August 29, 2013, 1:09 PM — How do you bring the virtualization operations model to networking? That will be the job of Martin Casado, CTO of networking and security at VMware which this week launched NSX, the company's over-arching network virtualization package. Casado was one of the creators of OpenFlow, the protocol that spawned the software defined networking (SDN) movement. He was also the CTO of OpenFlow software provider Nicira, which VMware purchased in 2012, and which provides the basis for much of NSX. Casado met with Network World Senior Editor Ellen Messmer to talk about NSX networking and security implications.
Tell us about the security piece in NSX, such as this so-called NSX Service Composer.
NSX is a platform for virtual networking. If I create virtual machines, I can attack them in a virtual environment if they talk to anything on that network or the physical network. The attack surface is actually very large today. NSX introduces a layer of security and isolation. All communication in NSX has the capacity to be encrypted.
For a long time, VMware has talked about its virtualized firewalls in terms of vShield. Where is that going now?
VShield Edge is a component of NSX, a gateway for north-south firewalling. But NSX is more than that, it's the distributed firewalling.
In terms of the new vCloud Hybrid Service (vCHS) that VMware is offering through its four data centers, will vCHS support NSX, and if so, when? At a conference session about vCHS here at VMworld, the two technical marketing managers presenting the vCHS architecture indicated it's based on VMware's existing ESX and vShield Edge technology, not NSX which won't ship till closer to year end. They said they expected to start using NSX at some point in vCHS but weren't sure when that might be.
VCHS does not have NSX yet and when that will be, I don't know. The data centers concern the current VMware technology, and it will support older versions of the technology. NSX is the next software upgrade. It's important to maintain compatibility.