The demand for VMware NSX is growing. And while customers realize its potential, they are often unclear on the tangible business benefits made possible with VMware NSX. We sat down with Hatem Naguib, VMware Vice President, Network and Security, and asked him to share his insight on VMware NSX and the advantages it offers VMware customers. This interview will be split into two posts over the next two weeks. (Ed. Update – see the 2nd half here.)
At a basic level, what is VMware NSX and why should VMware customers consider it?
VMware NSX is a network virtualization platform. It is software that provides customers with the ability to deliver a set of virtual services for their workloads, very similar to what VMware vSphere did for compute virtualization. This includes switching, routing, load balancing and firewalling as logical services for workloads to access for deployments customers perform in or outside of their data centers.
What are the primary use cases you are seeing from VMware customers who have implemented VMware NSX?
We are seeing three key use cases with our customers who have implemented VMware NSX: automation, security and application continuity. Automation enables customers to automate the delivery, provision and configure services for network and security, and correlate those to the workloads they are deploying. For example, if you have provisioned a virtual machine and want to provision a VLAN or add firewall rules, VMware NSX allows you to automate these. And because VMware NSX is application program interface (API)-driven, customers can leverage cloud management software such as VMware vRealize Automation or OpenStack, or even their own portal to automate provisioning of these IT services.
The second key use case is security, and there are two dominant scenarios. The first has to do with firewalling. VMware NSX provides the ability to do firewalling beyond what you traditionally see on a traditional physical north/south perimeter firewall, or as a virtualized form factor of a hardware firewall. VMware NSX has developed a kernel module that operates as a firewall. Every packet leaving every Virtual Network Interface Card (VNIC) can get security policy with it. For the first time, customers can efficiently put security policies inside their data center to manage the 80 percent of traffic that flows east/west between VMs. This allows security professionals to implement micro segmentation in their environment. This is important because the vast majority of data breaches come from within the data center.
Applications don’t have control around security except at the perimeter with a large physical appliance-based north/south firewall, an intrusion detection system (IDS), or an intrusion prevention system (IPS). Microsegmentation lets you create micro segments in your environment that completely encapsulate the traffic flowing between your workloads and that are very specific to that workload and the type of policy you want to set. And because this is in software, if you move the workload, the policies go with it. If you remove the workload those policies disappear. You’re no longer supporting thousands of rules in a firewall sitting on the perimeter. You actually have a dynamic secure infrastructure within your data center and true policy-based automation.
The second scenario for security is with virtual desktop infrastructure (VDI). A lot of customers who deploy virtual desktops have a gateway appliance to control which devices get into the data center. But once that device is in, the virtual desktop has access to all internal data center applications. VMware NSX allows you to assign very prescriptive policy-based security to virtual desktop infrastructure, leveraging the same benefits of microsegmentation. These policies live and die with the virtual desktop, based on it being part of the environment or being removed.
The third use case we’re seeing is application continuity. Many customers leverage VMware NSX for disaster recovery (DR) or multi-site type capabilities. These software-based services within VMware NSX make this very compelling for our customers. First, much of the challenge of disaster recovery isn’t moving the virtual machine, but making certain the network and security policies are synchronized between your primary and DR sites. Leveraging VMware NSX with a tool like VMware vCenter Site Recovery Manager, or similar third-party tools, allow you to dynamically synchronize your network security and policies in your primary and DR sites. This reduces the time required to recover from a disaster by up to 70 percent.
VMware Education Services offer a variety of VMware NSX training and certification programs. What role do these play in helping customers successfully adopt VMware NSX?
When we first launched VMware NSX, we recognized several things. For many of our customers this was a dramatic change, a part of a transformation in their data center over and above what they had historically been used to for managing hardware. It wasn’t enough to show what the product does, but we needed to articulate effectively the depth of what was required for customers to think of the Software-Defined Data Center model and how VMware NSX brings that to life. Classroom and self-paced training is available to help customers understand the use cases and how they can be leveraged for VMware NSX to deliver Software-Defined Data Center capabilities around IT automation, security and multi-site capabilities. We understood the importance of educating our customers, and helping them realize this new world provides a career path. We launched VMware NSX certifications, including the highest level of certification for network virtualization—VMware Certification
Design Expert – Network Virtualization (VCDX-NV).
Look for part 2 of the interview next week.