kantver - Fotolia

Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

Why you shouldn't overlook Microsoft SDN

Microsoft SDN may not be the first thing that comes to mind when you think of software-defined networking, but don't write it off quite yet.

One can be forgiven for assuming Microsoft doesn't really have a software-defined networking (SDN) play. Other than a few white papers and some really excited engineers at Microsoft Ignite back in May, Microsoft SDN isn't getting much press. But if you're not already in production with VMware NSX -- especially if you're paying for a Microsoft Enterprise License Agreement -- you might want to set up a lab and experiment. Microsoft may not be the hippest vendor when it comes to SDN, but it might be the first to collapse SDN into management consoles with a little help from Cisco.

Microsoft SDN leaning on Cisco ACI

Although Microsoft and VMware are partners/frenemies, they, like everyone else, are working toward long-term interoperability standards and protocols. In the meantime, Microsoft needed to select a partner to manage physical fabric now and went with Cisco's Application Centric Infrastructure (ACI). It's both an obvious and surprising choice; it extends application-defined network control beyond the virtual fabric in Hyper-V virtual switches while shunning VMware infrastructure, but also outsources typical Microsoft development.

And when Microsoft adopts pre-existing technology from another vendor, it often quietly signals more serious focus than it let on. For example, while investing more than $50 million in Internet Explorer 4, they effectively abandoned proprietary VBScript because competing JavaScript was an advantage. By selecting ACI for SDN actuation, it's possible they're making another long-term vendor bet.

Because Microsoft must always jockey for influence in the data center, it's taken a more inclusive approach to integration out of necessity.

If you've spent any time with ACI, you've probably come to rely on tenant definitions. It's the first step in configuration, and perhaps you even went thought a hyper-normalization exercise where you created way too many. (I certainly did, but I'm also a zero-trust segmentation zealot.) But even if you're a whiz with application-tenant mapping, the real benefit of this approach in Microsoft SDN environments is self-service.

Real self-service is more than using your IPAM-DDI solution to let virtual machine (VM) administrators manage their own subnets; it's about creating environments that welcome shadow IT cowboys back into the fold. It allows administrators to offer familiar resources and services that shadow IT can't afford, but on our network engineering terms. Microsoft SDN bolted the Cisco Application Policy Infrastructure Controller (APIC) onto System Center Virtual Machine Manager to allow admins to create tenants, then offered managed application user sandboxes, via SCVMM.

Defining APIC Application Network Profiles is not for the faint of heart. It represents, after all, Layers 4 through 7 -- virtual network services and provisioning. It creates definitions for all aspects of virtual network resources and maps them to underlying physical networks. Once these definitions are created and mapped into SCVMM, however, they effectively disappear from day-to-day administration chores. Fully SDN-managed virtual network resources are right where Hyper-V admins live in SCVMM, and application admins don't need to know the gory, virtual details. They simply see the virtual networks created by the fabric admin, just like any other.

Extending outside the data center

Because Microsoft must always jockey for influence in the data center, it's taken a more inclusive approach to integration out of necessity. It's not truly vendor-agnostic when it comes to infrastructure offerings, but it does tend to lean toward openness when it provides a competitive edge. Cisco's ACI is more than a data center play, it aims to charm all the devices in the service delivery path, not just moving packets among the racks.

By partnering with Cisco, Microsoft is attempting to create an enterprise networking Voltron -- data center virtualization and virtual networking, with core, firewall, edge and campus LAN on trusted metal. Throw in Azure virtual private cloud networking, Azure services (Office 365) and administrator bias in favor of Windows desktop/Office apps, and things get interesting for Microsoft shops. With the technology it is already paying for, plus a little vig to Cisco, of course, it can manage almost everything in its environments -- from application to server to hypervisor to core to local area network -- with real, live SDN, on a budget.

Now, if Cisco could just get Palo Alto plugged in.

Next Steps

Learn more about the Microsoft SDN strategy

Microsoft software-defined networking and the Windows Azure cloud

An introduction to network virtualization with Microsoft

This was last published in September 2015

Dig Deeper on Software-defined networking