Connecting the Dots in a Distributed Architecture

Protect your distributed resources, and empower your users, with a centralized policy engine.

The trend toward dispersed IT is both an opportunity and a challenge. There are advantages to distributing resources and services across multiple datacenters and cloud providers. Designed properly, this technique can lead to higher availability, better performance, and optimized costs.

Similarly, eager users who not only work in the office, but also remotely, can increase their productivity and responsiveness. According to Global Workplace Analytics, 20 to 30 million Americans work from home at least one day a week, including 15 to 20 million road warriors who are fully mobile. This trend is increasing. Regular telecommuting grew 73% from 2005 to 2011, the report reveals.

The problem with a highly distributed topology is that all of these locations and networks are not necessarily connected. Sure, they are all attached to the global Internet. But there are good reasons to insulate them, as well as thwart any attacks or malicious behaviour.  

In Building a People-Centric Datacenter , we looked at how user identity was at the core of a people-centric datacenter. And yet, successful authentication is only the first step toward enabling users to perform their work. It doesn’t help users to be able to log on unless they can operate at full capacity. You also need to ensure that they have full access to all the resources they require — no matter where the users or the resources are positioned.

This would be simple if you didn’t also have the parallel requirement to protect the same resources from misuse. You need to create a logical boundary that surrounds and protects your enterprise data and systems. This boundary might include your own on-premises datacenter as well as shared resources in partner-hosted and public environments. The important point is that it needs to be shielded from any unauthorized access.

Connectivity and access controls are not rocket science, but they do demand some diligence to set up. The objective of the IT department should be to absorb this burden in order to relieve the users. Employees should have transparent connectivity to these resources from wherever they are. After logging on once, the rest should be automatic. A centralized policy engine should regulate the actions they can perform. Careful monitoring and logging can also help to meet critical internal security and compliance needs.

Back to my initial point, the future is clearly headed toward more distributed applications across physical, technological, and organizational boundaries because of the benefit that wide propagation enables. The challenge is to ensure that the infrastructure is secure and doesn’t put an onerous burden on the user. The mechanisms are available to do so, but you do need to incorporate them into your design from the start in order to get the most out of them.