While the IC’s research organization looks into adding security to cloud environments, in the here and now, intelligence agencies are sharing more data.
The Justice Department is preparing for when network functions virtualization shifts from an emerging technology to a mainstream solution.
NFV decouples common network services, such as firewalls, intrusion detection/protection systems and load balancers, from the hardware. By abstracting network functions, NFV eliminates the need for dedicated, expensive and complex gear and also gives IT shops more flexibility.
“NFV takes the very function-specific and vendor-specific elements of the distributed computing platform that we call a network and moves them to more of a standard hardware platform that enables functions to be virtualized, much as we’ve seen in the computing arena,” says Eric Olson, director of service engineering in the Justice Department’s CIO Office.
A number of major network and virtualization players are investing in NFV technology, including Brocade, Cisco Systems, Juniper Networks and VMware. There are also a number of organizations, including the Internet Engineering Task Force, the European Telecommunications Standards Institute and Open Platform for NFV, working to create NFV standards and protocols.
The Justice Department expects to implement NFV services in the next three to five years, or when existing appliances need to be refreshed.
Olson says his team is most interested in NFV’s security services, including intrusion detection and prevention systems and firewalls, which now exist in-house in separate dedicated machines.
“When you get away from hardware components that elongate product development cycles, you can get essential network functions in place faster,” he says.
The Energy Sciences Network, or ESnet — the Energy Department’s high-performance, unclassified network that links national laboratories, universities and other research institutions — will launch a solutions lab to test NFV. Inder Monga, ESnet’s chief technology officer, plans to incorporate software-defined networking, which abstracts the network control plane, to facilitate the deployment of NFV.
“While SDN is not necessary for NFV rollouts, having SDN in place will help with large-scale deployments,” he says.
SDN will play a key role in Olson’s NFV rollout. He says combining the two technologies will be “transformative.”
NFV will likely bring about cost savings for the department as the technology negates the need for expensive investments in proprietary gear and maintenance contracts. Olson also expects to discover efficiencies in staffing.
“Engineers who work with specialized boxes are expensive and hard to find and retain,” he says. “We inoculate ourselves from that when we take a services approach.”
Instead, NFV will require network IT teams to hone their server management skills, Monga says. Cisco Certified Internetwork Experts “might have to learn to be systems administrators as well,” he says.