Tom Gillis (VMware)
VMware has pumped out a key version of its core networking software with over 100 new features and added security and application-management support all designed to help customers build and run large scale virtual networks.
These enhancements are part of NSX-T30, the latest version of VMware's flagship networking package that supports everything from private or public cloud-native applications to bare-metal workloads running on multivendor hypervisors.
It also supports network-virtualisation stacks in Amazon Web Services (AWS), Microsoft Azure, Google Cloud, IBM Cloud as well as leading Kubernetes container technologies.
NSX-T is the underpinning for VMware’s software-defined Virtual Cloud Networking architecture that defines how enterprises can build and control network connectivity and security from the data centre across the WAN to multi-cloud environments.
Tom Gillis senior vice president and general manager of VMware’s networking and security business said Virtual Cloud Network customers now exceed 15,000, including 89 of the Fortune 100 and eight of the top 10 telcos, and has grown on average 50 per cent each fiscal year since its introduction in May of 2018.
“The driving idea enabled through NSX and the Virtual Cloud Network is to let customers have a public cloud experience and efficiencies, on-premise, removing the inefficient IT ticket requests and long waits for networking and security changes,” Gillis said. “Our data shows customers can experience as much as a 59 per cent reduction in capital expenditures and 55 per cent reduction in operational expenditures over traditional networking solutions with VCN.”
Analysts said VMware has number of goals with VCN and NSX.
“From a customer perspective, they’re seeing that VMware is evolving and extending its Virtual Cloud Network portfolio in an attempt to the meet the changing needs of the distributed applications and workloads that are increasingly critical to business outcomes and success," added Brad Casemore, research vice president of data centre networks at IDC.
"The network must be intelligently automated, serve traditional and modern applications, and support a mix of underlying infrastructure (VMs, bare metal, containers).
"VMware’s goal is to make NSX invaluable to the VMware installed base as those customers modernise their on-premises data centre network infrastructure and similarly seek to provide consistent network and security polices for modern applications running in public clouds.
"As the data centre becomes distributed in a multi-cloud world, the data centre network must become a multi-cloud data centre network. On the VeloCloud [VMware’s SD-WAN offering] side, the focus is on modernising the WAN to accommodate delivery of these applications to the branch."
One new feature of NSX is the ability to control and synchronise multiple virtual networks as a single entity. Called NSX Federation, the feature lets customers set network configuration, management and policy setting across large environments.
NSX Federation would let customers generate “fault tolerant zones” where they could contain network problems in a single zone, minimising problems and preventing them from spreading, VMware stated.
Another feature has security policies attach to and move with workloads, ensuring that policy compliance is maintained during workload failover or migration between locations, wrote VMware’s Umesh Mahajan, senior vice president of NSX in a blog about the upgrades.
Related to security, the Service-defined Firewall in the NSX platform has been enhanced as well.
“NSX Distributed IDS/IPS is an advanced threat-detection engine purpose-built to detect lateral threat movement on east-west traffic across multi-cloud environments,” Umesh stated. “Unlike traditional architectures that hairpin traffic to discrete appliances, NSX Distributed IDS/IPS distributes the analysis out to every workload and curates the signatures evaluated by each engine based on precise knowledge of running applications.”
The firewall is further enhanced with the implementation of URL Analysis for URL Classification and Reputation. The edge firewall detects access from outside the data centre for granular detection and categorisation of in-bound and outbound URLs, Umesh stated.
NSX-T 3.0 also lets customers extend networking services by deploying NSX-T directly with the recently released VMware vSphere 7.0. In March, the company rolled out its Tanzu technology across its major software components, including vSphere and Cloud Foundation in a major revamp of its key virtualisation families.
By embedding Kubernetes into the control plane of vSphere, it will let customers converge container and VM workloads onto a single platform with a single hypervisor, VMware stated. NSX provides the underlying networking support for all of the new software.
“NSX Federation will provide a means of Implementing fault-isolation domains and global policies synchronised across all locations," Casemore said.
"Other new features in NSX-T 3.0 include the ability to extend L2-7 container networking services to the recently released VMware vSphere with Kubernetes and VMware Cloud Foundation 4 platforms, the VMware Tanzu portfolio, and non-VMware Kubernetes platforms. This is all about making NSX useful across a heterogenous, hybrid, multi-cloud landscape."
In addition to NSX, VMware also rolled out VMware vRealize Network Insight 5.2, the company’s network visibility and analytics software.
The new software features machine learning support for Flow Based Application Discovery will automatically group VMs into applications and tiers for a better understanding of what is occurring on the infrastructure, VMware stated.
“vRealize Network Insight 5.2 has new end-to-end visibility of the network path from VM through to VMware Cloud on AWS including the AWS Direct Connect section. For VMware SD-WAN users, there will be additional visibility into SD-WAN application and business policy support,” VMware stated.
Casemore said that VMware vRealize Network Insight 5.2, now flow-based application discovery, will help set policy and troubleshoot.
“Other vRNI enhancements include AWS Direct Connect support (for hybrid networking), VMware SD-WAN application and business policy statistics (again, useful in a hybrid or multi-cloud context), enhanced Kubernetes visibility, and support for VMware NSX-T 3.0," he added.
"The latter, of course, is absolutely essential, especially with NSX-T serving as an overlay that extends across heterogenous application environments and infrastructure."
In addition to the product announcements, VMware said it was deepening its integration with Microsoft Azure by developing support for Microsoft’s Azure Edge Zones and Azure Private Edge Zones.
The Edge Zones deliver Azure services and enable customers to deploy and run virtual network functions including VMware SD-WAN by VeloCloud across Azure regions and on-prem Azure Edge Zones.
VMware said NSX-T 3.0 is available now and VMware vRealize Network Insight 5.2 is expected to be available in Q1 of VMware’s FY21 which ends on May 1, 2020.
