Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Capital letter 'S,' 'D,' 'N' will never happen

John Dix | Jan. 14, 2014
Steve Mullaney, senior vice president and general manager of VMware's Networking & Security Business Unit, outlines the company's vision of software controlled networks, challenges other Software Defined Networking visions, including Cisco's ACI initiative, and outlines how the company will roll out higher layer network services.

That's really good for East-West firewalling between servers within the data center. The big firewall vendors tend to have big honking boxes at the North-South end of the data center. Well, guess what? The bad guys are everywhere. Yes, you still need the North-South gateway firewall, but a lot of companies now are saying they need East-West firewalling, but to build that with physical appliances would be incredibly expensive. And that approach is also very static and brittle in the sense that you have to decide how much capacity you need at the beginning and build up a DMZ, and then if you surpass that capacity you have to go build another one, which will take months and is expensive.

Compare that to doing it in a network virtualization way. As I grow I'm adding more firewalling capacity and it's in software so there's no more appliances to buy. And because it's built into the kernel of the hypervisor, it's incredibly high performance. And so now I can build effectively what becomes on-demand DMZs, DMZs that will scale out as my application needs scale, and I don't have to buy a whole bunch of CapEx equipment up front. I get to do it very much more efficiently and then, as things change in the data center, as VMs move around, all of my firewall policies move along with it. 

So it's very much an incremental opportunity that the current firewall vendors just really can't satisfy. They're not, per se, losing out on an opportunity. It's an opportunity that only really VMware is going to be able to get. And then what we do with folks like Palo Alto Networks, who we recently partnered with, is map through their management interfaces to integrate policies such that it will work together with the devices they have as well as our distributed firewall. So I view it as a complementary thing.

Besides firewalls, what other kind of services will you offer?
Load balancing, for one. Customers say, "I've got a lot of affinity for F5. You guys need to integrate with them." We've announced a partnership with F5, but we haven't announced the level of things we're doing, but is very similar to Palo Alto. Over time you're going to see us become this network virtualization platform that will integrate with partners.

Let's switch to comparing and contrasting your approach to that being pursued by Cisco. How do you sum that up?
At the highest level there are things we completely agree on and then there are things we are in complete disagreement about. We agree on the problem. We agree on the benefit. So basically when Cisco came out with their ACI launch it was really good from our perspective because they validated everything we've been saying for years. And from a customer perspective the thing you're looking for, before any market is going to cross from the early adopters to the mainstream, is consistency of the problem statement and the benefit. 

 

Previous Page  1  2  3  4  5  6  7  Next Page 

Sign up for Computerworld eNewsletters.