Multi-cloud architectures are becoming an increasingly central part of enterprise strategies delivering applications reliably. In a VMware Digital Momentum Study of enterprise technology decision-makers, nearly 73% report they are standardizing on multi-cloud foundations to operate applications and infrastructure1.
Multi-cloud infrastructure offers many benefits – such as the ability to scale quickly and increase reliability. By extension, multi-cloud deployments can help businesses:
- Innovate and transform the customer experience
- Scale and grow the business
- Empower employee engagement and productivity
Yet, from an operational and technology perspective the multi-cloud presents a major challenge: Complexity. Rapid innovation and growth require the ability to deploy and manage workloads in any public cloud while providing the required service availability and scale. However, managing workloads and infrastructure on multiple clouds at once significantly increases the complexity of the network architecture connecting these applications and clouds. It also requires businesses to deploy complex security rules to protect lateral network traffic while having to rely on limited workload mobility and visibility and threat detection capabilities that do not scale.
Successfully adopting a multi-cloud infrastructure requires a means of taming the complexity that is inherent to multi-cloud.
Introducing Project Northstar
We are introducing Project Northstar, a new technology preview, to solve these exact challenges. Project Northstar is a SaaS-based networking and security offering that will empower NSX customers with a set of on-demand multi-cloud networking and security services, end-to-end visibility, and controls. Customers will be able to use a centralized cloud console to gain instant access to networking and security services, such as network and security policy controls, Network Detection and Response (NDR), NSX Intelligence, Advanced Load Balancing (ALB), Web Application Firewall (WAF), and HCX. It will support both private cloud and VMware Cloud deployments running on public clouds and enable enterprises to build flexible network infrastructure that they can spin up and down in minutes.
Project Northstar will deliver some key advantages:
- Faster time to value: On-demand service availability and simplified consumption of networking and security services mean that customers will be able to access networking and security services instantly across the cloud of their choice. A federated policy model across all leading public and private clouds will allow IT to achieve true policy consistency when implementing key multi-cloud use cases such as Disaster Recovery, workload mobility, service resiliency, cloud bursting, and elastic cloud-to-cloud connectivity. By extension, they will be able to bring applications from concept to the market more quickly, resulting in faster time to value. The SaaS-delivered architecture also allows VMware to bring rapid innovations to the market that customers can access instantaneously.
- Flexible service consumption: In addition to the existing delivery models, networking and security services will be delivered in a SaaS-based, on-demand services model. This choice in consumption models will provide cost and operational flexibility for VMware customers. In addition, a centralized management and control plane will deliver consistent policy, workflows, and hands-off platform maintenance, with VMware handling these tasks through the shared responsibility model.
- Scalable lateral security: By deploying Northstar, enterprises will be able to better secure their workloads across multi-cloud environments through distributed firewalling, NDR, and VMware-managed cloud platform security. NDRaaS will provide scalable threat detection and response. And with the help of NSX Intelligence as a Service, enterprises will gain a 360-degree view of their workloads across multi-cloud environments.
Evolving Multi-cloud Network Architecture
Project Northstar is a redesign and rethinking of multi-cloud architectures and operations. The traditional network architecture is distributed across the private and public cloud with multiple applications running on multiple clouds, each using a different set of networking features, security rules, and automation policies. Each cloud is also managed by individual local admins through native cloud consoles, making the adoption of unified policies across the multi-cloud environment difficult. This poses operational challenges and adds complexities to managing hybrid and multi-cloud infrastructure. When each cloud operates as a silo, operations and management become siloed, too.
Project Northstar will address these challenges by providing a SaaS service that enables consistent policy, operations, and automation across multi-cloud environments. By accessing the cloud console in Northstar, enterprises will be able to apply networking and security policies across their private cloud, hybrid cloud and multi-cloud environments.
Project Northstar SaaS Services
Project Northstar represents an evolution of the NSX platform and architecture. In the early releases, we expect to introduce five different services:
- Centralized Policy Management: With Project Northstar, customers will be able to manage networking and security policies centrally across all their clouds. Project Northstar will provide a single plane of glass to plan and deploy consistent networking and security controls and policies across multi-site and multi-region deployments. The offering also comes with built-in networking and security operations and troubleshooting.
- Security Planning and Visibility: The NSX Intelligence service will provide a 360-degree, real-time view of each customer’s multi-cloud environment. It’s powered by a scalable data lake, managed by VMware, that can absorb vast amounts of traffic flow data and provide recommendations for network and security policies across multi-cloud deployments. Visualization tools provide real-time multi-cloud traffic and security visibility. Network Traffic Analysis (NTA) will provide insights on threats and behavioral anomaly detection.
- Network Detection and Response: The Network Detection and Response (NDR) service will provide scalable threat detection and response for workloads deployed in private and/or public clouds. The NDR correlation engine will analyze IDPS, malware, and anomaly events based on threat campaigns, which helps in preventing alert overload and simplifying SOC monitoring processes. This service provides simplified threat triage, scoping, and threat hunting aligned to the MITRE ATT&CK framework.
- Advanced Load Balancing: The advanced load balancing (ALB) cloud service and hosted controller capabilities are supported on-prem, on VMware Cloud, and in public clouds. The service will implement the advanced load balancer controller as a VMware-managed service that can be used standalone or in conjunction with other Project Northstar SaaS services. Customers will be able to access the VMware-managed Advanced Load Balancer provider, which is full-featured and multi-tenant, simplifying operations through central customer management. VMware SREs manage the controller, ensuring high service resiliency.
- Workload Mobility: Building on the strengths of VMware HCX, workload mobility as a service will be fully managed by VMware, providing the ability to orchestrate secure connectivity and workload mobility across different sites. The service will enable simpler onboarding and faster troubleshooting through a centralized dashboard across multiple clouds. Customers will be able to handle workload migration and rebalancing activities centrally across multiple clouds and get to root causes in minutes rather than hours using enhanced centralized reporting.
While these services were offered previously to NSX customers using environments hosted on-prem and in VMware Cloud on AWS, Project Northstar represents a strategic shift to deliver these services across on-prem, hybrid, and multi-cloud environments via a SaaS delivery model.
The Journey Starts Now
We’re excited about Project Northstar and the foundational improvements it can provide to your multi-cloud networking and security architecture. There are a variety of ways you can get started preparing for this powerful technology.
Check out all the sessions and content on Project Northstar at VMware Explore. There’s a ton of great, in-depth material from executives at VMware.
Interested in joining a future beta of Project Northstar? Sign up here.
** Disclaimer: The development, release, and timing of any features or functionality described for VMware’s offerings in this announcement remain at the sole discretion of VMware.