VMworld: Security, Network, Cloud Are Top IT Concerns
At VMworld 2016 in Las Vegas, customers of VMware took to the keynote stage to talk about adapting their data centers through changing times, with virtualization and vCloud Air.
Beyond The Big 2: 10 Benefits Of Alternate IaaS Providers
(Click image for larger view and slideshow.)
VMware customers took to the keynote stage to speak to their use of network virtualization and cloud services during the second day of VMworld 2016 in Las Vegas.
Few initiatives have been more important to VMware customers than its foray into virtual networking with the purchase of Nicira in 2012, a complement to the already virtualized servers and virtualized storage in the data center.
Since its launch, NSX networking has gained 1,700 customers, with 500 using it in production systems, said Rajiv Ramaswami, executive vice president and general manager of the company's networking and security unit.
With NSX virtualized networking added to the mix, a virtual machine can be given all its resources at the moment of provisioning and go to work.
Brian Irwin, technical program manager at Washington Federal, a Seattle-based certificate of deposit and home loan bank with 243 branches, said during the Aug. 30 talk that his institution examined its IT infrastructure for risks and didn't necessarily like what it saw. It had many standard protections, but the news was filled with breaches and intrustions that had overcome such barriers.
Irwin and his team investigated more protections with firewall appliances and intrusion detection software, but they realized protecting the perimeter was of limited value for a bank based on web operations combined with internal server applications and database operations. In addition, the price for all the protections they wished to put in place "came to a big number," Irwin said at a press briefing during the VMworld's second day.
The IT team looked at "pulling in NSX" and applying network micro-segmentation with security policies governing what could happen on each segment. In such a case, the virtual networking adds as security enforcer, limiting what can get access to what over each micro-segment. It added the non-VMware element of Palo Alto Networks software's ability to inspect all network traffic for intruders, malware or dis-allowed behaviors as well.
The protections "didn't have to go in whole hog," Irwin said. The bank phased them in one by one without disrupting operations. But the improvements "got put in reasonably fast," providing the bank with defenses in depth of its own design. For a would-be intruder, trying to penetrate to user information "would be like peeling an onion, and hopefully, they're crying the whole way," he said.
In addition, NSX costs less than the alternative firewall/intruder protection proposal that another vendor had put on the table. "NSX was 60% of the cost of the original proposal," he said.
Keeping Security In Mind
Brandon Hahn, solution architect for West Bend Mutual Insurance outside Milwaukee, said at a press briefing that his firm was wary of the frequent news of intruder break-ins and stolen data. It examined its IT infrastructure for risks and didn't necessarily like what it saw.
"That's the business we're in, managing risks," Hahn noted, and the insurance executives and board decided it wasn't doing a good enough job of it for its own internal operations. There were too many exposures with a traditional IT infrastructure. At the same time, it's business was based on customer trust, and one publicized breach could lose that trust.
The IT deaprtment considered a more extensive system of firewalls, then rejected the idea. It could accomplish many of the same goals through the restrictions imposed by dividing up the network into virtual segments and writing policies, enforced by NSX, to control who could access particular applications. "NSX was one of the clear choices," he said.
Hahn's firm set policies governing which groups could access which applications or what level of privilege would be granted access. The employee traffic being managed included VMware AirWatch mobile device users outside the corporate network.
Instead of buying a set of firewalls that would have had to have surplus capacity for future company expansion, West Bend Mutual starting building out "a NSX network security platform" that could adapt and grow with the challenges facing it. Now the firm can add applications or groups of users and it "can secure them going forward," Hahn said. If the firm had acquired firewalls, their excess capacity would be paid for upfront but sit unused, possibly for years.
"We didn't have to foresee the future expansion (of the firm's business) and then buy for it," he said. Considering the cost and labor involved with firewalls and their periodic reconfiguration, the savings was 10X what they might have spent on a recharged firewall system, he said.
In another case, Lincoln Memorial University in Cumberland Gap, Tenn., turned to VMware's public cloud, vCloud Air, and VMware Hybrid Cloud Manager to handle expansion when it was facing a decision on a hardware and network refresh.
Jason McConnell, CIO of Lincoln Memorial University in Cumberland Gap, Tenn., described to InformationWeek how the liberal arts school has started moving part of its infrastructure into the cloud as it faced the capital expense of renewing six-and-a-half-year-old hardware.
As in many IT departments, the pressure was on to do more with less, and McConnell had already wrung all the performance he could out his existing data center by virtualizing 99% of it. A year ago, he had 200 VMs running on 70 physical servers, and he knew it was time to buy more hardware or come up with some other solution.
"My CFO would rather have a slight increase in an operating expense than a big increase in a capital expense," McConnell recalled.
Jason McConnell, CIO of Lincoln Memorial University (Image: Charles Babcock/InformationWeek)
By turning to the public cloud, McConnell could address another issue that plagues IT departments in outlying areas. It was hard to find the right skills to hire for his campus staff, located about 55 miles north of Knoxville, Tenn. By turning infrastructure management over to the cloud, he could hone the skills that best served his user population and let the powers of virtualization extend their reach.
As LMU's cloud use costs went up, the IT staff shrank from 27 to 17 over the last 14 months, he said.
As a private liberal arts college (4,300 students), Lincoln Memorial obtains its ERP services through a package designed for small educational institutions, Colleague by Ellucian, a company in Fairfax, Va. McConnell found vCloud Air could host the front-end ERP business log, while the SQL Server database it used remained on campus.
The hefty, compute intensive ArcGIS land map building application from Esri used in campus courses also went into the cloud. It functions there as well as it did on campus. McConnell said the vCloud Air data center that his workloads use is in northern Virginia, but round trip latencies are not noticeable to students using ArcGIS. "The end user should never know there's been a transition," he said.
The Cbord access control system from Cbord Group for student and faculty ID cards and campus vendors' point of sale purchases also became a vCloud Air hosted application.
Students can now use virtual workspaces instead of needing to use a PC in a campus lab or load a piece of Lincoln Memorial software onto their laptops to link them to the data center. In their virtual workspaces they get Microsoft Outlook, Exchange, Word, Excel, and PowerPoint, along with other university applications. In a later phase, they will be able to access them by whatever connected device they're carrying with them.
Six weeks ago, the IT Help Desk and its database based on SQL Server moved into vCloud Air as well.
How difficult are these migrations?
The applications being moved were running in virtual machines on campus, and migrating them to vCloud Air "is a drag and drop procedure. The beautiful part is that it works," McConnell said. The migration is a lot like migrating a VM from one side of the data center to the other, using vMotion, he said.
The staff is accustomed to using its vSphere and vCenter management console skills to run the university data center, and now it's provisioning virtual machines in the cloud as an extension of the data center. "It's hard to hire enough people with skills in those key areas," said McConnell. During the holiday break at the end of the year, he expects to migrate the SQL Server database that's part of the ERP system, hoping the result is as seamless as Lincoln Memorial's other migrations.
The database has been customized somewhat to LMU's needs, and McConnell can't be 100% certain it will proceed as smoothly as the other migrations. "We're waiting 'til the Christmas slow period. We will watch closely. We want to be sure of business continuity," he said.
And if something does go wrong, instead of his IT staff having to troubleshoot everything itself, it will be able to call for the aid of the vCloud Air support staff, he said, whose skills he won't be needing to hire into his own department.
Charles Babcock is an editor-at-large for InformationWeek and author of Management Strategies for the Cloud Revolution, a McGraw-Hill book. He is the former editor-in-chief of Digital News, former software editor of Computerworld and former technology editor of Interactive ... View Full Bio
We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Cybersecurity Strategies for the Digital EraAt its core, digital business relies on strong security practices. In addition, leveraging security intelligence and integrating security with operations and developer teams can help organizations push the boundaries of innovation.