VMware NSX: The Next Frontier of Virtualization

Shawn Bolan

Microsoft Certified Trainer, VMware Certified Instructor, PRINCE2 Instructor

New Horizons of Nebraska

VMware NSX: The Next Frontier of Virtualization

• Welcome!

• Thank you for registering for this InfoTec Session!

• Your Presenter – Shawn Bolan, NH of Nebraska▪ VMware Certified Instructor, Microsoft Certified Trainer

▪ Technical Trainer Since 1998

▪ VMware Certifications – VCI (Level 2), VCP-DCV, VCP-Mobility, VCP-Cloud, VCP-NV, VCAP-DCA

▪ Microsoft Certifications (over 60) – MCT, MCSE, MCSA, MCITP, MCTS, MCP

▪ VMware Certified Instructor of the Quarter for the Americas, Q3 of 2013

Largest International Network

• 2,100 Classrooms

• 2,400 Instructors in 56 Countries

• 3 Million Student Days of Training per Year

Flexible, Integrated Learning Methods

• ILT – Instructor Led Training

• OLL – Online Live Virtual Delivery

• Private Group Training customized for your organization

Who Is New Horizons?

Proven, worldwide training provider with flexible learning solutions covering a broad spectrum of

topics taught by industry-leading instructors.

Agenda

• Welcome & Introduction

• Virtualization Review

• VMware NSX

• Summary & Classes

• Q & A at the end.

• Individual follow-up questions welcome at sbolan@omahanh.com or contact me on LinkedIn

VMware Virtualization Solutions

The VMware Virtualization Family

• Best of breed virtualization solutions for:▪ Server Virtualization – vSphere

▪ Desktop & Mobility – Horizon (View, Mirage, Workspace), Air Watch

▪ Cloud – vCloud Director, vCloud Automation Center, Horizon Air, vCloud Air

▪ Storage Virtualization – VSAN, vVOLs

▪ Network Virtualization – NSX

Server Virtualization

• Server virtualization (vSphere) is software that decouples the physical hardware from the operating system and provides solutions to many problems that are faced by IT staff

▪ vMotion & Storage vMotion

▪ High Availability (HA)

▪ VM Templates & Clones

▪ Fault Tolerance (FT)

▪ vCenter Server

▪ Standard & Distributed Switches

▪ Host Profiles

▪ Update Manager

• Virtualizing server infrastructure allowed VMware to start the evolution of the corporate data center

Desktop & Mobility

• Horizon is a family of desktop and application virtualization solutions designed to deliver Windows and online services from any cloud.

• VMware AirWatch Enterprise Mobility Management (EMM) delivers unified endpoint management, end-to-end security from devices to data center, and seamless integration across enterprise systems.

• VMware Mobility solutions extend the workspace to Any Application on Any Device from Any Location

Storage Virtualization

• VMware Virtual SAN is a radically simple, enterprise-class shared storage solution for hyper-converged infrastructure optimized for today’s all-flash performance

Cloud Computing

• Cloud services are all about simplicity. Vmware brings together the best of both on-premises and off-premises solutions. You can keep using your same tools and processes, and VMware do the rest.

▪ vCloud Air

▪ Platform-As-A-Service (Pivotal CF)

▪ vCloud Air Hybrid Cloud Manager

▪ Horizon Air

VMware NSX

Transforming Network Communication

Key Points

• Software powers the evolution of networks and data center infrastructure.

• Using the software-defined data center, organizations can meet business demands efficiently and flexibly.

• Using vSphere and VMware NSX, you can create virtual networks that provide a complete set of network services.

• VMware NSX can increase data center security by enabling a rich set of security services with microsegmentation.

Network Virtualization

• Networking virtualization without NSX:

What is missing?

NSX

VMware NSX is a network virtualization platform that you can use to build a rich set of logical networking and security services in a software-defined data center.

Virtual Networks and Network Virtualization

Distributed Switch

VLAN50 VLAN60 VLAN70

ESXi

Distributed Switch

VXLAN 5050

VXLAN 5060

VXLAN 5070

ESXi

VLAN TRUNKING 50, 60

The configurations show the difference between virtual networking and network virtualization.

VMware NSX Logical Switching

• Physical switching poses several challenges:▪ Virtual machine mobility

requiring L2 everywhere

▪ Large L2 physical network sprawl: Spanning Tree Protocol problems

▪ Hardware memory (MAC, TCAM) table limits

▪ Per-application or multitenant segmentation difficult

• Logical switching offers several benefits:▪ Enabling L2 over L3

infrastructure

▪ VXLAN-based overlay:Decoupling logical from physical networks

▪ Scalable multitenancy across the data center

▪ Reduces VLAN ID usage

VM

war

e N

SX

VMware NSX Logical Switch Example

• Logical switches extend layer 2 connectivity across layer 3 boundaries.

vSphere Host

Logical Switch

172.16.10.11/24

Physical Network

vSphere Host vSphere Host

10.20.10.10/24 10.20.20.11/24 10.20.30.12/24

172.16.10.12/24

VM

1

VM

2

VXLAN 5001 172.16.10.13/24

VM

3

VMware NSX Logical Routing Example

• Distributed logical routing provides optimized east-west routing within the hypervisor at line rate.

VXLAN 5001

VXLAN 5000

VM1

VM2

ESXi Host A ESXi Host B

DLR DLR

VMware NSX Logical Routing

• Physical routing poses several challenges:▪ Multitenant routing

complexity

▪ Traffic hairpins

• VMware NSX routing offers several benefits:▪ Optimized east-west and

north-south traffic flows

▪ Distributed hypervisor-based logical routing

▪ Support for OSPF and BGP routing protocols

L2

L2

L2

VM to VM Routed Traffic Flow

NSX Edge Network Services

• NSX Edge provides common gateway services such as DHCP, VPN, NAT, routing, and load balancing:

▪ Integrated L3 through L7 services

▪ Virtual appliance model to provide rapid deployment and scale-out

• NSX Edge provides the following benefits:

▪ Near real-time service instantiation

▪ Support for dynamic service differentiation per tenant or application

Routing and NAT

Firewall

Load Balancing

VPN

DHCP and DNS RelayDDI

VM VM VM VM VM

NSX Edge Load Balancer

• The NSX Edge load balancer enables application or service requests to be distributed across multiple back-end servers in a pool.

Load sharing:

• Load is distributed across multiple back-end servers

Service high availability:

• Servers or applications that fail are automatically removed from the pool.

Benefits:

• The NSX Edge load balancer provides improved application availability.

• It offers improved scalability through load distribution.

Web1a Web1cWeb1b

NSX EdgeLoad Balancer

Public Cloud

Logical Layer 2 VPN

• SSL-based

• Web-proxy support

• L2 bridge to cloud

Features

• High performance: AES-NI acceleration

• 750 Mbps-plus throughput per tenant

Scale and Performance

• Cloud onboarding

• Cloud bursting

• Data center migration

Use Cases

VM VM VM

Distributed Firewall

• Centralized hardware

• Decentralized management• Compound policy challenges • Coordination of enforcement across multiple

devices• Static service chains

• Rules based on IP addresses

• Rate limitation

• Distributed at hypervisor level

• vNIC-level microsegmentation

• Dynamic service chains

• Virtual machine name, vCenter Server

objects, identity-based rules

• Line rate about 20 Gbps per host

Challenges Benefits

Physical Firewalls Distributed Firewall

VMware NSX API

fw1>_

fw2>_

fw…>_

fw98>_

fw99>_

VMware NSX Firewalls: Centralized Policy and Microsegmentation

• VMware NSX firewalls offer innovative features:▪ Centralized management of hypervisor-based distributed firewalls

and NSX Edge firewalls.

▪ Microsegmentation: Every virtual NIC is subject to policy processing at ingress and egress.

▪ Policies based on network, vCenter Server objects as well as security posture of the workload.

Internet

Perimeter Firewalls

CloudManagementPlatform

Dev

Test

Production

Isolation

Web

App

DB

NoCommunication Path

ControlledCommunication Path

Web

App

DB

Advanced Services Controlled Communication Path

SegmentationSegmentation with Advanced Services

Isolation, Segmentation, and Advanced Services

• VMware NSX enables and simplifies workload segmentation and

transparent insertion of advanced services.

Key Points

• Software powers the evolution of networks and data center infrastructure.

• Using the software-defined data center, organizations can meet business demands efficiently and flexibly.

• Using vSphere and VMware NSX, you can create virtual networks that provide a complete set of network services.

• VMware NSX can increase data center security by enabling a rich set of security services with microsegmentation.

NSX Training

NSX Install, Configure, Manage (5 days)

• This comprehensive, fast-paced training course focuses on installing, configuring, and managing VMware NSX™. This course covers VMware NSX as a part of the software-defined data center platform, features of VMware NSX, and functionality operating at Layer 2 through Layer 7 of the OSI model. Lecture and hands-on lab activities support your understanding of VMware NSX features, functionality, and on-going management.

NSX For Internetworking Fast Track (5 extended days)

• This 5-day comprehensive, fast-paced training course provides experienced Cisco Network Administrators with the skills to install, configure, and manage NSX in their Cisco environment.

• Available at New Horizon of Omaha June 26-30

Questions?

• Any questions???

• Please fill out the session on the SCHED site at

http://infotec2017.sched.com

Thank You For Your Attending!

Please Contact Your New Horizons Representative

For More Information About Our Class Schedule