Embrane's heleos technology allows for administrators to instantiate software firewalls and load balancers rapidly to meet changing network needs. This flexibility ensures that administrators can adapt to conditions on the network to meet user expectations before they become user problems.
Embrane's technology sounds very similar to the features VMware has been showing off in its NSX network virtualization platform. NSX has a virtual firewall and load balancer that can be deployed via the Edge Services Router. The ESR can sit above the networking layers of the hypervisors and provide these services for traffic traversing to those hosts.
A Cisco investment in Embrane would seem to be targeted at providing these same functions inside of Cisco's Application Centric Infrastructure (ACI). Up until this point, the Cisco game plan has been to talk to the providers of services and convince them to write code into their appliances to support ACI logic. Firewall vendors would only need to create an interface that ACI can talk to and they would be included in the system to deploy application-aware networking policies. This strategy works for vendors that want to play ball with Cisco. What about those who resist? Or how about the companies that don't have hardware that is new enough to support the ACI code patches?
Embrane gives ACI an option to deploy networking support services around existing hardware. Need a firewall in front of a Web host? Deploy a heleos firewall in ACI and redirect the traffic through it. Software load balancers could be deployed at any level through ACI to provide as much granularity as needed for flows. And since the Cisco and Embrane teams are working closely together on the software integration, ACI administrators can be assured that the heleos constructs will work every time.
The networking industry is headed toward this service model overall. Network Function Virtualization (NFV) is a hybrid model that will help existing appliances integrate into software-defined networks. But NFV can only be taken so far. The service model that NSX and Embrane use is the future.
Instead of deploying full-featured devices with user interfaces and management addresses, the lightweight model allows the basic needs of hosts to be met with a minimum of administrator effort. When coupled with the automation that SDN brings to the table, the lightweight deployment model is transparent to everyone.
[Read why Tom Hollingsworth thinks it may be time to retire the term software-defined networking in "Is It Time For SDN 2.0?"]
What is the endgame for this partnership? Embrane has been making inroads with enterprises since its launch two years ago. I was fortunate enough to see where it was headed before they went public. Today, the messaging coming from Embrane has been less about providing SDN-aware networking services and more about its integration with Cisco and the ACI infrastructure. Given the reported investment, this leads me to believe that Embrane is likely to become a business unit inside of Cisco sometime in the near future.
The people behind Embrane give Cisco a great weapon to combat the features that VMware has been touting with NSX. Having a first-party option inside ACI to provide features that users have been asking for means Cisco has a handy stick to use in negotiations with partners looking to integrate code with ACI.
I don't think we'll see anything about a potential acquisition until after the launch of Cisco Application Policy Infrastructure Controller (APIC) next quarter. But it stands to reason that a company that is as deeply integrated with Cisco and the application-centric vision won't be a free agent for long.