• United States

VMware and VeloCloud announce their networking and security strategy

News Analysis
May 04, 20187 mins

Virtual Cloud Network provides a connectivity layer to connect everything — users, “things,” branch offices, cloud infrastructure, networking infrastructure — in one consistent framework, with security intrinsic to all of it.

VMware headquarters
Credit: VMware

It’s been a few months since VMware closed its acquisition of VeloCloud, a prominent SD-WAN provider. In that time, the two companies have worked to integrate their products, and recently they announced a unified strategy called the Virtual Cloud Network.

The strategy fully supports the migration of applications and data out of the enterprise data center to the cloud and to branches — and with IoT, pretty much anything can be considered a branch today, as VeloCloud claims to have a customer with ocean-going ships as branches. The result is that many enterprises are in a position where their applications are everywhere, and their data is everywhere. This has profound implications on the network that needs to support all of this.

It’s a foregone conclusion that the legacy network of the past 20 years can’t take enterprises into the next 20 years. Since its inception, VeloCloud has said, “The cloud is the network.” VMware is building on that strategy by assembling the pieces of a flexible, programmable network fabric designed to run everywhere that applications and data reside.

The Virtual Cloud Network provides a connectivity layer to connect everything — users, “things,” branch offices, public cloud infrastructure, private cloud infrastructure, public networking infrastructure, private networking infrastructure — all together in one consistent framework. The consistency comes from abstracting the networking away from the hardware. Instead, the networking services live in software, and they live in the cloud in a virtualization layer. VeloCloud extends that across the network to the branch offices and the cloud, supporting traditional applications as well as modern applications. Moreover, security is intrinsic to all of this.

Virtual Cloud Network components

VMware NSX is the foundation for the Virtual Cloud Network, and the strategy has several new components under the NSX umbrella, as shown below.

virtual cloud network VMware

NSX SD-WAN by VeloCloud — This is the new name of the old VeloCloud product. It provides WAN connectivity services with assured application performance, from data center, to branch, to cloud. It has end-to-end segmentation with NSX Data Center integrations. It is all cloud-delivered and cloud-managed.

NSX Data Center — This is what has traditionally been known as VMware NSX. It’s the network virtualization and security component. It provides consistent networking and security for applications running in public clouds — now including Microsoft Azure — and on-premises. It is truly a cross-platform, cross-cloud solution.

NSX Cloud — This component is for a secure enterprise hybrid cloud. It provides extended support for containerized cloud-native and bare-metal applications. It also has telco/NFV and networking performance optimizations for distributed workloads. It has been extended to be able to secure and connect native workloads running in Microsoft Azure, adding to the existing support for Amazon Web Services.

NSX Hybrid Connect — This component provides workload mobility and connectivity. It helps with mass migration of workloads across the network from any VMware-based data center to any other VMware-based data center, on-premise or in the cloud, enabling the application to move from a legacy environment to a more modern data center environment. It also provides seamless network connectivity and traffic optimization across clouds.

AppDefense — This element of the strategyruns on hypervisors to provide application security for all applications running on virtual machines.

Above the fundamental platform layer is the management and operations layer. Network Insight does network discovery and provides virtualization analytics and insight of everything to do with the network, whether it be across the physical network or the virtual network, extending across from on-premise into the cloud. This is complemented by large-scale automation of the entire environment with vRealize Automation.

VeloCloud brings SD-WAN capabilities

The VeloCloud acquisition is obviously a huge part of this new enterprise strategy. VMware and VeloCloud have done the integration between SD-WAN by VeloCloud and the NSX Data Center portfolio so that organizations can now get consistent end-to-end segmentation per application, all the way from the branch into the data center.

VeloCloud pioneered the notion of the cloud being the network. The company took the complexity of traditional networks that is in custom proprietary hardware devices in each of the data center and branch locations and moved that complexity into the cloud, running it as a service in a simple and automated fashion. In terms of networking, what was physical and a product before has become virtual and a service that runs from the cloud. VMware runs the service and provides it with partners to the enterprise customer. Service providers such as telcos run the service, as well.

The SD-WAN service can be run over multiple transports, meaning enterprises don’t have to worry about whether they have a private network, a public network, or a wireless network. VeloCloud optimizes and secures the traffic from each of the branch office locations to the applications, whether they are in the data center or the cloud, or even in the branches themselves.

One of the important integration points between VMware and VeloCloud is that they have extended VeloCloud into the data center using NSX Data Center. Now enterprises can segment their traffic from the branch all the way up to, and now into, the data center. Traffic gets mapped onto NSX into a routing domain, which lets users keep traffic separate in its own segment. For example, PCI traffic should be kept completely separate from guest Wi-Fi traffic. This is an improvement over what is done manually at a transport layer in traditional networking. This same concept has been extended to the cloud with NSX Cloud. Regardless of where a workload is running, enterprises can take that same segmentation and push it into the cloud.

This kind of architecture yields multiple benefits, the first being that the enterprise doesn’t have to worry about the bits and bytes of the underlying transport. It allows the organization to run its business, talking the language of a business policy, and use the cloud and virtualization to achieve their business goals.

Another benefit is optimized cloud access, so all of the applications that now sit in the cloud get the performance and security they deserve. What’s more, VeloCloud has been able to solve the problem of how to optimize real-time traffic such as voice, video, VDI, and IoT on best effort networks.

The NSX SD-WAN by VeloCloud can be brought up in a period of days, deploying hundreds of locations in just days whereas it can take months with a traditional network.

Support for modern application frameworks

NSX has extended its platform for virtualization to applications that run in new modern application frameworks. The same networking and security controls that are used for virtualized apps can be applied to the container landscape.

It was about a year ago that VMware announced a relationship with Pivotal to embed networking controls in both the Pivotal Container Service and the Pivotal Application Service. This has been extended to support all upstream Kubernetes distributions, as well as to align with Red Hat OpenShift. Now a powerful suite of modern application development tools is fully enabled around VMware’s networking and security virtualization. Native container networking can match what an enterprise runs for its applications in the data center.

Those key capabilities around micro segmentation — security, policy, visibility for the apps — can now be applied to containerized workloads so that developers can visualize, monitor, and analyze across the entire spectrum of this platform for delivery. The move also embeds the tools of the network and the security policy in with the developers at the point where they are building or delivering the application. This shortens the time between ideation and delivery of application with the security policy and networking services built in.

Going a step further beyond VMs and containers, VMware is also addressing what is happening from a bare metal perspective. With this latest release of NSX, VMware is taking bare-metal Linux hosts and making them first-class citizens with the same security policies and networking services applied to all workloads, regardless of whether they are virtual machines, containers, or bare-metal services running within the enterprise, as well as extending that out into the native public clouds to VMware cloud destinations.

Altogether, VMware has a sweeping new strategy covering consistent networking and security for applications regardless of the construct and where they are running.


Linda Musthaler is a principal analyst with Essential Solutions Corp., which researches the practical value of information technology and how it can make individual workers and entire organizations more productive. Essential Solutions offers consulting services to computer industry and corporate clients to help define and fulfill the potential of IT.

More from this author