Ever since VMware spent $1.2 billion to buy network virtualization startup Nicira in 2012, it has talked about how the technology can eliminate the time-consuming process of setting up virtual networks and make data center infrastructure more cloud-ready.
The idea makes sense to most VMware customers. But outside the service provider space, most VMware customers aren't running the kind of heavily automated data centers for which NSX was designed.
Now VMware, Palo Alto, Calif., is focusing on how NSX -- its name for technology that turns high-end features in switches and routers into software that can run on cheap hardware -- can be used to secure networks and protect them from threats.
With VMware bringing security into the NSX conversation, partners told CRN they're seeing customers sit up and take notice.
"The customers I have coming to me right now that want to talk NSX are asking for security features," Jason Nash, CTO at Varrow, a Greensboro, N.C.-based VMware partner, told CRN. "They want easier security segmentation of different environments. It’s less about being able to spin up apps quickly and more about easing the securing of these environments."
In a blog post last month, VMware expert Chris Wahl said the vendor is working on an expert-level NSX certification for networking and server professionals, which could expand the number of partners that can sell and deploy the technology.
On VMware's first quarter earnings call earlier this week, COO and Co-President Carl Eschenbach said there was a "significant increase in large enterprises and service providers actually doing real meaningful proof-of-concepts" with NSX, driven in part by the network security benefits.
Security vendors, meanwhile, are eager to get a piece of the NSX action. VMware has also formed technology partnerships with F5, Palo Alto Networks, Citrix Systems, Fortinet and others. Sources told CRN many other security vendors are champing at the bit to follow suit.
In an interview with CRN last month, Martin Casado, chief architect of networking at VMware, spoke of "very clear uptake" for NSX as a network security technology, with between 30 and 40 percent of deals involving this use case.
NSX lets applications and groups run in their own isolated segments, each with its own firewalls, monitoring devices and other security technology. So even if a hacker breaks into one of the segments, they won't be able to parlay that to attack other parts of the network, Casado told CRN.
NSX is also good for security what's known as "east-west" traffic, of traffic traveling between servers in a data center. While most companies invest most of their security budgets in "north-south," or traditional client-server traffic, securing east-west traffic is harder because there's more bandwidth, Casado said.
Herb Hogue, senior vice president of professional services and engineering at En Pointe Technologies, El Segundo, Calif., said there are important advantages to the security approach inherent in NSX.
"There is more virtualization permeating across the enterprise, but the physical network today doesn't do much to consolidate and segment that traffic. NSX allows you to create security profiles with your VM’s that are persistent," Hogue said.
It remains to be seen whether VMware will get a return on its massive Nicira investment, but if NSX can deliver the promised security protections, enterprises could see it as a way to kill two birds with one stone.
PUBLISHED APRIL 25, 2014