Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

VMware CTO Casado on network virtualization, security and competition with Cisco

Ellen Messmer | Aug. 30, 2013
Casado talks about NSX networking and security implications.

As you are likely aware, the tech press covering the NSX announcement this week, based on analyst input about it, widely reported NSX network virtualization as VMware bumping up against Cisco in a battle over software-defined networks. Can you comment on that?
The deepest relationship VMware has with any hardware vendor is with Cisco. You have VCE. They're a very strong partner. We need physical infrastructure as we send packets around. We love Cisco! NSX is totally compatible with Cisco products. That said, partnerships all evolve at their own pace and have their complexity.

HP made news this week as supporting NSX. What are they doing?
HP is doing a technical integration on top of Rack Switch to include it in the NSX environment. We will never do physical switches...

Back to NSX Service Composer, we heard this week that there's an ambitious plan to have the various vendor software products tied to NSX, such as antimalware or intrusion-prevention, be able to share security information to somehow automate a response among products. That would be rather unusual. How would that actually work?
NSX Service Composer is a high-level framework for policy declarations. You can have a complex security policy, but it's manageable. You can evolve it. But it's not a vertically locked-down layer. Because we're in the hypervisor, we have a tremendously granular view on the host. We know a lot. If one of our partners detects there's a virus, it can tell NSX and NSX can put this into quarantine. We can facilitate the communications.

NSX also has this distributed firewall. How is this different from vShield?
With vShield Edge, if you send traffic out onto the Internet, you have north-south traffic. But if one VM talks to another VM in a data center, you don't want to send that traffic through a choke point. The NSX distributed firewall is a full stateful firewall in the hypervisor. Before, it was just access control lists.

Some of VMware's security APIs for security vendors have not proven hugely successful in the past and adoption of virtualized security products in general has not been widespread in the overall marketplace so far. You've only been with VMware one year since joining them after the Nicira acquisition, but why will the future of virtualized security be better?
We have real customer traction and we've focused on operations. New technologies go through maturation cycles, and we're pre-chasm— we haven't gotten to the majority yet.

 

Previous Page  1  2 

Sign up for CIO Asia eNewsletters.