Avaya Open Networking Adapter A new class of networking product that leverages open source to deliver deployment simplicity and operational agility. Table of Contents Enter the new Open Networking Adapter................... 1 Avaya ONA: a closer look........ 3 Leveraging an Open Framework.................................... 4 The Internet of Things (IoT) is a term that’s getting a lot of airtime these days, both inside and outside of the technology industry. Placed in a business context, a wide variety of conventional devices – such as medical terminals, manufacturing equipment – will be networked in order to deliver enhanced functionality or productivity. One of the themes of IoT is that these devices can be monitored, modified, and managed remotely. However, this vision can darken when faced with practical considerations. Use Case Examples.................... 5 Firstly, an enterprise may have thousands of these IoT-type devices and The Promise of SDN.................. 7 provisioning them using conventional techniques could well be impractical, if not impossible. Crucially, it would be a brave organization that was prepared to introduce these devices to the corporate network without due consideration for security or quality of service. Businesses that do plan to isolate IoT traffic across a network will need an easy way set up and modify these network-wide partitions. And lastly, many IoT end-points could be running older operating systems that lack modern protection against viruses or malware: potentially putting the entire network at risk. Avaya Fabric Connect is a technology that enables the creation of virtual networks, easily and in real-time. Further, utilizing Fabric Attach, a complementary, standards-based technology, networking end-points can attach automatically, configuring themselves to join their mission-specific network. This functionality completely mitigates the burden of manual provisioning. However, one problem remains: the typical IoT end-point does not contain sufficient embedded networking intelligence, and therefore would not be to benefit from Fabric Attach. Enter the new Open Networking Adapter The Avaya Open Networking Adapter (ONA) initiative delivers a family of small form-factor devices that act as a bridge between any Ethernet-equipped device and the Fabric Connect private cloud. Simply connect the business end-point via an ONA and Fabric Attach functionality takes care of the rest; provisioning is automated, and centrally defined service parameters are applied. In the context of business end-points this will typically involve assignment to a avaya.com | 1 Highlights mission-specific stealth network, one that is isolated from other corporate •Bridges Ethernet-equipped devices to the Fabric Connect private cloud. limits the ability for end-points to interact with systems other than those traffic and carries unique flow restrictions and quality of service attributes. This specifically related to their defined role. Given these capabilities the deployment potential for the Avaya ONA is very broad. The ONA is a revolutionary new •Seamlessly transforms “illiterate” business end-points into “smart” nodes. concept, delivering a versatile, field-deployable implementation of Open vSwitch, facilitating network connectivity and •Creates deployment simplicity and operational agility automating provisioning. Open vSwitch (OVS) is a virtual networking platform that delivers a software-definable solution for •Delivers automated provisioning and centralized service definition. traffic forwarding, isolation and filtering, monitoring and traffic mirroring, queuing and shaping, •Leverages open source feature-rich functionality and evolution. and automating control. For those unfamiliar with the vSwitch and its role in server virtualization, the vSwitch can be considered as the networking side of a Hypervisor implementation: Virtual Machines are provided with virtualized access to CPU, •Part of the Avaya SDN Fx architecture that addresses the end-to-end relationship between applications, business logic, and networking services. memory, disk, and also – via the vSwitch – to internal and external networks. Open vSwitch is leveraged by many third party Hypervisor solutions, including Xen, KVM, VirtualBox, with ports available for VMware ESX and Microsoft Hyper-V, and it has also been integrated into OpenStack. Avaya and Wind River have collaborated to contribute the Fabric Attach auto-attachment functionality to the Open vSwitch community, thereby making this innovation widely available. By leveraging OVS in this innovative way – taking it out of the conventional Data Center/Server role and utilizing it at the Edge to facilitate intelligent network access – Avaya is redefining networking. Hundreds, thousands, of “network illiterate” business end-points can be seamlessly transformed into “smart nodes”, network entities in their own right. Enabled by Avaya ONA, these endpoints can now be monitored and managed; their networking capability centrally administered and controlled. The execution of the Avaya ONA concept is both strikingly simple yet immensely powerful; its simplicity and its openness allows customers to harness the power of open source and Avaya-specific innovations. The Avaya ONA is a key component of Avaya’s SDN Fx™ architecture, integrating third party devices with the SDN-programmable “Enabled Edge”. avaya.com | 2 De-Mystifying Open vSwitch: Avaya ONA: a closer look • Server virtualization changed the access layer from having to be connected to a physical Switch; the Virtual Switch – vSwitch – was born. standalone Open vSwitch implementation that enables the auto-attachment – • vSwitch is a software layer that resides in the Server hosting Virtual Machines (VMs). deployable, and added a management capability to make it efficient and useful. • VMs have logical or virtual Ethernet ports; these connect to the vSwitch. • Open vSwitch created by at Nicira (later acquired by VMware). • OVS intended to meet the needs of the open source community, since there was no feature-rich vSwitch offering for Linux-based Hypervisors • OVS quickly become the de facto vSwitch for XEN environments A closer look reveals that, at its core, the Avaya ONA is a ruggedized, leveraging Fabric Attach – of non-networking devices to Avaya Fabric Connect. It is Fabric Attach that empowers ease of deployment. Avaya has taken a fully standard OVS implementation, packaged it appropriately to make it fieldONA is, essentially, OVS-in-a-box, enabling simple, scalable, and cost-effective service agility for legacy business end-points. The hardware of the Avaya ONA is based on a commercial-off-the-shelf processor, delivering performance sufficient to forward traffic at line rate and with minimal latency. The CPU, memory, and other components are housed in a ruggedized aluminum casing that delivers heat dissipation and mitigates the need for an internal fan. This provides the ONA with an industrial design, suited to the harsh environments where they are likely to be deployed. The hardware is specifically • Now playing a large part in other open source projects, like OpenStack. designed to be easy to deploy by non-IT staff. Labeling clearly identifies user- • OVS supports VLANs, LACP, port mirroring, NetFlow, sFlow, etc. system status. Included in the management strategy is an ability to easily • From a control and management perspective, OVS can leverage OpenFlow and OVSDB. • OVS is often incorporated into SDN strategies: – Critical to many SDN deployments in Data Centers; tying together VMs within a Hypervisor – Entry point for VMs sending traffic to the network – Ingress point into overlay networks running on top of physical networks – Considered the core element of many DC SDN deployments. – OVS can also be used to direct traffic between network functions for service chaining. and network-side ports, and visual indicators simplify the display of power and identify, register, and deploy ONAs by leveraging device-specific QR codes. Practical considerations include the provision of multiple options for securing the ONA together to its partner end-point, including a Kensington lock option. Deployments are further simplified by removing any user interface or configuration requirement; upon power-up the ONA communicates with a central controller, load any custom configuration, and seamless connect the business end-points to its services. This has the added benefit of enhancing the security of deployments: making the ONA more tamper-proof helps prevent them from being hijacked for use as launch points in a network attack. Avaya intends to develop a range of Adapters with physical characteristics that match mainstream business requirements across a broad range of typical deployment scenarios. Considerations include: •The ratio of user-side and network-side ports; this will range from 1:1 in support of the simplest of end-point device connectivity requirements, to many: many that would deliver both network link resiliency and multiple endpoint connectivity. •The physical media of Ethernet interfaces; RJ45 copper would provide for effective connectivity to most end-points and networks, but there may also be deployment scenarios that require the flexibility of supporting long-reach Source: SDxCentral fiber connectivity. avaya.com | 3 •The provision of power, both for the Adapter itself and potentially providing power to end-points; different implementations could see ONAs supported by Power-over-Ethernet delivered by the network-side port, or alternatively ONAs could provide power to end-points. The ONA is designed to address enterprise deployments that require seamless connectivity between business end-points and Fabric Connect-based services; segmentation of traffic and granular control of flows deliver previously unheard of functionality. Equally, service provider solutions such as distributed video surveillance and cloud-hosted CPE can be addressed by leveraging the agility and flexibility delivered by OVS. The openness and off-the-shelf nature of both the hardware and software makes Avaya ONA a very versatile networking component. Given that ONA is based on the Open vSwitch platform, any and all evolutions in OVS functionality and be equally applied through the environment, be that for a Hypervisor in the Data Center or a business end-point attaching via ONA. Leveraging an Open Framework In line with the broader Avaya SDN Fx™ architecture, the Avaya Open Networking Adapter is conceived to be open and intended to allow customers to unleash the power of the open community. The goal is to provide an ability to quickly benefit from SDN where these deployments make business sense. The ONA delivers this capability, being able to rely on the equally open Avaya Fabric Connect automated core to support critical business applications. SDN Fx increases reliability and flexibility of the existing environment and reduces the operational burden; delivering the added benefit of releasing IT staff from mundane operational duties to concentrate on value-add. Avaya’s SDN Fx architecture is based on an open foundation and there has been a conscious decision to base our SDN products on the Open vSwitch, the Open Daylight SDN Controller, and OpenStack. Avaya has membership of and actively contributes to these industry-wide groups. Business can benefit from this openness. Development in the open communities, by third party developers, and directly by Avaya, provides a rich and timely source of innovation. Enterprises can build custom solutions to meet very specific business needs, without having to worry about vendor lock-in. Avaya provides an innovative and reliable foundation upon which business can operate hybrid environments that support both legacy and SDN applications. Application and the Enabled Edge While technically SDN has been described as a separation of control and data plane, some would have us believe that SDN is only relevant to automation of the Data Center. Guided by consultations with strategic partners, Avaya has developed the view that SDN’s key value proposition is the ability to quickly and effectively integrate at the “Edge”. The “Edge”, in this context, is not necessarily avaya.com | 4 limited to traditional network access, but as any point where the users and their applications interact with service infrastructure. Ranging for a Hypervisor in the Data Center through to an IP Phone on the desk, and now via the Avaya ONA to anything in between, the Edge defines where user and applications interact with the infrastructure. It is at the programmable edge that the real power of SDN is revealed, and Avaya’s SDN Fx™ architecture integrates infrastructure and business processes in a new, far more agile way. Use Case Examples The following use case examples have been developed by Avaya in conjunction with lead customers. They demonstrate the power of a holistic SDN strategy and shows how Avaya’s SDN Fx architecture makes, what would otherwise be very challenging, if not impossible to execute, are made eminently deliverable by virtue of the Avaya Open Networking Adapter. Secure IoT Device Mobility Problem: Environments such as hospitals, manufacturing floors, and casinos are experiencing a proliferation of devices requiring network connectivity, many of which require at least some degree of mobility. These end-point devices may themselves necessitate and include security considerations, such as authentication and encryption. However, in the context of certain environments, the broader network needs to be protected from potential threats emanating from these end-points; a compromised IoT device should not be the launch point for a network- wide assault. Solution: End-point devices are associated with an Open Networking Adapter that provides dynamic, automated connectivity. The ONA-based solution delivers the required mobility, and based on the device identity, allows security services to be customized. This also allows the network presence of individual devices to be tracked, and for all services and security policies to follow the device if and as it moves within prescribed tolerances. If the ONA becomes non-compliant with policy, the device can be reset or even disabled, isolating it from the environment and thus neutralizing the risk of a threat originating from misuse or misappropriation. The burden of complex installation and configuration is removed: being plug-and-play, ONAs enable users to connect end-points on an as-required basis; automated provisioning streamlines dynamic service connectivity and activation. Establishing a seamless solution for effective business IoT mobility can improve customer satisfaction by delivering real-time service agility, while at the same time it can reduce operational cost. Releasing IT staff from mundane configuration has the associated benefit of allowing them to concentrate on strategic tasks. avaya.com | 5 Internet-Connected Branch Problem: The traditional Branch Office is undergoing something of a quiet revolution, driven by less permanently based staff, as people increasingly opt for mobile connectivity and remote access. Businesses are looking to right-size their real estate footprint. Often matched with a parallel transition of CRM applications into the Cloud, MPLS connectivity, expensive in comparison with generic high-speed Broadband, becomes increasingly more difficult to justify. Solution: Predicated on the fact that virtually all Branch Office traffic flows to and between remote application systems – either in the corporate Data Center, or to Cloud-hosted platforms – the SDN Fx™ solution for the InternetConnected Branch moves the connectivity traditionally delivered by a WAN Router to the Cloud. In its place all that’s deployed is an Open Networking Adapter, leveraging Ethernet-based high-speed Broadband, and executing centrally-administered service connectivity and privacy policy. Thus, the Branch Office now look more like a hot spot on the corporate Wi-Fi network, connected to the greater network via an intelligent ONA and a high-speed pipe. Users are given policybased access to corporate services and resources. This SDN Fx solution has the benefit of addressing both capital and operational costs. Equipment procurement and deployment costs can be minimized, and the monthly operational costs associated with traditional connectivity options are greatly reduced. Flexible Remote Worker Problem: With an increasing number of staff working outside of the traditional office environment, there’s a corresponding increase in the need for managing access and monitoring service quality. Additionally, there are scenarios – for example, Contact Center Agents – where staff may need to transition between virtual workgroups even during the course of a single day; these changes need to be seamlessly enacted and governed by centralized policy. Solution: This solution enables end-point user devices such as IP Handsets, consoles, and computers, connected to their respective services via an Open Networking Adaptor, centrally controlled and dynamically re-provisioned in accordance with business-driven policy. Service operators can remotely manage users and their devices, monitor policy compliance, and manage application and resource access. This solution also features the ability to pro-actively monitor and report on service quality, helping to provide the highest possible service level for both staff and customers. For example, Contact Center Agents can be dynamically moved between different client accounts without complex re-configuration or extended downtime, all based upon the actions of a centralized controller enacting business policy. If an individual Agent’s connection falls below predefined quality or performance thresholds, proactive reporting tools flag this in avaya.com | 6 real-time, and policy-based dynamic re-provisioning takes the appropriate action, making the necessary service and infrastructure changes. This solution can massively increase flexibility, and reduce operational cost and complexity. The Promise of SDN SDN suggests significant business benefits but it requires holistic thinking and an approach beyond pure infrastructure. The real promise of SDN is not infrastructure automation, but as a fundamentally different means of supporting users and business processes by allowing a closer integration between applications and the network. The SDN open community has led the way and continues to innovate rapidly. The reality is that most businesses will need to maintain legacy applications, want enhanced reliability and efficiency in existing environments, and at the same time seek tactical opportunities to benefit from SDN. Avaya’s SDN Fx™ architecture has been designed to support these needs. It combines the benefits of the standards-based Fabric Connect network virtualization technology, removes traditional network complexity, and automates, secures and virtualizes the core. The Fabric Attach capability automates end-point connectivity at the edge, easing and accelerating deployments even further. These capabilities increase reliability, shorten timeto-service and lower operational cost, freeing key staff to work on adding initiatives that more directly benefit the business. SDN Fx’s “Enabled Edge”, enables effective, relevant, and open SDN deployments. It allows customers to benefit from the best of both worlds: the power of the open community and, in Avaya, the support and consistency of an industry leader and innovator. The Avaya Open Networking Adapter is a new class of networking product that leverages open source to deliver deployment simplicity and operational agility. Utilizing ONA, businesses can seamlessly transform conventional end-points into intelligent network nodes; monitored and managed, their networking capability administered and controlled centrally. This transition can empower enhanced functionality and productivity. avaya.com | 7 About Avaya Avaya is a leading, global provider of customer and team engagement solutions and services available in a variety of flexible on-premise and cloud deployment options. Avaya’s fabric-based networking solutions help simplify and accelerate the deployment of business critical applications and services. For more information, please visit www.avaya.com. © 2015 Avaya Inc. All Rights Reserved. Avaya and the Avaya logo are trademarks of Avaya Inc. and are registered in the United States and other countries. All other trademarks identified by ®, TM, or SM are registered marks, trademarks, and service marks, respectively, of Avaya Inc. 03/15 • DN7702-01 avaya.com | 8