In an article originally published in the Intel publication Journey to Cloud Magazine: Volume 1, Issue 2 , I read one of the best rationale for Network Virtualization (NV) as organic part of the Cloud.
Here is a summary:
Network virtualization is a technology that allows layers of security and connectivity services to be deployed over heterogeneous, multi-vendor devices. The term “virtualization” applies since the technology abstracts applications away from propriety holes in and between incompatible devices. Incompatibilities among devices make networks complex and difficult to maintain. Human intervention often leads to mistakes, This is why more than 75 percent of traditional IT budgets are spent purely on networking
- ALL END USERS access the cloud application through the network.
- THE NETWORK IS HOME to most security tools and devices.
- The NETWORK IS COMPLEX and labor-intensive and is thought to require near "black magic skills" to maintain .
From a security point of view, network virtualization must assume all underlying network devices. Not all traffic can be trusted without extensive verification and validation
M2Mi uses Intel® Trusted Execution Technology (Intel® TXT) in the cloud to enable encrypted communication between the CPU and the local operating system. Intel TXT and M2Mi are used to deliver a trusted boot-up, securing the cloud from start to finish. incoming traffic is white-listed (i.e., registered traffic sources are identified and then allowed to move through a reduced security line; average traffic sources are scrutinized and X-rayed; and sources labeled suspect are put through additional measures before being allowed to board the cloud).
Metaphorically, the white-listing of the Cloud traffic sources resembles the security checks at the airports, where all passengers traffic is allowed to pass after a standard security checking, while some passengers require additional security measures before boarding the airplane.
and not like this:
|How security checks should not look like|
These features offer a nice surprise to the cloud operators. Network and server virtualization are billed differently in the cloud. And the network usage creates substantial incremental revenues potential.
The network device manufacturers have filled your network with wonderful features that network virtualization can expose as billable, premium services. These features include (1) secure socket layer (SSL), (2) packet inspection, (3) quality of service (QoS), traffic prioritization,and data encryption
This enables premium cloud add-on services to be delivered based on value-add instead of purely usage rate pricing models. Customer pays for premium billable services to increase security. This makes sense. There is no such thing as a security policy policy that fits all
The challenge for M2Mi solutions in the Journey to cloud is how to securely manage across millions of remote mobile devices, through Telco networks, across enterprise environments, and safely through the cloud