文档详细内容(约81页)
management software complicates operations and limits agility. This old approach doesn't consider the dynamic nature of today' s applications, and it locks you in -and not just with the vendor. It locks you into the complexities of your current network iting your IT team's ability to ada vate. This, in turn, puts the same limits on the business itself, because the business can move no faster than it can move In its 2018 report called Look Beyond Network Vendors for Network Innovation, Gartner says that, as its clients are going through digital transformation their network teams "must deliver data center net. work infrastructure rapidly and on-demand. Moreover, Gartner is seeing that the data center network is one of the biggest challenges for its clients(based on more than 3, 000 inquiries and audience polling in 2017) Here are some rather telling findings from the same report >>Data center network requests commonly take days to fulfill ) The number of active ports supported per local area network (LAN)full-time equivalent( FTE) has actually gotten less efficient over time by more than 10 percent-from 3, 412 ports per FTE in 2013 to only 2, 933 ports per FTE in 2016. Configuration processes are manual, slow, and error-prone On a day-to-day basis, physical networks force your network team to perform a lot of repetitive, manual tasks many of hich are discouraged or require approvals given the implica tions of a mistake. If a line of business or a department requests a new application or service, you need to create VLANs, map VLANs across switches and uplinks, create port groups, update service profiles, and so on. Certain SDN models hope to help here by allowing programmatic ally controlled hardware, but this still leaves you with a lot of heavy lifting. For instance, you still need to build multiple identi cal physical network stacks to support your development, test, and production teams, and you still lack the ability to deploy your (hardware-based) network in lockstep with your virtualized com- CHAPTER 1 Evolving to a Modern Network C2021 John Wley Sons Inc Any di
CHAPTER 1 Evolving to a Modern Network 9 These materials are © 2021 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited. management software — complicates operations and limits agility. This old approach doesn’t consider the dynamic nature of today’s applications, and it locks you in — and not just with the vendor. It locks you into the complexities of your current network architecture, limiting your IT team’s ability to adapt and innovate. This, in turn, puts the same limits on the business itself, because the business can move no faster than IT can move. In its 2018 report called Look Beyond Network Vendors for Network Innovation, Gartner says that, as its clients are going through digital transformation, their network teams “must deliver data center network infrastructure rapidly and on-demand.” Moreover, Gartner is seeing that the data center network is one of the biggest challenges for its clients (based on more than 3,000 inquiries and audience polling in 2017). Here are some rather telling findings from the same report: » Data center network requests commonly take days to fulfill. » The number of active ports supported per local area network (LAN) full-time equivalent (FTE) has actually gotten less efficient over time by more than 10 percent — from 3,412 ports per FTE in 2013 to only 2,933 ports per FTE in 2016. Configuration processes are manual, slow, and error-prone On a day-to-day basis, physical networks force your network team to perform a lot of repetitive, manual tasks — many of which are discouraged or require approvals given the implications of a mistake. If a line of business or a department requests a new application or service, you need to create VLANs, map VLANs across switches and uplinks, create port groups, update service profiles, and so on. Certain SDN models hope to help here by allowing programmatically controlled hardware, but this still leaves you with a lot of heavy lifting. For instance, you still need to build multiple identical physical network stacks to support your development, test, and production teams, and you still lack the ability to deploy your (hardware-based) network in lockstep with your virtualized compute and storage
a high price tag is associated with all of this As Andrew Lerner, a Gartner research director, noted, "Configuration and change nanagement of networking gear remains primarily a labor intensive, manual process. These timal network practices result in downtime, reduce security, degrade application perfor- mance, and waste human and capital resources Clearly, there's a better way forward: network automation. As Network World noted in a 2018 article, " Network automation is helping enterprises scale up and cut down on their costs expo nentially, giving them the bandwidth needed to focus on strategy Operational and capital expenditures are too high The limitations of legacy network architectures are driving up data center costs, in terms of both operational expenditures (OpEx) and capital expenditures(CapEx) OpEx The heavy use of manual processes drives up the cost of network operations. Just consider all the labor-intensive manual tasks required to configure, provision, and manage a physical network. Now multiply the effort of these tasks across all the environments you need to support: development, testing, staging, and produc- tion; differing departmental networks; differing application envi ronments; primary and recovery sites; and so on. Tasks that may be completed in minutes with automated processes -or even instantaneously with automatic deployment of networks -take hours, days, or weeks in a manual world And then there are the hidden costs that come with manually introduced configuration errors. One mistake can cause a critical connectivity issue or outage that impacts the business CapEX On the CapEx side, legacy network architectures require your organization to invest in stand-alone solutions for many of the networking and security functions that are fundamental to data 10 Network Virtualization For Dummies, VMware 3rd Special Edition C2021 John Wley Sons Inc Any di
10 Network Virtualization For Dummies, VMware 3rd Special Edition These materials are © 2021 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited. A high price tag is associated with all of this. As Andrew Lerner, a Gartner research director, noted, “Configuration and change management of networking gear remains primarily a laborintensive, manual process. These suboptimal network practices result in downtime, reduce security, degrade application performance, and waste human and capital resources.” Clearly, there’s a better way forward: network automation. As Network World noted in a 2018 article, “Network automation is helping enterprises scale up and cut down on their costs exponentially, giving them the bandwidth needed to focus on strategy and innovation.” Operational and capital expenditures are too high The limitations of legacy network architectures are driving up data center costs, in terms of both operational expenditures (OpEx) and capital expenditures (CapEx). OpEx The heavy use of manual processes drives up the cost of network operations. Just consider all the labor-intensive manual tasks required to configure, provision, and manage a physical network. Now multiply the effort of these tasks across all the environments you need to support: development, testing, staging, and production; differing departmental networks; differing application environments; primary and recovery sites; and so on. Tasks that may be completed in minutes with automated processes — or even instantaneously with automatic deployment of networks — take hours, days, or weeks in a manual world. And then there are the hidden costs that come with manually introduced configuration errors. One mistake can cause a critical connectivity issue or outage that impacts the business. CapEx On the CapEx side, legacy network architectures require your organization to invest in stand-alone solutions for many of the networking and security functions that are fundamental to data
center operations, including routing, switching, firewalling, ana lytics, and load balancing. Providing these functions everywhere h a hefty price tag There is also the issue of the need to overprovision hardware to be sure you can meet peak demands and the need to deploy active- passive configurations. In effect, you need to buy twice the hard ware for high availability - and sometimes much more. And then there is the cost of forklift upgrades To take advantage of the latest innovations in networking technology, network oper ators often have to rip and replace legacy gear, with most orga nizations on a three- to five-year refresh cycle. Legacy network to account for spikes in usage. The inability of hardware-based networks to scale automatically based on demand requires this inefficiency And up goes the costs of networking You cant leverage hybrid cloud resources The public-cloud model has proven that applications and services can be provisioned on-demand Enterprises everywhere would like to enjoy the same level of speed and agility. With that thought in mind, forward-looking executives have envisioned using hybrid clouds for all kinds of use cases, from data storage and disaster recovery to software development and testing But, once again, there is a network-related catch: In their quest to move to the cloud, enterprises are hampered by vendor-specific network hardware and physical topology. These constraints that come with legacy data center architectures can make it difficult to implement hybrid clouds. Hybrid clouds depend on a seam- less extension of the on-premises data center to a public-cloud resource, and how do you achieve this when you can't control the public-cloud network to mirror your hardware networking Traditional firewalls aren't adequate Many of the widely publicized cyberattacks of recent years share a common characteristic: Once inside the data center perimeter, CHAPTER 1 Evolving to a Modern Network 11
CHAPTER 1 Evolving to a Modern Network 11 These materials are © 2021 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited. center operations, including routing, switching, firewalling, analytics, and load balancing. Providing these functions everywhere they’re needed comes with a hefty price tag. There is also the issue of the need to overprovision hardware to be sure you can meet peak demands and the need to deploy active– passive configurations. In effect, you need to buy twice the hardware for high availability — and sometimes much more. And then there is the cost of forklift upgrades. To take advantage of the latest innovations in networking technology, network operators often have to rip and replace legacy gear, with most organizations on a three- to five-year refresh cycle. Legacy network architectures rooted in hardware also require overprovisioning to account for spikes in usage. The inability of hardware-based networks to scale automatically based on demand requires this inefficiency. And up goes the costs of networking. You can’t leverage hybrid cloud resources The public-cloud model has proven that applications and services can be provisioned on-demand. Enterprises everywhere would like to enjoy the same level of speed and agility. With that thought in mind, forward-looking executives have envisioned using hybrid clouds for all kinds of use cases, from data storage and disaster recovery to software development and testing. But, once again, there is a network-related catch: In their quest to move to the cloud, enterprises are hampered by vendor-specific network hardware and physical topology. These constraints that come with legacy data center architectures can make it difficult to implement hybrid clouds. Hybrid clouds depend on a seamless extension of the on-premises data center to a public-cloud resource, and how do you achieve this when you can’t control the public-cloud network to mirror your hardware networking systems? Traditional firewalls aren’t adequate Many of the widely publicized cyberattacks of recent years share a common characteristic: Once inside the data center perimeter
malicious code moved from server to server, where sensitive data was collected and sent off to cybercriminals. These cases high light a weakness of todays data centers: They have limited net work security controls to stop attacks from spreading inside the Perimeter firewalls are pretty good at stopping many attacks, but not all of them. as recent attacks have shown threats are still slipping into the data center through legitimate access points Once inside, often there is nothing in place to prevent them from spreading within the data center. This problem has been a tough one to solve because of the realities of physical network archi tectures. Put simply, with legacy networking systems, providing firewalling for traffic between all workloads inside the data center Using a traditional hardware firewall as an internal firewall in the data center requires hairpinning. Traffic needs to be sent up from a workload on the hypervisor across the network, across racks to a physical firewall, and then back again, even if both the source and the destination reside on the same hypervis Even more important, inserting a traditional firewall into an exist ing brownfield environment requires significant re-architecture, not just of the network itself but, more critically, of the applica tions. Many customers start with a perimeter firewall protecting the demilitarized zone(dmz)from the outside and the internal network from the DMZ. As organizations grow, they realize that they need to segment that internal network. Doing this with a traditional firewall means that application IP addresses would need to be reassigned. It also results in segmentation that is very rigid and limited to network constructs and VLANs Having a firewall policy that relies on IP addresses and ports leads to delays, forcing customers to adopt very coarse security policies that often become stale and remain in place long after an applica tion has been decommissioned As new applications are brought up and legacy applications are decomissioned, firewall policies need to be updated very fre- quently, and the policies consist of much larger rule sets than at the perimeter. Traditional firewalls don't have the software defined architecture that enables them to scale with the massive 12 Network Virtualization For Dummies, VMware 3rd Special Edition C2021 John Wley Sons Inc Any di
12 Network Virtualization For Dummies, VMware 3rd Special Edition These materials are © 2021 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited. malicious code moved from server to server, where sensitive data was collected and sent off to cybercriminals. These cases highlight a weakness of today’s data centers: They have limited network security controls to stop attacks from spreading inside the data center. Perimeter firewalls are pretty good at stopping many attacks, but not all of them. As recent attacks have shown, threats are still slipping into the data center through legitimate access points. Once inside, often there is nothing in place to prevent them from spreading within the data center. This problem has been a tough one to solve because of the realities of physical network architectures. Put simply, with legacy networking systems, providing firewalling for traffic between all workloads inside the data center is too costly. Using a traditional hardware firewall as an internal firewall in the data center requires hairpinning. Traffic needs to be sent up from a workload on the hypervisor across the network, across racks to a physical firewall, and then back again, even if both the source and the destination reside on the same hypervisor. Even more important, inserting a traditional firewall into an existing brownfield environment requires significant re-architecture, not just of the network itself but, more critically, of the applications. Many customers start with a perimeter firewall protecting the demilitarized zone (DMZ) from the outside and the internal network from the DMZ. As organizations grow, they realize that they need to segment that internal network. Doing this with a traditional firewall means that application IP addresses would need to be reassigned. It also results in segmentation that is very rigid and limited to network constructs and VLANs. Having a firewall policy that relies on IP addresses and ports leads to delays, forcing customers to adopt very coarse security policies that often become stale and remain in place long after an application has been decommissioned. As new applications are brought up and legacy applications are decomissioned, firewall policies need to be updated very frequently, and the policies consist of much larger rule sets than at the perimeter. Traditional firewalls don’t have the softwaredefined architecture that enables them to scale with the massive
amount of traffic, large rule bases, and constant policy updates that are req on the internal network To stay competitive, businesses need to move fast, yet their lu)networks don' t have the agility they need Antiquated network REMEMBER network. Legacy network architectures limit business agil ity, leave security threats unchecked, and drive up costs. These themes point to a single overarching need: It's time to move out of the hardwired past and into the era of the virtualized network. CHAPTER 1 Evolving to a Modern Network 13 C2021 John Wley Sons Inc Any di
CHAPTER 1 Evolving to a Modern Network 13 These materials are © 2021 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited. amount of traffic, large rule bases, and constant policy updates that are required on the internal network. To stay competitive, businesses need to move fast, yet their networks don’t have the agility they need. Antiquated network architectures are blocking the road to the SDDC and virtual cloud network. Legacy network architectures limit business agility, leave security threats unchecked, and drive up costs. These themes point to a single overarching need: It’s time to move out of the hardwired past and into the era of the virtualized network
