3. Unlock the flexibility to move existing and future workloads from on-
premises environments to public clouds and back again for a true hybrid
cloud experience
Ensure compatibility with services based on the same VMware platform
you already use
Customer Benefits: Hybridity
CONFIDENTIAL 3
4. Bypass risk and uncertainty with clouds offering compliance certifications
and built-in standards for security and reporting to meet business and
industry requirements
Trust the inherent isolation provided by vSphere as well as the network
virtualization and per VM security policies provided by NSX
Customer Benefits: Security & Compliance
CONFIDENTIAL 4
5. National cloud give you the peace of mind of knowing exactly where your
data is being stored and transferred
Cloud provider keep data and applications local for simplified adherence to
national data security and privacy regulations
Customer Benefits: Data Sovereignty
CONFIDENTIAL 5
6. Pre-Hypervisor Challenges
6
• OS : Physical Hardware
mapping is 1:1
• Higher Scale = More
Hardware
• Resources Mostly
Underutilized
• Network Configurations are
mostly Manual
• Security = Perimeter
Pre-Hypervisor
L2 +
L3
Application
OS
x86
Storage
Network Interface
Physical Gateway + Router
Firewall, VPN
7. Virtualization of x86 resolves some issues…
7
1:1 mapping between
OS & Hardware
Scale = more hardware
Under Utilized resources
Manual Configurations
Perimeter Security
Pre-Hypervisor
L2 +
L3
Application
OS
x86
Storage
Network Interface
Physical Gateway + Router
Firewall, VPN
1:X mapping between
OS & Hardware
Scale != more Hardware
Optimized Resource
Consumption
Addition of Manual
Routes
‘X’ # Firewall Rules
Choke Points
No Cross vSwitch
Security
Perimeter Security
Post-Hypervisor
Virtual
L2
L3
Hypervisor
x86
Storage
Network Interface
Physical Gateway + Router
Firewall, VPN
VM VMVMVM
vSwitch
9. NSX is fundamental to the SDDC
9
The software-defined data center (SDDC) is crucial to the long-term
evolution of an agile digital business, according to Gartner, Inc.
Gartner predicts that the programmatic capabilities of the SDDC will be
considered a requirement for 75 percent of Global 2000 enterprises by 2020.
• Static
• Rigid / fragile
• Prone to security issues
• Expensive
• Hard to change
• Manual
Data centers of today Benefits of the SDDC
NSX is fundamental to the SDDC
VMware and NSX are best positioned to deliver the SDDC to
organizations because we are positioned at the right place in
the data center to enable the benefits of the SDDC. Without
NSX, the benefits of the SDDC can’t be realized.
Dramatically higher efficiency and lower costs
Application provisioning in minutes
The right availability and security for every application
App and workload mobility
10. Provides
A Faithful Reproduction of Network & Security Services
in Software
Switching Routing Firewalling Load
Balancing
VPN Connectivity
to Physical
What is NSX?
11
11. Construct Network Services in Virtual Layers
12
Provider Peripheral Network Infrastructure
SwitchingRouting Firewalling Load
Balancing
VPN
Decouple Network Services
Decouple Network Services
• Core infrastructure backbone is
agnostic of network demands at the
virtual data centers
• Flexibility of Operations
− Consumer serviced networks
− Defined Micro-segments for
various workloads
Consumer
End Customer Network Infrastructure
Virtual Data Center
VM VM VM
Priv ate Network
(192.168.50.0/24)
VM VM VM
DMZ Network
(192.168.52.0/24)
Virtual Data Center
VM VM VM
Priv ate Network
(192.168.50.0/24)
VM VM VM
DMZ Network
(192.168.52.0/24)
Virtual Data Center
VM VM VM
Priv ate Network
(192.168.50.0/24)
VM VM VM
DMZ Network
(192.168.52.0/24)
Provider
12. Physical Firewall
Rules
VM’s in Data Center
VM VM
VM VM VM
VM VM VM
VM
With NSX DFW
Lower Perimeter Firewall requirements and cost
13
Lower # of Physical Firewalls
VM’s in Data Center
VM VM
VM VM VM
VM VM VM
VM
Physical Firewall
Without NSX DFW
Distributed
Firewall
Rules
VM with
Security Policy
VM with Default
Security Policy
VM
VM
Rules
13. Lower Routing equipment requirements and cost
14
Lower # of Routers
VM’s in Data Center
Physical Routers
VM VMVM
vSwitch3
VM’s in Data Center
Physical Routers
VM VMVM
vSwitch3
VM VMVM
vSwitch1
VM VMVM
vSwitch2
Distributed
Routing
+
Edge
Gateway
VM VMVM
vSwitch1
VM VMVM
vSwitch2
Distributed
Routers
14. Distributed Logical Router
.1
.1
.1
.1
App Logical Switch
172.16.20.0/24
DB Logical Switch
172.16.30.0/24
.2
Perimeter
Gateway
Control Center
192.168.110.10
Web Logical Switch
172.16.10.0/24
Micro-Segmentation/Inside Perimeter Security
Zero Trust Model
VM
fin-web-
sv-02b
.12.11
fin-web-
sv-01a
VM VM
hr-web-
sv-02b
.22.21
hr-web-
sv-01a
VM VM
.11
fin-app-sv-01a
VM
.21
hr-app-sv-01a
VM
.11
fin-db-sv-01b
VM
.21
hr-db-sv-01b
VM
Finance
HR
TCP 1234
SSH
Traffic from WEB tier to APP
tier (per organization)
protected by DFW
MySQL
Traffic from APP tier to DB
tier (per organization)
protected by DFW
HTTP
HTTPS
Traffic from USER to WEB Tier
protected by DFW
15
16. NSX and vCloud Director Use Cases
• NSX functionality can be consumed out of band from vCD to enable provider side use cases
• Enables providers to deliver value added services to their cloud consumers
• Does not require direct product integration
• Can be automated for rapid provisioning or even self-service
CONFIDENTIAL 17
Use Case Benefit NSX Components
L2VPN & L2 Bridging • Cloud Bursting
• Cloud Migration
• Network Extension
• Disaster Recovery as as Service
NSX Edge Gateway
NSX L2 Bridging
Micro-segmentation of provider
managed networks
• Securely provide network based services to tenants, eg:
• Backup
• Monitoring
• Patching
NSX Distributed Firewall
SpoofGuard
Guest/Network Introspection
NSX Partners Services
• Agentless guest and network based services from NSX
Partners, eg:
• Anti Virus
• IDS/IPS
NSX Service Composer
Partner Ecosystem
Gateway Virtualization • Virtualize network functions on commodity x86 hardware
• Common interface and vendor across all services
NSX Edge Gateway
VXLAN
17. Y
• SSL secured L2 extension technology over any
IP network
• Separate NSX Edge GWs run as server & client
• Independent of vCenter Server boundaries
• Managed and Unmanaged options
• UI and API based configuration
• Able to bridge any combination of VLAN or VXLAN
networks
• No specialized hardware required (will leverage
AES-NI CPU instruction set where available)
• Supports both Enterprise and Hybrid Cloud use
cases
Features Benefits
NSX and vCloud Director – L2 VPN
CONFIDENTIAL 18
Internet / WAN
Enterprise
NSX Edge Services GW
L2VPN Client
NSX Edge Services GW
L2VPN Server
Internet / WAN
Public
Cloud
Hybrid Cloud
NSX Edge Services GW
L2VPN Client
NSX Edge Services GW
L2VPN Server
19. NSX and vCloud Director – Secure Provider Services
• NSX enables Provider managed services to be attached to VMs (Monitoring, Backup, etc.)
• All VMs are attached to a common Service Network
• NSX Distributed Firewall and SpoofGuard enforce security and isolation
CONFIDENTIAL 20
Edge
Gateway
VM VM VM VM VM VMVM VM
Org 2
Org 1 Net Org 2 Net
App X Net
Provider
Routers
App Y Net App Z Net App K Net
vApp X vApp Y vApp Z vApp K
NSX Edge NSX Edge
Internet/WAN
External Net
Monitoring
Service
Backup
Service
Patching
Service
Common Services Net
Tenant 1
Managed
Org 1
Tenant 2
Managed
Provider
Managed
20. NSX and vCloud Director – Value Added Services
• Both native NSX and 3rd party Solutions can be added as Value Added Services (VAS)
• NSX Service Composer allows Providers to deliver VAS on a per-Tenant or per-VM basis
21
Data
Security
Firewall Activity
Monitoring
Anti VirusVulnerability
Management
IPS/IDS
Different service categories from
several vendors are supported
22. Industry-Leading Hyper-Converged Software
23
From the market leader in virtualization software and management
VMware Hyper-Converged
Software
x86 Server Hardware
vSphere
vCenter
Virtual SAN
VMware Hyper-Converged
Software
Market-leading hypervisor
Radically simple enterprise-class storage
Most flexible deployment options
Unified management
23. The Best Building Block for the Software-Defined Data Center
24
NSX: Leading network virtualization
platform for the SDDC
vRealize Operations: Advanced storage
management and planning
vRealize Log Insight: Real-time log
management of Virtual SAN
Horizon: Single platform for virtual
and hosted desktops
x86 Server Hardware
vSphere
vCenter
Virtual SAN
VMware HCS
SDDC software
24. Why VMware Hyper-Converged Software?
25
Radically
Simple
>100
Pre-Certified Ready
Nodes to Match
Existing Infrastructure
1
Integrated SW stack
<1ms
Latency with all-flash
systems
>100K
IOPS per node
$1/GB
As low as $1 per
usable GB of all-flash
Virtual SAN
50%
Lower TCO
1
Platform for business
critical apps, Openstack
and containers
>6M
IOPS per cluster
Highest
Performance
Lowest
Cost
$
Any App,
Any Scale
25. Most Widely Deployed HCI Solution in the Market
Total Customer Count
Q2’13 Q2’14 Q2’15
VMware HCS
#2 HCI Vendor**
VMware HCS
#1 >20,000 CPUs in Q4’15
Units Deployed*
>3,000 customers
>500 new/quarter
Customer Adoption*
#1
~200% YoY in Q4’15
Revenue Growth*
#1
* Source: VMware internal analysis, January 2016. Compared to leading HCI vendors only.
** Source: IDC MarketScape Hyperconverged Market, Dec 2014. SEC S-1 Form, December 2015.
26. VMware Virtual SAN
27
Radically Simple Hypervisor-Converged Storage for VMs
• Software-defined storage optimized for VMs
• Embedded in the hypervisor
• Runs on any standard x86 server
• Supports hybrid and all-flash configurations
• Delivers enterprise-level scalability and
performance
• Managed through per-VM storage policies
• Deeply integrated with the VMware stack
Overview
Virtual SAN Datastore
…
vSphere + Virtual SAN
VM VM VMVM VM VM
27. Accelerating Innovation
28
VSAN 5.5
March 2014
VSAN 6.0
March 2015
All Flash
64 Node Cluster
X2 Hybrid Performance
VSAN Snapshots
VSAN Clones
Rack Awareness
VSAN 6.2
March 2016
VSAN 6.1
September 2015
Stretched Cluster
Replication - 5 Min RPO
Root Cause Analysis
Health Monitoring
Deduplication
Compression
Erasure Coding (RAID 5/6)
Quality of Service
Performance & Capacity Monitoring
Expanded Virtual SAN Ready Nodes
28. Virtual SAN Simplifies and Automates Storage Management
29
Per-VM Storage Service Levels From a Single Self-tuning Datastore
Storage Policy-Based Management
Virtual SAN Shared Datastore
vSphere + Virtual SAN
SLAs
Software Automates
Control of Service Levels
No more LUNs/Volumes!
Policies Set Based
on Application Needs
Capacity
Performance
Availability
Per VM
Storage Policies
29. Efficiency of a Single, Hyper-Converged Software Stack
Storage
VM
vSphere vSphere + Virtual SAN
One in every
server
ü Kernel-embedded for optimized I/O data path
ü Major advantage in resource utilization
• 2x CPU efficiency and 3x memory efficiency
ü All features work natively
• Native vMotion and DRS
✖ Overhead of virtual appliance
✖ Long data paths
✖ Bolted-on integration
30. Tiered All-Flash and Hybrid Options
31
Caching
Data
PersistenceVirtual SAN
All-Flash
100K IOPS per Host
+
sub-millisecond latency
Writes cached first,
Reads from capacity tier
Capacity Tier
Flash Devices
Reads primarily from capacity tier
SSD PCIe NVMe
Hybrid
40K IOPS per Host
Read and Write Cache
Capacity Tier
SAS / NL-SAS / SATA
SSD PCIe NVMe
31. Virtual SAN Delivers Enterprise-Grade Scale
32
6M+
IOPS
6,400
VMs
8.8
Petabytes
Maximum Scalability per Virtual SAN Cluster
64
Hosts “I am looking for cost-savings, efficiency
and the ability to expand when we need
to, quickly. And that’s something the
Virtual SAN lets us do in every case.
For the Doe Fund, you know, it is the
holy grail of storage.”
— Ryan Hoenle
Director of IT, The DOE Fund, Inc.
Notes: based on IOMeter 100% Read benchmark