View
57
Download
0
Category
Preview:
Citation preview
Disclaimer• This presentation may contain product features that are currently under development.
• This overview of new technology represents no commitment from VMware to deliver these features in any generally available product.
• Features are subject to change, and must not be included in contracts, purchase orders, or sales agreements of any kind.
• Technical feasibility and market demand will affect final delivery.
• Pricing and packaging for any new technologies or features discussed or presented have not been determined.
CONFIDENTIAL 2
Agenda
1 Intro to NSX
2 NSX Momentum
3 NSX Use Cases
4 What’s New in NSX 2014
5 NSX Operations
6 In closing
CONFIDENTIAL 3
Agenda
1 Intro to NSX
2 NSX Momentum
3 NSX Use Cases
4 What’s New in NSX 2014
5 NSX Operations
6 In closing
CONFIDENTIAL 4
The Anatomy of the Most Agile and Efficient Data Centers is SDDC
5
Custom ApplicationCustom Application
Google / Facebook /Amazon Data Centers
Custom PlatformCustom Platform
Any x86
Any Storage
Any IP network
Software / Hardware Abstraction
Software / Hardware Abstraction
CONFIDENTIAL
The Choice for “New IT” for “All Applications”
6
Software DefinedData Center (SDDC)
Any Application
SDDC PlatformSDDC Platform
Any x86
Any Storage
Any IP network
With NSX
Custom ApplicationCustom Application
Google / Facebook /Amazon Data Centers
Custom PlatformCustom Platform
Any x86
Any Storage
Any IP network
Software / Hardware Abstraction
Software / Hardware Abstraction
CONFIDENTIAL
ProvidesA Faithful Reproduction of Network & Security Services in Software
Management APIs, UI
Switching Routing
Firewalling
LoadBalancing
VPN
Connectivity to Physical Networks
Policies, Groups, Tags
Data Security Activity Monitoring
CONFIDENTIAL 7
EnablesDynamic creation of complex application topologies in minutes
Network and Security Virtualization with NSX
Hardware
Software
CONFIDENTIAL 8
NSX ComponentsCloud
Consumption• Self Service Portal• vCloud Automation Center, OpenStack,
Custom CMS
Data Plane
NSX Edge
ESXi Hypervisor Kernel Modules
Distributed Services• High – Performance Data Plane• Scale-out Distributed Forwarding Model
Management Plane
NSX Manager• Single configuration portal• REST API entry-point
Control Plane
NSX Controller• Manages Logical networks• Control-Plane Protocol• Separation of Control and Data Plane
FirewallDistributed Logical Router
LogicalSwitch
CONFIDENTIAL 9
NSX in a 3-Tier App Deployment
10
Hypervisor
Host 3
Hypervisor
Host 4
Hypervisor
Host 5
WebWebWebWeb WebWebAppAppAppApp DBDB
Hypervisor
Host 1
Hypervisor
Host 2
NSX Manager
NSX Controller Cluster
vCenter
Management Cluster
Hypervisor
Host 6
Hypervisor
Host 7
Edge ClusterCompute Clusters
CONFIDENTIAL
Agenda
1 Intro to NSX
2 NSX Momentum
3 NSX Use Cases
4 What’s New in NSX 2014
5 NSX Operations
6 In closing
CONFIDENTIAL 11
VMware NSX Training & Certification: Making SDE Real in 2014
Career Path Certifications & Training Programs
12Tr
aini
ng
Certified Network Virtualization Professional
Certified Network Virtualization Expert
Cer
tific
atio
n
NET1214
CONFIDENTIAL
NSX Training and Certification Portfolio• Training Courses (www.vmware.com/go/NSXtraining)
– VMware NSX Install, Configure, Manage– VMware NSX Fast Track for Internetworking Experts (coming)– VMware NSX Design and Deploy (coming)
• Certifications (www.vmware.com/certification)– VMware Certified Professional – Network Virtualization (VCP-NV)– VMware Certified Implementation Expert – Network Virtualization (VCIX-NV)– VMware Certified Design Expert – Network Virtualization (VCDX-NV)
CONFIDENTIAL 13
Designing with NSX
14
Reference Designs & Technical Papers on VMware Communities: https://communities.vmware.com/docs
Reference Designs and Technical Papers on the NSX Portal: http://www.vmware.com/products/nsx/resources.html
NSXDesign Guides
NSX Partner Reference Design
NSX PartnerWhitepaper
NSXHardening Guide
SDDCValidated Guides
NET2318
NET1589
CONFIDENTIAL
New Service Categories and PartnersNSX Partner Extensions
Security ServicesPhysical-to-Virtual Services Operations and Visibility Application Delivery Services
NET2225
CONFIDENTIAL 15
New Service Categories and Partners – GA Q32014NSX Partner Extensions
Security ServicesPhysical-to-Virtual Services Operations and Visibility Application Delivery Services
NET2225
CONFIDENTIAL 16
VMware NSX Momentum: Over 150 Customers
17
top investment banks enterprises & service providers
CONFIDENTIAL
Agenda
1 Intro to NSX
2 NSX Momentum
3 NSX Use Cases
4 What’s New in NSX 2014
5 NSX Operations
6 In closing
CONFIDENTIAL 18
VMware NSX – Use Cases Self-Service IT
Dev X
Dev A
Test XAcquisition A
DevOps CloudOn-boarding M&A
Application specific networkingFlexible IP Address MgmtSimplified consumption
Key Capabilities
Examples
Data CenterAutomation
Micro-segmentation of AppSimplifying Compute SilosDMZ Deployments
Programmatic Consumption Full featured stackVisibility and ops
Key Capabilities
Examples
Public Clouds
XaaS CloudsVertical Clouds
Multi-tenant DeploymentProgrammatic L2, L3, SecurityOverlapping IP AddressingAny Hypervisor, Any CMP
Key Capabilities
Examples
CONFIDENTIAL 19
Enterprise Business Leaders Want their IT to be like Amazon
21
No ITOutsourced
New ITHybrid
or
CONFIDENTIAL
Multi-Tier App, Multiple Networks Multi-Tier App, Single Flat Network
APP
DATABASE
WEB WEB APP DATABASE
Today’s app, PAAS, Containers ---- I want it all NOW
CONFIDENTIAL 22
NSX Integrates with Cloud Automation Systems to Deliver Applications with Network and Security in Minutes
CONFIDENTIAL 23
Con
sum
ptio
nAny
MGMT 1969
NET2379
Self Service IT journey
CONFIDENTIAL 24
End user drops apps in pre-created instances
Provider
Cloud Consumer
End user instantiates dynamic topologies
Provider
Provider delivers Pre-Created instances
Provider deliversTemplates for
Dynamic Instantiation
End user drives any topology
Provider delivers guard rails
VMware NSX –Use Cases Self-Service IT
Dev X
Dev A
Test XAcquisition A
DevOps CloudOn-boarding M&A
Application specific networkingFlexible IP Address MgmtSimplified consumption
Key Capabilities
Examples
Data CenterAutomation
Micro-segmentation of AppSimplifying Compute SilosDMZ Deployments
Programmatic Consumption Full featured stackVisibility and ops
Key Capabilities
Examples
Public Clouds
XaaS CloudsVertical Clouds
Multi-tenant DeploymentProgrammatic L2, L3, SecurityOverlapping IP AddressingAny Hypervisor, Any CMP
Key Capabilities
Examples
CONFIDENTIAL 25
Problem: Data Center Network SecurityPerimeter-centric network security has proven insufficient, and micro-segmentation is operationally infeasible
Little or nolateral controls
inside perimeter
Internet Internet
Insufficient OperationallyInfeasible
SEC 1959-S
CONFIDENTIAL 26
NSX: Enabling a Needed Control Point in the Datacenter for Security
CONFIDENTIAL 27
An NSX platform is made up of distributed elements embedded in each hypervisor,
enabling each VM/app to have its own security policy
Security closest to the applications and aligned with application lifecycle.
SEC1746
NSX is the platform for integrating advanced security services.
Security Partner Integrations
CONFIDENTIAL 28
Partner Ecosystem
Next-generation IPS Malware Protection
Granular protection of individual VM workloads with customizable policy definitions
Automation of advanced malware interception
Unified management for physical and virtual sensors
Data Center security with agentless anti-malware and guest network threat protection
Real-time, dynamic threat protection and response for workloads moving between hosts and virtual data centers
Vulnerability ManagementAutomatic vulnerability risk assessment
Data Center wide real- time risk visibility
Auto segmentation of risky assets
Vulnerability prioritization for effective remediation
File and Malware ProtectionSingle virtual appliance provides agentless:
Anti-malware with URL filtering
Vulnerability and software scanning
Detection of file changes
Intrusion Detection & Prevention
Next-Generation FirewallMultiple threat prevention disciplines including firewall, IPS, and antimalware
Safe application enablement with continuous content inspection for all threats
Granular user-based controls for apps, content, users,
SEC 1958
NET2225
NSX Micro-Segmentation Journey
29
Deployed Applications on Physical Networks
New Deployments/Deployed applications
Apply NSX Security Full network and security virtualization
CONFIDENTIAL
Agenda
1 Intro to NSX
2 NSX Momentum
3 NSX Use Cases
4 What’s New in NSX 2014
5 NSX Operations
6 In closing
CONFIDENTIAL 32
NSX – The Network Virtualization Platform: What’s New
33
Con
sum
ptio
nS
ervi
ces
Dat
a P
lane
O
pera
tions
NSX EdgeActive-Active with Scale-Out (ECMP)
Physical Device Integration
Open Virtual SwitchFlow optimization, multi-threading, Hyper-V (alpha)
CONFIDENTIAL
NSX – The Network Virtualization Platform: What’s New
34
Con
sum
ptio
nS
ervi
ces
Dat
a P
lane
O
pera
tions
Distributed Firewall Operations Improvements
Firewall Ecosystem Enablement
Multi-Site & Hybrid Cloud EnablementLayer 2 VPN , Active-Active DC, SRM Validation
LBaaSUDP support, ecosystem enablement
DDIDHCP Relay
CONFIDENTIAL
NSX – The Network Virtualization Platform: What’s New
35
Con
sum
ptio
nS
ervi
ces
Dat
a P
lane
O
pera
tions
Operations Guides & Best Practices
Integration with Existing ToolsRiverbed, Gigamon, NetScout, EMC Smarts
AnalyticsVMware vCenter Ops, Log Insight
Firewall OperationsTufin, Algosec
New NSX Partners & Service CategoriesPhysical-to-Virtual ServicesOperations & VisibilityApplication Delivery ServicesSecurity Services
CONFIDENTIAL
NSX – The Network Virtualization Platform: What’s New
36
Con
sum
ptio
nS
ervi
ces
Dat
a P
lane
O
pera
tions
vCloud Automation CenterMore topologies and on demand use cases
OpenStack JunoControl plane scale & Docker integration
CONFIDENTIAL
NSX – The Network Virtualization Platform: What’s New
37
Con
sum
ptio
n
• VMware vCloud Automation Center• OpenStack Juno
Ser
vice
s • Distributed Firewall Operations• LBaaS: UDP support• DDI: DHCP relay
Dat
a P
lane
• Continue advancements of Open Virtual Switch• NSX Edge: A-A with scale-out• Physical device integration
Ope
ratio
ns Partner
Integration
• New NSX Partners & Service Categories• Operations Guides & Best Practices• Integrations with existing tools• Analytics, Firewall Ops
• Multi-site and hybrid enablement
CONFIDENTIAL
Agenda
1 Intro to NSX
2 NSX Momentum
3 NSX Use Cases
4 What’s New in NSX 2014
5 NSX Operations
6 In closing
CONFIDENTIAL 38
NSX Operations – Beyond Packet Visibility
40
Plug into Existing Network
Monitoring Systems
Enable Advanced Analytics
Native NSX Ops forthe Cloud Admins
Enable Existing Tools for the Network Operator
• Flow monitoring• Server access monitoring• Tunnel healthcheck
• SPAN/RSPAN• Netflow/IPFIX• LLDP• Syslog Integration
SDDC Operator
NET1966
CONFIDENTIAL
NSX – The Network Virtualization Platform: What’s New
41
Con
sum
ptio
nS
ervi
ces
Dat
a P
lane
O
pera
tions
Operations Guides & Best Practices
Integration with Existing ToolsRiverbed, Gigamon, NetScout, EMC Smarts
AnalyticsVMware vCenter Ops, Log Insight
Firewall OperationsTufin, Algosec
New NSX Partners & Service CategoriesPhysical-to-Virtual ServicesOperations & VisibilityApplication Delivery ServicesSecurity Services
CONFIDENTIAL
NSX with physical workloads
Physical Workloads
VXLAN VLAN
x86-based bridge
Highest density but requires specific hardware
Leverages x86 server
Physical Workloads
VXLAN VLAN
HW VTEP
CONFIDENTIAL 45
NSX with physical workloads
Native NSX support for containers
Ecosystem with OVSDB
x86 based bridging
CONFIDENTIAL 46
CONFIDENTIAL 48
NSX Performance delivered by a Distributed, Scale-out Architecture
48
0
5
10
15
20
64 512 1500 32k 64kSend
thro
ughp
ut
in G
bps
TCP Message Size
0
5
10
15
20
64 512 1500 32k 64k
Send
Thr
ough
put i
n G
bps
TCP Messge Size
0
5
10
15
20
64 512 1500 32k 64k
Send
Thr
ough
put i
n G
bps
TCP Message Size
0
5
10
64 512 1500 32k 64k
TCP
Send
th
roug
hput
in G
bps
TCP Message Size
Logical Switching Logical Routing
Firewalling Bridging
NET1883
Agenda
1 Intro to NSX
2 NSX Momentum
3 NSX Use Cases
4 What’s New in NSX 2014
5 NSX Operations
6 In closing
CONFIDENTIAL 49
NSX – The Network Virtualization Platform
50
Con
sum
ptio
n
How an end user consumes NSX services via a Cloud Management Platform.The operator interacts with the system through UI or API.
Ser
vice
s
NSX logical services and 3rd party extensions for networking and security (ex. Logical switch , Logical router, Firewall, Load Balancer, VPN, DDI)
Dat
a P
lane
Provides workload connectivity & services processing (ex. hypervisors, physical switches and appliances)
Ope
ratio
ns Partner
Integration
NSX operator uses tools (built-in and 3rd party) for troubleshooting, visibility
Management, Control & Data plane integration of 3rd party services
Dat
a P
lane
XenServerNSX Edge Hyper-VvSphere KVM3rd Party GW
Ser
vice
sS
ervi
ces
L2 Switch Firewall Load BalancerL3 Router VPN DDI
Ope
ratio
ns Partner
Integration
Software partner extensions
Hardware partner extensions
Partner extensions
vCOPs
Con
sum
ptio
n
Any
CONFIDENTIAL
SDDC Approach with NSX Enables Choice and Flexibility
2-Tier / 3-Tier Leaf / Spine
Build Your Own
ConvergedSystems
Hyper-ConvergedSystems
Today’s Application PAAS Containers . . .
. . .
< Any Network >
< Any Infrastructure >
< Any Application >
CONFIDENTIAL
What’s Next…
VMware NSX Hands-on Labs
labs.hol.vmware.com
VMware Booth #12293 NSX Demo Stations
53
Explore, Engage, Evolvevirtualizeyournetwork.com
Network Virtualization Blogblogs.vmware.com/networkvirtualization
NSX Product Pagevmware.com/go/nsx
NSX Training & Certification www.vmware.com/go/NVtraining
NSX Technical ResourcesReference Designs
vmware.com/products/nsx/resources
VMware NSX YouTube Channelyoutube.com/user/vmwarensx
VMware NSX Communitycommunities.vmware.com/community/vmtn/nsx
Play Learn Deploy
CONFIDENTIAL
Business Solution• NET1214 NSX Certification – the Next Step in your Networking Career• NET1745 The Case for Network Virtualization: Customer Case Study• NET1786 The Business Case for Network Virtualization• NET2293 Bridging Enterprise Networks to Hybrid Cloud Using NSX
Hands-on Labs
CONFIDENTIAL 54
• SDC-1402 vSphere Distributed Switch from A to Z• SDC-1403 Introduction to VMware NSX• SDC-1420 OpenStack with VMware vSphere and NSX• SDC-1423 vCloud Suite Basic Networking• SDC-1424 VMware NSX and SDDC• SDC-1425 VMware NSX Advanced
Technical Track - Networking
CONFIDENTIAL 55
• NET1846 Introduction to NSX• NET1743 VMware NSX – A Technical Deep Dive• NET1957 NFV for Telco Infrastructure• NET1468 A Tale of Two Perspectives: IT Operations with VMware NSX• NET1586 Advanced Network Services with NSX• NET1560 The NSX Guide to Horizon View• NET1883 NSX Performance Overview• NET1588 Load Balancer as a Service, using NSX or Partner Solutions• NET1401 vSphere Distributed Switch Best Practices for NSX• NET2318 Scale-Out NSX Deployments: With VMware-powered SDDC • NET1581 Reference Design for SDDC with NSX for Multi-Hypervisors• NET2379 Dynamically Configuring Application Specific Network Services for vCAC &NSX• NET2225 NSX Platform: Enabling 3rd Party Network & Security Solutions
Advanced Technical Track - Networking
CONFIDENTIAL 56
• NET1949 VMware NSX for Docker, Containers & More• NET1589 Reference Design for SDDC with NSX & vSphere• NET1583 NSX for vSphere Logical Routing Deep Dive• NET1974 Multi-Site Data Center Solutions with VMware NSX• NET1674 Advanced Topics & Future Directions in Network Virtualization with NSX• NET1966 Operational Best Practices for VMware NSX• NET1592 Under the Hood: Network Virtualization with OpenStack Neutron & VMware NSX
Group Discussions - Networking• NET3441-GD vSphere Distributed Switch • NET3442-GD vCAC and NSX• NET3443-GD NSX Routing Design Best Practices• NET3445-GD NSX Multi Site Deployments• NET3444-GD NSX Network Services
Technical Track - Security
CONFIDENTIAL 57
• SEC1196 Who Can You Trust? Strategies & Designs for Implementing Zero-Trust Model Leveraging NSX• SEC2238 Security & Micro-Segmentation for the SDDC• SEC1959-S The “Goldilocks Zone” for Security• SEC1958 Automating Security Policy Enforcement with VMware NSX• SEC1698 Optimize Security with Context & Isolation using NSX Guest Introspection• SEC2567 Unleashing Collaborative Security with VMware NSX – Advanced Defense for Advanced Threats
Advanced Technical Track - Security• SEC2421 VMware NSX Security Operations Best Practices• SEC1746 NSX Distributed Firewall Deep Dive
Group Discussions - Security• SEC3446-GD Security & Micro-segmentation• SEC3449-GD Security Policy Automation using NSX Service Composer• SEC3448-GD NSX Platform Extensibility • SEC3447-GD Compliance Reference Architecture
Technical Track – Management
CONFIDENTIAL 58
• MGT1833 How to Perform Troubleshooting and Root Cause Analysis Using Log Insight• MGT1878 Deep Dive into How vCenter Operations Simplifies NSX Operations• MGT1969 vCloud Automation Center and NSX Integration Technical Deep Dive
Fill out a surveyEvery completed survey is entered
into a drawing for a $25 VMware company store gift certificate
Recommended