The new SDN suite includes a more universal NSX-T 3.0 engine, more automated and loaded with more probes, to distribute the load and make exchanges more reliable in a hybrid environment.
In addition to new versions of each of these softwares, this evolution VCN 2020 integrates at various levels the redemptions carried out by VMware for a year: Nyansa which automates the maintenance of networks thanks to its artificial intelligence, Veriflow which knows how to diagnose problems by itself and AVI Network which itself configures application load balancers when containers or VMs are deployed.
“A company needs the VCN 2020 suite to build, secure, monitor and troubleshoot the network of an application environment that, today, comes out of the data center, which extends to the cloud but also to the edge”, says Pierre Ardichvili, sales manager for network and security products at VMware France, during an online conference in which LeMagIT participated.
According to his figures, 15,000 companies worldwide are already customers of VCN. Among them, we would find most telecom operators, seduced both by the possibility of remotely reconfiguring the routing or interconnection boxes deployed in the field (VNF function), but also by VMware’s SD-WAN, which would allow them to sell private post-MPLS communication lines. VCN 2020 must provide them with better monitoring and smoother maintenance.
The rest of the companies would have mainly adopted VCN to centrally configure the security and load balancing of the application instances that they deploy on any cloud. The novelty of VCN 2020 is that these settings will now be automatic.
“The promise of the cloud is elasticity. As soon as the load increases on your applications, the cloud automatically sets up new instances to respond to your users. But automation only makes sense if it is done from start to finish: there is no point in having virtual instances that launch on their own if you have to configure network rules by hand on each of them. Adds Pierre Ardichvili.
Automate the reconfiguration of a virtual network in a hybrid environment
In detail, VCN 2020 first includes NSX-T 3.0. The name is as important as the number: NSX-T is the universal version of NSX, the one that brings network to all infrastructures. While NSX simply worked on top of VMware’s ESXi hypervisor, NSX-T is also compatible with Microsoft Hyper-V, Linux KVM, physical servers and – most importantly – Kubernetes. This system, which replaces virtual machines with containers, makes deployment of applications in any cloud so much easier that VMware itself makes it the foundation of its latest vSphere, its server virtualization suite.
Version 3.0 brings the NSX Federation centralized administration console. Its function is to define virtual private networks over public or private physical networks, local or remote, and overlap between them. NSX Federation distributes IP addresses, delimits watertight zones and configures rules of routing, load distribution, as well as firewall.
NSX-T manipulates network parameters from the Ethernet protocol layer to the application layer. Thus, when virtual instances are replicated from one site to another, the rules of NSX Federation can also reproduce the same Ethernet characteristics to preserve the functioning of multicast, or be content to route and distribute the load by the only names of machine domain, if the second site requires IP addresses different from the first.
Furthermore, thanks to the integration of Veriflow and AVI Network, NSX-T 3.0 is capable of diagnosing an incident on a network segment, or even an entire area, by itself, isolating this segment or area and rerouting automatically traffic on another network, to which it attributes identical characteristics.
According to VMware, this function makes perfect sense when VCN – or even NSX-T 3.0 alone – is used in conjunction with vSphere 7, the latter redeploying virtual instances in the right place as soon as NSX-T tells it to do so. VMware clarified that this remark applies equally to Cloud Foundation 4, its hyperconverged infrastructure solution, and to all IaaS services in private or public cloud that are compatible with vSphere. For example, VMware Cloud on AWS.
Analyze traffic in a more universal and intuitive way
In terms of security, NSX-T 2.5 already had an NSX Intelligence module which was used to install intrusion detection probes at each ESXi hypervisor. Obviously, its artificial intelligence engine, which allows it to deduce abnormal traffic based on usual traffic history, has been improved thanks to technologies inherited from Nyansa. This brings the ability to read and interpret the contents of packages. Incidentally, it seems that Nyansa brings probes and collectors of raw data which can be grafted on any infrastructure, including Kubernetes.
“The big advantage of our solution is that you have only one product left to monitor and secure traffic throughout a hybrid infrastructure. Without NSX, you would have to deploy a solution to monitor virtual machines, another for containers, another to act on TCP / IP, another for inside packets, etc. Argues Ghaleb Zekri, Software-Defined Datacenter architect at VMware Europe.
Monitoring all the new features in NSX-T 3.0 is the purpose of the new vRealize Network Insight 5.2 monitoring console, aka vRNI. It also takes advantage of Nyansa and Veriflow’s analytical capabilities to help administrators better understand network issues from an application perspective. “This understanding is essential to avoid adding latency to an application when moving it from a data center to a cloud,” said Arnaud Gaugé, technical director of VMware Europe.
Drive up to SD-WAN to give bandwidth to teleworkers
Another benefit of vRNI 5.2 is that it now includes VMware’s SD-WAN gateways in its diagnostics. “We thought of this offer so that it could allow providers and operators to offer services over the next 5 G connections. The idea being, for example, to configure them as a private broadband link between two sites, ”says Ghaleb Zekri.
“But in the current confinement environment, companies have used VCNs to redistribute bandwidths on their SD-WANs to optimize teleworker connections,” he added. He specifies that, in this case, VMware’s SD-WAN acts as a super VPN: not only does it connect remote employees to the company’s private network, but it also routes them securely to online services ( SaaS) to which the company has subscribed.
As such, VMware is proud to have just signed an agreement with Microsoft. Now, a VMware SD-WAN appliance is included in the Azure Edge Zones, these physical servers which deport a selection of resources from the Azure public cloud. For companies, this means that it becomes possible to adjust the quality of service of network applications between Microsoft offices and online services – we think of Teams’ videoconferences. Operators, for their part, will be able to go through Azure to deploy virtual SD-WANs in data centers.