gamo vmware vcloud air
TRANSCRIPT
© 2016 VMware Inc. All rights reserved.
Slovak Defined Data CenterGAMO - VMware vCloud Air NetworkCustomer Presentation
Frantisek Ferencik, Systems Engineer10.5.2016
Hosted infrastructure services based on vSphere, the leading server virtualization platform
IaaS Powered
Unlock the flexibility to move existing and future workloads from on-premises environments to public clouds and back again for a true hybrid cloud experience
Ensure compatibility with services based on the same VMware platform you already use
Customer Benefits: Hybridity
CONFIDENTIAL 3
Bypass risk and uncertainty with clouds offering compliance certifications and built-in standards for security and reporting to meet business and industry requirements
Trust the inherent isolation provided by vSphere as well as the network virtualization and per VM security policies provided by NSX
Customer Benefits: Security & Compliance
CONFIDENTIAL 4
National cloud give you the peace of mind of knowing exactly where your data is being stored and transferred
Cloud provider keep data and applications local for simplified adherence to national data security and privacy regulations
Customer Benefits: Data Sovereignty
CONFIDENTIAL 5
Pre-Hypervisor Challenges
6
• OS : Physical Hardware mapping is 1:1
• Higher Scale = More Hardware
• Resources Mostly Underutilized
• Network Configurations are mostly Manual
• Security = Perimeter
Pre-Hypervisor
L2 + L3
Application
OS
x86
Storage
Network Interface
Physical Gateway + Router
Firewall, VPN
Virtualization of x86 resolves some issues…
7
1:1 mapping between OS & Hardware
Scale = more hardware
Under Utilized resources
Manual Configurations
Perimeter Security
Pre-Hypervisor
L2 + L3
Application
OS
x86
Storage
Network Interface
Physical Gateway + Router
Firewall, VPN
1:X mapping between OS & Hardware
Scale != more Hardware
Optimized Resource Consumption
Addition of Manual Routes
‘X’ # Firewall Rules
Choke Points
No Cross vSwitchSecurity
Perimeter Security
Post-Hypervisor
VirtualL2
L3
Hypervisor
x86
Storage
Network Interface
Physical Gateway + Router
Firewall, VPN
VM VMVMVM
vSwitch
Hypervisor + NSX
VirtualL2 + L3
Hypervisor
x86
Storage
Network Interface
Physical Gateway + Router
Firewall, VPN
VM VMVMVM
vSwitch
Abstracts Physical Networking Services
8
Pre-Hypervisor
L2 + L3
Application
OS
x86
Storage
Network Interface
Physical Gateway + Router
Firewall, VPN
Virtual Gateway + Router
Virtual Firewall, VPN
Hypervisor NSX
Post-Hypervisor
VirtualL2
L3
Hypervisor
x86
Storage
Network Interface
Physical Gateway + Router
Firewall, VPN
VM VMVMVM
vSwitch
Decouple Network Services
NSX is fundamental to the SDDC
9
The software-defined data center (SDDC) is crucial to the long-term evolution of an agile digital business, according to Gartner, Inc.
Gartner predicts that the programmatic capabilities of the SDDC will be considered a requirement for 75 percent of Global 2000 enterprises by 2020.
• Static• Rigid / fragile• Prone to security issues• Expensive• Hard to change• Manual
Data centers of today Benefits of the SDDC
NSX is fundamental to the SDDCVMware and NSX are best positioned to deliver the SDDC to organizations because we are positioned at the right place in the data center to enable the benefits of the SDDC. Without NSX, the benefits of the SDDC can’t be realized.
Dramatically higher efficiency and lower costs Application provisioning in minutes The right availability and security for every application App and workload mobility
ProvidesA Faithful Reproduction of Network & Security Services in Software
Switching Routing Firewalling LoadBalancing
VPN Connectivityto Physical
What is NSX?
11
Construct Network Services in Virtual Layers
12
Provider Peripheral Network Infrastructure
SwitchingRouting Firewalling LoadBalancing
VPN
Decouple Network Services
Decouple Network Services
• Core infrastructure backbone is agnostic of network demands at the virtual data centers
• Flexibility of Operations
− Consumer serviced networks− Defined Micro-segments for various workloads
Consumer
End Customer Network Infrastructure
Virtual Data Center
VM VM VM
Priv ate Network(192.168.50.0/24)
VM VM VM
DMZ Network(192.168.52.0/24)
Virtual Data Center
VM VM VM
Priv ate Network(192.168.50.0/24)
VM VM VM
DMZ Network(192.168.52.0/24)
Virtual Data Center
VM VM VM
Priv ate Network(192.168.50.0/24)
VM VM VM
DMZ Network(192.168.52.0/24)
Provider
Physical Firewall
Rules
VM’s in Data Center
VM VM
VM VM VM
VM VM VM
VM
With NSX DFW
Lower Perimeter Firewall requirements and cost
13
Lower # of Physical Firewalls
VM’s in Data Center
VM VM
VM VM VM
VM VM VM
VM
Physical Firewall
Without NSX DFW
Distributed Firewall Rules
VM with Security Policy
VM with Default Security Policy
VM
VM
Rules
Lower Routing equipment requirements and cost
14
Lower # of Routers
VM’s in Data Center
Physical Routers
VM VMVMvSwitch3
VM’s in Data Center
Physical Routers
VM VMVMvSwitch3
VM VMVMvSwitch1
VM VMVMvSwitch2
Distributed Routing+
Edge Gateway
VM VMVMvSwitch1
VM VMVMvSwitch2
Distributed Routers
Distributed Logical Router
.1
.1
.1
.1
App Logical Switch172.16.20.0/24
DB Logical Switch172.16.30.0/24
.2
Perimeter Gateway
Control Center192.168.110.10
Web Logical Switch172.16.10.0/24
Micro-Segmentation/Inside Perimeter SecurityZero Trust Model
VM
fin-web-sv-02b
.12.11
fin-web-sv-01a
VM VMhr-web-sv-02b
.22.21
hr-web-sv-01a
VM VM.11
fin-app-sv-01a
VM.21
hr-app-sv-01a
VM.11
fin-db-sv-01b
VM.21
hr-db-sv-01b
VM
Finance
HR
TCP 1234SSH
Traffic from WEB tier to APP tier (per organization) protected by DFW
MySQL
Traffic from APP tier to DB tier (per organization) protected by DFWHTTP
HTTPS
Traffic from USER to WEB Tier protected by DFW
15
NSX and vCloud Director Use Cases• NSX functionality can be consumed out of band from vCD to enable provider side use cases
• Enables providers to deliver value added services to their cloud consumers• Does not require direct product integration
• Can be automated for rapid provisioning or even self-service
CONFIDENTIAL 17
Use Case Benefit NSX Components
L2VPN & L2 Bridging • Cloud Bursting• Cloud Migration• Network Extension• Disaster Recovery as as Service
NSX Edge GatewayNSX L2 Bridging
Micro-segmentation of provider managed networks
• Securely provide network based services to tenants, eg:• Backup• Monitoring• Patching
NSX Distributed FirewallSpoofGuard
Guest/Network Introspection NSX Partners Services
• Agentless guest and network based services from NSX Partners, eg:• Anti Virus• IDS/IPS
NSX Service ComposerPartner Ecosystem
Gateway Virtualization • Virtualize network functions on commodity x86 hardware• Common interface and vendor across all services
NSX Edge GatewayVXLAN
Y
• SSL secured L2 extension technology over any IP network
• Separate NSX Edge GWs run as server & client• Independent of vCenter Server boundaries• Managed and Unmanaged options• UI and API based configuration
• Able to bridge any combination of VLAN or VXLAN networks
• No specialized hardware required (will leverage AES-NI CPU instruction set where available)
• Supports both Enterprise and Hybrid Cloud use cases
Features Benefits
NSX and vCloud Director – L2 VPN
CONFIDENTIAL 18
Internet / WAN
Enterprise
NSX Edge Services GW L2VPN Client
NSX Edge Services GW L2VPN Server
Internet / WAN
PublicCloud
Hybrid Cloud
NSX Edge Services GW L2VPN Client
NSX Edge Services GW L2VPN Server
NSX and vCloud Director – L2 Bridging• NSX L2 Bridging– Physical to Virtual connectivity– Intra-DC Migration & IP Mobility
CONFIDENTIAL 19
Tenant 1Servers & VMs(VLAN 10)
Tenant 2Servers & VMs(VLAN 20)
Bridging Instance Tenant 1(VXLAN 5000 to VLAN 10)
Bridging Instance Tenant 2(VXLAN 5001 to VLAN 20)
VXLAN 5000VXLAN 5001
vCloud Director & NSXManaged Resources Colocation Resources
VXLAN
VLANL3 PhysicalNetwork
NSX and vCloud Director – Secure Provider Services• NSX enables Provider managed services to be attached to VMs (Monitoring, Backup, etc.)
• All VMs are attached to a common Service Network• NSX Distributed Firewall and SpoofGuard enforce security and isolation
CONFIDENTIAL 20
Edge Gateway
VM VM VM VM VM VMVM VM
Org 2
Org 1 Net Org 2 Net
App X Net
ProviderRouters
App Y Net App Z Net App K Net
vApp X vApp Y vApp Z vApp KNSX Edge NSX Edge
Internet/WAN
External Net
Monitoring Service
Backup Service
Patching Service
Common Services Net
Tenant 1Managed Org 1 Tenant 2
Managed
ProviderManaged
NSX and vCloud Director – Value Added Services• Both native NSX and 3rd party Solutions can be added as Value Added Services (VAS)
• NSX Service Composer allows Providers to deliver VAS on a per-Tenant or per-VM basis
21Data
Security Firewall Activity
MonitoringAnti VirusVulnerability
ManagementIPS/IDS
Different service categories from several vendors are supported
Hyper-Converged Infrastructure Architecture
22
HYPER-CONVERGED SOFTWARE
Compute, storageand networking
Tightly integrated software stack
INDUSTRY-STANDARD HARDWARE
Convergence ofphysical storage onx86 hardware
Building-blockapproach
Industry-Leading Hyper-Converged Software
23
From the market leader in virtualization software and management
VMware Hyper-Converged Software
x86 Server Hardware
vSphere
vCenter
Virtual SAN
VMware Hyper-Converged Software
Market-leading hypervisor
Radically simple enterprise-class storage
Most flexible deployment options
Unified management
The Best Building Block for the Software-Defined Data Center
24
NSX: Leading network virtualization platform for the SDDC
vRealize Operations: Advanced storage management and planning
vRealize Log Insight: Real-time log management of Virtual SAN
Horizon: Single platform for virtual and hosted desktops
x86 Server Hardware
vSphere
vCenter
Virtual SANVMware HCS
SDDC software
Why VMware Hyper-Converged Software?
25
Radically Simple
>100Pre-Certified Ready Nodes to Match
Existing Infrastructure
1Integrated SW stack
<1msLatency with all-flash
systems
>100KIOPS per node
$1/GBAs low as $1 per
usable GB of all-flash Virtual SAN
50%Lower TCO
1Platform for business critical apps, Openstack
and containers
>6M IOPS per cluster
Highest Performance
Lowest Cost$ Any App,
Any Scale
Most Widely Deployed HCI Solution in the Market
Total Customer Count
Q2’13 Q2’14 Q2’15
VMware HCS#2 HCI Vendor**
VMware HCS
#1 >20,000 CPUs in Q4’15Units Deployed*
>3,000 customers>500 new/quarter
Customer Adoption*#1
~200% YoY in Q4’15Revenue Growth*#1
* Source: VMware internal analysis, January 2016. Compared to leading HCI vendors only. ** Source: IDC MarketScape Hyperconverged Market, Dec 2014. SEC S-1 Form, December 2015.
VMware Virtual SAN
27
Radically Simple Hypervisor-Converged Storage for VMs
• Software-defined storage optimized for VMs
• Embedded in the hypervisor
• Runs on any standard x86 server
• Supports hybrid and all-flash configurations
• Delivers enterprise-level scalability and performance
• Managed through per-VM storage policies
• Deeply integrated with the VMware stack
Overview
Virtual SAN Datastore
…
vSphere + Virtual SAN
VM VM VMVM VM VM
Accelerating Innovation
28
VSAN 5.5March 2014
VSAN 6.0March 2015
All Flash64 Node ClusterX2 Hybrid PerformanceVSAN SnapshotsVSAN ClonesRack Awareness
VSAN 6.2March 2016
VSAN 6.1September 2015
Stretched ClusterReplication - 5 Min RPORoot Cause AnalysisHealth Monitoring
DeduplicationCompressionErasure Coding (RAID 5/6)Quality of Service Performance & Capacity MonitoringExpanded Virtual SAN Ready Nodes
Virtual SAN Simplifies and Automates Storage Management
29
Per-VM Storage Service Levels From a Single Self-tuning Datastore
Storage Policy-Based Management
Virtual SAN Shared Datastore
vSphere + Virtual SAN
SLAs
Software Automates Control of Service Levels
No more LUNs/Volumes!
Policies Set Basedon Application Needs
Capacity
Performance
Availability
Per VM Storage Policies
Efficiency of a Single, Hyper-Converged Software Stack
StorageVM
vSphere vSphere + Virtual SAN
One in every server
ü Kernel-embedded for optimized I/O data path
ü Major advantage in resource utilization• 2x CPU efficiency and 3x memory efficiency
ü All features work natively• Native vMotion and DRS
✖ Overhead of virtual appliance
✖ Long data paths
✖ Bolted-on integration
Tiered All-Flash and Hybrid Options
31
Caching
DataPersistenceVirtual SAN
All-Flash
100K IOPS per Host+
sub-millisecond latency
Writes cached first,Reads from capacity tier
Capacity TierFlash Devices
Reads primarily from capacity tier
SSD PCIe NVMe
Hybrid
40K IOPS per Host
Read and Write Cache
Capacity TierSAS / NL-SAS / SATA
SSD PCIe NVMe
Virtual SAN Delivers Enterprise-Grade Scale
32
6M+IOPS
6,400VMs
8.8Petabytes
Maximum Scalability per Virtual SAN Cluster
64Hosts “I am looking for cost-savings, efficiency
and the ability to expand when we need to, quickly. And that’s something the Virtual SAN lets us do in every case.For the Doe Fund, you know, it is the holy grail of storage.”— Ryan HoenleDirector of IT, The DOE Fund, Inc.
Notes: based on IOMeter 100% Read benchmark