Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
VMware NSX for vSphere - Intro and use cases
1. NSX for vSphere, intro and use cases
Oct 2014
Ángel Villar Garea
avillargarea@vmware.com
@AVillarGarea
2. DISCLAIMER
2
This is NOT VMware’s official documentation.
It is just my understanding of technology and products. Any inaccuracy or error you may
find it is only my responsibility and not VMware’s.
3. 3
The biggest industry transformation since
mainframe to client server computing?
4. What customers demand
Business/IT Execs
Speed and Agility
Secure Infrastructure
Time-to-Market
Competitive Advantage
4
IT Operations
Efficiency of change
IT Infrastructure & Security
Data Center Micro-segmentation
Scale-out DMZ
Network hardware choice
Compute capacity utilization
5. The Software Defined Data Center (SDDC)
Intelligence in Software
Operational Model of VM for Data Center
Automated Configuration & Management
Software
Data Center Virtualization Layer
Hardware Compute, Network and Storage Capacity
Pooled, Vendor Independent, Best Price/Performance Infrastructure
Simplified Configuration & Management
5
6. The Network Is a Barrier to Software Defined Data Center!!
Compute Virtualization Abstraction Layer
Physical
Infrastructure
Software Defined Data Center
• Provisioning is slow
• Placement is limited
• Mobility is limited
• Hardware dependent
• Operationally intensive
6
7. Physical
Infrastructure
• Provisioning is slow
• Placement is limited
• Mobility is limited
• Hardware dependent
• Operationally intensive
Introducing VMware NSX
L2 Switch Firewall
Network Virtualization with NSX
Operational model
of a VM
Sofare
• Programmatic provisioning
• Place any workload anywhere
• Move any workload anywhere
• Decoupled from hardware
• Operationally L3 Router Load Balancer efficient
7
9. VMware NSX – Networking & Security Capabilities
Any Application
(without modification)
Virtual Networks
Any Cloud Management Platform
VMware NSX Network Virtualization Platform
Logical
Firewall
Logical L2
Any Network Hardware
Logical
Load Balancer
Logical L3
Logical
VPN
Any Hypervisor
Logical Switching– Layer 2 over Layer 3, decoupled from
the physical network
Logical Routing– Routing between virtual networks without
exiting the software container
Logical Firewall – Distributed Firewall, Kernel Integrated,
High Performance
Logical Load Balancer – Application Load Balancing in
software
Logical VPN – Site-to-Site & Remote Access VPN in
software
NSX API – RESTful API for integration into any Cloud
Management Platform
Partner Eco-System
9
10. VMware NSX Transforms the Operational Model of the Network
Reduce network
provisioning time from days to
seconds
Network provisioning time reduced
from days to seconds
Cost Savings
Operational Automation
Simplified IP hardware
Reduce operational costs up to 80%
Increase compute asset utilization up
to 90%
Reduce hardware costs by 40-50%
Choice
Any hypervisor
Any CMP
with Partner
Any Hypervisor:
vSphere, KVM, Xen, Hyper-V
Any CMP:
vCAC, OpenStack
Any Network Hardware
Broad Partner Ecosystem
10
11. Gartner Data Center Networking Magic Quadrant 2014
11
“The
NSX
solu-on
should
be
considered
by
exis-ng
VMware
customers
as
a
way
of
providing
network
agility
and
reducing
network
opera3onal
challenges
within
the
data
center.”
Gartner
Data
Center
Networking
Magic
Quadrant,
April
24,
2014
13. Rack N’ Roll!!
13
Web
App
Database
Deploy Applications from CMP
VMs, Logical Networks and Security
Add Capacity on Demand
VM
VM
VM
VM
VM
VM
14. Virtual Networks are isolated from each other
(Overlapping IP Addresses)
Virtual Networks are isolated from underlying
physical network (IPv6 over IPv4)
Multitenancy – Complete Isolation
14
15. Problem – Data Center Network Security
Perimeter-centric network security has proven insufficient, and micro-segmentation is operationally infeasible
Internet Internet
Little or no
lateral controls
inside perimeter
Insufficient Operationally
Infeasible 15
16. Data Plane
Distributed switching, routing,
firewall
CONFIDENTIAL 16
Solution – Micro-segmentation with NSX
CONFIDENTIAL
Unit-level trust
Control Plane
NSX Manager
Physical workloads
and VLANS
§ Each hypervisor has its own
firewalling with flexible granularity:
entire data center down to the vNIC
REST API
§ Security is shrink-wrapped around
each workload
§ Faults and threats are contained with
micro-granularity
Management Plane
vCenter
17. Data Plane
Distributed switching, routing,
firewall
CONFIDENTIAL 17
Control Plane
NSX Manager
Physical workloads
and VLANS
REST API
Management Plane
vCenter
Central Management /
Distributed Control
§ Security policies are coordinated and
centralized
§ Security actions are orchestrated
centrally
§ Firewall policies are provisioned,
moved, and retired with their
associated workloads
Solution – Micro-segmentation with NSX
18. Segmentation with NSX
18
Traditional Data Center NSX Data Center
DMZ/Web VLAN
App VLAN
HR
Finance
Finance HR
Services/Management VLAN
DB VLAN
Services Mgmt
Finance HR
Perimeter
firewall
Inside firewall
Perimeter
firewall
DMZ/Web
App
DB
HR Group
Finance Group
DMZ/Web
App
DB
Services/Management
Group
Services Mgmt
NSX segmentation simplifies network security
§ Each VM can now be its own perimeter § Policies align with logical groups
§ Control communication within a single VLAN
19. Service Insertion Example – Palo Alto Networks Next Gen Firewall
Internet
Security Policy
Security Admin
Traffic
Steering
19
20. Automated Security in a Software Defined Data Center
Quarantine Vulnerable Systems until Remediated Security Group = Quarantine Zone!
Members = {Tag = ‘ANTI_VIRUS.VirusFound’, L2
Isolated Network} !
Policy Definition Security Group = Web Tier!
Standard Desktop VM Policy
þ Anti-Virus – Scan
Quarantined VM Policy
þ Firewall – Block all except security tools
þ Anti-Virus – Scan and remediate
20
23. More information
23
Description Link
VMware NSX web site http://www.vmware.com/products/nsx/
NSX and SDDC dedicated web site http://virtualizeyournetwork.com/
VMware NSX Twitter https://twitter.com/vmwarensx
Hands-on-Labs Networking http://labs.hol.vmware.com/HOL/catalogs/catalog/130
VMware NSX customer case – WestJet http://www.youtube.com/watch?v=3OsXGuZjxxY
VMware NSX customer case – Colt http://blogs.vmware.com/networkvirtualization/2014/08/vmware-nsx-customer-
story-colt-decreases-data-center-networking-complexity.html
VMware NSX customer case – NTT http://www.vmware.com/company/news/releases/vmw-ntt-netvirt-061013
Brad Hedlund on end-to-end visibility in VMware NSX http://www.youtube.com/watch?v=wRL47AmFAUU
VMware NSX and Splunk - Operational Visibility Across
Virtual and Physical Domains http://www.youtube.com/watch?v=PzMvQFeojCk