Tom Gillis (VMWare SVP) – Building the Network of the Future with the Virtual Cloud Network (Sep 2018)
Chapters
Abstract
The Evolution of Network Infrastructure: Embracing Virtual Cloud Networks and Software-Defined Security
Leading the Charge in Modern Networking: VMware’s NSX and Arista’s Innovation
In the rapidly evolving world of technology, traditional network infrastructures are increasingly challenged by their own limitations and rigidity. This article delves into the transformative journey of networking, highlighting the pivotal role of VMware’s NSX portfolio and its collaboration with Arista in redefining network infrastructure through software-defined solutions.
Virtual Cloud Networks: A New Paradigm
VMware’s vision for the Virtual Cloud Network (VCN) simplifies complex heterogeneous computing environments by providing a single layer of infrastructure defined in software. NSX Data Center, the pioneer in software-defined networking, forms the foundation of this vision. NSX has expanded to public clouds (Amazon, Azure) and bare metal clouds, with Hybrid Connect enabling seamless workload movement across clouds. NSX-SD-WAN extends software-defined networking to the branch, driving substantial success. AppDefense provides deeper insights into application behavior, aligning network and infrastructure needs.
An Overview of NSX:
– NSX offers a comprehensive solution for managing and securing virtualized environments through a single fabric.
– It is available across multiple platforms, including public clouds, containers, and bare metal, providing consistent policy management.
– Integration with Kubernetes and Arista switches further expands NSX capabilities.
NSX Everywhere: Extending the Reach
NSX’s reach extends to various environments, including native Amazon EC2 instances, VMware stack on Amazon cloud (VMC), and Azure. Integration into SD-WAN (VeloCloud) improves branch networking, while integration into physical switches through partnership with Arista enhances network security. Progress in extending NSX across various platforms includes native Amazon EC2 instances, VMware stack on Amazon cloud (VMC), and Azure. Integration into SD-WAN (VeloCloud) improves branch networking, while integration into physical switches through partnership with Arista enhances network security.
Migrating Legacy Applications to VMC:
– VMC presented a suitable target for migrating legacy applications from a legacy data center due to its seamless integration with VMware platforms.
– The ability to migrate without rewriting applications for cloud-native environments made VMC an attractive option.
Collaboration with Arista: A Synergistic Approach
Arista’s leaf-spine architecture and automation capabilities, proven successful in cloud environments, are equally applicable to enterprise networks. The collaboration between VMware and Arista resulted in an open framework for policy integration between NSX and Arista switches. Benefits of integrated security include a single plane of policy administration and protection at the virtual workload level. The framework for policy integration is open and extensible, allowing other partners to join and contribute to an open environment for automation. Both companies emphasize avoiding a proprietary approach, relying on partnerships and open APIs to complement their strengths.
Software and Automation: Simplifying Complexities
The goal of reducing provisioning time from 45 days to 0.45 seconds epitomizes the drive towards simplicity and efficiency. VMware’s integration with VeloCloud’s SD-WAN solution and Arista Cloud Vision exemplifies the simplification of complex processes, allowing for one-click deployments and extending NSX’s capabilities to containers. NSX offers end-to-end network connectivity across various components, including physical sites, e-commerce front ends, data centers, databases, and mainframe components. Collaboration with Arista Cloud Vision automates the setup of Access Control Lists (ACLs) in the physical infrastructure, and seamless integration with containers allows developers to easily manage networking aspects through the NSX dashboard. NSX provides centralized management and visibility for all networking components, including virtual and containerized environments.
Building a Cohesive Infrastructure:
– NSX aims to stitch together heterogeneous infrastructure components, creating a unified fabric for efficient policy management.
– The use of NSX in various environments, from core to cloud to edge, ensures consistent networking and security policies.
Machine Learning-Driven Automation and Security in Network Management
A machine learning model autonomously detected anomalous behavior in a Windows server’s communication patterns, specifically LSAS communicating over port 389. The machine learning model, trained on extensive data from Goodware, identified the observed behavior as normal based on similar patterns observed in numerous other instances. Based on the machine learning model’s assessment, the system declassified the anomalous behavior as normal, updating the application manifest to reflect this change. The system automatically updated the firewall rules in NSX to allow the newly identified normal behavior, ensuring seamless communication without human intervention. The presentation highlighted the synergy between understanding application composition and automating security responses based on machine learning insights. The speaker emphasized the concept of efficiency and security coexisting, showcasing how automated security measures can enhance security without compromising operational efficiency.
Kubernetes and Public Cloud Connectivity
NSX’s integration with Kubernetes simplifies the setup of security and networking for containerized applications. It also supports connectivity to public clouds like AWS and Azure, enabling administrators to manage networks across different platforms seamlessly.
Enhancing Security with AppDefense and Micro-Segmentation
VMware’s focus on intrinsic security is evident in its hypervisor-based solutions and AppDefense technology. AppDefense’s approach to “freezing” infrastructure in a secure state and focusing on known good behavior marks a significant shift from traditional security models. The integration of AppDefense with micro-segmentation in NSX further strengthens network security, dynamically adjusting policies in response to application changes.
Customer Insights: Cerner and Sky’s Experience with NSX
The experiences of Cerner and Sky with NSX underscore the importance of adaptable, secure, and compliant cloud management. Their emphasis on automated controls and rapid innovation aligns with NSX’s capabilities, demonstrating the practical impact of VMware’s solutions in real-world scenarios.
Key Takeaways:
– NSX provides a comprehensive solution for heterogeneous environments, enabling consistent policy management across clouds, containers, and physical infrastructure.
– The integration of AppDefense with NSX and vSphere Platinum automates adaptive micro-segmentation, enhancing security.
– VMware will host a breakout session on security, showcasing AppDefense and its integration with vSphere.
– Sanjay’s session on SD-WAN provides insights into another widely sought-after solution.
– A raffle will be held, granting one lucky attendee a dinner with Tom Gillis and a golden ticket experience.
– 100 attendees will receive free VMUG and Coursera courses as part of the event.
Unified Fabric and Enhanced Security
NSX provides a unified fabric for policy management across varied infrastructures, including vSphere, containers, and public clouds. The integration with Kubernetes and the implementation of adaptive micro-segmentation enhance security measures, making NSX a comprehensive solution for modern network challenges.
Conclusion
VMware’s NSX and its collaboration with Arista represent a significant leap in networking technology, offering scalable, flexible, and secure solutions. The integration of software-defined networking, intrinsic security, and automation redefines the landscape of network infrastructure, meeting the demands of modern technology and setting a new standard for future developments.
—
This article encapsulates the transformative journey of network infrastructure in the era of virtual cloud networks and software-defined solutions. With a focus on VMware’s NSX and its collaboration with Arista, it highlights the significant advancements and their implications for modern networking.
Notes by: Hephaestus