When Windows Server 2019 is released this fall, the updates will include features that enterprises can use to leverage software-defined networking (SDN).
SDN for Windows Server 2019 has a number of components that have attracted the attention of early adopters including security and compliance, disaster recovery and cusiness continuity, and multi-cloud and hybrid-cloud.
The new virtual networking peering functionality in Windows Server 2019 allows enterprises to peer their own virtual networks in the same cloud region through the backbone network. This provides the ability for virtual networks to appear as a single network.
Fundamental stretched networks have been around for years and have provided organizations the ability to put server, application and database nodes in different sites. However, the challenge has always been the IP addressing of the nodes in opposing sites. When there are only two static sites in a traditional wide area network, the IP scheme was relatively static. You knew the subnet and addressing of Site A and Site B.
However, in the public cloud and multi-cloud world – where your target devices may actually shift between racks, cages, datacenters, regions or even hosting providers – having addresses that may change based on failover, maintenance, elasticity changes, or network changes creates a problem. Network administrators have already spent and will drastically increase the amount of time they spend addressing, readdressing, updating device tables, etc to keep up with the dynamic movement of systems.
With Vnet Peering, while the external location and fabric that the host and applications systems are running in may drastically change, the virtual network remains consistent. No need to change source and target addresses within the application, no need for Web and Database pairs to change settings.
Another significant improvement in Windows Server 2019 is the ability for virtual-network traffic to be encrypted between virtual machines. Traffic encryption is not new to the industry, however having the encryption built in to the operating system as the basis of hypervisor communications, server communications and application communications provides both flexibility and that in the past was frequently done at the application layer.
Now with Vnet encryption, entire subnet communications between host servers can be protected, and all network traffic within that network is automatically encrypted. For organizations looking to ensure communications between a Web server and a database server is encrypted, Vnet encryption in Windows Server 2019 can be enabled. Since the communications is at the network/subnet level, if additional Web frontends and backend databases needed to be added, all those servers join the same encrypted communication stream, offloading the secured communications away from the application itself, improving performance and efficiency.
Some of this protection can be accomplished by isolating servers and systems on the same VLAN, but organizations can more simply and quickly encrypt the communications between systems as a method of secured communications and data protection. As organizations look to enable protection through software defined controls and eliminate complexities, configurations leveraging virtual network encryption greatly enhance security in a simplified manner.