UPDATED 15:19 EDT / AUGUST 30 2019


Cloud-native disruption comes into focus at VMworld

VMware Inc.’s diverse enterprise infrastructure product line has found its way into the vast majority of information technology shops around the world. Uncover the company’s DNA, however, and it’s clear VMware is a hypervisor company at its core.

So when VMware announced at its VMworld conference this week that its flagship hypervisor ESXi will no longer be the center of its world, but rather will cede that position to the software container orchestration system Kubernetes, we know we’re dealing with Innovators’ Dilemma-level disruption.

Kubernetes takes the spotlight

In contrast to IBM Corp.’s hands-off strategy with its recent acquisition of Red Hat Inc., VMware went all-in to incorporate Kubernetes wunderkind Heptio Inc. — which it bought in November 2018, bringing in talent such as co-founder and now VMware Principal Engineer Joe Beda (pictured, right, with VMware Chief Executive Pat Gelsinger) — into its core vSphere virtualization platform.

The result was a plethora of Kubernetes-related announcements, the most significant of which is likely Project Pacific, which will rework vSphere with native Kubernetes. “Embedding Kubernetes into the control plane of vSphere will transform the platformb—benabling it to converge containers and VMs onto a single platform,” according to a VMware press release. “Project Pacific will also add a container runtime into the hypervisor.”

VMware’s willingness essentially to revamp its core technology along cloud-native lines is remarkably profound and should dispel any doubts about whether VMware would be able to overcome the Innovators’ Dilemma.

Ripples of cloud-native disruption hit cybersecurity’s shores

VMware itself was only part of the cloud-native story at VMworld, as the company’s ecosystem of partners and other providers exhibiting at the conference also sought to jump on the cloud-native roller coaster. A surprisingly strong contingent of cybersecurity players was along for this ride, all positioning themselves as helping to rework the aging principle of zero-trust for the modern world of hybrid IT and containers.

Newcomer CloudKnox Security Inc. touted its patented activity-based authorization for any identity that touches any endpoint across the hybrid IT infrastructure, including service accounts, bots, third parties or employees. In essence, CloudKnox updates the zero-trust principle of least privilege by abstracting physical endpoints.

Valtix Inc. offers a cloud-native network security platform that fundamentally decouples the network control and data planes in real-time, separating policy-based enforcement from the underlying physical endpoints. Valtix can thus act as an ingress and egress proxy for service meshes, which are fast becoming the most important tool for abstracting endpoints in cloud-native infrastructure.

Banyan Security offers zero-trust access for the post-virtual private network world. The company assumes all parts of the network are insecure, instead providing quantified trust at endpoints, as well as continuous authorization and distributed enforcement of security policies across the hybrid IT infrastructure.

After successfully embedding its eponymous open source instrumentation of system calls into the core Linux distribution, Sysdig Inc. is now in the process of rolling out Falco, its open-source container-native runtime security platform.

Falco will be able to detect threats across Docker images in real time and will also validate Kubernetes policies for compliance purposes and provide forensics information after the fact, even for containers that no longer exist.

‘Intent-based everything’ begins to coalesce

How the business wants infrastructure to behave should drive both the initial configuration of that infrastructure, as well as its ongoing behavior even in dynamic environments. Such is the core thinking behind intent-based networking – a principle that applies equally well to any other part of the infrastructure, at least in theory.

Today, however, intent-based networking is the only area where vendors talk about intent-based infrastructure. One of the leaders in the intent-based networking segment, Apstra Inc., was exhibiting at VMworld. Its news: a partnership with VMware to bring intent-based networking to NSX, VMware’s software-defined networking technology. In essence, with the participation of Apstra, NSX itself becomes intent-based, as Apstra can ensure underlying physical network configurations meet the business intent for NSX.

Achieving this intent-based vision for NSX, however, requires more than intelligent configuration. It also requires additional levels of manageability and visibility in real-time in order to guarantee the network continues to meet the business intent. To that end, NetScout Systems Inc. announced its own integration with NSX-T, the version of NSX suitable for hybrid IT environments. With NetScout, operators have visibility into the behavior of everything running on the network all the way down to the wire level.

“Intent-based” went well beyond networking at VMworld. For instance, FireMon LLC brings the notion of intent-based security to its hybrid security management solution. FireMon provides a layer of abstraction above all existing security enforcement technology, giving operators the ability to configure and manage high-level policies that reflect the business intent.

What FireMon does for intent-based security, Akamas S.R.L. does for intent-based performance management. Operators must adjust many parameters to optimize the performance of any system or environment, and as the complexity of today’s cloud-native hybrid environments increases, the number of such knobs that operators must turn in order to optimize performance quickly becomes unmanageable. The Akamas platform automates this knob turning, delivering continuous performance optimization that meets the business intent for performance on a continual basis.

Kemp Technologies Inc. arguably falls into the intent-based load balancing camp with its application-centric take on the well-established load balancing market. Most load balancers work at the network level, but Kemp focuses on what it calls the application experience, offering per-app load balancing options that meet the business intent better than earlier generation load balancers can.

Getting ahead of cloud-native disruption

It’s anybody’s guess whether “intent-based everything” that pulls together intent-based networking, security, performance management, load balancing and other infrastructure components becomes a hot topic in its own right. Regardless of the popularity of the terminology, however, real-time, dynamic configuration of infrastructure that meets the business intent is a must-have in all cloud-native environments.

Even so, intent-based everything is but one of many broad-based best practices that are beginning to coalesce around the notion of cloud-native computing. Updating zero-trust security along software- defined networking lines is one. Abstracting hybrid IT environments with consistent virtualization technology that simplifies management and workload portability is another. The list goes on.

True, it’s hard to get your head around the big picture of cloud-native computing – but that doesn’t mean you shouldn’t jump in. The ripples of disruption may continue to expand, but the water is fine.

(Disclosure: Kemp Technologies and NetScout are Intellyx customers, and VMware is a former Intellyx customer. None of the other organizations mentioned in this article is an Intellyx customer. VMware provided Jason Bloomberg with a free pass to VMworld, a standard industry practice.)

Jason Bloomberg, a leading IT industry analyst, author, keynote speaker and globally recognized expert on multiple disruptive trends in enterprise technology and digital transformation, is founder and president of the agile digital transformation analyst firm Intellyx. The firm advises companies on their digital transformation initiatives and helps suppliers communicate their agility stories. Bloomberg, who can be followed on Twitter and LinkedIn, is also the author or coauthor of four books, including “The Agile Architecture Revolution.”

Photo: VMware

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One-click below supports our mission to provide free, deep and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy