DISCLAIMER: this article is older than one year and may not be up to date with recent events or newly available information.
Chris Wolf, vice president, advanced technology group, VMware
2020 has been an extraordinarily challenging year. Personally and professionally, we’ve had to find new levels of resiliency in the face of challenges to our health, environment, education, and life as we know it. From supporting COVID-19 vaccine efforts to protecting people’s safety, education, work, social and family lives, technology plays a key role in how we continue to adapt and move forward as a global community.
During this difficult time, agility has taken on new meaning. The need for organizations to quickly adapt is now measured in days, hours, or mere minutes. In this context, flexibility and agility moved to the forefront as sound design principles. We can no longer rely on “what if” contingencies alone. Instead, we need to architect for the expectation of change. To that end, the theme for VMworld 2020 is “Together, Anything is Possible.”
The VMworld 2020 announcements showcase new VMware innovations that not only help you rethink the possible, but also get there more safely with the velocity and agility required by your business’ needs.
Networking and Security
Security is front and center at VMworld—and for good reason.
Office workers, apps, data, and devices are increasingly distributed. And that creates new security, scale, and performance challenges. Of course, that’s in addition to the growing challenges we already face in our data centers and in operating across multiple clouds. Today, we announced several compelling innovations that will dramatically improve your organization’s security posture, starting with the VMware SASE Platform.
Hair pinning network traffic to enforce security policy has long been impractical. SASE makes it simple for you to bring essential network and security services near your end users, regardless of where they work. VMware SASE Platform takes advantage of VMware SD-WAN’s massive global footprint of more than 2,700 cloud service nodes across 130 points of presence (POPs).
The key components of the VMware SASE solution include:
- VMware SD-WAN, our industry leading platform for transforming wide area networking.
- Cloud Access Service Broker (CASB), Secure Web Gateway (SWG) and remote browser isolation via our new collaboration with Menlo Security. These offerings will be sold and supported by VMware.
- VMware NSX Stateful Layer 7 Firewall SaaS offering.
- Zero Trust Network Access, which leverages VMware SD-WAN and VMware Workspace ONE in an integrated offering to provide optimal performance and policy-based access centered on the user and device identity for each connection.
- Edge Network Intelligence, which is the integration of the technology we acquired from Nyansa. The solution uses machine learning-based predictive analytics to ensure SLAs are met, along with providing security and visibility to end-user and IoT devices.
While the SASE announcement is big news, there are several additional security announcements that I believe you’ll find of interest:
- VMware Workspace Security VDI: VMware Workspace ONE Horizon and VMware Carbon Black Cloud are integrated into a single unified solution that leverages behavioral detection to protect against ransomware and file-less malware. On VMware vSphere, the solution is integrated into VMware Tools, removing the need to install and manage additional security agents.
- VMware Workspace Security Remote: An integrated solution that provides endpoint management, endpoint security and remote IT for physical Mac and Windows 10 devices. The solution includes the next-generation antivirus, audit and remediation, and detection and response capabilities of Carbon Black Cloud. It also includes the analytics, automation, device health, orchestration, and zero-trust access of the Workspace ONE platform.
- VMware Carbon Black Cloud Workload: Agentless security for virtual machines on vSphere—the realization of the vision that we articulated at VMworld 2019. This solution makes it much easier for infrastructure operations and security operations to collaborate.
- Security risk visibility is now built into VMware vCenter, providing the same visibility as seen in Carbon Black Cloud, thus streamlining collaboration and more proactive threat remediation. Security is now dynamically ingrained in the VM lifecycle as a part of VMware Tools, making security intrinsic to the infrastructure.
- VMware will offer a 6-month unlimited free trial of VMware Carbon Black Workload Essentials to all current customers with vSphere 6.5 and above, as well as VMware Cloud Foundation 4.0.
- We also plan to introduce a Carbon Black Cloud module for hardening and better securing Kubernetes workloads, giving security teams policy governance and control of their Kubernetes environments.
- VMware NSX Advanced Threat Prevention brings the technology from our recent Lastline acquisition to the VMware NSX Service-defined Firewall. This solution is the only purpose-built, distributed, scale-out firewall designed to protect east-west traffic across multi-cloud environments. Lastline integration into the service-defined firewall uses unsupervised and supervised machine learning to identify threats and minimize false positives, with the ability to apply virtual patches at every workload and not just at the perimeter—an industry first.
We also announced several new capabilities across our network portfolio:
- VMware Container Networking with Antrea: A commercial offering consisting of signed images and binaries and full support for open source Project Antrea. VMware Container Networking with Antrea will be included in VMware NSX-T and vSphere 7 with Tanzu. While Antrea can get you started, when you look to scale container networking across clusters, NSX-T will get you there.
- NSX-T 3.1: New API-driven advanced routing and multicast capabilities, along with automated deployment of workflows through Terraform Provider.
- VMware vRealize Network Insight 6.0 Network Assurance and Verification: Now leverages formal verification to gather network state build and model how the network functions. The model is then used to provide continuous verification of business policies across virtual, physical, and multi-cloud networks. This allows IT and network operations to discover potential brownouts before they occur.
As with our technology strategy, we remain focused on aligning our innovations toward a multi-cloud future that offers consistent infrastructure and operations, along with a native developer experience.
IT operations should not have barriers to managing and operating data center, multi-cloud, and edge environments. Customers should have a consistent and well-integrated set of tools and processes. Developers should also have the flexibility to use their tools and APIs of choice.
Today, VMware admins can simply provision a Kubernetes namespace to developers, and ops can manage all the underlying infrastructure considerations using their tools of choice. The same holds true for managing applications and services in public clouds.
VMware solutions help IT operations manage and monitor environments, enforce policy and automate remediations without impacting developers’ ability to use the tools and APIs offered by the cloud provider. With that as the strategic backdrop, let’s dig into our multi-cloud announcements.
Azure VMware Solution
Following the announcement that Azure VMware Solution is generally available, there is now a production VMware footprint in every major public cloud:
- Google Cloud
- IBM Cloud
- Oracle Cloud
With the Azure VMware Solution, organizations benefit from the cost savings of Azure Hybrid Benefit, integration with Microsoft Office 365 and other native Azure services, as well as Azure console integration.
There are also several new capabilities for VMware Cloud on AWS, including:
- VMware Cloud Disaster Recovery: On-demand Disaster Recovery as a Service (DRaaS) that gives you cloud economies and is backed by Amazon S3 storage. The Live Pilot Light option provides instant power-on for VMs running on VMware Cloud on AWS. The service includes several compelling features, including no VM format conversions, continuous DR health checks, built-in audit reports and optimized failbacks.
- VMware Tanzu support: Makes it simple to extend on-premises Tanzu deployments to VMC and across clouds.
- VMware Transit Connect: Provides any-to-any connectivity between on-premises, VMC on AWS SDDCs and AWS VPCs using AWS Transit Gateway and AWS Direct Connect Gateway.
- New regional compliance listings (G-Cloud, HIPAA BAA, EBA) and white papers (UK NCSC 14 Principles, FISC).
- Enhanced automation and operations: Expanded vRealize Operations, Cloud Automation, Orchestrator, Log Insight and Network Insight support.
- Enhanced HCX capabilities: Replication Assisted vMotion, local routing for migrated VMs and migration grouping.
VMware Cloud on Dell EMC
Interest continues to grow in VMware Cloud on Dell EMC, which allows you to realize the benefit of cloud IaaS with the flexibility to run the service in your on-premises data center. VMware Cloud on Dell EMC now includes support for VMware HCX-based workload migration, making it simple to migrate VMs to the new environment.
In addition, several compliance and regulatory certifications have been achieved, including:
- EU GDPR compliance
- ISO 27001
- ISO 27018
- AICPA SOC 2
- CCPA compliance
There are also many more performance, scalability and sizing options, which you can read about here.
VMware vRealize Cloud Universal
On the cloud management front, we announced VMware vRealize Cloud Universal, which combines SaaS and on-premises management software into a single subscription license. This makes it easy to switch between vRealize Cloud solutions without acquiring different licensing.
We also introduced new federation capabilities for a consistent management experience across deployments, as well as Skyline integration, which provides a single integrated workflow to proactively identify and resolve potential and existing issues.
VMware vRealize AI
Starting in 2018, we previewed Project Magna. And now in 2020, we are once again delivering on technology showcased at previous VMworld conferences. Project Magna is now generally available as VMware vRealize AI, which uses reinforcement learning to self-tune application performance.
Early adopters have seen performance improvements as high as 50% for read-and-write I/O with the read-and-write cache optimizations that vRealize AI made to their vSAN environments. Best of all, this is just the beginning.
You will see more capabilities moving forward, bringing your organization a highly intelligent, self-optimizing infrastructure.
Project Monterey Tech Preview
VMware has been pursuing SmartNIC virtualization and integration opportunities over the past couple of years.
In March 2019, we demonstrated ESXi running on a SmartNIC. And last year at VMworld, we demonstrated four hypervisors running simultaneously on the same server with no nesting. Our vision for opportunities related to SmartNICs and composable infrastructure was further solidified at VMworld 2020 with the announcement of Project Monterey.
Applications, data, infrastructure, and security services are seeing increasingly demanding performance requirements. Simultaneously, IT organizations are looking to find greater opportunities for automation and efficiency. Project Monterey takes advantage of emergent hardware innovations to offer new approaches to hybrid cloud architecture and operations.
We’re sharing this information now to open doors for further opportunities to shape this innovation with our customers and technology partners. Leading SmartNIC vendors are already working with us on Project Monterey, which is currently centered around three key use cases:
- Network performance and security: Consider running security services such as a L4-7 firewall on SmartNIC, decoupling it from the host platform and achieving line rate performance. Organizations can further isolate tenants, running independent workloads on SmartNICs or even run multiple network functions in isolation on the SmartNIC via isolation provided by the hypervisor (e.g., ESXi on Arm).
- Storage performance and dynamic composition: As with networking, you have new opportunities for combinations of scale-up and scale-out architectures by taking advantage of processors on SmartNICs to accelerate a variety of storage functions, such as compression and encryption. Project Monterey will also provide further capabilities to scale storage capacity on-demand to meet performance or capacity requirements.
- Bare metal workloads and composability: This is where Project Monterey really gets interesting. Imagine running the ESXi control plane on a SmartNIC, freeing all the x86 host cores to run other workloads, inclusive of bare metal. That allows you to run workloads on bare metal, while still being able to integrate them with core SDDC services, such as VMware vSAN and NSX. From a flexibility perspective, these options take VMware Cloud Foundation to a new level in terms of the ability to dynamically support a variety of hardware interfaces, composing infrastructure on-demand.
For an in-depth look at Project Monterey, take a look at Kit Colbert’s blog post.
Change Is the Game
As we look forward over the next decade, successful organizations will not just be measured on speed. More importantly, they’ll be measured on their ability to change course during unanticipated market dynamics or global events. Looking at your organization’s technology footprint, consider existing barriers that would prevent a quick pivot to a new direction.
Are your applications, data, infrastructure, security, and operational services able to quickly adapt to change?
Is change simply a matter of a software update or the ability to provision services anywhere on demand?
If not, look at the dependencies that stand in your way (e.g., proprietary hardware or APIs) and move forward with a technology strategy anchored with flexibility as the design principle.
For the last six years, we’ve remained true to our vision of helping organizations run any application on any cloud and interact with those applications from any device. Change is far from easy, and “flexibility” should not be some convenient buzzword. Together, we can make it real. Together, we can help your organization build and leverage technology for the expectation of inevitable change.
Let’s do this!