SDN security: A reseller 101 for protection in a virtual world
SDN is no longer just an option, and resellers must embrace it – and virtual security – in order to stay relevant to customers.
That's the view of Gary Gardiner, Fortinet ANZ director of engineering and services, who says as small and medium sized businesses move to cloud and larger businesses invest in their own virtualised, consolidated data centers or move to cloud, resellers need to ramp up their virtualisation expertise – or focus on simply selling keyboards and screens.
For resellers who take the virtualisation route, the opportunities are huge – and lucrative.
"Today's data centers, networks and applications move the bulk of their data east-west," Gardiner says. "This means the data flows amongst virtual machines, as opposed to in and out of the network – north-south – itself.
"But since virtual machines can reside anywhere on the network, traditional security cannot keep pace with the data flows," Gardiner says.
"Security vendors, ourselves included, are faced with the challenge: how can we secure data and the network in a virtual environment?
SDN decouples the data plane from the control plane in a physical sense and adds a mechanism to enable the two planes to communicate in a virtual – or software – sense.
"This is where middleware, such as OpenFlow, comes in," Gardiner notes.
He says Fortinet has built a set of security-centric open and proprietary application programming interfaces (APIs) between its next generation firewall security services and SDN offerings from major networking vendors, including Microsoft, with its Azure, Cisco's application-centric infrastructure, VMware's vSphere and Software-Defined Data Center and HP with its Virtual Application Networks SDN controllers.
"This means that data center and enterprise customers can now add security at more levels of their network," Gardiner says.
He says as more organisations consolidate infrastructure into virtual data centers, or contract with cloud providers to do the same thing, managing workflows with SDN-type controllers will become more important.
"It's the way we'll be managing data flows in the future," he says.
Fortinet, he adds, has modified its various security solutions to allow it to provide a consistent security policy across any platform.
Gardiner acknowledges that for 'the average punter' SDN has the reputation of being somewhat esoteric.
"But forward-thinking resellers, service providers and systems integrators have been offering application services running on virtualised platforms for years," he notes.
"Adding a virtual security service, such as Fortinet's FortiGate VMX for VMware-based virtual networks, doesn't take a giant leap in technical expertise.
In fact, Gardiner says if you already sell security products and virtual solutions, you already have 90% of the skills necessary to move into what he says is a 'potentially lucrative arena'.
It is, he says, a 'huge opportunity' for savvy resellers.
"As your clients move their application services into a mixed virtual/physical/cloud-based model, the more they need to embed security protection into every layer of their network, regardless of physical location," Gardiner says.
"Those resellers who have embraced virtualisation can take advantage and those that haven't should train themselves up. Sure, there is still plenty of room for smaller resellers to earn a living selling hardware, but resellers who want to move up the food chain need to up their game.
So adamant is Gardiner about the future of cloud, virtualisation, SDN and virtual security, that he says resellers have a choice: professional services or screens?
He says soon, most SMBs will only buy screens, keyboards, cables and gateways. Everything else will be in the cloud, running in a virtualised data center environment. Larger organisations will be investing in virtualised, consolidated data centers, or also moving to the cloud – or both.
He says that means resellers have a choice. "Either ramp up your virtualisation expertise or focus on selling keyboards and screens.
But, he says, while resellers need 'sharp' people to tap into the market, 'it's not advanced astrophysics'.
"Anyone with a standard Fortinet NSE-level 4 certification should be able to manage a successful secure SDN implementation with a bit of mentoring.
"And once you've done it a few times, it gets easier," he adds.
"SDN is no longer an option. If you want to stay relevant to your customers, you need to embrace SDN and virtual security. Otherwise you will be left behind.