Reducing Cost, Increasing Flexibility, and Facing Future Threats: VMWare NSX and the Virtualized Network

Posted By Julian Galley November 14, 2017 in network virtualization, Security

It is often difficult for companies to understand and appropriately react to paradigm shifts that require radically different thinking. For technology companies, having the flexibility to react appropriately when a paradigm shift presents itself is absolutely critical. Apple’s move into mobile, and Microsoft’s move into cloud services are both examples of this. Whether your company is web facing with a large online presence, or a regular bricks-and-mortar business, technology is involved. From employee workstations, to servers storing customer data, technology is the backbone of every business, and the network plays the critical role. However, network technology has long suffered from a lack of development. As the delivery of services has evolved with the development of cloud storage and server virtualizations, networks have remained largely as they have been for decades. This creates critical issues for companies. Depending on the size and complexity of an organization’s network, implementing a new service can require an inordinate amount of time, manpower, and resources. Creating VLANs and mapping them across switches and uplinks, updating service files, and creating port groups, are tasks that all need to be carried out manually – tedious, time intensive, and rife with the possibility of error. Add in the need to support legacy networks and bespoke one-off solutions for past problems, all with their own routing, load balancing, firewalling, and security functions, and the costs can escalate quickly. Then there is cybersecurity. There are any number of reasons why an organization might be susceptible to a ransomware attack or a data breach, and most of those reasons begin with the network. Everything depends on the network, because that’s where everything can go wrong. The solution is abstraction. Abstraction means virtualizing the network and security services that used to be bound to hardware, and making them a facet of software. Hypervisors, such as VMware’s NSX network hypervisor, act as an abstraction layer that sits between the virtual networks above, and the underlying physical infrastructure below. Routing, switching, firewalling, load balancing, and creating, storing, moving, deleting, and restoring entire application environments can all be accomplished as easily as one might spin up a virtual machine. The physical network would simply become a conduit for the movement of data. The difference between managing a virtualized network and a normal physical network is not an incremental difference, it is an exponential difference. As the network is entirely virtual, critical incidents can be responded to instantly. In addition, micro-segmentation, which creates independently secure virtual servers with firewalls embedded in the kernel, ensures that when an attack happens, should it succeed, the damage would be contained and limited, and the process of recovery would be swift and easily accomplished. The virtualized network is a force multiplier, giving one specialist the power to do the work of dozens, or more. The particular virtualization solution a company chooses is not as important as the act of just choosing to implement network virtualization. That is what will allow business to face the future securely, and flexibly. Story by Julian Galley (jgalley@compugen.com) and Paul Thomas (pthomas@compugen.com).