VMworld has meant a week of catching up with old friends, learning about new software-defined networking (SDN) use cases, seeing new network functions virtualization (NFV) technologies, and debating if the Cisco-VMware relationship is destined to mirror that of Obama-Putin. It’s also a great lead-in to the Software Defined Datacenter Symposium (SDDC) that we are co-hosting on Sept. 10 in Santa Clara, Calif., where we’ll continue the spirited discussion.

Without further ado, here my top SDN/NFV takeaways from VMworld 2013:

1. VMware NSX and Network Virtualization

VMware has clearly focused the integration of Nicira’s solution toward solving real customer problems and building an ecosystem to make it easy for customers to extend their VMware environments with secure network virtualization.  Based on enterprise and service provider end customers we work with at Wiretap and SDxCentral, VMware has hit a home run on the vision. Now it’s time to see how close the vision is to execution.

2. Cisco-VMware Relationship

As the saying goes, "If I had a nickel for every time someone asked me about…"

Just about every conversation I had included a variant of this discussion.  No surprise that there is friction in this relationship, given the divergent paths for each company. One question is: Will the relationship turn into outright war, or will the two realize that they may need each other to combat a common enemy called AWS that’s taking enterprise workloads from both?

3. DevOps vs. Network Admins

We saw a number of companies working to solve networking for system admins (Cumulus), others working to solve automation to network admins (Stateless), and many working to show that network gear is integrated into IT service-provisioning applications (Arista, Juniper, Plexxi, etc. with OpsCode, Ansible, and Puppet). One could see this shaping the HP/NSX integration, integrating the physical network with the virtual network.  This debate as to who controls which portion of the provisioning, orchestration, and automation of which network functions will continue, as will the debate about roles of traditional system admins, DevOps, and network admins. Expect more coverage about this topic on SDxCentral. (To see what we mean, check out a cool DemoFriday on Sept. 13 with Plexxi and Opscode.)

4. Virtualized/SaaS-based Security

The new rage is security virtualization, and it was an undertone of the show. VMware’s public partnerships for NSX show they understand the need to secure virtual networks.  Security virtualization is the new SDN — hot companies, lots of VC money, and crazy valuations.  Many of these startups (we’ve written about one) are asserting that network security is dead, and instead are pitching centrally cloud-managed security policy with distributed security enforcement.  When we dig deeper into what this really means, the answer is a host security model (i.e., a security agent on each virtual machine) with clever cloud management.

This sounds cool — though in practice, it feels like a potential repeat of the host firewall and intrusion prevention system (IPS) market in the early 2000s (remember Okena and Entercept and Sygate?) which was a solution that never had broad market adoption.   One reason was that the performance impact of installing and running a security agent on each server was, in many use cases, prohibitively expensive.

So, here's a question for prospective customers: If you refused to deploy a host firewall and IPS because it caused, say, a 20 percent performance hit on a physical server running the security agents ... would you accept the same 20 percent performance hit on each virtual server, effectively reducing the capacity of the CPU running those virtual machines by 20 percent, for host-based security today? Would it be more effective to use SDN to steer traffic to virtual security appliances?

The answer isn’t clear today – though the answer will determine whether there’s a multi-billion dollar next-generation security virtualization/security SaaS opportunity (i.e. the security version of Nicira) or a $100 million submarket for yet another agent-based technology with limited return on capital invested.

5. Pools for "Who will be Juniper’s new CEO"

I was surprised by the sheer number of people taking odds on who will be Juniper’s new CEO. I don’t have any insight on the process and hedged my bets by picking different names in each pool.

Join the discussion and let us know what you learned this week.