At VMworld 2019 US in San Francisco, VMware has announced a new set of networking and security innovations. This includes the introduction of VMware NSX Advanced Load Balancer; new and enhanced network and security analytics capabilities, delivered through VMware vRealize Network Insight 5.0 and NSX Intelligence; and continued advancements of their hyperscale cloud networking solution, VMware SD-WAN by VeloCloud.
Collectively, these solutions would enable VMware to deliver the public cloud experience – a fully automated deployment of a data center workload – across any infrastructure, spanning from edge to private data centers, to public clouds. This agility can only be achieved through the automation of all network services, says VMware. It would require having all switching, routing, security and load balancing services defined in software, centrally managed, and running on distributed, general purpose servers.
“VMware brings the one-click public cloud experience to the entire enterprise through an automated, software-defined network architecture,” said Tom Gillis, senior vice president and general manager, networking and security business unit, VMware. “VMware is a leader in next-generation software-defined networking and security, delivering consistent, pervasive connectivity and intrinsic security to apps, data and users wherever they reside. We extend this virtual infrastructure across public and private clouds, all the way to the network edge, and our advanced analytics capabilities provide the visibility and troubleshooting needed to make the Virtual Cloud Network easy to operate.”
VMware NSX Advanced Load Balancer
The new VMware NSX Advanced Load Balancer (previously Avi Networks Platform) is a distributed application delivery controller (ADC) built for the cloud. It has an architecture that mirrors cloud principles. NSX Advanced Load Balancer would help organizations overcome the complexity and rigidness of legacy systems and ADC appliances with software-defined application delivery services.
NSX Advanced Load Balancer provides a software load balancer and intelligent web application firewall, combined with advanced analytics and monitoring. This would enable a fast, scalable, and intrinsically more secure application experience. The solution’s central control plane and distributed data plane deliver application services as a dynamic, multi-cloud fabric. This would intelligently automate decisions and provide “unprecedented” application analytics and on-demand elasticity. Customers can dispatch services, such as load balancing and web application firewall, to any application on any cloud, running on VMs, containers, or bare metal, using one centralized interface.
VMware SD-WAN by VeloCloud
VMware achieves hyperscale SD-WAN by having thousands of gateways across every major cloud provider, and hundreds of underlay carrier networks around the world. These gateways are stateless, and horizontally scalable, meaning that new gateways launch with no disruption to the end user. For customers this means new branch offices and increased application traffic can be added dynamically and automatically without reconfiguration. Changes, if necessary, can be rolled out dynamically to gateways without disruption to the end user. Customers can have tens of thousands of edges on a single network.
The cloud gateways provide the automated one-click onramp to all the major public cloud providers, and to VMware Cloud Foundation running in private data centers. With VMware’s hyperscale SD-WAN solution customers would be able to achieve rapid speed of deployment, improved application performance, better network resiliency and simplified WAN operations.
Pervasive, End-to-End Visibility and Analytics
NSX Intelligence is a new distributed analytics engine built natively into NSX-T. Together, VMware vRealize Network Insight and NSX Intelligence would deliver comprehensive visibility, analytics and troubleshooting to improve network and security operations for VMware’s ‘Virtual Cloud Network’. NSX Intelligence provides continuous data center-wide visibility for network and application security teams, helping them deliver a more granular and dynamic security posture, simplify compliance analysis, and streamline security operations. NSX Intelligence provides deep insight at the packet level into virtualized and containerized workloads. This would allow for intuitive, highly automated network and security policy generation and enforcement.
NSX Intelligence would help eliminate blind spots to reduce security risks and accelerate security incident remediation through visualization and deep insight into every flow across the entire datacenter. Customers would gain holistic context for security troubleshooting and improve collaboration between infrastructure and security teams through a converged pane for security operations.
The latest release of vRealize Network Insight provides end-to-end visibility and troubleshooting for physical and virtual infrastructure stretching from the data center to the network edge with new support for VMware SD-WAN, and into AWS, VMware Cloud on AWS and now Azure. VMware vRealize Network Insight 5.0 would enhance NSX operations management by extending the PCI Compliance Dashboard for NSX-T, detecting audit changes for firewall rules, and tracking Virtual Tunnel Endpoint (VTEP) latencies.
VMware NSX-T is VMware’s network and security platform delivered completely in software. It offers the full range of L2-L7 services for workloads running on all types of infrastructure – virtual machines, containers, physical servers and both private and public clouds. NSX-T 2.5 further strengthens the platform’s intrinsic security capabilities and delivers expanded scalability, cloud-native support, and operational simplicity.
New enhancements include a Native Cloud Enforcement mode that allows customers to increase security of public cloud workloads using native cloud security controls; FIPS 140-2 compliance; the ability to apply Layer 7 application ID-based or context-aware rules to the NSX edge (gateway) firewall for north-south traffic; support for Layer 7 application ID-based distributed firewalling in KVM environments; VPN Enhancements for multi-tenancy; and packet mirroring for east-west traffic monitoring via Service Insertion.
“As they pursue digital transformation and business agility, organizations worldwide are increasingly embracing hybrid-IT infrastructure capable of delivering both cloud benefits and a cloud-like experience across a distributed multi-cloud application environment,” said Brad Casemore, research VP for datacenter networking at IDC. “This necessarily extends to network infrastructure, which is becoming increasingly software-defined throughout the stack, from Layer 2 to Layer 7. Through both its organic R&D with NSX and AppDefense, and through inorganic expansion with acquisitions such as Avi Networks, VMware seeks to meet the burgeoning enterprise need for full-stack SDN that can support networking and security use cases across private clouds, multiple hypervisors, bare-metal servers, containers, and popular public-cloud environments.”