Intent-based networking will "revolutionise the data centre"
There are a number of new technologies bursting on the scene with promises to change the way data centres operate.
Apstra chief technology officer Sasha Ratkovic says intent-based networking is one of them as it works to allow companies to run their networks reliably and cost-effectively while offering more agility and control.
The hard problem to achieving that is determining how to compose the complex infrastructure capabilities in order to serve business needs in the presence of constant change in device capabilities and business rules.
“Dreaded ‘brown-field’ environments are a testament to the fact that in complex environments dealing with changes gets progressively more and more difficult until the ability to evolve finally stalls. With Intent-Based Networking, the premise is that knowing the intent and understanding how it is implemented makes dealing with change safer and predictable,” says Ratkovic.
“One set of changes comes from the operator in the form of a business rule change or policy change. Even more challenging ones (as you don’t control them) are changes coming from the infrastructure in terms of operational status changes or failures. So by definition, Intent-Based Networking deals with all phases of network service lifecycle: design, build, deploy and validate, as each of them involve some specification of user’s intent or validation that the intent has been met.”
Ratkovic believes intent-based networking is a foundational technology being used to enable intent-based data centre automation to address business transformations like digital overhauls, cloud adoption, mobility proliferation, advanced applications, pervasive IoT, and end-user demands.
“The composition problem mentioned earlier is a consequence of the fact that today’s data centers act as scale-out computers and there is a need to compose this infrastructure consisting of compute, network, and storage. But this is only one dimension of this composition problem,” says Ratkovic.
“Another dimension is how do you incorporate complex business rules and policies? Infrastructure capabilities, as well as mechanisms to consume them, are subject to constant change. And the situation with business rules is even worse, both in terms of the frequency and the complexity of the changes.”
Ratkovic says every time that a change occurs, operators are forced to perform some composition.
“If you take something out, is what remains still acting as a coherent whole? If you add or modify something, is the new composite valid? With a single compute virtualisation node, the problem the operating system must deal with involves partitioning resources as well as dealing with isolation,” says Ratkovic.
“Hypervisor was a vehicle for compute virtualisation. But with the data center acting as a scale-out computer, the distributed operating system first has to perform composition and only then again resource partitioning and isolation. But if you fail at composition due to changes in infrastructure and business rules, you will never even get to consuming your precious and expensive scale-out compute resources. So in some sense Intent-Based Networking is your data center hypervisor.”
Software-defined networking (SDN) is rife around the world among data centres and IT departments, and Ratkovic is confident the same will be true of intent-based networking.
“The earliest incarnations of Intent-Based Networking started 4-5 years ago and the technology advances since then are impressive. Aside from technology it takes our collective response to embrace opportunities presented by technology to make it mainstream,” says Ratkovic.
“We are seeing intent-based data centre automation which is built on intent-based networking, distributed system architecture, and vendor-agnostic overlay being deployed by several marquee customers which is an indication that the shift is happening. The feedback from the early adopters is phenomenal.”
Ratkovic says customers are reveling in the freedom of choice because to stay competitive they need to enable advanced services by composing and leveraging best of breed capabilities across vendors.
“Choice also offers these businesses cost control. Intent-based networking allows them to compose a reliable system out of a disaggregated networking stack. It allows them to deal with their infrastructure by managing it as a fleet (“cattle”) of disaggregated, replaceable commodity components,” says Ratkovic.
“They also have the option to build their masterpiece snowflake out of more expensive, brand name components (“pets”). Once they make a choice, they may want to preserve that capability in the future. You don’t want to be free to make a choice and then be locked in by it. To stay competitive you need to be nimble in the presence of change and evolve with your digital transformation.”
Ratkovic says there are a number of other positive aspects brought in by intent-based networking, which include:
- Reduces the kind of work tied to running a production services that tends to manual, repetitive, automatable, and devoid of enduring value.
- By enabling a declarative specification of a desired outcome, it greatly simplifies all phases of a service lifecycle and reduces the chance of human error.
- Reduces the time to debug and fix problems as it delivers a context rich operational state which allows extraction of knowledge from the raw telemetry, providing actionable context rich anomalies to identify root causes and identify gray failures.
“Given the above excitement that Intent-Based Networking solutions provide and the traction they are getting I am very optimistic about intent-based networking becoming widespread,” says Ratkovic.
And finally, when it comes to how Apstra is looking to blaze a trail in this market, Ratkovic says the company’s solutions are empowering intent-based data centres with intent-based networking, a distributed system architecture, and a vendor-agnostic overlay.
“Our strategy is rooted in building the solid foundation and not cutting corners. The composition problem described earlier is a hard problem to solve and chasing opportunities at the cost of quality is short-sighted strategy, embraced by many and doomed to fail. Our unique funding structure allows us to spend time solving the problems in a manner that produces reliable, testable and maintainable software,” says Ratkovic.
“Our co-founder David Cheriton used to say that when you build a bamboo hut, it happens fast, you get instant gratification but then after the first storm it is gone. On the other hand when you build a skyscraper you first go down for few years with everyone around you wondering what is going on, but once you emerge above the ground level adding floors becomes fast. This is where we are now and it is without a doubt the most exciting and creative time you can imagine!”
- Information Security Risk Consultant, London. ISO 27005
REFCH7901 Information Security Risk Consultant, London. ISO 27005 Information Security Risk consultant needed for a London based client. The ability to achieve SC security clearance will be required. ISO 27005 Risk Assessment experience is essential. The role will cover, Risk identification, Assessment and Advisory consulting. This is a client facing role, single client- not multiple. Experience working with multiple teams and internal stakeholders is essential. The information Security Risk Consultant should ideally have a breath of information Security and IT technology based security experience. Prior experience within the public sector is desirable, but not essential. Broad knowledge across Security IT transformation, Cloud is also key. Broad experience across GRC, iso27001, NIST is key. Ongoing support and training provided. Apply today for more information, all details kept in confidence.
- Google Cloud platform Security Engineer, Contract, inside IR35
- United Kingdom
REF CH7897 Google Cloud platform Security Engineer, Contract, Inside IR35 Looking for a Google Cloud platform Security Engineer will define, document, design, implement, harden and generally improve the security capability of a Google Cloud Platform. The ability to configure, and deploy the following Google Cloud Platform security solutioons is essential; Command Security Centre, Cluster Security, APIGEE, GCP Cloud Armor Hands on technical expertise security experience with Terraform, Kubernetes Security, Container (Docker) security, Secret Manager is essential as is experience securing Google Kubernetes Engine Workloads. It is essential that you have a proven track record of securing a GCP environment and expertise in automating that with Terraform. Scripting experience with the above where appropriate is a key ability. You will be highly technical and have the ability to engage with stakeholders to ultimately deliver a secure and hardened Google Cloud Platform.
- Security Analyst, London. Financial Services. End user.
CH7885. Security Analyst, London. Financial Services. End user. Immediate role. £55,000 Security Analyst needed to monitor and manage a security suite of tools within Financial Servicecs end user . The Security Analyst will be responsible monitoring, configuring, fine tuning, incident management and generally improving the security tool capability. Specific experience with CyberArk, Tripwire Log Center and Tripwire Enterprise is highly desirable). Current experience with Vulnerability management and penetration testing is highly desirable. Specifically the ability to effectively manage 3rd party pen tests. You will be working within a specialist security team reporting to the CISO. Experience working within a regulated end user environment within financial services is highly desirable. This role will run a hyrbid working schedule, partly remote, partly office based in London (once permitted) This is an exclusive role to DCL Search & Selection. https://calendly.com/chris-holt/call-with-chris-holt-dcl-search
- IAM Consultant- Identity Governance
- United Kingdom
- Upto £80,000 plus benefits
Identity and Access Management Consutlant is required for this established business who put their employees first. the role entails • Develop and maintain IAM services. • Further develop IAM tool integration with Service Now to provide automated JML processes and application access requests and fulfilment. • Provide guidance over Role Based Access in terms of Location based Roles, Application Roles and Business Roles and act as SME over any future RBAC project. • Work closely with our other Technology teams on integrating IAM services with Technology and business systems to increase efficiency through automation around areas such as JML processes, application access request fulfilment and attestation. • Work with the Governance Risk & Compliance (GRC) team to provide application access attestations and toxic combination alerting and reporting. • Involvement with Identity Management initiatives such as Single Sign On (SSO) and Privileged Access Management (PAM), to ensure security and business processes are in line with industry best practice. • Assist in ensuring that all IAM capabilities are mapped to internal processes, policies, and standards. Develop metrics to measure and improve the alignment. • Complete monthly review and report on sensitive group access, i.e., service accounts, admin accounts, etc. validating I&O processes are effective. • Provide information to both internal and external Auditors in response to findings. • Collate audit evidence for AAF audit and control reviews, taking responsibility for identifying service and process improvements to ensure compliance with our controls and standards. We are looking for someone with Hands on technical experience with the IAM tools, you need to have been involved in the integration of the IAM solution into 3rd party software like Servicenow, You will have worked with an IAM tools that are focused into Identity Goveranance, like RSA, CA Identity Suite, Fischer Identity, Hid Global, IBM IGL, Net IQ Identity Goverance, Omada, Ping or Oracle Post covid, this role will invovle a mix of home and office work, the business have a number of office spread across the UK so locaton is flexible for this position