Adaptive Segmentationmicro-segmentation August 25, 2017

Getting the Most Out of VMworld: The Micro-Segmentation Edition

Mukesh Gupta,

VMworld 2017 is here and Team Illumio has been preparing for months to make the most of the show. I wanted to share my thoughts on three topics I'll be focusing on as I attend various sessions and connect with fellow attendees, and where to go when you hit the expo floor to get the most out of the micro-segmentation conversation at the show: 



  1. Micro-segmentation for containers: Containers are everyone's favorite topic these days. Most organizations are at least starting to experiment with them. It looks like NSX-T is VMware's answer to containers and I am curious about how NSX-T would be able to segment different types of containers running on a host. 

    I'll be checking out "Container Networking with NSX-T Overview" and "Kubernetes Networking with NSX-T Deep Dive" to see how this works.

  2. Application dependency mapping (ADM) for micro-segmentation: Real-time application dependency mapping and visibility are critical for micro-segmentation. VMware realized the importance of visibility for micro-segmentation last year and acquired Arkin Networks, which became vRealize Network Insight. However, NSX and vRealize Network Insight are two different products. 

    Sessions such as "Customer Panel: NSX Micro-Segmentation and vRealize Network Insight" and "vRealize Network Insight - Getting Started Workshop" should give insight on how they will integrate.

  3. Micro-segmentation for workloads running on bare-metal and in public cloud: As most of you probably know, VMware NSX enforces micro-segmentation policies in the ESX hypervisor. That’s the reason it only works for workloads running on top of ESX. Most organizations, however, are running some workloads on bare-metal servers and are either already running or planning to run some workloads in public clouds. NSX does not support workloads running on bare-metal because there is no hypervisor there. It also doesn’t support workloads in public cloud because, as a customer, you don’t have access to the hypervisor in public cloud. VMware has been fully aware of this limitation of NSX. Last year, they showed a tech preview of NSX for AWS workloads with an agent in the workload and OVS (details here).

    While I couldn’t find any specific sessions on this topic in the agenda, it may be covered in some NSX sessions. I’ll be keeping my eyes peeled and ears open for any such coverage and discussion. 


When you make your rounds at the Solutions Exchange, be sure to stop by booth #800 to chat with Illumio technical experts and learn about the most advanced micro-segmentation technology on the floorWe're showcasing breakthrough visualization and policy creation features, including real-time application dependency mapping, in our (legendary) theater-style demo throughout the week. Legendary? Set aside 15 minutes and see for yourself. 

If you would like to catch up with me, please drop me a line. I'll be buzzing about, so stay tuned for updates – the buzz on micro-segmentation and more – live from the show.


Adaptive Segmentationmicro-segmentation
Share this post: