Five years ago, IT was decentralized at the University of New Mexico. “Every school or college had their own IT, and in most cases they were completely under-resourced – a one-person shop having to do phones, apps, email, desktop, servers, storage, disaster recovery, all of that,” said Brian Pietrewicz, deputy CIO at University of New Mexico.
The university transitioned to a self-service model that enables each of its more than 100 departments to deploy infrastructure and application services itself and have them managed by the now-centralized IT team.
Adopting VMware’s vCloud Automation Center enabled departments to consume cloud resources, but also give the management team the ability to curtail that consumption if necessary.
“Going from physical machines to virtual machines to vCAC cut the provisioning time down from 12 weeks to three weeks to three days to 20 minutes, but obviously there’s a big gap in there – deploying network, deploying firewalls and the security components,” Pietrewicz said. “The key missing component was networking.”
What is network automation?
Traditionally, network provisioning and configuration management are manual, error-prone processes. Network virtualization enables the creation of networks in software, abstracted from the underlying physical hardware. IT can provision networks quickly, with network and security services attached to workloads using a policy-driven approach.
Automation takes things to the next level; network functions, including managing bandwidth, load balancing, and performing root cause analysis, are provisioned automatically based on predefined policies.
To eliminate the network bottleneck at the University of New Mexico, it deployed VMware’s NSX network virtualization platform and vRealize Automation cloud automation software. Pietrewicz talked about the university’s experience recently at the VMworld conference in Las Vegas. “It’s really the agility and automation piece that led us down the NSX path,” Pietrewicz said of the university’s reasons for adopting network virtualization.
Microsegmentation improves security
But beyond agility, NSX also enables microsegmentation, which represents a substantial improvement in security, he said.
NSX has been gaining traction as a security tool among companies that are interested in microsegmentation – separating individual workloads into different zones that are isolated from other segments and secured individually. Microsegmentation lets companies place virtual firewalls around servers to control the growing amount of traffic that’s moving laterally within data centers.
If breaches occur, microsegmentation limits potential lateral exploration of networks by hackers. NSX operates at the hypervisor layer, for agility. If a workload moves, the security policies and attributes move with it.
Sean Jabro, VMWare administrator at Intelligent Software Solutions (ISS), a Polaris Alpha company, echoed the need for speed of network provisioning. “Pre-NSX, we were not very good at automating anything. Our mean time to production with any kind of system was weeks, easily,” said Jabro, who also spoke at VMworld about his company’s automation efforts. “Our developers really wanted to start moving forward fast, and IT just could not keep up.”
Sign up for Computerworld eNewsletters.