Response Bias or Who owns the virtual network
“Only when the tide goes out do you discover who’s been swimming naked.”
Warren Buffett, famous investor
I was recently asked by a respected Silicon Valley figure, “Why is it that Vyatta’s customers know exactly what virtualized networking problem they’re solving, but when I speak to other IT people I know in the virtualization arena they say they don’t have that problem? Or they tell me the networking problem is solved by the vSwitch that every hypervisor now has? I don’t understand this dichotomy.”
I was set back for a moment. It was a strange question to hear because at Vyatta we are so deeply in tune with “the problem” that we assume everyone naturally understands it. It took a moment, then the answer hit me like a brick: It was what market researchers call response bias: He was asking the wrong people.
“Forget about virtualization for a moment,” I said. “Go back to the previous model where a member of IT staff is tasked to bring up a new application server. Within the IT team, that person is a compute professional, right? Not a network architect or manager.”
“Of course,” he said.
“Now,” I said, “walk through the steps that server pro has to take. He gets the hardware, loads an OS and the desired application, and tunes it to the required levels. Right?”
From his expression it’s clear I’m boring him. I go on.
“Once the application server is set up, he takes an ethernet cable and plugs it into a port on the server. What does he do with the other end?”
“Obviously,” he said, “he plugs it into a port on a nearby switch.”
“Who provided the switch?” I asked.
“The networking side of IT of course,” he said hesitantly.
I pressed: “What’s going on on the other side of that switch?”
He waited a moment, then said, “I’m not sure.”
“Does our server pro in question know what’s going on beyond the switch?” I asked. “Does he know that the network was architected into subnets for a reason? Does he know how it’s routed? Or where the firewalls are, and why they’re configured the way they are? Or where the VPNs are terminated?”
“Probably not.” It came out of his mouth almost like an admission.
“So by definition of his role and knowledge base, it’s not his responsibility to know what’s happening from that port on the switch out into the rest of the network, right?” Now I can see the light bulb over his head. “The networking team has already established all of that for him before the server is allowed onto the network.”
“That’s right…” His voice trailed off.
“Well, that’s what it was like before virtualization. So now,” I pushed, “what’s it like in the virtualized world? That same person is asked to bring up multiple virtual machines on a server. He knows that the cable goes from the physical switch port into the server port like before. But virtualization requires one last connection: He also has to logically assign the VMs to the vSwitch in the hypervisor to complete the connection. It’s the exact same thing he did before. He think’s he’s done.”
“So,” he began slowly, “you’re saying that if I’m talking to an IT pro about virtualization, it’s highly likely that they’re from the compute side of IT. So there’s little reason to believe they know any more about the fundamental networking requirements beyond the server-to-switch connection than they did before virtualization.”
“Bingo,” I said. “You’re getting respondent bias.”
“But wait,” he said, “all of that other network infrastructure is already in place! The routers, subnets, firewalls and VPNs… they were there before virtualization and they’re still there under your example!”
“Yes they are,” I said. “But external networking gear can’t effectively or efficiently manage the traffic at the VM level because the hypervisor blinds them. All of those other networking functions need to be performed inside the server. That’s what Vyatta’s customers know. They’ve learned to meld compute and networking disciplines into a single architectural vision.”
While he thought about that, I mentioned Integral Networks, one of Vyatta’s customers recently in the press. “Their CEO said their goal was to get to a 100% virtualized environment but they couldn’t with their existing networking gear. He said, ‘We were happy with the security we were getting from our firewall and VPN infrastructure, but we couldn’t deploy those vendors as a virtual machine.’ Now, using Vyatta, Integral is delivering granular control and complete isolation of VM resources, as well as secure remote access for managing cloud-hosted data externally.”
“I’m getting it now,” my colleague said.
I concluded, “At a high level, it’s simple: It’s all about applications. They’re virtualizing, so therefore your network needs to have the same agility as the virtualized applications. That’s a networking VM.”
Entry filed under: Uncategorized.