Supriya Ghosh (Editor)

Application Defined Network

Updated on
Edit
Like
Comment
Share on FacebookTweet on TwitterShare on LinkedInShare on Reddit

Application Defined Network (ADN) is an enterprise data network that uses virtual network and security components to provide a dedicated logical network for each application, with customized security and network policies to meet the requirements of that specific application. ADN technology allows for a simple physical architecture with fewer devices, less device configuration and integration, reduced network administration and a lower tax on IT resources. ADN solutions simplify businesses’ need to securely deploy multiple applications across the enterprise footprint and partner networks, regardless of where the application resides. ADN platforms provide policy-based, application-specific delivery to corporate data centers, cloud services and/or third-party networks securely and cost effectively. Some ADN solutions integrate 3G/4G wireless backup services to enable a second internet connection automatically and instantly when connectivity is lost on the primary access connection. The ADN design provides an application-to-application (A2A) based model that evolves enterprise networks beyond the traditional site-to-site (S2S) private model.

Contents

ADN Fundamentals

ADN solutions address the need to enable multiple different applications, such as guest WiFi (hotspot) while strictly securing regulated applications such as payment on the same network. Traditionally, in site-to-site networks, having multiple applications introduces significant security policy conflicts. Technologies, such as guest Wi-Fi, mobile payment and/or cloud services open the traditional private network to outside security threats and create significant complexity in security policies and network administration. ADNs can be customized with specific security features that address specific application needs, and enhanced with performance and reliability features such as traffic management for application prioritization and fail-over for back-up connection services.

Complexity breeds vulnerability. Application Defined Networks (ADNs) significantly reduce complexity and the resulting costs of multiple device investment and management, configuration, integration, and problem isolation and resolution. ADNs are typically enabled on a secure appliance at the distributed enterprise locations that integrate with a cloud network to connect applications to corporate data centers, cloud services, payment gateways and partner networks. ADNs eliminate the potential for route conflicts, security cascade across applications, and problem cascade caused by one application misbehaving and affecting other applications on the same network.

  • Route Conflicts – traditional site-to-site networks facilitate multiple applications over single connections (ex. VPNs, MPLS VPNs, and Ethernet) and require complex security rules to partition applications from one another. Simple errors in device configurations can create routing problems that can breach strict security and compliance-based applications such as PCI-DSS and HIPAA certifications. The ability to completely segment these applications into their own discrete ADN removes that complexity of managing multiple security partitions across many locations.
  • Security Cascade – traditional site-to-site networks are subject to security bleed when a network segment that is open to the Internet gets breached. Advanced Persistent Threats (APTs) are becoming more frequent, effective and damaging. The damage is occurring when the threat roots inside the breached segment and stealthily probes entry points into other network segments. Several security breaches have been the result of this security cascade where vulnerability between network segments is exploited. ADNs eliminate the ability for a security breach to cascade between network segments and applications by compartmentalizing applications into secure and isolated networks.
  • Problem Cascade – On a traditional site-to-site network, when a specific problem in an individual application’s configuration results in abnormal behaviors, the problem ends up affecting all other applications on the network. Essentially, one application misbehaving results in all applications being affected and the entire network being compromised. Isolating the root of the problem becomes extremely difficult and time consuming when a network is in chaos, or completely down. On an Application Defined Network, problems are isolated to the specific application’s network, allowing for simpler fault isolation and resolution.

    • ADNs are logically defined virtual networks that extend from application enabler to application gateways. ADN solutions combine the ability to define specific LAN segments with an actual ADN. This provides the ability to extend the ADN through the LAN to a specific interface on the application enabler (POS system, server, etc.). An assigned zone will lock down a specific LAN port to a specific use. For example, serial port 1 would be assigned to the payment ADN/LAN segment only, and no other devices can use that specific LAN port, and if unauthorized device is plugged into zone 1, it will not work. This provides both physical and logical security protections against unauthorized use of a port.

    The ADN then facilitates the connection from the specific LAN port over the public broadband connection independently of any public IP addressing. The ADN is then authenticated inside the cloud and transported to the destination application gateway. This provides an end-to-end application enabler to an application gateway network that is independently defined, both physically and logically. The application gateway can reside within the corporate office or data centers, cloud service providers, partner networks or virtually anywhere.

    Application-to-application (A2A) networks remove current site-to-site(S2S) limitations by defining the network architecture at the application level. A2A networks open the enterprise network to be able to securely connect to any application, no matter where it resides. A2A networks free the enterprise network from burdensome controls and restricted hub and spoke traffic patterns, by facilitating any-to-any traffic pattern based on the specific needs to the application itself. Companies no longer have to overspend by purchasing application licenses and building the application within their data centers, and incur all the associated capital, network and IT resource costs. A2A networking allows companies to implement innovation, and efficiently deploy multiple applications using cloud services that address needs, such as, improved customer value, operational efficiencies and product differentiation.

    Security

    ADN network simplifies security by establishing discrete independent networks that do not require complex security rules to partition traffic types. ADNs reduce the risk of human error in maintaining complex Access Control Lists (ACLs) across many sites which can create security vulnerabilities. For example, if an ADN with public Internet access is breached by an outside party, the ability of the breach to bleed between ADNs, such as a payment ADN, is eliminated.

    ADN standard security features include firewall, intrusion detection, logging, wireless scanning, content filtering, access control list, multi-factor authentication, Advanced Encryption Standard (AES) encryption and compartmentalization. Additional custom security features can also be easily deployed such as HTTPS filtering, Security and Event Management (SIEM), or any best-of-breed security application hosted on virtual servers within the cloud.

    References

    Application Defined Network Wikipedia
    (Text) CC BY-SA