Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Early user of VMware NSX net virtualization tool extols fine grain controls

John Dix | June 26, 2014
Canadian airline company WestJet is one of the earliest customers of VMware's NSX network virtualization tools, which initially reached for the tech to address a security issue. Network World Editor in Chief John Dix recently sat down with WestJet technologist Richard Sillito to learn what the company is learning about network virtualization and its broader NSX plans.

Canadian airline company WestJet is one of the earliest customers of VMware's NSX network virtualization tools, which initially reached for the tech to address a security issue. Network World Editor in Chief John Dix recently sat down with WestJet technologist Richard Sillito to learn what the company is learning about network virtualization and its broader NSX plans.

Let's start with a thumbnail description of your environment.

We have two geographically dispersed data centers, a main data center with about 2,000 servers, 80% of them virtualized, and a second center with around 500 servers for disaster recovery. We also have a third collocated data center we're shutting down.

And what pushed you toward SDN?

Our environment was initially designed for north-south traffic. You come in and hit the DMZ, you maybe hit an internal server, and maybe a security internal server, and then you're back out again. So that path is very simple. But once we started integrating other systems we introduced a lot more east-west traffic.

For example, we have ad separate Internet connections for eCom and for corporate use. With the idea that the the two never meet. Then we brought in identity management and said identity would be used to authenticate and provide services to everyone in WestJet's world, both employees and guests.

With the idea that people will log in to Westjet.com and the guest portal will show up and they will have certain services available, but if you log in as an employee you'll get all those services plus extra corporate services. So all of a sudden the segmentation of those two services doesn't make any sense. You're coming into eCom and going over to the corporate DMZ to connect to that service, and then going inside for corporate services. And it's that kind of multiple pathing that started putting huge stress on our network.

What's more, we've added many other services. Our rewards program was originally its own website, but then we integrated that into the main website, and vacations is a separate site and we're going to integrate that too, because guests don't want to log into one site for this and another site for that. They want to log in and be able to access all their services. So as we integrate these into one portal, we're increasing that east-west traffic even more.

So you recognized you had problems brewing, how did you get to SDN or network virtualization as a solution?

This east-west traffic problem proliferated to the firewalls. As you increase the amount of connectivity, your firewall rules increase almost exponentially. So we saw this rapid growth in firewall rules. But it also got worse as the services got larger because, when you stand up a new server, you create all the firewall rules for that server. So that means as you scale vertically you take on workload.

 

1  2  3  4  5  Next Page 

Sign up for Computerworld eNewsletters.