VMware Enhances Software-Defined Network and Security Stack for Virtual Cloud Networking
(Pictured above: VMware CEO Pat Gelsinger on stage at VMworld in San Francisco, Aug. 27.)
VMWARE VMWORLD — VMware on Tuesday made several announcements around its software-defined network (SDN) architecture and virtual cloud networking strategy designed to bolster deployment of the software-defined data center (SDDC).
VMware introduced VMware NSX Advanced Load Balancer; a new and enhanced network and security analytics capability delivered through vRealize Network Insight 5.0 and NSX Intelligence; and enhancements to VMware SD-WAN by VeloCloud, a hyperscale cloud networking solution.
The news comes out of VMworld in San Francisco.
“Clearly NSX is the leading market platform for software-defined networking. Ultimately, when you look at your data center you have a lot of networking gear, and simply too much hardware,” said Pat Gelsinger, VMware CEO. “It’s not economical, it’s not distributed, it’s difficult to scale out. Simply put, it’s time to move that into software. And the results we’re seeing from customers who have made that move to a complete software-defined solution, replacing their hardware, are stunning. Over 2,000 customers — 59% capex and 55% opex reductions.”
The new VMware NSX Advanced Load Balancer is a distributed application deliver controller (ADC) built for the cloud. VMware got the technology from its recent Avi Networks acquisition. VMware NSX Advanced Load Balancer is the rebranding and relaunch of what was formerly the Avi Networks Platform. Avi Networks offered multicloud application delivery services.
The product provides a software load balancer and intelligent web application firewall, combined with advanced analytics and monitoring. Customers can dispatch services, such as load balancing and web application firewall, to any application on any cloud, running on VMs, containers or bare metal, using a centralized interface.
“This architecture is software-defined; so, this is a modern, purpose built, application delivery controller with no hardware dependencies that can run in any cloud. It can run in the data center or at the edge all through a single centralized control plane,” said Chris Wolf, chief technology officer, Americas, at VMware.
VMware has seen significant velocity for SD-WAN by VeloCloud and announced the ability to deliver hyperscale SD-WAN by having thousands of gateways across every major cloud provider, and hundreds of underlay carrier networks globally. VMware SD-WAN by VeloCloud (VMware acquired VeloCloud in December 2017) allows customers to add new branch offices and increased application traffic dynamically to its stateless gateways without disruption to end users.
The cloud gateways provide the automated one-click on-ramp to all major public cloud providers, and to VMware Cloud Foundation running in private data centers. VMware and Dell EMC also announced a co-branded SD-WAN service powered by VMware.
NSX Intelligence, a new distributed analytics engine, is built into the NSX-T network and security platform. Together with VMware vRealize Network Insight, users get improved network and security operations for the virtual cloud network. NSX intelligence provides continuous data center-wide visibility for network and application security teams, to help them deliver a more granular and dynamic security posture, streamline compliance analysis and streamline security operations.
“NSX Intelligence is transformative technology,” said Wolf. “We’re baking in analytics in a distributed fashion, running across every server in the environment, and we’re able to capture 100% of the flows — and we’re able to do automation based on that.”
The latest release of vRealize Network Insight provides end-to-end visibility and troubleshooting of physical and virtual infrastructure from the data center to the network edge with new support for VMware SD-WAN and into AWS, VMware Cloud on AWS, and now Azure. VMware vRealize Network Insight 5.0 enhances NSX operations management by extending the PCI compliance dashboard for NSX-T, detecting audit changes for firewall rules, and tracking Virtual Tunnel Endpoint (VTEP) latencies.
The latest enhancements to NSX-T 2.5 include a native cloud enforcement node that allows users to increase security of public cloud workloads using native cloud security controls; FIPs 140-2 compliance; the ability to apply Layer 7 application ID-based or context aware rules to the NSX edge (gateway) firewall for north-south traffic; support for Layer 7 ID-based distributed firewalling in KVM environments; VPN enhancements for multitenancy; and packet mirroring for east-west traffic monitoring via service insertion.