Opinion |The next step in DevOps and SRE: The application needs to control networking, rather than networking controlling the application
Diario TI 08/10/19 5:55:10
Developers of cloud-native applications are at the core of modern digital businesses and are increasingly implementing DevOps precepts in order to best deliver applications. DevOps methodologies of Continuous Integration (CI), Continuous Development (CD) and Site Reliability Engineering (SRE) promise to enable unprecedented levels of speed and agility in the end-to-end process of reliably developing and delivering quality software to meet business needs.
Most organizations are in the early days of CI/CD and SRE, but the progressive teams are already seeing the next problem. The network. Cloud native applications require cloud native networking solutions. Automated, distributed, portable (virtualized, containerized) applications require networking solutions which can be automated, distributed and portable.
Legacy MPLS and VPN solutions were designed to connect monolithic apps in centralized sites such as private data centers to a small set of sites such as branch offices. These “boxes and wires” constructs were perfect for the legacy centralized, static application topology. But it is difficult and expensive to use boxes and wires to connect massively distributed (edge, multicloud, service mesh) and portable modern applications. It is prohibitive to fit boxes and wires into CI/CD and SRE constructs of programmability, automation and agility. We need to replace boxes and wires with software and APIs. We can’t let legacy networking constructs block the innovation and quality we are working so hard to obtain with DevOps and SRE methodologies. The application needs to control networking, rather than networking controlling the application.
New networking solutions need to meet the requirements of modern applications and fit into their DevOps and SRE constructs. Here are four sets of functionality which development teams need to enable business apps to control the network: agility, security, simplicity and performance.
First, agility. The application needs to be able to programattically control the network. The app can’t be dependent on specific network configurations, vendors or providers. The application needs to be agile, automated and portable, so it needs to be able to control any network, anywhere. With Application Specific Networking in Connectivity-as-Code models, application development teams can spin up on-demand connectivity across any set of edges, clouds and service meshes, and embed the connectivity into their application with SDKs and APIs so that the connectivity goes anywhere their app goes.
Second, security. Secure-by-Design is a requirement to automate and scale DevOps and SRE practices. Separate security is insecurity. Security needs to be embedded in each layer of the stack in a loosely coupled but coherent, automated and repeatable manner. In Application Specific Networking, with each app enabled to programattically control its own network, the developer gains the ability to enforce Zero Trust, Software Defined Perimeter and Least Privileged Access methodologies across any Internet connection.
Third, simplicity. Simplicity, visibility and automation underscore modern application development, DevOps and SRE practices. It will no longer be acceptable for the delivery of the application – the network – to break that paradigm. New networking constructs need to abstract the developer from the underlying networks in the same manner that Infrastructure-as-a-Service (IaaS) has abstracted development teams from underlying compute. This requires APIs and SDKs to expose cloud-native networking resources to developers in a simple manner, with the underlying infrastructure often managed in a Network-as-a-Service (NaaS) type model.
Fourth, performance. Performance is increasingly important in today’s world in which highly automated and connected supply chains can depend on the performance of a single app, and individual apps can require consistent networking performance to leverage Edge or Cloud based Artificial Intelligence (AI) and Machine Learning (ML) functionality. Like security, performance needs to be designed in from the start, controlled by the app, independent of specific networking vendors and providers and obtainable over any Internet connection. One emerging approach is to leverage programmable Internet overlays such that the low costs, high bandwidth and global access of Internet can be leveraged, while the overlay functions to optimize performance attributes as specified by the app, such as minimizing latency and jitter, or maximizing throughput.
The unifying factor across those four areas in the ability for the app to programmatically control the network. Only when the developer is given the keys to the network, and abstracted from the underlying network infrastructure, can the developer control end-to-end application delivery in an automated, agile manner. The exciting progress in DevOps, NetOps, DevSecOps and SRE can continue without being blocked by legacy networking constructs designed for different application topologies.
By Galeal Zino, CEO of NetFoundry
Photos: Diario TI at NetEvents 2019