Premkrishnan Venkatasubramanian of Unisys Corp. has discussed approaches toward software-defined networks as a way to secure enterprise data center.
Venkatasubramanian wrote Friday that the software-defined network concept is gaining traction as protection of the data center boundary alone is insufficient.
The insertion of firewalls and switches leads to increased complexity of management, he said.
He said one approach to achieve software-defined networks involves a centralized network infrastructure software controller.
“Applications specify their network requirements to the controller, which in turn instructs the network hardware on how to deal with packets from each application,” Venkatasubramanian added.
Another approach to accomplish SDN is to create overlay networks upon the existing physical network through cryptography, he wrote.
“By assigning crypto keys to workstations and servers and encrypting data-in-motion, communication on the network can be restricted to those systems with matching keys,” Venkatasubramanian said.
“Keys can be assigned based on user or device identity – this makes it possible to segment the network such that systems can be accessed only by authorized users, while appearing hidden from other users,” he added.
Venkatasubramanian wrote that in the second approach, encryption could be visible to applications if handled at the lower networking stack layers.