F5 Networks has integrated its BIG-IQ orchestration and management platform with VMware NSX to automate the insertion of its Layer 4-7 network services into VMware's virtual networks. The F5 BIG-IQ integration will be showcased at VMworld 2014 this week in San Francisco.
"We have management plane integration between BIG-IQ, which sits on top of our platform and manages BIG-IP [network services] and NSX," said Phil de la Motte, director of business development and infrastructure alliances at F5. "We are able to allow customers to provision their BIG-IP services directly from within NSX."
The integration is conceptually similar to work that F5 has done with Cisco's Application Centric Infrastructure (ACI). However, in the case of ACI, F5 integrated its BIG-IP appliances directly with Cisco's APIC controller. In later implementations, F5 will bring its ACI integration in line with how it integrates with VMware NSX, allowing the Cisco APIC controller to orchestrate network services through BIG-IQ. F5 emphasizes integration at this management layer because BIG-IQ provides NSX and other SDN networks with a more sophisticated understanding of F5's Layer 4-7 services.
"BIG-IQ provides an abstraction layer from all the different types of BIG-IP services, and even the different types of solutions, anything from virtual editions sitting on the hypervisor to appliances to the top-end chassis," said Nathan Pearce, a marketing architecture expert at F5. "BIG-IQ knows the capabilities of those devices and knows what jobs need to be done by those devices and it eliminates that need to do it the old way with high-availability pairs and those concepts. Now we just have a pool of reusable resources in the network and BIG-IQ knows how to schedule their workloads and what networks to connect them to. "
BIG-IQ will present BIG-IP services to NSX as a set of iApps, F5's customizable frameworks. NSX can choose an iApp for a specific application, such as Microsoft Exhange, and BIG-IQ can orchestrate the appropriate network services for that application across its physical and virtual resources.
"The F5 BIG-IP deployment guide for Microsoft Exchange was 150 pages long. Customers said the guide was amazing, but that it takes weeks to roll through the entire deployment," Pearce said. "We created the iApps templates, which ask a minimal set of questions of the admins. These iApps are like an abstraction of all that complexity, pushed out from BIG-IQ."
"By combining iApps with NSX, an application owner can now go into an NSX catalog and select the services they need for an application," de la Motte said. "He may not know how to build those services, but he doesn't need to if they are pre-configured by the network team and security team."
NSX has some native Layer 4-7 services, such as distributed load balancing and firewalling, but VMware will rely on partners like F5 to deliver and integrate more advanced network services -- such as SSL offloading and web caching -- into NSX and connect them to legacy, un-virtualized environments, said Andre Kindness, senior analyst at Forrester Research.
The BIG-IQ integration also allows administrators to apply network services through a single interface, which makes the job of deploying new applications more efficiently, he said. "Normally you set up Layer 4-7 systems individually," Kindness said. "Now one manager is setting them up centrally and spreading the policies around."
This F5-NSX integration will apply to both virtual and physical BIG-IP appliances and will allow NSX to orchestrate network services across both virtual and physical workloads, said Christian Renaud, senior analyst for 451 Research.
F5 is unlikely to be the last Layer 4-7 vendor to integrate its service orchestration with NSX, Kindness said. Every other vendor will probably follow them, he said.