VMworld 2016 Europe Focuses on Security and Operational Simplicity
The Barcelona show builds on the key VMworld U.S. announcements.
VMworld 2016 Europe kicked off with numerous product and strategy announcements, all of which are covered in Joe Baguley's excellent blog post. Rather than rehash Joe's analysis, I instead want to focus on a few announcements that should impact your approach to architecture and operations, regardless of your virtualization and cloud vendor preferences.
Increasingly, enterprises are taking a more modular approach to architecture and operations, opting for hyperconverged and simpler, more modular architectures, which is freeing time to have a greater focus on innovation and differentiation. Regardless of platform (traditional, PaaS, container, serverless, etc.), all applications require programmatic compute, network, storage and security services.
VMware Cloud Foundation, announced at VMworld 2016 U.S., is one of what I expect to be several complete hyperconverged infrastructure stack offerings from enterprise vendors going forward. That all said, the Barcelona keynotes reviewed the Cloud Foundation strategy and emerging Cross-Cloud services, including the recently announced VMware Cloud on AWS. Solutions inclusive of VMware Cloud on AWS and Cloud Foundation – deployed locally in a data center or in partner clouds such as IBM Cloud – are about creating a consistent operational plane that enables applications to run anywhere.
Modular and Open
Naturally, if you take a more modular approach to infrastructure architecture (i.e., using bigger building blocks such as hyperconverged infrastructure solutions), a common concern is that workloads can become sticky and effectively locked-in to a single solution. That is one reason that in today's era, open source is so important. OpenStack APIs provide a great way to create flexibility at the IaaS layer, and ditto for Cloud Foundry and Docker at the PaaS layer. Raj Yavatkar and I demonstrated all of those integrations with Cloud Foundation at VMworld U.S.
At VMworld Barcelona, attendees saw the announcement of Kubernetes as a Service on the Photon Platform. This will enable IT teams to offer Kubernetes as a Service, integrated with the open source Photon Controller, and backed by the Photon Platform, which now fully supports VSAN storage and NSX for networking and security. The DevOps era isn't about IT Ops teams "regaining control;" instead, it's all about Ops giving their customers – software engineers – what they want. And that is native, open, well-documented APIs to the services - infrastructure or otherwise - that they require.
Kubernetes as a Services will provide just that, with developers using native Kubernetes APIs to provision and manage environments, and IT operations ensuring the security, availability, and scalability of the platform itself. The same capabilities are also available for native Docker or Cloud Foundry environments today. The important point here is that infrastructure is coupled to applications and services using the open source APIs of the developers' choice. In the future, if VMware does not continue to win your business on merit, you're free to leave and switch solutions without impacting development and application environments. That's how it should be – no API wrappers that create friction, but instead native open source API integrations with the developer application platforms and tools they choose.
Of course, deploying and running applications and services is one thing, but they still must be managed throughout their lifecycle. vRealize Automation (vRA) 7.2 will automate container and container host provisioning and lifecycle management, as well as application service blueprints consisting of containers, VMs and associated infrastructure components. In addition, vRA 7.2 will integrate with our open source enterprise container manager – Admiral – to provide additional flexibility in how your architect and manage containers.
vSphere 6.5 Management and Security
When it becomes generally available later this quarter, vSphere 6.5 will include hundreds of new and updated features, such as native high availability in the vCenter Server Appliance and one-click patching and updates. Beta testers have also raved about the HTML5 vSphere Client (see Figure 1
) and the new REST APIs, along with a very slick PowerCLI.
vSphere 6.5 will also include several security enhancements that will have a broad impact. For starters, native VM encryption will be supported, providing encryption for data-at-rest as well as for vMotion traffic. If you combine that with the forthcoming NSX Distributed Network Encryption capabilities shown at VMworld 2016 U.S. and the cross-cloud consistent IaaS that you get with Cloud Foundation, you will now have a solution where you have centralized key management for data-in-motion and data-at-rest encryption across multiple private datacenters, branch offices and clouds.
Think about that: a cloud provider couldn't see your data even if it wanted to. NSX can even extend those capabilities to a single mobile application managed by AirWatch, providing end-to-end encryption and telemetry that will be extensible to integrate with several dozen security vendors in the NSX ecosystem.
ESX 6.5 will also support Intel Secure Boot, ensuring that only authorized and certified code is loaded when the hypervisor boots. Multifactor authentication at the hypervisor level and multitenant audit logging adds much needed granularity to audit trails.
Endpoint Flexibility and Security
Countless Workspace ONE enhancements were also discussed, including the technology preview of optimized delivery of Microsoft Skype for Business in VMware Horizon. Back in my days as an analyst, Gunnar Berger and I had railed on the need for this capability for several years, so I'm very excited to see the results of our collaboration with Microsoft in this regard.
While it may seem simple on the surface, unified communications support between virtual-to-virtual or virtual-to-physical endpoints is an engineering challenge that requires voice and video communications to be processed locally on the physical endpoint. While workarounds have existed for years, native and well-integrated Skype for Business support is a key necessity for making the virtual desktop experience superior to that of a physical desktop or laptop.
Like many organizations, VMware is a big user of Office 365, and I'm also personally excited to see VMware Tunnel DLP. This new capability will work with the VMware Tunnel App to ensure that conditional access is enforced on devices accessing Office 365. This means that you will be able to restrict content access by devices that are noncompliant and also detect and block users attempting to save Office 365 files to personal file-sharing services.
Moving Fast but Safe
Agility is clearly paramount in today's digital economy, but we must also do so safely and securely. VMworld 2016 Europe is all about giving users the capability to quickly and securely access any app at their convenience, while also keeping data secure. Applications will always require programmatic compute, network, storage and security. VMware is committed to making it easy for developers to leverage their open platforms and APIs of choice, while making cross-cloud and cross-data center infrastructure services securely scale with the reliability and flexibility they demand.
The IT world is unquestionably moving to software-defined technologies, and while many of them exist in public cloud offerings today, VMware is committed to giving you those same capabilities and flexibility across several clouds and private datacenters. You shouldn't have to know an application's future at the time that it's deployed, and the ability to change course as the market requires will make you more agile and competitive. Of course, this isn't just a VMware vision, but that of multiple end-user organizations, vendors and providers. We're embarking on a new industrial revolution and I'm excited about our place in both history and the future.
Chris Wolf is VMware's CTO, Global Field and Industry.