SDN on Campus

Nowhere is the potential of software-defined networking (SDN) more apparent than in the higher ed setting.

Given the growing number of users, vast amounts of storage and increasing bandwidth demands prevalent on most college campuses today, there are many facets of the SDN movement now ripe for campus IT teams to explore. SDN is a means of simplifying configuration and increasing flexibility in hardware deployment by separating the control functions of networking gear from hardware-based processing. 

Beyond greater speed and capacity, SDN offers IT departments a greater level of control and flexibility over classic network environments, faster time to deployment for applications, improved IT productivity and, ultimately, savings on the bottom line.

Many institutions are already putting SDN to use, deploying it to connect to the Internet2 Network or as part of a virtual data center environment. However, the full potential of SDN has yet to be realized on most campuses.

Indiana University and Marist College are two early adopters of SDN. Both have developed their own software to control their network tasks.

At IU, FlowScale software modifies Ethernet switches to perform security tasks while monitoring and distributing incoming traffic to intrusion detection system servers that inspect data and block malicious code.

Teams at Marist have written code that allows switches in three separate data centers to communicate over single-mode fiber; the software in this instance manages DNS and DHCP services. Connections are still being built out and tested, but the new app already supports production traffic.

Software-defined networks offer multiple authentication methods, making it simpler for IT to offer access rights by device, even when devices (such as access points, print servers and card readers) cannot provide a username or password.

Device Integration and Control

The software-defined network uses a device's Media Access Control (MAC) address as an authentication mechanism, which a network access control application uses to determine permissions. For instance, a device's type and vendor (revealed through the MAC address) may determine whether it is permitted on a specific port, connected to specific switches. That device's permitted activities or functions also can be governed on the network.

Given the vast array of mobile devices and operating systems proliferating on college campuses, SDN also offers IT teams the flexibility to enforce policies equally for wired and wireless infrastructure. Administrators can create or define policies that apply to mobile devices from any vendor, without having to develop specific software for specific brands or products. Unified policy management capabilities and a universal view of all available data paths — regardless of the connection type — mean fewer headaches for IT and greater network security.

Working Group Support

Software-defined networks also will prove a boon to the many collaborative environments and working groups present on campuses today — students working together on projects, cross-departmental or cross-disciplinary research groups — which share information and dedicated network resources. SDN offers more efficient ways to support these groups over traditional VLANs, because a controller can assign and release resources as needed, whenever and wherever that may be. For instance, rather than configuring specific devices (as required in a VLAN scenario), specific group applications can be set to send the SDN controller a request for bandwidth between group users' affected devices. If the controller determines that any changes are required on the devices, those changes can be pushed out to users as soon as they join a group.

As new SDN code is written, it is likely that higher ed enterprises will continue to innovate and create new possibilities. And as IT teams are increasingly freed from many manual configuration tasks, it is likely they, too, will have the opportunity to offer greater contributions to the innovations taking shape on their campuses.