If we described IT like the biblical chapter of Genesis describes creation, we would say, “In the beginning, there was the computer. It had a hard drive. A software application was installed upon it. A user interacted with that software. Something came out.” Simple, right?
Well, now we live in a world where millions of users can interact with the same application at the same time, producing completely different results. This requires a level of scale at the application layer never considered before.
For a period of time, virtualization got the job done for us. It provided a way to consolidate the data center into centralized hosts that supported hundreds of servers, each running an application. This consolidation spawned an entire industry and third-party ecosystem to support that infrastructure archetype; over time, the successful practice of supporting, maintaining, and securing that way of life was achieved.
With the re-emergence of cgroups (a.k.a. “containers”), we’re now facing the microsegmentation of individual services, breaking up an application into many pieces and parts. While this gives us even more capability to scale, support, and stay online, it re-introduces the cyclical world again where an entirely new ecosystem needs to be spun up in order to support and secure this new standard of application development.
From a security standpoint, the idea of microsegmentation means that IT can allow communication between these very specific parts of an application and deny all other communications. By implementing a security posture that denies access by default and only exposes services very selectively and granularly, the data center is hardened significantly.
Of course, while that sounds great in theory, it’s incredibly hard to do in practice. Locking down the network without a deep and broad understanding of exactly who’s talking to whom will result in so many failures and outages that the pushback from end users and the business will likely stall or completely undermine the initiative.
Microsegmentation and Hybrid Cloud
As if microsegmentation within a data center isn’t hard enough, introducing microsegmentation in a hybrid cloud scenario in which different parts of the application could be scattered across multiple clouds is exponentially more complex.
Mapping application dependencies is an important objective for many organizations, especially when a hybrid cloud architecture is in play. Understanding the way different parts of an application work together, and which applications depend on each other, is key to a successful hybrid cloud adoption. With the narrow, granular, and highly restrictive security policies that microsegmentation employs, your application dependency map has to be incredibly precise if you’re going to successfully microsegement applications that cross clouds.
At Uila we recently published a new book entitled The Gorilla Guide to … Application-Centric IT. In this free book, you’ll learn:
- The advantages of an application-focused approach to IT
- How application dependencies can simplify workload migration and resource planning
- Start the journey of developing a "full stack" mindset for managing applications
- Tear Down the Wall
- Microsegmentation Challenges
- Shadow IT challenge? Take back control
- VDI Troubleshooting: A Deep Dive
- A Datacenter With a View. Not with logging!!!
- App Visibility for the Modern Data Center
- Expensive Disaster Recovery? Change that now.
- Data Center Security Challenges
- Migrate Entire Applications to the Cloud?
- Cloud Induced Application-Centricity Challenges