Full-fledged roll out of Cross Cloud Services will be a boost for NSX: VMware

Last year during VMworld conference, virtual infrastructure firm VMware announced extension of company’s hybrid cloud strategy by laying-out plans for cross-cloud support for giving its customers the ability to manage, govern and secure applications running across public clouds, including AWS, Azure and IBM. In an interview with Mohd Ujaley, Sundar Balasubramanian, senior director- general business (commercial sales & partners), VMware share his views on SDN, NFV and impact of Cross Cloud Services on NSX business. He says, “Once people start opting for Cross Cloud Services, it will be a boost for NSX as eventually NSX will become the foundation on which firms would like to employ and deploy their security policy.”

How things are working in the industry with respect to NFV, SDN and your own NSX?

We are doing pretty well on that front with the focus suggestively looking at digital transformation. Our view of the market is that it is phenomenally getting digital. It is no longer a trend and it’s actually become a reality now. User experiences are driving a lot more to do with transformation. Digital transformation is basically how we embrace digital technologies.

The mobile has become all pervasive and the reason I am saying mobile because all of us use the mobile for personal use and the same mobile to connect to the corporate network. There are different formats of mobile, different apps of mobile and security breaches have gone up as well. With security breaches like WannaCry and Ransomware, things have overall become very sophisticated. All hackers have also become more sophisticated than before. With regards to mobile penetration, one is that can’t restrict the user access and users will use what she or he wants to use. Nowadays, everybody does all the approvals on a phone, and one doesn’t really need to login on to the laptop. So with all these things happening, it all connects with the datacenter. That’s where the security comes in.

5 years ago, everything was surrounded by a perimeter centric security. It’s like I pin the fort, I pin the walls and nobody can get inside that as it’s the focus on the perimeter. Today, the security landscape is changing because of all these different kinds of applications, different kinds of devices and accessories. Now, you just don’t need to put the perimeter part of it, you actually worry about what is inside the datacenter. So this is definitely not the kind of traffic which firewalls take care of, but then it could have attacked or intruded not necessarily from the outside, but there could also have been an intrusion from the inside.

For example company uses 100 firewalls and 50,000 policies from a security perspective. It becomes a nightmare when you think how to manage the infrastructure. Every week, there is some sort of news coming out about ransomware. So our approach to that is to go digital, you need to go software. So, a digital business means that it is a software defined enterprise. A software defined enterprise means software defined datacenter. A software brings a different level of flexibility compared to the historic hardware dependency on the infrastructure. We have been traditionally good on computing and are market leaders in that regard. We have a worldwide market share of 80% in server virtualization. We are reasonably good on storage virtualization and we see 3 pillars of datacenters: compute, storage and network.

For network specifically, we have a product or a technology called NSX. I believe that NSX is more of a concept and a framework than a product per se, as it is important to know what you are going to deploy it for. It’s not a bits and bytes router that you can buy and use. Typically, we throw the virtual blanket on the infrastructure and it gives better utilization, better management and the same for the storage part of it. We exist on the current network and introspect as to how intrinsic are the security policies and how flexible they are. We have security policies where we can flag off in minutes than days and weeks.

We have adaptable processes to really look at security. Every time the business rapidly transforms, it puts pressure on IT and IT has to go out and deliver that. Nobody wants to feature in the press for the wrong reasons. So if we have to position our success, one instance is the virtual machines. If you have 1000 virtual machines and if you have a virtual machine going rogue, NSX will shut it off. It won’t communicate with other virtual machines, so we have the quarantine on the virtual layer. One, we recommend people to get on the virtual layer as NSX will not be possible if you are on physical infrastructure, you have to be on the virtual layer. Inside the virtual layer and inside the virtual machine, the policy runs and they decide how to communicate. Sometimes from 2 machines that are side by side, traffic goes from one machine and then goes to the routers possibly sitting in the same premise, or possibly sitting outside, then eventually comes back to container B. Here we actually bring the virtual machine that can communicate. As long as we set the policies right, we can communicate to each other well. That’s what you call micro segmentation.

What is the size of opportunity for NSX, given the fact that majority of the systems are still on-premises?

You are absolutely right. It is very interesting that you mentioned that because in server and storage, the lifecycle of advancement is anywhere between 6 to 18 months. Typically you have a better capacity storage or better I/O on the storage. So, network has always been our cake. It has still been the same way that it used to be 10 years back. That will change now because with the archaic network, what we say that doesn’t represent the router. We need the physical routers and we need the physical switchers, but we just make a network a lot more intelligent than what it is right now. So we are not saying throwaway the legacy of hardware. But, customers have started to believe in software defined network. When you have to actually roll out a policy across enterprise which is large sized, a policy roll out itself will be a tremendous task in terms of consumption of both people and processes of enterprise.

How are you managing NSX, because you are doing a lot of work with Cisco? They also have a similar product called ACI. So, how are you balancing your act?

It’s a philosophical thing. There is a market for everybody as I can decide to buy a motorcycle or decide to go ahead and buy a Mercedes. As you rightly said, organizations are going more towards software and with lesser dependency on hardware for the infrastructure. Hardware exists but the software gives you better intelligence. Cisco’s story would be more of an extension of their hardware into the software layer. VMware is pretty neutral. It could be a Cisco switch or a Brocade switch, it could be Palo Alto, Trend Micro or even some of the other partners that we work with. When we came into the server industry, there were strong brand preferences at that point of time. Either some wanted to buy IBM, Dell or HP.

Now with the virtual layer on top of it, nobody cares what goes underneath as long as the box is working. This makes OEM agnostic because vSphere, vSOM and vCloud work on pretty much on any hardware. That’s exactly what we are doing in network. Cisco is an extension of what they have. Ours is more broad based, open based and conducive. We do virtualization and only virtualization. It is just the same philosophy of the server part that is extended to the network right now.

What kind of impact do you see Cross Cloud Services having on NSX business?

With regards to Cross Cloud services, we recently announced our partnership with AWS and our intent to partner with Azure. We have moved again. So a simple analogy would be that we previously used the server form and we used to have the virtualization blanket in the server form. Now the server form is no longer just a server form. People want to move across off the premise or use a hybrid model that everybody is settling for. I could have workloads on Azure or I could have workload on AWS. So it is still on the same company because typically the proliferation of public cloud is not through the IT department, and comes through the business unit. And the business unit asks whether they should go to the IT guys and provision, procure, implement and manage. Or should they go to the Cloud which gets you what you need in minutes.

We have multiple cloud formats and we throw a virtual layer on that to go out and provide management. So obviously it has to be VMware workloads’ 80% workloads of VMware. We also have support for other technologies also, but in VMware you want your workload to move on-premises to the cloud and back. It is typically a one way street till now. Two years back, you could move to the cloud, but if you wanted to come back then it would be a nightmare. And there were partners who specialized on making money and getting you back on those premise. So to your question, that’s the cross cloud service that we have right now.

Whereas NSX comes and plays, so NSX makes it a lot more secure because whether it is on-premises or on public cloud, as long as you are on VMware Cross Cloud services, you need NSX to secure the workloads in a secure manner. So from a user’s standpoint, and an IT standpoint, the user will not even know if he is on-premises or off-premises. But he uses the same security policies to extend it to the cloud and that’s where NSX comes in. It will be a boost for NSX for sure, and people will start opting for Cross Cloud services, and eventually NSX becomes the foundation on which you want to employ and deploy it that makes the security policy easier. You don’t want to run separate security policies on-premises and off-premises.

Most of the security breaches that we see are coming from insiders. Somebody is able to download tetra bytes of data and company is not aware of it. Companies like Forcepoint have solutions to this. So, how does NSX help there?

If you look at the security players today, there are almost 300 of them. It is a highly fragmented industry. They are pretty active and you have multiple players coming in with different sets of use cases. We are not replacing any of them. We are right on top of them. We work with Palo Alto, Trend Micro, Brocade and Juniper to name a few. What we do essentially is provide the management layer around the entire landscape for you to make security deposits easy, irrespective of what were used in the front. We are not replacing the firewall – we are not a firewalling company neither are we replacing the switching or routing. All of that exists today in different products. Our strength comes in terms of harnessing all that and making them intelligent and proactive.