Posts Tagged ‘Network’

Google launches Andromeda, a software defined network underlying its cloud

April 3rd, 2014

The Andromeda virtualized network that underlies some of Google’s services is now available to certain customers of Google’s Compute Engine with more zones coming on in the coming months.

Updated throughout with new information from Google.

For everyone saying that software-defined networking is a pipe dream, Google is about to prove you wrong. The search engine giant and cloud provider said it has made its Andromeda software-defined network platform available in two of its Compute Engine zones, with the rest of its zones transitioning to Andromeda in the coming weeks.

So for companies using Google’s us-central1-b and europe-west1-a zones today, they can take advantage of what is truly a virtualized environment.

The basic promise behind this is that it virtualizes the network and, thus, it can scale. In the cloud, being able to scale a network means that you add agility while lowering operational costs. There are plenty of debates on how one implements software-defined networks but the implementation is something Amazon, Facebook and other large cloud and webscale companies are working on.

Google has been at the forefront of the software-defined networking revolution, first implementing an Open Flow-based software-defined network to support communications back in 2012. Now it is going live with Andromeda, the underlying software-defined networking architecture that will enable Google’s services to scale better, more cheaply and quickly. It has the added benefit of making the network faster, as well.
What is Andromeda?

Google describes Andromeda as its newly integrated networking stack with the diagram below and via a blog post:

Andromeda’s goal is to expose the raw performance of the underlying network while simultaneously exposing network function virtualization (NFV). We expose the same in-network processing that enables our internal services to scale while remaining extensible and isolated to end users. This functionality includes distributed denial of service (DDoS) protection, transparent service load balancing, access control lists, and firewalls.

Andromeda is the enabler behind Google’s SDN efforts, so a better question isn’t what is it, but what does it allow Google or the end customer of Compute Engine to do. It’s like the hypervisor for a server, destined to become a commodity. Google has built load-balancing, security and firewall services on top of Andromeda that it can now offer to customers in an on-demand fashion. And as that customer uses more compute, the networking required to support the services on that additional compute expand with it.

No one has to plug new cables into ports or manually add firewalls to new VMs via a dashboard. Andromeda also has improved the networking performance, according to Amit Vahdat, a distinguished engineer at Google who presented on Andromeda last month at the Open Networking Summit and wrote today’s blog post.

Another interesting new service SDN and Andromeda enables is oxymoronic, isolated, multi-tenancy. Basically, by controlling the network flows Google can make sure traffic from one customer’s VMs stay within a defined cloud, isolating the customer’s data and compute jobs without restricting them to physical machines. One can also use such a network to migrate virtual machines in the case of maintenance or downtime. Those services are not available yet to Compute Engine customers yet, but they are possible.

Vahdat is working to make them not only available to Compute engine customers, but in the case of VM migration, automatic. The customer should have to do anything. He explained that Google is already isolating certain jobs on its hardware using Andromeda and will make that available to customers in time. When asked if Google planned to open source any of the software that makes up Andromeda, he said the best way to get the functionality is through Google’s cloud offerings.

As for the architecture of Andromeda, Vahdat explained that portions of it use Open Flow, but he was clear that SDN doesn’t require Open Flow. He also said that the underlying gear wasn’t all replaced to build this functionality, and that everything was done in software. But this wasn’t a trivial undertaking and he said companies aren’t likely to be able to build this type of infrastructure alone. For Google that’s sort of the point — if customers want this flexibility they should try Compute Engine.

Overall, this a pretty significant announcement for Google’s customers, although the current Andromeda network only supports IPv4 today, and its also a technical and economic advantage for Google over providers who don’t have the same underlying technology. Google can now allocate network resources easily and cheaply to deliver faster compute and data transfer rates between virtual machines. That makes its cloud faster, allocates its resources more efficiently and eliminates the networking bottlenecks that have slowed down the promise of virtualization.

We’ll discuss Andromeda and more, onstage with Urs Hölzle, SVP of Technical Infrastructure & a Google Fellow at our Structure Conference in June.


CSA pushes software-defined perimeter network protection

January 14th, 2014

For many years defense, intelligence and other government agencies have deployed secure networks that are invisible and inaccessible to outsiders. As a result, agencies are no strangers to “need-to-know” networks in which the posture and identity of devices are verified before access to the application is granted.

However, these invisible networks are often built on proprietary architectures that do not communicate with other networks, making them too expensive for many agencies to deploy.

An initiative by the Cloud Security Alliance in December 2013 aims to make these “invisible networks” accessible to a wider range of government agencies and corporations. The Software Defined Perimeter (SDP) initiative will foster development of an architecture for securing the Internet of Things by using the cloud to create highly secure end-to-end networks between any IP-addressable entities, according to officials with CSA, a nonprofit organization that promotes security best practices in cloud computing.

The framework’s goal is to mitigate attacks on Internet-accessible applications by eliminating connectivity to them until devices and users are authenticated. The plan incorporates security concepts and standards from both the National Institute of Standards and Technology and the Defense Department.

The CSA launched the initiative with its Software Defined Perimeter Report, which explains the SDP security framework and how it can be deployed to protect application infrastructures. CSA intends to create a public standard that is available for use without license fees or restrictions.

SDP uses a classified network model to protect applications because the traditional network perimeter has rapidly become obsolete with of the growth of devices moving inside networks and with the migration of applications beyond the network perimeter to the cloud. Typically in classified or highly secure networks, every server is hidden behind a remote access gateway to which a user must authenticate before seeing and accessing authorized services.


Embrane Launches Updated Software-Defined Networking Platform

July 29th, 2013

Embrane‘s flagship software-defined networking platform is now capable of masking internal IP addresses that can enhance an application’s performance, CRN reported July 23.

Kristin Bent writes Heleos 2.2 is now also interoperable with VMware vCenter and supports IPv6 and central management.

Dante Malgrino, Embrane president and CEO, said the updates would allow each app on the Heleos network to have “its own source of firewalls, for example, and its own set of local policies.”

Initially launched in 2011, Heleos allows companies to build private, public or hybrid clouds within data centers.

Earlier in March, Santa Clara, Calif.-based Embrane partnered with World Wide Technology, a global systems integrator, to distribute the Heleos platform.


Get Adobe Flash player