Is Network Virtualization to stay?
The adoption for many is still new. In fact, most customers around the world has either yet to start, or just starting, or have a setup just running not at full scale.
Over the last two years, we see lots of solutions ranging from NS from VMware NSX via software to SDN from Cisco ACI via hardware. This then also started up many new comers from companies like Nuage Networks to vArmour.
Having meeting many customers from different industry and verticals the questions often been asked are like the below:
why this and not that?
what the different from your competitors?
isn't going to SDN or NV makes visibility more complex?
how secure is logical compare to physical?
While some of the questions and more cannot be explained in details, from a personal point of view it often drive down to a few factors:
1) Will the company be around in the next 3-5 years time?
Adopting a technology, you definitely want your ROI and supportability to last you the tenure the software support or beyond else you will have to do that exercise again. That can be a good consideration.
2) Can the technology or solution chosen be used in a multi-cloud, multi-platform environment?
The technology and solution chosen, will it work with multi-cloud in your organization or even some hosted in a public cloud where on premies you might be running VMware or Hyper-V and in the public cloud you might be running Amazon or Azure where there is a platform difference. Even today you ain't looking doing so, at least you won't be restricted. During VMworld 2016, VMware showcase the use of maintaining firewall policy on premies as well as on Amazon and Azure public cloud with its Cross Platform Services. This is a real tie breaker to many solutions on the market making it no longer platform dependent. The solution is protect your existing and future planning. Since you cannot dictate your public cloud vendor hardware nor software, the solution should not tie you down to one in particular that does. Now you not just get Application mobility but security portability be it within or across cloud keeping policy in check.
3) Will we lose visibility?
In fact, you gain by doing software defined or network virtualization. Reason is simple, today using existing tools typically only provide you the information on the physical space or physical fabric. This does not show you what is happening within the host especially when VM of the same communicate within each other on the same hosts. With NV, things has changed, with not only do you get to see information coming from the VMs, you also gain extra ways of performing troubleshooting.
4) How secure is it comparing to hardware?
In fact, most logical solution just like hardware have gone through proper security certification like FIPS and Common Criteria. In fact, even with physical air gap, penetration still happens. In fact, logical make costing cheaper and giving you better protection at fraction of the cost if you have gone using the hardware route. If you were to just look at NSX, it is run in the thin abstract of the hypervisor in kernel where nearline performance is provided. ESXi have never been breached and with its thin profile of 160Mb, unlike solution that depends heavily on OS which exposed many vulnerability upon penetrated.
In a summary, logical networking is just getting its adoption now. While we are so used to physical separation, industry is moving towards adopting logical separation away from what we used to do. With virtualization, we are now not only able to gain more visibility, scaling possibility without creating managing silo networks and as well as security and compliance mobility. On a contrary doing it on physical solution will incur a huge cost and creates overheads in terms of management and at scale, lots of silos.
With the preview of VMware NSX Cross Platform Service and last year on Distributed Network Encryption (DNE), this not open a great lots of opportunities where technology can create beyond what hardware has limits on, it also allows unrestricted application placement headache as security policy goes with the VM.
So what do you think? Share your view in the comments.