The shift by enterprise IT vendors from hardware box makers to software and services vendors has been ongoing for several years as OEMs have looked to adapt to the rapid changes in a tech world that is becoming application- and data-centric.
Companies like Dell Technologies, Hewlett Packard Enterprise, IBM and Cisco Systems have been out front with their transformation efforts to keep pace with the impacts that the cloud, edge computing, the Internet of Things (IoT) and the massive amounts of data being generated are having on the industry. They’re leveraging automation technologies, artificial intelligence (AI) and machine learning, and analytics and creating a presence in the cloud, including through partnerships with major public cloud providers like Amazon Web Services, Microsoft Azure, and Google Cloud.
The changes have been amplified by the ongoing COVID-19 pandemic, with enterprises suddenly having to manage and secure widely distributed workforces and turning to cloud services, all of which have accelerated moves by companies like Hewlett Packard Enterprise, Dell, and Cisco Systems to offer all or most of their products as a service in the next few years.
VMware is another vendor in the mix. The company that began life selling virtualization software for datacenter systems is now a growing player in the hybrid cloud world, with its growing VMware Cloud Foundation hybrid cloud platform, strong partnerships with Dell – which owns more than 80 percent of VMware – and AWS and an expanding presence in Azure and Google Cloud. Foundational to VMware’s efforts is the network and, in particular, NSX, the vendor’s software-defined networking (SDN) platform and the various parts of its, including the software-defined WAN (SD-WAN) inherited when it bought VeloCloud in 2017.
VMware is now plotting out what it’s calling the modern network, designed for a highly decentralized IT environment the includes large numbers of remote workers and applications that need to be securely accessed quickly from anywhere. Such a network is a key part of VMware’s Project Monterey, a strategy outlined in September during its virtual VMworld event aimed at building a modern hardware architecture for VMware Cloud Foundation to run modern workloads. VMware is collaborating with Intel and Nvidia on the effort, essentially offloading virtualization and security functions onto the SmartNIC and freeing up the CPU to run other tasks and reducing costs.
Making what had been hardware-based functions – such as load balancing and firewalls – into software tasks housed in SmartNICs and creating a highly configurable, automated and cloud-like scenario is a key part of that strategy, according to Rajiv Ramaswami, chief operating officer for products and cloud services at VMware.
“The [modern] apps are modular, they’re often born in the cloud, then adapted to the user and market demands, and these applications need to be available across any location and on any device. Rapid innovation, along with frictionless consumption, is really what they’re all about,” Ramaswami told journalists in a recent conference call. “Our customers want to enable their employees to access their apps wherever they are. They want to bring public cloud principles to their private cloud and it’s not just about launching a virtual machine. It’s about launching a full workload. That means configuring the network, implementing security policies, configuring the load balancers and more. These solutions all have APIs today, but it’s still difficult to automate … because largely the APIs are still fairly primitive. We all know that partial automation means a ticket.”
The vendor is seeing strong adoption of the networking capabilities in its cloud platform, which it says offers the automation and configurability that will be key in modern networks. More than 18,000 organizations are using the VMware Cloud Foundation Network solution to quickly deploy, manage and update network tasks in cloud-like fashion from the datacenter to the branch. The company this week began putting in place pieces that will build off these capabilities as part of VMware’s Modern Network Framework.
The traditional datacenter network – with distinct devices that include switches, routers, firewalls, IDS/IPS systems and load balancers – deployed separately and configured manually via ticket systems take a bottom-up approach, where the application must use the infrastructure available, Ramaswami said. VMware’s view is that the network infrastructure serves the application, understanding the demands and being configured to meet those needs. It addresses what VMware calls three pillars – ensuring developers can securely connect microservices while maintaining availability and low latency, making network services that are automated and defined in software and having an infrastructure that provides high-capacity and low-latency connectivity. All this essentially mirrors what is available in the public cloud.
Ramaswami used a worker in South America on a Zoom call. Rather than sending the traffic to their company’s datacenter in the United States where security like firewalls are deployed before heading to Zoom’s operations in the cloud, a more modern network will take the datacenter architecture and make it available in points of presence (POPs) around the world, essentially moving security to where the traffic is. This set up fits better in a world with 5G and edge computing and improves latencies and security.
SmartNICs – intelligent network interface cards that can run VMware software and related services – are central to the Project Monterey strategy and VMware said that its NSX Services-Defined Firewall will be available via a SmartNIC. Tom Gillis, senior vice president and general manager of VMware’s Networking and Security business unit, said SmartNICs are a hybrid of agents and network devices. The goal is to eventually add other capabilities to them beyond the Layer 4 firewalls – Layer 7 IDS/IPS, Layer 3 switching and routing and VMware’s ESXi hypervisor, which will include management capabilities like vMotion for moving workloads from one bare-metal server to another.
“It sounds like alchemy, but taken together, this is a very, very powerful set of capabilities that will be running in the network interface card and open up a whole new type of deployment for virtualization, a kind of hybrid virtualized-slash-bare metal implementation,” Gillis said.
He noted that such a capability would be important for an application like a high-performance database, a system that holds key sensitive information and yet is not often patched. Organizations don’t tend to virtualize it and don’t want to put an agent in it.
“They’re the most vulnerable and yet they’re the most valuable,” he said, adding that “being able to put a Layer 7 firewall in the NIC and have it operate with effectively an air gap, because it’s not running in the memory of the host … is a transformative capability for security.”
Ramaswami also noted that by putting the firewall tasks into SmartNICs, enterprises will see 20 terabit-per-second throughput – a greater capacity than what they can get from a hardware-based firewall – at a third the cost.
VMware also is bulking up its Tanzu Service Mesh, which controls communications between the thousands of components in the modern network, enforces security policies and ensures performance. The company has an attribute-based access control policy in preview that addresses the proliferation of disparate mobile devices on the network, pushing out the policies to the endpoints and having those devices report back to identify what they, where they’re coming from and that their status is rather than forcing the firewall to try to anticipate scenarios and build policies accordingly. The vendor also is integrating NSX Advanced Load Balancer into the service mesh to make it easier for developers leveraging Kubernetes to launch applications that have the necessary load balancing capabilities for greater availability and security. The integration will be available early next year.
In addition, VMware unveiled Project Antrea, an open-source project that delivers Kubernetes security and networking wherever Kubernetes runs. Essentially developers can deploy their own network solution to enable containers to talk to each other within a network cluster.
“We built it in a way that it connects to NSX for a two-tier approach,” Gillis said. “Antrea provides all of the security services, all the connectivity that a developer is going to care about, but when I need to make a connection across clusters or from a cluster to a VM [virtual machine], NSX provides that bridge. This two-tier architecture is highly scalable. It operates at what we call cloud scale, where you’ve got tens of thousands or hundreds of thousands of these little containers that need to be managed.”
Addressing the work-from-home scenario, VMware is bolstering it’s the monitoring and management software in its SD-WAN technology to include the ability to validate that applications can run across both physical and virtual infrastructure by improving troubleshooting, another step toward self-healing networks. In addition, the vendor is offering SD-WAN work-from-home subscriptions to its Future Ready Workforce Solution. Flexible financing models, including subscriptions and pay-as-you-go, are important parts of the larger as-a-service push from vendors.
In this case, remote workers can ensure network connectivity and application performance – with bandwidth ranging from 350 Mb/sec to 1 Gb/sec – at a price that is paid on a monthly basis.