Intent-based networking will "revolutionise the data centre"
There are a number of new technologies bursting on the scene with promises to change the way data centres operate.
Apstra chief technology officer Sasha Ratkovic says intent-based networking is one of them as it works to allow companies to run their networks reliably and cost-effectively while offering more agility and control.
The hard problem to achieving that is determining how to compose the complex infrastructure capabilities in order to serve business needs in the presence of constant change in device capabilities and business rules.
“Dreaded ‘brown-field’ environments are a testament to the fact that in complex environments dealing with changes gets progressively more and more difficult until the ability to evolve finally stalls. With Intent-Based Networking, the premise is that knowing the intent and understanding how it is implemented makes dealing with change safer and predictable,” says Ratkovic.
“One set of changes comes from the operator in the form of a business rule change or policy change. Even more challenging ones (as you don’t control them) are changes coming from the infrastructure in terms of operational status changes or failures. So by definition, Intent-Based Networking deals with all phases of network service lifecycle: design, build, deploy and validate, as each of them involve some specification of user’s intent or validation that the intent has been met.”
Ratkovic believes intent-based networking is a foundational technology being used to enable intent-based data centre automation to address business transformations like digital overhauls, cloud adoption, mobility proliferation, advanced applications, pervasive IoT, and end-user demands.
“The composition problem mentioned earlier is a consequence of the fact that today’s data centers act as scale-out computers and there is a need to compose this infrastructure consisting of compute, network, and storage. But this is only one dimension of this composition problem,” says Ratkovic.
“Another dimension is how do you incorporate complex business rules and policies? Infrastructure capabilities, as well as mechanisms to consume them, are subject to constant change. And the situation with business rules is even worse, both in terms of the frequency and the complexity of the changes.”
Ratkovic says every time that a change occurs, operators are forced to perform some composition.
“If you take something out, is what remains still acting as a coherent whole? If you add or modify something, is the new composite valid? With a single compute virtualisation node, the problem the operating system must deal with involves partitioning resources as well as dealing with isolation,” says Ratkovic.
“Hypervisor was a vehicle for compute virtualisation. But with the data center acting as a scale-out computer, the distributed operating system first has to perform composition and only then again resource partitioning and isolation. But if you fail at composition due to changes in infrastructure and business rules, you will never even get to consuming your precious and expensive scale-out compute resources. So in some sense Intent-Based Networking is your data center hypervisor.”
Software-defined networking (SDN) is rife around the world among data centres and IT departments, and Ratkovic is confident the same will be true of intent-based networking.
“The earliest incarnations of Intent-Based Networking started 4-5 years ago and the technology advances since then are impressive. Aside from technology it takes our collective response to embrace opportunities presented by technology to make it mainstream,” says Ratkovic.
“We are seeing intent-based data centre automation which is built on intent-based networking, distributed system architecture, and vendor-agnostic overlay being deployed by several marquee customers which is an indication that the shift is happening. The feedback from the early adopters is phenomenal.”
Ratkovic says customers are reveling in the freedom of choice because to stay competitive they need to enable advanced services by composing and leveraging best of breed capabilities across vendors.
“Choice also offers these businesses cost control. Intent-based networking allows them to compose a reliable system out of a disaggregated networking stack. It allows them to deal with their infrastructure by managing it as a fleet (“cattle”) of disaggregated, replaceable commodity components,” says Ratkovic.
“They also have the option to build their masterpiece snowflake out of more expensive, brand name components (“pets”). Once they make a choice, they may want to preserve that capability in the future. You don’t want to be free to make a choice and then be locked in by it. To stay competitive you need to be nimble in the presence of change and evolve with your digital transformation.”
Ratkovic says there are a number of other positive aspects brought in by intent-based networking, which include:
- Reduces the kind of work tied to running a production services that tends to manual, repetitive, automatable, and devoid of enduring value.
- By enabling a declarative specification of a desired outcome, it greatly simplifies all phases of a service lifecycle and reduces the chance of human error.
- Reduces the time to debug and fix problems as it delivers a context rich operational state which allows extraction of knowledge from the raw telemetry, providing actionable context rich anomalies to identify root causes and identify gray failures.
“Given the above excitement that Intent-Based Networking solutions provide and the traction they are getting I am very optimistic about intent-based networking becoming widespread,” says Ratkovic.
And finally, when it comes to how Apstra is looking to blaze a trail in this market, Ratkovic says the company’s solutions are empowering intent-based data centres with intent-based networking, a distributed system architecture, and a vendor-agnostic overlay.
“Our strategy is rooted in building the solid foundation and not cutting corners. The composition problem described earlier is a hard problem to solve and chasing opportunities at the cost of quality is short-sighted strategy, embraced by many and doomed to fail. Our unique funding structure allows us to spend time solving the problems in a manner that produces reliable, testable and maintainable software,” says Ratkovic.
“Our co-founder David Cheriton used to say that when you build a bamboo hut, it happens fast, you get instant gratification but then after the first storm it is gone. On the other hand when you build a skyscraper you first go down for few years with everyone around you wondering what is going on, but once you emerge above the ground level adding floors becomes fast. This is where we are now and it is without a doubt the most exciting and creative time you can imagine!”
- ForgeRock Consultant
- Upto €85000 plus benefits
ForgeRock deployment consultant is needed for this expanding IT Services business within Spain, to act as their ForgeRock technical lead, Responsibilities include: High level and low level design, Scoping the techical needs of the project design, configure, develop and test the forgeRock deployment. We are looking for a strong IAM consultant ideally with ForgeRock experience, Must have strong Oauth 2.0, SAML and API experience
- IAM Consultant
- Upto €85000 plus benefits
An Identity & Access Management Consultant is needed for an expanding IT Security consultancy, based in France. (Remote role with monthly office meet-ups) The Identity & Access Management Consultant will be responsible for the technical design and implementation of Identity & Access Management/IAM products for a wide variety of clients. Deliver bespoke end-to-end consultancy service to our clients, from gathering requirements through to implementation. Work in a close team designing, developing, and implementing first-class IAM solutions. Manage client relationships, working closely with key stakeholders to continually evaluate business requirements and ensure the highest quality solution delivery. If you are interested we are looking for an individual with Previous experience working within the IAM or CIAM field is essential, Strong knowledge with SAML and Oauth and ideally OpenID Previous experience from any of these technologies: One Identity, SailPoint, Saviynt, Ubisecure, Ping Identity, would be advantageous
- Ping Identity Support Consultant- IAM Support
- upto €60,000 plus benefits
As the Ping Support specialist, you would be part of a team focused on Single Sign On (SSO) / Federation and Multifactor authentication, protecting our clients from unauthorized access and cyberattacks. The position is to provide 2nd/ 3rd line support, for the following tech. SSO, Federation, Reverse Proxy infrastructure, Apache servers, and its associated components and applications To be responsible for the day to day operational support, performance, tactical lifecycle management, and continuous improvement of the respective IT infrastructure. We are looking for someone with strong SAML and OAuth Knowledge as well as experience supporting the Ping portfolio of solutions Identity, Access, Federate
- IAM Architect Ping Identity, Access Federate
- Up to €110,000 plus benefits
An experienced Ping Identity Architect is needed for this global brand who are looking for someone who wants to join a growing Cyber Security team. We are looking for a senior Architect who can be responsible for the full IAM portfolio, including overseeing all BAU work as well as being responsible for the future strategy and development of the IAM portfolio further development and strategy You will be responsible for ensuring all architectures and best practices within the architecture framework are maintained and developed We are looking for someone with a strong Ping background, in Ping identity, federate, and Access, you will have worked as a senior consultant or architect in previous roles and ideally have some team-leading experience You will have good knowledge of architectural principles and patterns and their implementation into system and software design Experience in handling container technologies, cloud technologies, CI/CD (DevOps) and LDAP