The end of summer can only mean two things: Back to school and VMworld. VMware is using its starring role to push its NSX network virtualization platform. VMware trumpets NSX as "a network virtualization platform that will deliver the entire networking and security model in software." The thought here is that any L2-L7 network service can be run in software thus simplifying network engineering and operations while applying network services (i.e. firewalling, IDS/IPS, WAF, ADC, etc.) to alongside specific workloads.
NSX isn't just a VMware thing. On the contrary, VMware insists that it will integrate with other hypervisors and cloud platforms like OpenStack and Amazon. NSX will also work with existing physical networks and network services.
Hmm, you've gotta hand it to VMware as it presents a pretty compelling networking/security vision. NSX could centralize control, eliminate hardware, pinpoint security protection, streamline IT operations, etc. The industry seems impressed as well — vendors like F5, Fortinet, Juniper, McAfee, and Trend Micro have already pledged their support for NSX - even though it isn't shipping until Q4 of this year.
I have no doubt that future data center networking and security will look a lot like the NSX vision VMware is pitching. Nevertheless, I think VMware has an awfully steep mountain to climb if it is looking for pervasive and mainstream enterprise NSX deployment anytime soon. To achieve this goal, VMware must overcome:
1. IT separation of duties. NSX success depends upon CIOs tearing down historical walls between the server team, security team, networking team, etc. Leading organizations are already doing this but this is a tall order for the vast majority of firms. With everything else going on in IT, few CIOs will opt for a simultaneous radical organizational and technology transformation. Rather, they will adopt cloud computing and gain business benefit while fine-tuning the organization over time.
2. IT skills limitations. Server virtualization progress slowed precipitously when the network, security, and storage team were forced to learn VMware eccentricities and apply them to their technology domains. Yes, there are training courses and VMware security and networking experts to tap into but not too many. Additionally there is an overall shortage of security skills so hiring NSX security experts seems like a tall order. Unless VMware adds an army of services and training resources, its progress will be impacted by an overall dearth of NSX skills in the market.
3. Historical precedence. Virtual firewall and IDS/IPS software has been available for years but few enterprises use them. Likewise for virtual switching. The VMware vSwitch is chock full of enterprise-class functionality, but ESG research indicates that most organizations think of the vSwitch as an L2 transport to guide VM-based bits to the physical network. In aggregate, the majority of enterprises eschew existing virtual networking and security functionality so there is no reason to believe that NSX proliferation will be any different.
Sign up for Computerworld eNewsletters.