The benefits of using an Agile development methodology and DevOps for continuous deployment are well understood. Both are now key building blocks for modern enterprise software creation and delivery. With the rapid uptake of hybrid cloud the infrastructure for software delivery is often dispersed geographically across multiple private and public data centres and cloud providers. Coupled with the fact that DevOps encourages developers, testers, and operations to deploy infrastructure as they need it, this can lead to multifunction and multisite server and software deployments, which can be hard for those tasked with infrastructure management and security to control.
[easy-tweet tweet=”#DevOps encourages developers, testers, and operations to deploy infrastructure as they need it”]
One emerging aspect of this burgeoning infrastructure and security management issue is related to networking. Currently emerging practices in networking are Network Function Virtualisation (NFV) and Software Defined Networking (SDN). NFV allows generic hardware to be configured via software as the type of network equipment required for a particular function. SDN moves the management of the network to a software based central controller and can also abstract higher level network functions from the underlying network hardware. Basically, these two practices deliver virtualisation of network functionality in much the same way that we have seen servers and storage provision virtualised over the last decade.
NFV and SDN make it easy to deploy network devices like load balancers, firewalls and other security infrastructure throughout the hybrid cloud networks that are now in use; especially on networks using Agile and DevOps as it’s easy to incorporate deployment into automated workflows. In scenarios such as this it is vital for security and consistency of the deployment and testing functions that virtualised networking components are deployed with appropriate policy configurations applied.
From a security perspective it’s also vital that the correct permissions are applied so that only those who should be using the network functions are granted access and that the virtualised networking components are shut down and removed when no longer required.
This last step is essential to reduce the targets for anyone attempting to compromise a network. Old components that are no longer used may not get updated with security changes and so can present a major vulnerability on a network.
NFV and SDN make it easy to deploy network devices like load balancers, firewalls and other security infrastructure throughout hybrid cloud networks
The uptake of NFV and SDN virtualisation of networking functionality, which was previously delivered via dedicated appliances, means that there is a need to incorporate both into DevOps workflows. It is essential that there are management tools in place that can offer visibility, tracking and logging of NFV and SDN functions throughout the hybrid cloud. It is also essential that they deliver management templates, scripts, role based access control and tools that administrators can use to configure these software devices consistently in a sometimes chaotic DevOps environment. Ideally administrators should be able to ensure that anyone deploying a virtualised network function within a DevOps workflow anywhere throughout the hybrid cloud does so in a secure and consistent way. Administrators should also be able to get an overview of what is in use throughout and be able to approve changes to standard configurations before they are exposed to external networks.
Most organisations that have adopted Agile Development and DevOps practices have a set of configuration tools and in house workflows that are based around standard management tools and APIs. For example, Microsoft PowerShell is increasingly popular as the scripting language of choice for automation. Also, communication with development and deployment tools via RESTful APIs is very common. Whichever underlying toolset powers a development and deployment workflow, the management tools for NFV and SDN that are adopted should be able to link into the same scripting tools and APIs. This allows the virtualised networking aspects of modern delivery workflows to be managed in the same way as other parts of a DevOps workflow.
[easy-tweet tweet=”From a security perspective it’s vital that the correct network permissions are applied” hashtags=”DevOps”]
Having a common set of management interfaces and preferably a single management view of all the parts of the DevOps workflow, will make it much easier to ensure consistency across the hybrid cloud and make securing all parts of the development and deployment workflow secure. This will pay dividends over time as everyone involved with the development and deployment of the software products will spend less time managing infrastructure, and will have more time to spend on making the products better.