Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

VMware's Casado talks about evolving SDN use cases, including a prominent role for security

John Dix | Oct. 7, 2014
Martin Casado, who helped launch the Software Defined Networking concept in the labs at Stanford, was recently elevated to the top business slot in VMware's Networking and Security Business Unit, giving him the rare opportunity to see the technology through from the incubator to the data center. Network World Editor in Chief John Dix sat down with Casado for an update on the company and his thoughts on how the technology is maturing.

NW:     Didn't VMware have a distributed firewalling capability?

MC:      They had the stateless firewall capability before.

NW:     Did you leverage some of that?

MC:      Absolutely. When we came in there was an enormous team here with this set of assets. We came in with another set. That's why it took us a year and a half to integrate these things.

NW:     I presume you add other security services in time?

MC:      I think you can do load balancing, you could probably do WAN optimization, I think you can do it for IPS, but there are some tradeoffs we're going to have to make. Web application firewalling, I'm not sure. It would be interesting to see.

But we can also start getting into things like vulnerability assessment. Vulnerability assessment is normally a box that sits on the network and scans things and it's like, "Oh, my database says this is vulnerable based on the responses given me from the network." Instead, we can actually run a little bit of code that looks directly into the applications, at the files in the memory so they can't be tricked by, and then mitigate the problem so it can't reach the network. Which is exciting because, wow, now we have an entirely new approach to address security concerns.

NW:     How much of this security work will you do internally versus with partners?

MC:      Ours is very much an ecosystem approach. We're really good at building distributed services, but I'm not an expert in IDS, I'm not an expert in virus detection. So we want to provide a platform that will provide context that others can't get, and even provide native distribution capabilities, but otherwise it's very much an ecosystem play.

NW:     But the firewall was home built?

MC:      The firewall was home built. But again, it's fully distributed. We're going to have to lead with a few core products that demonstrate this capability in order to drive the ecosystem because nobody wants to invest money speculatively if they're in a growing business.

Palo Alto Networks is a good example. They provide a next-generation firewall and are a huge partner. They run a virtual appliance with integration in the kernel and we handle the operational side of distribution and provide additional context by allowing them to peer into the hypervisor. So there's quid pro quo here. For us, our platform gets more attractive and we get to sell a layer that adds value, and for them, they get an insertion vehicle and the insertion vehicle to a large market.

NW:     They're not threatened by your own firewall?

MC:      We're not a next-generation firewall. They're a $600 million company, or something like that. We're focused on kind of a minimum thing internally. It's very difficult to have absolutely zero overlap in partnerships. But we're not going after their core business at all. We're partnering as much as we can as best as we can. The only time we've built up functionality is to kind of lead the space and to address our customer demand.


Previous Page  1  2  3  4  5  6  7  8  9  Next Page 

Sign up for Computerworld eNewsletters.