Before founding software-defined networking startup PlumGrid and then moving to VMware when he bought his company in 2016, Pere Monclus spent nearly 12 years at Cisco Systems at a time when, while much enterprise networking was still in the corporate data center, the move to network virtualization and migration to the cloud was beginning.
Cisco was dominant in the data center networking space and powered organizations with a steady stream of hardware, from routers to switches to silicon. The company carried a view of expanding its role in networking.
“At Cisco, we always believed that we should control the network end-to-end,” said Monclus, vice president and chief technology officer of VMware’s Networking and Security business unit. The next platform. “The idea was that we needed to control the edge of the network so that the core didn’t fall, because the core was where most of the markets were. We would have core routers, core switches and then we would go all the way to access to create the end-to-end network as a principle because from Cisco’s point of view what we were offering was a connectivity solution end-to-end with our protocols.
About a year after Monclus left Cisco to found PlumGrid, VMware bought Nicira for $1.26 billion, a move that allowed the company, which was already a significant presence in data centers through virtualization of its servers and storage, to absorb networking into its increasingly software-defined world. NSX and networking have evolved over the past decade to become a key part of VMware’s adaptation to a computing world that has extended far beyond the confines of the data center and into the cloud and at the edge. With containers, microservices, and Kubernetes, software now dictates hardware rather than the other way around.
It is also a world where the network is now a nexus that connects this increasingly decentralized computing environment, becoming the main passageway for applications and data moving between the data center, the cloud and the edge and a focal point for the organization’s security measures. All of this was on full display this week at VMware’s Explore 2022 conference, where the company touted its continued expansion into the cloud and to the edge and the central role of its networking portfolio in achieving this.
The evolution of networking at VMware has gone through several stages, says Monclus. At the time of the Nicira acquisition, companies would spend weeks or months setting up the network before the applications that would run on it could be put into production.
When VMware got into networking, the company heard from customers that they could quickly build an application and get a server up and running, “but it takes them weeks to set up the network,” he says. . “We started this journey with network virtualization and the first story [for networking] was about automation and agility. The question was, “If I create a virtual machine, can I just connect it to the network and assign it an IP address?” It was kind of the early days of network virtualization.
As more and more workloads and data moved out of the data center, network security became increasingly important, which is why VMware embraced micro-segmentation, a way to manage access to the network and separate workloads from each other to reduce an organization’s attack surface and more easily contain breaches by preventing lateral movement of attackers. The acquisition two years ago of network security startup Lastline helped power the vendor’s distributed IDS/IPS technology to complement the east-west protection provided by micro-segmentation.
In June, the company added to its lateral security for network and endpoint technologies an extensive threat intelligence capability called Contexa. It resides in the infrastructure and provides visibility into traditional and modern applications.
Over the years, VMware has built networking and security capabilities into the hypervisor and made them available as services in its own cloud offering and those of hyperscalers like Amazon Web Services and Google Cloud. He also makes NSX and its growing security capabilities, including those of Carbon Black, which he bought in 2019 for $2.1 billion, key parts of the multicloud strategy.
The Explore provider has rolled out a wide range of enhancements to its network and security portfolio, all aimed at making it easier for enterprises to manage and secure their multicloud environments. He also gave a glimpse of what the near-term future looks like with the introduction of a number of network and security-focused projects.
VMware is integrating network detection and visibility capabilities into the Carbon Black Cloud Endpoint Protection Program, an initiative now in early access that brings together visibility across both network and endpoints. It also adds threat prevention tools such as IDPS, malware scanning, sandboxing and URL filtering to its NSX gateway firewall and improved bot handling to the load balancer. Advanced NSX (ALB). The latter two – along with Project Watch, which aims to offer a continuous risk and compliance assessment model to multicloud environments – are part of VMware’s Elastic App Secure Edge (EASE), a strategy announced last year. to offer a range of data plan services around networking and security.
As we noted earlier this week, VMware is also adopting Nvidia’s data processing units (DPUs) for a number of its cloud-based offerings, including vSphere 8 and, in this case, NSX. Cloud providers like AWS and Oracle already use DPUs, and many in the industry believe that servers and other hardware in the near future will routinely include the chips. Monclus says customers will turn to DPUs – or smartNICs – for performance and security. For businesses such as telcos that demand high performance and whose data centers are revenue-generating facilities, it makes sense to allow processors to offload networking or compute tasks to DPUs.
There’s a tradeoff – they can save 15% on CPU usage, which they can resell to customers, but there’s also the cost of the DPUs themselves. However, where data centers are a cost factor, increasing security by taking advantage of the workload isolation offered by DPUs is likely to be a rapidly growing use case for chips, says Monclus.
In the near future, VMware has offered a preview of Project Northstar and Project Trinidad, as well as the aforementioned Project Watch. Project NorthStar is in technical preview and is a software-as-a-service (SaaS) networking and security offering that will provide services, visibility and controls to NSX users who can manage them through a control plane central cloud.
Services include NSX Intelligence, ALB, Network Detection and Response, and VMware’s Web Application Firewall.
“We’re taking the NSX control plane and turning it into a SaaS service to enable true multicloud solutions,” says Monclus. “When we have policy as a service, it works on vSphere environments but it works on VMware Cloud, VMware Cloud Network, AWS, Google, Azure, and we have the same advanced protection, we have the same load balancer. “
Both Project Trinidad and Project Watch aim to meet the needs of modern workloads, he says. They are not tied to physical terminals; instead, the API becomes the endpoint, he says. The Trinidad project uses AI and machine learning models to understand what the normal and expected east-west API traffic patterns between microservices are so that if anything out of the ordinary does arise, it can be quickly detected.
“We basically discover all the APIs, schemas, API data and we create a baseline and we can start from the baseline,” Monclus explains. “Project Trinidad introduces its deep AI/ML correlations between workflows and microservices.”
As noted, Project Watch brings continuous security, compliance and risk assessment as well as automated and encrypted connectivity between clouds – AWS, Google Cloud and Microsoft Azure – virtual private clouds (VPCs) and virtual networks ( VNET) and security operations and integrates workflows from areas such as security and cloud operations and lines of business into a single platform.
It also addresses the challenge of not only enabling networking and security to adapt to modern workloads, but also ensuring that legacy hardware that cannot make this change is secure.
VMware will assess and report on the security risks businesses face, providing the data needed to make decisions, he says, adding that the vendor wants to “create a continuous monitoring model similar to high availability, which uses the metric of three 9s, four 9s, and so on,” he says. “We’re trying to create a measure of how well your data center or applications are running from all points of security.”