Virtual options pose real challenges for network admins

Your data centre topology is starting to scare you. You’ve got firewalls connected to VPN termination devices connected to load balancers connected to intrusion-detection systems, Secure Sockets Layer (SSL) offloaders, distributed denial-of-service appliances, caches – all sitting in front of your server farm and back-end data storage.

The downside of having so many appliances and servers chained together is obvious. It’s hard to manage them, hard to troubleshoot them, hard to upgrade. Then there’s the physical clutter of all those racks and appliances and cabling in your data centre.

But a number of companies are attacking the problem with hardware-based megaboxes that aggregate multiple functions into a single high-performance unit.

Other vendors are taking the additional step of providing configuration and management features that let companies and service providers “virtualize” the network functions inside the data centre.

The benefits of network virtualization are not lost on network executives. But of the three areas within the data centre that can become virtual – servers, storage and network resources – the network might be the toughest nut to crack.

“Our IT is extremely complex,” says Cesar Vallejos, vice president of network product engineering for JP Morgan Chase, “and we desperately need to simplify it.” The bank plans to use virtualization wherever it can.

But Vallejos says he needs to do a return-on-investment analysis to determine if moving to something like the data centre switch from Inkra Networks Inc. will let him provide services at the right price for internal customers. The Inkra switch combines firewall, load balancing, SSL acceleration, Web acceleration and VPN in one ASIC-based appliance. It’s likely that JP Morgan Chase will virtualize its server farms first. The underlying network might be more difficult to attack.

“You have to consider a data centre as the microcosm of telecom. It’s bunches of wires connecting one rack to another. If you can virtualize that, you wind up with a far greater chance of success in maintaining domain control under one roof,” Vallejos says. “But that’s a lot of work.”

Investment banker Morgan Stanley is hoping to deploy a virtual network pilot program for the e-commerce operation of 600 Dean Witter retail centres that service more than 5 million investors.

“Our multiple data centres have commodity services – load balancing, SSL authentication, and firewalls to some extent,” says Lance Braunstein, executive director of technical services. “These become a headache if you do them in a disparate way.”

But for caching, performance and business-continuity reasons, some data centres might have to remain in regional areas. However, it might be possible to administer them in a more central way, Braunstein says.

Braunstein adds that the pilot also will look at whether a virtualized approach makes it easier to track client utilization of online services and allocate costs.