This blog is guest authored by Brad Casemore, Research Vice President, Datacenter and Multicloud Networks with IDC.
IDC finds that most enterprises today understand that IT infrastructure must be modernized and digitized to meet the demands and imperatives of digital transformation. After all, structure – and certainly infrastructure – must follow and enable strategy.
That said, aspiring to modernize infrastructure is one thing, and actually doing it successfully is another proposition entirely. IDC sees this challenge clearly in the context of how enterprises address the complementary but sometimes competing resource requirements of business workloads and network and security functions.
While insertion and chaining of network and security functions are challenges in their own right, an added complication is that the processing of network and security functions and services claims valuable CPU cycles and resources that should be dedicated to business workloads. While important to the performance and protection of business workloads, network and security functions are secondary supporting elements that should serve the purposes of business workloads rather than detract from their effectiveness. What’s more, network and security services have their particular resource requirements that must scale elastically in distributed infrastructure environments to support the ebbs and flows of digital business.
The solution to this challenge obviously cannot involve eschewing or otherwise eliminating network and security functions, which are necessary but can individually and collectively consume a growing percentage of CPU resources. Virtualized and containerized network and security services are essential to digital infrastructure and must be accorded the resources they require to provide resilient and robust connectivity and strong security to the business. So, what is the right architectural answer to meet the challenge of prioritizing business workloads for better performance and optimization, while also ensuring that those workloads receive adequate support from integral network and security services?
An integrated, streamlined and elastically scalable offload element is required to relieve overburdened CPUs, freeing processor and memory resources to serve application workloads. In adding an offload complement to this modern IT architecture, we must ensure that it offers certain capabilities and characteristics including:
- Hardware-based mitigation capabilities to minimize the impact of any low-level security vulnerabilities in the central execution environment.
- Provisioning ability for a consistent operating model across distributed processing, addressing service quality issues that can be difficult to troubleshoot and remediate quickly.
- Built-in hardware-based isolation, for separation of network and security functions, as well as for management and control functions, protecting against attacks that might compromise the…