VMware Amps Up SmartNICs with Security

November 17, 2020

VMware unveiled the Modern Network framework to enable businesses, and their IT and application development teams, to accelerate adapting to a new normal. To help customers realize a modern network of their own, VMware also announced further enhancements to its virtual networking products and services.

For businesses today, the ability to rapidly and cost effectively respond to change is paramount. Application developers need to quickly deploy, test, and iterate applications. The infrastructure powering applications needs to deliver the efficiency of cloud operating models. Applications need to run on everything from private clouds to public clouds to edge computing, and the user to application experience needs to be great, no matter the user’s location. Traditional hardware-centric networking models simply don’t meet the needs of today’s business realities. The Modern Network framework addresses all of these needs.

The Virtual Cloud Network embodies the Modern Network framework. More than 18,000 organizations have modernized their networks using VMware’s Virtual Cloud Network solution. These customers are embracing a cloud operating model, launching workloads with full automation, and eliminating weeks and months of wait time to update a firewall or load balancer. They are virtualizing everything from the data center to the branch to the end user. The Virtual Cloud Network gives organizations an end-to-end solution to deploy applications and make sure they are running optimally and efficiently, while enabling a great user experience.

“Our customers must efficiently manage the rapid shift to remote work, deliver applications faster and more securely, and reduce the cost and complexity of connecting and protecting the distributed enterprise,” said Rajiv Ramaswami, chief operating officer, products and cloud services, VMware. “The Modern Network framework enables our customers to do this. It turns the old way of thinking about networks as hardware appliances, switches, and routers in enterprise networks on its head and instead, takes a top-down view that puts users and applications first. This is the promise we are delivering on with the Virtual Cloud Network.”

The Modern Network Framework Explained

In the traditional model, a network is assembled from distinct devices—switches, routers, firewalls, IDS/IPS systems, load balancers, and more—that are deployed separately and typically configured manually using ticketing systems. This is a bottom-up view, requiring the application to use whatever the infrastructure has available. The Modern Network framework takes a top-down view, creating a network that understands the needs of the application and programmatically managing infrastructure to meet those needs. The Modern Network framework is described by three key pillars.

The first pillar, Modern Application Connectivity Services, enables developers to connect the microservices of a modern application more securely while reducing latency, increasing security, and maintaining application availability. This is done with self-service tools that developers can use without help from central IT.

Underneath this, the Multi-cloud Network Virtualization pillar provides a complete set of essential network services that are fully automated and defined in software. These services include all essential networking functions including security and load balancing. Virtualization and analytics span end to end, from the data center to the branch office and all the way to the end user. Automation is applied not just to the orchestration of a workload, but also day two operations.

Despite the microservice-level abstractions of the first pillar and the scale-out software network infrastructure of the second pillar, at the bottom, packets still need to travel through wires and silicon. The Physical Network Infrastructure pillar is all about providing high capacity and low latency connectivity. It’s about keeping it simple and letting the software do its job.

In the Modern Network framework, security is intrinsic to every pillar.

Taken together, the three pillars and the principles they lay out are the foundation of public cloud architectures. VMware makes them available in every cloud.

The Virtual Cloud Network is a Modern Network, and it Just Got Better

The Virtual Cloud Network, powered by the VMware NSX family of products, enables the public cloud experience for enterprise workloads running in private and multi-cloud environments. Just as in the public cloud, NSX enables automated deployment of the full workload. NSX provides infrastructure services that are defined entirely in scale-out software, delivered on general purpose servers, and built into the CI/CD pipeline so the services are automatically deployed with the application. Enterprises can now deploy full workloads with a single click without opening tickets which might take weeks of manual effort to close.

To achieve this level of cloud operation, VMware NSX delivers the industry’s only complete L2-7 virtual networking stack—switching, routing, firewall, security analytics, advanced load balancing, and container networking. VMware extends the Virtual Cloud Network to connect and protect modern application environments with VMware Tanzu Service Mesh and support for Project Antrea, an open source project that enables Kubernetes networking and security wherever Kubernetes runs. The Virtual Cloud Network runs on non-virtualized bare metal servers, VMs, containers, and across every cloud.

The Virtual Cloud Network doesn’t stop in the data center. The VMware SASE platform converges VMware SD-WAN, cloud security, and zero-trust network access with best-in-class web security to deliver flexibility, agility, and scalability for supporting a work from anywhere workforce. With VMware vRealize Network Insight and VMware Edge Network Intelligence, the Virtual Cloud Network includes advanced analytics that yield better network uptime and resiliency and faster troubleshooting. vRealize Network Insight can measure the life of a packet from the database all the way to the end user, spanning both physical and virtual infrastructure; a unique capability that makes troubleshooting easier.

Today, VMware announced the following enhancements to the Virtual Cloud Network portfolio:

Extending the Future Ready Workforce Solution with VMware SD-WAN Work from Home Subscriptions

The branch is now anywhere a user can connect to the company network to access the resources they need, including at home. VMware is extending the Future Ready Workforce Solution with new VMware SD-WAN work from home subscriptions. These new offerings will provide individual business users optimized network connectivity, more assured application performance, and better security at an affordable low price. Starting at price points lower than the cost of a mobile phone line, and with bandwidth ranging from 350Mbps to 1Gbps, the new subscriptions enable business users to get the best application performance while working from home. These new offerings are available today.

New Capabilities for Connecting, Protecting, and Automatically Scaling Modern Applications

Modern applications have thousands of components that need to be connected and protected. VMware Tanzu Service Mesh is an exciting new technology that controls the communication between each of the thousands of components, enforcing security policy and measuring performance and other critical functions, regardless of the underlying infrastructure. VMware is announcing a preview of a unique Attribute-Based Access Control policy model that will bring “who, what, where, when and how” simplicity into modern application policy creation.

Further, VMware is announcing NSX Advanced Load Balancer integration with Tanzu Service Mesh. This integration will enable application developers using Kubernetes to launch an application with all required load balancing capabilities without ever having to touch the infrastructure. API driven, this combined solution will deliver high availability and security for modern applications via load balancing and web application firewall capabilities. This integration is expected to be available in VMware’s Q1 FY22.

Infrastructure that Measures and Fixes Itself

Users and modern applications expect the network to “just work.” When infrastructure is virtualized, it can actually adapt to changes and heal itself. VMware SD-WAN technology takes multiple unreliable network connections and makes them behave like a single ultra-high-performance network. For a work from home user, this means video collaboration applications simply work all of the time. In the data center, VMware’s monitoring and management software now includes powerful new network modeling capabilities that act as a “pre-flight check” to verify an application is reachable across both physical and virtual infrastructure. Together, these new capabilities, which are available today, make troubleshooting faster and more efficient, and represent an important step towards self-healing networks.

Network Virtualization that Runs on SmartNICs for the Next-Generation of Servers

VMware announced Project Monterey, a collaboration with leading hardware providers to deliver network and server virtualization that runs on a SmartNIC. This novel architecture promises a leap forward in computing power and efficiency, as well as pervasive, distributed security. Virtualization and security functions are offloaded to the SmartNIC, freeing up CPU cycles to run applications and creating meaningful cost savings. VMware is announcing that the NSX Services-Defined Firewall running on a Monterey SmartNIC will be able run stateful Layer 4 firewall services at line rate. These same SmartNICs will also be able to run Layer 7 stateful firewall, as well as VMware’s curated IPS signatures. This capability will allow enterprise customers to attach a tuned, ultra-fast, ultra-smart firewall to their most valuable workloads – the database apps that hold their sensitive data.

“IDC is seeing that the traditional hardware-defined, device-centric method of building, operating, and securing networks is being supplanted by a cloud-centric, software-based approach. In fact, IDC research shows that by 2023, more than 55 percent of enterprises will replace outdated operational models with cloud-centric models that facilitate rather than inhibit organizational collaboration,” said Brad Casemore, research vice president, datacenter and multicloud networking, IDC. “Software-based approaches such as the VMware Virtual Cloud Network can help customers modernize both their network infrastructure and operating model, across clouds, datacenters, and the extended enterprise.”

“Around major sporting events, we need to be able to scale out hundreds of apps in seconds and give customers a consistent, reliable, and secure experience,” said Ben Fairclough, lead infrastructure architect at William Hill. “VMware provides us with a modern network that allows us to automate deployment of critical micro-segmentation functionality through the NSX Distributed Firewall using APIs. Tight integration in our environment means our developers know and understand how security policies are put together to ultimately simplify the entire deployment sequence. Our work with VMware gives us confidence that our security posture is as tight as it can be while deploying applications very quickly.”

“When we considered our network modernization process, one of the key factors was supporting a shift to multi-cloud to ensure continuous delivery,” said Thomas Squeo, CTO at Intrado Digital Media. “The network virtualization, analytics, and visualization capabilities included in VMware’s virtual cloud network portfolio made that easy. We’ve created a ‘5S’ framework focused on the stability, scalability, security, speed and savings we need to be successful in meeting our application SLIs, SLOs, and error budget deployments.”

“Tools like the VMware software-based load balancer give us that next-generation functionality to dynamically scale up the throughput capacity to where it needs to go,” said Zack Milem, cloud solution architect at Trend Micro. “By tying our products together with VMware’s modern networking components, Trend Micro is creating a seamless experience in which our business units and our end-users can access applications and infrastructure capacity at any time, wherever they are.”