Introduction to NSX

NET1846

Milin Desai, VMware, IncKausum Kumar, VMware, Inc

Disclaimer• This presentation may contain product features that are currently under development.

• This overview of new technology represents no commitment from VMware to deliver these features in any generally available product.

• Features are subject to change, and must not be included in contracts, purchase orders, or sales agreements of any kind.

• Technical feasibility and market demand will affect final delivery.

• Pricing and packaging for any new technologies or features discussed or presented have not been determined.

CONFIDENTIAL 2

Agenda

1 Intro to NSX

2 NSX Momentum

3 NSX Use Cases

4 What’s New in NSX 2014

5 NSX Operations

6 In closing

CONFIDENTIAL 3

Agenda

1 Intro to NSX

2 NSX Momentum

3 NSX Use Cases

4 What’s New in NSX 2014

5 NSX Operations

6 In closing

CONFIDENTIAL 4

The Anatomy of the Most Agile and Efficient Data Centers is SDDC

5

Custom ApplicationCustom Application

Google / Facebook /Amazon Data Centers

Custom PlatformCustom Platform

Any x86

Any Storage

Any IP network

Software / Hardware Abstraction

Software / Hardware Abstraction

CONFIDENTIAL

The Choice for “New IT” for “All Applications”

6

Software DefinedData Center (SDDC)

Any Application

SDDC PlatformSDDC Platform

Any x86

Any Storage

Any IP network

With NSX

Custom ApplicationCustom Application

Google / Facebook /Amazon Data Centers

Custom PlatformCustom Platform

Any x86

Any Storage

Any IP network

Software / Hardware Abstraction

Software / Hardware Abstraction

CONFIDENTIAL

ProvidesA Faithful Reproduction of Network & Security Services in Software

Management APIs, UI

Switching Routing

Firewalling

LoadBalancing

VPN

Connectivity to Physical Networks

Policies, Groups, Tags

Data Security Activity Monitoring

CONFIDENTIAL 7

EnablesDynamic creation of complex application topologies in minutes

Network and Security Virtualization with NSX

Hardware

Software

CONFIDENTIAL 8

NSX ComponentsCloud

Consumption• Self Service Portal• vCloud Automation Center, OpenStack,

Custom CMS

Data Plane

NSX Edge

ESXi Hypervisor Kernel Modules

Distributed Services• High – Performance Data Plane• Scale-out Distributed Forwarding Model

Management Plane

NSX Manager• Single configuration portal• REST API entry-point

Control Plane

NSX Controller• Manages Logical networks• Control-Plane Protocol• Separation of Control and Data Plane

FirewallDistributed Logical Router

LogicalSwitch

CONFIDENTIAL 9

NSX in a 3-Tier App Deployment

10

Hypervisor

Host 3

Hypervisor

Host 4

Hypervisor

Host 5

WebWebWebWeb WebWebAppAppAppApp DBDB

Hypervisor

Host 1

Hypervisor

Host 2

NSX Manager

NSX Controller Cluster

vCenter

Management Cluster

Hypervisor

Host 6

Hypervisor

Host 7

Edge ClusterCompute Clusters

CONFIDENTIAL

Agenda

1 Intro to NSX

2 NSX Momentum

3 NSX Use Cases

4 What’s New in NSX 2014

5 NSX Operations

6 In closing

CONFIDENTIAL 11

VMware NSX Training & Certification: Making SDE Real in 2014

Career Path Certifications & Training Programs

12Tr

aini

ng

Certified Network Virtualization Professional

Certified Network Virtualization Expert

Cer

tific

atio

n

NET1214

CONFIDENTIAL

NSX Training and Certification Portfolio• Training Courses (www.vmware.com/go/NSXtraining)

– VMware NSX Install, Configure, Manage– VMware NSX Fast Track for Internetworking Experts (coming)– VMware NSX Design and Deploy (coming)

• Certifications (www.vmware.com/certification)– VMware Certified Professional – Network Virtualization (VCP-NV)– VMware Certified Implementation Expert – Network Virtualization (VCIX-NV)– VMware Certified Design Expert – Network Virtualization (VCDX-NV)

CONFIDENTIAL 13

Designing with NSX

14

Reference Designs & Technical Papers on VMware Communities: https://communities.vmware.com/docs

Reference Designs and Technical Papers on the NSX Portal: http://www.vmware.com/products/nsx/resources.html

NSXDesign Guides

NSX Partner Reference Design

NSX PartnerWhitepaper

NSXHardening Guide

SDDCValidated Guides

NET2318

NET1589

CONFIDENTIAL

New Service Categories and PartnersNSX Partner Extensions

Security ServicesPhysical-to-Virtual Services Operations and Visibility Application Delivery Services

NET2225

CONFIDENTIAL 15

New Service Categories and Partners – GA Q32014NSX Partner Extensions

Security ServicesPhysical-to-Virtual Services Operations and Visibility Application Delivery Services

NET2225

CONFIDENTIAL 16

VMware NSX Momentum: Over 150 Customers

17

top investment banks enterprises & service providers

CONFIDENTIAL

Agenda

1 Intro to NSX

2 NSX Momentum

3 NSX Use Cases

4 What’s New in NSX 2014

5 NSX Operations

6 In closing

CONFIDENTIAL 18

VMware NSX – Use Cases Self-Service IT

Dev X

Dev A

Test XAcquisition A

DevOps CloudOn-boarding M&A

Application specific networkingFlexible IP Address MgmtSimplified consumption

Key Capabilities

Examples

Data CenterAutomation

Micro-segmentation of AppSimplifying Compute SilosDMZ Deployments

Programmatic Consumption Full featured stackVisibility and ops

Key Capabilities

Examples

Public Clouds

XaaS CloudsVertical Clouds

Multi-tenant DeploymentProgrammatic L2, L3, SecurityOverlapping IP AddressingAny Hypervisor, Any CMP

Key Capabilities

Examples

CONFIDENTIAL 19

Consumer Experience vs. Corporate Experience

CONFIDENTIAL 20

Enterprise Business Leaders Want their IT to be like Amazon

21

No ITOutsourced

New ITHybrid

or

CONFIDENTIAL

Multi-Tier App, Multiple Networks Multi-Tier App, Single Flat Network

APP

DATABASE

WEB WEB APP DATABASE

Today’s app, PAAS, Containers ---- I want it all NOW

CONFIDENTIAL 22

NSX Integrates with Cloud Automation Systems to Deliver Applications with Network and Security in Minutes

CONFIDENTIAL 23

Con

sum

ptio

nAny

MGMT 1969

NET2379

Self Service IT journey

CONFIDENTIAL 24

End user drops apps in pre-created instances

Provider

Cloud Consumer

End user instantiates dynamic topologies

Provider

Provider delivers Pre-Created instances

Provider deliversTemplates for

Dynamic Instantiation

End user drives any topology

Provider delivers guard rails

VMware NSX –Use Cases Self-Service IT

Dev X

Dev A

Test XAcquisition A

DevOps CloudOn-boarding M&A

Application specific networkingFlexible IP Address MgmtSimplified consumption

Key Capabilities

Examples

Data CenterAutomation

Micro-segmentation of AppSimplifying Compute SilosDMZ Deployments

Programmatic Consumption Full featured stackVisibility and ops

Key Capabilities

Examples

Public Clouds

XaaS CloudsVertical Clouds

Multi-tenant DeploymentProgrammatic L2, L3, SecurityOverlapping IP AddressingAny Hypervisor, Any CMP

Key Capabilities

Examples

CONFIDENTIAL 25

Problem: Data Center Network SecurityPerimeter-centric network security has proven insufficient, and micro-segmentation is operationally infeasible

Little or nolateral controls

inside perimeter

Internet Internet

Insufficient OperationallyInfeasible

SEC 1959-S

CONFIDENTIAL 26

NSX: Enabling a Needed Control Point in the Datacenter for Security

CONFIDENTIAL 27

An NSX platform is made up of distributed elements embedded in each hypervisor,

enabling each VM/app to have its own security policy

Security closest to the applications and aligned with application lifecycle.

SEC1746

NSX is the platform for integrating advanced security services.

Security Partner Integrations

CONFIDENTIAL 28

Partner Ecosystem

Next-generation IPS Malware Protection

Granular protection of individual VM workloads with customizable policy definitions

Automation of advanced malware interception

Unified management for physical and virtual sensors

Data Center security with agentless anti-malware and guest network threat protection

Real-time, dynamic threat protection and response for workloads moving between hosts and virtual data centers

Vulnerability ManagementAutomatic vulnerability risk assessment

Data Center wide real- time risk visibility

Auto segmentation of risky assets

Vulnerability prioritization for effective remediation

File and Malware ProtectionSingle virtual appliance provides agentless:

Anti-malware with URL filtering

Vulnerability and software scanning

Detection of file changes

Intrusion Detection & Prevention

Next-Generation FirewallMultiple threat prevention disciplines including firewall, IPS, and antimalware

Safe application enablement with continuous content inspection for all threats

Granular user-based controls for apps, content, users,

SEC 1958

NET2225

NSX Micro-Segmentation Journey

29

Deployed Applications on Physical Networks

New Deployments/Deployed applications

Apply NSX Security Full network and security virtualization

CONFIDENTIAL

Demo

Demo

Agenda

1 Intro to NSX

2 NSX Momentum

3 NSX Use Cases

4 What’s New in NSX 2014

5 NSX Operations

6 In closing

CONFIDENTIAL 32

NSX – The Network Virtualization Platform: What’s New

33

Con

sum

ptio

nS

ervi

ces

Dat

a P

lane

O

pera

tions

NSX EdgeActive-Active with Scale-Out (ECMP)

Physical Device Integration

Open Virtual SwitchFlow optimization, multi-threading, Hyper-V (alpha)

CONFIDENTIAL

NSX – The Network Virtualization Platform: What’s New

34

Con

sum

ptio

nS

ervi

ces

Dat

a P

lane

O

pera

tions

Distributed Firewall Operations Improvements

Firewall Ecosystem Enablement

Multi-Site & Hybrid Cloud EnablementLayer 2 VPN , Active-Active DC, SRM Validation

LBaaSUDP support, ecosystem enablement

DDIDHCP Relay

CONFIDENTIAL

NSX – The Network Virtualization Platform: What’s New

35

Con

sum

ptio

nS

ervi

ces

Dat

a P

lane

O

pera

tions

Operations Guides & Best Practices

Integration with Existing ToolsRiverbed, Gigamon, NetScout, EMC Smarts

AnalyticsVMware vCenter Ops, Log Insight

Firewall OperationsTufin, Algosec

New NSX Partners & Service CategoriesPhysical-to-Virtual ServicesOperations & VisibilityApplication Delivery ServicesSecurity Services

CONFIDENTIAL

NSX – The Network Virtualization Platform: What’s New

36

Con

sum

ptio

nS

ervi

ces

Dat

a P

lane

O

pera

tions

vCloud Automation CenterMore topologies and on demand use cases

OpenStack JunoControl plane scale & Docker integration

CONFIDENTIAL

NSX – The Network Virtualization Platform: What’s New

37

Con

sum

ptio

n

• VMware vCloud Automation Center• OpenStack Juno

Ser

vice

s • Distributed Firewall Operations• LBaaS: UDP support• DDI: DHCP relay

Dat

a P

lane

• Continue advancements of Open Virtual Switch• NSX Edge: A-A with scale-out• Physical device integration

Ope

ratio

ns Partner

Integration

• New NSX Partners & Service Categories• Operations Guides & Best Practices• Integrations with existing tools• Analytics, Firewall Ops

• Multi-site and hybrid enablement

CONFIDENTIAL

Agenda

1 Intro to NSX

2 NSX Momentum

3 NSX Use Cases

4 What’s New in NSX 2014

5 NSX Operations

6 In closing

CONFIDENTIAL 38

Operationalizing NSX

NSX Operations – Beyond Packet Visibility

40

Plug into Existing Network

Monitoring Systems

Enable Advanced Analytics

Native NSX Ops forthe Cloud Admins

Enable Existing Tools for the Network Operator

• Flow monitoring• Server access monitoring• Tunnel healthcheck

• SPAN/RSPAN• Netflow/IPFIX• LLDP• Syslog Integration

SDDC Operator

NET1966

CONFIDENTIAL

NSX – The Network Virtualization Platform: What’s New

41

Con

sum

ptio

nS

ervi

ces

Dat

a P

lane

O

pera

tions

Operations Guides & Best Practices

Integration with Existing ToolsRiverbed, Gigamon, NetScout, EMC Smarts

AnalyticsVMware vCenter Ops, Log Insight

Firewall OperationsTufin, Algosec

New NSX Partners & Service CategoriesPhysical-to-Virtual ServicesOperations & VisibilityApplication Delivery ServicesSecurity Services

CONFIDENTIAL

Demo

Demo

Integrating with Physical

NSX with physical workloads

Physical Workloads

VXLAN VLAN

x86-based bridge

Highest density but requires specific hardware

Leverages x86 server

Physical Workloads

VXLAN VLAN

HW VTEP

CONFIDENTIAL 45

NSX with physical workloads

Native NSX support for containers

Ecosystem with OVSDB

x86 based bridging

CONFIDENTIAL 46

NSX Performance

CONFIDENTIAL 48

NSX Performance delivered by a Distributed, Scale-out Architecture

48

0

5

10

15

20

64 512 1500 32k 64kSend

thro

ughp

ut

in G

bps

TCP Message Size

0

5

10

15

20

64 512 1500 32k 64k

Send

Thr

ough

put i

n G

bps

TCP Messge Size

0

5

10

15

20

64 512 1500 32k 64k

Send

Thr

ough

put i

n G

bps

TCP Message Size

0

5

10

64 512 1500 32k 64k

TCP

Send

th

roug

hput

in G

bps

TCP Message Size

Logical Switching Logical Routing

Firewalling Bridging

NET1883

Agenda

1 Intro to NSX

2 NSX Momentum

3 NSX Use Cases

4 What’s New in NSX 2014

5 NSX Operations

6 In closing

CONFIDENTIAL 49

NSX – The Network Virtualization Platform

50

Con

sum

ptio

n

How an end user consumes NSX services via a Cloud Management Platform.The operator interacts with the system through UI or API.

Ser

vice

s

NSX logical services and 3rd party extensions for networking and security (ex. Logical switch , Logical router, Firewall, Load Balancer, VPN, DDI)

Dat

a P

lane

Provides workload connectivity & services processing (ex. hypervisors, physical switches and appliances)

Ope

ratio

ns Partner

Integration

NSX operator uses tools (built-in and 3rd party) for troubleshooting, visibility

Management, Control & Data plane integration of 3rd party services

Dat

a P

lane

XenServerNSX Edge Hyper-VvSphere KVM3rd Party GW

Ser

vice

sS

ervi

ces

L2 Switch Firewall Load BalancerL3 Router VPN DDI

Ope

ratio

ns Partner

Integration

Software partner extensions

Hardware partner extensions

Partner extensions

vCOPs

Con

sum

ptio

n

Any

CONFIDENTIAL

SDDC Approach with NSX Enables Choice and Flexibility

2-Tier / 3-Tier Leaf / Spine

Build Your Own

ConvergedSystems

Hyper-ConvergedSystems

Today’s Application PAAS Containers . . .

. . .

< Any Network >

< Any Infrastructure >

< Any Application >

CONFIDENTIAL

Thank You

What’s Next…

VMware NSX Hands-on Labs

labs.hol.vmware.com

VMware Booth #12293 NSX Demo Stations

53

Explore, Engage, Evolvevirtualizeyournetwork.com

Network Virtualization Blogblogs.vmware.com/networkvirtualization

NSX Product Pagevmware.com/go/nsx

NSX Training & Certification www.vmware.com/go/NVtraining

NSX Technical ResourcesReference Designs

vmware.com/products/nsx/resources

VMware NSX YouTube Channelyoutube.com/user/vmwarensx

VMware NSX Communitycommunities.vmware.com/community/vmtn/nsx

Play Learn Deploy

CONFIDENTIAL

Business Solution• NET1214 NSX Certification – the Next Step in your Networking Career• NET1745 The Case for Network Virtualization: Customer Case Study• NET1786 The Business Case for Network Virtualization• NET2293 Bridging Enterprise Networks to Hybrid Cloud Using NSX

Hands-on Labs

CONFIDENTIAL 54

• SDC-1402 vSphere Distributed Switch from A to Z• SDC-1403 Introduction to VMware NSX• SDC-1420 OpenStack with VMware vSphere and NSX• SDC-1423 vCloud Suite Basic Networking• SDC-1424 VMware NSX and SDDC• SDC-1425 VMware NSX Advanced

Technical Track - Networking

CONFIDENTIAL 55

• NET1846 Introduction to NSX• NET1743 VMware NSX – A Technical Deep Dive• NET1957 NFV for Telco Infrastructure• NET1468 A Tale of Two Perspectives: IT Operations with VMware NSX• NET1586 Advanced Network Services with NSX• NET1560 The NSX Guide to Horizon View• NET1883 NSX Performance Overview• NET1588 Load Balancer as a Service, using NSX or Partner Solutions• NET1401 vSphere Distributed Switch Best Practices for NSX• NET2318 Scale-Out NSX Deployments: With VMware-powered SDDC • NET1581 Reference Design for SDDC with NSX for Multi-Hypervisors• NET2379 Dynamically Configuring Application Specific Network Services for vCAC &NSX• NET2225 NSX Platform: Enabling 3rd Party Network & Security Solutions

Advanced Technical Track - Networking

CONFIDENTIAL 56

• NET1949 VMware NSX for Docker, Containers & More• NET1589 Reference Design for SDDC with NSX & vSphere• NET1583 NSX for vSphere Logical Routing Deep Dive• NET1974 Multi-Site Data Center Solutions with VMware NSX• NET1674 Advanced Topics & Future Directions in Network Virtualization with NSX• NET1966 Operational Best Practices for VMware NSX• NET1592 Under the Hood: Network Virtualization with OpenStack Neutron & VMware NSX

Group Discussions - Networking• NET3441-GD vSphere Distributed Switch • NET3442-GD vCAC and NSX• NET3443-GD NSX Routing Design Best Practices• NET3445-GD NSX Multi Site Deployments• NET3444-GD NSX Network Services

Technical Track - Security

CONFIDENTIAL 57

• SEC1196 Who Can You Trust? Strategies & Designs for Implementing Zero-Trust Model Leveraging NSX• SEC2238 Security & Micro-Segmentation for the SDDC• SEC1959-S The “Goldilocks Zone” for Security• SEC1958 Automating Security Policy Enforcement with VMware NSX• SEC1698 Optimize Security with Context & Isolation using NSX Guest Introspection• SEC2567 Unleashing Collaborative Security with VMware NSX – Advanced Defense for Advanced Threats

Advanced Technical Track - Security• SEC2421 VMware NSX Security Operations Best Practices• SEC1746 NSX Distributed Firewall Deep Dive

Group Discussions - Security• SEC3446-GD Security & Micro-segmentation• SEC3449-GD Security Policy Automation using NSX Service Composer• SEC3448-GD NSX Platform Extensibility • SEC3447-GD Compliance Reference Architecture

Technical Track – Management

CONFIDENTIAL 58

• MGT1833 How to Perform Troubleshooting and Root Cause Analysis Using Log Insight• MGT1878 Deep Dive into How vCenter Operations Simplifies NSX Operations• MGT1969 vCloud Automation Center and NSX Integration Technical Deep Dive

Fill out a surveyEvery completed survey is entered

into a drawing for a $25 VMware company store gift certificate

Introduction to NSX

NET1846

Milin Desai, VMware, Inc