It’s been a long hike uphill for VMware’s NSX over the past three years, but maybe now the road is beginning to...
Corporate users give generally good reviews to the two lower-end versions of VMware's NSX, citing improvements in automating IT-based workflows and new security capabilities along with micro-segmentation. The company hopes to broaden the appeal of the technology downstream to mid-size companies.
VMware's newly-unveiled Standard Edition is the base version of the product that, besides automating workflows, is designed to bring more agility to data center networks, help reduce network operating costs and take out some of its complexity. The Advanced Edition contains all the features of the Standard Edition and adds additional layers of security plus micro-segmentation capabilities. Micro-segmentation adds additional layers of security, giving IT the ability to restrict traffic within logical networks and assign security policies to individual VMs.
"The lower-tier product gives you routing abilities, but the middle tier gives you micro-segmentation which, to be honest, is a huge piece of NSX," said Brian Kirsch, an IT Architect and instructor at Milwaukee Area Technical College. "[The middle tier] is where midsize to larger companies will look to adopt it."
The security built into NSX will attract first-time users, Kirsch and others said. With most IT shops well down the road of virtualizing their mission-critical workloads, and mindful of the high costs associated with physical network security as well as their inability to scale, NSX should have a leg up on any competitors that spring up.
"With all the recent breaches, security is front of mind," said one IT professional with a large manufacturing company in Minneapolis. "Let's face it, physical network security can be on the perimeter or internal. So, if all your workloads are virtualized why would you hold onto your traditional security framework? This could be a potentially huge marketplace for NSX and others with similar products."
The security capabilities built into NSX can replace some, but not all, perimeter security. But more importantly, the product's real value is adding layers of security on the inside.
"Realistically, this is a security person's best friend without them even having to ask for it," Kirsch said. “We have a lot of legacy Cisco gear, but workloads are shifting into the virtual environments. Many network admins may still feel very comfortable with physical security, but they are going to have to accept that the virtual world is the new medium."
VMware comes down on pricing
Many users have complained about VMware's pricing model for many of its products, most recently its hyper-converged infrastructure offerings. This time out, however, its NSX offerings seem more reasonable, with the additional security it offers justifying the pricing for some.
"Most shops use a two-socket server, so that comes to $9,000 a server for the Advanced Version," said the Minneapolis-based IT professional. "For that kind of money you can put in one or two firewalls. And if you have a high density of VMs on those servers, I think that is pretty reasonable (pricing)."
Remaining on top of the NSX product line is the original Enterprise Edition, which has all the features of the Advanced Edition plus networking and security features capable of reaching across multiple domains. VMware did not add any new features to the existing version of the product although it raised the price to $6,995 from $5,996. NSX users who have an active technical support contract with VMware will continue to receive the functions of the Enterprise edition including SSL and IPSec, virtual private networks and multisite NSX optimization.
The Standard Edition is priced at $1,995 per socket while the Advanced Edition costs $4,495.
A focus on micro-segmentation
With so many IT shops having virtualized their environments it was time to focus on mid-size user companies, said Chris King, VMware’s vice president of product marketing for NSX. The first and higher-end of NSX was aimed at large banks, insurance companies and high tech firms that prioritized speed and agility and could justify the higher price tag. But sometime in early 2014 VMware began to talk with users that put a higher priority on security and what could be accomplished with micro-segmentation.
"No one was talking about micro-segmentation back then even though security IT guys were telling us it was a good idea," King said. "So we took that user initiative and decided, this is a way that this other segment of users can deploy NSX and not just get the speed and agility of it, but also justify it internally through micro-segmentation."
VMware developers depended on many early adopters to give them direction on how to package and position each version relative to the other, King said, including what features to include or not include in each.
"All of these things were user-led, whether it was micro-segmentation, or early IT Ops research and even the packaging exercise," King explained. "We would present them options we felt they were most interested in and if they weren't, they corrected us."
The Standard Edition has a reduced features set. It does not include Microsoft Active Directory, distributed firewalling, and vRealize cloud management software-powered firewall policy automation. The micro-segmentation feature has been added to the Advanced Edition.
All three editions are available per socket on a perpetual basis, according to the company. The Advanced Edition is available as a per-user offering in order to better align it with virtual desktop deployments. The Enterprise Edition is also available on a per-VM term basis.
Ed Scannell is a senior executive editor with TechTarget. Contact him at firstname.lastname@example.org.
Expert predictions for VMworld 2016 US