As customers start moving to the cloud two of the first considerations – and the source of many questions – are networking and security. “How do I connect my data centers to the cloud?” “How do I connect various cloud data centers/zones/regions to each other?” “How do I secure applications in the cloud?” “Can I use my existing firewalls/vulnerability scanners/intrusion detection/compliance/configuration management tools or should I use something different?” Often, security in the cloud is one of the biggest inhibitors to cloud adoption so to overcome these trust issues most cloud providers must provide higher levels of security & compliance than customers usually achieve in house.

Complicating matters further, moving to the cloud is often accompanied by new use cases and applications. Big data, internet of things, microservices…those nice, simple three tier web apps we all used as examples in the past are way too simplistic to model the needs of the network today and new network and security tools are needed to deal with this new complexity. But do 1211blogyour new tools necessarily need to be different in the cloud from those you use on-premises? If you are adopting a hybrid cloud model – whether that means on-premises + public cloud or multiple cloud providers or something in between – I would surmise that in an ideal world you would want to use a common set of tools across each. I have heard from numerous customers that networking was the thing they struggled with the most as they started using other public clouds, with some even saying they had to redo their public cloud networks multiple times before they got it correct.

These are some of the reasons our Advanced Networking Services in vCloud Air is powered by VMware NSX. As you may know, NSX allows customers to abstract the network policy plane from the physical networking gear that pushes the bits. Doing this allows you to streamline network and security operations and truly control the network from policy, rather than from physical constraints. Micro-segmentation goes from a theoretical “nice to have” to a realistic “must have” because everything runs in software. Best of all, because you can run NSX in your own data center and use Advanced Networking Services in vCloud Air, you can keep application policies consistent in both places: your security policy is identical whether your app runs in our cloud or in yours.

This is what VMware means when we use the term “hybrid”: you can use the same tools with the same policies on the same VMs and applications whether those run in-house or in the cloud. That does not mean you must run the same tools, policies, or VMs. Many customers use the cloud as a place to try new things because they do not have the burden of working around internal technical or political limitations and because if you experiment with something in the cloud and it does not work you simply turn it off and try something else. This is the case with Advanced Networking Services and NSX, too. We do not require NSX on-premises to use Advanced Networking Services in vCloud Air and vice versa. You will see additional operational benefits when both public and private implementations of NSX and Advanced Networking Services are used together, however.

The “big two” cloud vendors do not offer this kind of on-premises and hybrid cloud compatibility. AWS has completely different networking than anything you might use on-premises and there is no sign that this will ever change. Even with Microsoft, Azure networking is very different from the virtual networking capabilities you have with Hyper-V and System Center on-premises. It sounds like Windows 2016 and Azure Stack might bring the two network platforms together, but that remains to be seen. VMware’s NSX team is doing some interesting work to bring their software-defined networking plane to other non-VMWare clouds and there was a very cool demo of NSX running on AWS at VMworld this year:

Screen Shot 2015-12-10 at 4.18.53 PM

Contrary to what some might think, this actually fits in with our belief that the future will be a multi-cloud world, with a combination of workloads running on-premises and in a handful of public clouds, with the “correct” location selected based on the needs of application owners, developers and operators.

Speaking from a vCloud Air perspective, here’s why I think our implementation of hybrid networking will be better: vCloud Air is built with NSX as the core network stack. NSX is not an add-on running in a separate layer on top of something else; NSX IS the network for vCloud Air. It provides very real benefits for us as a cloud operator as well as you as a cloud consumer. You don’t have to worry about who to call for support – you call us – and we don’t have to worry about incompatibilities between NSX and a different lower level networking stack because there is no lower level stack. Hopefully, at some point down the road you will have single policy interface for designing the networking and security across all your on-premises and public cloud data centers, but you can already start today with vCloud Air Advanced Networking Services and NSX.

If you’re ready to get started with the hybrid cloud, visit

Be sure to check out the vCloud Air Community, where you can join or start a discussion, watch our latest vTech Talk video, enter for a chance to win swag in our monthly giveaways and more. Get started here!

For future updates, follow us on Twitter and Facebook at @vCloud and