The Modern Network ebook

The Physical Layer Still Matters


In the past, this process might have taken anything from weeks to months. Now, it can happen in days or even hours. This is possible, because of the changing relationship between lineof-business applications and the networks they run on.


If the DevOps team had to purchase and configure new hardware every time the line-of-business units needed to implement a new application — or install an existing one — then the kind of flexibility we’ve described would not be possible.

That it is possible, is thanks to the use of state-of-the-art virtualization and public-private cloud technologies. These form an intermediary layer between the physical network and the apps which run on it.

For example, if a new instance of an e-commerce application requires its own network segment, data servers and other infrastructure, the enterprise can create virtual instances of these in as little as just a few hours or even minutes. In this way, the capabilities of the modern network have overcome the physical limitations of the past.


This does not mean that the physical devices no longer matter. Clearly, to function properly the network must still have reliable hardware with a robust physical architecture capable of running the required apps and the cloud platforms on which those apps run.

But because much of the network’s intelligence resides in virtual devices which often exist on standard servers — much like the servers in a data center — the actual physical network can afford to be less sophisticated and may often be heterogenous, without this limiting the scope, scale or range of functions which the network can run.


The Modern Network





There are two tennets which are the core of the modern app-drive network:


1. Deliver a superior user- or device-to-app experience using a automated, intelligent, self-healing network built on a common identity model and end-to-end trust.

2. Use service objectives for user experience, app availability, performance and security as a contract between users and the organization.

This could mean anything from quickly bringing extra e-commerce and payment services online to adding new data analytics and businessintelligence capabilities at short notice. To achieve tasks of this complexity at speed, the user-toapplication experience must determine the structure and configuration of the network.

A network user, in this context, is any individual, application or process which draws on network resources and contributes towards the completion of the task at hand and to achieving the goals associated with that task. The job of the modern app-driven network is to deliver the resources required to make this happen.

Service Objectives are the Pressure which Drive Network Evolution

To meet this goal, line-of-business managers define service objectives — specified according to metrics such as latency, uptime and jitter, error rate and response time — that the network and the relevant applications must meet in order to deliver the required user-to-application experience.

Everything else — the structure of the network, the resources and platforms deployed — flows naturally from these service objectives, cascading down through the network from the topmost modern-application layer.


Thanks to the intelligence built into the virtualized-cloud layer that sits between the apps and the physical network infrastructure, the DevOps team is able to quickly and dynamically assign and scale the resources delivered to any application or suite of applications in order to meet the relevant service objectives.

Why is the Time Right for the Modern Network?

In May 2020, US consumers spent $83 billion on e-commerce sites — up 77% year-on-year [2]. Nor is this phenomenon confined to the US. A survey in April 2020 found that global e-commerce had grown by 209% compared to the same month in 2019 [3]. The volume of online payments has also rocked, with one major European payments provider reporting a 74% increase in transactions during lockdown [4].

And research by McKinsey indicates that 75% of people who used digital channels for the first time during lockdown will continue to use them once

life returns to normal [5]. Turning to how companies operate internally, one recent report calculated that the COVID-19 pandemic had accelerated corporate digital transformation by as much as six years in global enterprises [6].

The pandemic did not create these trends from nothing. It accelerated what was already happening. But in doing so, it has created entirely new and challenging market conditions. These are marked by hyperconnectivity, as consumers engage with businesses across an unprecedented range of devices and channels.

imageThis new market is also characterized by a disruption to existing brand loyalties, as first-time online shoppers find themselves trying new goods, services and online retailers for the first time. According to one recent survey, two-thirds of customers have tried a new product over lockdown [7].

To thrive in this new market, enterprises must be able to act quickly to forestall threats to their




The two tennets which are the core of the virtualized multi-cloud network:

1. Enable network-on-demand for any app, anywhere, using a flexible, software-defined approach to networking in which all the various functions as well as physical and virtual devices work together to achieve the best experience for users.


A recent study by analysts at Forrester found that an average enterprise can save up to

$8,074,278 on capital expenditure over three years by switching to virtualized networking [8]. Over the same three years, that enterprise

But there are some areas of operations which virtualization alone cannot reach. Many enterprises run their apps on a range of different cloud platforms, each running on different data centers. To simplify and streamline the management of these cloud platforms requires the federation of security policies across sites and cloud platforms.


would also cut administrator costs by $1,283,724 and boost end-user productivity by up to $1,572,469.


Multi-cloud: the missing piece of the puzzle

According to research by Gartner, 81% of enterprises now use multiple cloud providers: with each application running on the cloud platform that delivers the best balance of features, performance and security for its specific needs [9]. Thanks to virtualized networking, the enterprise can use resources from across its network to spin up and scale each cloud platform, as demand requires.

But to minimize administration overheads and ensure consistent security, the enterprise needs a way to manage all of these cloud platforms through a single dashboard. This is possible, using an advanced multi-cloud network and security solution.



Specifically designed to interface with a broad range of popular cloud platforms, a multicloud network and security solution allows IT departments to monitor, administer and update all their cloud platforms from a single dashboard. This includes applying privilege-based security settings — for instance, to determine which users and applications can access data — to all platforms, simultaneously through a single interface.

The most advanced multi-cloud management platforms also come with a high degree of automation built in. Technologists pre-program responses to common network events and failures. This significantly reduces the amount of time IT specialists spend troubleshooting both the underlying network and many issues related to the cloud platforms themselves.


One 2019 study found that on average, an enterprise which has a multi-cloud set-up takes just 29 minutes to resolve a platform outage and restore normal service [10]. For enterprises that don’t use multicloud, that figure is 1,672 minutes.




The physical and virtual network capabilities and policies must be aligned so that the network as a whole is able to cope not just with normal levels of traffic but also with unplanned peaks in demand. For instance, using a virtual multi-cloud network, enterprises can easily and quickly spin up cloud instances, network segments and apps in response to unexpected spikes in e-commerce demand.


In theory, this allows the enterprise to respond in an agile manner to rapidly developing business opportunity. But this can only happen if the underlying network has the bandwidth and lowlatency required to deliver the extra bandwidth necessary, instantly, and to perform against the service objectives set by line-of-business managers.


imageLeveraging Heterogenous Infrastructure

Key to the successful configuration of your physical infrastructure is the tennet of leveraging the heterogenous infrastructure to provide the virtual network with a fast, simple and resilient physical underpinning.

Physical infrastructure in the modern network serves as a generic general-purpose platform that can be specialized on demand if necessary and then brought back into the general resource pool.

The modern network can be made up of a hyper-converged infrastructure spanning LTE, 5G, IoT and any service provider. It can be multi-vendor and enables connectivity across all heterogeneous infrastructure.


A Physical-network Checklist for Multi-cloud

Because it’s much less reliant on the physical infrastructure, a virtualized network can tolerate a far more heterogenous device mix than a traditional network. However, there are still some health checks that enterprises should make to ensure that their physical and virtual infrastructures will work seamlessly together.

Here are three steps [11] to ensure the physical supports and enables the virtual in your network environment:

1. Ensure that the physical network offers the bandwidth necessary to scale traffic between all locations which will be part of your virtualized multi-cloud setup.

2. Use servers that meet the recommended requirements for running the hypervisor, virtualization software you’ll use to virtualize network devices.

3. Hardware must meet specific requirements — for instance, support for large maximum transmission units (MTUs) — required by your virtualization platform.

As you can see, the requirements are minimal. Almost any enterprise will be able to begin the process of network virtualization, and the move to multi-cloud, with the physical infrastructure it has today. And in a very short time, it will see real and measurable benefits. In a recent study by Forrester, companies which made the move to a virtualized network cut the time spent configuring and troubleshooting by 95% [12].








Security in the Modern Network

Built on a zero-trust foundation, multi-cloud, appdriven networks give the NetOps team a whole new security toolset. In a zero-trust environment, rather than allowing all traffic within the network perimeter to flow freely, which can create security problems, each application has its own “micro-perimeter”.

Because the applications within the perimeter only trust each other as required to fulfil their function, an attacker who compromises one application is not automatically able to access all the others at will. This zero-trust hardens the network against attack and makes mass breaches of customer or business records less easy for criminals to achieve.

Cloud platforms, and the applications which run on them, no longer run on bare metal but rather on the virtual layer that sits on top of the bare layer. With the right multi-cloud management tools, this virtualization layer comes with security and compliance built in.

Features that support enhanced network security include:

End-to-end encryption: ensure confidentiality and security across and between all cloud platforms and apps.

Streamline cloud monitoring: the multicloud platform uses cloud-native threatfeeds to monitor and detect threats across all cloud platforms simultaneously.

Total network visibility: see the state of your entire network, across sites and platforms, in one console.

Cut human error: with pre-populated templates for devices and network segments, the chance of security breaches through human error decreases.

At an application level, policies can be applied Features that support enhanced application across the whole network, including different sites security include:

and different platforms, from a single console. This

increases security within a single segment — for Common identity model: apply a single instance by securing traffic between different apps identity model across all cloud platforms in the same data center — but also across the whole to deliver a seamless experience built on distributed network and the apps which run on it. end-to-end trust.

Apply consistent policies across the cloud: use the multi-cloud management platform to set consistent privileges and security polices across all clouds.

Segment data intelligently: use the multi-cloud platform to set universal rules on which clouds, applications, network segments and users can access data.


Accelerate issue investigation: with alerts unified in one dashboard and monitoring available as part of one workstream, NetOps can track down problems faster.

Those networks which move to a virtualized, multi-cloud architecture that operates on a zero-trust model give their NetOps team the granularity and flexibility it needs to better manage and mitigate risk and to respond faster when something does happen. And the ability to apply policy-based security across all clouds simultaneously removes the problems, and security loopholes, that come with inconsistency and misconfiguration.

The NetOps Benefits of App Modernization

Using the right multi-cloud environment allows the seamless management of the entire network through a single interface. The NetOps team simply specifies the policies it wishes to roll out, and whether it wants those policies to apply globally or only in certain contexts. The intelligent cloudmanagement layer takes care of applying those policies across different sites and platforms.

The modern app-driven network, built on a virtualized and multi-cloud infrastructure, gives


NetOps benefits from working with multi-cloud platforms include:


Complete visibility: even operating across physical sites as well as across different cloud platforms, NetOps has total visibility of the whole network, all the time.

Advanced network features: with the right multi-cloud platform, sophisticated network features come built in, even if they’re not native to the cloud platform.

Compliance as standard: advanced data segmentation, policy-based auditing and sophisticated reporting make compliance simple across all cloud platforms.

Simplicity: because the multi-cloud platform provides high levels of control across all clouds, changing policies at any level is quick and simple.

Automation: thanks to built-in automation, the network can self-heal from many types of disruption and NetOps can spend more time on

NetOps and other network and cloud specialists within the enterprise the tools they need to meet the demands of a rapidly accelerating marketplace.




The benefits and business outcomes an enterprise can expect from moving to an app-driven and multi-cloud model are as follows:



An Outcomes-driven Approach Drives Results

By adopting an approach drive by the needs of business-level applications and their users, expressed as service objectives, enterprises use business needs and metrics to shape their network. This outcomes-based approach fosters an efficient use of resources and the prioritization of business goals.

Improved User Experience

Because the user — and user-to-application — experience is built into the service objectives, it also informs the shape and functioning of the network. With a common identity model, users always have access to the data, services and applications they need, seamlessly. And if users require more computing resources, these can easily and quickly be made available.

Reduce Costs and Overheads

Advanced management, early warning of errors and self-healing are built into virtualized, app-driven networks. This cuts the cost, and time, involved in administering the network and environment. And because key network resources are virtualized, procuring and provisioning new services involves minimal capital outlay.


Be more Agile

When the enterprise needs new network resources or cloud instances, the IT function can deliver these in the shortest possible time. In most cases, no new hardware is required. The enterprise simply acquires the license for new virtual network devices and cloud instances, and then fires these up using existing servers. Thanks to the use of pre-configured templates, provisioning new network segments or services is quick and easy.

Scale Rapidly

Freed from the constraints of a physical network, the virtualized multi-cloud environment makes it possible to add new infrastructure and services rapidly. The enterprise can quickly scale its resources — for instance adding extra e-commerce and payments servers on the go — to meet sudden demand or seize new opportunities.

Embed Security in your Network

Measurable Benefits of the App-based Modern Network

Analysts from Forrester studied virtualized app-driven modern networks in 2019 [13]. Among other things, they found that enterprises which made the switch from a primarily physical to a virtual network infrastructure experienced the following benefits:

80% reduction in time spent on flow analysis.

75% reduction in time spent on securing the network.

95% reduction in time spent configuring and troubleshooting.


Multi-cloud and virtualized networking add a layer of intelligence between the apps you run and the hardware they run. This layer of intelligence allows you to specify how apps, users and services access data. It enables you to set privileges across all apps. And it lets you monitor security events across all cloud platforms and apps from single dashboard.



The company determines that both the check-out server and the payments server are overloaded. To fix the problem, it needs to spin up new instances of both and then dynamically route traffic to them as required.


Using VMware’s Global Namespace function, you can define an application boundary and then connect the resources and workloads that make up the application into one virtual unit to provide consistent traffic routing, connectivity, resiliency, and security.


Using end-to-end encryption, the existing payment and checkout servers offload traffic onto the new instances of each application, as and when required. Once again, users experience the checkout as seamless, smooth and reliable.

Because it could identify the problem and act quickly, Acme did not alienate its new or existing users. This allowed it to grow its market share by keeping both groups, building loyalty long past the period of lockdown.






Next Steps

That means that no matter what the state of your network is today, there’s no reason you can’t start your move to an app-driven, enabled future tomorrow. With the right technology, the right skills and the right strategic partnerships, nothing stands in your way.

VMware has over two decades’ experience helping Enterprises realize increased business agility. VMware Virtual Cloud Network brings enterprise networking and security architecture into the digital age with solutions including VMware NSX, NSX ALB, VMware SD-WAN, and vRealize Network Insight.


VMware engineers and consultants can help you design the virtualized infrastructure that best meets your businesses needs and supports its ambitions. Working with our experts you can increase your operational efficiency, be more agile and still control and even reduce networking, virtualization and cloud costs.





Filter Tags

Networking Security NSX Advanced Load Balancer NSX Service-defined Firewall Document Deep Dive Design Guide Intermediate Design Deploy