This article is more than 1 year old

Servers as pets or cattle was 2012. Now it's McMansions or Hotels

VMware and Pivotal are going to bring microsegmentation to Cloud Foundry

Remember pets and cattle? CERN's 2012 metaphor to describe on-premises servers you name and care for lavishly versus virtualized cloud servers you never name, run in a herd and kill without a second's thought?

Well the metaphor's evolved: VMware and Pivotal are now talking about "McMansions" and "hotels" to explain how they will bring virtual networks into the world of DevOps.

The companies feel that most DevOps work is taking place either with cloud-native applications or on the margins of a big organisation's software portfolio. Core applications remain largely untouched in the push to continuous deployment, largely because even small changes to older code in the heart of a business require detailed security and compliance oversight. That slows things down because large organisations have silos to take care of those things. Between politics and governance, legacy applications and the infrastructure they run on are therefore just hard to accelerate to continuous delivery.

That state of affairs got the two companies thinking about micro-segmentation, the surprise breakout use case for VMware's NSX network virtualization tool. VMware first imagined NSX as a control plane for networks comprised of different vendors' hardware. It's turned out to be more immediately useful for creating small virtual networks - micro-segments - to link a small set of resources, often tied to a specific workload. Because these virtual networks are only required to do certain things, they are defined by policies that don't let them do anything else. If behaviour not defined in policy is detected, micro-segmented networks either isolate themselves or make flash big scary red lights so that operations teams stop bad things happening.

At Dell EMC World the companies will explain how NSX will be integrated with Pivotal Cloud Foundry so that when developers work on stuff that touches compliance-and-security-sensitive applications, they'll do so inside virtual networks that reflect all the worries security and audit teams want taken into account. Instead of creating compliance-friendly new development environments – a McMansion with a room for everyone and every household activity - they'll give developers a hotel room furnished with just the services needed for a few tasks, but a policy-enforced empty minibar.

These development environments will have their own IP and MAC address spaces and, while they may run on shared hardware, will be logically discrete from production environments and from other testbeds.

The two companies think this approach will be especially attractive to developers building containerised systems on top of core applications, because spawning containers, chaining them and they destroying both the containers and the connections between them sets off alarms among compliance pros. Those folks are accustomed to being able to trace transactions with great granularity, a task that possible with containers but made harder by the fact containers are treated as even more disposable than cattle. Showing governance types that all of this wacky work happens within virtual environments that adhere to policy makes for greater comfort.

We're not sure at this stage exactly what Pivotal and VMware will announced, but The Register understands this is a day two announcement. Michael Dell, David Goulden and Intel's Diane Bryant are the day one speakers at the show. ®

More about


Send us news

Other stories you might like