Tigera Simplifies Network Migrations Away From VMware NSX

Tigera today announced it will make it easier to migrate policies created for microsegmented networks running virtual machines from VMware to be migrated to instances of open-source Kubevirt software that encapsulate virtual machines in containers.

In the wake of licensing changes that Broadcom has instituted since acquiring VMware, many IT organizations are weighing their platform options. One option is Kubevirt, which enables IT organizations to encapsulate kernel-based virtual machines (KVM). IT teams could migrate virtual machines from VMware to KVM, which would allow them to run monolithic applications running on virtual machines on top of the same Kubernetes clusters as microservices-based applications.

Step 1 of 7

14%

Which of the following best describes how you currently monitor and manage systems across your hybrid cloud environment?(Required)

Multiple separate tools for different environments

Multiple separate tools for different monitoring and management functions

Single consolidated dashboard

Custom built monitoring and management solution

No full monitoring and management solution

Don’t know

How valuable would it be for your monitoring and management solution to incorporate predictive analytics to help you identify and address system issues that are critical and not waste time or effort working through all the data and “noise” that is not critical?(Required)

Extremely valuable

Moderately valuable

Somewhat valuable

Slightly valuable

Not valuable

How do you most typically address potential system issues BEFORE they impact your operations?(Required)

Automated workflows and playbooks to remediate potential issues as soon as they are detected

An orchestrated response process that leverages automation, AI, and human expertise to rapidly respond to potential issues

Advanced monitoring tools such as predictive analytics and anomaly detection to proactively identify and address potential issues

Respond to issues as they arise, using manual processes and troubleshooting techniques

A combination of automated remediation, orchestrated response, and/or proactive monitoring to address potential system issues

Don’t know

Other

What methods does your organization use to control and monitor cloud/IT spending?(Required)

Centralized procurement processes

Pre-approved budget thresholds

Automated cost monitoring tools

Department-level spending controls

Regular cost audits and reviews

Cloud cost optimization platform

Approval workflows for resource provisioning

Native financial operations tools provided by the cloud provider

No formal controls in place

Don’t know

Other

Please specify:

Which methods do you rely on most to detect security vulnerabilities in your systems?(Required)

Automated scanning tools

Manual assessments

Vendor notifications

Threat modeling (for early detection)

None of these

Don’t know

Other

Please specify:

What are the TWO most common ways you prioritize vulnerabilities to address within your environment?(Required)

Based on potential impact

Based on exploitability

Regulatory compliance requirements

Based on CVSS scores

Risk-based analysis of multiple factors

First-in-first-out approach

No formal prioritization process

Don’t know

How do you typically handle system updates and security patches?(Required)

Automated updates and patches

Manually review and apply updates and patches on a regular schedule

A combination of automation and manual review

Apply updates and patches on an as-needed basis.

Outsourced update and patch management

No defined process

Don’t know

Other

Δ

Dhiraj Sehgal, director of product marketing at Tigera, said one of the challenges that IT teams will encounter, however, is that many of them make use of microsegmented networks using NSX software from VMware. Tigera is now making is easier to migrate the policies created for those networks to the open-source Calico network virtualization software that it created for cloud-native application environments, he added
.
Calico already supports virtual machines, containers and bare-metal servers, but Kubevirt enables IT teams to centralize the management of virtual and machines using a single platform. It will take any IT organization that decides to move workloads off VMware virtual machines a significant amount of time given all the dependencies that exist, but Tigera is moving to make it simpler to at the very least preserve the policies they have already created to microsegment virtual networks.

It’s not clear how many IT organizations have adopted NSX from VMware but interest in encapsulating legacy monolithic applications has increased since Broadcom acquired VMware. Calico provides a declarative segmentation alternative based on workload metadata such as namespace and labels to ensure new workloads are segmented automatically upon deployment.

That approach also makes it simpler to define policies that can be applied granularly to workloads across a heterogeneous IT environment, noted Sehgal. Additionally, a policy recommendation engine recommends policies based on the traffic flow of workloads that can be instantly applied via a single click in a way that requires no coding.

Calico also allows IT teams to preview and stage policies prior to enforcement along with immediate feedback on policy rule changes in the production environment before enforcement.

A dynamic service and threat graph built on flow logs also collects and analyzes communication flows to create a comprehensive map of the application environment.

Finally, integrated intrusion detection and intrusion prevention capabilities ingest threat feeds to pinpoint the source of malicious activity in the event of a breach.

Regardless of the motivation for adopting, microsegmention plays a critical role in limiting the blast radius of any network breach by helping to prevent malware from moving laterally across an IT environment. The challenge, historically, is that network microsegmentation of networks in IT environments that are constantly being updated is not easy.

However, as networking continues to evolve the days when every change to a network requires manual effort are mercifully coming to an end.