Reg comments4

Servers as pets or cattle was 2012. Now it's McMansions or Hotels

VMware and Pivotal are going to bring microsegmentation to Cloud Foundry

Remember pets and cattle? CERN's 2012 metaphor to describe on-premises servers you name and care for lavishly versus virtualized cloud servers you never name, run in a herd and snuff out without a second's thought?

Well the metaphor's evolved: VMware and Pivotal are now talking about McMansions and hotels to explain how they will bring virtual networks into the world of DevOps.

The companies feel that most DevOps work is taking place either with cloud-native applications or on the margins of a big organisation's software flet. Core applications remain largely untouched in the push to continuous deployment, largely because even small changes to older code in the heart of a business require detailed security and compliance oversight. That slows things down because large organisations have silos to take care of those things. Between politics and governance, that makes it hard to get close to continuous delivery.

That state of affairs got the two companies thinking about the surprise breakout use case for NSX. VMware first imagined NSX as a control plane for networks comprised of different vendors' hardware. It's turned out to be more immediately useful for microsegmentation – the practice of creating virtual networks to link a small set of resources, often tied to a specific workload. Because these virtual networks are only required to do certain things, they are defined by policies that don't let them do anything else. If behaviour not defined in policy is detected, microsegmented networks either isolate themselves or make red lights and klaxons go off down in Ops.

At Dell EMC World the companies will explain how NSX will be integrated with Pivotal Cloud Foundry so that when developers work on stuff that touches compliance-and-security-sensitive applications, they'll do so inside virtual networks that reflect all the worries security and audit teams want taken into account. Instead of creating compliance-friendly new development environments – a McMansion with a room for everyone and every household activity - they'll check into a hotel with just the services needed for a short stay, but a policy-enforced empty minibar.

These development environments will have their own IP and MAC address spaces and, while they may run on shared hardware, will be logically discrete from production environments and from other testbeds.

The two companies think this approach will be especially attractive to developers building containerised systems on top of core applications, because spawning containers, chaining them and they destroying both the containers and the connections between them sets off alarms among compliance pros. Those folks are accustomed to being able to trace transactions with great granularity, a task that possible with containers but made harder by the fact containers are treated as even more disposable than cattle. Showing governance types that all of this whacky work happens within virtual environments that adhere to policy makes for greater comfort.

We're not sure at this stage exactly what Pivotal and VMware will announced, but The Register understands this is a day two announcement. Michael Dell, David Goulden and Intel's Diane Bryant are the day one speakers at the show. ®

Sign up to our Newsletter

Get IT in your inbox daily

Biting the hand that feeds IT © 1998–2017