Exec: How SDN, SD-WAN, security fit in VMware's strategy

VMware networking and security chief Tom Gillis looks at competing with Cisco and how company will bolster NSX and more.

Michael Cooney Mar 18th 2019

It has been just 10 months since Tom Gillis became VMware's senior vice president and general manager of its networking and security business, and in that time he has overseen some major changes in the company’s core products.

Most recent is a milestone release of the company’s NSX-T Data Center software, making it VMware’s primary networking platform for organizations looking to support multivendor cloud-native applications, bare-metal workloads as well as the growing hybrid and multi-cloud worlds.

Gillis’s group also rolled out a new firewall – the Service-defined Firewall—VMware says protects enterprise applications inside data centers or clouds. There have been other key additions, too, including an expanded relationship with AT&T around its SD-WAN offering.

Leaning on his previous executive experiences  – general manager of Cisco's security technology business, CEO of Bracket Computing, vice president of marketing at IronPort Systems and others – Gillis is tasked with keeping VMware squarely in front of cloud, security and enterprise computing.

He recently talked with Network World senior editor Michael Cooney about some of the company’s key networking and security directions and a big competitor, Cisco:

Cooney: Coming up on your year anniversary with VMware – what have been some of the biggest networking and security challenges you’ve addressed or hope still to address?

Gillis: NSX-T is a very big deal for us. We have hundreds of engineers developing that software, and fully decoupling NSX from ESX was a big job. In the end we want to blur the lines between public and private cloud with the idea changing the notion of what the data center can be in the future. Our APIs let customers and developers have the public-cloud experiences everywhere, where we set a baseline of policies that define who gets to talk to who, that lets them easily implement a modern, secure cloud native application that can be replicated from a desktop to a mainframe. It’s a different model for how to more effectively run a data center.

Another challenge is positioning VMware in the security space much more than we have in the past. We already have microsegmentation and other security tools in NSX network virtualization overlay, and we are looking to build on that.  A key part of that advance is the Layer-7-based approach to cybersecurity which uses the known good attributes of applications that is found in the new Service-defined Firewall. This is something we can do uniquely and is what customers will see us do more of.

Let’s talk about VMware’s SDN strategy.  How has it changed/evolved in past couple years?

NSX is pure SDN. My take on SDN is that it has mostly hit the mainstream, and it is in various stages of deployment. SDN is definitely transformative, and it has changed the way customers have to think and organize. One of the biggest challenges is changing the skill of a traditional network engineers in an SDN of software environment.  It’s more about defining policies, and who gets to talk to who. And the network people are more involved in that type of programming now and going forward.

How does VMware’s SDN strategy differ from Cisco’s?

The challenge that Cisco has is that while they are really good at fabric management especially in environments with thousands of switches, but those switches have no inherent knowledge of applications. Cisco uses an agent to handle application awareness and policy enforcement in its [Application Centric Infrastructure] world.  That still requires a switch, which to me isn’t very efficient in an all software-defined-networking world. 

We are strictly software and have application awareness regardless of the hardware you are running. This makes our implementation particularly useful for multi-cloud workloads. Basically we focus on the network overlay [the virtual environment] and let customers do what they want in underlay [the physical network environment]. As we’ve matured NSX, we have tightened the relationship between those worlds. Going forward, customers will see us do more  to simplify communications between the SDN layer and the underlay technology.

What’s going on with VMware in the SD-WAN arena?

We see SD-WAN as a critical way to stitch together the power of local compute and the data center.  Our focus is very much toward tying SD-WAN to the cloud.  Customers don’t need to backhaul remote traffic to the data center any more. They can support applications and traffic from whatever destination they want, all managed via the cloud. What we are focusing on for the future is developing better QoS and more automated features for SD-WAN customers.