Proactive aggregate restructuring.
- Automated restructuring across aggregate
- Logical segment relocation for optimal routing
This project takes existing redundancy and scalable infrastructure models further with the understanding that networks can be considered organic, and must therefore adapt to changing environmental variables. This project involves a broad layout on the physical layer already existing, with a software orchestrator performing dynamic changes to layer 2/3 networking based on metrics and availability. The orchestrator must also factor in several internal and external variables to determine link health when performing aggregate restructuring. This project works with a variety of existing routing and redundancy protocols with the expectation of deployment compatibility.
The expectation for an organic network design and its implementation within varying growth models is to remove infrastructure bottlenecks during periods of unplanned network load. Standard infrastructure capacity planning according to projected growth may not include unexpected variables and result in saturation issues. Practical implementation involves horizontal network growth and allocation of new circuits to be dynamically introduced into segments requiring immediate capacity. The orchestrator will require topology usage metrics and historical logging to determine where capacity will be allocated, based on both current and predicted needs.
The purpose of this design is to mitigate impact to existing infrastructure which requires the integration plan evaluate current network topology and provide a non-disruptive implementation. The orchestrator will integrate with existing flow metric configurations and require the use of API driven automation on the network infrastructure. In this regard, considerations for integration must be made for hardware vendor compliance with automation solutions such as Puppet. Physical integration may require the expansion of existing modular hardware should there be limitations in availability. Logical integration will involve layer 2/3 dynamic routing cost and metric evaluation with considerations for loop protection.
Overall Benefit Comparison
One of the primary expected benefits associated with the implementation of an organic network design is overall cost reduction. We believe this design model will allow for automated logic systems inheriting critical roles from traditional supporting staff. Organizational entities scaling to meet projected usage demands would not be bound to existing limitations of available supporting roles.
Smart algorithm and pattern detection.
- Audit network traffic for similar patterns
- Flag and quarantine possible threats for investigation
This project focuses on variable algorithms and pattern matching during anomaly inspection. A standard IPS/IDS deployment can offer protection from traditional known attacks and enforce previously generated ACLs, though it is not expected to perform human pattern detection when dealing with suspicious connections. This project assumes a certain percentage of previously unknown threats originates from actual users as opposed to automated malware systems. An Intelligent UTM must understand curiocity and predictability within detection algorithms to counter these threats.
An advanced detection system implementation would complement existing border network protection, or be transitioned in-line if no such system exists. The IDS would follow traffic patterns and require human input for classifying known trusted patterns.
The integration for an intelligent IDS is a horizontal addition to existing networks as the auditing devices only require a mirror of core traffic. This allows for a no-impact implementation compared to an inline IPS as the IDS and automation orchestrator sit separate from the core. Utilizing available vendor API for the network core, the orchestrator pushes ACL changes to the network live and continues to monitor for anomalies. The center of the IDS would also contain a historic database to analyze traffic patterns for better filtering practices and pattern recognition.
Overall Benefit Comparison
We view the primary benefit for an advanced self-learning IDS to be the level of network protection achieved by utilizing patterns and analytics as opposed to relying on community or vendor based filter rules. Emerging attack vectors which may not be publicly known can be flagged with an intelligent deep packet inspection implementation. The concept of an intelligent IDS/UTM deployment should become a key component in high risk networks.
Optimizing and distributing application load.
- Distributing application load across multiple sites
- Implementing security layers for data encryption
While existing application load distribution does offer solutions for scaling enterprises, we aim to explore alternatives in infrastructure to overcome physical limitations in cluster design. Investigation is also required to determine how variables such as distance and other cost factors may impact application performance.
We view the distributed computing model to exist as a design platform upon which proven deployment technologies such as virtualization and low latency network connectivity will provide a core foundation. Our approach to cluster and application design will focus on modular availability in order to offer a decentralized platform layout. Automation systems will play a key role in optimizing application load distribution, while logic systems provide a low latency environment for cross-module communication by evaluating infrastructure usage and trends.
Achieving a true decentralized platform to fit this distributed computing model involves implementation from the ground up, as traditional compute designs may not allow for scaling in this direction. With a heavy demand on network performance for compute module interconnectivity, building on a 40G/100G network design is required to overcome potential bandwidth limitations impacting application latency.
Overall Benefit Comparison
Our goal with this project is to overcome infrastructure limitations encountered during application growth and scaling. We believe adopting a modular application design will allow for the integration of distributed computing and redundancy models. The expected benefit of this approach is to allow application portability across infrastructure, where scaling both application and infrastructure components are dynamic variables.