Posts in Networking
Unpacking VMware Application Networking and Security: Insights from Umesh Mahajan at VMware Explore 2024

During VMware Explore 2024 in Barcelona, we had the privilege of sitting down with Umesh Mahajan, Vice President and General Manager of Broadcom’s Application Networking and Security (ANS) Division. Umesh’s passion for the ANS portfolio was palpable as he discussed its mission, the evolving landscape of security challenges, and how Broadcom is positioning VMware's offerings to address them.

We posed five key questions during the interview, each shedding light on Broadcom’s vision and VMware’s approach to innovation in this critical space. Below, we’ve highlighted some of the standout points, but we highly recommend watching the full video for Umesh’s detailed insights. You can find the video embedded below!

Key Takeaways from the Interview

  1. The Vision Behind ANS
    Umesh began by outlining ANS’s mission: to provide seamless security and load balancing solutions tightly integrated with VMware Cloud Foundation (VCF). Broadcom is focused on delivering advanced services that are as easy to deploy as they are powerful. In Umesh’s words, VMware aims to create solutions that “just click in” like adding features to a Tesla – simple, intuitive, and ready to use.

  2. Industry Trends and Challenges
    From ransomware attacks to increasing complexity in security infrastructure, the stakes for businesses are higher than ever. Umesh highlighted how frequent and sophisticated attacks, particularly on financial institutions, have underscored the need for best-of-breed security and load balancing solutions. VMware’s approach is to make these tools accessible and scalable for businesses of all sizes, providing both protection and recovery capabilities in one unified stack.

  3. Key Announcements and Licensing Simplification
    Broadcom’s acquisition of VMware has brought significant changes to how ANS products are packaged and licensed. VMware now offers just three key SKUs: one for Avi load balancing and two for security (firewall and advanced threat protection). These SKUs have been streamlined to reduce complexity and ensure seamless integration with VMware Cloud Foundation (VCF).

    However, these products are now positioned as add-ons to VCF, meaning they are optional but essential for customers deploying VCF. As Umesh explained, organisations need robust security and load balancing capabilities to complete their VCF deployments, making these Advanced Services critical for operational success. Broadcom’s goal is to simplify the consumption and deployment of these services, ensuring customers can get up and running quickly with minimal friction.

  4. Introducing Security Scoring and Co-Pilots
    A standout moment was Umesh’s discussion of security scoring, a feature in development that will help organisations gauge their security posture at a glance. Similar to Microsoft’s approach, the security score will highlight areas of vulnerability, empowering businesses to make informed decisions. Additionally, VMware’s investment in AI-driven Co-Pilots promises to simplify security operations by providing actionable insights in real time.

  5. The Road Ahead for ANS
    Broadcom’s focus is clear: delivering scalable, best-of-breed products that integrate seamlessly with VMware’s ecosystem. Whether through automation, AI-driven insights, or enhanced recovery capabilities, ANS is committed to simplifying the way businesses secure and optimise their private cloud environments.

Why Watch the Interview?

For anyone interested in VMware’s evolving approach to networking and security. Umesh not only outlines how ANS is addressing today’s challenges but also shares his vision for a simplified, integrated future. From ransomware protection to AI-powered Co-Pilots, there’s a lot to unpack.

Don’t miss this opportunity to hear directly from the leader shaping the future of VMware’s security and networking portfolio. Click below to watch the full interview:

Watch the Interview on YouTube

Final Thoughts: Simplifying Security for a Complex World

As Umesh said, security doesn’t need to be overwhelming. By delivering intuitive solutions and minimising complexity, VMware and Broadcom are equipping businesses to handle today’s challenges while preparing for tomorrow’s. Whether you’re a long-time VMware customer or exploring their solutions for the first time, this interview offers valuable insights into how VMware’s Application Networking and Security Division is leading the way.

What do you think of VMware’s approach to security and networking? Let us know in the comments below!

Enterprise Network Observability with Kentik - #TFD27

With your network now reaching much further than the boundaries of your offices, managing an enterprise network is much more complex than ever before.

Kentik’s mission is two-fold.

  1. To make life awesome for people building the connected world

  2. Deliver one comprehensive observability platform for running all of an enterprise’s infrastructure.

During #TFD27, Kentik presented their SaaS-based Enterprise Network Observability Platform. Their platform can receive telemetry from various sources using integrations and agents. With this data via powerful analytics, they can provide network managers with automated insights to resolve issues, improve performance, control standards and much more.

During the demonstration, they showed a number of powerful tools that were able to troubleshoot various issues, including conducting root cause analysis over an application configured in a hybrid infrastructure.

I liked their platform's ability to configure various tests to help monitor the network and application performance. These are able to be configured to take place from agents you have installed across your network or public agents accessible over the internet across the world. This allows enterprise network admins the ability to receive insight from a variety of standpoints. Further to this, the visualisation capability within the platform was fantastic. The two examples below show visualisations, first of BGP routing and secondly of a complete network topology within AWS.

When managing a largescale complex enterprise network, these tools will be invaluable to ensure you have visibility across not only the networks within the offices but across datacenters, into the cloud and beyond.

You can see my doodle covering Kentik’s presentation below and be sure to check out the presentations on the TFD website.

To learn more about Kentik check out their website here.

Make managing DNS, DHCP and IPAM easy with Men&Mice #TFD27

I recently joined the awesome Tech Field Day crew for #TFD27 taking part in a not so sunny silicon valley. Unfortunately for me this time I joined remotely but that didn’t stop the content being as awesome as ever!

First up at #TFD27 was Men&Mice presented micetro a management and orchestration solution for DNS, DHCP and IPAM (DDI).

There were two specific elements I really liked about micetro. The first is the fact it is an overlay tool, not aiming to replace your existing tools but abstract the management from them whilst improving workflow and orchestration. The second stand-out point for me was the comprehensive list of supported solutions that they were able to manage.

During the demonstration, they were able to show unified management of DDI across Linux, and Windows as well as cloud-based solutions in Azure, AWS and beyond.

Recorded live in Silicon Valley as part of Tech Field Day 27 on March 8, 2023. Watch the entire presentation at Men&Mice Presents at Tech Field Day 27 - Tech Field Day

DDI is such a critical element for organisations, and with the introduction of cloud and multi-cloud requirements, the complexity of managing it is only growing. micetro allows administrators to have a single point of truth across multiple solutions allowing corporate standards to be set, maintained and monitored across the multitude of implementation points. Many organisations today rely on an Excel spreadsheet to try and manage DDI, so a solution like micetro can infinitely improve this experience, savings time, improving security and offering enhanced functionality.

Check out my doodle from the presentation below.

If you would like to learn more about Men&Mice, check out their website here.

You can also get a free trial here.

Does your network work for or against you? Juniper AI in Action

Does your network infrastructure work for or against you!? We recently attended Juniper’s AI in Action conference to learn more about Mist and the Marvis Virtual Network Assistant (VNA) technologies.  

Vendors have long been talking about the power of AI and how it will help to enhance our businesses. For many organisations, this seems like a pipe dream. However, it is safe to say that the AI technology built into Juniper Mist is a prime example of how AI can be of practical assistance.  

During the AI in Action conference, we first heard about the history of Juniper Mist. Next, we heard how customers have leveraged Mist to improve the employee and customer experience. Finally, we saw demonstrations of the technology in action. 

Your network infrastructure is arguably one of the essential components of your IT set-up, connecting your users and customers with their workloads and data. However, it is safe to say that networks have remained largely the same, aside from speed and capacity improvements, and are as complicated to manage as ever. 

This is where Juniper’s experience-first networking tackles things differently. Whilst Juniper remains a leader in terms of performance and capability, the Mist AI-powered technology improves both user experience and manageability for the admins. 

During the conference, we heard how Service Now was able to reduce its service tickets by 90% by using the AI. 

Mist AI proactively monitors more than 150 states on the network before analysing what they mean with the Mist AI technology. As a result, Mist can highlight issues and critically report the root cause of problems, even when it isn’t a network-related issue. The customers on the panel said that this functionality had saved substantial time and helped resolve long-term problems. 

One example given was that when a network issue is detected with an endpoint, an automatic packet capture could be started and stored in order to dramatically cut resolution time. This allows the problem to be resolved upon the initial report, rather than needing to wait for another instance before it can be diagnosed. 

The presentations demonstrated how the Marvis Virtual Network Assistant can diagnose an issue with a Teams call from a text-based conversation. Once the admin had used Marvis to pinpoint the problem, Marvis Actions allowed the admin to explore and resolve the issues. In some cases, Marvis Actions can auto-resolve the issues by undertaking actions such as adding mission VLAN takes, fixing port configuration and more.  

However, the power of the Juniper Mist platform doesn’t end with the AI. Customers also spoke about how easy it was to set up. For example, one customer migrating from Cisco shared how the Juniper devices can reutilise the Cisco base plates. In some cases, this allowed the task of installing the APs to be passed to end users. The customers found that installing a new AP could take as little as 22 seconds from start to finish.   

The final demonstration - and the icing on the cake - was showing how to set up a complete branch office. The demo included setting up an edge router with the relevant security and SD-WAN configuration, a switch with VLANs and PoE, and a new AP. From start to finish, thanks to the cloud management and pre-defined intelligent templates, it took just 6 minutes and 47 seconds. 

With many users and organisations demanding greater flexibility and an improved experience, the network needs to change to support these demands. At the same time, we see a skills shortage and increased demands on IT. With the intelligent technologies demonstrated at the conference, it is clear why Juniper is leading the way with its Mist AI technology. 

You can read more about the Mist technology here.  

Juniper Connected Security - Building a threat-aware network

Trying to ensure your network is secure often seems like an impossible battle. Many security and network operation teams often face a losing battle of an ever-growing list of software, aiming to ease administration and secure the network. The truth is, more often than not, this software ends up creating further information silos and adding to the barrage of information for the already bewildered specialists to try to understand.

I was recently given the opportunity to attend an exec briefing with some of the security team at Juniper Networks to understand how their approach differs.  

As always I have summerised my findings in the Tech Doodle below.  

Before I delve a little deeper into Juniper Security Director Cloud, let me share with you my top 3 thoughts: 

  1.  Juniper Security Director Cloud is a subscription-based service avoiding additional hardware requirements 

  2. Juniper Security Director Cloud works well with Juniper and third-party solutions 

  3. Juniper Security Director Cloud has intelligent policy management and can make reactive changes based upon threat analysis  

Juniper Security Director Cloud is an as-a-Service subscription-based solution meaning there is no need for additional hardware or complex initial configuration. As mentioned above I was particularly impressed with how it offers customers support for a number of third-party technologies as well as the wealth of solutions within Juniper’s portfolio.

Core to Juniper Security Director Cloud is the belief that the network itself should become threat-aware.  

Utilising in-built intelligence, Juniper Security Director Cloud is able to protect every connection from client to workload from on-premises to the cloud.  

Juniper Security Director Cloud utilises a unified policy set irrespective of the device, but importantly the automation capabilities allow for deduplication, rule precedence and error avoidance within the policies. Critically, Juniper Security Director cloud is not only able to help you monitor your estate, but also make reactive changes based upon threat analysis.

Many organisations are looking for solutions that are able to simplify and centralise security operations. Not only should they help reduce the burden of multiple siloed solutions, but should also look to use intelligence and automation to help proactively protect the network. This is exactly what Juniper Security Director Cloud sets out to achieve. For organisations that are looking to implement SASE (Secure Access Secure Edge) principles, the fact that Juniper Security Director Cloud supports third- party solutions will allow for Juniper Secure Edge solutions to be implemented alongside existing solutions whilst transitioning.

Juniper is also ever innovating in this space and recently announced the addition of CASB (Cloud Access Security Broker) and DLP (Data Loss Prevention) into their Secure Edge offering.

It was good to learn more about Juniper’s approach to security and SASE. For me I am really looking forward to seeing this technology in action. A single unified approach to policy and intelligent threat analysis coupled with reactive changes is a very powerful mix. I hope to be able to share some demonstrations of this technology with the Tech Doodles readers soon.

You can learn more about Juniper Connected Security at Black Hat 2022 on booth #2240.

Disclaimer: Tech Doodles through Tech Crossing Limited has been paid by Juniper to create content following the Juniper Networks Analyst, Influencer and Media Global Summit 2021. Whilst Tech Crossing Limited and the authors of this blog post have been paid to create the content, there has been no influence or editorial control by Juniper Networks.

Flowmon Overview - Network Performance Monitoring and Diagnostics

I have recently been doing some work with Flowmon to further understand Flowmon’s Network Performance Monitoring and Diagnostics (NPMD) functionality. Below you can see my doodle covering the technology.

In-brief Flowmon, which is now part of Progress, following the Kemp acquisition, gives network operators visibility and insights into network performance and issues. It does this by enriching flow data with level 7 application data, giving enhanced network insight without the overheads of full packet capture. Critical to this is the Flowmon collector appliance which can receive data as Netflow, IPFIX or any standard flow record like sflow, jflow or netstream.

Flowmon Architecture

With this collected data, Flowmon provides;

  • Autonomous investigation for route cause of operational issues

  • In-built expert knowledge of network error codes with remedial action

  • Reduced and simplified toolset, allowing delegation of networking monitoring and troubleshooting

  • Reduction of network diagnostic noise, allowing problems to be resolved quickly and easily

I was able to understand some of the use cases in action, this included following the process of an administrator trying to diagnose slow internet performance reported by users. Utilising the Flowmon toolset, the problems were able to be tracked down within a few steps. The root cause, diagnosed through Flowmon was an incorrect client configuration, resulting in increased network traffic. This was due to Windows updates being pulled down directly from the internet rather than from the local WSUS server. Without Flowmon, this may have taken Network Admins and other teams many hours to diagnose and resolve.

I was really impressed by what I saw of Flowmon, without tools like this, troubleshooting user issues is often a difficult task, with admins trying to understand where the problem lies between the applications, the network and the user. Flowmon gives network admins the tools they need, not only to resolve problems quickly but to be proactive in their troubleshooting.

You can find out more about Flowmon here

Disclaimer: Tech Doodles through Tech Crossing Limited has been paid by Progress to create content covering the Flowmon product set. Whilst Tech Crossing Limited and the authors of this blog post have been paid to create the content, there has been no influence or editorial control by Progress.