Upload
others
View
10
Download
0
Embed Size (px)
Citation preview
©2019 VMware, Inc.
Vincent Han, VMware, Inc.Robert Alvianus, VMware, Inc.
#vFORUM
Why the Rise of DevOps and DevSecOps Mandate Network Virtualization
Confidential │ ©2019 VMware, Inc.
©2019 VMware, Inc.
Agenda
3
1. What has changed and Why?
2. VCN & Network Virtualization
3. Network Automation Demo
©2019 VMware, Inc. 5
Traditional Transportation Company
Traditional Hotel Company
Modern Transportation company
Modern Hotel Company
Sto
ck P
erf
orm
an
ce
B
illio
n$
Time
Agility
Value Creation
Digital Transformation
©2019 VMware, Inc. 6
Mistakes
Value Disintegration
Financial company
Entertainment company
Retail company
Time
Sto
ck P
erf
orm
an
ce
B
illio
n$
Security BreachLoss of content
Site Down
©2019 VMware, Inc. 7
Future
Legacy
Mistakes?
Automated Workflows
Automating and managing exceptions
Integrated StackVCF, VMC, Cloud IaaS
AgilityPeople ProcessesTech
Doing a set of tasks
Ticketing systems
Disjointed ComponentsCompute, Storage, Networking
Future
Legacy
©2019 VMware, Inc. 10
Siz
e o
f C
ha
ng
e
ChangingApps are
Monolithic Development: Long cycle
Frequency of deployment
©2019 VMware, Inc. 11
Then Now
Monolithic Development: Long cycle
ChangingApps are
Legacy Apps
Cloud native apps
High touch / High value
Perceived to be understood
Risk analysis / Preventive measures
Low touch / Difficult to assess value
Not understood
Risk what??
IT time scale Dev time scale
On-prem / Perimeters Multi-cloud / Borderless
Siz
e o
f C
ha
ng
e
Frequency of deployment
©2019 VMware, Inc. 14
What is
Networking?
IdentityIP, DNS, Certificates
Client Server
ConnectivitySwitches and routers
Scale LB, GSLB
SecurityFirewall, IPS, VPN, WAF…
©2019 VMware, Inc. 15
What is
Networking?
IdentityIP, DNS, Certificates
ConnectivitySwitches and routers
Scale LB, GSLB
SecurityFirewall, IPS, VPN, WAF…
Complex
Too many knobs
Error prone
Fails catastrophically
©2019 VMware, Inc. 17
Network VirtualizationSimplification and Isolation
Complex and fragileFailure in one place causes systemic failure
Simplified and isolatedFailures are contained
NSX Abstraction
VS
VS
VS
VS
VS
VS
VS
VS
VS
VS
VS
VS
VS
VS
VS
©2019 VMware, Inc. 19
Network VirtualizationAutomation
Many KnobsLots of automation points that must work together
Lack of isolation exposes to global failures
Application centric automationUnified view of App, Infrastructure and Security
Network Virtualization contains misconfigurations
NSX Abstraction
VS
VS
VS
VS
VS
VS
VS
VS
VS
VS
VS
VS
VS
VS
VS
Automated processes
many points to manage
App and Network not fully integrated
©2019 VMware, Inc. 20
Network VirtualizationSecurity
Network Appliances? Intrinsic SecurityService Firewall
NSX Abstraction
VS
VS
VS
VS
VS
VS
VS
VS
VS
VS
VS
VS
VS
VS
VS
©2019 VMware, Inc. 22
BRANCH
BRANCH
EDGE/IOT
TELCO/NFV
BRANCH
BRANCH
DCDC
DC
EDGE/IOT
PUBLIC CLOUD
PRIVATE CLOUD
Virtual Cloud Network
Virtual Machines | Containers | Bare Metal
vSphere
Data Center | Cloud | Branch
©2019 VMware, Inc. 23
The Foundation of the Virtual Cloud Network
VMware NSX Portfolio
NETWORK AND SECURITY VIRTUALIZATION
Security Integration Extensibility Automation Elasticity
NETWORKING AND SECURITY MANAGEMENT AND AUTOMATION
vRealize AutomationEnd-to-end workload automation
Network InsightNetwork discovery and insights
Cloud-Based Management Workflow Automation Blueprints / Templates Insights / Discovery Visibility
Advanced Load Balancing
Multi-cloud Load Balancing, Security and
Analytics
AppDefenseModern application
security
NSX Data CenterNetworking and security for data center workloads
NSX CloudNetworking and
security for Public Cloud workloads
NSX SD-WANby VeloCloud
WAN connectivity services
©2019 VMware, Inc. 24
Virtualization Layer
NSX Data Center
DATA CENTER
NSX Platform
vSwitch
Workloads
©2019 VMware, Inc. 25
NSX Data Center Solutions
Service-Defined Firewall
Multi-Cloud Networking
Network Automation
Cloud-Native Networking
©2019 VMware, Inc. 26
VMware NSX-T: Single Heterogeneous SDN Platform
Connectivity
Logical L2 / L3 across any workload
L2 stretch and L3 route/policy-based VPN
Security
L4 / L7 distributed & edge firewall
ADC with built-in WAF
Third party service insertion
Operations
Single, consistent, declarative policy that spans multi-cloud
Logging / auditability to meet varying compliance requirements
Policy-based networking and security and operational consistency
On-Premises Data Center
ADC / WAF
VPN(L3 / L2)
3rd Party Service Insertion
DFW / Edge Firewall(L7 / L4)
Logical L2/ L3
Bare-metalVMsPhysicalSwitchesContainers
DMZ
©2019 VMware, Inc. 28
NSX – A Powerful Enabler
Service-Defined Firewall
Multi-Cloud Networking
Network Automation
Cloud-Native Networking
©2019 VMware, Inc.
Infrastructure and Apps Are Subject to Wait
WaitWait
Infrastructure Service DeliveryDays
Application and Change DeliveryWeeks
WorkWaitWaitWaitWorkWait
Changes
Private Clouds
Public Clouds
Hybrid CloudVMware &
vCloud Data Center Partners
Virtualized InfrastructureAbstract & Pool
Compute Abstraction =
Server Virtualization
Network
Network Abstraction =
Virtual Networking
Storage
Storage Abstraction =
Software-Defined Storage
Compute
Physical Hardware
©2019 VMware, Inc. 32
NSX can be consumed in a variety of manners:
NSX consumption built for Automation
User
NSX Integration
OpenStack
vRealize Automation
Terraform / Ansible
Kubernetes / PAS / PKS /OpenShift
More…
vCloud Director
NSX Managers
vSphere and KVM Hypervisor
Centralized Management Plane
Distributed Networking Topologies
©2019 VMware, Inc. 33
How do you automate infrastructure in an application rollout?
Network Infrastructure as Code: API Simplicity
Traditional Network Automation
Config…
VLAN (multiple switches)
IP subnet (Router)
Security Policy (Firewall)
NAT service (Router)
Load Balancing (ADC)
Standardized API ONE JSON File
POST/GET Logical Switch(~12)
POST/GET Tier-1 Router(~2)
POST/GET NSGroups(~3)
POST DFW-Section(~2)
POST EDGE Firewall (~2)
POST NAT (~2)
POST LB Config (~10)
Automation with NSX
PATCH
https://<ip>/policy/api/v1/infrra
{
desired outcomehuman-readable JSON
}
…Taken to a New Level
Scripting
©2019 VMware, Inc. 34
Modern Application Services - Catalog
• One-Click Application - Order with Networking and Security
• Automated IP Addressing
• Networking and Security via NSX API
• Integration with other enterprise services, e.g. AD, IMS, Ticketing, Inventory etc. with vRO extensibility services
…
• Automatic Cleanup With App Disposal
vRealize Automation Catalog
Catalog
©2019 VMware, Inc. 35
Modern Application Services - Blueprint
• Define Once – Multiple Use
• Deployment Time Options for Users
• Support for Multiple Network Topologies
• Repeatable Deployments
• From Single Machine to Multi-Tier Applications
• Security and Load balancer services offered
vRealize Automation Design Canvas
Blueprint
©2019 VMware, Inc.
Modern Application Services – Catalog of Blueprints
Define Once – Multiple Use
Deployment Time Options for Users
Support for Multiple Network Topologies
Repeatable Deployments
From Single Machine to Multi-Tier Applications
• One-Click Application -Order with Networking and Security
• Networking and Security via NSX API
• Automated IP Addressing
• Automatic Cleanup With App Disposal
Blueprint Catalog
• Integration with other enterprise services, e.g. AD, IMS, Ticketing, Inventory etc. with vRO extensibility services
©2019 VMware, Inc. 38
Dynamically configure NSX-T logical Services
Cloud Automation with NSX-T Data Center
NSX-T Services vRealize Cloud Automation On Demand Application and Network Delivery
DHCP
NAT
Distributed Firewall
Routing
Service Catalog
Blueprint
Endpoint Management
Cloud Resources
Network profile
Cloud Management Platform
Web
App
Db
Web
App
Db
Web
App
Db
©2019 VMware, Inc. 40
How to get started
Resources
LEARN TRY
nsx.techzone.vmware.com
CONNECT
TRY
@VMwareNSX#runNSX
Learn ConnectTry
Design Guides Demos
Take a Hands-on Lab
Join VMUG, VMware Communities (VMTN)