That’s led the vendor to create what it calls macro-segmentation services (MSS). The technology is a feature announced today for CloudVision, the database that Arista switches use to track the state of workloads networkwide.
The concept is a play on the term microsegmentation — a term VMware frequently uses in describing its NSX network virtualization platform. NSX isolates traffic between virtual machines, often referred to as east-west traffic, and VMware has enlisted partners such as Palo Alto Networks and Intel Security to further secure those paths.
Arista wants to be the one to extend that security to the physical network as well. The idea behind macro-segmentation is that a switch could spin up firewalls and application delivery controllers (ADCs) as needed. These security elements would be able to span topologies; specifically, they would incorporate both virtual overlays and the physical network.
Of course, other security vendors have caught on to the “physical + virtual” thing. Fortinet, for instance, is another physical-network vendor that recently announced a strategy for extending into the virtual world. And Illumio takes a universal approach that encompasses all parts of the network.
MSS is in field trials, with general availability slated for the first half of 2016.
Arista’s business is based around physical switches, but the company’s interest in the virtualized world is increasing. Yesterday, the company was one of six partners helping HP launch the OpenSwitch open source project and accompanying network operating system — this despite Arista having an operating system of its own.