Here Are 9 Ways VMware Says Customers Are Using NSX Software-Defined Networking
NSX Takes Center Stage
VMware says NSX, its horse in the software-defined networking race, is starting to see serious traction, with more than 100 customers using it in production environments, and 700 paying customers overall.
VMware used to pitch NSX as a way for service providers to provision resources more quickly, but it has morphed its message to focus on NSX as a security technology for networks, virtual desktops and mobile devices.
VMware is also pitching NSX for disaster recovery scenarios, and as a way to solve tough technical challenges in its vCloud Air public cloud, including migrating workloads from private clouds to public clouds without having to change networking configurations.
In recent interviews with CRN, VMware executives outlined nine distinct scenarios in which VMware customers are using NSX today, and following is a rundown of each.
1. Data Center Security
VMware says NSX can control east-west traffic inside the network perimeter through "micro-segmentation," its term for NSX's ability to prevent an attacker who gains access to an application or virtual machine from moving laterally to other parts of the network.
Rod Stuhlmuller, senior director of product marketing in VMware's Networking and Security Business Unit, said this is important because in many high-profile data breaches -- including Home Depot, Target and Sony -- once the attackers got inside the network, they were able to move freely from server to server until they found what they were looking for.
NSX allows network and security services to be distributed out to the applications in the hypervisor, creating what could be considered a network ’hypervisor,’ Stuhlmuller told CRN. Most data centers have no controls between servers inside the network perimeter, which is why NSX can be useful in this scenario, he said.
2. Virtual Machine Security
NSX's micro-segmentation capabilities can be used to secure virtual desktop workloads, too. When you bring VDI workloads up in a physical location, behind a firewall, you can create a "private DMZ" around that workload, Stuhlmuller said.
This is important for companies that use VDI because their workloads are sitting in the data center and mission-critical business applications could be on the same rack on the same network, said Dominick Delfino, vice president of worldwide systems engineering at VMware.
"If something happens, and there's a security breach within your VDI session, you're right inside the data center. Customers need to be able to deal with this now," Delfino told CRN.
3. Mobile Device Security
VMware says NSX software-defined networking, deployed together with its AirWatch mobility management software, can provide better security for users accessing virtual desktops using mobile devices.
NSX and AirWatch together can address the issue of "overprovisioning," in which users get access to more apps and data that they need to do their jobs, which many enterprises are struggling with, according to Stuhlmuller.
Overprovisioning is a problem because hackers sometimes piggyback on legitimate users' connections to gain access to the data center, then move laterally to access other resources once inside.
Customers can use NSX and Airwatch "to map very specific services and resources in the data center to each application," Stuhlmuller said.
4. Automating IT
Another core benefit of NSX is speed -- VMware pitches it as a way for enterprise and service providers to shrink the time it typically takes for IT departments to provision computing resources to users. And for many organizations, that speed means being able to accelerate their business operations.
NSX does this by automating manual tasks involved with setting up new app instances for developers, and by removing bottlenecks that slow down the process of getting IT resources into the hands of users, according to VMware.
5. Developer Clouds
NSX can be used in a DevOps model, setting up developer environments through APIs quickly. Some of VMware's largest customers are using NSX in this way, according to Stuhlmuller.
One example is eBay, which is no slouch at technology itself. The online auctioneer came up with a way to deploy networks to developers in seven days, much shorter than the industry-standard window of three weeks to a month, said Stuhlmuller.
However, using NSX, VMware can deploy the same sort of network in just 45 seconds, Stuhlmuller said.
6. Multitenant Infrastructure
NSX provides isolation between different groups within an organization, which is seen as a key to multi-tenant infrastructure that is shared across a number of users.
Some companies need isolation but may also want overlapping IP addresses for multitenancy, or for going from development and testing into production, and NSX can provide this, according to Stuhlmuller.
7. Disaster Recovery
Stuhlmuller said NSX plays a big role in disaster recovery scenarios, ensuring that networking and security configurations are kept in place when a failure occurs and workloads have to be moved across data centers. This is especially important for the kind of complex, multitier applications that many customers are running, he said.
8. Hybrid Networking Services
By putting networking and security services into their own container, NSX is a key enabling technology for moving workloads between different clouds -- which customers would do when they need to burst a private cloud app into public cloud to get extra capacity.
In a demo at VMworld, Guido Appenzeller, chief technology strategy officer in VMware's Networking and Security business unit, showed how virtual machines can be spun up on the Amazon Web Services cloud as secure members of an on-premise NSX network.
NSX is also part of VMware's "cross-cloud vMotion" technology, which allows running virtual machines to be moved from a private cloud to a public cloud. VMware executives gave a live demo in the VMworld keynote that showed a running VM being moved from a VMware private cloud to vCloud Air.
9. Metro Pooling
NSX makes it possible for customers to run virtual data centers in which compute, storage and networking are all driven through the hypervisor. Admins can use NSX to create pools of resources, each with their own distinct service level agreements and quality of service rules, which is core to the cloud computing model.
VMware calls this "metro pooling," and it lets customers run an app in multiple data centers with Layer 2 stretched across them, Stuhlmuller said.