This content is part of the Essential Guide: The essential guide to VMware NSX SDN technology

VMware hopes hybrid cloud networking is the future of NSX

As vSphere revenue dips, VMware is hoping NSX can find its place in the cloud.

VMware has big plans for NSX that could change both the company's business model and preconceptions about cloud computing, but challenges remain to implement its vision and for users to buy in.

In VMware's Q4 2015 earnings call, VMware CEO Pat Gelsinger said the company "would introduce a new NSX offering that will enable customers to create secure and encrypted overlay networks across public clouds, including AWS and Azure and on-premises data centers."

That new version of NSX, which Gelsinger said would be available by the end of the year, promises to allow customers to add NSX security and network abstraction to Amazon Web Services (AWS) workloads. For a closer look at how this technology might work, SearchServerVirtualization talked with Guido Appenzeller, chief technology strategy officer for the Networking & Security Business Unit at VMware.

In the first part of this two-part Q&A, Appenzeller spoke about NSX licensing and adoption. In this article, we talk about the future of NSX and how it can be applied to hybrid cloud networking.

At VMworld, your technology preview session showed a potential future capability of using NSX to create an overlay between in-house servers and AWS. How does that work?

Guido Appenzeller: Architecturally, it's very simple. We have an agent running in the AWS instance that fulfills the same function a vSwitch does for on-premises deployments. The problem is Amazon doesn't have any API [application program interface] where we could insert a virtual switch at the hypervisor level, so we have to do things inside the guest operating system.

It's kind of funny, initially within VMware there was a lot of consternation -- a lot of people saying that's not how we do things, we work at the hypervisor level. But once the engineers started looking at it, you can essentially deliver the same functionality and the same security level -- with a small difference -- by running inside the guest. To me this is an important part of what we're going to do in the future.

Why is this hybrid cloud networking application so important to the future of NSX? 

Appenzeller: This was customer-driven. Since I joined VMware a little over year ago, I've talked to about 100 customers one-on-one. Moving to the public cloud comes up everywhere. There's a lot of excitement around it, and people understand the opportunities. Being able to provision compute capacity on demand anywhere in the world using an Opex model is incredibly compelling. For some people, vCloud Air is the right fit. But there are other companies, like Amazon or Microsoft, that are also quite popular.

Basically, customers came to us and said, "Look, thanks to my shadow IT -- which I wasn't able to reign in quickly enough -- I now have this application one of my business units built that is running on Amazon, but it has to access data sitting in my on-premises data center. I want to wrap controls around this, firewall it and monitor it. Can you help us?"

During the demo, we said, "Let's take the logical first step to extend NSX so we can integrate Amazon workloads as first-class citizens into our NSX-provisioned network." Turns out, it's not that hard.

What enterprises are struggling with is that the way public clouds are used today effectively leads to new silos. If you have a couple folks working on Amazon, they're using Amazon APIs, use Amazon networking and Amazon storage.

I think that's a major inhibitor for enterprises moving applications to these clouds. What we're hoping to do with NSX is give you a way to manage all these different end points homogenously.

In the past, networking was about getting a packet from one place in your data center to another. Today, managing IP connectivity is the least of your problems. The real challenge today is to segregate these networks, firewall these networks, manage compliance and keep them secure from attackers.

NSX ownership dynamics

Read more from part one of this Q&A about how IT silos are affecting licensing and adoption. 

In the demonstration, you used the example of spinning up new AWS instances on demand. How do you license NSX when you don't know you need a license until you need it?

Appenzeller: That's a great question, and I don't have an answer for you yet. Frankly, we haven't fully sorted it out yet. I think if you move more to a cloud environment, some of our existing licensing models will have to evolve. We're having internal discussions, but nothing we're ready to share yet.

Extending networking and security to a public cloud sounds great, but how do you solve the problem of latency between instances running on a public cloud and the on-premises databases that those applications need to access?

 Appenzeller: In the past when we've thought about on-premises data centers, the idea was it is something in the basement of a company. Those days are pretty much gone. Today, you're looking at a dedicated data center, and if you look at where they're being built, they're located around large Internet exchange points, which are locations where you also have a presence of many public clouds. I talked to one customer recently, and they were looking at a public cloud, and it turns out that all of their data centers were within 2 milliseconds from the particular cloud they were looking at.

Some enterprises still have a data center with a high latency from the public clouds they want to use. I think in the future, you'll see data centers located at Internet exchange points. For example, if you're a big bank, it's much shorter to go from your West Coast location to Amazon than it is from your West Coast data center to East Coast data center. For that matter, it's also much shorter than going from your office to the data center.

Are you at all worried that these hybrid cloud networking features will make it easier for businesses to use AWS and therefore take a bite out of your vSphere or vCloud Air revenue?

Appenzeller: I'm a big believer that in Silicon Valley you have to eat your own lunch, so even if that were true, I don't think that would change how I would tackle this problem. At the end of the day, our customers make their decisions about how and where they want to move to -- and it's our job as a software vendor to provide them with a compelling offering when they make that decision. 

Next Steps

SDN may be the answer to hybrid cloud networking challenges

How VMware NSX could change networking -- or not

Payment processing service provider settles on VMware NSX

Dig Deeper on Network virtualization