Network of the future
good day everybody about halfway through good discover good atmosphere for those arubans I've been asked to talk about the network of the future in 20 minutes not sure that's possible but I'm glad to at least highlight the issues highlight the opportunities and discuss some interesting aspects of how to build the network of the future I'm David Logan and I'm the CTO for HP Aruba networking here in the Americas and I'm glad to be with you today forward looking statements please read quickly um believe it or not I've been in the IT world for 38 years it'll be 40 years in 1986 or 2026 in this 40-year period where we've been deploying it systems inside Enterprise organizations at a at a fairly large scale we've had to invent paradigms to manage our environments design build run typically We'll add secure in there as well as networking Architects networking people networking technologists vendors we've built paradigms as well Network topologies networking people love to draw Network topologies and Maps routers switches is things that goes into and goes out of core distribution access spine Leaf AI is going to change a lot of this by the way so we've got good paradigms these paradigms we applied over this this multi-decade period and built organizations to then manage the technologies that were used to build these networks over these period and evolve them over time we built engineering organizations coupled with operations organizations okay engineering does design and build operations does build into run then we add it in security so the security organization also typically separate is part of this Paradigm if you will these organizations were further carved up because we had so many different technology specializations if you're a data center person going from client server to web Computing you worried about load balancers and new kinds of firewalling that had to go in front of the web applications and so we had devops people all of a sudden we had access networking people we had W Architects Lan operations help desk analysts it organizations had to specialize because of all of the Technologies and all of the product categories that we created over this multi-decade period This is not not particularly simple but it worked because we needed it to work we were rolling out so many digital transformation initiatives across whatever type of organization that we cater to that it was really necessary to have all of these Specialists working to build and operate the networks that would extend our business models to our users to our partners to our customers but it's pretty complex and as we'll talk about I'll just mention now it's also not particularly secure here's what networking will be we're actually kind of close now it's going to take some Evolution inside our respective environments but the technology underpinnings are being put into place today first of all networking is going to be simple we all have a network experience every day that is very simple we all very likely have a mobile device attached to our respective cellular carrier our networking experience is very simple we we don't think about it right we don't we don't think about what kind of networking technology Verizon or AT&T or Teemo or whoever provider is uses we just connect it's a utility the network needs to become a utility it needs to be that simple and whether it's run by your organizations or run on your behalf that is the quality of experience that our respective enduser organizations expect to have second it needs to be secure and it will be we have as an industry and as Network Architects Network designers we've traditionally added security capabilities and functions and Frameworks to what we have built we added firewall into our environment in the mid 90s because all of a sudden we had not just the Enterprise client server environment but we had the goas and the go out as out of the Enterprise so we could get email in and out of the building so we added firewalls and a DMZ this methodology of bolting on security needs to fall away because as I think most of us have observed it hasn't been particularly effective at least not universally lastly the network needs to be simpler it needs to have the characteristics of being self-driving the users want it to be self-driving our departments wanted to be self-driving they want it to just work on their behalf like a utility but they also want to be able to change it they want it they want it to adapt to their business requirements or their use case requirements I'm going to talk about the three of these Transformations over the next 15 minutes or so how do we make it simple first design build let's utilize far fewer Technologies we don't need to be technologists across a significant number of standards and Spectrum if you will in order to make networking effective in our Enterprise environments it's just not necessary anymore some technologies fall away naturally most Healthcare organizations are getting rid of wmts uh a a popular uh Healthcare protocol from 20 years ago lots of industrial organizations are still using modbus a lot of uh facilities organizations have deployed and are continuing to operate backnet based uh Technologies to do building automation those are the types of protocols and technologies that need to fall away so simplification starts with the overall technology requirements technology standards that we establish for our Enterprise organizations themselves the second part of simplification is in the design build life cycle and it is in our organizations we don't need to build networks the way we used to with all of those organizational paradigms of the access network and the WAN and the core and the data center and Route switch teams and the like it's simpler to think about it in the following way our teams need to First be responsible for a high performance highly available underlay Network the underlay Network might be in the campus environment local branches use ethernet ethernet scales ethernet's reliable it can go in lots of places with with massive scale and easy to configure reliability paradigms the access network will be ethernet Wi-Fi private LTE private 5G maybe a few iot related offshoots like Bluetooth or zigby so we can build underlay Networks that are high performing and highly reliable using an underlay team that knows these Technologies and their responsibility is to build them and operate them collapse engineering and operations together the second concept is to build overlay networks you build an overlay network based on an application let's have those that are um responsible for a manufacturing application an MRP system give them access to the MRP system running in the cloud build an overlay Network around that MRP system build an iot Network in a factory where the iot environment is responsible for sensor and control build an overlay Network for it not an underlay Network don't create air gapped iot networks here and here and here create an overlay Network that is self-defining around the factory automation technology that uses iot systems but think of that as oh I need to build an overlay for that particular Network implementation all of this will use IP all of this will use protocols that are familiar to us when we build overlay networks as a concept and we think about lots of them for example when you have an Enterprise organization that's got hundreds or thousands of applications those were probably stood up in a data center you probably done Data Center consolidation um they've probably been virtualized put into containers they're all expressed out of your data center some of them have gone to the cloud maybe maybe many of them have gone to the cloud but we certainly have a mix in all of our environments and those typically were put into segregated networks in the data center but if you turn the Paradigm around a little bit and you think about an overlay Network being built for every application and for example David Logan having access to workday and Salesforce and the HP SharePoint environment and the Office 365 environment all of those overlay networks can be extended to my mobile device and my laptop I can think about that slightly differently why is that interesting it then bakes security as a paradigm directly into the network Fabric and dramatically reduces the attack surface if you think about the dramatic EXP expansion of applications in our environment servers endpoints all of the application systems that we bring in as individual employees because we have become personal administrators of our own mobile devices and our own mobile application environment there are tens of thousands of applications and their related traffic flows operating in all of our networks today which dramatically increases the size and scope of the attack surface and dramatically increases the complexity of trying to manage this attack surface environment we need to break this Paradigm and not think about baking security onto or bolting security onto the environment but making it intrinsic in the environment does David Logan have access to workday he does that's because workday and uh service now have a simple record that says David Logan has access to that application HP has a source of Truth for what applications I have access to and the applications that Molly has access to and the applications that Anthony has access to we have sources of Truth inside our Enterprise environment that can easily draw a map from the application systems that the employees and perhaps customers and perhaps Partners all need access to for the business to function and so we need to stop thinking about uh or stop thinking about network security as a set of protocol questions and a and a set of goes into's and goes out as questions and more about policy what users what devices have access to what applications and when you do that and you start to build an overlay Network concept by extending those applications only to those users that have that should have access then you start to secure the environment naturally this is what we call Security First networking if you were in the keynote uh earlier this morning with David Hughes and John Green John Green talked about this extensively zero trust access build overlay networks based upon applications build overlay networks based upon networks create an iot environment where the iot systems are all protected by one overlay Network that overlay Network extends to the servers and systems that need to interface with that with that iot system running in the factory data acquisition managers that uh that need to oper the factory environment applications extending from the cloud can be easily protected because only the users that specifically have access to those applications based upon the sources of truth that are available in our Enterprise environment say they should have access so Security First networking it is possible to connect and secure at the same time and resolve some of these points of tension around usability and around uh maintenance and moves ads and changes and uh protocol adaptations that doesn't mean the attacker is going to stop what they're doing there are infiltrators unfortunately inside all of our organizations already and they may ideally have a very tiny footprint today it may only exist in one laptop or on one uh desktop environment or one iot system maybe they haven't penetrated further the infiltrator strategy is to gain a foothold and then move laterally until they find a position where they can exert more control and and more ability to gather information about our environment and then exploit data this Paradigm that the attackers use these methodologies that the attackers use is not going to change anytime soon and so we can use technology that's in the network itself which has already been find around what devices and what users have access to what applications and Data Systems as a method for then excluding other behavioral aspects of the network what network behaviors are being observed that don't fit the Paradigm that we expect is a printer communicating with a video surveillance server should that be happening so when you have a network which is built around an allow list if you will using using security terminology that by definition you can look at every other thing that is not supposed to be allowed and scrutinize it using AI techniques machine learning techniques behavioral analysis on the network using automated systems where questions and answers can be handed an analyst that can then say you know what I don't understand this behavior let's explore it a little bit deeper self-driving the network should adapt to what the users need let's take an example of a student in a university environment students will come into universities here in the US in in August and September and they're going to bring their entire digital lifestyle with them they're going to bring TVs and smart speakers and wearables and Xboxes and laptops and tablets and and uh and other uh and other systems they're bringing all their personal digital Tech and they expect their dorm room to support all this personal digital Tech the concept of device ownership in this case allows us to build an overlay Network that surrounds the human when my daughter goes to college she will be able to Define in a a very simple way that these devices that she has brought in with her need to get connected to the network and during that connection process that that very simple provisioning process of putting a pre-shared key on a Wi-Fi on a Wi-Fi stack will Define them as Grayson Logan's devices and then all of a sudden Grayson Logan's personal Network can follow her around the campus personal area networking is another form of overlay and it puts the user in control of the network it makes the network self-driving it doesn't have to get in the middle of cont configuring how the environment will work on behalf of my daughter the same is true in departments you look at a line of business you look at a department such as Radiology or the emergency department in a healthcare organization they need to move technology they need to be able to add new clinical Engineering Systems such as patient bedside monitors smart speakers in a patient care Suite A new Radiology workstation that's in the emergency department and the Radiology Suite they should be able to attach these systems into the into the network environment plug them in turn them on and have them just work when you build a network architecture using an overlay Network concept and Radiology has a network and the emergency department has a network and you base it on either departmental function or device type or application type then the network can adapt automatically to what each of those departments needs they can plug their technology in turn it on move it it is not involved in creating Access Control lists on a switch Port when the the patient infusion pump moves from floor two to floor three self-driving involves delegating manageability down to the users and the the benefactors of the network environment itself it also means that our network operations teams which would have traditionally operated a knock facility Network Operation Center that are looking at big screens on the wall and little screens on their desks and are looking at trouble uh troubleshooting ticket requests in the help desk system and looking at red green displays on a map it means that they can completely change their daytoday workstyle because there is so much information about how the network is configured when we build underlays and overlays and there's so much information and Telemetry available about how users are connecting and how devices are behaving and how applications are flowing that that Network Telemetry can be collected by AI systems put into a data Lake analyzed and then spotted for interesting patterns of behavior and so we can transition from the classic knock architecture to one of making every help desk analyst every uh level one level two engineer capable of being a level three engineer here we can give them questions like um do we need to add capacity to this application that seems to have exhibited some Performance challenges 18 times in the past week yes that's a human answerable question let's do that it makes it possible for them to uh look at a troubleshooting screen that has already been arrayed with all of the information they need to make a troubleshooting decision on is this just related to you know the Apple update and maybe it's not working so well on the Wi-Fi or is it some other fundamental issue that we need to get involved in so it will change how the network operates from being completely manually managed by our respective human teams to being much more automated and in fact 95% of the the activities that a help desk or level three engineer would go through before will completely change because of the ability to automate how troubleshooting takes place that's the other form of self-driving that's going to make the network of the future really exciting it's going to turn all of our teams into humans in the organization that think about the experiences that the end users need to have or the next digital transformation initiative that the CIO has put in front of them and how they are going to respond to it as opposed to looking at the latest issue that's been reported by a us user about application performance in Albuquerque or Alabama didn't talk about AI very much Antonio did yesterday I'm sure you've seen and and heard a lot about AI today this is going to change everything but it's going to be subtle and it's going to take a while AI workloads are going to change data center architecture AI workloads running on a laptop at the edge of the network allowing a researcher to use a local AI system to collaborate with a centralized AI system that's going to change the network as well it's going to change network patterns probably not too much our networks are going to be latency sensitive but you know we've been building latency sensitive networks for a while running voice and video it's going to change Security in a big way for example if if your your responsibility is drug Discovery and you've got a drug Discovery Ai and you're nurturing it and using its capabilities to test against another AI system maybe not owned by your organization testing your drug your drug molecules against a human cell represented by a digital AI model the data's got to flow back and forth does this drug work on this digital cell model but you don't want the information to flow because that's intellectual property it might be personally identifiable information so the way we think about security and who is entitled to what data is going to permeate down into the network level as well because these systems have to have high performance connectivity and yet we can't allow all of the data to flow where it needs to so this is going to change our networking paradigms as well Food For Thought for the future so that's the network of the future read more about AI in this uh this um month's version of Doppler QR code simple secure self-driving hope the talk has been interesting today I'll be available at the side if anybody would like to have a one-on-one conversation I'll be glad to take questions there as well thank you very much
2024-06-24 03:29