How NSX Can Open New Possibilities with Software-Defined, Multi-Cloud, Virtualized Networking
NSX is a software-defined, network virtualization technology that enables the decoupling of networks from hardware in much the same manner that server virtualization did for operating systems and hardware.
By implementing a software-defined, virtualized networking solution, you are moving from slower engineering, deployment, and operations & maintenance models that wait months and years on the purchase of new equipment, the progression through architecture review boards, and require specialized training to maintain to a software-based model that can be agile and keep up with the pace of business innovation and mission demands.
Networking technologies are largely unchanged in the past 15 – 20 years. Many of the same tools and interfaces are still in use today that always were, and the separation of job duties from software to servers to networking to storage are in many cases still very much the same silos they always were. Software is aiming to change that, and in many other areas already has. This has enabled a shift from the old silo ways of the past to the newer DevOps style ways of the present and future.
NSX enables this shift by moving the networking constructs and daily operations into a software-layer technology, which is able to consume just about any hardware fabric, with only a few requirements. This allows your organization to keep up with future demands without lagging behind. It’s likely you’re already doing similar shifts in other areas, it’s only logical to extend this mentality to networks.
With the shift to hybrid cloud, it is essential that your on-premises networking infrastructure can play nicely with the networking provided by public clouds. Every cloud you add to your organization’s arsenal brings its own set of tools, interfaces, operational procedures, required skill sets, capabilities, and more.
Wouldn’t it be great to abstract away some of these differences in order to make the clouds appear more homogenous, and allow consumption of cloud resources to be simplified?
NSX helps tackle this problem by stretching the same networking and security constructs across your smaller branch sites, up to your datacenter, and into the clouds you consume. This makes the entire multi-site and multi-cloud architecture logically more consistent from end to end.
Cloud Network Platform
NSX together with other VMware networking technologies such as AppDefense and VeloCloud together form a comprehensive virtualized, software-defined networking platform that provides enterprise grade security, LAN, and WAN capabilities that stretch from on-premises across all remote, branch, and hub datacenters into multi-cloud environments.
Network, VM, and Container Security
NSX is capable of providing traditional network security constructs but does so in a virtualized environment that is tightly coupled to VMware components already running in your datacenter. Even if you’re not running a VMware hypervisor, NSX can run on multi-hypervisors, and stretches into cloud environments.
The security components of NSX are capable creating network segmentation on a more granular level than traditional hardware-based networking solutions can perform. The firewalling capabilities of NSX are transferred into hypervisor kernel-level modules that enables the distribution of traffic filtering decisions to compute nodes all across the datacenter. This distributed firewall module can then make decisions close to the traffic source or destination based on a number of factors beyond just simple IP subnet information. It can make decisions based on security group membership, object tagging, and a number of other VMware meta data objects. This level of segmentation is dubbed “Micro-Segmentation” by VMware.
Automating network changes in a traditional, hardware-based fabric has always been a pain point. Vendor-specific and point products are available that attempt to address this problem, as well as homegrown options, generally centered around automating SSH connections to hardware devices. Sending mass configuration changes out to switches and routers has always been one of the main reasons for networking outages.
NSX solves the network automation by not only alleviating the need for constantly changing hardware switch configurations (they still need to be configured, just not modified as often) and instead providing the capability to make central changes and have them flow down to the downstream endpoints that enforce the routing, switching, and firewall rules. In addition to the ability to do this in a manual fashion, NSX exposes an API which can be consumed in a programmatic or scriptable manner, further enabling the automation options for extreme flexibility without the risk of legacy management and automation options.
As previously mentioned, NSX is capable of abstracting cloud-specific networking and security constructs under its umbrella in order to provide a platform that can stretch from the datacenter into the cloud and across clouds. This ability makes certain use cases possible that were previously impossible.
These include not only the ability to stretch networks from within the datacenter into the cloud and across clouds, but then to also layer disaster recovery on top, and to add virtual machine mobility. Simplifying disaster recovery ensures a more reliable backup solution that can be made consistent whether the protection comes from an on-premises set of resources or cloud resources. Making VM workloads more mobile increases the availability of VM resources and presents new options for cost optimization.