VMware NSX for vSphere - Intro and use cases
7 likes•7,296 views
This document provides an overview of VMware NSX for vSphere and its use cases. It discusses how NSX addresses barriers to creating a software defined data center by providing network virtualization. It allows network provisioning in seconds, increased compute utilization up to 90%, and cost savings up to 80%. Use cases described include deploying applications from a cloud management platform within logical networks with isolation and micro-segmentation for improved network security.
VMware NSX for vSphere - Intro and use cases
- 1. NSX for vSphere, intro and use cases Oct 2014 Ángel Villar Garea [email protected] @AVillarGarea
- 2. DISCLAIMER 2 This is NOT VMware’s official documentation. It is just my understanding of technology and products. Any inaccuracy or error you may find it is only my responsibility and not VMware’s.
- 3. 3 The biggest industry transformation since mainframe to client server computing?
- 4. What customers demand Business/IT Execs Speed and Agility Secure Infrastructure Time-to-Market Competitive Advantage 4 IT Operations Efficiency of change IT Infrastructure & Security Data Center Micro-segmentation Scale-out DMZ Network hardware choice Compute capacity utilization
- 5. The Software Defined Data Center (SDDC) Intelligence in Software Operational Model of VM for Data Center Automated Configuration & Management Software Data Center Virtualization Layer Hardware Compute, Network and Storage Capacity Pooled, Vendor Independent, Best Price/Performance Infrastructure Simplified Configuration & Management 5
- 6. The Network Is a Barrier to Software Defined Data Center!! Compute Virtualization Abstraction Layer Physical Infrastructure Software Defined Data Center • Provisioning is slow • Placement is limited • Mobility is limited • Hardware dependent • Operationally intensive 6
- 7. Physical Infrastructure • Provisioning is slow • Placement is limited • Mobility is limited • Hardware dependent • Operationally intensive Introducing VMware NSX L2 Switch Firewall Network Virtualization with NSX Operational model of a VM Sofare • Programmatic provisioning • Place any workload anywhere • Move any workload anywhere • Decoupled from hardware • Operationally L3 Router Load Balancer efficient 7
- 8. Virtual Network – A Complete Network in Software Internet 8
- 9. VMware NSX – Networking & Security Capabilities Any Application (without modification) Virtual Networks Any Cloud Management Platform VMware NSX Network Virtualization Platform Logical Firewall Logical L2 Any Network Hardware Logical Load Balancer Logical L3 Logical VPN Any Hypervisor Logical Switching– Layer 2 over Layer 3, decoupled from the physical network Logical Routing– Routing between virtual networks without exiting the software container Logical Firewall – Distributed Firewall, Kernel Integrated, High Performance Logical Load Balancer – Application Load Balancing in software Logical VPN – Site-to-Site & Remote Access VPN in software NSX API – RESTful API for integration into any Cloud Management Platform Partner Eco-System 9
- 10. VMware NSX Transforms the Operational Model of the Network Reduce network provisioning time from days to seconds Network provisioning time reduced from days to seconds Cost Savings Operational Automation Simplified IP hardware Reduce operational costs up to 80% Increase compute asset utilization up to 90% Reduce hardware costs by 40-50% Choice Any hypervisor Any CMP with Partner Any Hypervisor: vSphere, KVM, Xen, Hyper-V Any CMP: vCAC, OpenStack Any Network Hardware Broad Partner Ecosystem 10
- 11. Gartner Data Center Networking Magic Quadrant 2014 11 “The NSX solu-on should be considered by exis-ng VMware customers as a way of providing network agility and reducing network opera3onal challenges within the data center.” Gartner Data Center Networking Magic Quadrant, April 24, 2014
- 12. 12 Use cases
- 13. Rack N’ Roll!! 13 Web App Database Deploy Applications from CMP VMs, Logical Networks and Security Add Capacity on Demand VM VM VM VM VM VM
- 14. Virtual Networks are isolated from each other (Overlapping IP Addresses) Virtual Networks are isolated from underlying physical network (IPv6 over IPv4) Multitenancy – Complete Isolation 14
- 15. Problem – Data Center Network Security Perimeter-centric network security has proven insufficient, and micro-segmentation is operationally infeasible Internet Internet Little or no lateral controls inside perimeter Insufficient Operationally Infeasible 15
- 16. Data Plane Distributed switching, routing, firewall CONFIDENTIAL 16 Solution – Micro-segmentation with NSX CONFIDENTIAL Unit-level trust Control Plane NSX Manager Physical workloads and VLANS § Each hypervisor has its own firewalling with flexible granularity: entire data center down to the vNIC REST API § Security is shrink-wrapped around each workload § Faults and threats are contained with micro-granularity Management Plane vCenter
- 17. Data Plane Distributed switching, routing, firewall CONFIDENTIAL 17 Control Plane NSX Manager Physical workloads and VLANS REST API Management Plane vCenter Central Management / Distributed Control § Security policies are coordinated and centralized § Security actions are orchestrated centrally § Firewall policies are provisioned, moved, and retired with their associated workloads Solution – Micro-segmentation with NSX
- 18. Segmentation with NSX 18 Traditional Data Center NSX Data Center DMZ/Web VLAN App VLAN HR Finance Finance HR Services/Management VLAN DB VLAN Services Mgmt Finance HR Perimeter firewall Inside firewall Perimeter firewall DMZ/Web App DB HR Group Finance Group DMZ/Web App DB Services/Management Group Services Mgmt NSX segmentation simplifies network security § Each VM can now be its own perimeter § Policies align with logical groups § Control communication within a single VLAN
- 19. Service Insertion Example – Palo Alto Networks Next Gen Firewall Internet Security Policy Security Admin Traffic Steering 19
- 20. Automated Security in a Software Defined Data Center Quarantine Vulnerable Systems until Remediated Security Group = Quarantine Zone! Members = {Tag = ‘ANTI_VIRUS.VirusFound’, L2 Isolated Network} ! Policy Definition Security Group = Web Tier! Standard Desktop VM Policy þ Anti-Virus – Scan Quarantined VM Policy þ Firewall – Block all except security tools þ Anti-Virus – Scan and remediate 20
- 21. NSX Extensibility – Partner Integration NSX API NSX Controller Partner Network Extensions Security Platform Network Gateway Services Application Delivery Services Security Services + Cloud Mgmt Platforms 21 More on NSX Technology Partners: http://www.vmware.com/products/nsx/resources.html
- 22. Questions 22
- 23. More information 23 Description Link VMware NSX web site http://www.vmware.com/products/nsx/ NSX and SDDC dedicated web site http://virtualizeyournetwork.com/ VMware NSX Twitter https://twitter.com/vmwarensx Hands-on-Labs Networking http://labs.hol.vmware.com/HOL/catalogs/catalog/130 VMware NSX customer case – WestJet http://www.youtube.com/watch?v=3OsXGuZjxxY VMware NSX customer case – Colt http://blogs.vmware.com/networkvirtualization/2014/08/vmware-nsx-customer- story-colt-decreases-data-center-networking-complexity.html VMware NSX customer case – NTT http://www.vmware.com/company/news/releases/vmw-ntt-netvirt-061013 Brad Hedlund on end-to-end visibility in VMware NSX http://www.youtube.com/watch?v=wRL47AmFAUU VMware NSX and Splunk - Operational Visibility Across Virtual and Physical Domains http://www.youtube.com/watch?v=PzMvQFeojCk
- 24. Thank you