One of the trends that I am seeing, at least as it applies to the curriculum used in most cybersecurity certifications, such as the CISSP, CASP+, and CySA+, is that technology is moving to a software-defined, virtualized everything. The latest issue of the Internet Protocol Journal, Volume 24, Issue 2, July 2021 has an interesting article titled Network Functions Virtualization. Reading the article made me think back to the topics I’d been teaching about Software-Defined Networking, which involves splitting traditional router functions into the Management Plane, the Control Plane, and the Data Plane.
What my intention is in this article is to list all of the Software-Defined and Virtualization processes that are now part of the CISSP curriculum, with the goal of knitting all these separate concepts into a larger whole, as an industry trend.
There are basically three overall areas that are seeing a massive change-over to software-defined virtual systems: machines, networks, and applications
- VDI – Virtual Desktop Infrastructure
- Virtual Networking devices, switches, routers
The concept of virtualization probably started with servers. Instead of the the expense of adding another piece of physical hardware to a already crowded rack in an overflowing datacenter, virtualization actually allowed many server systems to be operated virtually on fewer virtualization systems. I was teaching a networking class at a county office in Colorado recently, and they had converted 30 servers into virtual machines occupying three sever blades. Over a thousand user computers were installed as virtual desktop infrastructure. The large datacenter 300 square foot had been shrunk so everything fit on two rows of three racks. Virtualization has also moved on to networking devices, producing virtual routers, switches and firewalls.
- Private VLANs
- Software Defined Networking
- Network Functions Virtualization
In networking, virtualization started with virtual local area networks, or VLANs. VLANs allowed network admins to segment their networks into functional areas, providing improvements in network management, as well as security benefits. Further segmentation is possible using private VLANs or PVLANs. The was made possible with the help of managed layer 2/3 switches.
Entire virtual networks also become possible. Virtual networks moved through and past virtual machine implementation, and started using Docker containers with networking environments such as GNS3.
Software-defined networking (SDN) provided a way to separate the Application or Management Plane, the Control Plane, and the Data Plane into three distinct layers, and made it possible to administer these virtualized networks from a central control point, creating more agile networks that can be reconfigured on the fly, as network and applications demands change. SD-WAN, or software-defined wide area networking move the virtualization to wide area network links.
The latest concept is Network functions virtualization (also network function virtualization or NFV). According to Wikipedia, NFV is a network architecture concept that uses the technologies of IT virtualization to virtualize entire classes of network node functions into building blocks that may connect, or chain together, to create communication services.
- Agile and Object Oriented Programming
- Virtual machine applications
- Containers, Dockers and Kubernetes
- Microservices Architecture
Software applications have also made a similar transition, through Agile development and object oriented programming. Applications were spun up inside virtual application servers in order to provide segregation and security. Eventually virtual machines evolved into containerization technologies such as Docker and Kubernetes. Containers required dramatically less system resources, and made it possible to quickly spin up an application container on demand.
Microservices architecture uncouples applications into component assemblies, which can be reassembled on demand to provide a working custom application for a particular user or purpose on the fly.
Software Defined Everything
Software-defined everything (SDE) is an umbrella term that describes how virtualization and abstracting workloads from the underlying hardware can be used to make information technology (IT) infrastructures more flexible and agile. They include technologies like the ones listed below:
- SD-data center
- Software-Defined Storage – Software-defined storage (SDS), according to Wikipedia, is a term for computer data storage software for policy-based provisioning and management of data storage independent of the underlying hardware. Software-defined storage typically includes a form of storage virtualization to separate the storage hardware from the software that manages it. The software enabling a software-defined storage environment may also provide policy management for features such as data deduplication, replication, thin provisioning, snapshots and backup.
Much of the software-defined everything world existing in cloud services datacenters provided by Amazon, Microsoft, Rackspace and others. The distinction between actual machines, virtual machines, and software-defined systems continues to blur.
For those readers who are planning to pursue an information technology or security certification in the near future, be aware that these topics will appear in the curricula, and the exam. This applies to networking and cybersecurity certification, as well as cloud and AWS certifications. Mke sure you are familiar with these important concepts.Share