O slideshow foi denunciado.
Utilizamos seu perfil e dados de atividades no LinkedIn para personalizar e exibir anúncios mais relevantes. Altere suas preferências de anúncios quando desejar.
Próximos SlideShares
An Introduction to VMware NSX
An Introduction to VMware NSX
Carregando em…3
11 de 24

VMware NSX for vSphere - Intro and use cases



Baixar para ler offline

My introduction to VMware NSX and its benefits. Hopefully you like it!!

VMware NSX for vSphere - Intro and use cases

  1. 1. NSX for vSphere, intro and use cases Oct 2014 Ángel Villar Garea avillargarea@vmware.com @AVillarGarea
  2. 2. DISCLAIMER 2 This is NOT VMware’s official documentation. It is just my understanding of technology and products. Any inaccuracy or error you may find it is only my responsibility and not VMware’s.
  3. 3. 3 The biggest industry transformation since mainframe to client server computing?
  4. 4. What customers demand Business/IT Execs Speed and Agility Secure Infrastructure Time-to-Market Competitive Advantage 4 IT Operations Efficiency of change IT Infrastructure & Security Data Center Micro-segmentation Scale-out DMZ Network hardware choice Compute capacity utilization
  5. 5. The Software Defined Data Center (SDDC) Intelligence in Software Operational Model of VM for Data Center Automated Configuration & Management Software Data Center Virtualization Layer Hardware Compute, Network and Storage Capacity Pooled, Vendor Independent, Best Price/Performance Infrastructure Simplified Configuration & Management 5
  6. 6. The Network Is a Barrier to Software Defined Data Center!! Compute Virtualization Abstraction Layer Physical Infrastructure Software Defined Data Center • Provisioning is slow • Placement is limited • Mobility is limited • Hardware dependent • Operationally intensive 6
  7. 7. Physical Infrastructure • Provisioning is slow • Placement is limited • Mobility is limited • Hardware dependent • Operationally intensive Introducing VMware NSX L2 Switch Firewall Network Virtualization with NSX Operational model of a VM Sofare • Programmatic provisioning • Place any workload anywhere • Move any workload anywhere • Decoupled from hardware • Operationally L3 Router Load Balancer efficient 7
  8. 8. Virtual Network – A Complete Network in Software Internet 8
  9. 9. VMware NSX – Networking & Security Capabilities Any Application (without modification) Virtual Networks Any Cloud Management Platform VMware NSX Network Virtualization Platform Logical Firewall Logical L2 Any Network Hardware Logical Load Balancer Logical L3 Logical VPN Any Hypervisor Logical Switching– Layer 2 over Layer 3, decoupled from the physical network Logical Routing– Routing between virtual networks without exiting the software container Logical Firewall – Distributed Firewall, Kernel Integrated, High Performance Logical Load Balancer – Application Load Balancing in software Logical VPN – Site-to-Site & Remote Access VPN in software NSX API – RESTful API for integration into any Cloud Management Platform Partner Eco-System 9
  10. 10. VMware NSX Transforms the Operational Model of the Network Reduce network provisioning time from days to seconds Network provisioning time reduced from days to seconds Cost Savings Operational Automation Simplified IP hardware Reduce operational costs up to 80% Increase compute asset utilization up to 90% Reduce hardware costs by 40-50% Choice Any hypervisor Any CMP with Partner Any Hypervisor: vSphere, KVM, Xen, Hyper-V Any CMP: vCAC, OpenStack Any Network Hardware Broad Partner Ecosystem 10
  11. 11. Gartner Data Center Networking Magic Quadrant 2014 11 “The NSX solu-on should be considered by exis-ng VMware customers as a way of providing network agility and reducing network opera3onal challenges within the data center.” Gartner Data Center Networking Magic Quadrant, April 24, 2014
  12. 12. 12 Use cases
  13. 13. Rack N’ Roll!! 13 Web App Database Deploy Applications from CMP VMs, Logical Networks and Security Add Capacity on Demand VM VM VM VM VM VM
  14. 14. Virtual Networks are isolated from each other (Overlapping IP Addresses) Virtual Networks are isolated from underlying physical network (IPv6 over IPv4) Multitenancy – Complete Isolation 14
  15. 15. Problem – Data Center Network Security Perimeter-centric network security has proven insufficient, and micro-segmentation is operationally infeasible Internet Internet Little or no lateral controls inside perimeter Insufficient Operationally Infeasible 15
  16. 16. Data Plane Distributed switching, routing, firewall CONFIDENTIAL 16 Solution – Micro-segmentation with NSX CONFIDENTIAL Unit-level trust Control Plane NSX Manager Physical workloads and VLANS § Each hypervisor has its own firewalling with flexible granularity: entire data center down to the vNIC REST API § Security is shrink-wrapped around each workload § Faults and threats are contained with micro-granularity Management Plane vCenter
  17. 17. Data Plane Distributed switching, routing, firewall CONFIDENTIAL 17 Control Plane NSX Manager Physical workloads and VLANS REST API Management Plane vCenter Central Management / Distributed Control § Security policies are coordinated and centralized § Security actions are orchestrated centrally § Firewall policies are provisioned, moved, and retired with their associated workloads Solution – Micro-segmentation with NSX
  18. 18. Segmentation with NSX 18 Traditional Data Center NSX Data Center DMZ/Web VLAN App VLAN HR Finance Finance HR Services/Management VLAN DB VLAN Services Mgmt Finance HR Perimeter firewall Inside firewall Perimeter firewall DMZ/Web App DB HR Group Finance Group DMZ/Web App DB Services/Management Group Services Mgmt NSX segmentation simplifies network security § Each VM can now be its own perimeter § Policies align with logical groups § Control communication within a single VLAN
  19. 19. Service Insertion Example – Palo Alto Networks Next Gen Firewall Internet Security Policy Security Admin Traffic Steering 19
  20. 20. Automated Security in a Software Defined Data Center Quarantine Vulnerable Systems until Remediated Security Group = Quarantine Zone! Members = {Tag = ‘ANTI_VIRUS.VirusFound’, L2 Isolated Network} ! Policy Definition Security Group = Web Tier! Standard Desktop VM Policy þ Anti-Virus – Scan Quarantined VM Policy þ Firewall – Block all except security tools þ Anti-Virus – Scan and remediate 20
  21. 21. NSX Extensibility – Partner Integration NSX API NSX Controller Partner Network Extensions Security Platform Network Gateway Services Application Delivery Services Security Services + Cloud Mgmt Platforms 21 More on NSX Technology Partners: http://www.vmware.com/products/nsx/resources.html
  22. 22. Questions 22
  23. 23. More information 23 Description Link VMware NSX web site http://www.vmware.com/products/nsx/ NSX and SDDC dedicated web site http://virtualizeyournetwork.com/ VMware NSX Twitter https://twitter.com/vmwarensx Hands-on-Labs Networking http://labs.hol.vmware.com/HOL/catalogs/catalog/130 VMware NSX customer case – WestJet http://www.youtube.com/watch?v=3OsXGuZjxxY VMware NSX customer case – Colt http://blogs.vmware.com/networkvirtualization/2014/08/vmware-nsx-customer- story-colt-decreases-data-center-networking-complexity.html VMware NSX customer case – NTT http://www.vmware.com/company/news/releases/vmw-ntt-netvirt-061013 Brad Hedlund on end-to-end visibility in VMware NSX http://www.youtube.com/watch?v=wRL47AmFAUU VMware NSX and Splunk - Operational Visibility Across Virtual and Physical Domains http://www.youtube.com/watch?v=PzMvQFeojCk
  24. 24. Thank you