According to news reports, credit card information from Target’s point of sales systems was stolen after hackers gained access to the systems of an HVAC contractor that had remote access to Target’s network.
Network virtualization is an important tool that can be used to prevent (or at the very least place barriers) to similar attacks in the future. Increasingly retail stores deploy multiple applications that must be accessible remotely. HVAC systems are an example, but retail locations also often support signage applications (advertisement panels), wifi guest networks, etc.
Most of these applications will contain a mix of physical systems on the branch, applications running in the data-center, as well a remote access to contractors.
From a network segmentation perspective, it is important to be able to create virtual networks that can span the WAN and the data-center. The obvious technology choice for network virtualization in the branch is to be use MPLS L3VPN. It is a technology that is supported in CE devices and that can be deployed over a enterprise or carrier managed private network.
The branch office CE will need to be configured with multiple VLANs, per virtual-network, where physical systems reside. In order to have a solution that is manageable these VLANs should be associated with a VRF in order to prevent unauthorized traffic. It is also possible that the branch will require servers that run virtual-machines that should be associated with different virtual-networks.
On the data-center, it is important to be able to interoperate with the WAN virtual-networks. That is where a technology such as OpenContrail shines. Giving the network admin the ability to extend a Neutron virtual-network across the WAN.
Note that the data-center in question could be a private data-center, a remotely hosted application or a contractor. All of these use cases can be achieved by using networking technology built on interoperable standards.