12 New VMware NSX, Security And Kubernetes Products At VMWorld
Here are the 12 newest VMware products – from Kubernetes and Carbon Black to NSX and Workspace ONE – unveiled at VMWorld 2019 Europe this week.
12 Newest VMware Products And Projects
VMware launched a slew of new products and initiatives at VMWorld 2019 Europe on Tuesday around NSX, Kubernetes, Workspace ONE and made Carbon Black’s new cloud security portfolio available for channel partners to sell for the first time.
A significant area of focus for the Palo Alto, Calif.-based company at VMWorld Europe in Barcelona was around cybersecurity. VMware detailed new and expanded security solutions that advance its vision of intrinsic security by infusing more automation and reducing risks for critical applications and sensitive data.
“VMware is shifting the balance of power from attackers to defenders by removing the complexity inherent with cybersecurity,” said Sanjay Poonen, chief operating officer, Customer Operations, at VMware, in a statement. “VMware believes we have to stop adding more and more complexity in an effort to solve cybersecurity challenges, and instead use our infrastructure as part of the solution. In short, we must make security intrinsic.”
Here are the twelve biggest VMware products unveiled at VMWorld Europe in Barcelona on Tuesday.
New Carbon Black Cloud Solutions
In a move to become the market leader in endpoint security, VMware acquired Carbon Black in September for approximately $2.1 billion. VMware has since launched a new security business unit under the leadership of former Carbon Black CEO Patrick Morley focused on helping customers with endpoint and workload protection as well as advanced cybersecurity analytics to help stop attacks and accelerate response times.
At VMWorld Europe, VMware unveiled that it will offer several new Carbon Black Cloud solutions to customers.
The new Carbon Black offerings include Endpoint Standard for antivirus combined with endpoint detection and response; Endpoint Advanced which is Endpoint Standard combined with real-time endpoint query and remediation; and Endpoint Enterprise which is Endpoint Advanced in addition to advanced threat hunting and incident response.
Other new Carbon Black Cloud solutions include Workspace Security that combines behavior threat detection, next-generation antivirus and digital workspace analytics and remediation solutions; as well as Workload which is a new advanced cloud workload protection add-on for VMware vSphere.
All of the new VMware Carbon Black Cloud solutions will become available in VMware’s fourth fiscal quarter 2020, ending Jan. 31, 2020.
Dell Makes Carbon Black Cloud Its Preferred Solution
Dell Technologies, which owns a majority stake in VMware, announced that it will make Carbon Black Cloud – along with Dell Trusted Devices and Secureworks – the preferred endpoint security solution for Dell commercial customers. The new partnership aims to bring Carbon Black’s advanced endpoint protection to businesses of all sizes directly on Dell’s hardware.
VMware also unveiled a new joint solution with Dell dubbed Carbon Black Endpoint Standard with Secureworks Threat Detection and Response. The offering combines best-in-class antivirus and endpoint detection and response with advanced security analytics application, expanding security telemetry beyond the endpoint and into the network and cloud, according to VMWare.
“VMware is delivering intrinsic security through a comprehensive portfolio spanning the critical control points of security: network, endpoint, workload, identity, cloud, and analytics. Because we’re built-in, we’re everywhere apps, devices, and users reside,” said VMware’s Poonen. “This gives us a unique vantage point to be informed about what’s happening in a customer’s environment. With this knowledge, we can be proactive in hardening customers’ environments to better prevent threats.”
NSX Distributed Intrusion Detection and Prevention
VMware’s software-defined networking and security solution NSX now boasts a more than $2 billion run rate. The company is continuing NSX rapid innovation charge by launching NSX Distributed intrusion detection and prevention (IDS/IPS).
NSX Distributed takes the NSX platform’s Layer 7-capabable internal firewalling to the next level as it will now take advantage of VMware’s intrinsic understanding of the services that make up an application and match IDS/IPS signatures to specific parts of an application. VMware says this means an Apache server or a Tomcat server will only get signatures relevant to it, resulting in a much higher performance and accuracy through a lower false positive rate. VMware Service-defined Firewall with NSX Distributed IDS/IPS will allow customers to both micro-segment their networks and block internal traffic from stolen credentials and compromised machines.
NSX Distributed IDS/IPS has an expectation engine build-in to the hypervisor for single-pass analysis and elastic throughput scale with workloads. The solution is expected to be in beta in VMware’s fourth fiscal quarter 2020, ending Jan. 31, 2020.
VMware’s recently introduced NSX Intelligence that analyzes workload traffic and automatically generates security policies. NSX Federation is a new capability that allows customers to deploy and consistently enforce security policies generated by NSX Intelligence across multiple data centers.
NSX Federation will help enterprises simplify disaster recovery and avoidance and share application resources across data centers. Converged operations will simplify the overall security architecture and make it easier for customers to manage security policies, demonstrate compliance, and provide holistic context for security troubleshooting.
VMware said this type of efficiency and flexibility cannot be matched by traditional “bump in the wire” appliances and is a major difference between legacy and proprietary hardware-defined systems and an open, scale-out software solution like VMware NSX.
NSX Federation is expected to be in beta in VMware’s fourth fiscal quarter 2020, ending Jan. 31, 2020.
VMware Secure State Findings API
VMware Secure State delivers an Interconnected Security approach that enables deep visibility into cloud service relationships and correlates risk due to misconfigurations and threats across multi-cloud infrastructure. VMware said continuously verifying the overall security and compliance posture earlier in the CI/CD process is the next logical step in making security more proactive, automated and scalable for multi-cloud users.
To help customers achieve this, VMware announced on Tuesday the new VMware Secure State Findings API which will enable customers to build guardrails into the infrastructure provisioning pipeline. Native VMware Secure State rules or custom policies enable selective verification of configuration settings in near real-time during testing and staging of cloud infrastructure. Detecting security and compliance issues earlier will help companies scale security at cloud speed, minimize risk that’s being introduced into production-ready infrastructure, and accelerate time to market for releasing public cloud applications, according to VMware.
VMware Secure State Findings APIs will become available in the company’s fourth fiscal quarter 2020, ending Jan. 31, 2020.
New Cloud Native Master Services Competency
VMware’s biggest investment and innovation in 2019 has arguably been around Kubernetes. In December 2018, VMware acquired Kubernetes star Heptio for $550 million which included two of the original creators of Kubernetes, Joe Beda and Craig McLuckie. VMware is also slated to acquire DevOps specialist Pivotal Software, owner of the popular enterprise Kubernetes platform Pivotal Container Service (PSK).
To enable partners to drive Kubernetes, VMware announced its new Cloud Native Master Service Competency will enable partners to architect a Kubernetes-based platform supported by complementary technologies from the cloud native ecosystem for continuous delivery of applications. The competency builds upon VMware’s Pivotal Container Service (PKS) Solution Competency to provide partners with the capabilities to offer VMware PKS to their customers.
The Cloud Native Master Service Competency includes training around application deployment to a cluster, the containerization of applications, identifying proper pod security policy and admission control options, as well as implementation options for backup, cluster monitoring and logging. A prerequisite for the competency is needing to be a Certified Kubernetes Administrator (CKA).
VMware’s Master Services Competencies are a critical part of the company’s new partner program, VMware Partner Connect, set to launch in February. With now a total of six available to partners, the competencies recognize and validate services-capable partners while allowing solution providers to differentiate themselves.
Project Pacific Beta Program For vSphere
VMware’s Project Pacific will enable vSphere administrators to leverage the tools they already know to deploy and manage Kubernetes and container infrastructure anywhere VMware vSphere runs including on-premises, in a hybrid cloud and on hyper-scalers. Developers will be able to easily manage their application services and deployment using the Kubernetes tools they are familiar with.
On Tuesday, VMware unveiled a Project Pacific beta program which makes the solution available in early form to select partners and customers. There is an online application for partners to sign-up to be part of the beta program.
Chris Wolf, vice president and CTO, Global Field and Industry at VMware told CRN that Kubernetes is just one use case in Project Pacific. “Kubernetes is an important use case, but we have a broader vision here whereby having native Kubernetes APIs as the integration point for our stack, this makes it very easy for PaaS and SaaS offerings to be ported so they can be run locally on our stack as well,” said Wolf. “We see this as a broader vision beyond Kubernetes to really capture a broad range of apps and services going forward.”
Project Pacific will include fully integrated container networking, which simplifies Kubernetes implementation, deployment and management. It will also include integrated Cloud Native Storage that enables developers to provision any vSphere- supported storage on-demand in a fully-automated fashion.
Workspace ONE Privacy Guard
VMware’s Workspace ONE is a management platform that allows administrators to centrally control end users’ mobile devices and cloud-hosted virtual desktops and applications from both the cloud and on-premises deployment.
The company unveiled at VMWorld Europe a new privacy guard that provides transparency into how employee devices and business apps are being managed. With the new Workspace ONE Privacy Guard, employees have visibility into the data that is being collected as well as device permissions that are being requested by an application on both personal or corporate devices. Users will now receive notifications from Privacy Guard in Intelligent Hub that indicates when IT has changed any app or device management policies.
VMware built the Privacy Guard software developer kit into Workspace ONE productivity applications, including Boxer, Content, Notebook and Web to protect the privacy of employees when using these business apps. In addition, VMware has made the Privacy Guard software developer kit available to all application developers so they can provide the same level of transparency to their end users.
Revamped Workspace ONE
Besides security, VMware has added a slew of new capabilities to the Workspace ONE platform including the Trust Network Ingest API. With this API, partners can integrate with Workspace ONE Intelligence faster, ultimately enabling customers to take advantage of integration sooner. Additionally, VMware also announced that Zscalar, Wandera and Zimperium are committed to release their integrations with Workspace ONE Intelligence via this Trust Network API in the near future.
Also new to Workspace ONE, is a multi-factor authentication (MFA) which is now built directly into Workspace ONE Intelligent Hub app and Workspace ONE Access to enable IT to step up authentication requirements when deemed necessary without putting inconvenient roadblocks in the way of employees trying to access apps and workflows from Intelligent Hub.
“For too long, enterprise security and digital employee experience have been pitted against one another. There is a common misconception that when efforts are made to strengthen one area, the other must ultimately suffer. This simply is not true,” said Shankar Iyer, senior vice president and general manager of End User Computing for VMware in a statement. “Through many of the innovations announced today, Workspace ONE enables an organization to provide a productive and engaging employee experience while simultaneously embracing a zero trust security model.”
VMware Tightens Microsoft Partnership
VMware is doubling down on its strategic partnership with Microsoft.
At VMWorld VMware introduced Workspace ONE for Microsoft Endpoint Manager to accelerate Windows 10 management. The two companies said they will partner to develop this new solution to enable modern management for Windows 10 devices. The first phase of the integration is expected to be made available by the middle of calendar year 2020 and will focus on the employee experience for Workspace ONE for Microsoft Endpoint Manager customers including onboarding workflows and self-service access to enterprise services and applications.
Additionally, VMware will extend conditional access for Microsoft 365 apps and services via Workspace ONE and integration with Microsoft Endpoint Manager and Azure Active Directory Premium across bring your own (BYO) use cases. VMware will extend Microsoft Windows Virtual Desktop capabilities to customers using Horizon Cloud on Microsoft Azure.
“This year, Microsoft has deepened its relationship with VMware to generate significant value for our customers across cloud, client, apps and core infrastructure,” said Jason Zander, executive vice president of Microsoft Azure in a statement. “As evidenced by our news across multiple areas today, we continue to collaborate across our businesses to deliver solutions to our customers that help them advance digital transformation – no matter where they are in their journey.”
VMware Cloud Director For VMware Cloud on AWS
VMware Cloud Director service is the company’s new Software-as-a-Service (SaaS) version of its popular VMware vCloud Director service-delivery platform. With multi-tenant capabilities, MSPs will now be able to easily share a pool of VMware Cloud on AWSv capacity across multiple tenants.
VMware said this will reduce providers’ overall costs while providing the flexibility to right-size VMware Cloud on AWS environments for mid-market enterprise customers. Initially, the VMware Cloud Director service will support VMware Cloud on AWS and will evolve to operate and manage other VMware-based clouds.
“VMware’s strategy is to offer partners consistent cloud infrastructure and operations that support their customers’ multi-cloud strategies, and enable them to simultaneously employ both asset heavy and asset light business models,” said Rajeev Bhardwaj, vice president of products for VMware’s Cloud Provider Software Business Unit in a statement. “For the first time, VMware Cloud on AWS will support multi-tenancy through the new VMware Cloud Director service, enabling MSPs to more quickly and easily create full software defined data centers in the AWS cloud for small- and medium-sized enterprises.”
VMware announced a tech preview of Project Path at VMWorld, which aims to help cloud providers and MSPs adopt new business models to generate new value, revenue and improved margins to their cloud businesses.
VMware said cloud providers are looking to expand their business model to offer VMware Software Defined Data Centers (SDDC) running in the major public clouds without owning and operating the underlying cloud infrastructure. These “asset-light” business models have created the need for Project Path, according to VMware, which will enable cloud providers to unify service delivery and operations for VMware-based clouds running both in their own data centers and in public clouds.
“With Project Path, partners will be able to accelerate their delivery of both VMware-based and native public cloud services, to more efficiently support customer operations across clouds, and better meet customer needs by deploying applications to whichever cloud best suits their business or IT requirements,” said VMware’s Bhardwaj.
Project Path will build on and expand on foundational capabilities of the VMware Cloud Provider Platform -- VMware vCloud Director and VMware Cloud Provider Hub --and be rolled out in phases to unify management and operations across all VMware cloud endpoints. These include the partners’ own clouds, VMware SDDCs running in AWS, Azure, Google Cloud, IBM Cloud, or Oracle Cloud, as well as native public clouds. Cloud providers will be able to deliver a suite of services such as self-service multi-tenant IaaS, containers, migration, backup, disaster recovery, object storage, Database As-A-Service, security, application templates, and more—on any VMware cloud endpoint.