Looking at todays networks, one has to agree virtualization is key. Big datacenters and large companies have allready switched to popular platforms such as VMWare or Citrix in order to lower the amount of physical servers and optimise their infrastructure.
Network technicians today are challenged with the same virtualization challenges as server admins. Especially in provider and shared datacenter architectures there is a lot to do about network multitenancy. I have worked in big datacenter environments and in fact am challenged as well with the multitenancy environments, which make the job a lot more interesting.
Here are some key components for network multitenancy to work :
- Layer2 separation (we all know vlan’s don’t we ?)
- Layer3 separation (the VRF technology is key here)
- Layer4-7 separation (Firewalls, VPN solutions and other devices should all be multitenant capable)
In fact it’s key to have a clear statement about the true multitenant environment. Many vendors sell their product, capable of tenancy however when looking closely it might not be what you expect!
- Completely separate routing domains (eg : a routing table per tenant)
- Completely separate security domains (eg: by Cisco ASA Context technology)
- Completely different user databases / authentication groups (eg: VPN solutions)
- Completely separate management access (if required)
There are quite a few caveats with network multitenancy you need to be aware of, which will be covered in subsequent blogposts. You can imagine security and scalability being the most important factors when building multitenant environments. Several key players allready have products in their catalog adding value to these problems but most of the time the network architect needs to be aware of the solutions limitations.
Network technicians today are challenged with the same virtualization challenges as server admins. Especially in provider and shared datacenter architectures there is a lot to do about network multitenancy. I have worked in big datacenter environments and in fact am challenged as well with the multitenancy environments, which make the job a lot more interesting.
Here are some key components for network multitenancy to work :
- Layer2 separation (we all know vlan’s don’t we ?)
- Layer3 separation (the VRF technology is key here)
- Layer4-7 separation (Firewalls, VPN solutions and other devices should all be multitenant capable)
In fact it’s key to have a clear statement about the true multitenant environment. Many vendors sell their product, capable of tenancy however when looking closely it might not be what you expect!
- Completely separate routing domains (eg : a routing table per tenant)
- Completely separate security domains (eg: by Cisco ASA Context technology)
- Completely different user databases / authentication groups (eg: VPN solutions)
- Completely separate management access (if required)
There are quite a few caveats with network multitenancy you need to be aware of, which will be covered in subsequent blogposts. You can imagine security and scalability being the most important factors when building multitenant environments. Several key players allready have products in their catalog adding value to these problems but most of the time the network architect needs to be aware of the solutions limitations.
I loved your post.Much thanks again. Fantastic.
ReplyDeleteBusiness analysis online online training
Cognos online online training
Core Java online online training
Django online online training