The outcome of these projects does not always produce the desired effect. Findings from a recent study of 240 information security professionals, network operations and application owners found that more than two-thirds of organizations encounter application connectivity disruptions or outages during data center migration projects. So while the value of a private cloud is not disputed, getting there without hurting the business does cause concerns and anxiety for many organizations.
Before we go any further, let’s take a step back and recognize that business applications fuel the data center and ultimately the business – an outage or disruption can have significant implications on the bottom line. The organization must understand everything that makes up a business application, which typically has a complex, multi-tier architecture, multiple components, and intricate, underlying communication patterns that drive network security policies.
It is also important to recognize that most firewall changes are driven by business application connectivity needs. Understanding the impact of these application changes on the network and vice-versa is critical, as is making sure that all firewall change requests are associated to the appropriate applications. While individual rules support multiple applications, an individual “communication” may need to travel across a few policy enforcement points.
Hundreds or even thousands of firewall rules are involved with this complexity including many potential interdependencies that are configured across tens to hundreds of devices, which support just as many business-critical applications.
It’s hard enough just to roll out a new business application or to make an update that impacts connectivity. Many organizations lack visibility of their application connectivity requirements and the underlying security policies, and these challenges only become magnified when migrating applications or a data center. Here are steps to accelerate and simplify a data center migration project – without taking the business offline:
1. By leveraging existing firewall rules, data center migrations can proceed without any unexpected and bad surprises. Locate and determine all of the firewall rules that refer to the existing server’s IP address and add the IP address of the cloned server to the discovered rules. This allows the existing and the new servers to work simultaneously.
2. Once both physical and virtual servers are enabling the proper connectivity, application engineers can then reconfigure all of the applications’ components to use the new IP address.
3. After this is achieved and all of the application components’ connectivity paths have been reconfigured and tested, the original server can be safely shut down and all of the references to its decommissioned address from the firewall rules can be removed.
Remember that even in the most poorly documented data centers, firewall rules can provide vital information regarding which applications will be affected when a server is migrated and which groups of servers will benefit the most from being migrated concurrently. Using existing firewall rules in this manner can help get to a private cloud faster, without disruption.