Over the past couple years I hear the term Micro-Segmentation over and over and over and over again as the benefit of NSX & software defined networking. I thought I would take a moment to write about four benefits of NSX-T I’m witnessing in my environments that bring value add on top of Micro-Segmentation.
1. Overlay Network
The simple fact is virtualization came along after the physical network was created. Physical networking was never designed to optimize itself for a virtual or container environment. With software defined networking you have an overlay network on top of the physical network to provide optimal networking for your virtualized environments. Routing, load balancing, switching, firewalling and more items are now operating at the kernel level for performance. SDN reproduces the entire network model in software, enabling any network topology from simple to complex multitier networks to be created and provisioned in seconds. Data center operators can now achieve levels of agility, security, and economics that were previously unreachable when the data center network was tied solely to physical hardware components. NSX extends common networking and security policies across heterogeneous environments and application frameworks, enabling these benefits to be realized across data centers, private and public clouds, traditional applications, and new containerized applications.
Can you imagine a Software-defined network architecture that spans all infrastructure and ties all these pieces together with one-click deployment? NSX-T brings that very value to your datacenter by delivering consistent, extensive connectivity and security for applications and data wherever they reside, independent of underlying physical infrastructure. You can now simplify and scale operations across a growing number of accounts, subscriptions, virtual networks, availability zones and regions in AWS, Azure and private cloud. Together with NSX Data Center, NSX-T offers operators a single view of the networking services and security policies that are applied to all workloads, whether that’s a virtual machine running in an onprem data center, or an AWS or Azure workload. NSX-T complements the native services available from the public cloud providers, so you can continue using the public cloud provider’s infrastructure and application services for workloads without limitation (e.g., AWS ELB / Azure Load Balancer, AWS Route53 / Azure DNS, AWS Direct Connect / Azure ExpressRoute, and Amazon RDS / Azure Database) and giving IT control over cloud networking topologies, traffic flows, IP addressing, and protocols used within and across multiple public clouds.
3. Application Connectivity and Access in Containers
Over the past couple of years we’ve seen an explosion of container applications and Platform as a Service architectures that is being driven by DevOPs. Containers as a Service (CaaS), Platform as a Service (PaaS) and public cloud, many workloads are no longer running in VMs, which makes providing a central management of networking across all platforms critical. NSX-T is fully compatible with CNI (Container Networking Interface) and it integrates with CNI to gain the ability to do networking with containers. It could be in a data center, remote office, branch office or in the cloud. The same policies can be applied and managed through a central manager. NSX enables advanced networking and security across any application framework, helps speed the delivery of applications by removing bottlenecks in developer and IT team workflows, enables micro-segmentation down to the microservice level, enhances monitoring and analytics for microservices, and has reference designs to help organizations get started. It enables a single network overlay and micro-segmentation for both VMs and containers as well as common monitoring and troubleshooting for traditional and cloud-native apps.
4. Infrastructure as Code
Last but not least and certainly my favorite of all the benefits is Infrastructure as Code. By moving the complexity of policy enforcement into software, it can be predefined and deployed automatically, eliminating the manual process performed by a network engineer. This reasoning of treating the network as code can result in OPEX savings as a direct result of reducing manual network intervention and enables a faster time to market for new applications. NSX-T features a new API model that simplifies network automation using human-readable JSON configuration. Operators can now move to a holistic, application-focused approach to automating configuration of the network. This approach eliminates the use of a complicated list of commands that can lead to human error in network configuration. NSX-T takes in simple, user-defined terms about an application’s required connectivity and security. These policies can then be replicated easily and applied consistently across platforms, simplifying operations and allowing IT teams to scale to new levels.
NSX-T is the future of software defined networking that offers flexibility, scalability, and able to be applied across multiple locations/applications/clouds. Yes, micro-segmentation and the advanced security features is a tremendous advantage of NSX-T. However, we cannot forget that NSX-T is capable of much more. I hope you found this article useful.