core refreshes and the guys are telling me we're going to need a lot less ports because we are doing all this VM stuff -- we've got 10 gigabit links to all the [virtual hosts]," said Forrest Schroth, director of network engineering systems at Cross Country Healthcare in Boca Raton, Fla. "Before, we would do a refresh with a 13-slot chassis. Now we're doing a four-, six- or eight-slot chassis. Instead of getting bigger and bigger as we did for years and years and years, things are going the other way. We are looking at how to do less links, more VMs, bigger throughput."
Richard Siedzik, director of computer and telecommunications services at Bryant University in Smithfield, R.I., said his data center is shrinking, too. First, the university is ripping out its legacy storage area network in 2015 and converging storage traffic onto the Ethernet network with Fibre Channel over Ethernet.
Meanwhile, on the Ethernet side Siedzik is reducing the amount of switches in his data center. "The physical hardware we are reducing, but virtually we are not," he said. "We are going to see more east-west traffic in there as we see that data center becoming more of a connection hub." To support an increasingly virtualized network, he will be using Cisco's Nexus 1000v distributed virtual switches.
"We used to have a ton of physical servers in there and now we don't," he said. "So a lot of those ports will go away. And appliance-based technology has gone to the cloud, too. That also lessened our switch count in there."
Like Schroth, Siedzik is also seeing a lot of applications and services migrate to the cloud. He's trying to take an architectural approach to that transition.
"We have a conceptual reference architecture for how we want to do things in the cloud," he said. "In 2015 we're going to see much more going that way, where we ask what do we have in practice that we can convert to the cloud -- things that are not core to us anymore."
Wide-area networking projects of different shapes and sizes
Even as cloud adoption shrinks demand for ports inside data centers, it puts new strains on the WAN. Many organizations need to boost bandwidth to the Internet to keep up with cloud traffic growth, and they need to adjust their overall WAN architecture.
"It seems the growth of bandwidth never slows down," said Brad Pritchett, technology manager for Eastside Catholic High School in Sammamish, Wash. "With Office 365 being free to schools, unlimited storage in the cloud and schoolhouse one-to-one laptop initiatives. We will double our Internet pipe to 200 Mbps."
Siedzik said he is building more redundancy into Bryant University's Internet connection and increasing its bandwidth from 1 Gbps to 10 Gbps to keep up with similar trends.
With cloud services becoming more popular at Cross Country Healthcare, Schroth finds himself adding more Internet capacity into his remote sites. In addition, he said, the days of default routing of Internet traffic from remote sites to his data centers, where he could impose security and policy control, are over. Hairpinning Internet-based cloud traffic hurts performance and productivity. Instead, Schroth will explore decentralized policy control in 2015. But achieving that decentralized control will require new approaches to security.
"I need more visibility into HTTP," he said. "We're running Palo Alto Networks [firewalls in central data centers], but with a few hundred sites that gets cost-prohibitive. So we're looking at ways to deal with that."
Don Lester, network and telephony supervisor at The Everett Clinic in Wenatchee, Wash., said he is planning to use Cisco's Overlay Transport Virtualization (OTV) protocol over the WAN to improve disaster recovery (DR).
"We will be significantly modifying the bulk of our server/application disaster recovery by changing from a standard remote data center with some spare equipment that is 'turned up' in the event of an incident to a more automated process made possible by a product from Zerto that will allow us to replicate our data center networks in the DR location using Cisco's OTV protocol, and it will then manage all the replication of the VMware farm and spin it up automatically if necessary," he said
OTV, which will run between two Cisco ASR routers, will extend a single Layer 2 domain across Lester's primary and backup data centers, which sit on opposite ends of the state. This year Lester has been testing OTV, and he's confident that it will work as intended when he rolls it into production in 2015.
Lester's only concern with the new DR setup is utilization. There is only so much bandwidth available between his data centers. He worries that the Zerto replication process will be so easy that users will be tempted to replicate more data than they have in the past.
"If we were to use Zerto to replicate too much stuff, then the link could become too overburdened. So I have to keep an eye on it. The concern is that it will get so easy that replication will start to be more of a commodity thing. You can easily outgrow your capacity if you are not disciplined about it."
Mobile networking projects: Wireless upgrades
Mobility has transformed how organizations think about their wireless networks. Bandwidth, density and coverage are all priorities in 2015. Many networking pros are either upgrading to 802.11ac wireless LANs or expanding the deployments they already have.
A.T. Kearney Inc., a Chicago-based management consulting firm, is upgrading from 802.11 a/b/n to 802.11ac next year, said Kevin Rice, the company's enterprise architect. Rice wants to expand his wireless footprint to cover every square inch of office space. "Expanded coverage and the ability to support high-density wireless when needed are the primary drivers," he said.
Rice isn't the only one trying to keep up with growing wireless demands.
"We most likely will [upgrade to 802.11ac]," said Eastside Catholic's Pritchett. "Right now we've got Meru [infrastructure] and I'm going to take a look at their new .11ac access points and run an evaluation. I'm also thinking about getting Aruba in here and see which one gives us the best coverage as far as bandwidth and [density] of client machines. Everyone has multiple devices. It's really ridiculous. I just looked a few minutes ago. We were at 600 wireless users. That's probably double the number of laptops we have."
John Iraci, vice president of enterprise infrastructure at medical device company DJO LLC, based in Vista, Calif., will upgrade from 802.11n to 802.11ac in 2015 to accommodate an environment where the average user is connecting at least two devices to his wireless network.
"It's all the mobile devices," Iraci said. "Connectivity rates through the access points are like I've never seen before. The density is just overloading the network, so I think there is going to be a re-architecture, and then we'll install technology that will provide more throughput."
Bryant University is moving into the second phase of its 802.11ac upgrade, Siedzik said.
"We moved to .11ac last summer, so we're doing more of the same," he said. "We hit some classroom buildings and library space [in 2014]. We have to finish off the residence halls in 2015."
Security is on everyone's mind in 2015
"The things we're looking at [in 2015] are security projects, things to protect us or to give us visibility into what's going on so that we can understand any security hole that we might have," said Daniel Churco, senior manager of information technology at Roka Bioscience Inc., a food safety testing company in Warren, N.J. "We are looking at different cloud-based security options.
"We're looking at using them for visibility into possible malware in our site, protecting our users from accidentally clicking on links that would cause them to get infected," he said.
Bryant University's Siedzik is also adopting new security approaches in 2015, with a focus on gaining better visibility into his infrastructure.
"We're looking at how do we gain more visibility into our security and assets, and -- with that visibility -- how do we automate what we need to do based on what's discovered in that data," he said.
A newly deployed configuration management database (CMDB) is the core of Siedzik's security project. He wants to link the CMDB to his security controls so that his operations team can detect new devices and determine whether they are legitimate assets. Much of this work will be done by internal developers, he said.
DJO's Iraci is implementing network access control on his Extreme Networks infrastructure in 2015 to support regulatory compliance.
"It's really a network segmentation project … so we don't become the next Home Depot," Iraci said.
Meanwhile, Cross Country Healthcare's Schroth is adjusting his approach to security in light of increased SaaS adoption.
"We're doing a lot of secondary pathing because of SaaS," he said. "We're letting a lot more things on the Internet. So we're securing the data center zones a little differently to loosen up what the remote sites can do. I'm almost treating the remote sites as hostile Internet sites, running internal firewalls between the WAN and the data centers with a lot of zone-based stuff."