|
Security in DCI
With more services being housed in the cloud and the amount of financial , health and other sensitive information within the cloud increasing on a daily basis , the cost of a security breach can be significant , especially if personal or confidential information is compromised .
Such security breaches can result in loss of trust and user data , resulting in lost revenue as well as financial losses due to regulatory or legal implications . Keeping data secure is therefore paramount and this has to be done not only when the data is stored in a data centre , but also when it is in-flight between data centres , resulting in the need for security on DCI boxes .
The two main technologies being used for in-flight data security are :
• Bulk Layer 1 security : Where the entire content is encrypted and authenticated using the likes of AES256 . This by far is the most cost effective for providing security for large point to point data pipes .
• MACsec as defined by IEEE 802.1 AE : Where packets are encrypted individually and can be handled easily in hardware . MACsec provides security at Layer 2 .
Most data centre operators are looking for one of the two methods for providing in-flight data security . Having the ability to do either one of the two methods in the same box can be an asset to addressing the needs for multiple ICPs and service providers .
The trend to have more open line systems where equipment should be able to interoperate with another vendor ’ s equipment , also drives the need for supporting both methods in the same box . A Flexible DCI platform can achieve this and more .
Managing upgrade cycles
DCI in a Metro or Long Haul requires multi Terabit capacity , and today the best technology to allow
|
this is DWDM using coherent line technology ( that said some metro reaches are being addressed using direct detect PAM4 technology but this is limited to short reaches ).
Coherent Line Optics are a significant investment and operators would like to maximise this investment . In certain cases long-haul 100Gbps transport cards may cost between 70 and 100 times a similar capacity switching port , and hence obsoleting this gear at the same refresh cycle of three years may not be cost optimal .
Working on that premise , it is likely that the DCI gear may see at least one if not two data centre equipment refresh cycles within their lifetime . Having the ability to adopt to newer interfaces and provide continued service with different networking equipment is also important for DCI boxes .
The DCI box ’ s flexibility is not limited to adopting to new interfaces . It must also be able to bridge between new networking gear in one data centre and older gear on the other side . This flexibility allows data centre operators to decouple the upgrade cycles and limit forklift upgrades on both sides at the same time . This is another key benefit in deploying Flexible DCI platform .
What is a flexible data centre interconnect box ?
In light of the discussion above it is quite evident that the DCI box of the future needs to function as an entity that can intelligently adapt a personality or functionality that is desired by its deployment at that point in time , as well as accommodating easy evolution of technology overtime . The equipment personality may range from allowing different security protocols for different deployments to adapting to changing networking protocols and interfaces .
|
‘ Keeping data secure when it is in-flight between data centres , results in the need for security on DCI boxes .’ |
As more and more line systems migrate to pluggable DCO ( Digital Coherent Optics ) formats , having a box that can take in multiple DCO optics from different vendors is very important . This enables optimal level of services for a required deployment , seamlessly adapting to the various networking protocols on the client side from fixed Ethernet rates of 10GE , 100GE , or 400GE , and flexible newer protocols like FlexE .
Ultimately this built-in system flexibility allows the SDN controller to download the right personality based on the deployment ’ s need , and provides a layer of abstraction allowing any line system to be mated to any client port without having to understand its protocol .
The system in the diagram above shows this flexibility is easily provided by FPGAs between the client and line optics in a DCI platform . Such an implementation with a Xilinx FPGA allows for client optics to scale from 10G to 56Gbps using the same device , as well as have line side optics from various vendors . The line side could be coherent , direct detect , or future low cost and power metro reach optics .
The value of this flexibility pays for itself and multiplies returns in terms of longer equipment lifespans , better deployment models , and ease in adapting to network / technology changes in a dynamic market place .
|
September 2017 | 45 |