NET1188BE Disaster Recovery Solutions with NSX or distribution · RecoverPoint for Virtual Machines (RP4VM) •VM-level disaster recovery granularity •Virtual Appliance Replication

Humair Ahmed, VMware NSBU, @Humair_AhmedRichard Stinton, iland, @vstinto

NET1188BE

#VMworld #NET1188BE

Disaster Recovery Solutions with NSX

VMworld 2017 Content: Not fo

r publication or distri

bution

• This presentation may contain product features that are currently under development.

• This overview of new technology represents no commitment from VMware to deliver these features in any generally available product.

• Features are subject to change, and must not be included in contracts, purchase orders, or sales agreements of any kind.

• Technical feasibility and market demand will affect final delivery.

• Pricing and packaging for any new technologies or features discussed or presented have not been determined.

Disclaimer

CONFIDENTIAL 2



bution

1 The Need for Better DR with NSX

2 NSX Features for DR

3 NSX DR Solutions with Examples

4 Demo

5 Customer Example: EMC Enterprise Hybrid Cloud (EHC)

6 Customer Example: iland

7 Third Party Services for DR with NSX

8 Summary and Q&A

Agenda

3



bution

NSX Networking and Security for DR Solutions

4

Ex:

▪ L2 Over Dark Fiber

▪ VPLS Over MPLS Back Bone

▪ Hardware-Based Solution (OTV)

Expensive, hardware-based, complex, operationally challenging, and/or long lead times required

What’s needed is a software based approach which can provide:

➢ Decoupling from physical hardware➢ Ease of deployment ➢ Ease of use➢ Better security with micro-segmentation➢ Leverage higher-level security constructs➢ Flexibility➢ High degree of automation➢ Rapid deployment/recovery and productivity➢ Ease of testing DR Plan➢ Extensive partner ecosystem for services➢ Integration with other DR & SDDC components (SRM, vSphere hypervisor, vRealize Suite, etc.)Not holistic solutions – only focused on the network and per-device configuration and lack automation and flexibility

Traditional Challenges for DR Solutions

• Change application IP addresses• Re-create/Re-configure physical network

for L2-L3 connectivity requirements• Re-create security policies • Update other physical device configuration

Ex: load balancer • Additional update/re-configuration (ACLs,

DNS, Application IP Dependencies, etc.)

Winter is coming.

Protect the workloads!

Site 1: Winterfell

Site 2: King’s Landing

Traditional Solutions::



bution




4 Demo




8 Summary and Q&A

Agenda

5



bution

Leveraging Cross-VC NSX for DR

6

• DR to another data center

APP

Active Stand-byActive - stand-by model

ULS - VNI 7000

ULS - VNI 8000

UDLR

APP

UDFW

ULS - VNI 9000

APP

APP

APP

APP

WEB

APP

DB

APP

APP

APP

Site 1 Site 2



bution

Flexibility for DR Solutions

• DR to another data center

Active Stand-by

Active - stand-by model

UDLR

UDFW

APPAPP

WEBAPPDB

APPAPP APP APP

WEBAPPDB APP APP APPAPPAPP APP

UDLR

ActiveStand-by

Site 1 Site 2

7



bution

Transport Zone

Host 1 Host 2

Universal App Logical Switch: VNI 90000

Universal Controller Cluster

No CDO Mode

VDS

Cluster

Successful PingPing Fails

NSX Control Plane Resiliency: CDO Mode

VDS

Cluster

Site 1 Site 2

Universal Transport Zone

No CDO Mode

8



bution

Transport Zone

Host 1 Host 2

Universal App Logical Switch: VNI 90000

Universal Controller Cluster

CDO CDO

VDS

Cluster

Successful Ping

BUM

• No issues when powering on a VM on

Host 2 or vMotioning a VM to Host 2

NSX Control Plane Resiliency: CDO Mode

VDS

Cluster

Site 1 Site 2

Universal Transport Zone

9



bution

On Primary NSX Manager - configure Unique ID Selection Criteria On Primary NSX Manager - create Universal Security Tag

Synchronization of Security Tags between

Primary/Secondary NSX Managers

On Secondary NSX Manager - Security Tags attached to

respective VMs based on Unique Selection criteria

Ex: Universal Security TagsOn Primary NSX Manager – Statically

attach security tag(s) to respective VM(s)

NSX Security: Leveraging Higher-Level Security Constructs

10



bution

Leveraging NSX for DR to Cloud

11

• DR to a cloud environment


WEBAPPDB

APPAPP APP

Stand-by

L2 over L3 via

Cross-VC NSX

Active

Direct Connectivity

WEBAPPDB

VMware Cloud Provider

APPAPP APP

Site 1 Site 2



bution

Leveraging NSX for DR to Cloud

12

• DR to a cloud environment


WEBAPPDB

APPAPP APP

Stand-by

APP APP

VMware Cloud Provider

IPSECL2VPN

WEBAPPDB

Active

APP

Site 1 Site 2



bution




4 Demo




8 Summary and Q&A

Agenda

13



bution

NSX Enhanced DR Solutions

vSphere 6.0+ NSX 6.2+

SRM

Compute and Networking DR Orchestration Storage Replication

vSphere/Array Replication

Dell EMC RP4VM

Other DR VendorsVRA VRA

VM-Level Replication

RP4VM

Replication

14



bution

Cross-VC NSX + SRM for DR

15

Storage

Servers

VMware vSphere

vCenter ServerSite

Recovery Manager

Virtual Machines

Site Recovery Manager

• Manages recovery plans

• Automates failovers and failbacks

• Tightly integrated with vCenter and replication

Storage-Based Replication (3rd party)

• Provided by replication vendor

• Integrated via replication adapters created, certified and supported by replication vendor

vSphere Replication

• Part of vSphere platform

• Replicates virtual machines between

vSphere clusters

Replication Options

Required at both protected

and recovery sites

Networking ?

Compute

Storage

Source and destination networks are automatically mapped with Storage Policy Protection Group (SPPG)

APP APP APP APP APP APP



bution

16

Palo Alto Networks

SRM SRM

Palo Alto Networks

vSphere Replication vSphere Replication

.1

.1

.1

Active Application Standby Application

1

2

3

Protection GroupPriorities/Dependencies



bution

17

ULS – Web: 172.20.1.0/24

ULS – App: 172.20.2.0/24

UDLR

DB

UDFW

ULS – DB: 172.20.3.0/24

Web

App

Test ULS – Web: 172.20.1.0/24

Test ULS – App: 172.20.2.0/24

Test UDLR

DBTest ULS – DB: 172.20.3.0/24

Web

App

Site 1Palo Alto, CA

Site 2San Jose, CA

SRM

DB

Web

App

Run on Isolated Test Network



bution

Cross-VC NSX + RP4VM for DR

18

Recover Point Manager

• Manages recovery plans

• Automates failovers and failbacks

• Tightly integrated with vCenter

• Protect VMs with VM level granularity

• Replicates virtual machines between

vSphere clusters

• Orchestrated DR test, failover, failback to

any point in time

Hypervisor Based Replication



bution

19

Cross-VC NSX + Zerto for DR



bution




4 Demo




8 Summary and Q&A

Agenda

20



bution

21



bution




4 Demo




8 Summary and Q&A

Agenda

22



bution

Enterprise Hybrid Cloud

CI / HCI PlatformSoftware Defined

InfrastructureCloud Management

and OperationsSelf-service and automated IaaS

Continuous Availability

Disaster Recovery

Encryption Services

Data Protection

Engineered Modular Add-ons

Enterprise Hybrid Cloud

24



bution

Business value NSX with EHC delivered to our customers

4X faster

provisioning time

90% reduction

in downtime

50% reduction

in data center costs

Consolidated data

centers by 71%

Reduced resource

provisioning time from

months to hours

Unification of

entire IT department

vs. siloed teams

Reduced provisioning

times from 2–3 weeks

to minutes

Decreased total IT

spend by 60%

Reduced time to market

for new business

services by 65%

25% time saved from

operational activities

Provisioning time

reduced from days

to minutes

Increased resource

utilization

25



bution

NSX Simplifies EHC DR add-on

RecoverPoint for

Virtual Machines

(RP4VM)

• VM-level disaster recovery

granularity

• Virtual Appliance Replication

• vSphere web client

integration

26



bution

Use Case: Requirements

12

45 6

3

2 Sites, 2 vCentersActive workloads

Bi-directional DR

Consistent security

Consistent networks and

traffic engineering

DR Consumption

through CMP

27



bution

Building the Network

Green_uDLR

Blue_uDLR

Site 1 Site 2

vCenterNSX

ManagerController

ClustervCenter

NSX Manager

Cross vCenter NSX 1

2

5

Web App DB

Blue App01

Web App DB

Green App0128



bution

Replicating the VMs

Green_uDLR

Blue_uDLR

Site 1 Site 2

vCenterNSX

ManagerController

ClustervCenter

NSX Manager

Cross vCenter NSX

Web App DB

Blue App01

Web App DB

Green App01

RP4VMvRPA

RP4VMvRPA

Recoverpoint for VM

RP4VM CG

RP4VM CG

Web App DB

Green App01

Web App DB

Blue App01

3

29



bution

Securing the Applications

Green_uDLR

Blue_uDLR

Site 1 Site 2

vCenterNSX

ManagerController

ClustervCenter

NSX Manager

Cross vCenter NSX

Web App DB

Blue App01

Web App DB

Green App01

RP4VMvRPA

RP4VMvRPA

Recoverpoint for VM

RP4VM CG

RP4VM CG

Web App DB

Green App01

Web App DB

Blue App01

Universal

Security

Groups, tags

and DFW

rules

6

4Static Inclusion

192.168.0.100

00:50:56:XX:YY:ZZ

Dynamic Inclusion

Universal Security Groups



bution




4 Demo




8 Summary and Q&A

Agenda

30



bution

richard stintoncloud solutions architect

iland Secure Cloud | http://iland.com

[email protected] / @vstinto

32



bution

mailto:[email protected]

about

Began my journey with iland in 2016Microsoft AzureVMware

Techie at heartStarted in technology in mid 80’s

33



bution

The Forrester Wave™: Disaster-Recovery-As-A-Service Providers , 2017

22Years delivering

IT Services

8ISO 27001 & SSAE16 global data centers

11Years cloud

& disaster recovery expertise

A “Leader” in Gartner Magic Quadrant for DRaaS, 2017



bution

iland delivers a breadth of secure cloud services

iland Secure Cloud

iland Secure Cloud Backup

iland Secure Disaster Recovery as a Service

Public and Private Cloud

Global backup for on-premise

Fast and reliable DRaaS

All iland services are delivered with our industry-leading customer support

35



bution

Global cloud locations to support your growing business

• Datacenters: Los Angeles, Dallas, Washington, D.C., London, Manchester, Amsterdam, Singapore, Sydney

• Ongoing global customer-driven expansion

• Tier III and IV data centers

• Connected directly to 500 IP providers worldwide

• Clear data location for data sovereignty

• Local support in each region

• Standard global contract, SLA, and service catalogUS Headquarters

Houston, TX

EMEA HeadquartersLondon, UK

36



bution

and NSX

relying on public and private nsx functionality

2010

vcd and vcni vcloud networking and

security

nsx

2017

global nsx footprint

across 8 data

centers

10,000networks deployed

over ten thousand

leveraging vxlan

primarilysmall percentage of vlan

leveraging the

nsx api

extensively

37



bution

multi-tenant draas use case

• ability to pre-configure security rules

• firewalling, load balancing, routing, vpn, etc.

• stretch layer-2 with our without customer nsx, partial and full

failover

• complete control prior and during dr event

one or multiple

edges per

customer

Production VM

Firewall

Production VM

complete replica of customer network

segments to iland cloud

38



bution

Customer Data Center

Replicated VM

Production VM

Firewall

Production VM

Replicated VM NSX Edge

- Firewall

- L2VPN

- Load

Balancing

- BGP

multi-tenant draas use case (partial)

39



bution

NSX Edge

- Firewall

- L2VPN

- Load

Balancing

- BGP

Customer Data Center

Replicated VM

Production VM

Firewall

Production VM

Replicated VM

multi-tenant draas use case (full)

40



bution

iland secure cloud – nsx api integrations

41



bution

iland secure cloud console – DRaaS integrations

42



bution




4 Demo




8 Summary and Q&A

Agenda

42



bution

4

3

NSX + F5 DNS for Active/Standby and Active/Active Designs



bution

GSLB for Active-Standby and Active-Active Solutions

44

GSLB GSLB

SLB SLB

Application Pool Application Pool

VIP: 10.100.9.14 VIP: 10.200.9.14

Client DNS Request Client DNS Request



bution

45

Site1–PaloAlto,CA Site2–SanJose,CA

Site1NSXManager1

Primary

Site2NSXManager2

Secondary

vCenter1 vCenter2

Universal

Controller

Cluster

CompueCluster1 CompueCluster2 EdgeCluster

MgmtvCenter

CompueCluster1 CompueCluster2 EdgeCluster

UniversalTransportZone

UniversalDistributedFirewall(UDFW)

ComputeVDS EdgeVDS ComputeVDS EdgeVDS

UniversalDistributedLogicalRouter(UDLR)

UniversalTransit:172.39.39.0/28

.1 .2

Universal

ControlVM

.14

VLAN279

10.100.9.2/28VLAN280

10.100.11.2/28

VLAN379

10.200.9.2/28VLAN380

10.200.11.2/28

.1 .1.1 .1

ESXi1-1:10.100.0.50/24

ESXi1-2:10.100.0.51/24ESXi1-3:10.100.0.52/24 ESXi1-4:10.100.1.51/24

ESXi1-5:10.100.1.52/24

ESXi1-6:10.100.1.53/24

ESXi2-1:10.200.0.50/24

ESXi2-2:10.200.0.51/24ESX2-3:10.200.0.52/24 ESXi2-4:10.200.1.51/24

ESXi2-5:10.200.1.52/24

ESXi1-6:10.200.1.53/24

UniversalWeb2:172.20.8.0/24

.1 .2

UniversalApp2:172.20.9.0/24

UniversalDB2:172.20.10.0/24

.1

.1

UniversalWeb:172.20.1.0/24

UniversalApp:172.20.2.0/24

UniversalDB:172.20.3.0/24

.254 .254 .254.254 .254.254

.1

.1

.1

SummaryRoute:

172.20.0.0/20

10.100.1.71/2410.100.1.72/24 10.200.1.71/2410.200.1.72/24

10.100.1.73-74/24

Cluster1 Cluster2

iBGP

BGPWeight:60

iBGP

BGPWeight:30

eBGPeBGP

Mgmt:10.200.1.80 Mgmt:10.200.1.81Internal(Web):172.20.8.248 Internal(Web):172.20.8.249

HA:172.90.90.2/30

InternalFloa?ngIP(Web):

172.20.8.250

ExternalFloa?ngIP(Web):

10.200.9.14

External(Edge):10.200.9.12 External(Edge):10.200.9.13

Mgmt:10.100.1.80/24 Mgmt:10.100.1.81Internal(Web):172.20.8.251 Internal(Web):172.20.8.252

HA:172.80.80.1/30 HA:172.80.80.2/30

InternalFloa?ngIP(Web):

172.20.8.253

ExternalFloa?ngIP(Web):

10.100.9.14

External(Edge):10.100.9.12 External(Edge):10.100.9.13

[BIG-IP DNS VE]

Mgmt:10.114.223.75 Dataplane:10.100.1.190

[BIG-IP DNS VE]

Mgmt:10.114.223.78 Dataplane:10.200.1.190

Laptop

1. DNS Request

2. Intelligent DNS response

3. Client Connects to LTM VIP

4. LB to local application

Compute Cluster 1 Compute Cluster 2 Compute Cluster 1 Compute Cluster 2



bution

4

6

VMware NSX + Palo Alto Network for Advanced Multisite Security

4

6



bution

47

Multi-site Security Policy

Security Policy Management Layer

HA

Active Standby



bution




4 Demo




8 Summary and Q&A

Agenda

48



bution

49

åç

vCenter-A

<150msLocal storage Local storage

Site-A

vCenter-B

SRM

Palo Alto

vSphere replication

Palo Alto

SRM

vSphere replication

APP APP

Secure, high availability, distributed, virtualized resource pool

Universal distributed logical router

Site-B

WEB APP DBWEB APP DB

NSX: Platform for Building Multi-site and DR Solutions



bution



bution

Humair Ahmed, VMware NSBU, [email protected], @Humair_Ahmed

Richard Stinton, iland,

[email protected], @vstinto



bution



Documents

NET1188BE Disaster Recovery Solutions with NSX or distribution · RecoverPoint for Virtual Machines (RP4VM) •VM-level disaster recovery granularity •Virtual Appliance Replication