SDN: Not just for carriers, DCs

Software-defined networking has helped Ballarat Grammar School keep net nasties in check, the school's head of technical services says

Analyst firm IDC has previously predicted that by 2016 the software-defined network market will be worth US$3.7 billion and account for more than a third of Ethernet switching in data centres. And while much of the SDN hype has been focussed data centres and carriers, it seems inevitable that it will find its way onto at least some campus networks.

In many ways Ballarat Grammar School seems an unlikely SDN pioneer. However, the Victorian school has been taking advantage of the capabilities of its OpenFlow-compatible networking gear for around two years now, according to its head of technical services, Greg Bell. The IT team has been using an SDN-based application to combat malware, phishing and other Internet-borne threats, Bell says.

The school has a 1:1 device program for its staff and students. Most recently Bell and his team rolled out 420 Lenovo IdeaPad Yoga: Windows 8-based notebooks that can operate in tablet mode. All up there are some 1100-1200 wireless devices on the network and some 400 desktops around the campus.

"We have HP wireless everywhere," Bell says. "We would have around 200 wireless APs around the campus, and that includes the boarding houses. We've got a pretty good network of single mode optical fibre around the campus; I think we worked out we've got about five or six kilometres of fibre around the campus."

The school has 10 gig links from the data centre to the buildings on campus. Most of the switches on campus support OpenFlow, Bell said. There are some low-end switches in some of the staff residencies that aren't, "but certainly we have devices like the [HP] 3800s into each of the boarding houses and we're using HP 5400 switches in some of the larger buildings on campus," Bell says.

While the IT team manages the school-provided Windows 8 devices, the boarders and resident staff have a substantial numbers of unmanaged devices on the network. "We're not too big on BYOD in the classroom because we want a pretty level playing field for our staff and students," Bell says.

"But we have BYOD in the boarding houses and the staff residences, just to help those guys feel a bit more comfortable."

SDN "fell in our lap," Bell says. He had been concerned about dealing with problems such as malware on the network. The idea of investigating SDN came out of a conversation with HP after the school had been doing some beta testing for the vendor.

"We were talking about some of the issues we have with BYOD and not being able to manage the [devices] at all — we can decide which VLAN they're on and generally that's about it. We have no sort of visibility as to the health of those machines," Bell says.

"A few cogs whirred away in the background," Bell says and the school was offered a chance to try HP's Sentinel Security Application as part of the vendor's early access program.

"We were given the chance to get on to Sentinel pretty early in the piece," Bell says. The application gives Bell's team an easy way of monitoring and controlling network access.

"We can see what sort of traffic is coming from devices; it doesn't matter if it's one of the laptops we provided or a desktop or a BYOD [device]. All of those of those types of devices use DNS on the network to get from here to there and out on to the Web.

"Sentinel is able to analyse that DNS traffic and before it returns an IP address to those devices it evaluates the DNS request against the TippingPoint reputation database." The IT team are able to use to configure thresholds for different categories of sites from within Sentinel, letting them catch malware before it hits the network.

"We set the threshold that we're happy with and Tipping Point will work out if that DNS request should be allowed or denied," Bell says.

The school was already primarily using OpenFlow-compatible switches; setting up a hybrid network and getting Sentinel up and running was the work of an afternoon, Bell says.

"If we were trying to roll out another piece of software to do the same thing — where we need some sort of agent software on each of the machines on the network — that would be a bloody nightmare."

Although it might be possible to do on the devices the school manages, there "wouldn't be a hope in hell" of getting it installed on all the BYO devices.

BGS hasn't gone down the full SDN path: The switches are running in hybrid mode, Bell said. "I think that's a good thing about SDN," the IT manager said. He cites HP's UC&C SDN application for Microsoft's Lync UC suite as an example of something else that's piqued his interest. The application can detect Lync voice and video traffic and dynamically rewrite QoS rules for the network.

"That's an absolute ripper," Bell says. "I think that between something like Sentinel and something like that application for Lync you can get an idea of the power of SDN."

"I think maybe give it 12 months, 18 months, [and] we'll see a lot of these SDN applications for the campus that we'll be able to quickly jump on, install, try them out, and see how we go."

Tags SDNNetworkingsoftware-defined networking

More about HPIDC AustraliaLenovoMicrosoftTippingPointTippingPoint

Comments

Comments are now closed

In support of a fibre-to-the-premises NBN

READ THIS ARTICLE
DO NOT SHOW THIS BOX AGAIN [ x ]