Jason Nash is CTO of Varrow, a VMware Partner based out of the Carolinas. Previous to Varrow he was an enterprise architect for Wachovia’s investment bank. Jason has been in enterprise IT almost 20 years and originally started as a network admin working with Cisco gear. He maintains his Cisco CCNA and CCNP certifications. He is one of only a handful of double VCDX professionals, having completed his VCDX-NV last year.
When did you first start looking at network virtualization?
I started looking at network virtualization three to four years ago. I think before that, when it was just purely Nicira and some of those types of companies and projects, network virtualization was really the domain of the PayPals, the eBays, the Googles. Those types of companies. When VMware acquired Nicira, when Cisco did their Insieme spin-in, we started to see that commercial and traditional enterprise customers were going to have some very good options around network virtualization. We started to weigh our options and we really started to get serious about it over the last 18 months. Network virtualization ramps up right alongside our automation or orchestration practices and projects. So we believe that to do those properly, you need network virtualization. You need to be able to automate the network pieces and we couldn’t do that using the traditional means and the manual processes that it took. So we would’ve liked to have had these options a couple of years ago, but we feel that products in the true enterprise commercial space weren’t viable until really over the last year.
What excites you about network virtualization?
Until recently, networking in a virtual world has really been about, “How do we create a bridge and just get virtual machines and or hypervisor hosts onto a network? How do we do that as best we can?” There wasn’t any intelligence there. There wasn’t any true integration. It was just simply, “How do we get these two things to talk?” Network virtualization solves this. Then I am excited to be able to do things in a more automated fashion, to commoditize a lot of the underlying hardware across any layer of the SDDC, to give more intelligence to applications owners, to the data center architects, and to be able to give them the tools to go above and beyond what they’ve previously been able to do.
I’m a big proponent of the discussion point around the fact that we can spin up virtual machines in a matter of minutes, but it still takes weeks or a month or more to do things on the network side and security side: firewall rules, load balancer, malware protection, all that stuff. Now we can slipstream this in and cut that down to two minutes as well. So we’re getting this true integrated networking all the way through, up into the application, along with the ability to do things in a much more scalable fashion. So instead of putting firewalls in a rack in one part of the data center, we’re now able to deliver network services very, very close to the applications themselves. It reduces complexity, it reduces traffic going back and forth across the data center, and it allows us to get more elegant in how we do our designs, so we’re not having to shoehorn and do these weird type of traffic flows or configurations just to make sure that we’re doing security like we want to do. Security is the number one driver for network virtualization for us right now. It’s definitely the driver for NSX. Almost all of my customer briefings around NSX are driven for requirements for security.
How do you address the comment when people imply the physical network doesn’t matter anymore with network virtualization?
I think that discussion point is a bit over blogged. The majority of our customers are moving toward a virtualization-first strategy. But even the things that they can’t virtualize, it doesn’t have to be an either/or proposition. We have ways to bridge those in, to take advantage of the services provided by NSX, but we can also do things the traditional way in networking when we have to. Often those non-virtualized hosts or platforms or applications are very specific and they’re something that is not dynamic. It doesn’t change. Maybe it’s a mainframe, maybe AS400 still. Maybe it’s something that is not changing very quickly so it’s not something we usually find as a hindrance to moving toward network virtualization. We find that network virtualization will accelerate people into a virtualization-first strategy when they see what advantages and efficiencies they gain, but people like – there are partners with NSX that show what we can do, partners like Arista and Cumulus, that will help us bridge in those physical devices or physical hosts even easier. So I think right now we’re kind of going through a phase of figuring this out but most people are not doing a full-blown implementation of network virtualization yet. We’re still talking use cases. We’re still talking designs. We’re still talking how we’re going to do a migration. So, all that will come together over the next year as it’s needed.
How could a networking professional benefit from looking at the certification around network virtualization?
Well, no matter where this network person focuses on today, network virtualization is coming. It’s the same way with people that were Microsoft-certified and stayed out of virtualization. Those people were going to be at a significant disadvantage. It’s no different here. I think network administrators are learning that the world is evolving, that software is going to really start encroaching, and that’s where the functionality and the capabilities are going to be and it doesn’t matter if you do it with NSX or you do it with Cisco ACI or with Juniper Contrail or whatever. These changes are coming and it’s probably in their best interest to get expand their skill set and their certifications. At Varrow, we really don’t; have a lot of single silo or single focus engineers, pre-sales professionals or architects. We rarely go into a data center or into any customer and do a project that is just the networking piece or just the vSphere piece. It is almost always a combination of things. So I have suggested for a while that network administrators need to look heavily at network virtualization and be prepared. So it probably doesn’t hurt to go look at some of the base virtualization certifications and training as well, at least to be able to understand terms, understand ideas, understand technologies, because you’re going to be in a room doing a workshop and your stakeholders are going to be from all the different disciplines and they need to be able to understand and speak in familiar terms so they can design networks properly. It’s no longer the router and switch guys on one side of the room and the server guys on the other side of the room, with the storage guys down the hall. Those silo walls are breaking down and you need to be able to look across all these different disciplines and understand what they’re doing.
As you went through network virtualization training, has anything surprised you?
I think the first thing that surprised me the most was the simplicity of it. I’ll talk NSX directly. I expected it to be much more of a complicated migration, much more complex to design, to implement, and to take advantage of and it’s not. I think that’s the biggest thing for me when people asked me when I’d come back from the training, “What’s the biggest thing you got out of it?” I think it’s the simplicity. I think that people expect a lot of complexity that’s not there. The other thing that I think surprised me is just all the different use cases that we can come up with and customers are hitting me up for using network virtualization and SDN technologies for security, for simple things like distributed firewalling or to reduce routing, or the ability to stretch layer 2 networks across their POD data centers or even campus sites very easily or even across to remote sites. So it’s given us a lot of different tools to tackle problems where before, we would have to come up with some very complex and convoluted designs that frankly a lot of our customers would not want to manage on a day-to-day basis. It has greatly simplified that and normally, once we go to a demo and a lab, maybe a PoC, you see their eyes light up and it’s kind of like when people first saw virtualization and vMotion and all these cool tools. All of a sudden they’re like, “Oh, this makes a lot more sense. We’re not bogged down in the day-to-day management and the day-to-day change controls that we have to normally do just to do simple things. We can do a lot of this right there very easily.
Anything else that you think someone should know?
I think one of the big things is that people see network virtualization and they think big enterprise. They think we’re not Citibank. We’re not Google. We’re not Facebook and I think they’re not looking at what the capabilities are. We’re talking with a customer right now about a site that is less than 10 vSphere hosts, but what they gain out of using NSX will help them immensely. So it’s not about the size of the environment, it’s about your use cases, and it’s about your requirements and what you’re trying to accomplish. So don’t feel that it’s only for the large enterprise, it’s not. It is for anyone that needs to have this automation; that needs to have distributed services; that is feeling encumbered by trying to do security and micro-segmentation for things like HIPAA or PCI. Even in a small environment it doesn’t matter. It greatly reduces the overhead and complexity in those situations. So don’t think again it’s just for the people with hundreds and thousands of hosts and VMs.