Greening Security Services in a Data Center by Virtualization

Found this article in echannelline.com which is one of the first I’ve seen discussing the ideas of Green and Security in the same article.

Security platform provider Crossbeam Systems has waded into the Green IT discussion by releasing a white paper outlining steps that CIOs can take to achieve more efficient data centers by reducing the energy consumption of security-related equipment through the adoption of virtualization.

"Security has been a particularly egregious contributor to increasing data center energy consumption," said Peter Doggart, Crossbeam's Director of Product Marketing and the author of the white paper. "The good news is that the advances in security virtualization that Crossbeam has pioneered are helping customers consolidate their security-related hardware on the order of 20-to-one. The dramatic savings, ease of management and reduction of energy benefits to be realized resonate strongly among IT organizations."

The marketing document is kind of an advertorial format, but has some interesting parts like Green Data Center can be achieved by consolidating network security services into fewer devices as there have been device sprawl in the data center.

In the traditional, non-virtualized environment, companies address their
security issues by deploying special-purpose appliances built to run a
host of security applications, from firewalls and content gateways to IDS
devices and URL filters. Connecting this array of appliances is an excess
of additional switching equipment, patch cabling, and load balancers.
In this environment, network security has been in favor of the security
vendors, with their response to each new threat being, “Have I got a box
for you, and by the way, you are going to need a lot of them.”
The good news is there are numerous innovative companies focusing on
a particular security threat area. That focus is a big plus for customers.
The downside is that these focused companies typically require that
another box be added in order to deploy their solution. The requirement
for redundancy and ever-increasing traffic demands accelerate growth
in the number of appliances deployed. This phenomenon is known as
“appliance sprawl”
Appliance sprawl yields extraordinarily complex data center architectures,
leading to wasted space, growing energy usage, and difficulty in fault
diagnosis. Moreover, because these devices require connections to
Layer 2 and 3 network switches plus load balancers, and have limited
networking and application processing power, they essentially become
embedded, single-purpose elements in the network. This means that
when the security services need to be expanded or upgraded, so
does the network – an expensive and inefficient use of IT and security
resources.

This article did server another purpose to remind to contact Guy Brunsdon, giving us an excuse to talk technical stuff while our wives watch the kids. Guy and I get along even though he is Nikon user and I am a Canon dSLR user.

Technical Marketing Director, VMware

Guy Brunsdon is responsible for Technical Marketing of Networking for VMware Infrastructure at VMware. Prior to VMware he spent eight years at Cisco Systems in Australia and the United States in a variety of technical marketing and product marketing roles. Most recently he was responsible for product marketing of the Catalyst product lines in High Performance Computing. Prior to Cisco, Guy was Chief Network Architect for the Telstra enterprise network in Australia. Guy currently resides in Bellevue, WA.

Here is blog post about one of Guy’s presentations.

Today I've started attending Guy Brunsdon speech about best practice in configuring networking.
He started with basic on vSwitch telling that they behave as layer 2 physical switch (so no layer 3 routing).
He put strike on the importance of having network teaming to achieve:

  • better use of bandwidth
  • enhanced availability and performance

Another important feature to be used is VLAN tagging (that implies 802.1Q hardware), moreover in case of Virtual infrastructure deployed on blade system with lack of the ports.

Greening of a network while meeting security SLAs requires a focus on efficiency and cost effectiveness, and i know Guy would be a great resource on this.