Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Early user of VMware NSX net virtualization tool extols fine grain controls

John Dix | June 26, 2014
Canadian airline company WestJet is one of the earliest customers of VMware's NSX network virtualization tools, which initially reached for the tech to address a security issue. Network World Editor in Chief John Dix recently sat down with WestJet technologist Richard Sillito to learn what the company is learning about network virtualization and its broader NSX plans.

So ultimately I thought, building a software-defined data center is no different from building a data center, and when we built our last data center we didn't say, "OK, we're pulling people out of IT and putting them in the Eastern Data Center Team." We had a representative from each group involved and they will be the bridge to bring knowledge in and take knowledge back out.

So I fundamentally looked at it the same way, and said, "Let's just pretend we're building a data center." So I pulled together network guys, server ops guy, security, a bunch of architects, and we started a group called the V Team. We meet once a week and work out designs, tackle problems, listen to presentations, whatever is on the agenda that week.

How does NSX exist in the lab today? Do you model out every little aspect?

It's still relatively contained, but that is one of the beauties of software-defined networking. You can make it very complex, but it doesn't affect the physical layer. So as long as you've got a couple of hosts that are sending traffic back and forth, you're validating everything you need to validate. It's neat because it does scale so well. That's the beauty of it. Now all things fail at scale, so it will fail at some point, right? The beauty for us is, with a relatively small data center compared to the other guys who are running NSX, like eBay, we go to the techno advisory boards and hear the kind of numbers they're pushing and we're like, "Yeah, we're probably not going to have to worry about that."

Anything else that we didn't hit that you think is important to get across about this journey?

If I was really to boil it down, it's really that we found a way to put a network security policy in that isn't dependent on how networking works. I remember we were having a white boarding session for the web stack and someone said we had to think about routing traffic to the firewall the traffic. And I said, "No we don't. You just let the traffic flow. I'll set the policy, and the policy will be applied as it comes and goes from the virtual machine. I don't care how you route it. It doesn't matter to me anymore, because I can just set the policy around that virtual machine." And that ability, I think, is just going to be huge. 

 

Previous Page  1  2  3  4  5 

Sign up for MIS Asia eNewsletters.