InfoGuard Cyber Security and Cyber Defence Blog

Improve security, performance and operational efficiency in the data centre

Geschrieben von Reinhold Zurfluh | 26 Apr 2022

In order for companies to gain a competitive advantage and remain successful, they must be able to manage growth with ease and be able to rapidly implement new requirements. At the same time, security needs to be constantly enhanced, consistent performance must be ensured and operational efficiency has to be achieved. Increasingly, companies are finding that their current data centre environments were not designed for fast, easy, cost-effective service delivery. We show you how to modernise your data centre to make it fit for today’s challenges and those in the future thanks to a distributed services architecture, without having to compromise on security.

Corporate data centres need to evolve

Application environments are becoming more extensive and cloud-native microservices architectures are becoming more widespread throughout the world. In a study, it was found that 70% of businesses are running or plan to run cloud-native and container-based applications in hybrid environments. Although cloud-native applications tend to be associated with being deployed in the public cloud, this is not necessarily the case. New applications and workloads are often distributed across private data centres, multiple public clouds and edge locations.

Corporate data centres need to evolve, in order to provide modern services for these dynamic application environments. Ultimately, this means that hyperscale cloud-based environments must be replicated in private company data centres, because many existing data centre environments do not provide efficient services for these new applications. So it is not surprising that many companies are increasingly relying on on-premises hyperscale cloud solutions as part of their efforts to modernise their data centres.

Existing data centre environments present a challenge

Considering the enormous amount of traffic flowing east-west within a server or between servers, it is difficult (if not impossible) for IT to integrate application services into legacy data centre environments. Although networks have evolved towards two-tier spine leaf fabrics and are thereby able to eliminate some of the complexity and latency, both application-level and security services are still tied to outdated architecture.

When migrating from a three-tier to a two-tier architecture, services are usually provided on appliances. However, this approach does not permit efficient scaling to meet the load generated by east-west traffic. As a result, additional appliances have to be mobilised, and of course this means increased costs and complexity. It is also still common for security and network operations to use different tools, which in turn compounds the complexity and challenges for network management and security. As a result, deploying and scaling modern application environments can become extremely difficult, not to say impossible.

In order to meet current business needs, companies need to be able to deliver end-to-end secure, user-friendly environments - with agile, efficient, hyperscale-like capabilities in their existing on-premises data centres. But how should this be done?

Distributed service architecture – secure, efficient and high-performing

A distributed services architecture (DSA) is needed to overcome these challenges and enable organisations to transform their existing corporate data centres to provide more effective support for modern application environments. This moves or distributes application and security services so that they are as near as possible to the applications themselves. Hyperscale cloud providers use this architecture to optimise performance, enhance security and reduce costs.

This type of architecture is an option when you are building new hyperscale cloud environments from scratch, but the question is, how does a company with existing data centres benefit from this technology? For these environments, it would make sense to implement these services in the top-of-rack (ToR) leaf switch (see graphic below). This way, organisations can take advantage of a distributed services architecture without having to undertake an expensive, time-consuming forklift upgrade for the entire data centre. In other words, without disruption.

Source: HPE Aruba

 

There are obvious benefits to using a DSA in a corporate data centre:

  • Delivering services that are as close to the applications as possible, reducing latency and improving security.

  • Eliminating appliance sprawl, reducing costs by removing the need for additional infrastructure and the maintenance associated with it.

  • Phasing out existing service-specific appliances or reusing them to support existing environments.

  • Optimising network performance and bandwidth by reducing latency via service provisioning in the top-of-rack switch. This simultaneously improves user experience and reduces traffic on the core network, which leads to improved performance here as well.

  • Enhancing the operational efficiency of network and security teams by enabling them to access and manage all services via a single interface.

Aruba – Distributed services switch

To help companies build hyperscale-like environments in their existing data centres Aruba has partnered with Pensando Systems to develop a new generation of switches - the Aruba Distributed Services Switch. The combination of Aruba and Pensando technologies means that companies can roll out unified network and security policies along with telemetry data.

The new 1HE large Aruba Distributed Services Switch (CX 1000) integrates Aruba AOS-CX Routing and Switching technology with Pensando L4-L7 software services and the data processing unit. The Aruba CX 10000 enables customers to extend a zero-trust architecture deeper into the data centre by delivering stateful 800G services east-west over each switch port, massively improving the security of critical applications and workloads.

Businesses that want to deploy cloud-native applications in existing data centres or connect to multiple public clouds should consider using the Aruba CX 10000. It significantly improves both security and application performance, resulting in a better user experience with a significantly lower total cost of ownership.