VMware has been in the news this week, both for its plans to make its Virtual Cloud Network “real” and for the acquisition of the Dell EMC Service Assurance Suite’s technology group. The two moves, as I’ve noted in an earlier blog, seem directed primarily at the network operator, managed service provider, and cloud provider spaces. As I blogged recently, that could put VMware in the path of Cisco’s enterprise-centric SD-WAN initiative, but it also poses some real challenges and risks for VMware itself.
The Virtual Cloud Network concept is a good one, as I’ve said. The goal is to create a unified architecture to address two specific problem sets that are arising out of the massive shift toward virtualization in IT. The first problem is the segmentation of networking at a logical level to both separate tenants/applications and to allow application networks to be hosted in any number of independent places without impacting addressing. The second is the creation of a virtual user network, a VPN if you like, that can address virtual resources as well as real ones, and that can exercise access and QoE control over selected connections.
This seems, on the surface, to be something enterprises would love as much as operators or MSPs. The first question that the Virtual Cloud Network initiatives raise is why, then, the positioning seems so provider-centric. Are we seeing an accidental collision of two different marketing goals, or a convergence of prior strategies into one unified push?
VMware has been a bit of a kid-in-the-candy-store-window regarding carrier cloud. When the NFV initiative got going in late 2012, it was active in the ETSI NFV Industry Specification Group (NFV ISG) but it always seemed to me to be a kind of eager outsider trying to break into the big leagues. NFV is hardly a touchstone for even carrier cloud today (my model says it will account for less than 6% of the driver influence in the next three years), much less for virtualization overall. Yet VMware talks about NFV in its current Virtual Cloud Network and network operator positioning.
The second question is how symbiotic the solutions to those two problems really are. Data center application and tenant segmentation, or hypersegmentation, or whatever you like to call it, is something that’s very real to cloud providers and to some enterprises, but so far the ETSI NFV ISG has been pretty slow in even thinking about the network model of carrier cloud infrastructure. Does VMware hope to change that? I tried for several years, without success, but perhaps they’re a better influence.
Virtualization in the WAN, via SD-WAN, is today focusing primarily on simply extending the corporate VPN to locations that can’t get or can’t afford MPLS, and in a few cases providing a backup for MPLS VPN connectivity in at least some sites. What I’ve been calling “logical networking” or “network-as-a-service” (NaaS) is a logical evolution of SD-WAN capabilities that has some support in vendors today. It could provide enhanced connection control, security, and prioritization but it requires a knowledge of user/application identity not (currently) provided in the Velocloud product that VMware acquired.
It’s tempting to say that a combined solution to both problems would be compelling, but I struggle to justify the view. Logical networking requires that application interfaces exposed to the outside be controlled by the same VPN structure that controls user connections, or it can’t recognize, secure, and prioritize traffic appropriately. Application segmentation is primarily associated with building application subnets, which are largely made up of components that are not exposed to users or other applications. SD-WAN today already has many examples of cloud network connectivity that provides control of the exposed interfaces. What’s the need to integrate the solution to our two problems, then?
Another problem with integrated positioning is that data center networking and “application” or “wide-area” networking are typically sold to different constituencies, even in the provider market. VMware’s major software-defined competitor, Nokia/Nuage, has separate SD-WAN and SDN offerings, in contrast to VMware’s evolving unified positioning under one umbrella. Nokia sells almost exclusively to providers, and surely know the market very well, so their decision on positioning has to be considered an indicator of the best path.
There’s a flip side to all of this, of course.
On the positioning side, carrier cloud is going to be the largest source of new data centers through 2030, and so anyone who wants to sell data center networking is obliged to take it seriously. Furthermore, while NFV may be a failure as a driver for carrier cloud (even in the long term), it does still command some interest among operators. The true drivers of carrier cloud are a lot more complicated to sell than NFV in any event. Finally, operators who want to sell network and cloud services to the enterprise certainly aren’t hurt by using a software-defined vendor who has nice enterprise positioning too.
On the technology side, I’ve already seen in surveys that VPN, SD-WAN, or NaaS prospects aren’t particularly clear about what the relationship between data center virtual networks and virtual WANs should be. They don’t see a linkage as being critical, but they don’t really understand how cloud/virtual-network connectivity works in the WAN or data center anyway. They surely don’t think the integration is a bad thing, and they could probably be sold on the notion that it’s really very good. The difference between the VMware-is-right and VMware-is-spinning-its-wheels positions here is a combination of two things.
First, the “right” track has to include a real shift by VMware toward logical networking and NaaS as the future of networking. This means they have to implement identity-based connection control on both WAN and data center, and integrate the latter into VM and container networking. It also demands VMware collateralize the way they see the future of networking in a virtual world.
The second requirement is that VMware get a lot more sophisticated in their thinking about carrier cloud. NFV is not going to carry them to the golden future of provider success against the formidable competition of both broad IP players like Cisco and specialized network-operator specialists like Nokia. NFV has carrier-cloud driver strength that’s at the very bottom of the list, a third of the next-lowest driver. Even 5G is more credible in the near term, and VMware has no horse in the 5G race. They need to get very smart, very fast.
Either a technology shift to logical networking or a major positioning shift for carrier cloud would be a formidable challenge for a vendor. Doing both at the same time would require a level of planning and execution rarely mustered these days. It’s far more likely that VMware will talk a good game here, and then (like so many others) take the easy way out on the execution. That, if they do it, could put their whole operation at risk.
VMware’s big asset has been the combination of the data center incumbency of VMware virtualization software, and NSX as application SDN. We are now seeing a bit of a changing of the guard in application virtualization, a shift toward containers. Kubernetes has the ability to support network plugins, and VMware has provided one, but being one of a field of open solutions is a lot more precarious a position than being the incumbent. This raises what I think is the real driver behind Virtual Cloud Networking. VMware needs a new strategy because we’re in a new age of IT and networking, and its strengths lie in the past practices.
Whatever happens with VMware’s technology and positioning choices, their movement is a sign that more and more vendors are waking up to carrier cloud opportunity, but just as clear that vendors are still fumbling with the best approach. The networking market has, for decades, been one based on static technical requirements and price-driven expansion. We’ve come to the end of that, and so everyone needs to be thinking about what new demand sources are out there. In the end, the vendors who get that assessment right will be the ones who prosper, because you can’t make the right technology and positioning choices based on the wrong market presumptions.