Protecting a corporate network isn’t as simple as building a wall around it. Threats can still sneak through the network firewall or circumvent security infrastructure altogether. Once they’re inside, they can move around and attack at will since there are few, if any, controls inside the datacenter to prevent malicious traffic.
For a lot of security guys, nirvana is the ability to do micro-segmentation within the data center, or build a honeycomb, in effect, so that any threat that gets into the datacenter is actually captured within the honeycomb and can’t move very much. What we can do with network virtualization is bring that firewalling all the way down to the virtual interface.
VMware NSX has been around for more than two years now, and in that time software-defined networking and network virtualization have become integrated into modern datacenter architecture. It seems like an inconceivable amount of progress has been made. But the reality is that we’re only at the beginning of this journey. The transformation of networking from a hardware industry into a software industry is having a profound impact on services, security, and IT organizations around the world.
As more datacenters adopt the power of network virtualization and a software-defined datacenter architecture, we’ll see a broad range of traditional security solutions that leverage the unique position of the network virtualization platform in the hypervisor. Detailed knowledge of VMs and application process owners, combined with automated provisioning speed and operational efficiency, is the foundation for an exciting new approach to some very old challenges.
The VMware NSX business, the network virtualization and security platform for the software-defined datacenter, grew over 100% year-over-year, bringing the total annual bookings run rate to well over $600 million in 2015. The past year also saw hundreds of production deployments of network virtualization. Over 200 customers are running VMware NSX in production datacenters, with more being added every week.
We saw customers sign up for our NSX offering signalling that CIOs in India are also convinced this transformative architecture will help them deploy workloads faster, as well as giving them greater agility in the face of increasingly dynamic datacenters.
Two observations stand out as we look at customer adoption of NSX in 2015. The first is the diversity of customers, in terms of both size and industry. This is an indication of the maturing of the market for this technology. In contrast to the early days, customers don’t need to be especially large or sophisticated to see the benefits of network virtualization, or to put the technology into production.
While we still see lots of interest from our traditional large, technology-focused customers, adoption is clearly spreading across industry segments such as healthcare, retail, the public sector, and many others. Additionally, there are plenty of smaller customers in the mix with large enterprises and service providers.
The second observation is that no single use case is dominating adoption of network virtualization – in fact, the breadth of use cases continues to increase. While the emergence of micro segmentation as a use case definitely increased customer interest in NSX and continues to be important, customer deployments are spread across many different use cases such as agility and automation, service insertion, and multi-data-center applications such as disaster recovery.
Increasingly we are seeing customers tackling multiple use cases in a single deployment. Overall this breadth of usage points to the general-purpose nature of network virtualization technology.
Aside from confidently predicting more customers, deployments, and use cases, there is actually one other notable trend that should emerge in 2016. That is an increase in the range of endpoints that can be managed by NSX. This is a natural extension to the development of NSX over the past three years.
From the early days we’ve had support for workloads running on a range of hypervisors (ESX, KVM, Xen), and we’ve been able to extend virtual networks to physical workloads as well. By integrating NSX with AirWatch, we’ve been able to extend the security capabilities of micro segmentation to applications running on mobile devices. We’ve started to use micro segmentation to improve the security of virtual desktops.
In 2016 we’ll see this ability to provide networking and security services to a range of endpoints move to another level. The set of endpoints that NSX can manage will extend to containers and public cloud workloads. We’ll also see NSX extending out to branch offices as Software Defined WAN (SD-WAN) solutions take root.
Recognizing that for at least some of their end users, public clouds will be the chosen venue for a workload to run, IT managers want to have a consistent view of networking and security policy. They also want to maintain that consistency even if a workload at some point moves from one public cloud to another, or moves back to on-premise deployment. Meeting this requirement will be the objective as we expand NSX into public cloud environments. A similar desire for consistency in networking and security policies will drive the extensions to support containers as first-class endpoints for NSX.
So, it continues to be an exciting time for network virtualization. Adoption of the technology will increase, and we’ll see still more breadth of customer types and use cases. Perhaps most exciting is that we’re moving well beyond our traditional “sweet spot” of delivering networking services to on-premise virtualized workloads, as we expand the reach of NSX to everything from handsets to public clouds to the software-defined WAN.
The writer is senior director – systems engineering, India & SAARC, VMware