VMWorld’s “Virtualization Stall”
“That’s how things change: slowly at first, then all at once.”
We’re back from VMWorld in Las Vegas, where the industry started viewing their virtualized environments with the same kind of wary eye they cast on a blackjack dealer with shifty eyes.
After all, you wouldn’t take your money out of an ATM leave it out in the open on a public table… so why would you take your mission-critical applications, which are safely wrapped in a carefully-constructed network, and put them in a virtualized environment that is wide open with no network controls?
Vyatta has been out in front of the industry demonstrating solutions to these issues for a while, and we have the leading customer implementations to prove it. This week, for the first time, other vendors are beginning to highlight this very important problem statement: Virtualization breaks networks! Until that problem is solved the deployment of virtualized apps will be limited to those that can afford the network exposure. Forget about virtualizing apps that have compliance needs, such as PCI or HIPAA. Don’t go into a multi-tenant environment until you can lock your own doors. Don’t pull the cord until you know what you’re going to get.
One wag put this way: “It’s virtualization stall.” At a minimum, it is a problem that limits virtualization’s true growth potential.
This is articulated perfectly in a recent editorial from SearchNetworking’s Rivka Gerwitz Little where she agrees that businesses shouldn’t pull the cord on leveraging the cloud until they have a clear plan for securing virtual environments. ”Ultimately, we’ve learned that every network security strategy must be extended into the virtual environment. That means learning how to connect the virtual environment to the DMZ network, as well as implementing virtualization firewall strategies, and moving away from physical separation.”
Network virtual machines are a clear answer to these issues, but not in the limited capacity and vendor lock models being introduced at VMWorld. An ideal network security solution for virtual and cloud environments needs to be available for all hypervisors, capable of automation through any orchestration or management layer via an open API and must offer a single system that enables complete replication of the enterprise network edge (L2-L7). As Cisco announces a second attempt at virtual firewalling (virtual ASA to be available late 2012) and VMware, Cisco and others propose new standards (VXLAN) to extend L2 networks, Vyatta customers have been benefiting from a full featured virtual network OS to connect and secure their virtual environments for years.
In all, this VMWorld was a great show for Vyatta. Networks are changing, and it’s starting to happen fast. I’ll sum up with another great statement from Rivka Gerwitz Little: “If networking professionals don’t stay abreast of these issues – and push their way into the virtual conversation – they’ll find themselves backtracking to solve problems that have literally been architected into their networks without them even realizing it was happening.”
Entry filed under: Uncategorized.