NSX Service Composer is a high-level framework for policy declarations. You can have a complex security policy, but it's manageable. You can evolve it. But it's not a vertically locked-down layer. Because we're in the hypervisor, we have a tremendously granular view on the host. We know a lot. If one of our partners detects there's a virus, it can tell NSX and NSX can put this into quarantine. We can facilitate the communications.
NSX also has this distributed firewall. How is this different from vShield?
With vShield Edge, if you send traffic out onto the Internet, you have north-south traffic. But if one VM talks to another VM in a data center, you don't want to send that traffic through a choke point. The NSX distributed firewall is a full stateful firewall in the hypervisor. Before, it was just access control lists.
Some of VMware's security APIs for security vendors have not proven hugely successful in the past and adoption of virtualized security products in general has not been widespread in the overall marketplace so far. You've only been with VMware one year since joining them after the Nicira acquisition, but why will the future of virtualized security be better?
We have real customer traction and we've focused on operations. New technologies go through maturation cycles, and we're pre-chasm -- we haven't gotten to the majority yet.
Ellen Messmer is senior editor at Network World, an IDG publication and website, where she covers news and technology trends related to information security. Twitter: MessmerE. E-mail: firstname.lastname@example.org
Read more about data center in Network World's Data Center section.