• 08/31/2016
    3:44 PM
  • Rating: 
    0 votes
    Vote up!
    Vote down!

VMware Expands NSX Use Cases With Cross-Cloud

Network overlays like NSX can go beyond micro-segmentation security into multi-cloud management.


VMware has banged the drum loudly about security as a top use case for its NSX network virtualization platform via micro-segmentation. At VMworld this week, the vendor previewed another use case for NSX based on its Cross-Cloud Architecture that will enable customers to create and manage a unified network across private and public clouds.

Creating a unified network across different clouds has been difficult. There are different IP address ranges for each cloud, independent control planes and management programs, and separately defined policies for enforcing security, such as security groups in AWS. By stretching an overlay network across different clouds, it’s possible to have a unified IP range that runs across a private cloud and AWS, a centralized UI, and a uniform security policy.

Network overlays like NSX solve this problem by offering a logical abstraction of a network. Regardless of the physical network characteristics, a common logical network is laid across these different clouds.


Caption Text: 

(Image: schaerfsystem/Pixabay)

This is not a brand-new concept, and as many of you know, network overlays are more than 20 years old. We may associate publicized capabilities of micro-segmentation as a core benefit of network virtualization, but it’s important to look underneath and realize that overlays are the key foundational technology enabler, and there are many more uses it can deliver, in addition to micro segmentation. Network virtualization itself is an application of overlay networks, just as micro-segmentation is also an application.

NSX use cases

With Cross-Cloud, VMware is focused on a three-by-three matrix of use cases for NSX.

Security: data center security (classic micro segmentation), virtual machine security for virtual desktops, and mobile device security.

Automation: IT automation to overcome VLAN limits and spin up independent networks quickly; developer clouds to spin up different networks via APIs and connect end points such as containers; and multi-tenancy to create layer 2 isolation even within the same physical network segment.

Business continuity/DR: Create separately located, but identically configured networks for disaster recovery; hybrid networking, i.e., spanning on-premises and public cloud networks; and metro pooling by extending layer 2 networking across data centers.

I’m not totally convinced that the use cases for network overlays fall into this kind of neat matrix, but I do believe that there are many uses for overlays. In fact, we were already using overlays before SDN became popularized.

Anyone who uses MPLS networks to connect branches are using overlays, and anyone using VPNs to connect their laptops or mobile phones are using overlays. More recently, SD-WAN is another overlay use case, since an overlay network enables controlling connections across multiple paths, performing service chaining and other capabilities not possible in a traditional WAN. Another example is the use of protocols like VXLAN, used by physical switches ranging from Cisco Nexus 9000 and Extreme Networks switches running ExtremeXOS to create a fabric overlay.

With VMware putting NSX as an overlay network system into a popular data center platform -- VMware calls it a software-defined data center -- NSX can find its way into uses by virtue of the fact that vSphere is found in so many data centers.

I see other potential uses including those that VMware has provided a technical preview of, such as encryption on the wire without having the end points perform encryption, which offers a transparent form of crypto security. Network virtualization will over time find many uses, similar to the way compute virtualization has found uses beyond its origins in developer desktop virtual machines and server consolidation, and I look forward to that.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.

Log in or Register to post comments