At the time, the Chicago-based financial cooperative was using Cisco’s network virtualization software. It wasn’t happy with the product, said Julio Arevalo, manager of systems engineering at Alliant.
“Then we heard about NSX’s microsegmentation,” he said.
Microsegmentation enables fine-grained security policies to be assigned to data center applications, down to the workload level. This approach improves network security by integrating it directly into a virtualized workload without requiring a hardware-based firewall.
As security breaches become an increasingly common — and debilitating — occurrence, microsegmentation has helped drive security as an NSX use case.
Alliant deployed NSX in June 2016. In addition to the security features, the company found the software provided other benefits as well.
“I can’t say we didn’t expect it but a number of issues were resolved with the migration,” Arevalo said. “The most noteworthy was the data warehouse load.”
He said this used to timeout and take four hours to complete when it did run through. With NSX, timeouts aren’t an issue and it takes less time.
“The other noteworthy fix is that we use automated tools to move files from SQL to file server to off-site partners,” Arevalo added. This process, too, used to timeout. “Since moving to NSX that is a thing of the past.”
The company also uses NSX’s load balancing features and Guest Introspection, which offloads security functions to a dedicated security appliance on each host. This removes the need for an anti-virus agent within the guest operating system.
Deploying the NSX Guest Introspection feature meant Alliant no longer needed a malware agent on each virtual machine.
“We have since uninstalled the Symantec End-Point client,” Arevalo said. “It came just in time because SEP has recently upgraded their End-Point system and we no longer need to deploy it in that environment.”
Looking ahead, Alliant plans to also use NSX Edge, which provides network edge security and gateway services to isolate a virtualized network.
Security is a top use case and large driver of NSX sales, said VMware CEO Pat Gelsinger during the company’s earnings call in June.
“NSX continues to see great momentum with large NSX wins across multiple verticals including health care, telecom, state, local, and federal governments, Gelsinger said. He added that nine of VMware’s top 10 deals this quarter included NSX. “It continues to be an integral piece of all of our offerings,” Gelsinger said.
VMware VP of Products Milin Desai said customers like Alliant Credit Union typically start with a security use case. But once they find out that NSX offers more than just a security platform, they expand to other uses cases. These, he said, include automation, multi-data center pooling, and disaster recovery (DR).
NSX creates virtual networks as software entities. They can be saved, restored, and deleted on demand without requiring any reconfiguration of the physical network. For disaster recovery, this means NSX customers can automate replication of networks between protected and recovery sites.
“DR with NSX is as simple as copy, paste, keep, and sync,” Desai said.
Expedient, a cloud and data center infrastructure-as-a-service (IaaS) provider, uses NSX as a part of its Push Button DR disaster-recovery-as-a-service offering.
NSX allows Expedient’s customers to replicate the components of their IT infrastructure and reduces recovery time objectives from hours to minutes, said John White, VP of product strategy at Expedient.
“We use NSX to basically span the customer’s network from their premises into one of our data centers to make that seamless to them,” White said. “It allows them to move virtual machines from one place to the other without any reconfiguration, without any issue.”
The software helped one Expedient customer — a chemical manufacturer for food additives — migrate an application to the cloud.
“They were nervous about moving to the cloud,” White said. Expedient put a private cloud inside one of the customer’s on-site data centers and moved the application to that cloud. “We took that and replicated it in one of our data centers in Tennessee,” White said. “We used NSX to create one big network for them between their site and our data center.”
For another Expedient customer, whose data currently lives in two Expedient data centers, “we’re going to connect them with NSX to make it look like one data center between the two sites,” White said. “So they can drag and drop [applications between the sites], and it gives them a lot more flexibility than they’ve had in the past.”
This use case — multi-data center pooling — is popular with mid-sized companies, Desai said. It increases mobility across sites by enabling them to use existing infrastructure resources in various sites for a single operation.
“This means you can expand your application wherever the capacity is,” Desai explained.
Automation is a major use case driving NSX adoption in large enterprises. “Automation has always been and continues to be the cornerstone of why large customers go with NSX.” Desai said. “They want to deliver applications at the speed of business.”
He points to Nike as an example. At last year’s VMworld, a Nike executive talked about how the sporting goods giant used VMware Integrated OpenStack in conjunction with NSX to deploy applications in minutes.
“Historically, the whole motivation behind network virtualization or SDN was speed and agility,” Desai said. “That’s been a primary driver from the beginning. But as we started deploying NSX, the way it delivers security was transformative. That became a use case after the fact.”
Both Alliant and Expedient agreed that securing management support is an important first step in deploying NSX.
“Networking is part of the network security team, so you have to get their buy-in.” Arevalo said. “And you’re taking the network from a physical to a virtual world.”
Also, don’t underestimate the time commitment — or the learning curve, White said. Expedient started working with VMware two years ago. Deployment didn’t happen until this past January.
“Get started soon,” White said. “Find a partner to interact with if you are a small to medium business. You definitely don’t want to take this on, on your own.”
White says it required “thousands of man hours” to understand and learn the product. “It’s definitely a learning curve compared to traditional networking services.”