vmware nsx for vsphere - intro and use cases
DESCRIPTION
My introduction to VMware NSX and its benefits. Hopefully you like it!!TRANSCRIPT
NSX for vSphere, intro and use cases Oct 2014
Ángel Villar Garea [email protected] @AVillarGarea
DISCLAIMER
2
This is NOT VMware’s official documentation. It is just my understanding of technology and products. Any inaccuracy or error you may
find it is only my responsibility and not VMware’s.
3
The biggest industry transformation since mainframe to client server computing?
What customers demand
Business/IT Execs Speed and Agility Secure Infrastructure Time-to-Market Competitive Advantage
4
IT Operations Efficiency of change
IT Infrastructure & Security Data Center Micro-segmentation Scale-out DMZ Network hardware choice Compute capacity utilization
Data Center Virtualization Layer
Intelligence in Software Operational Model of VM for Data Center Automated Configuration & Management
The Software Defined Data Center (SDDC)
Software
Hardware Compute, Network and Storage Capacity Pooled, Vendor Independent, Best Price/Performance Infrastructure Simplified Configuration & Management
5
Compute Virtualization Abstraction Layer
The Network Is a Barrier to Software Defined Data Center!!
Physical Infrastructure
Software Defined Data Center
• Provisioning is slow • Placement is limited • Mobility is limited • Hardware dependent • Operationally intensive
6
Physical Infrastructure
• Provisioning is slow • Placement is limited • Mobility is limited • Hardware dependent • Operationally intensive
Introducing VMware NSX
Network Virtualization with NSX
L2 Switch Firewall
Operational model of a VM
Sofare
• Programmatic provisioning • Place any workload anywhere • Move any workload anywhere • Decoupled from hardware • Operationally efficient Load Balancer L3 Router
7
Virtual Network – A Complete Network in Software
Internet
8
VMware NSX – Networking & Security Capabilities
Any Application (without modification)
Virtual Networks
VMware NSX Network Virtualization Platform
Logical L2
Any Network Hardware
Any Cloud Management Platform
Logical Firewall
Logical Load Balancer
Logical L3
Logical VPN
Any Hypervisor
Logical Switching– Layer 2 over Layer 3, decoupled from the physical network Logical Routing– Routing between virtual networks without exiting the software container Logical Firewall – Distributed Firewall, Kernel Integrated, High Performance Logical Load Balancer – Application Load Balancing in software Logical VPN – Site-to-Site & Remote Access VPN in software NSX API – RESTful API for integration into any Cloud Management Platform Partner Eco-System
9
VMware NSX Transforms the Operational Model of the Network
Network provisioning time reduced from days to seconds
Reduce network provisioning time from days to
seconds
Cost Savings
Reduce operational costs up to 80% Increase compute asset utilization up to 90% Reduce hardware costs by 40-50%
Operational Automation Simplified IP hardware
Choice
Any Hypervisor: vSphere, KVM, Xen, Hyper-V Any CMP: vCAC, OpenStack Any Network Hardware Broad Partner Ecosystem
Any hypervisor Any CMP
with Partner
10
Gartner Data Center Networking Magic Quadrant 2014
11
“The NSX solu-on should be considered by exis-ng VMware customers as a way of providing network agility and reducing network opera3onal challenges within the data center.”
Gartner Data Center Networking Magic Quadrant, April 24, 2014
12
Use cases
Rack N’ Roll!!
13
Web
App
Database
VM VM
VM VM VM
VM
Deploy Applications from CMP VMs, Logical Networks and Security
Add Capacity on Demand
Virtual Networks are isolated from each other (Overlapping IP Addresses)
Virtual Networks are isolated from underlying physical network (IPv6 over IPv4)
Multitenancy – Complete Isolation
14
Problem – Data Center Network Security Perimeter-centric network security has proven insufficient, and micro-segmentation is operationally infeasible
Little or no lateral controls
inside perimeter
Internet Internet
Insufficient Operationally Infeasible
15
CONFIDENTIAL 16
Solution – Micro-segmentation with NSX
CONFIDENTIAL
Control Plane NSX Manager
Physical workloads and VLANS
Data Plane Distributed switching, routing, firewall
REST API
Management Plane vCenter
Unit-level trust
§ Each hypervisor has its own firewalling with flexible granularity: entire data center down to the vNIC
§ Security is shrink-wrapped around each workload
§ Faults and threats are contained with micro-granularity
CONFIDENTIAL 17
Control Plane NSX Manager
Physical workloads and VLANS
Data Plane Distributed switching, routing, firewall
REST API
Management Plane vCenter
Central Management / Distributed Control
§ Security policies are coordinated and centralized
§ Security actions are orchestrated centrally
§ Firewall policies are provisioned, moved, and retired with their associated workloads
Solution – Micro-segmentation with NSX
Segmentation with NSX
18
DMZ/Web VLAN
App VLAN
HR
Finance
Services/Management VLAN
DB VLAN
HR Finance
Services Mgmt
Finance HR
Perimeter firewall
Inside firewall
Perimeter firewall
DMZ/Web
App
DB
HR Group
App
DMZ/Web
DB
Finance Group
Services Mgmt
Services/Management Group
Traditional Data Center NSX Data Center
§ Each VM can now be its own perimeter § Policies align with logical groups
§ Control communication within a single VLAN
NSX segmentation simplifies network security
Service Insertion Example – Palo Alto Networks Next Gen Firewall
Internet
Security Policy
Security Admin
Traffic Steering
19
Automated Security in a Software Defined Data Center Quarantine Vulnerable Systems until Remediated
Security Group = Quarantine Zone!Members = {Tag = ‘ANTI_VIRUS.VirusFound’, L2 Isolated Network} !
Security Group = Web Tier!Policy Definition Standard Desktop VM Policy þ Anti-Virus – Scan Quarantined VM Policy þ Firewall – Block all except security tools þ Anti-Virus – Scan and remediate
20
NSX Controller
NSX API
Partner Extensions Network
Security Platform
Network Gateway Services
Application Delivery Services
Security Services
+
Cloud Mgmt Platforms
NSX Extensibility – Partner Integration
21
More on NSX Technology Partners: http://www.vmware.com/products/nsx/resources.html
Questions
22
More information
23
Description Link
VMware NSX web site http://www.vmware.com/products/nsx/
NSX and SDDC dedicated web site http://virtualizeyournetwork.com/
VMware NSX Twitter https://twitter.com/vmwarensx
Hands-on-Labs Networking http://labs.hol.vmware.com/HOL/catalogs/catalog/130
VMware NSX customer case – WestJet http://www.youtube.com/watch?v=3OsXGuZjxxY
VMware NSX customer case – Colt http://blogs.vmware.com/networkvirtualization/2014/08/vmware-nsx-customer-story-colt-decreases-data-center-networking-complexity.html
VMware NSX customer case – NTT http://www.vmware.com/company/news/releases/vmw-ntt-netvirt-061013
Brad Hedlund on end-to-end visibility in VMware NSX http://www.youtube.com/watch?v=wRL47AmFAUU
VMware NSX and Splunk - Operational Visibility Across Virtual and Physical Domains http://www.youtube.com/watch?v=PzMvQFeojCk
Thank you