Automation brings greater security, faster dev cycle to Durham County, N.C.’s next-gen datacenter
Each time technology gets smarter, the people who operate it gain a little freedom.
In Durham County, North Carolina, smarter technology comes in the form of a next-generation data center powered by software-defined networking (SDN). On Tuesday, vendor Cisco is announcing the launch of the data center, which the county says will facilitate easier management through automation, improve security and more time to work on new projects.
An 80/20 split between time spent on network maintenance and time spent on innovation, respectively, will be swapped thanks to this new equipment, county officials say, while the inclusion of a “DevOps” environment will allow for the rapid test and release of new apps and services for the public.
“Our current data center was in dire need of a life cycle replacement/refresh,” said Joel Bonestell, county network services manager. “And so there were a couple designs floating around when I initially came back [to the department about 18 months ago]. And it was more sticking to the traditional data center model. I start looking at it and scratched my head and was like, ‘Is this really the direction we need to go with?'”
Bonestell hired Seth Price, senior network engineer and architect, last summer and together they took a critical look at the traditional networking model that so many have relied on the past several decades and whether SDN might be the escape they had always wanted.
SDN could do for data centers what object-oriented programming and what-you-see-is-what-you-get interfaces did for software development. Software programming began with the manual calibration of vacuum tubes that communicated at the machine level, but advancements in computer science made it possible for anyone who can work a computer to now build a website with no knowledge of what’s happening underneath. Computers have always been designed with the goal in mind that a user can simply issue plain-language instructions that the computer correctly interprets and executes. SDN takes networking one step closer to that future, Price said.
“I’ve been in the field roughly 24, 25 years, and the way that I manage a network has not changed for the most part,” Price said. “To get our data center to communicate correctly, we have to configure each individual component to the requirements necessary not only to that component, and the security within that component, but we have to manually tell it how to communicate with the other pieces of equipment it needs to communicate with. It’s a very complex operation, but this is the way we’ve been doing things for 25, 30 years.”
Because things have remained relatively unchanged for so long, network engineers have grown accustomed to managing networks in this fashion, but SDN could soon change what skills public-sector technologists hire for and how time is spent in their daily schedules.
“What SDN does is it takes that control plane and it extracts it from the hardware where you now have a central controller where you now can program your entire data center fabric and all of your policies from a single point, usually from a [graphical user interface],” Price said. “And Cisco in particular is a declarative model where … I build policy and I say, ‘This is what I want to happen on the network.’ It sends those policy requests to the hardware, then the hardware configures itself based on what I’ve requested the policy to look like.”
Less Networking, More Projects
Less time spent tinkering with the network will leave IT a chance to pursue development of projects and services that serve the public. A “DevOps” environment on the county’s data center will further speed along development by providing the county’s software makers with an automated process as they negotiate toward a final product.
“Currently, for our development to develop a product and then bring it into production can be a tedious process,” Price said. “We’re talking about not weeks, but usually months of development and meetings and gathering requirements, not only network ones but security-wise. A lot of moving parts.”
A development infrastructure segregated from the rest of the network will give developers a chance to test their projects and use pre-defined policies approved by the networking team. The whole process will be completely streamlined, Price said.
New apps that allow citizens to send photos and documents, for instance, will save both citizens and the county time and money, but with each new added function comes added risk for government. Allowing citizens to upload Word documents and PDF files directly onto county servers opens new potential for hacks.
But SDN gives hackers a tougher time, Price said.
“When somebody sends a file in, our firewall’s going to first check it for any kind of vulnerabilities,” Price explained. “It’s then going to hit a repository in our data center. It’s going to go through another security vulnerability check. If a vulnerability is detected in that file, it will automatically be moved to a spot in the network that’s completely segmented off from anything except from our antivirus server. Once the file is remediated, it will then be able to be released from that spot in the network and then moved to its actual final resting place. That’s all going to be possible through the automation within this software-defined network.”
Before the data center upgrade, this all happened manually, which was both slower and gave administrators lots of chances to make mistakes along the way. There are fewer opportunities to make mistakes the more processes become automated in accordance with the county’s policies, Price explained.
Cisco’s SDN hardware uses a whitelist model, which isolates by default any new devices connected to the network, further reducing risk. Devices need explicit permission to communicate across the network.
Price and Bonestell said the county’s SDN implementation is operational now, and they’ll spend the coming weeks exploring how automation can unleash technology in new ways for the county and its citizens.