Is networking really exciting again? Sometimes that statement feels like a bit of a punchline when discussing all the advances in storage and virtualization. When you factor in the huge impact that cloud computing is having on enterprise IT it can feel even more amusing that networking could be at all important to the real world of the future.
However, networking really is doing some great and wonderful things. I had the chance to attend the Virtual Cloud Network Deep Dive in Palo Alto recently as a guest of VMware. It was an event open to the public and I had the good fortune to strike up a conversation with some great people from a local university. They told me that they were responsible for a large part of the virtualization infrastructure at their school. They even have a VDI deployment! But when it came to network virtualization and NSX they were looking at it with a fresh perspective.
Networking Through New Eyes
Sometimes networking people forget that networking is indeed hard. People that have spent their career in networking are familiar with all the little nuances it takes to make something work. As we add layers on top of something as simple as a switch port the complexity of the system increases by orders of magnitude. Increased complexity reduces uptime and also increases the time that it takes to provision new systems. As is often pointed out in presentations, the network is the bottleneck for deployment.
That’s where NSX comes in to play. Through the presentations during the Virtual Cloud Network Deep Dive, the VMware experts did a great job of explaining how NSX can augment your networking architecture to remove complexity and increase performance in the network. And they did it by laying out the IT organization as it has grown over the years.
When VMware was still a “new” thing, the idea of doing networking inside of a hypervisor was crazy. The original vSwitch had almost zero functionality. It could connect to other systems and that was about it. When Cisco introduced the Nexus 1000v virtual switch to the mix it really showed how a networking company could configure these software devices to provide real networking functions. VMware took that idea and ran with it after acquiring Nicira in 2012. Nicira is the foundation for what would later become NSX.
What makes NSX so different? The Deep Dive points out that NSX is a network virtualization layer. It’s more than just a software switch. It’s a change in the way we think about connections between devices. It’s more than just a virtual switch port. It’s security and availability and mobility all wrapped into one console. Because NSX lives at all the points of the virtual infrastructure, it can offer load balancing at a VM level. It can ensure that VMs are available across the enterprise data center and across the cloud. But what it’s really, really good at is security.
A Fresh Take On Security
Security is the hardest part of the networker’s job. We spend all our time making things available and the security team comes back in behind us and makes them unavailable. Things like firewalls and intrusion prevention systems (IPS) are designed to keep systems from being reached from a variety of locations. We build walls to keep people out. But what if we don’t provide pathways between those systems in the first place?
Microsegmentation is the most important thing you’re going to see at the Virtual Cloud Network Deep Dive. The idea that we can prevent two systems or groups of systems from communicating at all turns the security paradigm on its head. Now, we don’t need to keep piling boxes and boxes in the middle to prevent something from happening. We can instead just make sure it is never allowed to occur. Instead of constantly monitoring to see if there is a problem we can sleep easy at night knowing that everything is secure.
Another huge part of this security aspect was a neat demo of the Application Rule Manager (ARM). One of the hardest parts of figuring out how to secure an application is knowing what resources it uses. If a developer has called resources in a non-standard way it can be a nightmare to secure while still ensuring that users are able to make the application perform to their needs. With ARM, you don’t have to guess any longer. You can profile applications to ensure they are operating securely. You can discover the ports and flows they need to operate and ensure that they can only communicate with necessary systems.
That’s the real power of microsegmentation to me. You can identify things that need to talk and then make sure they can only talk to each other. There’s no need to open ports all over the network to permit communications. You can monitor for a day or a week and then lock everything down. And if there is an exception to the rule you’ll see it right away and be able to deal with it. Perhaps it’s a new function that needs to call an update server. Or maybe it’s a malicious piece of code trying to install something it shouldn’t. In either case, ARM will tell you and let you make a rule to permit or deny without the need to spend hours investigating.
Bringing It All Together
Thanks to VMware, I was able to see NSX through new eyes. The Virtual Cloud Network Deep Dive gave me a chance to understand how NSX can power networking, cloud, and security at the same time. NSX really is becoming more than just a silo in the data center. It’s a compatibility layer that allows all parts of IT to work together seamlessly and provide secure, reliable communications between systems whether they’re in the same rack or half a world away. If you have the chance you need to check out the next stop of the Virtual Cloud Network Deep Dive. Use that link to find the nearest one and attend for free! All you have to do it sit and learn and you’ll find the future of networking, security, and cloud is much easier than you might imagine.