Cloud computing and the internet of things have upended the old vanguard of data center technology and changed the landscape of IT infrastructure. More organizations and individual users connect devices to the network, and data centers often span across geographical locations. These shifts require a new approach to data center management, networking and security.
Over the past four years, VMware NSX has evolved from a software-defined networking product to a security management system for non-vSphere applications to, in its latest iteration, an SaaS. With NSX, NSX-T and, now, VMware Cloud Services and NSX as a service, NSX has officially moved beyond the realm of data center virtualization into multicloud and IoT edge to be the foundation for how users manage distributed systems. At the VMworld 2017 US keynote, VMware CEO Pat Gelsinger called NSX the "secret sauce" of everything VMware does and also called it the "next vSphere."
Peder Ulander, vice president of product marketing, networking and security business unit at VMware, sat down with SearchVMware to discuss VMware's strategy to spread NSX across its product portfolio.
How will the new NSX as a service work?
Peder Ulander: There were two parts to this. One was VMC [VMware Cloud] on AWS [Amazon Web Services], which is the full VMware stack running on AWS. The challenge most businesses have is they run one architecture on premises, but when they move to public cloud, while they can get the apps to move, they couldn't get the architecture to move. [This means] they had to rethink all of the manageability, all of the security, all of the policy, all of the hard things. It was a very isolated, siloed effort from an IT perspective. What this gives you now is identical platforms on both ends with identical manageability, identical policy [and] identical tools. It drives consistency, reliability -- all the things you want as an IT practitioner.
The other part is VMware Cloud Services [in which] we have a component called NSX as a service. Amazon has virtual networking built into its cloud called VPC [Virtual Private Cloud], and it enables you to create small, virtual private clouds. The challenge is that [VPCs] were, in many ways, isolated incidents, and when you look at how businesses are creating apps or creating work streams, they end up with multiple VPCs inside of Amazon -- which is fine, except there's a pretty big management overhead with setting security rules, groups and all the automation.
What we're able to do with NSX running within Amazon is actually give you those benefits of multiple VPCs but with a single point of management, which enables you to manage the complexity of microsegmentation on apps, in their isolated fashion. You can also manage across Availability Zones, whereas in Amazon you're still relegated to the one play versus the globally distributed play that you want to get to.
What we're trying to do is provide them with more consistent tooling, something that's aligned with what you have.
How do App Defense and NSX work together?
Ulander: In this hyperdistributed world, you have to do a few different things in order to make sure that your enterprise is secure. The first step, of course, is to build security into the application architecture. With NSX, it's how you do things like microsegmentation and networking rules to control data flow or network flow and access across the stuff that you're delivering in this distributed environment. Step two is to secure the application itself [and] identify the known good. If you're chasing bad, you're looking for a needle in a haystack -- if you're going after the known good, you're already holding the needle in your hand. The idea is [to tie] the two of these together from a security perspective: Secure the application, [and tie] that into your known good. It all sits on this network that [spans] multiple data centers, edge and cloud, [and] you get that kind of consistent security model or intrinsic security model that runs across your distributed environment. They are very, very closely tied from that perspective.
What is in the works for NSX with containers and Kubernetes?
Ulander: NSX-T has always been our play with regards to non-vSphere environments for NSX networking. In the container space, in the Kubernetes space, there hasn't been mature development around networking. We've seen little guys, like SocketPlane, get picked up by Docker, or you see open source initiatives, like Flannel. [There are] a lot of cool developers looking into ways to do things in networking, but the enterprise also wants to say, "OK, how can we extend it to be not just container-based but broader enterprise-based?" We think that NSX has a really unique play to where it can be the networking platform for containers moving forward.
VMware Cloud on AWS is finally available
VMware teams up with Pivotal for containers
Scale, maturity affect VMware Cloud on AWS pricing