In the SDxCentral 2015 Special Report: Network Virtualization in the Data Center, we surveyed customers, profiled vendors, and framed the ongoing mission by the “big four ” network virtualization (NV) technology vendors — Cisco, Juniper, Nuage, and VMware.
As part of that research, the SDxCentral research team dug into dozens of customer case studies and use cases. What’s interesting is as NV penetrates the marketplace, its uses are diverse. But one common characteristic of NV is emerging as a driver for many customer deployments: Security. This is apparent in both customer profiles and surveys with users.
This is also confirmed with user feedback. In our 2015 Virtual Edge Report, a survey of about 75 users, both from the enterprise and service provider market, indicated that security was the leading function demanded for software-defined WAN (SD-WAN) technology, another form of NV.
In the NV report, we profiled Tribune Media, which said security was factor in its deployment of VMware NSX to migrate 141 applications onto a cloud infrastructure in five months. Tribune Media CIO, David Giambruno, said virtualization gives him more flexibility to hostile attacks be being able to move the applications when they come under threat.
Another example in our report was a description of NV deployment at the city of Avondale, Arizona, as described in the publication GCN. The city used NSX 6.1 as its firewall and load balancing solution, boosting security by segmenting the network, putting firewalls between servers to secure traffic moving between virtual machines or apps.
Wesley Harris, an Avondale IT system administrator, said the advantage came in a single management view of the network without having to monitor separate firewall systems, according to GCN.
These examples relate to VMware NSX. Part of that is because there are a lot of publicly available examples of NSX customers — VMware has published 29 of them so far — and this is leading VMware to use security as a lead item in its marketing programs.
But VMware isn’t the only NV company touting security. Cisco Systems is also using security as a calling card for its Application Centric Infrastructure (ACI). Bowling Green State University recently announced it was using Cisco‘s ACI and its Nexus switches as a virtualization platform to support a “more efficient, highly secure data center.” As the university looks to improve the use of technology in the classroom for active learning and expand beyond its traditional on-campus activities, with eLearning offerings, it believes its new data center, based on Cisco’s SDN technology, will enable them to better deliver on these new opportunities.
Numergy, a private cloud provider in France, cited security as an advantage of its approach to using Nuage VSP in virtualizing its data center. “Legacy security approaches focus on external threats rather than threats within the datacenter,” states the company in a Nuage case study. “Numergy’s Service VM approach isolates and secures the boundary between tenants. In addition, the built-in security of Nuage Networks VSP, including a default ‘Zero Trust’ model, operates at the VM level.”
When virtualization and SDN first emerged, I’m not sure that security was the first bullet that everybody thought was going to be used to sell the technology. But now, its seems as if security is becoming a more prominent feature of virtualization.
The reason for this is simple: Virtualization, at its core, has the potential to make networks more secure by isolating applications and users on discrete virtual networks. This follows the principle of “least privilege,” in which users and applications are given access only to the resources they need. Because virtual networks by their nature are separated from the physical network, they can be used to provide an additional layer of security.
There are other security advantages emerging for virtual networks: Networks or applications can be segmented, scanned, and monitored more easily on a virtual platform. Security applications such as firewalls can run as software inserted directly onto the network, rather than requiring physical devices. Additional security intelligence and analytics can be built in to virtualized networks to scan and monitor for abnormal activity on the network.
Security is emerging as a leading network virtualization driver, a trend I expect to gather momentum over time.