During his general session keynote at VMware’s VMworld event on September 1, Martin Casado, General Manager, Networking and Security at VMware, made a number of bold statements.
Perhaps the boldest of them was Casado’s statement on the relationship of apps to the network.
“We have said for so long that the network is the computer, but I would like to turn that around and say that the application has become the network,” Casado said. “I don’t mean that in some marketing way. In a very concrete way, the app has become a distributed system.”
Modern apps are highly complex, with multiple layers of connectivity required. Casado said that modern app provisioning can be highly complex and require a great deal of configuration.
Casado also sees troubleshooting with modern apps as being highly complex and often challenging. Security is also an area that concerns Casado.
“If change is hard, you’re dead but because of the complexity of applications, once people deploy them they don’t want to change them,” Casado said. “As a result over time organization become un-secure.”
In recent years, infrastructure has evolved into a software layer, with network virtualization being a major component. In Casado’s view, network virtualization offers an opportunity for organizations to configure, secure and troubleshoot applications.
From a security perspective, Casado sees network virtualization as being at the core control point to enforce policy on every packet flow.
“If you think about compute virtualization, early on, the use-cases were very simple, yet powerful,” Casado said.
Over time Casado said the use cases for compute virtualization became more complex, and the same scenario is now playing out with network virtualization. He noted that on the security side, there are some very powerful use cases that VMware is now working on.
Tom Corn, Senior Vice President, Security Products at VMware, joined Casado onstage to talk about how network encryption is now being baked into network virtualization to help protect data.
Corn said that network-based encryption changes how organizations implement security policy, from thinking about it in terms of physical infrastructure to looking at security through the lens of the application.
“Basically, an attribute of an application is encryption,” Casado explained. “So as long as it has that attribute, any packet will be encrypted.”
Corn said that due to the pervasiveness of modern threats, many live in a state of compromise. As such, the challenge is about how to created trusted services that are able to run on physical infrastructure that isn’t always trusted. Corn added that traditional methods of encryption are complex. With network virtualization, things are different.
“The laws of gravity change. [Network virtualization] opens the door to make encryption incredibly easy to deploy and scale,” Corn said. “It’s built-in, processing is distribution, and suddenly you don’t have bottlenecks and you’re encrypting and decrypting at the VM boundary.”
Sean Michael Kerner is a senior editor at Enterprise Networking Planet and InternetNews.com. Follow him on Twitter @TechJournalist.