Coming up - my fourth Tech Field Day event but my first Network Field Day 15 (NFD15). I’m carrying over the tradition of previewing each presenting company before the event. Up first is VMware and their NSX platform. I’ve written a bit on NSX. Most recently, I wrote about NSX-T. So, this post will not be a preview of NSX. There’s plenty of information out there from me and others about what NSX is and isn’t. I’ll speak to what I want to see from VMware during NFD15.
With all the talk about orchestration and automation, the primary use case for NSX seems to be micro-segmentation. I don’t come across many stories about orchestration and automation. I’d be interested in hearing from VMware how many customers have primarily implemented NSX for orchestration and what lessons are learned.
Speaking of surprise use cases, I want to hear more about NSX and micro-segmentation. Most organizations I’ve talked to are still in the crawl phase of crawl/walk/run implementation of NSX for micro-segmentation. The crawl stage is primarily putting operations into a listen mode when using NSX. Learning existing application traffic flows is a painful but necessary step. What has VMware discovered assisting customers through the process? It would be interesting to hear how many customers have uncovered suspicious activity during the crawl mode.
Transitioning from crawl to walk, enterprises set up security zones and begin to place workloads into security zones. Customers configure monitoring and alerting in the crawl phase. The flows discovered in crawl phase get tested. Again, what are customers discovering in this walk-phase and what changes in processes and technology result. More interestingly, what did VMware learn?
Last is the run phase. In the last phase, customers are actively allowing or denying traffic based on NSX rules. After looking at a few high-level plans for NSX deployment, I’d be curious how many customers reach the holy grail of the run phase.
Interestingly enough, the feature of ESXi that locks users in the most is the ecosystem. VMworld is usually 20,000 attendees strong. The expo show is one of the largest of shows that I attend. The ecosystem includes storage, network, compute, management and service management vendors. The ecosystem revolves around VMware vSphere. Customers looking to migrate to a different hypervisor find themselves challenged around replacing the vSphere ecosystem.
Successful ecosystem development is something VMware mastered. Am sure at each phase of the micro-segmentation journey, VMware customers discovered gaps in NSX’ features. Other than the companies VMware has purchased, what VMware partners have proved must have compliments to NSX.
It's nearly impossible to discuss network virtualization and SDN without discussing open source. VMware rarely talks about the open source community that birthed NSX-T. I want to here where VMware stands on its commitment to networking open source projects. Where are VMware’s resources going? What projects are critical to moving the network virtualization ball.
VMware did a great job of hosting the future:net conference during VMworld 2016. Future:net focused on hybrid infrastructure network challenges. Customer organizations and competitors participated in the forum. I'm hoping to get a peek into the future of networking again. I’d like to see how serverless and NSX-T plays together. On the surface, the two are on a collision course. I’ve asked VMware’s smart people about the touch points. Recent conversations allude that VMware is better prepared to tell this story.
I’m also interested in the decoupling of NSX-T from the hypervisor. VMware already showed running NSX-T code on individual AWS instances. But let’s talk real value. What does NSX-T look like on a white box switch with a Barefoot Tofino chipset inside? Is it more than possible to extend full NSX functionality including micro-segmentation out to silicon?
Addendum: I guess I can't just leave that last paragraph out there. The not so obvious question (to me at least) is what prompted the Telfino reference. Believe it our not there's an awful lot of bare metal workloads in traditional enterprise systems. NSX does nothing for bare metal micro-segmentation or management of NFV outside of a NSX domain.
Of course there's workarounds and integration point such as VXLAN etc. But those solutions seem incomplete. I'd like to create a policy in NSX between two physical workloads. In theory, a VMware partner could create a box that does this type of processing at line rate using a programmable ASIC platform such as Telfino.
I'm sure we'll hear about partnerships and integrations with Palo Alto Networks etc. But network segmentation is just one use case. Another use case is NSX-based NFV devices running on baremetal switches with performance enhaced using programmable ASIC. I'd had this vision of networking before I knew anything about network virtualization.
Disclaimer: Gelstalt IT, organizers of Network Field Day provides travel and expenses for me to attend Network Field Day. I do not receive cash compensation as a delegate. I also don't receive compensation for writing or promoting Network Field Day.