SANTA CLARA, Calif. -- NFV & the Data Center -- There was more to this week's NFV and the Data Center event then barfing unicorns, seven-minute abs and conga lines -- although those were all part of it as well.

Light Reading's day-long deep dive into data centers provided a realistic look at timelines for virtualization, the new security requirements for NFV and the migration path from a telco data center to a cloud-based environment. There were a lot of great perspectives and content from the event, but here is a list of my top 10 takeaways for telcos navigating NFV and the data center.

For all the coverage from NFV & the Data Center, go to the dedicated show site here on Light Reading.

10) SDN must be open.
If SDN is not open, it defeats the original purpose of the technology and prevents it from scaling. Not surprisingly, this thought came from the chairman of the Open Networking Foundation 's migration working group, Justin Dustzadeh. The ONF is all about openness -- it's right there in its name -- but it's a good reminder as vendors pitch software-driven platforms that are open in name only. (See How Virtualization Transforms Network Needs.)

9) Complexity should be tackled in the service layer.
Just as going from hardware to software doesn't ensure openness, it doesn't guarantee less complexity either. "If all we do is trade off complex hardware to complex software, we've really done nothing to get us down the road of what NFV is supposed to deliver," Christopher Liljenstolpe, director of solutions architecture for Metaswitch Networks ' networking business unit, said at the show. He believes the most time and money should be invested in dealing with complexity at the service layer. Customers don't care how complex the network is (unless it fails, that is). They need simplicity in the service infrastructure, i.e., only a couple of choices for storage, compute and connectivity that can then adapt to what needs to be delivered. "If complexity is required, it's best to push it up the stack," Liljenstolpe said.

8) NFV, SDN and cloud are inextricable.
Operators are planning for SDN, NFV and the cloud at the same time, although it's because they will complement each other, rather than heading for collision. They can be done separately, but work best together. SDN helps make NFV possible, Heavy Reading analyst Roz Roseboro said, and both are eventually going to a cloud architecture. "Eventually it will all be considered one thing with an interdependence," she said. "You can do all them separately but, if you do them all together, there is the biggest benefit." (See Brocade: There's Something About the Cloud and Ixia's New CEO to Telcos: Read Up On Cloud.)

7) NFV is already here, but far from mainstream.
NFV is already here in some forms today, but expecting telco services to be entirely migrated to NFV by 2020 is a bit aggressive. That was the general consensus amongst many of the panelists at the show. Even for early adopters, it will be a challenge as they work through internal issues like breaking down their organizational silos and adapting their business models. (See NFV Lets NTT America Flex Its Networks.)

6) Automation matters in the cloud.
CenturyLink Inc. (NYSE: CTL)'s VP of Network Strategy and Development James Feger put it best when he said, "if you're on a nine-month release strategy, your network isn't really programmable." Timelines must become a lot shorter, and programmability and automation are necessary components to allow for self service in a complex environment. (See CenturyLink Pushing Faster Service Cycles.)

"Agility is an asset. You can only tame complexity," added Heavy Reading analyst and event host Jim Hodges, quoting Brocade Communications Systems Inc. (Nasdaq: BRCD)'s Kelly Herrell from an earlier presentation. "As an industry, we realize complexity is an inherent part of what we're doing, but it's something we have to address."

5) Business case drives everything.
Nothing gets done at an operator -- related to NFV or otherwise -- if the cost cannot be proved out. Every decision on what gets funding is driven by cost, a point Sprint Corp. (NYSE: S)'s Manager of Emerging Opportunities Anne-Louise Kardas reiterated at the Women in Telecom breakfast. And, Roseboro added, what gets funded is the stuff that affects the top line, meaning NFV is much more likely to see funding because it helps an operator make money, while SDN is all about opex and efficiency. (See Pics: LR's Women in Telecom Breakfast and Introducing 'The New IP' .)

4) Get surgical about how security is inserted into the network.
Moving to a more cloud-like data center that is scalable and malleable blurs the lines for where security should be inserted, according to Adam Geller, vice president of product management at Palo Alto Networks Inc. Decisions made on ports and destinations ignore fluid apps and activity outside the core of the network. A recent study of Palo Alto's customers found that 95% of attacks logged against customers came from only 10 apps, nine of which are commonly used and can't just be blocked. That's why telcos have to be able to inspect traffic at a deeper level, he said. Security can't be based on physical appliances, and it can't be generic.

3) Security needs to be virtual, segmented and on-demand.
The importance of security was reiterated throughout the day, creeping into every panel session and keynote. While SDNs can respond to threats a lot faster, their design also means that if a criminal hacks into the network's vCenter, they can control the telco's entire data center. That's a scary thought. Deb Banerjee, chief architect of data center security at Symantec Corp. (Nasdaq: SYMC), said that segmentation is key for security so that it's not tied to a set of racks. Segmentation lets telcos use policy to pick and chose which sets of traffic to scan through firewall. They also need virtual security appliances deployed in the fabric of the data center on every host. "Risk is more dynamic; not as static as it used to be," Banerjee said, adding that combining virtualization, SDN and NFV can enable security on demand.

2) Avoid the security app conga line.
Finally, when implementing security, keep in mind that service chaining only goes so far. Palo Alto Network's Geller said that a good security solution has to fit into various technology architectures today and in the future. If not, operators will just end up with the "security app conga line," which will be a challenge to manage. "Any good security solution that's going to fit in has to be orchestrated and tie into existing solutions," he said. And, he added, a centralized policy management platform is required to do anything at scale, and it must also use context awareness and sharing, which isn't happening much today. "Two-way communication is still at early stages for a lot of organizations. When they see that, they see there is significant opportunity to add security dynamically."

1) NFV must be 'operationalized.'
The good news is that a year ago everyone said NFV would never be "operationalized," and this year that conversation has changed to how to do it. The bad news is there is still a lot of work to be done. Roseboro explained, "All the technology in the world is great, but if you can't operationalize it, it will be crap that just sits in the data center, and you can't use it. If you just take processes today and automate them, it's garbage in and garbage out." Networks have to be re-architected to do things differently, and she believes it's still very early. Operators are starting to automate the easy parts of their network, but it'll be a long time before they tackle the entire thing.

— Sarah Reedy, Senior Editor, Light Reading