NSX – The Saga Continues

Network Virtualization

I’ve written before about the difficulty as a user of getting hold of VMware’s NSX and about other problems with the release, but a small recap is in order. Founded in 2007, Nicira was bought by VMware in 2012 for its SDN platform. This consists of deep integration that combines the open VXLAN standard with vSphere’s vShield-like products and some other bit of magic to yield a fully functioning microsegmentation system. Although Nicira is available for OpenStack, too, VMware’s focus has always been on the vSphere implementation and using NSX, combined with some of the vShield products to replace VMware’s own vCNS (vCloud Networking and Security). This $1 billion acquisition has been with VMware for as long as Nicira existed as a company. By now, we would expect it to simply be another part of the VMware product line.

Many years ago, when VMware was a little-known start-up, one of the biggest factors in the growth of its hypervisor was the ability of systems administrators to get ahold of the product and play with it. The trial licenses enabled the full product set, which was unusual at the time, and were simply time-limited. The VMTN subscription included non-production licenses for testing. This, combined with the previously unknown willingness of VMware staff to interact on the company’s forum led to an immense community of enthusiasts who wanted to use the product and practically begged their bosses to bring it in.

In light of this, it was surprising to many of us who are still around that until recently VMware made it so hard to obtain NSX. Successfully completing an expensive training course or being a select partner were for years the only ways to do so, implying that NSX was somehow more complicated to install or more fragile. After all, if users couldn’t be trusted to play with it on their own, there must have been a reason. As such, it was a relief earlier this year when VMware quietly added the NSX downloads to the standard download pages for the product. There was still no fanfare, but NSX, like the rest of the stack, became something that could be trialed by anyone.

In mid-July, problems started to emerge. The first advisory notice related to a bug that only occurs when a system is mid-migration from a previous version. The release was left live, and users were advised not to proceed with upgrades until a fix was available. The problem, it seemed, caused virtual machines to disappear mid-vMotion, with no recovery available. A few weeks later, the 6.2.3 release was pulled from distribution completely. This time, the issues revolved around the distributed firewall, a core component of the product. This means that just weeks away from one of VMware’s biggest conferences, VMworld, where new products are released and the roadmap for the next twelve months announced, a major component of a major product is being pulled from the hands of users.

This sets many back to square one. Just as they can begin to assess the system, the rug is pulled out from under them. This is not a good first impression of a core component. Even worse, it is a core security component. On the positive side, VMworld is usually the point at which a major revision is announced, with release not too long after. It could well be that with a major version change, NSX is being more tightly bound into the family, and that this is actually the root cause of some of the issues. I do hope so, because this big fail is likely to have put off many people at the point when they otherwise would have been willing to give it a good run through.

Posted in SDDC & Hybrid CloudTagged , , ,