How VMware Plans to Put the Screws on Cisco

VMware plans to marry networking and application intelligence, to put Cisco in the crosshairs.

Mitch Wagner, Executive Editor, Light Reading

August 15, 2018

6 Min Read
How VMware Plans to Put the Screws on Cisco

VMware plans later this month to announce a strategy to improve network performance and security by combining network and application awareness, reminiscent of Cisco's pitch for "intent-based networking." But VMware claims it's got the technology to do it better.

At the VMware Inc. (NYSE: VMW) VMworld conference in Las Vegas, which begins later this month, VMware plans to launch a strategy it calls Microsegmentation 2.0. The new strategy brings application awareness to its microsegmentation architecture for securing and managing enterprise networks, Tom Gillis, VMware's new senior vice president and general manager for networking and security, tells Light Reading.

Microsegmentation is VMware's long-standing strategy for dividing networks into very small segments for security and management. Microsegmentation contrasts with the old way of securing and managing networks, putting a perimeter around the enterprise network, and declaring everything inside the perimeter as safe and everything outside as a potential threat. But that philosophy doesn't work today, as enterprises need to connect their networks to partners and customers, and users connect mobile devices to both to the enterprise network and outside networks. For example, a user might connect a mobile device to the networks at work, at his family home, and at a local coffee shop, and bring viruses and malware from the external networks to the enterprise network.

The perimeter security model gets even more obsolete with the emergence of Internet of Things and edge computing.

Figure 1: VMworld 2017 VMworld 2017

Now entering its fifth year, the 2020 Vision Executive Summit is an exclusive meeting of global CSP executives focused on navigating the disruptive forces at work in telecom today. Join us in Lisbon on December 4-6 to meet with fellow experts as we define the future of next-gen communications and how to make it profitable.

VMware has historically addressed the obsolescence of perimeter security by decomposing networks into small partitions, known as "microsegments." This allows users of VMware's NSX software-defined networking to gain enhanced network manageability and security in the modern, multicloud world, Gillis says.

With Microsegmentation 2.0, VMware will marry its knowledge of NSX networks with knowledge of application behavior that VMware gains by running the software infrastructure enterprise apps run on, namely vSphere virtualization and containers built on Kubernetes. VMware will develop models for how applications should behave, and block anomalous actions that could indicate threats. For example, there's no reason a web server should seek out root access, so a web server seeking root access is likely up to no good, Gillis says.

The new guy
Gillis joined VMware in May, following nearly seven years as CEO of Bracket Computing, an enterprise security company for hybrid cloud networks. VMware picked up key people and intellectual property from Bracket at the same time Gillis joined the company.

Prior to Bracket, Gillis was vice president and general manager of Cisco's security technology group, where he worked for more than four years. And before that he was vice president of marketing and co-founder of IronPort Systems, a network security company with a pioneering anti-spam service and email security appliance, which was acquired by Cisco in 2007 for $830 million. (See Cisco Buys IronPort and Cisco's Multi-Year Buying Binge.)

Gillis joins VMware as the company is on a roll. VMware reported $2.01 billion revenue for its most recent quarter, the first quarter fiscal 2019, up 14% year-over-year. The Dell Technologies Group owns a majority, controlling stake in VMware and VMware is a profit and revenue center for Dell, and integral to Dell's return to public markets after several years as a private company. (See Networking Is Eating VMware and No Customer Downside in Dell's Wall Street Return.)

Next page: VMware knows who's naughty and nice

On that most recent earnings call, VMware CEO Pat Gelsinger says he sees networking rivaling VMware's traditional compute virtualization business, becoming as big as or bigger.

Additionally, Gillis joins VMware as enterprise networks are in transition, he says. "The obvious shift in front of us is the shift toward public cloud," he says. Also, compute is moving to the edge, in branch, kiosks and Internet of Things devices.

VMware is best positioned to take advantage of the transition, Gillis says. The network infrastructure needs a uniform software layer blanketing the infrastructure end-to-end.

Moreover, the network needs to understand application behavior to be effective -- and that's where VMware's advantage over Cisco comes in, Gillis says. "This is something that's intrinsic to VMware. With virtualization technology, we booth the app, we understand the app, and we can now increasingly look inside the app," Gillis says. VMware can understand app components, microservices and provide a rich platform for policy and security enforcement, he said.

The future is in the application
As part of the Microsegmentation 2.0 strategy, VMware is looking to simplify network security and management policies to something resembling plain English, which is where VMware's Microsegmentation 2.0 most strongly resembles Cisco's intent-based networking.

And it's not just Cisco. Automated network management is similar to Arista's CloudVision strategy, which it advanced with this month's Mojo Networks acquisition, as well as Juniper's vision for "self-driving networks." (See Arista Finds Its Campus Mojo and Juniper Launches 'Bots' for Self-Driving Networks.)

But VMware's virtualization and Kubernetes technologies gives it an advantage over those competitors by giving VMware application visibility –- which pure-play networking vendors like Cisco lack -- as well as network visibility, Gillis says. (See VMware Launches Kubernetes-as-a-Service.)

"The future is in the application," Gillis says. "I've spent a lot of my career trying to look at packets on the wire and figure out, 'Oh, this is a database and this is a web server.' That's actually hard to do, particularly in a world where you have custom apps. But we're there when the server is born, so we know all about it. We know how it boots, we know where it resides in memory, we know how it behaves, we know what it is, what it does, what it should do. And so it allows us a very high fidelity view into what customers are trying to accomplish in their applications."

Microsegmentation 2.0 is an extension of VMware's Virtual Cloud Network strategy, announced more than three months ago, to leverage NSX to provide a single fabric and layer of infrastructure spanning the edge, branch, core, data center and cloud, including Amazon Web Services and Microsoft Azure, with consistent policy enforcement and manageability. (See VMware Takes On Cisco & Juniper With Network Vision.)

Microsegmentation 2.0 also relies on using knowledge of known good application behavior to secure networks. The vast majority of the security industry is focused on the opposite, identifying known bad traffic, with signature or behavioral analysis, to identify threats, Gillis says. By tracking both known good behavior and known bad behavior, VMware can leap forward in security protection.

— Mitch Wagner Follow me on Twitter Visit my LinkedIn profile Visit me on Tumblr Follow me on Facebook Executive Editor, Light Reading

About the Author(s)

Mitch Wagner

Executive Editor, Light Reading

San Diego-based Mitch Wagner is many things. As well as being "our guy" on the West Coast (of the US, not Scotland, or anywhere else with indifferent meteorological conditions), he's a husband (to his wife), dissatisfied Democrat, American (so he could be President some day), nonobservant Jew, and science fiction fan. Not necessarily in that order.

He's also one half of a special duo, along with Minnie, who is the co-habitor of the West Coast Bureau and Light Reading's primary chewer of sticks, though she is not the only one on the team who regularly munches on bark.

Wagner, whose previous positions include Editor-in-Chief at Internet Evolution and Executive Editor at InformationWeek, will be responsible for tracking and reporting on developments in Silicon Valley and other US West Coast hotspots of communications technology innovation.

Beats: Software-defined networking (SDN), network functions virtualization (NFV), IP networking, and colored foods (such as 'green rice').

Subscribe and receive the latest news from the industry.
Join 62,000+ members. Yes it's completely free.

You May Also Like