eWEEK content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.
Network control now transcends hardware, because it has to. The traditional need to manually reconfigure network hardware each time a new service or business model is added or scaled up is no longer viable. Software-defined networks respond dynamically to changing needs in real time, so that workloads can be spun up, scaled, and shut down on demand.
The future requires pervasive, end-to-end connectivity for applications wherever they are: inside or outside the data center, potentially traversing multiple third-party clouds. Managing and securing workloads across these diverse infrastructures requires a software-first approach that abstracts the control plane from the physical network underlay.
This approach’s focus on applications and their workloads, rather than on network equipment, re-aligns network operations to enable a pace of change that isn’t dragged down by the need to make hardware changes. It also allows a holistic approach to security and management, regardless of the physical network. These capabilities make the enterprise more cost efficient, escaping the spend-and-replace cycle for network equipment while embracing all topologies, including multi-cloud.
VMware NSX is the only network virtualization solution that integrates natively with the rest of the virtualization layer in vSphere environments. Other solutions take a “bolt-on” approach that typically falls short in many respects, such as requiring manual configuration when changes are needed. That manual work is inefficient, prone to error, and may increase the likelihood of expensive outages. As bolt-on point solutions accumulate, these limitations are often compounded by the increasing complexity of a cobbled-together environment.
Software-first networking is abstracted from the underlying network hardware, bridging different infrastructures by design. In addition, the broader network ecosystem is enabling and optimizing physical infrastructure for NSX. For example, when Cisco Application Centric Infrastructure (ACI) operates in network-centric mode, it interoperates hand-in-glove with the VMware network virtualization layer.
Cisco ACI in network-centric mode complements NSX, providing a robust, highly reliable foundation for management and operations at the physical network layer. This combination enables a common, policy-based operational model across physical and virtual networks, with NSX providing network virtualization and ACI automating the addition and configuration of physical hardware.
Simplify and Accelerate Network Operations
IT organizations must continually negotiate among the conflicting priorities of multiple business units, and this complexity can be especially acute in network operations. Giving preference to one stakeholder over another is problematic at best, and the underlying lack of agility often leads to unmet business needs. Worse yet, the need to accelerate application deployment often leads to shortcuts that can compromise workload security, availability, and continuity.
Just as server virtualization has simplified compute infrastructure and increased agility in mainstream data centers, virtualized networking based on NSX decouples the network from the underlying physical devices and fabric, to simplify and accelerate network operations. This abstraction seamlessly enables workloads based on VMs, containers, and bare metal to deploy and move seamlessly across different environments, such as data centers, branches, and clouds.
Architects and admins can now manage this complex topology as a single end-to-end fabric, using consistent policy throughout. And because networks are designed in software, they can be dynamically created and decommissioned as changing business needs dictate, with unprecedented control over the environment.
NSX enables network operators to embrace the need for dynamic change in their environments, while mitigating the risk traditionally associated with change. Creating application-specific networks in software enables unprecedented agility while limiting the potential impact of any individual change within the larger environment. As a result, networks are more responsive to emerging needs while also improving uptime.
With NSX, organizations can administer their environments with fast, automated network provisioning that is based on a central set of policies to govern disparate infrastructure elements. Programmatic control enables an accelerated pace of change that isn’t dragged down by hardware changes, increasing efficiency and reducing staff workloads.
Secure Traffic, Wherever it Needs to Go
Securing network traffic across multiple clouds and other infrastructures that you don’t control is a critical challenge. Traditionally, changes to network segmentation have been made through switch or router configurations, using methods such as virtual local area networks (VLANs) and access control lists (ACLs).
This approach can be cumbersome, requiring admins to touch each device individually, and it is poorly suited to the needs of a dynamically changing network. The security provided by these measures is also focused at the network edge, not protecting internal (east-west) traffic. By contrast, NSX protection operates at both the network and the workload levels, protecting internal traffic. It also protects workloads with consistent policy and enforcement across on-premise, hybrid cloud, and cloud-native (container) workloads. That consistency is critical to a uniform security posture across the entire environment.
Building networks on a per-application basis with NSX provides inherent network segmentation. In addition, NSX Distributed Firewall is a kernel-embedded distributed firewall that enables micro-segmentation, so organizations can define security policies at the level of individual workflows to isolate sensitive traffic. In addition, adaptive micro-segmentation enables NSX environments to dynamically adapt security policy for individual workloads and networks to the rapid changes that are common with modern applications.
Because this firewall functionality is embedded in the hypervisor, it provides near-line-rate throughput to avoid network bottlenecks. Because it is distributed, its cost-effective scale-out architecture automatically extends capacity as hosts are added. This approach also places the firewall close enough to individual workloads to access context information that enables simple and effective policy, while being far enough from the guest to avoid potential compromise.
Make the Business More Cost-Efficient
NSX gives network administrators the ability to programmatically provision and manage virtual networks, independent of the underlying network hardware. Because automation based on NSX eliminates the need for manual configuration of hardware when deploying those networks, it adds dramatically to cost efficiency.
Any topology—from a simple flat network to a complex multi-tier one—can be provisioned almost instantaneously, without the need for physical changes. Network changes to support changing business needs are handled in software, largely without human involvement.
By reducing the day-to-day burden of mundane tasks on IT personnel, those staff members are free to pursue higher value work for the business. Moreover, the ability to evolve the network for new capabilities and functionality no longer requires capital outlays for new equipment, allowing IT to escape the self-defeating spend-and-replace cycle.
In addition, software-first networking adapts to applications’ needs while embracing all topologies, including multi-cloud. Applications and workloads can be deployed onto the most cost-effective infrastructure available, including to a combination of various on-prem and cloud infrastructures. Those environments are networked using fabric-agnostic approaches with NSX, allowing them to fine-tune their desired balance between factors such as cost and performance, further optimizing operations.
Conclusion
Software-first networking with NSX gives network operators the means to break through the limitations of legacy hardware-centric approaches. Modernizing with NSX unifies disparate infrastructure from the data center to the cloud, spinning up virtual networks on demand.
Virtual network processes based on NSX are automated, flexible, and secure by design, operating on any network underlay. They improve alignment between IT and the business by enabling agile response to changing requirements. And they prepare for the future with infrastructure that is no longer tied to physical limitations.
To learn more about software-first networking, visit
www.vmware.com/software-first-networking
Contributor: Matt Gillespie is a technology writer based in Chicago. He can be found at www.linkedin.com/in/mgillespie1.