The Nuage Networks Virtual Service Platform (VSP) is a network automation platform that allows any workload on several hypervisor environments to connect to the network as soon as it comes up. There are three components to VSP:
- Virtualized Services Directory (VSD) which acts as the policy and service definition platform.
- Virtualized Services Controller which provides the control-plane functionality. This is an SDN controller folks. Plain and simply. However, Nuage has leveraged their 7750 routing platform which has been in service for about 15 years. In other words, its a seasoned platform.
- Virtualized Cloud Service (VCS) Solution or Virtual Network Service (VNS) Solution SD-WAN. This is the data plane element of the solution. Basically the VCS is for the Software Defined Data Center and the VNS is for the Software Defined WAN.
This is a high-level overview of the solution, so head over to the video of Sunil Khandekar detailing the Nuage Networks offering.
Now The Nerdy Security Stuff: Microsegmentation
So we’ve heard from companies that tout micro segmentation as their differentiator. Nuage believes they are different because they can do this in a heterogenous environment. But first, lets define the problem (They all define the problem before explaining how they solve it).
According to Hari Krishnan, there are three key areas that contain gaps in network security. Those areas are Protection, Detection, and Operation. In the area of protection there is a lack of segmentation and limitations due to the use of a static topology. As for detection, we know that there are a number if middle-boxes designed to detect attacks as traffic is passed through them, but there’s still a lack of visibility to the east/west traffic and when there is an attack it takes much longer to identify it. Finally as to operations, managing ACLs can be a daunting task if you’re like many organizations that are trying to control thousands of ACL statements.
Nuage believes SDN can help overcome these challenges so that when a customer instantiates a workload security doesn’t become the bottleneck. And currently they have segmentation capabilities in place as part of the VSP. However now they can provide security monitoring and automation as part of that solution as well. This is done through micro segmentation where policy is enforced in the data center with virtual devices, as well as containers, bare-metal devices, and the branch office. The Nuage approach is to not have a religion in terms of hypervisor or network. In a Nuage network there are multiple enforcement points, whether it be a gateway or VRS.
Thoughts on the Solution
After sitting in the presentation at Networking Field Day 12 it became clear to me that Nuage is defining a similar problem statement as Illumio. The difference seems to be the way Nuage is handling it. While Illumio handles micro segmentation in the kernel, Nuage chose to implement micro segmentation at L3/4. Personally that’s a more comfortable domain for me since I have considerable more time working at L3/4 of the OSI model than I do in the kernel of an OS. Either way, both the Nuage and Illumio solutions are interesting. However the winner of my business would have to be Nuage. They have a deeper footprint in the arena than Illumio does, and I’m not certain I like anything that’s going to use ipchains and requires OS access.
Want to know more?
Obviously I’m simply relating my thoughts about a presentation that I attended. There’s much more to the solution including some live demonstrations in the videos. Here’s where I would begin.
- Start with an introduction to the company here:
- Next take a look at the details on how Nuage Protects, Detects and Operates. The following video bypasses most of what I talked about here and starts getting into the details of the solution.
I was not paid for this post, however I was selected as a delegate of Networking Field Day 12. As such, travel, lodging, meals, and entertainment was paid for. On occasion vendors will provide delegates with marketing material such as backpacks, bobble-heads, and so on. None of these things sway my personal opinion on the products. Please see our disclaimers page for more information.