Blue glowing high energy plasma field in space, computer generated abstract background

NSX at VMworld 2015

I finished off 2014 with a round of predictions about the future of network virtualization, and now I find myself preparing my VMworld® 2015 session on a similar topic. So as a preview of what I’ll be talking about in a few days (and later on at VMworld Europe), I thought it would be worth looking at how my predictions are playing out at this point in the year.

One of the most important points in my end-of-year blog was that 2015 would be a year in which both the VMware NSX™ team and our customers would focus on issues of manageability and operations. This has certainly been the case, and is a good indicator of what we see as the maturing of both the product and the broader field of network virtualization. Customers don’t just want to argue about architectures, or kick the tires on a new technology, they want to go into production and operationalize NSX. We’ve had a large team focused on NSX operations this year, and they have gathered best practices and insights from the growing set of customers who are already in production. They are sharing that information back to our customer base in the form of a new operations guide, an upcoming white paper, and numerous VMworld presentations.

Our engineering and product management teams have also been pushing hard on NSX operations, by delivering new features that make NSX easier to manage and operate. This isn’t the place to talk about all the new NSX features (see the latest release notes here), but I do want to highlight one of my favorites: traceflow. I’m a big fan of this feature because it shows off the power of virtualization in networking – to create possibilities that don’t exist in the physical world. Traceflow will let you synthetically create a packet that looks exactly like it came from a guest VM, inject it into the data path, and trace its handling all the way through the forwarding pipeline (switching, routing, firewalling, service insertion), across the physical network, and through the forwarding pipeline again before it is intercepted just prior to delivery to the remote VM. Every step in the packet’s life can be examined, in a manner that is unparalleled in the physical world. It’s an incredibly powerful way to debug issues in virtual networks from the comfort of a central console. This is just one of many operations-focused features that we’ve released recently.

We’re also having great success growing our partner ecosystem (another of my predictions) with a particular focus on operations. We’ll be highlighting those partners at VMworld, and if all goes to plan, I should have, as part of my session, a cool demo of some operational tools that we have developed to work with our hardware switching partners. This is a topic I’m personally passionate about, because we have heard so many claims that network virtualization somehow makes it hard to trouble-shoot networks. The argument that overlays are hard to trouble-shoot is somewhat negated by the success of overlay technologies like MPLS (multi-protocol label switching), not to mention the rich set of visibility capabilities such as traceflow, but the best response to these concerns is to show tools that make trouble-shooting easy. Brad Hedlund showed a cool demo to this effect at VMworld 2014 with one of our partners but clearly we could do with a few more tools (and demos), so stay tuned for that at VMworld 2015.

One other thing that I’ll be focusing on at VMworld is how much more there is to NSX than security. Micro-segmentation emerged as the “killer” use case for NSX in 2014, and at times we have tended to emphasize it to the exclusion of all else. Yet the fact remains that over half our deployed customers use NSX for automation or agility use cases, and we’re finding a steady need to address IT automation from prospective customers as well. We’re now seeing micro-segmentation as a “starter” use case – it’s something with which many customers can get a quick win and ROI, leading to network virtualization being more broadly used as part of the customer’s infrastructure.


Distributed services scale out and avoid hairpinning with efficient routes

Related to this, my talk will look at distributed services – why they are important, and what we’re introducing beyond distributed switching and routing and the very successful distributed firewall. The figure above (excerpted from my VMworld slide deck) shows just a couple of the benefits of distributed services (scale-out performance and efficient routing). With network virtualization becoming a technology with such broad applicability, the distribution of a wide range of services across hypervisors is a fundamental differentiator of NSX.

Having just finished up a draft of my presentation, I’m really excited to attend my third VMworld. Hopefully I’ll have piqued your interest and maybe I’ll see you at one of my sessions (my talk is being offered at least twice). Whether or not you make it to my presentation, there will be a great set of opportunities to go deeper on NSX and network virtualization. Many of our customers will be presenting their experiences with NSX. I must say I’m looking forward to meeting our customers, current and prospective, in San Francisco and Barcelona.