In a world trending toward software-defined anything, Verizon's SDN strategy relies upon categorizing virtualized appliances together, and managing them as such to simplify infrastructure. Accordingly, Shawn Hakl, Verizon's vice president of business networks and security solutions, paints a picture of the interconnection of everything by way of software-defined everything.
Earlier this year, at NFV World Congress, Verizon Communications Inc. (NYSE: VZ) announced the release of a Software-Defined Perimeter (SDP) security service in collaboration with security vendor Vidder as part of Verizon's grander software-defined everything strategy.
In June, Vidder announced that Verizon and other customers would now have their SDP services enhanced with endpoint trust assessment -- isolating compromised devices from enterprise-application accessibility.
Previously, in Parts I and II of this Q&A (edited for length and clarity), Hakl discussed the pros of SDN and open standards in virtualization (see: Verizon's Hakl: SD-WAN Delivers a Multitude of Benefits) as well as both what Verizon has learned and what it expects to see from its SDN strategy. (See Verizon's Hakl on SD-WAN Evolution .)
Now, in Part III, below, Hakl expounds upon the agility that can be seen at the intersection of SDN and SDP -- particularly in terms of IoT, regulated industries, and other areas with sensitive systems.
Telco Transformation: What can you tell me about how the SDP offering with Vidder is going so far?
Shawn Hakl: So we have a tremendous amount of customer interest in Software-Defined Perimeter, and, in fact it featured prominently at a recent event we had -- Operation Convergent Response in Perry, Georgia -- where we brought together a large number of first-responder organizations across the United States in kind of a technology gallery where we could show various scenarios of how different technologies interact to create a better answer for solving some of those challenges. And where Software-Defined Perimeter features in that is that it's the mechanism we're using to secure those communications so that the nation's first responders can feel confident in their ability to use these technology solutions in a way that's not going to be compromised or interfered with.
From that sector, we've seen a lot of interest. On the private-sector side, what we're seeing is a lot of folks, especially in regulated industries, that are looking for ways to segment their network and segment their infrastructure in order to be able to demonstrate that they can keep users and applications in kind of a segmented feature such that if someone were to get in to the resources of an organization they have no ability to go sideways. There's a lot of focus in the security community about segmenting access in such a way that you can't hop from where you're supposed to be to somewhere where you're not supposed to be. And Software-Defined Perimeter is one of those tools that enables you to do that.
TT: You mentioned Operation Convergent Response. Coming out of that same event was a lot of talk about Verizon's drone-powered LTE network and how that fits in with IoT.
TT: Is there a virtualized, software-defined component there you can tell me about?
SH: We are very aggressively looking at SDP as one of the options to secure IoT connections off of things like the technologies you mentioned. We also have customers looking at that for securing connected vehicles.
It's a technology that lends itself to, again, keeping people away from controlled systems they shouldn't be able to see, or keeping out two or three people whom you don't want to have access to the systems. So it's definitely under consideration and in these particular cases. In many cases the solutions we were highlighting at that event were combinations of multiple technologies designed to do some fairly complex scenarios. SDP was that security-integration layer that we added to the solution to make that work.
Get real-world answers to virtualization challenges from industry leaders. Join us for the NFV & Carrier SDN event in Denver. Register now for this exclusive opportunity to learn from and network with industry experts --
communications service providers get in free!
TT: In Verizon's SDN and virtualization strategy as a whole, what is the interrelationship as you see it between SDP service and Verizon's SDN solutions?
SH: You know, purists will say, "Hey, they're not the same thing," and they're absolutely not, but they are categorized similarly. This is: "Welcome to the next generations of telco solutions," where you're taking the power of software and combining it with traditional network assets to produce something that you couldn't do otherwise. What I would say is that Software-Defined Perimeter in and of itself is its own standard. The same techniques and the same technology that we're using to manage virtualized appliances and virtualized solutions operationally are what we're using to enable both the SD-WAN offering that we do with a number of different providers -- Viptela, Cisco, and others -- as well as the tools and techniques we use to manage the Vidder appliance. (See: Cisco Snaps Up Viptela.)
Then we've got our own intellectual property where you monitor or manage those components because software-based appliances in many respects operationally are simpler to do on a day-to-day basis. Virtualization itself introduces more things to manage, and then a layer of abstraction introduces some complexity when it comes to assembling the solution initially -- so that once you've got it under control, it actually makes it easier to operate. But you definitely have to have your environment set up to support that.
For clarification, we have a whole series of virtual appliances in our SDN pipeline; Vidder being one of them, SD-WAN being another, as well as security, WAN optimization, and the list goes on -- virtual probes, application probes, a bunch of different things. You need a common way to manage that infrastructure. You need a common way to look at the way that you deliver software-based services in combination with traditional network assets. That's that intelligence layer and that autonomics layer that we're re-using between solutions. Couple that with the fact that that software layer allows you to better integrate stuff.
Today I could look at them as separate appliances, but I really want to get to the point where I can glue together different algorithms into a service chain and deploy that into a virtualized environment. That would then allow you to take bits of an SD-WAN algorithm and combine it with bits of a Software-Defined Perimeter to create yet a third interesting service. So in the short term, it's really been focused around the operationalization of the technology -- and in the longer term, we have a goal of being able to assemble the component parts into things that are services that people don't contemplate today.
This is not a technology change. This disruption doesn't come from the coolness of the technology; it comes from the neat things that it enables. There are very few organizations that would turn down an opportunity to be more confidently secure in the use of the resources in the company. There are very few organizations that would turn down a chance to better manage costs. As we move into that sort of digital and solutions design for the digital native I think, and I'm stealing some marketing talk, people are looking for solutions to scale their business as they try to digitize their entire business -- and this is the technology that enables that.
So I think you'll see a lot of people interested in it as they run into these problems within their business and they're looking for technology solutions to solve that; these are the places they're going to turn. The level of innovation that's going to come out of it, we're just at the tip of it and it's going to be exciting.
— Joe Stanganelli, Contributing Writer, Telco Transformation