DCN September 2017 - Page 45

data centre traffic Security in DCI With more services being housed in the cloud and the amount of financial, health and other sensitive information within the cloud increasing on a daily basis, the cost of a security breach can be significant, especially if personal or confidential information is compromised. Such security breaches can result in loss of trust and user data, resulting in lost revenue as well as financial losses due to regulatory or legal implications. Keeping data secure is therefore paramount and this has to be done not only when the data is stored in a data centre, but also when it is in-flight between data centres, resulting in the need for security on DCI boxes. The two main technologies being used for in-flight data security are: •  Bulk Layer 1 security: Where the entire content is encrypted and authenticated using the likes of AES256. This by far is the most cost effective for providing security for large point to point data pipes. •  MACsec as defined by IEEE 802.1 AE: Where packets are encrypted individually and can be handled easily in hardware. MACsec provides security at Layer 2. Most data centre operators are looking for one of the two methods for providing in-flight data security. Having the ability to do either one of the two methods in the same box can be an asset to addressing the needs for multiple ICPs and service providers. The trend to have more open line systems where equipment should be able to interoperate with another vendor’s equipment, also drives the need for supporting both methods in the same box. A Flexible DCI platform can achieve this and more. Managing upgrade cycles DCI in a Metro or Long Haul requires multi Terabit capacity, and today the best technology to allow this is DWDM using coherent line technology (that said some metro reaches are being addressed using direct detect PAM4 technology but this is limited to short reaches). Coherent Line Optics are a significant investment and operators would like to maximise this investment. In certain cases long-haul 100Gbps transport cards may cost between 70 and 100 times a similar capacity switching port, and hence obsoleting this gear at the same refresh cycle of three years may not be cost optimal. Working on that premise, it is likely that the DCI gear may see at least one if not two data centre equipment refresh cycles within their lifetime. Having the ability to adopt to newer interfaces and provide continued service with different networking equipment is also important for DCI boxes. The DCI box’s flexibility is not limited to adopting to new interfaces. It must also be able to bridge between new networking gear in one data centre and older gear on the other side. This flexibility allows data centre operators to decouple the upgrade cycles and limit forklift upgrades on both sides at the same time. This is another key benefit in deploying Flexible DCI platform. What is a flexible data centre interconnect box? In light of the discussion above it is quite evident that the DCI box of the future needs to function as an entity that can intelligently adapt a personality or functionality that is desired by its deployment at that point in time, as well as accommodating easy evolution of technology overtime. The equipment personality may range from allowing different security protocols for different deployments to adapting to changing networking protocols and interfaces. ‘Keeping data secure when it is in-flight between data centres, results in the need for security on DCI boxes.’ As more and more line systems migrate to pluggable DCO (Digital Coherent Optics) formats, having a box that can ta H[][\BXHY\[[ܜš\\H[\ܝ[ \[X\›[X[][و\X\܈B\]Z\Y\[ X[[\BY\[H\[\]ܚ[œۈHY[YHB^Y]\]]\و LKL K܈ K[^XB]\ZH^K[[X][H\Z[ Z[\[B^X[]H[H۝\ۛYHY\ۘ[]B\YۈH\[8&\YY [ݚY\H^Y\وXX[ۂ[[[H[H\[HBX]Y[HY[ܝ]]][[\[] H\[H[HXYܘ[BXݙH\^X[]H\™X\[HݚYYH\]Y[HY[[[HX[HB]ܛKX[[\[Y[][ۂ]H[[H[܈Y[X[HH L M؜\[H[YH]XK\[\š]H[HYHXH\[\[ܜˈH[HYH[B\[ \X]X ܈]\H˜[\Y]XXX˂H[YHو\^X[]H^\™܈][[][\Y\]\š[\\وۙ\\]Z\Y[Y\[]\\[[[[X\H[Y\[›]ܚXH[\[B[[ZXX\]XK\[X\ M