I know this is an understatement, but VSAN and NSX are very important VMware. Not just because they both introduce two new markets for VMware but also because it represents a shift in the position of the hypervisor in the data center. Prior to VSAN and NSX, VMware preached the security strengths of running limited services in the hypervisor. The primary strength is the lack of attack vectors. VMware has now opened the hypervisor to these two new VMware products. Why the shift in philosophy and what are the risks?
In order to understand why VMware has changed, it’s important to understand the market pressure that VMware is under. The hypervisor is becoming a commodity. VMware’s vSphere is still the gold standard for x86 virtualization. The challenge is an argument can be made for the “Silver” standards of hypervisor. This is especially the case if the hypervisor does more than virtualize hardware. In the case of Linux based hypervisors and Hyper-V, applications can run atop of the platform.
The industry has seen this record play out with Microsoft vs. Novell. VMware needs convergence to maintain relevance. However, with convergence comes a weakening of security posture. VMware hopes to have its cake and eat it too with the concept of the Goldilocks zone – the elusive balance of security and performance and convergence. VMware wants vSphere to be looked upon as a platform. The only way to be considered a platform is to offer various services.
Watch me talk about this in more detail in Tech Talk 38
Martin Casado’s discussion on NSX security
Correction: In the video I mentioned 7000 virtual switches. I meant 7000 switch ports on a single virtual switch.