Tuesday, October 11, 2016

Is Network Virtualization to stay?

Network Virtualization (NV) and Software Defined Network (SDN) has been a hype over the last 2 years through media and lots of news publicity.

The adoption for many is still new.  In fact, most customers around the world has either yet to start, or just starting, or have a setup just running not at full scale.

Over the last two years, we see lots of solutions ranging from NS from VMware NSX via software to SDN from Cisco ACI via hardware.  This then also started up many new comers from companies like Nuage Networks to vArmour.

Having meeting many customers from different industry and verticals the questions often been asked are like the below:
why this and not that?
what the different from your competitors?
isn't going to SDN or NV makes visibility more complex?
how secure is logical compare to physical?

While some of the questions and more cannot be explained in details, from a personal point of view it often drive down to a few factors:

1) Will the company be around in the next 3-5 years time?
Adopting a technology, you definitely want your ROI and supportability to last you the tenure the software support or beyond else you will have to do that exercise again.  That can be a good consideration.

2) Can the technology or solution chosen be used in a multi-cloud, multi-platform environment?
The technology and solution chosen, will it work with multi-cloud in your organization or even some hosted in a public cloud where on premies you might be running VMware or Hyper-V and in the public cloud you might be running Amazon or Azure where there is a platform difference.  Even today you ain't looking doing so, at least you won't be restricted.  During VMworld 2016, VMware showcase the use of maintaining firewall policy on premies as well as on Amazon and Azure public cloud with its Cross Platform Services.  This is a real tie breaker to many solutions on the market making it no longer platform dependent.  The solution is protect your existing and future planning.  Since you cannot dictate your public cloud vendor hardware nor software, the solution should not tie you down to one in particular that does.  Now you not just get Application mobility but security portability be it within or across cloud keeping policy in check.

3) Will we lose visibility?
In fact, you gain by doing software defined or network virtualization.  Reason is simple, today using existing tools typically only provide you the information on the physical space or physical fabric.  This does not show you what is happening within the host especially when VM of the same communicate within each other on the same hosts.  With NV, things has changed, with not only do you get to see information coming from the VMs, you also gain extra ways of performing troubleshooting.

4) How secure is it comparing to hardware?
In fact, most logical solution just like hardware have gone through proper security certification like FIPS and Common Criteria.  In fact, even with physical air gap, penetration still happens.  In fact, logical make costing cheaper and giving you better protection at fraction of the cost if you have gone using the hardware route.  If you were to just look at NSX, it is run in the thin abstract of the hypervisor in kernel where nearline performance is provided.  ESXi have never been breached and with its thin profile of 160Mb, unlike solution that depends heavily on OS which exposed many vulnerability upon penetrated.

In a summary, logical networking is just getting its adoption now.  While we are so used to physical separation, industry is moving towards adopting logical separation away from what we used to do. With virtualization, we are now not only able to gain more visibility, scaling possibility without creating managing silo networks and as well as security and compliance mobility. On a contrary doing it on physical solution will incur a huge cost and creates overheads in terms of management and at scale, lots of silos.

With the preview of VMware NSX Cross Platform Service and last year on Distributed Network Encryption (DNE), this not open a great lots of opportunities where technology can create beyond what hardware has limits on, it also allows unrestricted application placement headache as security policy goes with the VM.

So what do you think?  Share your view in the comments.


Tuesday, October 4, 2016

VMware vCenter Desktop and vCenter Standard Licensing

Awhile a go I wrote an article about how the different vSphere Desktop licensing is for and the entitlement.

Having meeting many customer with big and small environment, projects or used cases for certain requirements.  There were some question revolving around vCenter licensing especially for the desktop related.

Here is an article of the FAQ on vSphere Desktop licensing.  One of the question in this article states:

Q. Do I need a separate vCenter Server for my VDI hosts? 
A. Yes, like Horizon 7 deployments on vSphere 5.x, you will need a separate VMware vCenter Server® for your VDI hosts. vCenter is not included in vSphere Desktop. 

Let me further explain the above.  If you are running a 3rd party VDI solution riding on vSphere Desktop licensing, vCenter is not included.  You would need to purchase vCenter Standard to manage that environment.

However if you are a Horizon customer, the bundle include vCenter Desktop use to manage a vSphere Desktop environment.

You now will asked, what about using 3rd parties VDI, why don't I purchase vCenter Desktop instead of vCenter Standard.  The answer is, vCenter Desktop is not for sale and is only available in Horizon Bundle.  That also explains why running 3rd parties VDI on top of vSphere always cost more and its always more cost effective just to run Horizon VDI.

Next common ask will be can I manage vSphere Desktop environment and Infra vSphere environment with one single vCenter?

The answer is not recommended but you can with caveats.  Not recommended is because of the way VDI runs we typically want to keep it separate and the load on the vCenter are typically high as VDI are highly dense and have lots of activities.

Let's address with 3rd parties VDI and with Horizon.

For 3rd Parties VDI, you will need to complete your purchase of vCenter Standard and vSphere Desktop for the VDI environment.  You will then have a Infra environment with the normal vSphere Standard/Enterprise Plus with a vCenter Standard.  You notice each environment must have their vCenter.  After owning two vCenter licenses, one for each, will you be able to utilize one to manage both environment.  This is part of End User Licensing Agreement.

For Horizon customer, since the bundle already comes with vCenter Desktop, customer would need to have a copy of a vCenter Standard for the infra environment will they be allowed to use one vCenter to manage both environment.

Hope this explains better if you do have an environment that really need a vCenter to manage both.

New in Software Defined Compute in vSphere 6.7

Today marks the release of the next iteration of vSphere. Most changes are the improvement of existing features and that includes what is em...