IT and Networks

DISA evaluates SDN to guard mission-critical networks

The network is mission critical for members of the defense and intelligence communities. Software-defined networking (SDN), an emerging technology that brings the application and network layers closer together to create an entirely new architecture, is fundamentally changing the way networks are built and configured.

SDN opens the door to greater automation and orchestration of the network fabric and enables the dynamic and application-led configuration of both networks and services. SDN also allows the network to respond to requests from an application in real time, based upon the network's current state and condition.

The Defense Information Systems Agency is evaluating SDN's potential to enhance network performance and reliability with three use case studies, said Eric Sharret, vice president of TELEGRID, a Livingston, New Jersey-based company that developed Transec, a device that secures DISA's SDN Layer 2 data links.

According to Sharret, the first use case is a project focused on core data center (CDC) connectivity via SDN-enabled enclaves. "This use case involves developing a proof-of-concept architecture in the lab and performing the necessary tests in order to evaluate the full benefits of SDN connectivity in the environment," he said. The second use case is focused on the provisioning and maintenance of service using existing network management protocols and systems. "This use case will study the potential of automated provisioning of service in order to eliminate redundant and unnecessary human and machine interface," he said. The third use case is focused on increasing the visibility of data flows between multiple domains via SDN.

The results of DISA's use cases and associated proof-of-concept tests and analyses are expected to determine the ultimate path of SDN deployment. "Creating a SDN between the CDCs, to reduce latency caused by traversing the Joint Regional Security Stacks, will likely be the first target," Sharret said.

Anticipated benefits

The defense and intelligence communities face a growing need to accelerate the deployment of new networks and applications. "SDN offers the ability to create new networks and apps in software, thus virtualizing and eliminating the slow process of acquisition and deployment of new physical assets," said Bob Fortna, defense sector vice president for Juniper Networks.

SDN also optimizes network performance and reduces maintenance costs, while helping IT staff better manage network infrastructure by implementing changes quickly and efficiently. "As a result, SDN ensures that the network operates at peak performance," said Anthony Robbins, federal vice president for Brocade. "With the critical responsibility of serving war fighters, network downtime is not an option, making the flexibility of SDN crucial to defense."

Security, a major defense concern, has been highlighted as one of SDN's greatest benefits. "SDN is an attractive proposition to agencies who seek agile delivery of policy based upon behavior or attributes of specific flow types in their networks," Robbins said. "Organizations can dynamically detect, remediate and log incoming threats without causing network performance degradation." He noted that SDN also offers greater network visibility, which will enhance existing and future cybersecurity measures.

SDN fits in well with Defense Department plans to deploy network virtualization across the entire organization, including data centers, campus networks and wide area networks, said Michael Worlund, emerging technologies technical director for KEMP Technologies. "They want to segment their network and create trust zones to protect sensitive data and applications, as well as dynamically manage the entire data center from a central platform." Worlund added that SDN extends the benefits of server virtualization to achieve this goal while also ensuring reliable networking and infrastructure security.

A major benefit of SDN adoption is the consolidation of networks and applications, Fortna said. "SDN will drive network consolidation and therefore reduce our threat exposure," he said.

Robbins noted that DoD faces the choice of making a gradual transition to SDN or taking advantage of network subscription models that require little upfront investment.

Addressing challenges

Major network infrastructure overhaul is always a challenging task. "Often, agencies are locked in to legacy infrastructure based on proprietary technology," Robbins said. "To ensure that agencies are able to take advantage of SDN and other innovations in the networking, selecting technologies that utilize open standards is critical." He said open standards and open APIs allow agencies to operate multivendor networks, reducing vendor lock-in while enabling greater choice among best-in-class solutions and minimizing network complexity.

DoD IT organizations need to begin educating themselves on SDN and how the technology will fit into current operational models, said Craig Hill, distinguished systems engineer for Cisco Systems. He noted that DoD IT staffs also should collaborate with other government and business IT organizations to benefit from the lessons learned in early deployments. "After that, it is important for DoD IT leaders to establish a clear understanding of the top areas [in which] they are challenged and how they can leverage ... SDN solutions to address their needs." He also observed that DoD IT leaders need to first look at solutions that don't require an entire "forklift upgrade," and to allow the solution to align with their organization's natural hardware migration cycle.

"One of the challenges that everyone faces when adopting SDN is employing the resources required to operationalize the change," said George Josilo, a system engineer with LGS Innovations. He observed that SDN requires experts who have both specialized network experience and programming skills. "It can be helpful to bring in experts early in the process to assist with design, implementation and training."

Deploying SDN technology is not as much of a challenge as developing the skill levels necessary for network planners, analysts and administrators to do their jobs, Fortna said. "This is an inflection point in the industry, so preparing for the new world will require training employees, consultants and contractors to understand not only the new technology, but how to design, plan, acquire, install, cutover and maintain an SDN architecture as well."

Recommended for you
Around The Web