VMware added security services, unveiled a beta program for two of its new Kubernetes products, and previewed Project Maestro, a telco cloud orchestrator, today at VMworld Europe.
All three of these advance the bigger stories that VMware has been pushing around its new security business, Kubernetes focus, and telco cloud.
Earlier this year VMware CEO Pat Gelsinger said that telco cloud and 5G represent a “great opportunity to participate in an enormous market.” At the time he said about 60 service providers use VMware technology to build their telco cloud.
Today’s Project Maestro announcement aims to help service providers accelerate time to market for new virtual network functions (VNFs) and cloud services enabled by 5G and edge computing. It provides a unified approach to modeling, onboarding, orchestrating, and managing VNFs and services.
“It’s an orchestration solution for our communications service providers,” said VMware Americas CTO Chris Wolf. “This will integrate natively with vCloud NFV in addition to any of the interoperability tools or open source projects they have as well.”
Service providers will be able to use Project Maestro to build and automate network services on top of VMware’s telco NFV platform. It also enables interoperability across operators’ environments including core and edge as well as public and private clouds.
Kubernetes was the belle of the ball at VMworld in San Francisco, and it also plays a starring role in this week’s VMworld Europe. At the earlier event, VMware announced its new Kubernetes portfolio called Tanzu. And today the vendor unveiled a beta program for both Project Pacific and Tanzu Mission Control.
Tanzu Mission Control provides a single point of control from which customers will manage all their Kubernetes clusters regardless of where they run.
Meanwhile, Project Pacific embeds Kubernetes natively into vSphere, VMware’s virtualization platform, thus converging containers and virtual machines (VMs), and adding a container runtime into the hypervisor.
“We see Kubernetes as one use case, and we expect to see a greater variety of our ecosystem partners using Kubernetes to land their PaaS and SaaS on vSphere,” Wolf said.
Carbon Black Closes
Just days before VMworld in San Francisco this summer the vendor announced a deal to buy endpoint security vendor Carbon Black for $2.1 billion and form a new security business unit led by former Carbon Black CEO Patrick Morley.
Now that the acquisition has closed VMware is selling Carbon Black security products to its customers. It’s also integrating the security vendor’s technology across its NSX network virtualization platform and other products including SecureState and Workspace One. And today VMware announced the first such integrations and new security capabilities.
First, the vendor said parent company Dell Technologies will make Carbon Black Cloud, along with Dell Trusted Devices and Secureworks, the preferred endpoint security solution for Dell commercial customers.
It also introduced NSX Distributed intrusion detection and prevention (IDS/IPS). This new service is built into the NSX platform’s Layer 7-capable internal firewall, which VMware calls Service-defined Firewall. It uses VMware’s position in the host, which allows it a deep understanding of an application and all of its microservices, and matches IDS/IPS signatures to specific parts of an application. This means an Apache or Tomcat server will only get signatures relevant to it.
The combined VMware Service-defined Firewall with NSX Distributed IDS/IPS will allow customers to both microsegment their networks and block internal traffic from stolen credentials and compromised machines, Wolf said.
“When you’re looking at enforcement of network and security policy, what we can do is a single pass for your network rules, firewall rules, and policy, IDS and IPS,” he said. “So I’m only having to inspect that packet a single time, and also this is application aware. We see this as a simpler way to scale IDS and IPS solutions, and we’re not having to send packets to a particular hardware appliance.”
Also at VMworld in San Francisco, the company announced a new distributed analytics engine called NSX Intelligence. It provides deep insight at the packet level into virtualized and containerized workloads, giving network and application security teams continuous data center-wide visibility.
Today the vendor announced a new capability, called NSX Federation, which will enable customers to deploy and consistently enforce security policies generated by NSX Intelligence across multiple data centers.
VMware Gets SASE
It also touted the SASE-ness of its SD-WAN. SASE (pronounced “sassy”), is a new Gartner term that stands for Secure Access Services Edge. VMware says its SD-WAN, called VMware SD-WAN by VeloCloud, is, in fact, a SASE platform because it integrates networking and network security services across on-premises, cloud, and edge locations as well as end user devices. VMware calls this “intrinsic security.”
Plus, the vendor added capabilities to the built-in SD-WAN branch firewall to provide customers automated, policy-based access to partners’ security services including URL filtering, secure web gateway, anti-X capabilities, cloud access security brokers (CASB), and web isolation.