VMworld 2015: VMware pitches network virtualisation for better security

VMware is making a case that network virtualization can improve security in the enterprise.

VMware, one of the biggest proponents of virtualizing the entire datacentre, says CIOs concerned about protecting their IT infrastructures from attackers should look at virtual networking, which has been around a while but isn't as popular as server virtualisation.

"The security industry is messy and complicated, and we spend the bulk of our dollars on products that don't really solve the problem. It simply isn't working," said Pat Gelsinger, VMware CEO, in a keynote talk at the VMworld conference in San Francisco.

For VMware, virtualization supplies the missing piece of the security puzzle, because it could provide a common base for defining all the security requirements for applications, people and data, Gelsinger said.

"For the first time, we truly can architect security. We firmly believe that architectured-in security allows us to be twice as secure at half the cost," Gelsinger said.

Virtualization, and network virtualization in particular, "is a fundamental game-changer in accomplishing a secure infrastructure for the future," he said.

Gelsinger recalled the oft used phrase about security, that it should be "built in and not bolted on."

"The problem was we couldn't build it in. We were always patching it onto this router or switch," he said.

VMware has just released the latest update to its networking virtualization software, NSX 6.2. On the market for two years, NSX is now being used by more than 100 customers in production deployments, according to the company. Marathon Oil, for instance, used the technology to redesign and simplify its infrastructure, in part to be more secure.

Also during the keynote, VMware Senior Vice President Martin Casado explained how network virtualization, also known as software defined networking, works.

Typically, IT staff will secure applications, servers or network gear on a piece-by-piece basis, Casado explained. The problem with this piecemeal approach is that it is very brittle.

Once the settings are made, administrators are wary of making changes, even as malicious parties seek new ways to penetrate a resource. Also, if an application or subnet must be moved, the settings must be reconfigured for the new environment, which can also be a roadblock to greater operational agility.

Network virtualization provides a way to centrally control many of the security settings of the network. An entire set of switches can be managed through a single setting, for instance. If some software or hardware is moved from one network to another, the security settings go along with those resources.

Network virtualization can help in troubleshooting as well, Casado said. It allows the administrator to drill down the different layers of the IT stack to isolate a problem, from the application layer down to the physical link layer, Casado said.