Martin Casado just before his appearance on the Cube from VMworld 2012. Stuart Miniman photo

Ed. note: This is the second of three articles on an exclusive interview with Nicira Cofounder and CTO Martin Casado in the Cube at VMworld 2012. The first piece focused on Casado’s overall vision of the fully virtualized data center of the future. The third will focus on open source versus open standards and support for multiple hypervisors. The full interview can be seen here.

The creation of the fully virtualized IT environment of the future will impact nearly every IT professional, says Martin Casado, Nicira co-founder and CTO. However, he does not see this as a risk to people’s jobs. Rather than driving job consolidation, he sees it as largely a plus for hard-working IT techs, allowing them to automate some of their low-level concerns and focus on higher level issues. And surprisingly, he says, network virtualization will not have a major impact on network techs.

First he says, virtualization in no way decreases the importance of the underlying physical network. “You still have to focus on the problem of building a physical network, and they’ll probably have to be better physical networks. So the problem now is how do you build a physical network with high capacity that can support the workloads and less about the operational stuff you do today.” However that network will still be there and still need to be managed with the same physical network management tools in use today.

Virtualization’s impact will be on simplifying the resource allocation and QoS management of the traffic running over that physical network. “Instead of having one network that’s really complicated, you’ve got N simple networks. You have got a simple physical network and the N virtual networks, and they all have the same interfaces that you are used to managing.” Each of those virtual networks will handle traffic for one application, making it easy to measure QoS and see how each application and workload uses network resources. And a great deal of metadata on that traffic becomes available at the network’s edge.

The Impact on Other IT Professionals

For other IT professionals, he said, “Immediately anybody who’s building out a data center, like a cloud architect, is going to have this primitive that they can use to architect better systems.”

Application developers will no longer to be concerned about now networks work or how the network is configured, because each application thinks it is on its own network. Operations will have a lot more flexibility because they can move things, reallocate resources, and add network-based services such as security in the virtualization layer without having to worry about the complexities of the physical layer.

Better Security

Casado also believes that network virtualization will provide the basis for much better data security by providing detailed metadata on traffic. “Now instead of looking at packets and trying to guess what application they’re using by looking at traffic, you can actually get the ground-truth information from the hypervisor.” So if malware, for instance, invades the network, security can immediately see exactly what is happening and shut it down.

This is not accidental. “The original design for Nicira came from the intelligence community,” Casado says. “My background – I used to work for the intelligence agencies…. You trust the hypervisor to enforce things like isolation and enforce security. And now you have a strongly authenticated end-point. You are no longer guessing at things.”

The biggest security issue he sees, is getting the security vendors to evolve their thinking and tools along with the virtualization community.

“I actually think there is an opportunity to do security in entirely new ways, ones that can transform the industry. For example, with virtualization you have deep semantics into the workloads. You can look inside the VMs, you know who’s using them, you know what applications they are using. You know what documents are being sent or read or passed around.”