Sunday, March 18, 2012

software-defined networking

TechnologyReview | Yet today, even with seemingly cost-effective cloud services available from the likes of Amazon, most companies still choose to operate their own computing resources—whether for corporate e-mail or financial trading—as if they were homeowners relying on generators for electricity. One reason they resist cloud computing, Casado says, is that network architecture is too decentralized to reconfigure easily, which leaves the cloud insecure and unreliable. Cloud computing providers tend to run entire data centers on one shared network. If, for example, Coke and Pepsi both entrusted their computer systems to one of today's public cloud services, they might share a network connection, even though their data stores would be carefully kept separate. That could pose a security risk: a hacker who accessed one company's data could see the other's. It would also mean that a busy day for Coke would cause Pepsi's data transfers to slow down.

All of that changes when Nicira's software is installed on the servers in a data center. The software blocks the applications or programs running on the servers from interacting with the surrounding network hardware. A virtual network then takes over to do what a computer network needs to do: it provides a set of connections for the applications to route data through. Nicira's virtual network doesn't really exist, but it's indistinguishable from one made up of physical routers and switches.

To describe the power this gives to cloud administrators, Casado uses a Hollywood reference. "We actually give them the Matrix," he says. The movie's Matrix manipulated the brains of humans floating in tanks to provide the sensation that they were walking, talking, and living in a world that didn't exist. Nicira's version pulls a similar trick on the programs that reside on a server inside a data center, whether they are running a website or a phone app. In practice, this means that administrators can swiftly reprogram the virtual network to offer each application a private connection to the rest of the Internet. That keeps data more secure, and Coke's data crunch would affect Coke alone. It also lets the cloud provider set up automatic controls that compensate for events like sudden spikes in demand.

Ben Horowitz, a partner in the investment firm Andreessen-Horowitz, says he and his partner Marc Andreessen, a cofounder of Netscape, quickly realized that Nicira was delivering something long overdue in computing. "The total lack of innovation in networking compared to operating systems or storage had been bothering us for a while," he says. "It was holding back the industry." After meeting Casado, Horowitz invested in Nicira and joined its board. He saw in Nicira echoes of VMware, a company that helped set off the cloud computing boom and has a market capitalization of $40 billion. VMware's software creates virtual computers inside a server, boosting the efficiency of data centers and driving down the cost of servers. Nicira's software promises a similar instant upgrade to what a data center can do, by removing the efficiency bottleneck imposed by networks.