An Interview with Pensando Systems: A Simple New Approach to Data Center Micro-Segmentation



Vandis’ CTO, Ryan Young, sat down with Jason Gmitter, Senior Director of Solution Engineering at Pensando Systems, to discuss the industry's first distributed services architecture that allows enterprises to create and operate network infrastructures that perform and scale just like public cloud infrastructures to provide zero trust solutions for data centers.

Ryan: Can you tell us about Pensando and how the company came to be?

Jason: Shortly after John Chambers left Cisco in 2017, he invested in this company, Pensando, with our Founders. This team had developed virtually all of Cisco’s innovative data center solutions over the last 30 years – from the Catalyst to the Nexus. They looked at the AWS acquisition of Annapurna Labs, which catapulted AWS into a market leadership position in performance and scalability of the public cloud. They believed they could build a better solution for other public cloud providers and the Enterprise. In the two years since we launched, our revenues have exploded and as a result we are being acquired by AMD for $1.9B this quarter.

Ryan: Can you explain why you created a SmartSwitch for the Enterprise?

Jason: Pensando’s initial success was driven by deploying a Distributed Services Card (aka SmartNIC), where the ASIC resides on a PCIe card inside a server. Public cloud providers have widely adopted this, but the model didn’t fit as well in the Enterprise. Enterprises typically don’t have the performance requirements of the hyper-scalers and don’t want to build their own “custom” solutions.  But they do need to build more secure networks. The CX 10000 top-of-rack SmartSwitch brings software-defined networking (SDN) functionality, stateful micro-segmentation and L3/L4 Firewall closer to the enterprise applications, but each switch has an additional pair of ASICs shared by a rack of 48 servers to bring the costs in line with their performance requirements. Better yet, additional functionality like network address translation (NAT), IPSEC, and load balancing can be added in the future without swapping out the hardware. Traditional Top-of-Rack switches, whether they’re a leaf in an EVPN-VXLAN fabric or an access switch in a traditional 3-tier architecture, haven’t provided much value other than connectivity. We believe this is a game-changer at a very compelling price point.

Ryan: Can you tell us why Pensando selected Aruba as its partner for a data center switch?

Jason: Aruba has a strong data center portfolio, and its switches are open API-driven, just like Pensando solutions. This made it very simple to integrate our solution. The Aruba Fabric Composer enables Pensando’s Policy and Services Manager (PSM) to easily integrate with upstream solutions like VMware, Nutanix, and others, making Aruba the obvious choice. 

Ryan: What makes the Aruba/Pensando switch different from other top of rack switches?

Jason: Our P4-programmable ASIC is being deployed in 3 of the top 5 public cloud providers, where scale is the #1 requirement. The Aruba CX line has a consistent OS across the entire platform and supports standards-based integration with other platforms. Aruba doesn’t sell solutions that create vendor lock-in. The CX10000 is unique because it solves many of the challenges customers have struggled with trying to implement micro-segmentation in the data center. The CX10000 enables customers to finish a micro-segmentation project a customer started and stalled or is getting ready to kick off a new network zero trust initiative. 

Many of our customers are deploying the CX10000 switch attached to spines from different vendors. 

Ryan: Why do you believe this approach is necessary in data centers today? Would a data center have to replace its entire infrastructure to get the benefit of this solution?

Jason: IT Teams have a huge challenge in today’s security-conscious world – ensuring 24x7 network availability while also protecting against malicious attackers, whether inside or outside the organization. In 2021, it was estimated that there were more than 5M attacks into corporate data centers and a majority stemmed from the lack of East-West security. All organizations deploy North-South next-gen firewalls to protect the perimeter, but those firewalls are very expensive and complex to deploy for East-West traffic. Companies are refreshing Top-of-Rack switches or adding new racks all the time. Our approach of deploying stateful security services at every network port makes the most sense operationally and happens to be the most cost-effective solution available.

To learn more about how the Aruba CX 10000 series switch with Pensando eliminates the limitations of legacy networking to bring Zero Trust Solutions to the Data Center, listen to the replay of the webinar "Bring Zero Trust Solutions To Your Enterprise Applications” on Vandis' Youtube Channel.