The outcome of these projects does not always produce the desired effect. Findings from a recent study of 240 information security professionals, network operations and application owners found that more than two-thirds of organizations encounter application connectivity disruptions or outages during data center migration projects. So while the value of a private cloud is not disputed, getting there without hurting the business does cause concerns and anxiety for many organizations.
Before we go any further, let’s take a step back and recognize that business applications fuel the data center and ultimately the business – an outage or disruption can have significant implications on the bottom line. The organization must understand everything that makes up a business application, which typically has a complex, multi-tier architecture, multiple components, and intricate, underlying communication patterns that drive network security policies.
It is also important to recognize that most firewall changes are driven by business application connectivity needs. Understanding the impact of these application changes on the network and vice-versa is critical, as is making sure that all firewall change requests are associated to the appropriate applications. While individual rules support multiple applications, an individual “communication” may need to travel across a few policy enforcement points.
Hundreds or even thousands of firewall rules are involved with this complexity including many potential interdependencies that are configured across tens to hundreds of devices, which support just as many business-critical applications.
It’s hard enough just to roll out a new business application or to make an update that impacts connectivity. Many organizations lack visibility of their application connectivity requirements and the underlying security policies, and these challenges only become magnified when migrating applications or a data center. Here are steps to accelerate and simplify a data center migration project – without taking the business offline:
1. By leveraging existing firewall rules, data center migrations can proceed without any unexpected and bad surprises. Locate and determine all of the firewall rules that refer to the existing server’s IP address and add the IP address of the cloned server to the discovered rules. This allows the existing and the new servers to work simultaneously.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.