VMware is emphasizing that its Virtual Cloud Network strategy needs to be fully embraced by a market that says it wants private clouds, but is too often content to run them in an inefficient old-timey way.
VMware recently released a set of product updates around their Virtual Cloud Network strategy using NSX, following up on a more substantial set of updates announced at VMworld. The key thing here is not the announcements themselves, although they will have significant impact in the areas they address. What matters more is how forcefully VMware is pushing their vision to both partners and customers that the traditional way companies, including VMware, have handled networking must give way to make the private cloud more like the public cloud.
“The product news is here is relatively incremental, with continued steady enhancements,” said Tom Gillis, senior vice president and general manager, networking and security business unit at VMware. “The concept behind the news is subtly different however. That concept is that 100% of the time the customers want their private cloud to behave like the public cloud, and if they don’t get that, they will go to Amazon.”
VMware has been stating for some time that traditional hardware-centric networking models are obsolete and that their Virtual Cloud Network, already being used by more than 18,000 customers, is the wave of the future. Gillis emphasized, however, that obsolete thinking about networking continues to guide many organizations’ private cloud strategies.
“There’s a meaningful discussion in the industry about modern apps,” he said. “Yet the networking that supports it in a private cloud environment is still totally old school. So many customers haven’t fully embraced the private cloud operating model. They want public cloud ease of use in private cloud infrastructure – but they still use a ticket system to update a firewall rule. They want the public cloud experience – but are willing to wait six weeks to get a private cloud deployed. If you are serious about making a public cloud experience in the private cloud, the biggest thing holding you back is networking. It’s still built infrastructure up and not application down.”
Gillis said that this is as much a people issue and a process issue as it is a technology issue.
“Of course every modern device in the world has an API, but 75% of customers still open tickets to update their firewall rules, and it still takes weeks to deploy a private cloud,” he stated. “Customers are struggling to overcome these people and process issues, and they require channel partners to guide them. Changing the people and processes are much harder than changing a box. That’s why 75% of the universe out there has not fully embraced public cloud operating mode, has not embraced data centre automation. Partial automation isn’t automation. It’s a half-built bridge. You have to automate things like firewall and load balancers, and this can be a challenge in a container world. All these cluster- based networking solutions, including one from us, Antrea, do cluster level network as containers but it’s complicated and requires a ticket to span the namespace. You are back in the old IT model, where things take weeks instead of minutes. We intend to change that.”
Gillis noted that VMware groups their modern network principles into three buckets: modern apps connectivity services, multi-cloud network virtualization and physical network infrastructure.
“Each of the new enhancements fit into this framework, and each of them advance the cause of making the private cloud like the public cloud,” he said.
Several of the enhancements are related to modern apps connectivity services. One of them, VMware SD-WAN Work from Home Subscriptions, sounds like a consumer solution, and while it isn’t, it is designed to resemble one. Available today, they provide individual business users working from home optimized network connectivity, more assured application performance, and better security at an affordable low price.
“We developed our SD-WAN technology seven years ago when Work From Home was about 10% of that,” Gillis said. “Now, by using network virtualization, we are changing how you think about remote access. By virtualizing the WAN we do two things – create one link and do remarkable error corrections. We also solve the Zoom problem, and extend the corporate network right to your living rooms.”
VMware is also offering the Work From Home subscriptions at price points which are lower than the cost of a mobile phone line.
“It’s not a consumer product, but it works like one,” Gillis said. “We ship the boxes right to the homes, and we also provide the special pricing for people’s homes as well.”
Connectivity is also enhanced through a preview of an Attribute-Based Access Control policy model VMware Tanzu Service Mesh, which combines and controls large numbers of microservices into a full application. The idea is to bring “who, what, where, when and how” simplicity into modern application policy creation.
“One of the big challenges of a modern app is that instead of having three tiers, you have thousands of micro services,” Gillis indicated. “Basic firewall functions don’t work for that. Using open source Service Mesh, we implemented these into Tanzu. Understanding context in an access control decision is hard to do centrally so we distribute it.”
VMware is also announcing a futures here, an NSX Advanced Load Balancer integration with Tanzu Service Mesh that is expected to be available in VMware’s Q1 FY22.
“This integration is a programmatic interface that we developed so programmers using Kubernetes can launch an application with all the load balancing capabilities they need,” Gillis said. “They don’t have to configure a load balancer.”
VMware has also enhanced their monitoring and management software with new network modeling capabilities to verify an application is reachable across both physical and virtual infrastructure.
“This is a big deal,” Gillis said. “We get criticized for the fact that private clouds still have switches, that there is physical infrastructure, and we don’t manage it. Now we will test for reachability to make sure the physical networks are in place as well. This bridges the physical and the virtual.”
Another futures, this one for the physical network infrastructure, comes from Project Monterey, which was announced at VMworld, and involves a collaboration with leading hardware providers to deliver network and server virtualization that runs on a SmartNIC. Now, VMware is announcing that the NSX Services-Defined Firewall running on a Monterey SmartNIC will be able run stateful Layer 4 firewall services at line rate. These same SmartNICs will also be able to run Layer 7 stateful firewall, as well as VMware’s curated IPS signatures.
“In my opinion, this is a game changer, which changes the way computers work in the data centre,” Gillis said. “Pay attention channel partners! The most important use case is security. We can run a stateful Layer 7 firewall in the NIC itself. The use case is high performance databases. By putting a layer 7 firewall on the NIC, the firewall will run at wired speed.
“One of the things SmartNIC is introducing is the ability to create composable systems,” Gillis added. “You can now arrange them in ways that meet the needs of the application and not have to physically reconfigure physical servers. It’s a little bit of sci-fi, but its pretty cool.”
What this all means for channel partners is that the shape of the physical data centre over the next 36 months is going to change.
“Channel partners need to understand that so they can help customers through it,” Gillis said.