One of the things that seemed clear to me over the last couple of VMworld conferences is that VMware is very committed to NSX. In addition to having NSX as the core of its Software-Defined Data Center (SDDC), VMware is also placing NSX in the core of its End User Compute (EUC) offering. I also expect VMware to make NSX a core part of its Photon platform for modern applications. The big challenge is that VMware does not make it easy to become familiar with NSX. For a product that is the core of so many parts of VMware’s roadmap, the NSX software is hard to get a hold of.
Back in 2012, VMware spent $1.26 billion acquiring Nicera. Nicera had one of the most advanced software-defined networking (SDN) products, and VMware wanted it to be part of its future product line. At the time, SDN was interesting mainly to service providers, organizations with huge networks containing tens of thousands of nodes. Most enterprise customers relied on an army of skilled network engineers who manipulated text files to manage network configurations. SDN offered the possibility that policies and automation would manage these configurations. Most of the major software vendors agree with VMware: SDN is the next big thing in networking.
Some VMware products are very easy to evaluate: just visit http://www.vmware.com/try-vmware.html. Clicking on the vSphere link takes you to a page where, among several other options, you can register to download the vSphere suite installers. Then you can install it yourself in your own test lab. This sort of hands-on test ability is fundamental to technical staff’s gaining of experience. Without experience in a non-production environment, any deployment into production is going to be very risky. If you go to that same page and click the NSX link, then you get just one option. The only trial option for NSX is the VMware Hands-on Lab (HOL). Now, first off, I love HOL. A guided walk-through of a product’s features is a great way to learn. If you want to learn about VMware’s products without a lot of financial commitment, I highly recommend the HOL. But HOL isn’t enough; it has training wheels on it that prevent disasters. A real product deployment has no training wheels, and disasters are far better encountered in the lab before deployment into production.
To gain a deep understanding of a product, there is no substitute for hands-on time. No amount of using a controlled and contrived training environment will prepare an engineer for the idiosyncrasies of the production environment. Uncontrolled hands-on time in a lab that is as unique as the production environment is the only way to gain a real understanding of using NSX in production.
As I understand it, access to the NSX installers is gated by attending the VMware training on NSX. Again, I’m also not saying the VMware Education course on NSX isn’t good. Having been a trainer delivering VMware’s courses, I know that they are very good courses. I also know that the requirements for trainers to deliver the NSX courses are pretty rigorous. The key point here is that before VMware will let you download the installer for NSX, it requires that you attend a five-day training course. That is a lot more commitment than registering to download vSphere.
I keep asking myself why NSX is so hard to get to evaluate. It does not inspire confidence if VMware requires that engineers spend a week being trained before they can even get access to install the product in their lab. Remember that NSX is at the core of a number of VMware initiatives that the company expects most customers to deploy.
I see two possible conclusions about why VMware controls access to the NSX software so tightly. The first is that NSX is so easy to get wrong that customers cannot be trusted not to make a mess. Having heard how much of a mess people could make of deploying VMware’s vShield networking products, I think that this is quite plausible. To me, this is very concerning. If deploying and configuring NSX is so easy to mess up, I’m not sure I want to trust it with my production network. The existing network may be fragile and easy to break, but at least my team understands its fragility and how to repair it when it breaks. I don’t want to replace one fragile piece of infrastructure with a new, unfamiliar fragile infrastructure.
The other is that NSX is so different from anything VMware has ever produced that VMware’s customers cannot understand NSX without guidance. Typical VMware administrators have not been network administrators as well. The VMware team would rely on the expertise of the network team, hopefully in a cooperative and respectful environment. Since NSX is really about networking, VMware needs to court the network team, rather than the VMware team. Instead of trying to get the VMware team to take over the networking, VMware should be handing NSX to the network team. But VMware isn’t making it easy for the networking team to get NSX. Having a Cisco or Juniper certification does not make it any easier to get the NSX installer.
No matter why VMware is withholding NSX from the majority of its customers, I am sure it will impede deployment of NSX. For NSX to be at the core of customers’ infrastructure, it needs to be in the hands of the technical staff who will deploy and support it long before it goes into production. Unless VMware can resolve whatever roadblocks are making it restrict access to NSX, its plan to have NSX everywhere cannot succeed.