Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

VMware's Casado talks about evolving SDN use cases, including a prominent role for security

John Dix | Oct. 7, 2014
Martin Casado, who helped launch the Software Defined Networking concept in the labs at Stanford, was recently elevated to the top business slot in VMware's Networking and Security Business Unit, giving him the rare opportunity to see the technology through from the incubator to the data center. Network World Editor in Chief John Dix sat down with Casado for an update on the company and his thoughts on how the technology is maturing.

[Soon after our talk, Casado fleshed out his executive ranks by hiring Guido Appenzeller, former co-founder and CTO of BigSwitch Networks, as his Chief Technology Strategy Officer, and Dominick Delfino, who was vice president of worldwide data center and virtualization systems engineering at Cisco, to head his worldwide Systems Engineering team.]

NW:     Let's talk about use cases a bit. It seems they have morphed with time.

MC:      Yeah, they have. The original use case is still probably the dominant case, which is reducing provisioning times. I walk up to a customer and ask, "Does network provisioning get between you and getting something done, whether that's innovation, onboarding a new employee or deploying an application or some business process?" If the answer is yes, there's a discussion to have. If the answer is no, I leave and I go to the next customer. For the people for whom the answer is yes, I say, "Okay, I will take that provisioning time to zero."

But the problem is that's a nuanced operational savings type discussion, so the value isn't immediately obvious and it's more of a complex sales cycle. It's a new kind of architecture that will impact processes so you need very sophisticated sales guys.

I would say that's still about 50% of our sales. But the use case that's really taken off is security. It's just a much easier thing to enable someone to sell. The security pitch is as follows: As we consolidate more workloads in the data center, more and more traffic stays within the data center. We call this east-west traffic. So in an average data center about 80% of the traffic never leaves. It turns out, Mr. Customer, that 80% of your security spend is on the north-south border, so you're spending 80% percent of your dollars on 20% of your traffic.

So if an attacker is able to get beyond that, let's call it a Maginot Wall, they have unfettered access to all of your code and all of your data and you've got no security controls, or very few. What we can do is provide security controls within the data center to address that 80% of traffic. And, by the way, if you tried to do this with physical appliances, there's so much traffic and so much bandwidth it would cost you hundreds of millions of dollars, and for us it's fractions of pennies on the dollar.

I think if you do the numbers you would need something like five appliances per top-of-rack switch, and you have hundreds of top-of-rack switches. It's just ridiculous. But if you distribute that functionality along the edge in the software it just becomes part of the operating model at the servers and you get all of the protection you want.


Previous Page  1  2  3  4  5  6  7  8  9  Next Page 

Sign up for Computerworld eNewsletters.