This is my second VMworld 2015 observations blog. The first one is here.
Not one, but two products
When people discuss NSX, they consider it to be closely tied to vSphere. It’s actually not, and VMware is actively embracing a multi-platform world. Let’s not forget that there are two NSX products – NSX for vSphere (currently at version 6.2) and NSX for Multi-Hypervisor (4.2.4). It was stated that there 20% NSX deployments are on OpenStack. This is in reference to OpenStack based on a GNU/Linux foundation such as KVM and Open vSwitch as opposed to VMware Integrated OpenStack, so this is a good start for multi-platform support.
NSX’s origins are from VMware’s acquisition of Nicira, which had an OpenStack based Nicira Network Virtualization Platform (NVP), so they had existing assets to leverage. Customers are realizing that they are one of the few vendors that offers deep support for multiple platforms. There are important differences between the two products (NSX-V & NSX-MH), so customers note them and should ask that they get rationalized on the long-term.
People ask me how this compares with SDN systems like Cisco ACI. ACI primarily resides in the networking layer, so by nature, is multi-platform since the core parts of the system reside outside the realm of the server and hypervisor and are implemented in the switches and controllers. However, additional software like the APIC Driver enables the translation of cloud management platform settings (such as OpenStack configurations) into ACI.
Networks bind on-premises and the cloud
NSX technology also plays a key role in creating the hybrid cloud, whether to enable vMotion between on-premises and the cloud, as shown in a technology preview, or to create an NSX network between vSphere and Amazon’s AWS (a technology preview again). Networking is one of the key technologies that binds and integrates different systems, so enterprise customers seeking a diversity of platforms in the future (on-premises or cloud or different virtualization platforms) will benefit from this type of support.
Prominently featured features
New features were released, such as (1) cross vCenter Networking and Security and (2) VTEP (VXLAN tunnel endpoints), or the ability to bridge VLANs from the physical world into VXLAN segments by leveraging physical devices such as top-of-rack switches that act as VTEPs (announced from Arista, Brocade, Cumulus Networks, Dell, HP, and Juniper Networks). So it will help get legacy workloads (such as non virtualized databases) to finally connect into virtualized networks.
Just as important - Operationalization is key
Some new items not emphasized in the announcements were equally interesting to me:
- TraceFlow - This tool enables tracing packets as they traverses the overlay network. This is an important capability, since for operational and management reasons, one must have visibility into the underlay and overlay (P+V) networks, and troubleshooting has been a critical need for adopting network virtualization. This is different from a plain “ping,” and can work even if the destination VM is down since it tracks the network at the host (hypervisor) level. This is an acknowledgement of the fact that operational management is critical to the adoption of an SDN solution and if you can’t manage it, it won’t get deployed.
- Guidebooks - For the same reason, guides for operationalizing NSX were also released. The adoption of cloud software requires a good understanding of how to deal with day-to-day management, and lessons from professional services organizations, best-practices from customers, and the vendor's product team are key to helping IT organizations understand how to adopt new technology. This is an important step where lessons from the real-world are shared with the customers, and I highly recommend customers watch recordings from VMworld or read a paper. (See the new NSX-V Operations Guide here.)
- Encryption - Some technology previews, such as the ability to set encryption on virtual networks, were shown. This is important since it slips the capabilities underneath without changing the workloads and helps (again) with many operational issues such as key management. Performing this in software was enabled using updates in silicon such as Intel’s crypto AES-NI capabilities, so it’s good to remember that advances in software-defined networking still rely greatly on hardware capabilities. SDN isn’t some magic that can be treated in its own world—hardware ultimately still matters. Other vendors such as PLUMgrid have added end-to-end per-tenant data plane encryption for their network virtualization, so this can become a trend.
Spurt of innovation
VMware is making an honest appraisal of itself as customers demand a multi-platform world (whether it’s vSphere and OpenStack, VMs and containers, or on-premises vs off-premises cloud). The very properties that enabled the rapid adoption of virtualization also enable customers to look at other platforms.
What do I mean by that? Virtualization became popular as vSphere grew to become the new data center OS: Legacy workloads were jacked-up and a new virtualization substrate was slipped underneath. But since customers did not need to rewrite their apps, they benefited from a new set of capabilities almost transparently. This meant that operationally, old client-server apps got modernized (via capabilities like vMotion).
Since vSphere is neither a traditional OS (like Windows) nor an apps framework (e.g., Spring in the Java programming language; Revel for the Go programming language - or Golang), apps are typically not directly written for the vSphere platforms, since it resides in a layer below, controlling access to resources. However, the industry is realizing that apps are what matters the most today. For example, the "A" in Cisco ACI stands for applications. What does this mean for VMware?
Alternatives are arising
Customers can potentially slip in an alternative low-level infrastructure in the future to support their apps as long as their apps are compatible. This is possible in theory but practically speaking, it is not easy to perform, since there are many operational procedures and infrastructure tied to vSphere and its related ecosystem. But on the long term, everything is greenfield and new apps will be written, and legacy apps will fade away and people will look at alternative foundations for apps.
So VMware seems to be going into a new spurt of innovation to address these changes, announcing completely new platforms other than its classic ESX foundation and embracing a variety of platforms. Products like NSX can play a critical role, as it can support different platforms (vSphere, OpenStack, AWS, perhaps Photon), stitching together different parts of the infrastructure, so I expect it to position itself as an important part of VMware's portfolio in the future.
Keeping the message focused
Customers during VMworld have explained to me that many of the presentations for these new systems (in particular the container-oriented ones) were tailored toward DevOps, but were still presented to traditional infrastructure admins, and there was plenty of head scratching going on. So VMware also needs to learn how to communicate with a new set of customers as well, with the right message for the right people.