I attended VMworld in San Francisco last week, and I want to offer my observations from the context of networking.
What is NSX good for - classic use cases and security
VMware continued to talk about NSX, which of course received a lot of attention. They continued to emphasize the security use cases (micro segmentation) for NSX, but a surprising observation was that just as many customers (about 40%) used NSX for network virtualization (primarily provisioning and configuration) as they did for security. Although one can argue that one needs to set up standard network virtualization before they embark on NSX-based security, it’s good to hear that the original, classic use case that drove SDN is one of the top use cases of NSX. Other networking vendors also advocate network segment-based security, such as Juniper’s AppSecure for SRX (for micro perimeterization), or Nuage Networks’ Virtualized Services Platform (VSP), and security firms such as Illumio which (taking one step further down the unit-prefix ladder) has nano-segmentation in its Adaptive Security Platform (ASP). I can’t wait for pico-segmentation.
Importance of apps
The talk of segmentation changes the conversation to be application centric. Martin Casado, General Manager of Networking and Security, emphasized apps during his keynote, where he said that the app is the network and the conversation was not about packet flows or Layer-2 or Layer-3 networks. Modern apps are deployed as a distributed system, and troubleshooting becomes hard and security becomes even more important. The emphasis on apps echoes Cisco’s Application Centric Infrastructure (ACI) as well, which also manages application through an SDN model for the network, servers, storage, security, and services. I agree that viewing the world through the lens of applications and policies associated with the apps is ultimately going to benefit IT and end-users.
How it fits into rest of VMware
An interesting point is that within the data center stack, there wasn’t a discussion of guest OS (Microsoft Windows, GNU/Linux), and the focus was on the applications and the SDDC. This seems to point to how the operating system has receded in importance in the cloud data center. Although one of the announcements made was on the VMware Photon OS, a guest OS, but that was a minimal Linux container host designed to run containerized apps in a virtualized system, so although we had innovation in the guest OS, it was by making it minimal.
What’s more interesting is how NSX technology fits into VMware’s vision of the hybrid cloud and SDDC. Cross-cloud vMotion was shown as a technology preview, and technologies that underpin NSX were instrumental in making this happen. Guido Appenzeller, CTO of Networking & Security for VMware, demonstrated NSX for Amazon Web Services, where AMIs plug in to the NSX network. This demonstrates that networking is a critical component to VMware’s vision of a hybrid cloud --- one needs to switch together disparate elements to realize this vision, and networks play an important part.
In the future, I hope to see more integration of NSX into WAN and perhaps integration with technologies available from the many SD-WAN companies. One of the motivations for SD-WAN is to accommodate the transition of apps from residing solely in the data center to a combination of SaaS and data center, so this ties well into VMware’s vision of the hybrid cloud.
In the next blog, I hope to provide more observations into NSX.