Red Hat's Hood Talks Security for SD-WAN

According to Red Hat's Ian Hood, many of the challenges of SD-WAN initiatives are really just challenges presented by other technologies -- challenges perhaps made more obvious by SD-WAN's capabilities.

Previously, in part one of this Telco Transformation Q&A --- edited for length and clarity -- Hood, chief architect for global service providers, covered some of Red Hat's work with SD-WAN while talking about SD-WAN's intersection with home-broadband enablement. Now, in part two, Hood expands that discussion to encompass the challenges operators face with SD-WAN in security and video delivery.

Telco Transformation: How do you see SD-WAN better enabling or helping to evolve video technologies such as live streaming, virtual reality, augmented reality, etc.?

Ian Hood: I would say that, based on the cost points that the operators are trying to drive these platforms down to, the abilities of these platforms to drive this kind of video horsepower for the home is a challenge at best, and so that's where the difficulties lie. This goes back to more purpose-built appliances by looking at CPU offloads and GPUs, which kind of goes against the grain of a white box in my view.

So with these different platforms out there people are looking at, quite frankly, it's not as palatable to get it to those kinds of speeds and guarantee in an x86 world for delivering video. SD-WAN is really kind of a way to get broadband services and connectivity services and enterprise business services to a larger connection of smaller businesses and some homes. But in some respects I think we'll still have to take a look at being able to build -- I'll call it -- a set-top box, with a router inside it, and with maybe some additional hardware as we see today in set-tops, to deliver to those higher things -- things like virtual reality -- that will likely show up at the edge of the network, or, as we call it, mobile edge compute, or multi-access compute. That's where I take a small, simple device at the customer side and I aggregate those further upstream behind whatever access technology the operator's using.

On the video front, as well, this is the other challenge for the operators right now. It is that, currently, all the transcoding and efforts we do to deliver whatever format we need to whatever device you've got has still been very centralized today. The technology doesn't quite exist in the open source realm or the general deployment of video today that allows us to do that in a distributed fashion. So we have to try to do the transcoding and other pieces once at the edge of the network rather than once at the center to get to that ability to deliver video closer to the customer with the expectation of virtual reality, etc. So there's some other work to be done beyond SD-WAN to help the video scenarios happen.

TT: So what is this "other work" that has to be done to meet those challenges?

IH: So SD-WAN is a way to deliver primarily enterprise connectivity securely and enterprise applications where necessary out of the cloud or on premise to the enterprise. That's kind of what SD-WAN's primary focus in life is. Its potential evolution in consumer and video has similar challenges to the overall infrastructure, which is to deliver those kinds of speeds, those kinds of latencies. Optical transport is a dependency before we get to the land of IP and all those lovely radios. And so that's one of the scenarios. The other thing is the proper distribution of the architecture that we talk about to deliver at scale broadband support, be it over LTE, advanced, or IoT, or 5G. So those things are also running in parallel to the SD-WAN conversation. So it has to do with what the access technology choices are and how far I can take them out beyond the main areas, and, secondly, the other one I mentioned, which was the ability to handle video delivery transcoding at the edges of the network in a cost-effective way at scale.

TT: You mentioned security, which seems to come up a lot in SD-WAN conversations. Because of the enhanced abilities for intrusion, detection, network monitoring, etc., is it fair to say that SD-WAN is inherently more secure? And, if not, what are the failings or concerns that come up with SD-WAN that we should watch out for?

IH: Well, it has some initial potential advantages of being more secure because, in essence, the connections between your endpoints are done through some secure encrypted connectivity. So it gives you that kind of benefit, but that doesn't really stop people from trying to figure out how to get into that.

The other thing that's always interesting is to see whether or not, depending on how your operator delivers this service, they are doing any decrypting and re-encrypting in the middle of your network, which, if they are, is a challenge. They might have to for lawful intercept purposes, so that becomes a challenge as it may not be as secure as you like unless they've got some very heavy encryption tools at the operator level. So it has some inherent potential there.

But what I would still recommend long term for most people looking at running their applications over a network is to secure the application regardless of infrastructure underneath and to make sure your application itself is properly secured, and not just the connectivity you run it on. And that comes down to role-based access, things for people who get to use them, as well as actually encrypting the application before it even gets on the wire with SSL and other kinds of techniques to ensure that the data you move forward into the wire is secured because there's no guarantee that somebody can't break in somewhere in the middle.

— Joe Stanganelli, Contributing Writer, Telco Transformation