Making the Case for SDN: A Real-World Example

There’s no denying that Software Defined Networking (SDN) is a very hot topic. Most organizations we talk to have SDN on their roadmap; some already have limited SDN deployments in their labs. The challenge is that, while SDN promises to solve many of today’s networking challenges, the “how” and “what” are still unclear. After talking to many clients and prospects, we keep coming back to the same point:  Yes, SDN is exciting and promising and, yes, organizations are looking into it, but when the business asks IT to clearly state the value they will get out of SDN or the problems SDN will fix, IT still doesn’t have a satisfactory answer. The only way to cross this chasm is to demonstrate something real – a real solution to a real business problem that only SDN can solve.

So let’s talk about some of IT’s current challenges. Controlling IT expenditures is a big one, but so is the need to adapt to constantly changing business needs and elastic demand. Public clouds and their marketplaces offer very viable alternatives to creative developers and business leaders that are looking for an immediate solution for a problem their IT team has yet to find cycles to solve. As the business’s dependency on the network continues to grow, IT is forced to automate and delegate as much as possible, but without compromising the security of their organization’s intellectual property, data or applications.

Doing all that with a legacy network that years of evolution have made brittle, manual and complex to manage is a daunting task. Failure to adapt will inevitably lead to situations where the business makes its own decisions without consulting IT (e.g. ad hoc use of public cloud, IaaS and PaaS).

But what is BlueCat doing to demonstrate clear and compelling use cases built on SDN? Let’s take a step back and consider the value of the data that a centralized IP Address Management (IPAM) solution harnesses.

IPAM manages all the DHCP servers that hand out IP addresses across your enterprise. In other words, IPAM is the first point of connection for all devices and applications, capable of identifying and fingerprinting any and all devices to enable targeted policies. DNS, which enables device-to-app, app-to-app and device-to-device connectivity by converting names to IP addresses is also managed by IPAM, and provides unequaled visibility and control over devices and applications activity. In short, IPAM manages ‘everything IP’ on the network.

As a single system of record for IPAM, DNS and DHCP, BlueCat has unique visibility and control to offer existing security systems, as well as the ability to enable new and innovative ways of securing this new IT environment with its fluid boundaries and ever-changing parameters.

Our new BlueCat Threat Protection product leverages some of these capabilities to deliver a DNS firewall solution that stops malware, botnets and other malicious before they can reach business-critical data and applications.

But some challenges still remain: how do you secure devices and applications that aren’t using the corporate DNS infrastructure and how do you enforce global DNS policies and monitoring of all devices? One thing you can’t do is turn DNS off. Without DNS, the user experience is similar to turning the entire network off. If your users can’t transparently connect to the sites and resources they need, and without any notification or feedback to the end user about why they can’t connect, the only conclusion they can come to is that “the internet is broken.”

SDN can fix this problem without affecting the user experience. In fact, a well-designed solution can even deliver more flexibility and an improved user experience.

The flexibility SDN delivers through direct control of each individual flow, gives power back to IT by ensuring all DNS traffic destined to servers, other than the corporate DNS servers, gets intercepted and redirected to the corporate servers.

By blocking connections to non-corporate DNS Servers, your infrastructure ensures that threat protection policies are applied across all devices, regardless of their type and configuration. It also prevents the establishment of DNS tunnels that can be used by hackers to exfiltrate corporate data. And it does all this without letting your users think the internet is broken. The same solution can be applied to pinpoint misconfigured or infected devices, to perform live migrations of DNS servers’ IP addresses and even load balance DNS. Pretty cool!

At BlueCat, we call this solution “DNS Director.” Combined with the HP VAN SDN Controller and OpenFlow-enabled switches, the DNS Director app ensures complete visibility and control over all DNS traffic across all devices within your enterprise. By delivering DNS policies globally from a central management console, DNS Director is a great example of how SDN can be used to solve a real-world problem that all enterprises are facing today.

To learn more visit: Product Information: BlueCat DNS Director