Missing Link in ENTERPRISE NETWORKING
By: Microsoft Windows Server Team | 17 June 2016
This is the seventh post in the "Ten Reasons You'll Love Windows Server 2016" video series by Matt McSpirit, Technical Evangelist at Microsoft.
In this episode Matt interviews Ravi Rao, Principal PM Manager for the networking group. Ravi and his team bring software-defined networking to the Windows Server platform. The team concentrates on network innovation so that IT teams can improve their agility, strengthen their security stance, and present solutions that can change as requirements evolve, so they can deliver the right infrastructure at or ahead of schedule.
In the context of networking, agility comes from the ability to successfully navigate the myriad policies around architectural standards, availability concerns, security requirements and performance demands, without delay. Reconciling these policies into a coherent whole, and then translating them into configuration and projecting it onto the infrastructure is something that takes time to get right - sometimes up to weeks or months, which means that the business is less competitive because it takes so much time to bring-up new apps and services. The model for agility in Windows Server 2016 software defined networking is based on clear and concise policy management, cutting the time spent on infrastructure. Click, click, done - just like in Azure.
"Hi, your application has been breached and we need to turn it off to stop the attack." That's not a good conversation to be on either end of. Common industry practice is to use a network firewall on the perimeter to keep external attackers from getting in. Internal threats and the increasing sophistication of external attackers reduces the efficacy of this practice, seemingly by the day. Make it so that the odds are working in your favor with dynamic policy management, where policy is modeled after the application and is easily adjusted as the application or usage patterns change. With the security policy management in Windows Server 2016 you can establish firewall rules, and strengthen the stance of your infrastructure because you can prevent hosts in the same DMZ tier from communicating with one another, thus limiting the reach of an attack. When your segment security is defined by perimeter firewalls, you can't reach this level of control in a scalable and manageable way.
On top of the complexity in policy management and security, workloads that exhibit affinity for the locale they're deployed into complicate things. You can break several of these affinities to servers, racks, or even on premises installations with the software defined networking in Windows Server 2016. Teams can bring their own IP address ranges with the workload, and they can even overlap. Operators can move workload among infrastructure providers, combine on-premises infrastructure with IaaS or PaaS from a cloud provider, with equal ease.
You can download the latest technical preview of Windows Server 2016 to see how you can realize gains from more agility, security and flexibility yourself. There's more detailed content at the Networking blog, and you can share your ideas for Windows Server networking in our user voice forum.