Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

VMworld 2015: Introducing Application Self service with Networking and Security

481 views

Published on

Introducing Application Self service with Networking and Security using vRealize Automation and NSX

Published in: Technology
  • Be the first to comment

VMworld 2015: Introducing Application Self service with Networking and Security

  1. 1. Introducing Application Self-service with Networking and Security Using vRealize Automation and NSX Andrew Voltmer, VMware, Inc Becky Smith, VMware, Inc MGT5360 #MGT5360
  2. 2. • This presentation may contain product features that are currently under development. • This overview of new technology represents no commitment from VMware to deliver these features in any generally available product. • Features are subject to change, and must not be included in contracts, purchase orders, or sales agreements of any kind. • Technical feasibility and market demand will affect final delivery. • Pricing and packaging for any new technologies or features discussed or presented have not been determined. Disclaimer CONFIDENTIAL 2
  3. 3. Virtualization ► Accelerate service delivery (weeks days) ► Resource pooling ► HW consolidation IT Automation, The Next Wave of IT Efficiency IT Efficiency Time ► Accelerate service delivery (days  min) ► Improve operational efficiency ► Optimize resource utilization ► Reduce complexity via standardization Cloud Automation & Management CONFIDENTIAL 3
  4. 4. Business Wants Agility. IT Wants Control. Compute Admin Security Admin We want our application on-demand with compute, storage, networking and security! Cloud Users Deliver high-performance networking quickly Ensure secure IT 4 Provide the right VM for the job Network Admin CONFIDENTIAL
  5. 5. 1 Software Defined Data Center 2 NSX Network and Security Virtualization 3 vRealize Automation for Applications and Infrastructure 4 Application Self-Service with Networking and Security Using vRealize Automation and NSX Agenda 5CONFIDENTIAL
  6. 6. VMware’s Software Defined Data Center 6
  7. 7. Infrastructure and Apps Are Subject to Wait 7 WaitWait Infrastructure Service Delivery Days Application and Change Delivery Weeks WorkWaitWaitWaitWorkWait Changes Compute Physical Hardware Private Clouds Public Clouds Hybrid Cloud VMware & vCloud Data Center Partners Virtualized Infrastructure Abstract & Pool Compute Abstraction = Server Virtualization Network Network Abstraction = Virtual Networking Storage Storage Abstraction = Software-Defined Storage CONFIDENTIAL
  8. 8. Hybrid Cloud (Private / Public) Physical Software-Defined Data Center (SDDC) CONFIDENTIAL 8 Cloud Management Platform enables the One Cloud, Any Application Approach SOFTWARE-DEFINED DATA CENTER Compute Network Storage End-User Computing Extensibility Applications Cloud Management Platform BusinessOperationsAutomation Virtualized Infrastructure Compute Network Storage
  9. 9. Dynamically Configure Application Services on SDDC CONFIDENTIAL 9 Automated delivery of secure, scalable and high performing multi-tier applications utilizing VMware’s SDDC Wait WorkWait Automated Application Deployment Manual Network Configuration VMware NSX Network Virtualization Minutes “Zero Touch” Deployment vRealize Automation VMware ESX Compute Virtualization Hours or Days
  10. 10. NSX Network and Security Virtualization 10
  11. 11. Start With Your Existing Physical Network Infrastructure CONFIDENTIAL 11 Without network virtualization, you are hardware defined Internet
  12. 12. Compute Capacity… CONFIDENTIAL 12 Internet
  13. 13. Data Center Virtualization Layer… CONFIDENTIAL 13 Internet
  14. 14. A “Network Hypervisor” CONFIDENTIAL 14 Internet
  15. 15. The Operational Model of a VM for the Networking CONFIDENTIAL 15 Internet
  16. 16. Provides A Faithful Reproduction of Network & Security Services in Software Switching Routing Firewalling Load Balancing VPN Connectivity to Physical Policies, Groups, Tags Management APIs to program all services 16CONFIDENTIAL
  17. 17. NSX – Virtual Networking and Security Web App Database VM “Default”  Firewall – Access shared services (DNS, AD)  Anti-Virus – Scan Daily Security PoliciesSecurity Groups My App Web App Database “Standard Web”  Firewall – allow inbound HTTP/S, allow outbound ANY  IPS – prevent DOS attacks, enforce acceptable use “Standard App”  Firewall – allow inbound ANY, allow outbound ODBC “Standard Database”  Firewall – allow inbound ODBC  Vulnerability Management – Weekly Scan Support for Detailed, Programmable Application Topologies Logical Switching, Routing, Firewall, Load Balancing CONFIDENTIAL 17
  18. 18. vRealize Automation for Applications and Infrastructure 18
  19. 19. VMware’s Automation Solution to Onboard the Cloud CONFIDENTIAL 19 Automation / Infrastructure-as-a-Service Manual provisioning On-demand, automated self – service access Technology sprawl High standardization Initial provisioning Lifecycle management Homogeneous Enterprise wide / heterogeneous ExtensibleOne inflexible approach Virtualized infrastructure Any service from any layer Manual approvals High governance Journey with many starting points and many maturity levels Application Release Automation / DevOps Standardized MW / DB–as-a-Service IT-as-a-Service “Service Broker”
  20. 20. vRealize Automation Policy Management CONFIDENTIAL 20 Business Groups B A C USERS A C B A Authentication & Role-Based Authorization Authorized Users Resource Reservations Cost Profile A Tier 1 Public Physical Virtual Shared Infrastructure Service Blueprints A Requisition Cost Profile Provision Manage Retire Public Physical Virtual C B B A B A C BA “Who provisions what and where”
  21. 21. Application Self-Service with Networking and Security Using vRealize Automation and NSX 21
  22. 22. Traditional Infrastructure Provisioning with Networking CONFIDENTIAL 22 Days - Weeks Wait WorkWaitWait Infrastructure Service FirewallSwitch Router Load Balancer Connect Ethernet cables, configure switch port, VLANs, access control lists, assign IP addresses Configure router interface to connect to switch ports. Configure routing protocols. Connect networks to firewall appliances, configure firewall rules based on physical constructs e.g. IP address and VLANs Connect networks to load balancer appliances, create and populate load balancer pool, assign Virtual IP Address to external interface NETOPS SECOPS LOAD BALANCER ADMIN Manual efforts Network
  23. 23. Application Centric Network and Security Services CONFIDENTIAL 23 Deployed and managed in the application context Web App Database VM VM VM VM VM VM • Applications configured with dedicated or shared virtual switches and routers depending on needs • Virtual Machines can be moved (vMotion) without changing virtual network configuration • Application specific policies including firewall rules, intrusion detection integration, and agentless anti-virus scanning at each application tier • Dynamic configuration of application specific load balancers • Without expensive physical hardware VM • Networks configured to meet unique performance needs of each application • Shared or dedicated switches, routers and load balancers depending on performance needs VM VM VM VM VM VM VM
  24. 24. Blueprint of the Modern Application CONFIDENTIAL 24 Define Once – Multiple Use Deployment Time Options for Users Support for Multiple Network Topologies Repeatable Deployments From Single Machine to Multi-Tier Applications
  25. 25. Catalog of Applications CONFIDENTIAL 25 “One Click” Deployment Order your Application with Networking and Security N+S Built On-Demand via NSX API Automated IP Addressing Automatic Cleanup With App Disposal
  26. 26. Group into Complete Application Environments or Services CONFIDENTIAL 26 Predefined, Tested, Compliant, Repeatable Logical Load BalancerNetwork ProfilesDefault Gateway Security Groups Security PoliciesSecurity Tags AVAILABILITYSECURITYCONNECTIVITY Catalog Item Complete Application Environment Blueprint
  27. 27. Top NSX Solutions with vRealize Automation CONFIDENTIAL 27 The Power of NSX and vRealize Automation delivers Application Deployment with . . . On-Demand Networking and Security On-Demand Security Existing Networking and Security
  28. 28. Application Deployment with On-Demand Network and Security Services The Power of VMware NSX and vRealize Automation
  29. 29. Application Deployment with On-Demand Networking & Security CONFIDENTIAL 29 Web/App Database VM VM VM Logical switches and routers created by NSX when the user creates an application Single-tier or multi-tier NAT or routed topologies Automated IP addressing of VMs and subnets On-demand security groups built per app and per tier with VMs placed into groups Security policies applied to dynamically created groups Load-balancer dynamically deployed for application
  30. 30. Application Deployment with On-Demand Micro-Segmentation The Power of VMware NSX and vRealize Automation
  31. 31. Application Deployment with On-Demand Micro-Segmentation CONFIDENTIAL 31 Web/AppDatabase VM VMVM VMs placed on pre-created logical switches On-demand security groups created when application is deployed Security policies applied to dynamically created groups Micro-segmentation on larger L2 networks Load-balancer configuration dynamically deployed VMs and security groups removed when app destroyed but networking remains
  32. 32. Application Deployment into Existing Network and Security Services The Power of VMware NSX and vRealize Automation
  33. 33. Application Deployment into Existing Network and Security Services CONFIDENTIAL 33 Web/App Database VM VM VM Pre-created logical switches and routers defined by the NSX admin - VMs are wired to pre-created switches Security Groups pre-defined to match security tags for each tier of application When a cloud user selects a catalog item VMs are wired to NSX switches and tagged with appropriate security tags Enforcement is based on combining the tag with the rules in the security group Applications can be single tier or multi-tier – typically routed topologies
  34. 34. Multi-Tier App, Multiple Networks Multi-Tier App, Single Flat Network Application Deployment Topologies CONFIDENTIAL 34 Support for Multiple Network Topologies Web App Database VM VM VM VM VM VM VM VM VM VM VM VM
  35. 35. Demo 35
  36. 36. Questions 36CONFIDENTIAL
  37. 37. http://www.vmware.com/products/vrealize-automation/ http://www.vmware.com/products/nsx/ Check out: Hands-On Labs: HOL-SDC-1632, HOL-SDC-1624, HOL-SDC- 1603 Session: NET5362 Enabling Automated Network & Security Services with NSX and vRealize Automation
  38. 38. Introducing Application Self-service with Networking and Security Using vRealize Automation and NSX Andrew Voltmer, VMware, Inc Becky Smith, VMware, Inc MGT5360 #MGT5360

×