Is VMware NSX more than just a security platform?
VMware’s vSphere hypervisor platform has solidified its place as the standard for data center server virtualization, and has grown to reach a mature market share. With recent layoffs in the vCloud Air group, VMware is also sounding more likely to abandon any plans to invest heavily in a competitive hybrid cloud solution. At least, VMware won’t directly take on AWS.
As demonstrated by its recent IBM partnership announcement, VMware is taking a partnering route for hybrid cloud. It’s clear the $1.2B purchase of network virtualization company Nicira is the future growth vehicle for VMware revenue.
SEE: Network Security Policy Template (Tech Pro Research)
VMware has called NSX their next ESXi. Is this just messaging to prop up their falling stock, or is there something to NSX? Let’s take a look at the value proposition of NSX to VMware customers.
More than micro-segmentation
VMware has made much of the $600M run rate NSX has currently. By most measurements, the product is an early success. The primary use case is the ability to offer increased network security for existing virtualized environments. So-called network segmentation has proved to be a major driver for NSX success. However, VMware will need more than a security story to reach the levels of ESXi success.
Micro-segmentation is the ability to filter network traffic at the virtual machine layer. Regardless of the network addressing, NSX filters traffic at scales previously unachievable. Micro-segmentation is an example of a feature that end users find once you put products in their hands. In a previous conversation with the former VMware Network Service business unit general manager, Martin Casado, Nicira never envisioned NSX’s predecessor as a micro-segmentation solution.
VMware is telling all who will listen about the additional advantages of NSX outside of security, giving extra weight to the cloud-native use case. VMware is determined to bring traditional networking to cloud-native architectures, but some question the value of bringing the enterprise network architecture to cloud-native environments.
Many in the cloud-native community have argued that the developers no longer require the overhead and complexity of enterprise network design. VLANs and centralized firewalls are all vestiges of a framework that’s going out of fashion. Former Netflix Architect, Adrian Cockcroft is an outspoken critic of enterprise micro-segmentation schemes. He often speaks of the advantages of spoken native trust no one (TNO) approach in AWS. The AWS architecture avoids the problem that micro-segmentation solves.
AWS doesn’t offer a concept of layer 2 networking. New applications are designed to work around the limitations of an IP-only network, and application developers have to give explicit permission to allow servers to communicate. If one of many web servers becomes compromised, default AWS security prevents an intruder from accessing web servers in the same virtual private cloud. In a traditional enterprise network, a solution such as NSX is required to perform similar protection.
On the surface, VMware has offered just what critics claim is outdated—enterprise networking in cloud-native environments. And, during VMWorld 2015, VMware announced the ability to run NSX within AWS.
SEE: VMware NSX: 3 different use cases (TechRepublic)
VMware’s argument isn’t only about bringing enterprise network habits and capabilities to cloud-native infrastructures. VMware’s primary pitch is that organizations will experience cloud lock-in if customers leverage native network APIs. By embracing NSX, customers can program to NSX’s API. The interface for consuming load balancing, security, and other network services becomes consistent across multiple clouds.
VMware is betting that, between the security use case and the yet to come embrace of enterprise cloud, customers will turn to NSX to manage networking. NSX has proven to provide a robust firewall solution, but the remaining cloud-native use cases are still in tech preview. If VMware is correct, and enterprises will embrace multi-cloud architectures, then NSX could very well be the next vSphere.
What do you think?
Are cloud industry experts such as Cockcroft correct in stating that VMware is chasing a market that doesn’t exist? Or, does VMware have a robust strategy for NSX beyond micro-segmentation?