What is our primary use case?
They have a legacy environment that they're trying to use microsegnmentation on. So the use case is to facilitate that because they don't necessarily know a lot of the firewall rules from the original environment, which was a physical environment. Now that it has gone virtual, they want to use the vRNI to get better firewall rules in there and make it more streamlined.
The main usage of it is microsegmentation and troubleshooting, not real monitoring of the environment, because we have other tools that do the monitoring of the environment. But when it comes down to bringing in new environments and making sure they're microsegmented, it's pretty easy to use for that purpose. No other product is available to do that.
And we use it for troubleshooting because it allows us to go from virtual through NSX, up to the core, and see all of that in one pane of glass. It's pretty easy.
How has it helped my organization?
Right now, since the PoC, in the environment that we're using it on, for troubleshooting any issues that come up, or in the case of the microsegmentation, it's very valuable because it has allowed us to add firewall rules that were specific to what we needed, and not the extra firewall rules that other people thought we needed.
It has allowed us to easily take the physical environment and bring it into virtual and then put together the firewall rules that were needed, not necessarily firewall rules that everybody thought we needed, which were already in the old firewalls. We were able to do that much quicker doing it this way, rather than trying to weed out all the rules that didn't necessarily need to be there.
Troubleshooting-wise, we did have a problem in the environment and it made it easier to find the actual issue, the real issue, not something that we thought was the issue.
What is most valuable?
The microsegmentation is valuable, especially for this environment.
Also, the ability to troubleshoot all the way across the NSX part of it to the physical and actually watch the packets go through and then see where the bottleneck is or where the interruption is, is valuable. We run queries on the network flows within the application to find where they are in it and it graphically tells us how the packets are actually going through the system.
It's very user-friendly in the sense that the querying is just regular language like you and I speak or write. You don't need to know any SQL-query type of language to be able to get what you want out of it.
What needs improvement?
The only real improvement they can make is to add more third-party vendors into the environment, mostly switch manufacturers, because it's really limited to Cisco equipment and there are a lot of companies out there other than Cisco.
For how long have I used the solution?
What do I think about the stability of the solution?
It seems to be very stable. I don't know how it's going to be when we go into production. Right now, we have a single instance of it, but in production, it has to be a cluster environment and we haven't really tested that part of it.
What do I think about the scalability of the solution?
When it goes into production, it's going to have to scale from this one, small installation to a much larger installation for our purpose. It seems like it will do it pretty easily, but we won't know until we actually do it.
How was the initial setup?
It was pretty easy to install and the documentation for laying it out seems to be easy to follow, design-wise. It was very straightforward.
We've upgraded four times with it and the upgrading was pretty easy as well.
What's my experience with pricing, setup cost, and licensing?
It could be cheaper, of course.
Which other solutions did I evaluate?
We're not really comparing it to any other vendors. I don't know of anyone that does microsegmentation and whose solution is integrated within VMware's environment
What other advice do I have?
It's a pretty good system if you're doing troubleshooting and microsegmentation. As a troubleshooting tool, it's a level-3 troubleshooting-skills tool and it's very easy to use and very easy to find the information that you need.
I rate it a seven out of ten, only because it doesn't have all the vendors - at least the switch vendors - in there. They only have Cisco, for the most part, and you really need all of them to make it because companies don't just use Cisco for everything.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Sep 25 2018