white paper where network virtualization fits …...where network virtualization fits into data...
TRANSCRIPT
Where Network Virtualization Fits Into Data
Center InitiativesThe Role of Network Virtualization in the
Modern, Secure Data Center and in Hybrid Cloud
Strategies
W H I T E PA P E R
W H I T E P A P E R / 2
Table of Contents
Supporting the Velocity of Business Change with Network Virtualization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
What Would You Virtualize in Your Network? . . . . . . . . . . . . . . . . .4
How Network Virtualization Fits Into Your Existing Physical Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
Leverage What You Have Rather Than Rip and Replace . . . . . . 5
Physically Fit and Not Locked In . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
How Network Virtualization Fits Into Software-Defined Data Center . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
Security with Micro-Segmentation . . . . . . . . . . . . . . . . . . . . . . . . . . .7
IT Automation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
Application Continuity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
VMware NSX: The Leading Network Virtualization Platform . . . . 10
A True Network Virtualization Platform vs . Virtualization Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
“Any” Thing Is Possible . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
Iron Is Slow to Grow, While NSX Network Virtualization Is Exponentially Speedy . . . . . . . . . . . . . . . . . . . . . . 11
Integrated Best-of-Breed Networking and Security Services . . . . . . . . . . . . . . . . . . . . . . . . . . 12
Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
W H I T E P A P E R / 3
Supporting the Velocity of Business Change with Network Virtualization
For years, the networking infrastructure has been referred to as the
“plumbing” of the enterprise. Certainly routers and switches have
become incredibly sophisticated over the years. But increasingly,
the constraints of physical networks are being exposed by the
management, agility, scalability and security demands required
for hybrid cloud strategies and the modern, secure data center.
When you enter the world of network virtualization, the pace of change accelerates. You
can transform data center economics and operations. The obstacles of physical networks
vanish, while all of your physical transport capacity becomes simpler and easier to use.
The result is a transformative model with service delivery that matches the velocity
demands of today’s businesses.
When a technology fundamentally changes an old model to support new strategies,
it is natural to ask, “Where does this fit into my data center initiatives?” In this paper,
we look at where network virtualization fits with these IT goals:
Reducing the cost and complexity
of existing physical infrastructure assets
(without disrupting your existing infrastructure)
Moving towards the Software-Defined
Data Center (SDDC)
Accelerating (and simplifying) private and hybrid cloud initiatives
Improving data center security, automation and applications continuity
W H I T E P A P E R / 4
Workload Workload Workload
L2, L3, L4-7 Network Services
Network Virtualization Platform
Requirement: IP Transport
Physical Network
Application Application Application
x86 Environment
Server Hypervisor
Requirement: x86
Physical Compute and Memory
Software
Hardware
Decoupled
What Would You Virtualize in Your Network?Network virtualization is conceptually very similar to server virtualization (see Figure 1).
Figure 1: Network virtualization is similar to server virtualization, with equally impressive benefits .
With server virtualization, a software abstraction layer (server hypervisor) reproduces
the familiar attributes of an x86 physical server (e.g., CPU, RAM, Disk, NIC) in software,
allowing them to be programmatically assembled in any arbitrary combination to
produce a unique virtual machine (VM) in a matter of seconds.
With network virtualization, the functional equivalent of a “network hypervisor”
reproduces the complete set of Layer 2 to Layer 7 networking services (e.g., switching,
routing, access control, firewalling, QoS, and load balancing) in software. As a result,
they, too, can be programmatically assembled in any arbitrary combination, this time
to produce a unique virtual network in a matter of seconds.
Not surprisingly, similar benefits are also derived. For example, just as VMs are
independent of the underlying x86 platform and allow IT to treat physical hosts
as a pool of compute capacity, virtual networks are independent of the underlying
IP network hardware and allow IT to treat the physical network as a pool of transport
capacity that can be consumed and repurposed on demand.
W H I T E P A P E R / 5
How Network Virtualization Fits Into Your Existing Physical NetworkIn retrospect, it may seem like compute virtualization happened overnight. But
compute virtualization with VMware vSphere® was never an “all or nothing” proposition.
IT organizations appreciated the fact that virtualizing servers with VMware was low
risk, incremental and non-disruptive. The same tenants—low risk, incremental and
nondisruptive— are true with network virtualization as architected by VMware.
This is why network virtualization has moved up so quickly on the IT agenda.
Leverage What You Have Rather Than Rip and Replace
IT organizations would rather not be forced to rip and replace the physical network in
order to realize the benefits of agility, automation, and security. The right network
virtualization technology should be a completely non-disruptive solution, which means:
• Requires no changes to existing applications and workloads
• Allows you to incrementally implement virtual networks at whatever pace you choose
(without any impact to existing applications and network configurations)
• Extends visibility to existing networking monitoring and management tools
to deliver increased visibility into virtualized networks
In addition to being non-disruptive, network virtualization can help increase IT uptime
and agility by enabling networking professionals to perform fewer activities that are
manual and error-prone (as shown in Figure 2). For example:
• Provisioning: Manipulating a multitude of VLANs, subnets, firewall rules,
load balancers and ACL, QoS, VRF and MAC/IP tables; in an enterprise network,
provisioning also involves multiple vendor-specific command line interface (CLIs),
exacerbating the “time and error” problem.
• Ongoing change management: Painstaking box-by-box tasks required to ensure
that changes to the network for the placement and mobility of one application
do not adversely impact other applications.
This can free up valuable time for senior networking professionals for strategic data
center initiatives, such as global network architecture design and traffic engineering.
W H I T E P A P E R / 6
Virtual SwitchHypervisor
Existing Physical Network
Simplified IP Backplane, No VLANs, No ACLs, No Firewall Rules
Virtual Network
Virtual SwitchHypervisor
Figure 2: Network virtualization preserves but greatly simplifies the existing physical network . At the virtualization level, you gain the ability to define policies for applications continuity with QoS, uptime and performance . With micro-segmentation, you can create pervasive, granular and adaptable security to protect the data center .
Physically Fit and Not Locked In
Network virtualization actually opens up more possibilities for hardware and vendor
choices. Because the physical network is only required for reliable high-speed packet
forwarding, you have the freedom to pick the right products without being held captive
by compatibility restrictions. It gives IT greater freedom in hardware choices going
forward—which is not something that traditional network vendors are keen to see.
What does that mean for the future? It means that you can support next-generation
fabrics and topologies from any vendor. Imagine the ability to follow your own roadmap
for success, rather than letting a single vendor set your agenda or pace.
W H I T E P A P E R / 7
How Network Virtualization Fits Into Software-Defined Data Center (SDDC)With network virtualization, you can achieve the operational model of a VM for the entire
data center. You can programmatically create, snapshot, store, move, delete and restore
entire applications environments with the same simplicity and speed that you spin up
a VM. Create any network topology in minutes or even seconds.
Generally, companies have a specific problem to solve when they start down the path
of network virtualization. So what might send network virtualization to the top of your
agenda? Let’s look at three of the most common problems that network virtualization
solves easily.
Security with Micro-Segmentation
Data center security is a major concern for IT. Security breaches within the walls of
the data center continue to escalate, along with the costs of loss and remediation.
The average company experiences two successful attacks each week, according to
a global survey by PriceWaterhouseCoopers.1
Security administrators are under pressure to secure workloads faster. The new model
for data center security will be: a) software-based, b) use the principle of micro-
segmentation, and c) embrace a Zero Trust2 (ZT) model. The ZT model says that in a
more virtualized world there should be no distinction between trusted and untrusted
networks or segments—protection must be pervasive and granular. In order to build
a ZT model, you need a virtualized network that provides micro-segmentation.
1 . Global State of Information Security Survey 2015, PriceWaterhouseCoopers, 2014
2 . Leverage Micro-Segmentation to Build a Zero Trust Network, Forrester Research 2015
Software-based
Use the principle of micro-
segmentation
Embrace a Zero Trust (ZT)
model
W H I T E P A P E R / 8
Micro-segmentation is not about “building up” but “infusing into.” It’s analogous to how plants can be engineered at the molecular or cellular levels for pest and disease resistance. That’s why VMware describes micro-segmentation as the ability to “build security into your network’s DNA.”
Security policies are enforced by firewall controls that are integrated into the hypervisors
already distributed throughout the data center. That means you have an instantly
ubiquitous security blanket across the data center. And because of its place in the
hypervisor, network virtualization is close enough to the applications and workloads
to have rich context, yet removed enough to isolate these assets from threats.
Security policies are tied to your virtual network, VMs, and operating system,
down to the virtual network interface card. You can create fine-grained policies
that simply aren’t possible with conventional physical firewalls. Security policies
can be updated in seconds—and even automatically—to respond to security threats
or changes in application topologies.
Because policies are tied to VMs, rather than VLANs or IP addresses, policies
automatically move with the workload. Keeping policies synchronized with workloads
not only simplifies administration, it eliminates gaps that can create vulnerabilities.
You can manage literally thousands of virtual firewalls as one firewall from a single
“pane of glass.” Administrators can automate workflows, policies and rules from
that single pane of glass and then propagate configuration changes to every virtual
firewall in seconds. In other words, network virtualization enables distributed security
policy enforcement with centralized management.
W H I T E P A P E R / 9
IT Automation
In large data centers, manual processes for routine tasks drain IT budgets and strain
administrators already stretched thin. Manual processes are also prone to human error
and variability from one administrator to another. Any task that has to be performed
manually is an anchor holding back agility and scalability.
Network virtualization makes automation practical and easy for a variety
of labor-intensive tasks, including:
Configuration Provisioning Management Updating security policies when
workloads move or are decommissioned
Let’s take a closer look at how automation applied to provisioning can reduce operational
expense, accelerate time to-market, and speed IT service delivery: With network
virtualization, a network engineer can create a template for a multi-tier application
for development purposes. The environment can then be provisioned to an application
developer in a matter of seconds via a self-service portal. The same can be done for
quality assurance (QA), staging and production environments—across hybrid clouds
and multiple applications and services—with consistent configuration and security.
Application Continuity
Keeping applications up and running is one of the top mandates of IT organizations.
With hardware-based networks, it is cost-prohibitive to completely reproduce the
network topology and services in a secondary location. Instead, the current practice
is to create a “good enough” version.
With network virtualization, you can snapshot a complete application architecture
(with no compromise in functionality), send a copy to the backup site, and use it
to restore the virtual network in seconds—on any hardware.
W H I T E P A P E R / 1 0
Figure 3: VMware NSX reproduces the entire network model in software (e .g ., switching, routing, firewalling, load-balancing, VPN, etc .), enabling any network topology—from simple to complex multi-tier networks— to be created and provisioned in minutes or even seconds without modifying the application .
Virtual Networks
NSX
Network Virtualization Platform
Any Application
Any Cloud Management Platform
Any Hypervisor
Any Network Hardware
Logical L2 Switch Logical L3 Router
LogicalFirewall
LogicalLoad Balancer
LogicalVPN
VMware NSX: The Leading Network Virtualization PlatformWhere does VMware NSX® fit in the field of vendors offering network virtualization
capabilities? VMware has the largest installed base of any network virtualization platform.
As more enterprises and service providers adopt the SDDC model, VMware is the
company that understands the people, processes, tools and technology implications
of network virtualization better than any other vendor.
A True Network Virtualization Platform vs . Virtualization Features
As shown in Figure 3, NSX is a full network virtualization platform.
Some solutions that are touted as offering network virtualization only offer virtualization
in specific and even restricted ways. Software-Defined Networking (SDN) is a perfect
example. SDN is actually an umbrella term for several technologies aimed at better
managing hardware boxes, such as switches. SDN accommodates virtualization where
necessary, but it is not a network virtualization model. It is hardware that leads the SDN
model, and virtualization is a supporting player. Which is why so many of the constraints
of physical networks are not solved with SDN.
W H I T E P A P E R / 1 1
One of the strengths of the wwVMware NSX platform is the depth and breadth of problems it can solve. No matter what the primary reason might be for adopting network virtualization today, you have a platform that can take you far in the future.
“Any” Thing Is Possible
VMware describes the brave new architecture for IT: One Cloud, Any Application,
Any Device™. VMware’s SDDC creates a unified hybrid cloud from private, public
and managed clouds and business mobility. All of these resources can be governed
from one unified Cloud Management Platform (CMP). Which means you can use this
enormous reservoir of resources to rapidly develop, automatically deliver and manage
all of your enterprise applications, no matter where they reside. The end goal is to
deliver high-value outcomes to your organization.
Virtual network
capacity scales linearly
(alongside VM capacity)
with the introduction
of each new x86-based
hypervisor/ host adding
40 Gbps of switching
and routing capacity
and 30 Gbps of
firewalling capacity
A single
NSX Controller™
cluster can deliver
over 10,000 virtual
networks in support
of over 100,000
virtual machines
The processing
required for execution
of distributed network
services is only
incremental to what
the vSwitch is already
doing for connected
workloads—typically
between 25% and 50%
of one core on each host
Iron Is Slow to Grow, While NSX Network Virtualization Is Exponentially Speedy
The NSX network virtualization is architected for connectivity in the era of cloud
computing and the Internet of Things. The economics of this degree of connectivity
is simply not feasible when you are dependent upon hardware to scale the network.
For example, with NSX:
W H I T E P A P E R / 1 2
Figure 4: VMware NSX is a platform that tightly integrates the industry’s leading networking and security solutions into the SDDC . This ever-expanding ecosystem means you can be confident that you can enhance any aspect of your virtualized environment .
NSX TECHNOLOGY PARTNERS
SDDC OPERATIONS
AND VISIBILITY
PHYSICAL-TO- VIRTUAL (P2V) DATA CENTER SERVICES
SECURITY SERVICES
APPLICATION DELIVERY SERVICES
Checkpoint
Intel
Palo Alto Networks
Rapid 7
Symantec
Trend Micro
Hytrust
Arkin
EMC
Gigamon
NetScout
Riverbed
Tufin
Arista
Brocade
Cumulus Networks
Dell
HP
Juniper Networks
Citrix
F5
Integrated Best-of-Breed Networking and Security Services
The VMware NSX platform is specifically designed to facilitate integration, applications
development and services from an ever-expanding ecosystem of networking and security
technologies (see Figure 4). These partner solutions ensure that you can quickly adapt
to constantly changing conditions in the data center and business demands. For example,
Palo Alto Networks’ integration with VMware NSX adds the ability to:
• Efficiently add advanced, next-gen firewalling and IPS security to workloads inside
the data center
• Share intelligence with other security products in the VMware NSX ecosystem to adapt
to emerging security conditions in the data center
W H I T E P A P E R / 1 3
ConclusionWhere does network virtualization fit into the data center?
Network virtualization fits with your physical infrastructure. It makes more efficient
use of the infrastructure you have, and gives you more choices in hardware vendors
going forward.
Network virtualization fits with your vision for SDDC, a data center model that’s more
adaptable, simpler to manage, and more responsive to your business. Amazon, Facebook
and Google seem to have set the bar high with their mega data centers. But what they
have accomplished is more easily attainable today than it was even a year ago. And one
of the big things that has changed in that time is the reality of network virtualization.
It’s a cornerstone of the modern, secure data center that business executives and lines
of business expect IT to deliver.
As an integral part of SDDC, network virtualization fits with your vision for turning
hybrid clouds into transparent, unified environments for building, delivering and
managing enterprise applications.
Network virtualization fits with your priorities today, whether that’s closing the dangerous
gaps in data center security. Or automating processes to make a measurable difference
in time-to- market with higher quality and consistency. Or not taking shortcuts on
backup, so there’s no half-measures in bringing your complete infrastructure back
online to support application continuity.
Network virtualization doesn’t just fit in with data center initiatives. It’s one of the primary
engines for expanding what’s possible with those initiatives.
Learn more: vmware.com/products/nsx
VMware, Inc . 3401 Hillview Avenue Palo Alto CA 94304 USA Tel 877-486-9273 Fax 650-427-5001 www .vmware .comCopyright © 2016 VMware, Inc. All rights reserved. This product is protected by U.S. and international copyright and intellectual property laws. VMware products are covered by one
or more patents listed at http://www.vmware.com/go/patents. VMware is a registered trademark or trademark of VMware, Inc. in the United States and/or other jurisdictions. All other
marks and names mentioned herein may be trademarks of their respective companies. Item No: 16VM066-Whitepaper 01/16