Use an SDN controller with IBM solutions to secure your assets in the cloud

Share this post:

In the first post of a series on developerWorks, my colleague and I discussed how to manually deploy the flow rules for Open vSwitch to protect virtual machines (VMs) running on a KVM hypervisor. However, the solution we proposed then is not always practical in the real world, because the assets in the cloud can and do change dynamically. There is no sufficient resource to monitor each VM and manually deploy the corresponding flow rules. For example, to handle the burst request in a cloud service, more VMs will be provisioned to share the workload. If the protection to the VM depends on the flow rule updates, how can security administrators react to the burst request on time?

Web protectionTo provide a realistic solution to address the dynamic nature of the cloud, a software-defined network (SDN) controller comes into the play. You can think of the SDN controller as the brain of an SDN network: it has all the knowledge of each network flow and it controls the entire network topology. In some use cases, the SDN controller can act like an L2-forwarding switch, a network router or even an application firewall. Can we teach the brain of the SDN network about the security logic discussed in my earlier post and turn it into a protector of all the switches it manages

The second post in the series, titled “Use IBM Security Network Protection in an OpenFlow-based Software-Defined Network,shows how to write an application on a POX controller to automatically protect the VMs connecting to SDN switches. Even though POX is not the most popular SDN controller, it has a good framework for fast prototyping, so it is easy to write a similar application on other SDN controllers likes OpenDaylight and FloodLight.

You will find that it’s easy to deploy a network security solution to an SDN-ready environment. In three steps, you can secure your entire SDN network with one of the most advanced network security solutions, IBM Security Network Protection:

1. Connect IBM Security Network Protection appliance to the Open vSwitch.

2. Next, connect the Open vSwitch to the POX controller.

3. Lastly, run the network protector application on POX.

You can download the POX application here and start playing with it. In the second post of the series linked above, you can see a line-by-line explanation of the application source code, and you can even enhance it yourself! Let me know if you need any help. You can also contact me on Twitter @ChentaLee.

More stories

Why we added new map tools to Netcool

I had the opportunity to visit a number of telecommunications clients using IBM Netcool over the last year. We frequently discussed the benefits of have a geographically mapped view of topology. Not just because it was nice “eye candy” in the Network Operations Center (NOC), but because it gives an important geographically-based view of network […]

Continue reading

How to streamline continuous delivery through better auditing

IT managers, does this sound familiar? Just when everything is running smoothly, you encounter the release management process in place for upgrading business applications in the production environment. You get an error notification in one of the workflows running the release management process. It can be especially frustrating when the error is coming from the […]

Continue reading

Want to see the latest from WebSphere Liberty? Join our webcast

We just released the latest release of WebSphere Liberty, It includes many new enhancements to its security, database management and overall performance. Interested in what’s new? Join our webcast on January 11, 2017. Why? Read on. I used to take time to reflect on the year behind me as the calendar year closed out, […]

Continue reading