Virtualization: Added Protection

Wednesday, December 2, 2015 @ 12:12 PM gHale

Editor’s Note: Use of virtual systems continues to grow in the manufacturing automation industry. This two-part series, excerpted from a Statseeker white paper, looks at the growing nature of virtualization and then Part II looks at the benefits and challenges of implementing virtualization.

By Frank Williams
Through virtualization an IT organization can manage updates and changes to the operating system up to and including ignoring them, which can be critical in OT applications, where software runs on obsolete hardware and operating systems, and has not undergone an update.

At the same time, this software is critical to operation of the factory or process plant. Virtualization can give this software a longer operating lifecycle time, and can save costs and intellectual property.

Virtualizing Your Network Benefits and Challenges
Bridging IT and OT
IT Getting an OT Education
Stuxnet Loaded by Iran Double Agents

Network virtualization, defined by Gartner, is the process of combining hardware and software network resources and functionality into a single virtual network. This offers access to routing features and data streams that can provide newer, service-aware, resilient solutions; newer security services native within network elements; support for subscriber-aware policy control for peer-to-peer traffic management; and application-aware, real-time session control for converged voice and video applications with guaranteed on-demand bandwidth.

Desktop virtualization separates the logical desktop from the actual hardware. Virtual desktop infrastructure (VDI) permits the user to interact with the computer through another host computer or device on a network connection. The computer may be a server, enabling multiple user sessions at the same time. The latest trend in VDI is Hosted Virtual Desktops (HVDs) in which the desktop is an image on a cloud-based server, managed by a hosting firm that specializes in HVD hosting.

Virtualizing an Entire Network
Network virtualization is the process of combining hardware and software network resources and network functionality into a single, software based administrative entity — a virtual network. So, hardware functions like switches and network adapters (NICs), firewalls, network appliances like load balancers, network storage devices, are all combined into virtual devices instead of hardware. This can provide rapid scalability, as well as additional protection against hardware failure.

Greenfield Virtual Network
Virtualizing your network is easy when you are building a greenfield network. You can design the network to be virtual from the beginning, and you can incorporate all the virtual tools you’ll need to manage your network from the very start.

Organizing a virtual network can be relatively easy, and it can increase network efficiency. You can design your network so your Local Area Networks (LANs) end up subdivided into virtual networks and VLANs.

You can dramatically improve efficiency and load balancing by doing this. You can also improve security by segmenting your network and establishing role-based and location-based permissions and procedures. Doing this in a virtual environment enables you to be agile about changing your network architecture as needed to cope with changing and increasing network loading and demand.

When it comes to network virtualization, the SDN- (software defined network) enabled approach allows the network administrators and owners to integrate physical and virtual environments. While this technology has been around for years, only recently it has accelerated its adoption rate and is showing up in more network strategies.

And why not? Significant agility, increased network visibility and lower operating costs are quickly realized for new and existing network deployments.

Wireless networks and sensor networks that are part of the Internet of Things are candidates for virtualization, and this can easily occur by first segmenting the network and then using virtual NICs and other virtual devices, such as edge firewalls, as well as virtualized I/O to provide agile network connectivity.

Virtualizing Brownfield Networks
It is not as easy to virtualize an already existing, or brownfield, network as it is to start from scratch with a completely virtualized network.

In the first place, you have a working network, and changing its topology or replacing components has to happen when the network is down – and it is rare when a working network is down.

So, what has to happen is the virtualization architecture has to be designed, and the virtual network components constructed and tested alongside the non-virtual network you are replacing or revising, and then a hot cut over must occur, making sure all of the features and functions of the original network segment are preserved.

One of the techniques often used is to make a virtual overlay above the brownfield hardware and firmware network. New functionality is done in the overlay, while the main network traffic continues in the brownfield network. As each segment of the network requires replacement, it can be left as a hardware network, or it can be virtualized, depending on cost and availability. The important thing is to keep the availability of the network as close to 100 percent as possible.
Next: Benefits and challenges of implementing virtualization.
Automation industry veteran Frank Williams is the chief executive at Statseeker, a provider of network monitoring technology. For more details click here to view the white paper entitled “Virtualizing Your Network Benefits and Challenges”.