Welcome!

Containers Expo Blog Authors: Elizabeth White, Liz McMillan, Pat Romanski, Yeshim Deniz, Amit Gupta

Related Topics: Containers Expo Blog

Containers Expo Blog: Blog Feed Post

When Closed Is Not a Bad Thing

Rather quickly most network operators figured out that the network needed some basic protection from silliness

I remember the days when the network was open. Your PC, workstation or whatever you had on your desk could access whatever it needed (or not needed). Networking was an enabler of communication, it allowed you to put stuff onto the network, take other stuff off the network. Rather quickly most network operators figured out that the network needed some basic protection from silliness. Most of the early silliness was based in bad network implementations. Devices not responding correctly, spitting out broadcasts when they should not or just going haywire. We now call it DoS filters on switches and routers, but some basic filtering of malformed packets came rather quickly as a reaction to network outages. They were not very deliberate then, pretty much any hit against these rules should be considered deliberate these days.

hanging lockSince then a lot has changed. Universal connectivity, the Internet, Denial of Service attacks, hacking, and all things associated with it have drastically changed our view of free connectivity. Everyone has a firewall between the Internet and the corporate network. Many networks have firewalls between internal portions of the network attempting to control which devices and applications can talk to each other and which cannot.

When talking to datacenter and cloud customers, there is an interesting shift in the open connectivity approach we have always used to build networks. If you take a step back and think about how servers, applications and appliances communicate, there are very specific and very limited patterns of communications. A VM or bare metal server hosting a SQL database should only expect communication from a specific set of database clients on tcp port 1433 or udp port 1434. In a datacenter based service, the clients of this database are well known. They are specifically instantiated applications themselves, either as bare metal servers, or as VMs. They don't just pop up with the data center orchestration system knowing it. There is really no need for the network to allow any communication from or to this database application if its not from the defined database clients, on the defined sets of ports.

For such basic "weeding out traffic that is not allowed", you do not need a firewall. The network devices are perfectly capable of examining traffic with these basic rules and making a allow or discard choice. Typical networks have fairly complex ACL generation machines (read "a ton of Perl/Python/Ruby/... scripts") to ensure that some of these basic rules are enforced. The challenge is that managing these ever increasing set of lists gets more complex any time you add a new device, a new application, a new service. And this does not just apply to physical switches, the challenge is no less for virtual switches.

There are several evolutionary or even revolutionary things that are being done to make this easier. You have hopefully heard us talk about devops many times and this is a fine example of devops. The script machines mentioned before are most certainly devops, but as network solution providers, we can do so much more to make the life of the network/devops engineer easier. In a controlled data center environment, every application instantiation is a deliberate one. It has a role,  service, and a very well defined set of other applications it talks to. Kind of like what we created Affinities for.

This week specifically, there is huge amount of application-centric news. The desire or need to very clearly allow only needed communication is impossible without taking an application-centric view. The provisioning of the network has to become an integral part of the deployment of applications. Today, this takes the form of the deployment of specific ACL like policy rules to narrow down what these applications can talk to. Or the reverse, the creation of ACL like policy rules explicitly create the ability to communicate on a network that is otherwise closed down. And not closed down because some overarching rules are throwing away everything not explicitly allowed, but closed down because the network itself was built closed down as a fundamental choice.

When you think about it, it makes perfect sense to turn the old model upside down in a very controlled application environment. Start with no connectivity at all on the network. Every packet except those the network needs to find out where and what the application is (perhaps ARP, first MAC learning packet) is dropped. Clear, concise and very explicit integration of provisioning and orchestration systems create the application deployment workflow that actually enable packets to start to flow. And again, I very deliberately make no distinction between virtual and physical network. Our view there should be clear, the two of them must be treated as a integrated system.

The post When Closed is Not a Bad Thing appeared first on Plexxi.

More Stories By Marten Terpstra

Marten Terpstra is a Product Management Director at Plexxi Inc. Marten has extensive knowledge of the architecture, design, deployment and management of enterprise and carrier networks.

@ThingsExpo Stories
SYS-CON Events announced today that Dasher Technologies will exhibit at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 - Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Dasher Technologies, Inc. ® is a premier IT solution provider that delivers expert technical resources along with trusted account executives to architect and deliver complete IT solutions and services to help our clients execute their goals, plans and objectives. Since 1999, we'v...
Enterprises have taken advantage of IoT to achieve important revenue and cost advantages. What is less apparent is how incumbent enterprises operating at scale have, following success with IoT, built analytic, operations management and software development capabilities – ranging from autonomous vehicles to manageable robotics installations. They have embraced these capabilities as if they were Silicon Valley startups. As a result, many firms employ new business models that place enormous impor...
SYS-CON Events announced today that Massive Networks, that helps your business operate seamlessly with fast, reliable, and secure internet and network solutions, has been named "Exhibitor" of SYS-CON's 21st International Cloud Expo ®, which will take place on Oct 31 - Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. As a premier telecommunications provider, Massive Networks is headquartered out of Louisville, Colorado. With years of experience under their belt, their team of...
SYS-CON Events announced today that Taica will exhibit at the Japan External Trade Organization (JETRO) Pavilion at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Taica manufacturers Alpha-GEL brand silicone components and materials, which maintain outstanding performance over a wide temperature range -40C to +200C. For more information, visit http://www.taica.co.jp/english/.
SYS-CON Events announced today that TidalScale, a leading provider of systems and services, will exhibit at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 - Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. TidalScale has been involved in shaping the computing landscape. They've designed, developed and deployed some of the most important and successful systems and services in the history of the computing industry - internet, Ethernet, operating s...
SYS-CON Events announced today that MIRAI Inc. will exhibit at the Japan External Trade Organization (JETRO) Pavilion at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. MIRAI Inc. are IT consultants from the public sector whose mission is to solve social issues by technology and innovation and to create a meaningful future for people.
SYS-CON Events announced today that IBM has been named “Diamond Sponsor” of SYS-CON's 21st Cloud Expo, which will take place on October 31 through November 2nd 2017 at the Santa Clara Convention Center in Santa Clara, California.
SYS-CON Events announced today that TidalScale will exhibit at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. TidalScale is the leading provider of Software-Defined Servers that bring flexibility to modern data centers by right-sizing servers on the fly to fit any data set or workload. TidalScale’s award-winning inverse hypervisor technology combines multiple commodity servers (including their ass...
Join IBM November 1 at 21st Cloud Expo at the Santa Clara Convention Center in Santa Clara, CA, and learn how IBM Watson can bring cognitive services and AI to intelligent, unmanned systems. Cognitive analysis impacts today’s systems with unparalleled ability that were previously available only to manned, back-end operations. Thanks to cloud processing, IBM Watson can bring cognitive services and AI to intelligent, unmanned systems. Imagine a robot vacuum that becomes your personal assistant tha...
Widespread fragmentation is stalling the growth of the IIoT and making it difficult for partners to work together. The number of software platforms, apps, hardware and connectivity standards is creating paralysis among businesses that are afraid of being locked into a solution. EdgeX Foundry is unifying the community around a common IoT edge framework and an ecosystem of interoperable components.
Infoblox delivers Actionable Network Intelligence to enterprise, government, and service provider customers around the world. They are the industry leader in DNS, DHCP, and IP address management, the category known as DDI. We empower thousands of organizations to control and secure their networks from the core-enabling them to increase efficiency and visibility, improve customer service, and meet compliance requirements.
As popularity of the smart home is growing and continues to go mainstream, technological factors play a greater role. The IoT protocol houses the interoperability battery consumption, security, and configuration of a smart home device, and it can be difficult for companies to choose the right kind for their product. For both DIY and professionally installed smart homes, developers need to consider each of these elements for their product to be successful in the market and current smart homes.
With major technology companies and startups seriously embracing Cloud strategies, now is the perfect time to attend 21st Cloud Expo October 31 - November 2, 2017, at the Santa Clara Convention Center, CA, and June 12-14, 2018, at the Javits Center in New York City, NY, and learn what is going on, contribute to the discussions, and ensure that your enterprise is on the right path to Digital Transformation.
SYS-CON Events announced today that mruby Forum will exhibit at the Japan External Trade Organization (JETRO) Pavilion at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. mruby is the lightweight implementation of the Ruby language. We introduce mruby and the mruby IoT framework that enhances development productivity. For more information, visit http://forum.mruby.org/.
Digital transformation is changing the face of business. The IDC predicts that enterprises will commit to a massive new scale of digital transformation, to stake out leadership positions in the "digital transformation economy." Accordingly, attendees at the upcoming Cloud Expo | @ThingsExpo at the Santa Clara Convention Center in Santa Clara, CA, Oct 31-Nov 2, will find fresh new content in a new track called Enterprise Cloud & Digital Transformation.
Most technology leaders, contemporary and from the hardware era, are reshaping their businesses to do software. They hope to capture value from emerging technologies such as IoT, SDN, and AI. Ultimately, irrespective of the vertical, it is about deriving value from independent software applications participating in an ecosystem as one comprehensive solution. In his session at @ThingsExpo, Kausik Sridhar, founder and CTO of Pulzze Systems, will discuss how given the magnitude of today's applicati...
Smart cities have the potential to change our lives at so many levels for citizens: less pollution, reduced parking obstacles, better health, education and more energy savings. Real-time data streaming and the Internet of Things (IoT) possess the power to turn this vision into a reality. However, most organizations today are building their data infrastructure to focus solely on addressing immediate business needs vs. a platform capable of quickly adapting emerging technologies to address future ...
SYS-CON Events announced today that NetApp has been named “Bronze Sponsor” of SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. NetApp is the data authority for hybrid cloud. NetApp provides a full range of hybrid cloud data services that simplify management of applications and data across cloud and on-premises environments to accelerate digital transformation. Together with their partners, NetApp emp...
In a recent survey, Sumo Logic surveyed 1,500 customers who employ cloud services such as Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP). According to the survey, a quarter of the respondents have already deployed Docker containers and nearly as many (23 percent) are employing the AWS Lambda serverless computing framework. It’s clear: serverless is here to stay. The adoption does come with some needed changes, within both application development and operations. Tha...
SYS-CON Events announced today that Avere Systems, a leading provider of enterprise storage for the hybrid cloud, will exhibit at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 - Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Avere delivers a more modern architectural approach to storage that doesn't require the overprovisioning of storage capacity to achieve performance, overspending on expensive storage media for inactive data or the overbui...