VMware NSX: Boom Or Bust For Security Vendors?As VMware provides more firewall and other security functionality through its network virtualization platform, where does that leave security companies?
VMware's official unveiling of its NSX network virtualization platform touched off conversations about how the company's partners would fit into its future plans. While much of the focus has been on the impact the announcement will have on VMware's relationship with Cisco Systems, what's been overlooked in the Cisco-VMware brouhaha is how NSX may affect VMware's security partners. Industry analysts have mixed opinions.
"I think the NSX push at VMworld was actually great for vendors," says Forrester Research analyst Dave Bartoletti, adding that security vendors at last week's conference were happy about the renewed focus on networking and security.
- How Insurers Can Effectively Meet the Challenges of the ACA
- Key Components Of Your Resiliency Strategy
"VMware's not going to be able to do it all in software better than everyone else--switching, routing, firewall, load balancing, etc.," he says.
In addition to integrating routing functions with switching in the hypervisor, VMware has built a stateful firewall capability directly into the hypervisor to offer distributed firewall inspection at each virtual switch port. According to the company, this firewall technology also enables stateful, logical insertion of partner devices and agents from vendors such as F5 and Palo Alto Networks.
Firewall providers shouldn’t be in danger of VMware encroaching on their territory for several reasons, says Jon Oltsik, senior principal analyst at Enterprise Strategy Group.
"First, firewalls are really anchored by their management tools," he says. "Check Point users are pretty much married to CP management. Perhaps you will be able to manage a VMware instance from CP management, which could have an impact. The other thing I’m thinking is that firewalls are really expanding into next-generation firewall capabilities. VMware may get there, but I doubt whether it wants to go down that route."
Several vendors in the security space--including Symantec, Trend Micro, Rapid7 and McAfee--announced integration plans for NSX at VMworld.
"The NSX API allows our partners to integrate into management, data and control planes, and to augment the core capabilities of VMware NSX including logical firewall, load balancing, VPN, switching, routing, etc.," Hatem Naguib, VP of cloud networking and security at VMware, wrote in a blog post.
[Storage was a hot topic at VMworld, but storage innovation isn't just about virtualization. Read about the novel approaches to accelerate storage that were showcased at the conference in "Finding New Ways To Boost Storage Performance."]
While security vendors don't need to worry too much in the near-term about NSX, the future may not be too promising. Over the long term, it makes sense for VMware customers to take advantage of the security capabilities within the platform itself, Oltsik says.
"We’ve seen this before in the industry," he says. "For example, it used to be difficult to encrypt Oracle databases, so customers used third-party tools to accomplish this. When Oracle integrated encryption, however, it kind of killed the third-party encryption market."
There is an exception to this pattern. When large organizations have a very heterogeneous environment, they tend to go to third-party tools to manage everything, he says.
"Ultimately, VMware wins if it provides the right hooks into its platform for third-party security tools," he says. "This will help fuel a migration to its platform. It can then transition customers to native security tools over time. As cloud computing continues to gain traction, users will care less and less about security brands and more about security services."
Are you gearing up to refresh your network for the future? Do you want a deeper understanding of the technology foundation of the data center network for the next 10 years, including design principles for private and public cloud networking? Check out Greg Ferro's workshop, "Building Your Network For The Next 10 Years."