VMware formally launched VMware NSX, the company's network virtualization platform, at VMworld on Monday. The launch touts new features such as a distributed firewall and support for partners to integrate firewalls, load balancing and other services into the software platform. VMware says NSX will be generally available in the fourth quarter of 2013. The company did not disclose pricing.
VMware initially unveiled NSX, which combines its vCloud Network and Security product with Nicira's NVP, earlier this year. VMware acquired Nicira last year for more than $1 billion.
NSX is part of VMware's vision of a software-defined data center. The company said it wants to transform networking from a manually intensive process to one that's more automated and flexible. "Just like you can spin up a virtual machine, you can spin up a virtual network," Martin Casado, Nicira's founder and now VMware's chief architect of networking, said in an interview with Network Computing.
NSX takes an overlay approach to software-defined networking by using virtual switches and encapsulating traffic between hypervisors in a tunnel across the existing network. NSX supports multiple tunneling protocols, including VXLAN and STT.
[Overlays are becoming a hot topic in the SDN space. Read Tom Hollingsworth's analysis in "SDN Overlays And Interior Decorating."]
The NSX platform also includes the NSX API, which integrates with multiple management systems and third-party applications and services. VMware NSX can be managed using VMware's vCloud Director and vCloud Automation Center. VMware also says NSX can be managed using OpenStack and CloudStack tools.
Gartner VP Distinguished Analyst Joe Skorupa says the overlay approach has both upsides and drawbacks.
"The good news is it's easier because you don't have to change out the existing network," he says. "But you still have to buy this expensive, complicated IP network and manage it. While you get some significant improvement in agility, your costs actually go up ... This is net new dollars you have to come up with."
Troubleshooting becomes more difficult in this model because it has two networks--a logical one running over a physical one, he adds.
Skorupa also says that by talking about network virtualization, VMware is using language that isn't aligned with enterprise budgets, which have money slated for SDN.
"While the message is likely to be well received by VMware loyalists, it won't necessarily be a message that's well received by the network team. If they want to sell to the network team, they can't just speak in terms of virtualization," he says.
One VMworld attendee says he's interested in NSX, but it will be tough to get his networking team to make the change. "They've been doing the same thing for 15 years," he says. He guesses that NSX adoption could be five years out for his company.
Virtual Networks, Virtual Firewalls
NSX now features distributed stateful firewalling that's provided in the kernel for east-west traffic, Casado says. "It's not going through a VM, a chokepoint. If you have a 100- or 1,000-node virtual network that's connected to a terabit of capacity, you get a terabit of firewalling," he says.
This capability will streamline firewall management by automating the application of firewall polices, which is labor intensive and susceptible to human error, he says.
With the formal launch of NSX, VMware executives emphasized the platform's extensibility. The NSX API lets partners "consume the network through a single API rather than having to use multiple APIs to access network functions," Hatem Naguib, VMware VP of cloud networking and security, wrote in a blog post.
VMware NSX partners provide network service gateways, load balancing, WAN optimization and security services such as firewalling, antivirus, IPS and vulnerability management, the company says. Some partners have tightly integrated their services with NSX, while others aren't as far along, Casado says. Twenty partners were expected to announce NSX support at VMworld in San Francisco, including Cumulus Networks.
While NSX's distributed firewall might seem to put VMware into an awkward competition with some of its partners, Casado says the company is only filling in areas where there are technology gaps, such as server-to-server or VM-to-VM traffic within the data center. "It's not going to replace your edge device," says Casado. "We're not trying to go after the traditional appliances."
Casado says several VMware customers have used NSX in production for a while. One of those customers, ViaWest--a co-location and cloud services provider based in Denver--has used NSX to help its cloud customers reduce costs, says Jason Carolan, CTO at ViaWest.