Software-Defined Networking will be a critical enabler of the Internet of Things
- 09 June, 2015 23:03
This vendor-written tech primer has been edited by Network World to eliminate product promotion, but readers should note it will likely favor the submitter's approach.
Organizations are excited about the business value of the data that will be generated by the Internet of Things (IoT). But there's less discussion about how to manage the devices that will make up the network, secure the data they generate and analyze it quickly enough to deliver the insights businesses need.
Software defined networking (SDN) can help meet these needs. By virtualizing network components and services, they can rapidly and automatically reconfigure network devices, reroute traffic and apply authentication and access rules. All this can help speed and secure data delivery, and improve network management, for even the most remote devices.
SDN enables the radical simplification of network provisioning with predefined policies for plug-and-play set-up of IoT devices, automatic detection and remediation of security threats, and the provisioning of the edge computing and analytics environments that turn data into insights.
Consider these two IoT use cases:
* Data from sensors within blowout preventers can help oil well operators save millions of dollars a year in unplanned downtime. These massive data flows, ranging from pressure readings to valve positions, are now often sent from remote locations to central servers over satellite links. This not only increases the cost of data transmission but delays its receipt and analysis. This latency can be critical -- or even deadly -- when the data is used to control powerful equipment or sensitive industrial processes.
Both these problems will intensify as falling prices lead to the deployment of many more sensors, and technical advances allow each sensor to generate much more data. Processing more data at the edge (i.e. near the well) and determining which is worth sending to a central location (what some call Fog or Edge Computing) helps alleviate both these problems. So can the rapid provisioning of network components and services, while real-time application of security rules helps protect proprietary information.
* Data from retail environments, such as from a customer's smartphone monitoring their location and the products they take pictures of, or in-store sensors monitoring their browsing behavior, can be used to deliver customized offers to encourage an immediate sale. Again, the volume of data and the need for fast analysis and action calls for the rapid provisioning of services and edge data processing, along with rigorous security to ease privacy concerns.
Making such scenarios real requires overcoming unprecedented challenges.
One is the sheer number of devices, which is estimated to reach 50 billion by 2020, with each new device expanding the "attack surface" exposed to hackers. Another is the amount of data moving over this network, with IDC projecting IoT will account for 10% of all data on the planet by 2020.
Then there is the variety of devices that need to be managed and supported. These range from network switches supporting popular management applications and protocols, to legacy SCADA (supervisory control and data acquisition) devices and those that lack the compute and/or memory to support standard authentication or encryption. Finally, there is the need for very rapid, and even real-time, response, especially for applications involving safety (such as hazardous industrial processes) or commerce (such as monitoring of inventory or customer behavior).
Given this complexity and scale, manual network management is simply not feasible. SDN provides the only viable, cost-effective means to manage the IoT, secure the network and the data on it, minimize bandwidth requirements and maximize the performance of the applications and analytics that use its data.
SDN brings three important capabilities to IoT:
- Centralization of control through software that has complete knowledge of the network, enabling automated, policy-based control of even massive, complex networks. Given the huge potential scale of IoT environments, SDN is critical in making them simple to manage.
- Abstraction of the details of the many devices and protocols in the network, allowing IoT applications to access data, enable analytics and control the devices, and add new sensors and network control devices, without exposing the details of the underlying infrastructure. SDN simplifies the creation, deployment and ongoing management of the IoT devices and the applications that benefit from them.
- The flexibility to tune the components within the IoT (and manage where data is stored and analyzed) to continually maximize performance and security as business needs and data flows change. IoT environments are inherently disperse with many end devices and edge computing. As a result, the network is even more critical than in standard application environments. SDN's ability to dynamically change network behavior based on new traffic patterns, security incidents andpolicy changes will enable IoT environments to deliver on their promise.
For example, through the use ofpredefined policies for plug-and-play set up, SDN allows for the rapid and easy addition of new types of IoT sensors. By abstracting network services from the hardware on which they run, SDN allows automated, policy-based creation of virtual load balancers, quality of service for various classes of traffic, and the provisioning of network resources for peak demands.
The ease of adding and removing resources reduces the cost and risk of IoT experiments by allowing the easy deprovisioning and reuse of the network infrastructure when no longer needed.
SDN will make it easier to find and fight security threats through the improved visibility they provide into network traffic right to the edge of the network. They also make it easy to apply automated policies to redirect suspicious traffic to, for example, a honeynet where it can be safely examined. By making networking management less complex, SDN allows IT to set and enforce more segmented access controls.
SDN can provide a dynamic, intelligent, self-learning layered model of security that provides walls within walls and ensures people can only change the configuration of the devices they're authorized to "touch." This is far more useful than the traditional "wall" around the perimeter of the network, which won't work with the IoT because of its size and the fact the enemy is often inside the firewall, in the form of unauthorized actors updating firmware on unprotected devices.
Finally, by centralizing configuration and management, SDN will allow IT to effectively program the network to make automatic, real-time decisions about traffic flow. They will allow the analysis of not only sensor data, but data about the health of the network, to be analyzed close to the network edge to give IT the information it needs to prevent traffic jams and security risks. The centralized configuration and management of the network, and the abstraction of network devices, also makes it far easier to manage applications that run on the edge of the IoT.
For example, SDN will allow IT to fine-tune data aggregation, so data that is less critical is held at the edge and not transmitted to core systems until it won't slow critical application traffic. This edge computing can also perform fast, local analysis and speed the results to the network core if the analysis indicates an urgent situation, such as the impending failure of a jet engine.
IT organizations can become key drivers in capturing the promised business value of IoT through the use of SDNs. But this new world is a major change and will require some planning.
To prepare for the intersection of IoT and SDN, you should start thinking about what policies in areas such as security, Quality of Service (QoS) and data privacy will make sense in the IoT world, and how to structure and implement such policies in a virtualized network.
All companies have policies today, but typically they are implicit -- that is -- buried in a morass of ACLs and network configurations. SDN will turn this process on its head, allowing IT teams to develop human readable policies that are implemented by the network. IT teams should start understanding how they've configured today's environment so that they can decide what policies should be brought forward.
They should plan now to include edge computing and analytics in their long-term vision of the network. At the same time, they should remember that IoT and SDN are in their early stages, meaning their network and application planners should expect unpredicted changes in, for example, the amounts of data their networks must handle, and the need to dynamically reconfigure them for local rather than centralized processing. The key enablers, again, will be centralization of control, abstraction of network devices and flexible, dynamic automated reconfiguration of the network. Essentially, isolation of network slices to segment the network by proactively pushing policy via a centralized controller to cordon off various types of traffic. Centralized control planes offer the advantages of easy operations and management.
IT teams should also evaluate their network, compute and data needs across the entire IT spectrum, as the IoT will require an end-to-end SDN solution encompassing all manner of devices, not just those from one domain within IT, but across the data center, Wide Area Network (WAN) and access.
Lastly, IT will want to get familiar with app development in edge computing environments, which is a mix of local and centralized processing. As network abstraction to app layer changes and becomes highly programmable, network teams need to invest in resources and training that understand these programming models (e.g. REST) so that they can more easily partner with the app development teams.
IoT will be so big, so varied and so remote that conventional management tools just won't cut it. Now is the time to start learning how SDN can help you manage this new world and assure the speedy, secure delivery and analysis of the data it will generate.