VMware NSX, SDN and the operational challenges ahead

Earlier today Ed Grigson posted a tweet on Twitter which turned into a mini conversation. It ended up involving Dan Barber, Gregg Robertson, Ed and myself and went like this:

Screen Shot 2014-06-24 at 15.52.10

The subject was how experienced IT architects will engage with NSX and other complex SDN solutions. Not only whether we CAN but also whether we SHOULD.

I know Ed and a few of the other guys are attending a beta NSX ICM course in Frimley in the UK. And VMware are now enabling the channel to sell NSX to try and increase adoption rates. It is a mature product that should be ready for the Enterprise.

It is inevitable that this will ultimately lead to trained people conducting design as well as admin – not my buddies on this training, but eventually out in the field.

Is the Enterprise ready for NSX ?

There is no doubt this is awesome technology. However this does open up a debate regarding what the operational support model looks like with vSphere, Hyper-V, Openstack and advanced SDN  solutions under the same umbrella.

So I’m asking is the Enterprise ready for NSX or Cisco ACI for that matter ? That’s not from a product perspective. I mean purely from an operational and manageability point of view ?

And I haven’t seen this question debated much. This seems one of the most fundamental operational considerations before deploying an SDN solution.

In a previous life 6 years ago I worked on my first (very) complex vSphere implementation. It was the design of a hosted multi-tenanancy Cloud platform running on vSphere 4 for Ireland’s PTT. Where now we use software-defined solutions such as NSX, I worked alongside two Cisco CCIE’s – one of whom had three CCIEs. That solution was built using Cisco 6500, 7600 and other existing kit that was made do a job.

We were absolutely constrained by budget and my colleagues performed some magic to get it all to work. In that case the solution was a commercial product that needed to be designed for scale and expansion.

It comprised shared ESXi hosts with virtualised firewalls, load balancers, multi-VPN access as well as other services such as provisioning of aggregation services for backup/storage-as-a-service for existing co-location customers.

Working on that project made me realise that where security is paramount, design should be the remit of Network engineers. That was 6 years ago. Now potentially that power exists within NSX and the Hypervisor management layer.

Network Architect skills

On that project I worked with engineers familiar with vSphere networking. Trying to engage routing/switching CCIE’s with no knowledge of virtualisation is like buying a pig in a poke. It’s getting the wrong man for the job.

And looking at Ed’s tweet and remembering taking the HOL lab on NSX at VMworld last year I realised the power of NSX and what can now be easily completed with software, where once it was necessary to argue and beg Cisco for equipment to try out some of these concepts.

I suggest it would be crazy to let a vSphere Architect  take design responsibility for a complex solution like NSX without sufficient networking training and experience. I would also suggest it is folly to allow a network guy (CCIE-level) design such a platform without significant vSphere training and experience. My humble opinion is that a knowledge deficit can now occur in either direction, and that needs to be bridged.

And this is the operational challenge. As Dan pointed out in the tweets, VMware now has Datacenter, End User Computing, Cloud and Networking as it’s four pillars. I’m sure some will achieve triple-VCDX but can you really be an expert across three or four of what are now disciplines or almost distinct practices ?

Reading material

And now onto the real subject…..

By coincidence about a week or so ago I asked for suggestions for good CCNP-level networking material. I plan to personally get my hands on the following three books. Thanks to Craig Kilborn @craig_kilborn, Ramses Smeyers @rsmeyers and Nicolas Vermandé @nvermande I have these three suggestions for all vSphere architects to up your game, whether VCDX is your plan or just to surprise some of your colleagues:

1. I haven’t read it but always recommend Chris Wahl’s material for great technical content with a great sense of humour that’s easy on the ear/eye:

Screen Shot 2014-06-24 at 16.29.27

2. Try this book out recommended by Ramses for in-depth NX-OS R&S.

ISBN-10: 1-58714-304-6

Screen Shot 2014-06-24 at 16.28.41

3. Check this one out by Nicolas which kind of covers DC designs from a virtualisation perspective.

ISBN-13: 978-1-58714-324-3

Screen Shot 2014-06-24 at 16.29.00

Enjoy ….

Do you fear loss of control or worry about lack of training and knowledge ?

What are your thoughts on this ?

One thought on “VMware NSX, SDN and the operational challenges ahead

Leave a Reply

Your email address will not be published.