During my tour of duty at Crossbeam, I've closely tracked the convergence of the virtualization strategies of companies such as VMWare with Cisco's published long term product direction.
One of the selfish reasons for doing so is that from a product-perspective, Crossbeam's platform provides a competitively open, virtualized routing and switching platform combined with a blade-based processing compute stack powered by a hardened, Linux based operating system that allows customers to run the security applications of their choice.
This provides an on-demand security architecture allowing customers to simply add a blade in order to add an application service component when needed.
Basically this allows one to virtualize networking/transport, applications/security contexts and security policies across any area of the network into which this service layer is plumbed and control the flows in order to manipulate in serial or parallel the path traffic takes through these various security software components.
So that's the setup. Yes, it's intertwined with a bit of a commercial, but hey...perhaps liberty and beer are your idea of "free," but my blogoliciousness ain't. What's really interesting is some of the deeper background on the collision of traditional networking with server virtualization technology.
While it wasn't the first time we've heard it (and it won't be the last,) back in December 2006, Phil Hochmuth from Network World wrote an article that appeared on the front page which was titled "Cisco's IOS set for radical pricing, feature changes." This article quoted Cliff Metzler, senior vice president of the company’s Network Management Technology Group as saying these very important words:
Cisco’s intention is to decouple IOS software from the hardware it sells, which could let users add enhancements such as security or VoIP more quickly, without having to reinstall IOS images on routers and switches. The vendor also plans to virtualize many of its network services and applications, which currently are tied to hardware-specific modules or appliances.
This shift would make network gear operate more like a virtualized server, running multiple operating systems and applications on top of a VMware-like layer, as opposed to a router with a closed operating system, in which applications are run on hardware-based blades and modules. Ultimately, these changes will make it less expensive to deploy and manage services that run on top of IP networks, such as security, VoIP and management features, Cisco says.
“The way we’ve sold software in the past is we’ve bolted it onto a piece of hardware, and we shipped [customers] the hardware,” Metzler said. “We need more flexibility to allow customers to purchase software and to deploy it according to their terms.”
IOS upgrades require a reinstall of the new software image on the router or switch — which causes downtime — or, “we say, not a problem, UPS will arrive soon, here’s another blade” to run your new service or application, Metzler said. “This adds months to the deployment cycle, which is not good for customers or Cisco’s business.”
The article above fundamentally demonstrates the identical functional software-based architecture that Crossbeam offers for exactly the right reasons; make security simpler, less expensive, easier to manage and more flexible to deploy on hardware that scales performance-wise.
Now couple this with the announcement that John Chambers will be delivering a keynote at VMWorld and things get even more interesting in a hurry. Alessandro Perilli over at the Virtualization.info blog shares his perspective on why this is important and what it might mean:
Chambers presence possibly means announcement of a major partnership between VMware and Cisco, which may be related to network equipment virtualization or endpoint security support.
Many customers in these years prayed to have capability to use virtual machines as routers inside VMware virtual networks. So far this has been impossible: despite Cisco proprietary IOS relies on standard x86 hardware, it still requires a dedicated EEPROM to work, which VMware doesn't include in its virtual hardware set. Maybe Cisco is now ready to virtualize its hardware equipment.
On the other side VMware may have a deal in place with Cisco about its Assured Computing Environment (ACE) product: Cisco endpoint security solution called Network Admission Control (NAC) may work with VMware ACE as an endpoint security agent, eliminating any need to install more software inside host or guest operating systems.
In any case a partnership between VMware and Cisco may greatly enhance virtual infrastructures capabilities.
This is interesting for sure and if you look at the way in which the demand for flexibility of software combined with generally-available COTS compute stacks and specific network processing where required, the notion that Cisco might partner with VMWare or a similar vendor such as SWSoft looks compelling. Of course with functionality like KVM in the Linux kernel, there's no reason they have to buy or ally...
Certainly there are already elements of virtualization within Cisco's routing, switching and security infrastructure, but many might argue that it requires a refresh in order to meet the requirements of their customers. It seems that their CEO does.
I think that this type of architecture looks promising. Of course, you could have purchased it 6 years ago -- as you can today -- by talking to these folks. But I'm biased. ;)