Data centers have become abundant in the increasingly technology-based business environment of the 21st Century. Because of this growth, data centers provide a new field for trends in computing and networking driving revisions to IT infrastructure strategies and, along with new strategies, new methods to bolster network security. Presented in this module are characteristics and functions of data center firewalls as they apply to networks and applications.
Data Center Evolution
A common notion in today’s business environment is that “No matter what business you are in; you are a technology business.” In the 21st Century, this is not only true of large businesses, but also applies to successful small and medium businesses (SMB). Modern data centers typically contain servers with a variety of purposes, including web, application, and database servers.
Along with growing use of technology came a need to not only develop more specialized applications but also develop innovative ways to store ever-increasing volumes of digital data. This growing storage requirement spurred a new sector in the technology operations—the Data Center. As new technologies for end users of computing platforms evolve, so must security measures for the data centers they will access for operations such as email, social media, banking, shopping, education, and myriad other purposes. Developing strategies to keep pace with the accelerating integrated and distributed nature of technology has become a critical industry in protecting personal, business, and organizational data and communications from legacy, advanced, and emerging threats.
Market Trends Affecting Data Centers
As mentioned previously, consumer trends influenced data center development; however, the business sector was also instrumental in spurring on this development. As technology evolved, businesses learned to step to the leading edge of innovation in order to get ahead—or stay ahead—of competing enterprises. To this end, changes in business practices that influenced data center development included:
- Virtualization. Creating a virtual version of a device or resource, such as a server, storage device, network or even an operating system where the framework divides the resource into one or more execution environments.
- Cloud Computing. Computing in which large groups of remote servers are networked to allow the centralized data storage, and online access to computer services or resources. Clouds can be classified as public, private or hybrid.
- Software-Defined Networks (SDN). An approach to networking in which control is decoupled from hardware and given to a software application called a controller. Dynamic, manageable, costeffective, and adaptable, making it ideal for the high-bandwidth, dynamic nature of today’s applications.
- BYOD. Refers to employees taking their own personal device to work, whether laptop, smartphone or tablet, in order to interface to the corporate network. According to a Unisys study conducted by IDC in 2011, nearly 41% of the devices used to obtain corporate data were owned by the employee.
- Big Data. A massive volume of both structured and unstructured data that is so large it is difficult to process using traditional databases and software techniques. In many enterprise scenarios, the data is too big, moves too fast, or exceeds current processing capacity.
- The Internet of Things (IoT). The [once future] concept that everyday objects have the ability to connect to the Internet & identify themselves to other devices. IoT is significant because an object that can represent itself digitally becomes something greater that the object by itself. When many objects act in unison, they are known as having “ambient intelligence.”
Infrastructure Integration
Meeting the challenge of data center growth while maintaining throughput capability requires the use of technology integration to reduce potential for signal loss and speed reduction because of bridging and security barriers between ad hoc arrangements of independent appliances. There are definitely two camps on what should be at the heart of a modern firewall, with two types of hybrid design being prevalent:
- CPU + OTS ASIC. A design whereby a general purpose central processing unit (CPU) is augmented by an off the shelf (OTS) processor.
- CPU + Custom ASIC. Most difficult but best design, bringing together a general CPU linked closely to a number of custom built application-specific integrated circuits (ASICs). By matching ASICs that are designed to handle the specific tasks for which the processor and device is intended, the ability to process data is enhanced and system performance is optimized.
On one side, there are vendors who want to use off-the-shelf (OTS) central processing unit (CPU) design. This is the simplest design but suffers from performance degradation. On the other side are those advocating the use of hybrid designs, merging CPUs with application-specific integrated circuits (ASIC), which are more efficient and may provide the necessary infrastructure to meet the demand for throughput, growth, and security.