The use case for network virtualization has moved from simply reducing the time to provision networks to actually improving data center security using micro-segmentation, said Martin Casado, VMware’s CTO for networking.
The initial push for network virtualization was provisioning time. “If you're going to deploy a new application, spinning up a VM [virtual machine] takes 30 seconds, but configuring the network takes two months. There's a huge mismatch here, so if I reduce the time it takes to provision the network to zero, you’re happier,” he explained.
Casado, who joined VMware in 2012, when the company acquired Nicira, which he was co-founder and CTO, was the keynote speaker at NetEvent’s Cloud Innovation Summit in Los Gatos, California.
He said the original value proposition was removing specific hurdles such as onboarding a new customer or deploying a new application. But over time it has evolved and, he said, more and more security actually is driving a lot of sales.
“What's been interesting is to watch the evolution of the use of this. You're starting off in provisioning, with a simple use case. Now I would say about 40% of the actual adopters that are paying money for SDN and network virtualization are doing it as a security use case.”
Ten years ago, before he went to Stanford to get his PhD, he worked for the intelligence agencies doing computer security. “Let me tell you, a data center has almost no controls in it at all. Like, 80% of our spend is on the perimeter, and that's a Maginot Line.”
Why is that? Because it's difficult to control a terabit worth of bandwidth.
He said adding controls to the data center, doing things like micro-segmentation and limiting the attack surface, puts us in a better position to protect the data center and its assets.