Simon Brown of Scalable and Trevor Dearing of Juniper Networks discuss the challenges in securing the virtualised data centre.

Data centres are going through a revolution. Server and storage virtualisation combined with distributed applications allow companies to increase efficiency, reduce costs and respond faster to new opportunities. But they also pose significant security challenges, as Trevor Dearing, Juniper Networks, and Simon Brown, Scalable, explain.

Securing today’s data centre networks is becoming more and more challenging, as the very technologies that are increasing efficiency and adaptability raise new security concerns.

“With multiple virtual machines sitting on one physical host server, the traffic flowing between them doesn’t touch the physical network,” says Trevor Dearing, Head of Enterprise Marketing EMEA, Juniper Networks. “Consequently, it’s invisible to traditional network monitoring tools and unprotected by physical network security devices.”

“Also, in a virtualised network it is all too easy for virtual machines with different levels of trust to be placed on the same physical server, resulting in the possibility of unauthorised people viewing sensitive information. This problem is made worse by the fact that virtualisation allows virtual machines to be actively migrated across physical servers, leading to unpredictable combinations of trusted and untrusted virtual machines.”

Network attached storage and storage area network technologies also raise security concerns. “As a part of the overall IP infrastructure, the storage network must be protected from denial of service and other malware attacks that could corrupt data or make it unavailable to applications, “ says Simon Brown, Managing Director, Scalable, an independent IP networking and security specialist.

“In addition, because storage arrays are accessible by a variety of applications, there is a possibility that unauthorised users could gain access to information, particularly when it is flowing across the network. To release the benefits of storage over IP networks, organisations must be able to ensure data availability, integrity and confidentiality.”

Service oriented architectures aren’t immune either. They speed application development but they also add security challenges of their own. “The re-usable services that are used to build new applications communicate with each other by passing data from one service to another or coordinating an activity between two or more services,” says Brown.

“As a result, each application that is built connects to a large number of back-end applications. When an employee uses the application his or her identity and credentials must be presented consistently to all application elements and back-end services so that appropriate access is granted. In addition, with communications now targeted at a larger set of systems, the possibility of an eavesdropper intercepting a communication stream increases, making encryption a requirement.”

For all these reasons, the old security rules no longer apply. “At Juniper we think it’s reached a tipping point, “ says Dearing. “To protect the network today, it’s no longer enough to know what is on the network, organisations must know who is on the network and what they can see and do. Today’s security solutions must be dynamic, deliver application visibility and be identity aware.”

Brown agrees. “Organisations need security tools that are designed for today’s data centre environments,” he says. “The old security systems are just not good enough. Yes, organisations need firewalls that protect against intrusion, denial of service attacks and viruses. But they also need devices and tools that can monitor each virtual machine, classify traffic flows and identify applications regardless of port or protocol. In addition, as users become more mobile, they need sophisticated authentication and integrity checks that don’t impose unnecessary restrictions on users.”

“And the devices and tools must be versatile,” adds Dearing. “They must be capable of handling dramatically changing traffic volumes and security threats. They must also be capable of handling very high throughput rates and inspecting and controlling high volumes of traffic travelling between different domains. Plus, they must be easy to manage. The aim must be to simplify data centre infrastructures, not make them more complex.”

Founded in 1997, Scalable has an enviable reputation as an IP networking and security specialist. We put the intelligence into IP networks; secure, converged, high performance IP networks that are optimised for you now and provide agility for your future. Partnering with Scalable has enabled organisations such as Conde Nast Publications, B&Q and Liverpool Women’s Hospital to drive increased profitability and competitive advantage. We take pride in our unequalled IP expertise, our deep understanding of emerging technologies and our strategic relationships with best-of-breed vendors. Delivering both data centre and campus solutions, we work with you consultatively to assess, design, implement, optimise and support your network, taking a cyclical approach of continuous improvement. For more information please contact us.