Why Include the Network Virtualization to the Cloud

Following the publication yesterday of the Network Virtualization (NV), The New El Dorado  many people asked more about M2Mi  (Machine to Machine Intelligence).

In an article originally published in the Intel publication Journey to Cloud Magazine: Volume 1, Issue 2 , I read one of the best rationale for Network Virtualization (NV) as organic part of the Cloud.

Here is a summary:

Network virtualization is a technology that allows layers of security and connectivity services to be deployed over heterogeneous, multi-vendor devices. The term “virtualization” applies since the technology abstracts applications away from propriety holes in and between incompatible devices. Incompatibilities among devices make networks complex and difficult to maintain. Human intervention often leads to mistakes, This is why more than 75 percent of traditional IT budgets are spent purely on networking

Why include the network in the cloud? Because:
  • ALL END USERS access the cloud application through the network.
  • THE NETWORK IS HOME to most security tools and devices.
  • The NETWORK IS COMPLEX and labor-intensive and is thought to require near "black magic skills" to maintain .
IT experts often refer to “the wilds of the data center.” The network is a big reason for the tangled jungle metaphor is the cloud security battlefield—the first and final layer of defense where most attacks start, from distributed denial of service to virus intrusion.

M2Mi’s Network Virtualization coordinates, security and access technologies like the Intel® SOA Expressway and Intel® Expressway Cloud Access 360 turn into sequential layers of dynamic protection, customizing applications specific security settings and augmenting them with automated response capabilities.

From a security point of view, network virtualization must assume all underlying network devices. Not all traffic can be trusted without extensive verification and validation

M2Mi uses Intel® Trusted Execution Technology (Intel® TXT) in the cloud to enable encrypted communication between the CPU and the local operating system. Intel TXT and M2Mi are used to deliver a trusted boot-up, securing the cloud from start to finish. incoming traffic is white-listed (i.e., registered traffic sources are identified and then allowed to move through a reduced security line; average traffic sources are scrutinized and X-rayed; and sources labeled suspect are put through additional measures before being allowed to board the cloud).

Metaphorically, the white-listing of the Cloud traffic sources resembles the security checks at the airports, where all passengers traffic is allowed to pass after a standard security checking, while some passengers require additional security measures before boarding the airplane.

Using this metaphor, we want the airport check point to look like  this:

and not like this:

How security checks should not look like
These features offer a nice surprise to the cloud operators. Network and server virtualization are billed differently in the cloud. And the network usage creates substantial incremental revenues potential.

The network device manufacturers have filled your network with wonderful features that network virtualization can expose as billable, premium services. These features include (1) secure socket layer (SSL), (2) packet inspection,  (3) quality of service (QoS), traffic prioritization,and data encryption

This enables premium cloud add-on services to be delivered based on value-add instead of purely usage rate pricing models.  Customer pays for premium billable services to increase security. This makes sense. There is no such thing as a  security policy policy that fits all

The challenge for M2Mi solutions in the Journey to cloud is how to securely manage across millions of remote mobile devices, through Telco networks, across enterprise environments, and safely through the cloud

Comments

Popular Posts