SDN can provide a dynamic, intelligent, self-learning layered model of security that provides walls within walls and ensures people can only change the configuration of the devices they're authorized to "touch." This is far more useful than the traditional "wall" around the perimeter of the network, which won't work with the IoT because of its size and the fact the enemy is often inside the firewall, in the form of unauthorized actors updating firmware on unprotected devices.
Finally, by centralizing configuration and management, SDN will allow IT to effectively program the network to make automatic, real-time decisions about traffic flow. They will allow the analysis of not only sensor data, but data about the health of the network, to be analyzed close to the network edge to give IT the information it needs to prevent traffic jams and security risks. The centralized configuration and management of the network, and the abstraction of network devices, also makes it far easier to manage applications that run on the edge of the IoT.
For example, SDN will allow IT to fine-tune data aggregation, so data that is less critical is held at the edge and not transmitted to core systems until it won't slow critical application traffic. This edge computing can also perform fast, local analysis and speed the results to the network core if the analysis indicates an urgent situation, such as the impending failure of a jet engine.
IT organizations can become key drivers in capturing the promised business value of IoT through the use of SDNs. But this new world is a major change and will require some planning.
To prepare for the intersection of IoT and SDN, you should start thinking about what policies in areas such as security, Quality of Service (QoS) and data privacy will make sense in the IoT world, and how to structure and implement such policies in a virtualized network.
All companies have policies today, but typically they are implicit — that is — buried in a morass of ACLs and network configurations. SDN will turn this process on its head, allowing IT teams to develop human readable policies that are implemented by the network. IT teams should start understanding how they've configured today's environment so that they can decide what policies should be brought forward.
They should plan now to include edge computing and analytics in their long-term vision of the network. At the same time, they should remember that IoT and SDN are in their early stages, meaning their network and application planners should expect unpredicted changes in, for example, the amounts of data their networks must handle, and the need to dynamically reconfigure them for local rather than centralized processing. The key enablers, again, will be centralization of control, abstraction of network devices and flexible, dynamic automated reconfiguration of the network. Essentially, isolation of network slices to segment the network by proactively pushing policy via a centralized controller to cordon off various types of traffic. Centralized control planes offer the advantages of easy operations and management.
Sign up for Computerworld eNewsletters.