Featured Story
Intel and telcos left in virtual RAN limbo by rise of AI RAN
A multitude of general-purpose and specialist silicon options now confronts the world's 5G community, while Intel's future in telecom remains uncertain.
VMware plans to marry networking and application intelligence, to put Cisco in the crosshairs.
VMware plans later this month to announce a strategy to improve network performance and security by combining network and application awareness, reminiscent of Cisco's pitch for "intent-based networking." But VMware claims it's got the technology to do it better.
At the VMware Inc. (NYSE: VMW) VMworld conference in Las Vegas, which begins later this month, VMware plans to launch a strategy it calls Microsegmentation 2.0. The new strategy brings application awareness to its microsegmentation architecture for securing and managing enterprise networks, Tom Gillis, VMware's new senior vice president and general manager for networking and security, tells Light Reading.
Microsegmentation is VMware's long-standing strategy for dividing networks into very small segments for security and management. Microsegmentation contrasts with the old way of securing and managing networks, putting a perimeter around the enterprise network, and declaring everything inside the perimeter as safe and everything outside as a potential threat. But that philosophy doesn't work today, as enterprises need to connect their networks to partners and customers, and users connect mobile devices to both to the enterprise network and outside networks. For example, a user might connect a mobile device to the networks at work, at his family home, and at a local coffee shop, and bring viruses and malware from the external networks to the enterprise network.
The perimeter security model gets even more obsolete with the emergence of Internet of Things and edge computing.
Figure 1: VMworld 2017
Now entering its fifth year, the 2020 Vision Executive Summit is an exclusive meeting of global CSP executives focused on navigating the disruptive forces at work in telecom today. Join us in Lisbon on December 4-6 to meet with fellow experts as we define the future of next-gen communications and how to make it profitable.
VMware has historically addressed the obsolescence of perimeter security by decomposing networks into small partitions, known as "microsegments." This allows users of VMware's NSX software-defined networking to gain enhanced network manageability and security in the modern, multicloud world, Gillis says.
With Microsegmentation 2.0, VMware will marry its knowledge of NSX networks with knowledge of application behavior that VMware gains by running the software infrastructure enterprise apps run on, namely vSphere virtualization and containers built on Kubernetes. VMware will develop models for how applications should behave, and block anomalous actions that could indicate threats. For example, there's no reason a web server should seek out root access, so a web server seeking root access is likely up to no good, Gillis says.
The new guy
Gillis joined VMware in May, following nearly seven years as CEO of Bracket Computing, an enterprise security company for hybrid cloud networks. VMware picked up key people and intellectual property from Bracket at the same time Gillis joined the company.
Prior to Bracket, Gillis was vice president and general manager of Cisco's security technology group, where he worked for more than four years. And before that he was vice president of marketing and co-founder of IronPort Systems, a network security company with a pioneering anti-spam service and email security appliance, which was acquired by Cisco in 2007 for $830 million. (See Cisco Buys IronPort and Cisco's Multi-Year Buying Binge.)
Gillis joins VMware as the company is on a roll. VMware reported $2.01 billion revenue for its most recent quarter, the first quarter fiscal 2019, up 14% year-over-year. The Dell Technologies Group owns a majority, controlling stake in VMware and VMware is a profit and revenue center for Dell, and integral to Dell's return to public markets after several years as a private company. (See Networking Is Eating VMware and No Customer Downside in Dell's Wall Street Return.)
Next page: VMware knows who's naughty and nice
On that most recent earnings call, VMware CEO Pat Gelsinger says he sees networking rivaling VMware's traditional compute virtualization business, becoming as big as or bigger.
Additionally, Gillis joins VMware as enterprise networks are in transition, he says. "The obvious shift in front of us is the shift toward public cloud," he says. Also, compute is moving to the edge, in branch, kiosks and Internet of Things devices.
VMware is best positioned to take advantage of the transition, Gillis says. The network infrastructure needs a uniform software layer blanketing the infrastructure end-to-end.
Moreover, the network needs to understand application behavior to be effective -- and that's where VMware's advantage over Cisco comes in, Gillis says. "This is something that's intrinsic to VMware. With virtualization technology, we booth the app, we understand the app, and we can now increasingly look inside the app," Gillis says. VMware can understand app components, microservices and provide a rich platform for policy and security enforcement, he said.
The future is in the application
As part of the Microsegmentation 2.0 strategy, VMware is looking to simplify network security and management policies to something resembling plain English, which is where VMware's Microsegmentation 2.0 most strongly resembles Cisco's intent-based networking.
And it's not just Cisco. Automated network management is similar to Arista's CloudVision strategy, which it advanced with this month's Mojo Networks acquisition, as well as Juniper's vision for "self-driving networks." (See Arista Finds Its Campus Mojo and Juniper Launches 'Bots' for Self-Driving Networks.)
But VMware's virtualization and Kubernetes technologies gives it an advantage over those competitors by giving VMware application visibility –- which pure-play networking vendors like Cisco lack -- as well as network visibility, Gillis says. (See VMware Launches Kubernetes-as-a-Service.)
"The future is in the application," Gillis says. "I've spent a lot of my career trying to look at packets on the wire and figure out, 'Oh, this is a database and this is a web server.' That's actually hard to do, particularly in a world where you have custom apps. But we're there when the server is born, so we know all about it. We know how it boots, we know where it resides in memory, we know how it behaves, we know what it is, what it does, what it should do. And so it allows us a very high fidelity view into what customers are trying to accomplish in their applications."
Microsegmentation 2.0 is an extension of VMware's Virtual Cloud Network strategy, announced more than three months ago, to leverage NSX to provide a single fabric and layer of infrastructure spanning the edge, branch, core, data center and cloud, including Amazon Web Services and Microsoft Azure, with consistent policy enforcement and manageability. (See VMware Takes On Cisco & Juniper With Network Vision.)
Microsegmentation 2.0 also relies on using knowledge of known good application behavior to secure networks. The vast majority of the security industry is focused on the opposite, identifying known bad traffic, with signature or behavioral analysis, to identify threats, Gillis says. By tracking both known good behavior and known bad behavior, VMware can leap forward in security protection.
— Mitch Wagner
Executive Editor, Light Reading
You May Also Like