SlideShare a Scribd company logo

NET8935_Small_DC_Shahzad_Ali

Download as PPTX, PDF
shezy22
shezy22
1 of 38
NSX for Small Data Centers - Breaking Boundaries Shahzad Ali, VMware, Inc NET8935 #NET8935
Security Inherently secure infrastructure Automation IT at the speed of business Application continuity Data center anywhere NSX customer use cases Micro-segmentation DMZ anywhere Secure end user IT automating IT Multi-tenant infrastructure Developer cloud Disaster recovery Cross cloud Multi data center pooling Shahzad Ali NSX For Small DC
• This presentation may contain product features that are currently under development. • This overview of new technology represents no commitment from VMware to deliver these features in any generally available product. • Features are subject to change, and must not be included in contracts, purchase orders, or sales agreements of any kind. • Technical feasibility and market demand will affect final delivery. • Pricing and packaging for any new technologies or features discussed or presented have not been determined. Disclaimer 3
Abstract / Motivation • NSX Reference Architecture Recommends: Dedicated Mgmt., Edge and Compute clusters – http://tinyurl.com/nsxdg3-0 • Limiting Factors – Budget – Staffing – Small scale deployment – Small number of hosts for dedicated clusters SMALL DC DOES NOT MEAN SMALL CUSTOMER Break Boundaries & Design and Deploy NSX in Small DC with a Single Cluster Shahzad Ali NSX For Small DC
Agenda 5 1 Introduction 2 Deployment Models 3 Design and Deployment Considerations 4 Growth – Business Needs 5 Closing / QA Disclaimer: Not all possible Small DC designs are discussed Only few common options are shown Shahzad Ali NSX For Small DC
Understanding of vSphere and NSXv Components NSX Advance Technical Session 6 NSX-MGR Logical Switch vCenter (VC) Management Plane vCenter: VDS, DRS, HA, vMotion etc. NSX-MGR: API Entry Point Control Plane Separation of control and data plane Manages Logical networks Control Plane protocol (VXLAN, Routing) Data Plane Distributed Functions Scale-out Model Data Plane NSX Edge Service Gateway (ESG) Functions VM Form Factor NSX EDGE NAT Firewall Load Balancer (LB) Router NSX-Controller ClusterDLR Control VM Distributed Logical Router (DLR) Distributed Firewall (DFW) Reference Shahzad Ali NSX For Small DC VDS
Large DC Cluster Design • Typical number of hosts > 100 – NSX Design guide - http://tinyurl.com/nsxdg3-0 • North-South (N-S) BW requirement > 10G 7 Large DC Medium DC Small DC Cluster Type Number of Hosts Features Mgmt. 3 • VC, NSX and other mgmt. VMs • Less I/O requirements Edge 4 (ECMP) • ESG, DLR Control VMs • On/Off-ramp, P/V, ECMP • Higher I/O requirement Compute As needed • Application/Workload • vMotion boundary • Variable CPU, Memory & I/O requirement Management WAN Internet L3 L2 Compute Host 1 Host 3 Host 2 Host 6 Host 5 Host 4 Host 1 Host 3 Host 2 Host 6 Host 5 Host 4 L3 L2 DC Fabric Edge NSX EDGE NSX EDGE NSX EDGE NSX EDGE Shahzad Ali NSX For Small DC
Medium DC Cluster Design • Typical number of hosts: 10-100 • North-South (N-S) BW requirement < 10G 8 Medium DC Large DC Small DC Cluster Type Number of Hosts Features Collapse Mgmt. Edge 3 • VC, NSX and other mgmt. VMs • ESG, DLR Control VMs • Mix of less I/O and High I/O requirement VMs Compute As needed • Application/Workload • vMotion boundary • Variable CPU, Memory & I/O requirement Management & Edge Clusters Collapsed Edge and Management but separate Compute WAN Internet L3 L2 Compute Cluster Host 1 Host 3 Host 2 Host z Host y Host x NSX EDGE NSX EDGE Shahzad Ali NSX For Small DC
Small DC Cluster Design • Typical number of hosts: 3 - 10 • North-South (N-S) BW requirement < 10G 9 Medium DC Large DC Small DC Single Cluster hosting Mgmt., Edge & Compute resources Resource reservation is the key to meet SLA in Small DC Cluster Type Number of Hosts Components Collapse Mgmt. Edge Compute 3 • VC, NSX and other mgmt. VMs • ESG, DLR Control VMs • Mix of less I/O and High I/O requirement VMs • Application/Workload • Variable CPU, Memory & I/O requirement Shahzad Ali NSX For Small DC
Deployment Models Small does not mean Small Enterprise 11
VXLAN Backed Port Groups (LS) NSX Deployment Models in Small DC 12 VDS DFW VLAN Backed Port Groups Physical NSX Edge Routing LB FW DFW Physical DLR Transit LS Uplink Port Group Uplink Port Group Security Focused Deployment Model • Distributed Firewall • Non disruptive • VXLAN is not a requirement • Agentless Anti-Virus (AV) Full Stack Deployment Model • Security Focused Deployment + • Logical Switching (VXLAN) • Distributed Routing (DLR) • ESG Services (NAT, LAB, VPN etc.) LB Bridge Shahzad Ali NSX For Small DC
Centralized Edge Deployment Model • Could be used as – Intermediate Step: Security Focused  Full Stack deployment – Where not much East/West traffic required – Multi-function gateway • Highlights – No DLR, VXLAN and Controllers needed – VLAN backed-port groups directly attached to ESG VM – No physical routing/MTU changes needed – Availability improved by Edge HA and vSphere 13 VDS NSX ESG Routing Firewall LB NAT VPN GW DFW VLAN Backed Port Groups Physical WAN/Internet L3 L2 Host 1 Host 2 Host 3 NSX EDGE NSX EDGE Single Collapsed Cluster Shahzad Ali NSX For Small DC
Security Focused Model: Design Considerations • Use-Cases • Micro-Segmentation (DFW) • Agentless Anti-Virus (AV) • Highlights • No physical routing/MTU change needed • Use existing VLAN backed-port groups • Security Services requires Service VMs • DFW enabled on all hosts 14 Management and Compute collapsed in a single cluster Single Cluster Components Management Plane NSX Manager, VC, LogInsight, vROps and other management VMs Compute Compute VMs Service VMs Data Plane ESXi Kernel Component Distributed Firewall (DFW) vSphere Distributed Switch (VDS) Shahzad Ali NSX For Small DC
WAN Internet Security Focused Model: Deployment Considerations • Small footprint – Min: 2 hosts required – Easy expansion for additional workload – Deploy more hosts to sustain a single host failure – Recommendation: At least 3 hosts in production 15 Use-Case: Micro-Segmentation (DFW) Single Cluster with NSX L3 L2 Host 1 Host 3 Host 2 Function vCPU MEM (GB) Storage (GB) VMs Tiny vCenter Appliance with Embedded PSC 2 8 116 1 NSX Manager 4 16 60 1 Total 6 24 176 2 NSX Footprint Shahzad Ali NSX For Small DC
WAN Internet Security Focused Model: Deployment Considerations • Agentless-AV requires additional Service VMs – NSX GI-SVM (Guest Introspection Service VM) – Partner Service VM (SVM) – Cluster based SVM deployment – Don’t move SVM (manual, vMotion or Storage vMotion) • Small footprint – Min: 2 hosts required – Recommendation: At least 3 hosts in production 16 Use-Case: DFW with Agentless Anti-Virus (AV) Single Cluster with NSX L3 L2 Host 1 Host 3 Host 2 NET8022 – Implementing Agentless AV and IPS/IDS with NSX NSX GI SVM Partner SVM NSX GI SVM Partner SVM NSX GI SVM Partner SVM Shahzad Ali NSX For Small DC
Full Stack Model: Design Considerations • Use-Cases – Full abstraction from underlying hardware – Networking and Security closest to the workload – Disaster avoidance and recovery (DR) • Highlights – VXLAN based L2 over L3 overlay – Optimized routing (DLR) and logical switching (LS) – Separation of control and data plane – DFW and VXLAN enabled on all hosts – Connectivity to physical network may require additional changes • MTU of >=1600 for VTEP segment 17 Management, Edge and Compute collapsed in a single cluster Cluster Function Components Management Plane NSX Manager, Controllers, VC, DB Server and other management VMs Compute Compute VMs Service VMs Data Plane East-West ESXi Kernel Component (VXLAN, DLR, DFW, VDS) Data Plane North-South Active/Standby DLR Control VM ESG VM (HA or ECMP Mode) Shahzad Ali NSX For Small DC
Full Stack Model: Deployment Considerations • At least 3 hosts needed – Design to sustain at least a single host failure – Management and Edge functions can co-exist with Compute – No DLR Control VM needed with static routing – Recommendation: 4 ESXi hosts in Production 18 Single Cluster WAN Internet L3 L2 Host 1 Host 3 Host 2 Host 4 Function vCPU MEM (GB) Storage (GB) VMs Tiny vCenter Appliance with Embedded PSC 2 8 116 1 NSX Manager 4 16 60 1 Controllers 4 x 3 4 x 3 20 x 3 3 Edge VM (Large)* 2 x 2 0.5 x 2 ~1 x 2 2* Total 22 37 ~ 238 7 * ESG with High Availability with static routing NSX EDGE NSX EDGE Shahzad Ali NSX For Small DC
Individual Component Consideration 19 NSX - Modular and Flexible
vCenter (VC) • Tiny vCenter (VC) Appliance with Embedded PSC – If reduced resource utilization are key factors for the environment • Majority Small DC Customers: – Deploy Small VC appliance – Future growth vSphere / VC is the foundation Options Hosts VM Potential NSX Deployment Type vCPU MEM (GB) Disk (GB) Embedded PSC Tiny 10 100 Small DC 2 8 116 Small 100 1000 Small DC 4 16 136 Medium 400 4000 Medium DC 8 24 275 Large 1000 10,000 Large DC 16 32 325 http://tinyurl.com/DeployVC6 http://tinyurl.com/PerformanceVC6 Reference Shahzad Ali NSX For Small DC
License Considerations – NSX supported for all vSphere licenses – VDS included with NSX (vSphere 5.5 U3 or 6.0+) 21 NSX vSphere Enterprise is EoA: https://kb.vmware.com/kb/2143987 Compare License Options: http://www.vmware.com/products/vsphere.html#compare Essential+ • Up to 3 hosts, vSphere HA Standard • 1000 hosts per vCenter, vSphere HA Enterprise or Enterprise+ • vSphere Standard + DRS Related Features vSphere Features Standard Advance Enterprise Distributed Routing and Switching (DLR/VXLAN) ✓ ✓ ✓ NSX ESG (except load balancer) ✓ ✓ ✓ SW L2 bridging ✓ ✓ ✓ Distributed Firewall (DFW – Micro-Segmentation) ✓ ✓ NSX Edge load balancing ✓ ✓ Cross vCenter NSX ✓ Reference Shahzad Ali NSX For Small DC
Design Considerations: vCenter • VC with embedded PSC is recommended for small DC – 1 single sign-on domain with single site – No growth plans in near future • External PSC is recommended for medium-large environments with multiple vCenters – Consider this option if planning to grow • VC should be first to boot 22 • Add management VMs in the NSX “VM Exclusion List” • Or create fine grained rules in DFW • NSX components are automatically part of exclusion list vCenter Server Platform Services Controller (PSC) Virtual Machine Shahzad Ali NSX For Small DC
Design Considerations: NSX Manager • vCPU and Mem modification allowed – Recommended to stick with the defaults • Second in VM boot order • Management plane only – Never in the data path 23 16 GB reserved by default Schedule Backup Shahzad Ali NSX For Small DC
Design Considerations: NSX Controllers • Must deploy 3 – Each on separate hosts – Use “SHOULD” anti-affinity rules – Use 4 hosts for additional redundancy – Controller VM (vCPU/MEM) modification not possible (4 vCPU, 4GB Mem) • Only needed for VXLAN and DLR • 3rd in VM boot order • Never in the data-path 24 Default 2GB reserved 4GB total Shahzad Ali NSX For Small DC
Design Considerations: DLR Control VM • Needed for dynamic routing • Deploy in HA mode (Active/Standby) • vCPU/MEM modification disabled • Anti-affinity rule is created automatically 25 No vCPU or Mem reserved by default Shahzad Ali NSX For Small DC
Design Considerations: ESG Stateful Services? Yes Throughput Requirement >10G Multi-tiered Design < 10G ESG-HA No Throughput Requirement >10G 2 or more ESG-ECMP < 10G ESG-HA 26Other designs possible depending on scale ESG in HA or ECMP? Shahzad Ali NSX For Small DC
Deployment Consideration: ESG (1/2) • ESG VM Form factor – Large: Good for majority design/features – X-Large: For L7 NSX Load Balancer (LB) – Reserves vCPU and Mem at creation – Form factor can be upgraded any time later • ESG VMs have reservation enabled by default – Locked down VM • ESG Deployed in HA – Anti-affinity rules automatically created (DRS) – Avoid: Active ESG and Active DLR Control VM on same host – Example config: • Host1: Active ESG + Standby DLR Control VM • Host2: Standby ESG + Active DLR Control VM 27 Automatic Rule VM Size vCPU Memory (GB) HD (GB) Suitable For Large 2 1 1 Small DC X-Large 6 8 2.5 L7 LB Shahzad Ali NSX For Small DC
Deployment Consideration: ESG (2/2) • ESG Deployed in ECMP – Avoid: ESG VM and Active DLR Control VM on same host – Example config: • Host1: ESG-1 + ESG-2 • Host2: ESG-3 + ESG-4 • Host3: Active DLR Control VM • Host4: Standby DLR Control VM • Manually create anti-affinity rules 28 Host 1 Host 3 Host 2 Host 4 NSX EDGE NSX EDGE NSX EDGE NSX EDGE Active DLR Control VM Standby DLR Control VM Shahzad Ali NSX For Small DC
VDS (vSphere Distributed Switch) Considerations • VDS requires vSphere Enterprise+ – Free with NSX (vSphere 5.5 U3 or 6.0+) • Use single VDS – keep it simple • Recommended VTEP vmknic teaming policy is Route Based on Originating Port (Source-ID) – Provides VXLAN multipath  with multiple VTEPs per host – VM-to-VTEP pinning based on the VM source virtual port ID – For single VTEP without VXLAN multipath - use “Fail Over” Shahzad Ali NSX For Small DC
Growing NSX Small DC Deployments 30 Without Any Boundary
Business Use-Case 31 Starting Small – Upfront Cost Grow NSX Compute Throughput Multi-SiteMigration AutomationStart Anywhere Grow Anywhere
DFW  Service Insertion  Full Stack 32 Enhancing DC Security Beyond DFW Note: Other topologies are possible – the pictures shown are representative only Partner SVM GI SVM VDS Distributed Firewall Partner SVM GI SVM VLAN Backed Port Groups NSX EDGE VXLAN Backed Port Groups NSX EDGE VXLAN Transit Logical Switch Uplink Port Group Uplink Port Group Shahzad Ali NSX For Small DC
ESG HA  DFW  L2 Bridging 33Note: Other topologies are possible – the pictures shown are representative only DLR NSX Edge Features Routing Firewall LB Distributed Firewall Shahzad Ali NSX For Small DC
Single Site  Multi-Site (Cross-VC NSX) 34 Site-A Site-B DLR Universal DLR Shahzad Ali NSX For Small DC
Conclusion No DC Left Behind
Shahzad Ali NSX For Small DC NSX Already Deployed In Small DCs Modular and Flexible Any Size Any Vertical Any Use-Case BeyondLargeMediumSmall
Learn More Connect & Engage communities.vmware.com NSX Product Page & Technical Resources vmware.com/products/nsx Network Virtualization Blog blogs.vmware.com/networkvirtualization VMware NSX on YouTube youtube.com/user/vmwarensx Where to get started At VMworld 70+ Unique NSX Sessions Spotlights, breakouts, quick talks & group discussions Visit the VMware Booth View use case demos and chat with NSX experts Visit NSX Technical Partner Booths Integration demos – EPSec & NetX, Hardware VTEP, Ops & Visibility Test Drive NSX with free Hands-on Labs Expert-led or Self-paced. labs.hol.vmware.com VMware Services for NSX NSX Proactive Support Service Optimize performance based on data monitoring and analytics to help resolve problems, mitigate risk and improve operational efficiency. vmware.com/products/nsx/services.html Training and Certification Several paths to professional certifications. Learn more at the Education & Certification Lounge. vmware.com/go/nsxtraining Reference
NSX partner ecosystem Physical Infrastructure Security Application Delivery Operations and Visibility DYNAMIC INSERTION OF PARTNER SERVICES Reference
NET8935_Small_DC_Shahzad_Ali

Recommended

SEC8022_Securing_SDDC_NSX_Hammad_Shahzad
SEC8022_Securing_SDDC_NSX_Hammad_ShahzadSEC8022_Securing_SDDC_NSX_Hammad_Shahzad
SEC8022_Securing_SDDC_NSX_Hammad_Shahzadshezy22
 
VMworld 2015: The Future of Network Virtualization with VMware NSX
VMworld 2015: The Future of Network Virtualization with VMware NSXVMworld 2015: The Future of Network Virtualization with VMware NSX
VMworld 2015: The Future of Network Virtualization with VMware NSXVMworld
 
VMworld 2013: Technical Deep Dive: Build a Collapsed DMZ Architecture for Opt...
VMworld 2013: Technical Deep Dive: Build a Collapsed DMZ Architecture for Opt...VMworld 2013: Technical Deep Dive: Build a Collapsed DMZ Architecture for Opt...
VMworld 2013: Technical Deep Dive: Build a Collapsed DMZ Architecture for Opt...VMworld
 
VMworld 2014: Virtualize your Network with VMware NSX
VMworld 2014: Virtualize your Network with VMware NSXVMworld 2014: Virtualize your Network with VMware NSX
VMworld 2014: Virtualize your Network with VMware NSXVMworld
 
VMUG - NSX Architettura e Design
VMUG - NSX Architettura e DesignVMUG - NSX Architettura e Design
VMUG - NSX Architettura e DesignVMUG IT
 
VMware NSX and Arista L2 Hardware VTEP Gateway Integration
VMware NSX and Arista L2 Hardware VTEP Gateway IntegrationVMware NSX and Arista L2 Hardware VTEP Gateway Integration
VMware NSX and Arista L2 Hardware VTEP Gateway IntegrationBayu Wibowo
 
NSX for vSphere Logical Routing Deep Dive
NSX for vSphere Logical Routing Deep DiveNSX for vSphere Logical Routing Deep Dive
NSX for vSphere Logical Routing Deep DivePooja Patel
 
VMworld 2013: Deploying VMware NSX Network Virtualization
VMworld 2013: Deploying VMware NSX Network Virtualization VMworld 2013: Deploying VMware NSX Network Virtualization
VMworld 2013: Deploying VMware NSX Network Virtualization VMworld
 

Recommended

SEC8022_Securing_SDDC_NSX_Hammad_Shahzad
SEC8022_Securing_SDDC_NSX_Hammad_ShahzadSEC8022_Securing_SDDC_NSX_Hammad_Shahzad
SEC8022_Securing_SDDC_NSX_Hammad_Shahzadshezy22
 
VMworld 2015: The Future of Network Virtualization with VMware NSX
VMworld 2015: The Future of Network Virtualization with VMware NSXVMworld 2015: The Future of Network Virtualization with VMware NSX
VMworld 2015: The Future of Network Virtualization with VMware NSXVMworld
 
VMworld 2013: Technical Deep Dive: Build a Collapsed DMZ Architecture for Opt...
VMworld 2013: Technical Deep Dive: Build a Collapsed DMZ Architecture for Opt...VMworld 2013: Technical Deep Dive: Build a Collapsed DMZ Architecture for Opt...
VMworld 2013: Technical Deep Dive: Build a Collapsed DMZ Architecture for Opt...VMworld
 
VMworld 2014: Virtualize your Network with VMware NSX
VMworld 2014: Virtualize your Network with VMware NSXVMworld 2014: Virtualize your Network with VMware NSX
VMworld 2014: Virtualize your Network with VMware NSXVMworld
 
VMUG - NSX Architettura e Design
VMUG - NSX Architettura e DesignVMUG - NSX Architettura e Design
VMUG - NSX Architettura e DesignVMUG IT
 
VMware NSX and Arista L2 Hardware VTEP Gateway Integration
VMware NSX and Arista L2 Hardware VTEP Gateway IntegrationVMware NSX and Arista L2 Hardware VTEP Gateway Integration
VMware NSX and Arista L2 Hardware VTEP Gateway IntegrationBayu Wibowo
 
NSX for vSphere Logical Routing Deep Dive
NSX for vSphere Logical Routing Deep DiveNSX for vSphere Logical Routing Deep Dive
NSX for vSphere Logical Routing Deep DivePooja Patel
 
VMworld 2013: Deploying VMware NSX Network Virtualization
VMworld 2013: Deploying VMware NSX Network Virtualization VMworld 2013: Deploying VMware NSX Network Virtualization
VMworld 2013: Deploying VMware NSX Network Virtualization VMworld
 
VMworld 2013: NSX PCI Reference Architecture Workshop Session 2 - Privileged ...
VMworld 2013: NSX PCI Reference Architecture Workshop Session 2 - Privileged ...VMworld 2013: NSX PCI Reference Architecture Workshop Session 2 - Privileged ...
VMworld 2013: NSX PCI Reference Architecture Workshop Session 2 - Privileged ...VMworld
 
VMworld 2013: Virtualized Network Services Model with VMware NSX
VMworld 2013: Virtualized Network Services Model with VMware NSX VMworld 2013: Virtualized Network Services Model with VMware NSX
VMworld 2013: Virtualized Network Services Model with VMware NSX VMworld
 
VMworld Europe 2014: Advanced Network Services with NSX
VMworld Europe 2014: Advanced Network Services with NSXVMworld Europe 2014: Advanced Network Services with NSX
VMworld Europe 2014: Advanced Network Services with NSXVMworld
 
VMworld 2016: How to Deploy VMware NSX with Cisco Infrastructure
VMworld 2016: How to Deploy VMware NSX with Cisco InfrastructureVMworld 2016: How to Deploy VMware NSX with Cisco Infrastructure
VMworld 2016: How to Deploy VMware NSX with Cisco InfrastructureVMworld
 
VMware NSX - Lessons Learned from real project
VMware NSX - Lessons Learned from real projectVMware NSX - Lessons Learned from real project
VMware NSX - Lessons Learned from real projectDavid Pasek
 
VMworld 2016: Advances in Remote Display Protocol Technology with VMware Blas...
VMworld 2016: Advances in Remote Display Protocol Technology with VMware Blas...VMworld 2016: Advances in Remote Display Protocol Technology with VMware Blas...
VMworld 2016: Advances in Remote Display Protocol Technology with VMware Blas...VMworld
 
VMware NSX + Cumulus Networks: Software Defined Networking
VMware NSX + Cumulus Networks: Software Defined NetworkingVMware NSX + Cumulus Networks: Software Defined Networking
VMware NSX + Cumulus Networks: Software Defined NetworkingCumulus Networks
 
VMworld 2016: Migrating from a hardware based firewall to NSX to improve perf...
VMworld 2016: Migrating from a hardware based firewall to NSX to improve perf...VMworld 2016: Migrating from a hardware based firewall to NSX to improve perf...
VMworld 2016: Migrating from a hardware based firewall to NSX to improve perf...VMworld
 
VMworld 2015: VMware NSX Deep Dive
VMworld 2015: VMware NSX Deep DiveVMworld 2015: VMware NSX Deep Dive
VMworld 2015: VMware NSX Deep DiveVMworld
 
NSX Reference Design version 3.0
NSX Reference Design version 3.0NSX Reference Design version 3.0
NSX Reference Design version 3.0Doddi Priyambodo
 
VMworld 2013: Bringing Network Virtualization to VMware Environments with NSX
VMworld 2013: Bringing Network Virtualization to VMware Environments with NSX VMworld 2013: Bringing Network Virtualization to VMware Environments with NSX
VMworld 2013: Bringing Network Virtualization to VMware Environments with NSX VMworld
 
nsx overview with use cases 1.0
nsx overview with use cases 1.0nsx overview with use cases 1.0
nsx overview with use cases 1.0Ploynatcha Akkaraputtipat
 
VMworld 2014: Introduction to NSX
VMworld 2014: Introduction to NSXVMworld 2014: Introduction to NSX
VMworld 2014: Introduction to NSXVMworld
 
VMware NSX primer 2014
VMware NSX primer 2014VMware NSX primer 2014
VMware NSX primer 2014Sanjay Basu
 
The Vision for the Future of Network Virtualization with VMware NSX
The Vision for the Future of Network Virtualization with VMware NSXThe Vision for the Future of Network Virtualization with VMware NSX
The Vision for the Future of Network Virtualization with VMware NSXScott Lowe
 
VMworld 2013: Advanced VMware NSX Architecture
VMworld 2013: Advanced VMware NSX Architecture VMworld 2013: Advanced VMware NSX Architecture
VMworld 2013: Advanced VMware NSX Architecture VMworld
 
VMworld 2013: vSphere Distributed Switch – Design and Best Practices
VMworld 2013: vSphere Distributed Switch – Design and Best Practices VMworld 2013: vSphere Distributed Switch – Design and Best Practices
VMworld 2013: vSphere Distributed Switch – Design and Best Practices VMworld
 
VMware NSX for vSphere - Intro and use cases
VMware NSX for vSphere - Intro and use casesVMware NSX for vSphere - Intro and use cases
VMware NSX for vSphere - Intro and use casesAngel Villar Garea
 
Si fa presto a dire SDDC: come, quando e perché?
Si fa presto a dire SDDC: come, quando e perché?Si fa presto a dire SDDC: come, quando e perché?
Si fa presto a dire SDDC: come, quando e perché?Andrea Mauro
 
VMworld 2013: NSX PCI Reference Architecture Workshop Session 1 - Segmentation
VMworld 2013: NSX PCI Reference Architecture Workshop Session 1 - SegmentationVMworld 2013: NSX PCI Reference Architecture Workshop Session 1 - Segmentation
VMworld 2013: NSX PCI Reference Architecture Workshop Session 1 - SegmentationVMworld
 
NSX, un salt natural cap a SDN
NSX, un salt natural cap a SDNNSX, un salt natural cap a SDN
NSX, un salt natural cap a SDNCSUC - Consorci de Serveis Universitaris de Catalunya
 
VMware NSX-T Design for Small to Mid-Sized Data Centers v1.0 EN.pptx
VMware NSX-T Design for Small to Mid-Sized Data Centers v1.0 EN.pptxVMware NSX-T Design for Small to Mid-Sized Data Centers v1.0 EN.pptx
VMware NSX-T Design for Small to Mid-Sized Data Centers v1.0 EN.pptxHythamsaadeh
 

More Related Content

What's hot

VMworld 2013: NSX PCI Reference Architecture Workshop Session 2 - Privileged ...
VMworld 2013: NSX PCI Reference Architecture Workshop Session 2 - Privileged ...VMworld 2013: NSX PCI Reference Architecture Workshop Session 2 - Privileged ...
VMworld 2013: NSX PCI Reference Architecture Workshop Session 2 - Privileged ...VMworld
 
VMworld 2013: Virtualized Network Services Model with VMware NSX
VMworld 2013: Virtualized Network Services Model with VMware NSX VMworld 2013: Virtualized Network Services Model with VMware NSX
VMworld 2013: Virtualized Network Services Model with VMware NSX VMworld
 
VMworld Europe 2014: Advanced Network Services with NSX
VMworld Europe 2014: Advanced Network Services with NSXVMworld Europe 2014: Advanced Network Services with NSX
VMworld Europe 2014: Advanced Network Services with NSXVMworld
 
VMworld 2016: How to Deploy VMware NSX with Cisco Infrastructure
VMworld 2016: How to Deploy VMware NSX with Cisco InfrastructureVMworld 2016: How to Deploy VMware NSX with Cisco Infrastructure
VMworld 2016: How to Deploy VMware NSX with Cisco InfrastructureVMworld
 
VMware NSX - Lessons Learned from real project
VMware NSX - Lessons Learned from real projectVMware NSX - Lessons Learned from real project
VMware NSX - Lessons Learned from real projectDavid Pasek
 
VMworld 2016: Advances in Remote Display Protocol Technology with VMware Blas...
VMworld 2016: Advances in Remote Display Protocol Technology with VMware Blas...VMworld 2016: Advances in Remote Display Protocol Technology with VMware Blas...
VMworld 2016: Advances in Remote Display Protocol Technology with VMware Blas...VMworld
 
VMware NSX + Cumulus Networks: Software Defined Networking
VMware NSX + Cumulus Networks: Software Defined NetworkingVMware NSX + Cumulus Networks: Software Defined Networking
VMware NSX + Cumulus Networks: Software Defined NetworkingCumulus Networks
 
VMworld 2016: Migrating from a hardware based firewall to NSX to improve perf...
VMworld 2016: Migrating from a hardware based firewall to NSX to improve perf...VMworld 2016: Migrating from a hardware based firewall to NSX to improve perf...
VMworld 2016: Migrating from a hardware based firewall to NSX to improve perf...VMworld
 
VMworld 2015: VMware NSX Deep Dive
VMworld 2015: VMware NSX Deep DiveVMworld 2015: VMware NSX Deep Dive
VMworld 2015: VMware NSX Deep DiveVMworld
 
NSX Reference Design version 3.0
NSX Reference Design version 3.0NSX Reference Design version 3.0
NSX Reference Design version 3.0Doddi Priyambodo
 
VMworld 2013: Bringing Network Virtualization to VMware Environments with NSX
VMworld 2013: Bringing Network Virtualization to VMware Environments with NSX VMworld 2013: Bringing Network Virtualization to VMware Environments with NSX
VMworld 2013: Bringing Network Virtualization to VMware Environments with NSX VMworld
 
VMworld 2014: Introduction to NSX
VMworld 2014: Introduction to NSXVMworld 2014: Introduction to NSX
VMworld 2014: Introduction to NSXVMworld
 
VMware NSX primer 2014
VMware NSX primer 2014VMware NSX primer 2014
VMware NSX primer 2014Sanjay Basu
 
The Vision for the Future of Network Virtualization with VMware NSX
The Vision for the Future of Network Virtualization with VMware NSXThe Vision for the Future of Network Virtualization with VMware NSX
The Vision for the Future of Network Virtualization with VMware NSXScott Lowe
 
VMworld 2013: Advanced VMware NSX Architecture
VMworld 2013: Advanced VMware NSX Architecture VMworld 2013: Advanced VMware NSX Architecture
VMworld 2013: Advanced VMware NSX Architecture VMworld
 
VMworld 2013: vSphere Distributed Switch – Design and Best Practices
VMworld 2013: vSphere Distributed Switch – Design and Best Practices VMworld 2013: vSphere Distributed Switch – Design and Best Practices
VMworld 2013: vSphere Distributed Switch – Design and Best Practices VMworld
 
VMware NSX for vSphere - Intro and use cases
VMware NSX for vSphere - Intro and use casesVMware NSX for vSphere - Intro and use cases
VMware NSX for vSphere - Intro and use casesAngel Villar Garea
 
Si fa presto a dire SDDC: come, quando e perché?
Si fa presto a dire SDDC: come, quando e perché?Si fa presto a dire SDDC: come, quando e perché?
Si fa presto a dire SDDC: come, quando e perché?Andrea Mauro
 
VMworld 2013: NSX PCI Reference Architecture Workshop Session 1 - Segmentation
VMworld 2013: NSX PCI Reference Architecture Workshop Session 1 - SegmentationVMworld 2013: NSX PCI Reference Architecture Workshop Session 1 - Segmentation
VMworld 2013: NSX PCI Reference Architecture Workshop Session 1 - SegmentationVMworld
 

What's hot (20)

VMworld 2013: NSX PCI Reference Architecture Workshop Session 2 - Privileged ...
VMworld 2013: NSX PCI Reference Architecture Workshop Session 2 - Privileged ...VMworld 2013: NSX PCI Reference Architecture Workshop Session 2 - Privileged ...
VMworld 2013: NSX PCI Reference Architecture Workshop Session 2 - Privileged ...
 
VMworld 2013: Virtualized Network Services Model with VMware NSX
VMworld 2013: Virtualized Network Services Model with VMware NSX VMworld 2013: Virtualized Network Services Model with VMware NSX
VMworld 2013: Virtualized Network Services Model with VMware NSX
 
VMworld Europe 2014: Advanced Network Services with NSX
VMworld Europe 2014: Advanced Network Services with NSXVMworld Europe 2014: Advanced Network Services with NSX
VMworld Europe 2014: Advanced Network Services with NSX
 
VMworld 2016: How to Deploy VMware NSX with Cisco Infrastructure
VMworld 2016: How to Deploy VMware NSX with Cisco InfrastructureVMworld 2016: How to Deploy VMware NSX with Cisco Infrastructure
VMworld 2016: How to Deploy VMware NSX with Cisco Infrastructure
 
VMware NSX - Lessons Learned from real project
VMware NSX - Lessons Learned from real projectVMware NSX - Lessons Learned from real project
VMware NSX - Lessons Learned from real project
 
VMworld 2016: Advances in Remote Display Protocol Technology with VMware Blas...
VMworld 2016: Advances in Remote Display Protocol Technology with VMware Blas...VMworld 2016: Advances in Remote Display Protocol Technology with VMware Blas...
VMworld 2016: Advances in Remote Display Protocol Technology with VMware Blas...
 
VMware NSX + Cumulus Networks: Software Defined Networking
VMware NSX + Cumulus Networks: Software Defined NetworkingVMware NSX + Cumulus Networks: Software Defined Networking
VMware NSX + Cumulus Networks: Software Defined Networking
 
VMworld 2016: Migrating from a hardware based firewall to NSX to improve perf...
VMworld 2016: Migrating from a hardware based firewall to NSX to improve perf...VMworld 2016: Migrating from a hardware based firewall to NSX to improve perf...
VMworld 2016: Migrating from a hardware based firewall to NSX to improve perf...
 
VMworld 2015: VMware NSX Deep Dive
VMworld 2015: VMware NSX Deep DiveVMworld 2015: VMware NSX Deep Dive
VMworld 2015: VMware NSX Deep Dive
 
NSX Reference Design version 3.0
NSX Reference Design version 3.0NSX Reference Design version 3.0
NSX Reference Design version 3.0
 
VMworld 2013: Bringing Network Virtualization to VMware Environments with NSX
VMworld 2013: Bringing Network Virtualization to VMware Environments with NSX VMworld 2013: Bringing Network Virtualization to VMware Environments with NSX
VMworld 2013: Bringing Network Virtualization to VMware Environments with NSX
 
nsx overview with use cases 1.0
nsx overview with use cases 1.0nsx overview with use cases 1.0
nsx overview with use cases 1.0
 
VMworld 2014: Introduction to NSX
VMworld 2014: Introduction to NSXVMworld 2014: Introduction to NSX
VMworld 2014: Introduction to NSX
 
VMware NSX primer 2014
VMware NSX primer 2014VMware NSX primer 2014
VMware NSX primer 2014
 
The Vision for the Future of Network Virtualization with VMware NSX
The Vision for the Future of Network Virtualization with VMware NSXThe Vision for the Future of Network Virtualization with VMware NSX
The Vision for the Future of Network Virtualization with VMware NSX
 
VMworld 2013: Advanced VMware NSX Architecture
VMworld 2013: Advanced VMware NSX Architecture VMworld 2013: Advanced VMware NSX Architecture
VMworld 2013: Advanced VMware NSX Architecture
 
VMworld 2013: vSphere Distributed Switch – Design and Best Practices
VMworld 2013: vSphere Distributed Switch – Design and Best Practices VMworld 2013: vSphere Distributed Switch – Design and Best Practices
VMworld 2013: vSphere Distributed Switch – Design and Best Practices
 
VMware NSX for vSphere - Intro and use cases
VMware NSX for vSphere - Intro and use casesVMware NSX for vSphere - Intro and use cases
VMware NSX for vSphere - Intro and use cases
 
Si fa presto a dire SDDC: come, quando e perché?
Si fa presto a dire SDDC: come, quando e perché?Si fa presto a dire SDDC: come, quando e perché?
Si fa presto a dire SDDC: come, quando e perché?
 
VMworld 2013: NSX PCI Reference Architecture Workshop Session 1 - Segmentation
VMworld 2013: NSX PCI Reference Architecture Workshop Session 1 - SegmentationVMworld 2013: NSX PCI Reference Architecture Workshop Session 1 - Segmentation
VMworld 2013: NSX PCI Reference Architecture Workshop Session 1 - Segmentation
 

Similar to NET8935_Small_DC_Shahzad_Ali

VMware NSX-T Design for Small to Mid-Sized Data Centers v1.0 EN.pptx
VMware NSX-T Design for Small to Mid-Sized Data Centers v1.0 EN.pptxVMware NSX-T Design for Small to Mid-Sized Data Centers v1.0 EN.pptx
VMware NSX-T Design for Small to Mid-Sized Data Centers v1.0 EN.pptxHythamsaadeh
 
VMworld 2013: Datacenter Transformation with Network Virtualization: Today an...
VMworld 2013: Datacenter Transformation with Network Virtualization: Today an...VMworld 2013: Datacenter Transformation with Network Virtualization: Today an...
VMworld 2013: Datacenter Transformation with Network Virtualization: Today an...VMworld
 
Reference design for v mware nsx
Reference design for v mware nsxReference design for v mware nsx
Reference design for v mware nsxsolarisyougood
 
VMworld 2013: Designing Network Virtualization for Data-Centers: Greenfield D...
VMworld 2013: Designing Network Virtualization for Data-Centers: Greenfield D...VMworld 2013: Designing Network Virtualization for Data-Centers: Greenfield D...
VMworld 2013: Designing Network Virtualization for Data-Centers: Greenfield D...VMworld
 
Debunking VMware NSX
Debunking VMware NSXDebunking VMware NSX
Debunking VMware NSXAndrea Mauro
 
2011-11-03 Intelligence Community Cloud Users Group
2011-11-03 Intelligence Community Cloud Users Group2011-11-03 Intelligence Community Cloud Users Group
2011-11-03 Intelligence Community Cloud Users GroupShawn Wells
 
M02+-+SDDC+Features+and+Operations.ppsx
M02+-+SDDC+Features+and+Operations.ppsxM02+-+SDDC+Features+and+Operations.ppsx
M02+-+SDDC+Features+and+Operations.ppsxRezaRestian2
 
VMworld 2013: How SRP Delivers More Than Power to Their Customers
VMworld 2013: How SRP Delivers More Than Power to Their Customers VMworld 2013: How SRP Delivers More Than Power to Their Customers
VMworld 2013: How SRP Delivers More Than Power to Their Customers VMworld
 
20150311 NSX update 301
20150311 NSX update 30120150311 NSX update 301
20150311 NSX update 301Kevin Groat
 
Presentation citrix cloud platform for infrastructure as a service
Presentation citrix cloud platform for infrastructure as a servicePresentation citrix cloud platform for infrastructure as a service
Presentation citrix cloud platform for infrastructure as a servicexKinAnx
 
VMworld 2013: An Introduction to Network Virtualization
VMworld 2013: An Introduction to Network Virtualization VMworld 2013: An Introduction to Network Virtualization
VMworld 2013: An Introduction to Network Virtualization VMworld
 
VMworld 2015: VMware NSX Deep Dive
VMworld 2015: VMware NSX Deep DiveVMworld 2015: VMware NSX Deep Dive
VMworld 2015: VMware NSX Deep DiveVMworld
 
[OpenStack Day in Korea 2015] Track 2-3 - 오픈스택 클라우드에 최적화된 네트워크 가상화 '누아지(Nuage)'
[OpenStack Day in Korea 2015] Track 2-3 - 오픈스택 클라우드에 최적화된 네트워크 가상화 '누아지(Nuage)'[OpenStack Day in Korea 2015] Track 2-3 - 오픈스택 클라우드에 최적화된 네트워크 가상화 '누아지(Nuage)'
[OpenStack Day in Korea 2015] Track 2-3 - 오픈스택 클라우드에 최적화된 네트워크 가상화 '누아지(Nuage)'OpenStack Korea Community
 
IaaS with Software Defined Networking
IaaS with Software Defined NetworkingIaaS with Software Defined Networking
IaaS with Software Defined NetworkingPrasenjit Sarkar
 
OVHcloud Hosted Private Cloud Platform Network use cases with VMware NSX
OVHcloud Hosted Private Cloud Platform Network use cases with VMware NSXOVHcloud Hosted Private Cloud Platform Network use cases with VMware NSX
OVHcloud Hosted Private Cloud Platform Network use cases with VMware NSXOVHcloud
 
VMworld 2015: vSphere Distributed Switch 6 –Technical Deep Dive
VMworld 2015: vSphere Distributed Switch 6 –Technical Deep DiveVMworld 2015: vSphere Distributed Switch 6 –Technical Deep Dive
VMworld 2015: vSphere Distributed Switch 6 –Technical Deep DiveVMworld
 
NSX: La Virtualizzazione di Rete e il Futuro della Sicurezza
NSX: La Virtualizzazione di Rete e il Futuro della SicurezzaNSX: La Virtualizzazione di Rete e il Futuro della Sicurezza
NSX: La Virtualizzazione di Rete e il Futuro della SicurezzaVMUG IT
 
SkaliCloud_Private_Package_v1[2]
SkaliCloud_Private_Package_v1[2]SkaliCloud_Private_Package_v1[2]
SkaliCloud_Private_Package_v1[2]SKALI Group
 
Designing Scalable SAN using MDS 9396S
Designing Scalable SAN using MDS 9396SDesigning Scalable SAN using MDS 9396S
Designing Scalable SAN using MDS 9396STony Antony
 

Similar to NET8935_Small_DC_Shahzad_Ali (20)

NSX, un salt natural cap a SDN
NSX, un salt natural cap a SDNNSX, un salt natural cap a SDN
NSX, un salt natural cap a SDN
 
VMware NSX-T Design for Small to Mid-Sized Data Centers v1.0 EN.pptx
VMware NSX-T Design for Small to Mid-Sized Data Centers v1.0 EN.pptxVMware NSX-T Design for Small to Mid-Sized Data Centers v1.0 EN.pptx
VMware NSX-T Design for Small to Mid-Sized Data Centers v1.0 EN.pptx
 
VMworld 2013: Datacenter Transformation with Network Virtualization: Today an...
VMworld 2013: Datacenter Transformation with Network Virtualization: Today an...VMworld 2013: Datacenter Transformation with Network Virtualization: Today an...
VMworld 2013: Datacenter Transformation with Network Virtualization: Today an...
 
Reference design for v mware nsx
Reference design for v mware nsxReference design for v mware nsx
Reference design for v mware nsx
 
VMworld 2013: Designing Network Virtualization for Data-Centers: Greenfield D...
VMworld 2013: Designing Network Virtualization for Data-Centers: Greenfield D...VMworld 2013: Designing Network Virtualization for Data-Centers: Greenfield D...
VMworld 2013: Designing Network Virtualization for Data-Centers: Greenfield D...
 
Debunking VMware NSX
Debunking VMware NSXDebunking VMware NSX
Debunking VMware NSX
 
2011-11-03 Intelligence Community Cloud Users Group
2011-11-03 Intelligence Community Cloud Users Group2011-11-03 Intelligence Community Cloud Users Group
2011-11-03 Intelligence Community Cloud Users Group
 
M02+-+SDDC+Features+and+Operations.ppsx
M02+-+SDDC+Features+and+Operations.ppsxM02+-+SDDC+Features+and+Operations.ppsx
M02+-+SDDC+Features+and+Operations.ppsx
 
VMworld 2013: How SRP Delivers More Than Power to Their Customers
VMworld 2013: How SRP Delivers More Than Power to Their Customers VMworld 2013: How SRP Delivers More Than Power to Their Customers
VMworld 2013: How SRP Delivers More Than Power to Their Customers
 
20150311 NSX update 301
20150311 NSX update 30120150311 NSX update 301
20150311 NSX update 301
 
Presentation citrix cloud platform for infrastructure as a service
Presentation citrix cloud platform for infrastructure as a servicePresentation citrix cloud platform for infrastructure as a service
Presentation citrix cloud platform for infrastructure as a service
 
VMworld 2013: An Introduction to Network Virtualization
VMworld 2013: An Introduction to Network Virtualization VMworld 2013: An Introduction to Network Virtualization
VMworld 2013: An Introduction to Network Virtualization
 
VMworld 2015: VMware NSX Deep Dive
VMworld 2015: VMware NSX Deep DiveVMworld 2015: VMware NSX Deep Dive
VMworld 2015: VMware NSX Deep Dive
 
[OpenStack Day in Korea 2015] Track 2-3 - 오픈스택 클라우드에 최적화된 네트워크 가상화 '누아지(Nuage)'
[OpenStack Day in Korea 2015] Track 2-3 - 오픈스택 클라우드에 최적화된 네트워크 가상화 '누아지(Nuage)'[OpenStack Day in Korea 2015] Track 2-3 - 오픈스택 클라우드에 최적화된 네트워크 가상화 '누아지(Nuage)'
[OpenStack Day in Korea 2015] Track 2-3 - 오픈스택 클라우드에 최적화된 네트워크 가상화 '누아지(Nuage)'
 
IaaS with Software Defined Networking
IaaS with Software Defined NetworkingIaaS with Software Defined Networking
IaaS with Software Defined Networking
 
OVHcloud Hosted Private Cloud Platform Network use cases with VMware NSX
OVHcloud Hosted Private Cloud Platform Network use cases with VMware NSXOVHcloud Hosted Private Cloud Platform Network use cases with VMware NSX
OVHcloud Hosted Private Cloud Platform Network use cases with VMware NSX
 
VMworld 2015: vSphere Distributed Switch 6 –Technical Deep Dive
VMworld 2015: vSphere Distributed Switch 6 –Technical Deep DiveVMworld 2015: vSphere Distributed Switch 6 –Technical Deep Dive
VMworld 2015: vSphere Distributed Switch 6 –Technical Deep Dive
 
NSX: La Virtualizzazione di Rete e il Futuro della Sicurezza
NSX: La Virtualizzazione di Rete e il Futuro della SicurezzaNSX: La Virtualizzazione di Rete e il Futuro della Sicurezza
NSX: La Virtualizzazione di Rete e il Futuro della Sicurezza
 
SkaliCloud_Private_Package_v1[2]
SkaliCloud_Private_Package_v1[2]SkaliCloud_Private_Package_v1[2]
SkaliCloud_Private_Package_v1[2]
 
Designing Scalable SAN using MDS 9396S
Designing Scalable SAN using MDS 9396SDesigning Scalable SAN using MDS 9396S
Designing Scalable SAN using MDS 9396S
 

NET8935_Small_DC_Shahzad_Ali

  • 1. NSX for Small Data Centers - Breaking Boundaries Shahzad Ali, VMware, Inc NET8935 #NET8935
  • 2. Security Inherently secure infrastructure Automation IT at the speed of business Application continuity Data center anywhere NSX customer use cases Micro-segmentation DMZ anywhere Secure end user IT automating IT Multi-tenant infrastructure Developer cloud Disaster recovery Cross cloud Multi data center pooling Shahzad Ali NSX For Small DC
  • 3. • This presentation may contain product features that are currently under development. • This overview of new technology represents no commitment from VMware to deliver these features in any generally available product. • Features are subject to change, and must not be included in contracts, purchase orders, or sales agreements of any kind. • Technical feasibility and market demand will affect final delivery. • Pricing and packaging for any new technologies or features discussed or presented have not been determined. Disclaimer 3
  • 4. Abstract / Motivation • NSX Reference Architecture Recommends: Dedicated Mgmt., Edge and Compute clusters – http://tinyurl.com/nsxdg3-0 • Limiting Factors – Budget – Staffing – Small scale deployment – Small number of hosts for dedicated clusters SMALL DC DOES NOT MEAN SMALL CUSTOMER Break Boundaries & Design and Deploy NSX in Small DC with a Single Cluster Shahzad Ali NSX For Small DC
  • 5. Agenda 5 1 Introduction 2 Deployment Models 3 Design and Deployment Considerations 4 Growth – Business Needs 5 Closing / QA Disclaimer: Not all possible Small DC designs are discussed Only few common options are shown Shahzad Ali NSX For Small DC
  • 6. Understanding of vSphere and NSXv Components NSX Advance Technical Session 6 NSX-MGR Logical Switch vCenter (VC) Management Plane vCenter: VDS, DRS, HA, vMotion etc. NSX-MGR: API Entry Point Control Plane Separation of control and data plane Manages Logical networks Control Plane protocol (VXLAN, Routing) Data Plane Distributed Functions Scale-out Model Data Plane NSX Edge Service Gateway (ESG) Functions VM Form Factor NSX EDGE NAT Firewall Load Balancer (LB) Router NSX-Controller ClusterDLR Control VM Distributed Logical Router (DLR) Distributed Firewall (DFW) Reference Shahzad Ali NSX For Small DC VDS
  • 7. Large DC Cluster Design • Typical number of hosts > 100 – NSX Design guide - http://tinyurl.com/nsxdg3-0 • North-South (N-S) BW requirement > 10G 7 Large DC Medium DC Small DC Cluster Type Number of Hosts Features Mgmt. 3 • VC, NSX and other mgmt. VMs • Less I/O requirements Edge 4 (ECMP) • ESG, DLR Control VMs • On/Off-ramp, P/V, ECMP • Higher I/O requirement Compute As needed • Application/Workload • vMotion boundary • Variable CPU, Memory & I/O requirement Management WAN Internet L3 L2 Compute Host 1 Host 3 Host 2 Host 6 Host 5 Host 4 Host 1 Host 3 Host 2 Host 6 Host 5 Host 4 L3 L2 DC Fabric Edge NSX EDGE NSX EDGE NSX EDGE NSX EDGE Shahzad Ali NSX For Small DC
  • 8. Medium DC Cluster Design • Typical number of hosts: 10-100 • North-South (N-S) BW requirement < 10G 8 Medium DC Large DC Small DC Cluster Type Number of Hosts Features Collapse Mgmt. Edge 3 • VC, NSX and other mgmt. VMs • ESG, DLR Control VMs • Mix of less I/O and High I/O requirement VMs Compute As needed • Application/Workload • vMotion boundary • Variable CPU, Memory & I/O requirement Management & Edge Clusters Collapsed Edge and Management but separate Compute WAN Internet L3 L2 Compute Cluster Host 1 Host 3 Host 2 Host z Host y Host x NSX EDGE NSX EDGE Shahzad Ali NSX For Small DC
  • 9. Small DC Cluster Design • Typical number of hosts: 3 - 10 • North-South (N-S) BW requirement < 10G 9 Medium DC Large DC Small DC Single Cluster hosting Mgmt., Edge & Compute resources Resource reservation is the key to meet SLA in Small DC Cluster Type Number of Hosts Components Collapse Mgmt. Edge Compute 3 • VC, NSX and other mgmt. VMs • ESG, DLR Control VMs • Mix of less I/O and High I/O requirement VMs • Application/Workload • Variable CPU, Memory & I/O requirement Shahzad Ali NSX For Small DC
  • 10. Deployment Models Small does not mean Small Enterprise 11
  • 11. VXLAN Backed Port Groups (LS) NSX Deployment Models in Small DC 12 VDS DFW VLAN Backed Port Groups Physical NSX Edge Routing LB FW DFW Physical DLR Transit LS Uplink Port Group Uplink Port Group Security Focused Deployment Model • Distributed Firewall • Non disruptive • VXLAN is not a requirement • Agentless Anti-Virus (AV) Full Stack Deployment Model • Security Focused Deployment + • Logical Switching (VXLAN) • Distributed Routing (DLR) • ESG Services (NAT, LAB, VPN etc.) LB Bridge Shahzad Ali NSX For Small DC
  • 12. Centralized Edge Deployment Model • Could be used as – Intermediate Step: Security Focused  Full Stack deployment – Where not much East/West traffic required – Multi-function gateway • Highlights – No DLR, VXLAN and Controllers needed – VLAN backed-port groups directly attached to ESG VM – No physical routing/MTU changes needed – Availability improved by Edge HA and vSphere 13 VDS NSX ESG Routing Firewall LB NAT VPN GW DFW VLAN Backed Port Groups Physical WAN/Internet L3 L2 Host 1 Host 2 Host 3 NSX EDGE NSX EDGE Single Collapsed Cluster Shahzad Ali NSX For Small DC
  • 13. Security Focused Model: Design Considerations • Use-Cases • Micro-Segmentation (DFW) • Agentless Anti-Virus (AV) • Highlights • No physical routing/MTU change needed • Use existing VLAN backed-port groups • Security Services requires Service VMs • DFW enabled on all hosts 14 Management and Compute collapsed in a single cluster Single Cluster Components Management Plane NSX Manager, VC, LogInsight, vROps and other management VMs Compute Compute VMs Service VMs Data Plane ESXi Kernel Component Distributed Firewall (DFW) vSphere Distributed Switch (VDS) Shahzad Ali NSX For Small DC
  • 14. WAN Internet Security Focused Model: Deployment Considerations • Small footprint – Min: 2 hosts required – Easy expansion for additional workload – Deploy more hosts to sustain a single host failure – Recommendation: At least 3 hosts in production 15 Use-Case: Micro-Segmentation (DFW) Single Cluster with NSX L3 L2 Host 1 Host 3 Host 2 Function vCPU MEM (GB) Storage (GB) VMs Tiny vCenter Appliance with Embedded PSC 2 8 116 1 NSX Manager 4 16 60 1 Total 6 24 176 2 NSX Footprint Shahzad Ali NSX For Small DC
  • 15. WAN Internet Security Focused Model: Deployment Considerations • Agentless-AV requires additional Service VMs – NSX GI-SVM (Guest Introspection Service VM) – Partner Service VM (SVM) – Cluster based SVM deployment – Don’t move SVM (manual, vMotion or Storage vMotion) • Small footprint – Min: 2 hosts required – Recommendation: At least 3 hosts in production 16 Use-Case: DFW with Agentless Anti-Virus (AV) Single Cluster with NSX L3 L2 Host 1 Host 3 Host 2 NET8022 – Implementing Agentless AV and IPS/IDS with NSX NSX GI SVM Partner SVM NSX GI SVM Partner SVM NSX GI SVM Partner SVM Shahzad Ali NSX For Small DC
  • 16. Full Stack Model: Design Considerations • Use-Cases – Full abstraction from underlying hardware – Networking and Security closest to the workload – Disaster avoidance and recovery (DR) • Highlights – VXLAN based L2 over L3 overlay – Optimized routing (DLR) and logical switching (LS) – Separation of control and data plane – DFW and VXLAN enabled on all hosts – Connectivity to physical network may require additional changes • MTU of >=1600 for VTEP segment 17 Management, Edge and Compute collapsed in a single cluster Cluster Function Components Management Plane NSX Manager, Controllers, VC, DB Server and other management VMs Compute Compute VMs Service VMs Data Plane East-West ESXi Kernel Component (VXLAN, DLR, DFW, VDS) Data Plane North-South Active/Standby DLR Control VM ESG VM (HA or ECMP Mode) Shahzad Ali NSX For Small DC
  • 17. Full Stack Model: Deployment Considerations • At least 3 hosts needed – Design to sustain at least a single host failure – Management and Edge functions can co-exist with Compute – No DLR Control VM needed with static routing – Recommendation: 4 ESXi hosts in Production 18 Single Cluster WAN Internet L3 L2 Host 1 Host 3 Host 2 Host 4 Function vCPU MEM (GB) Storage (GB) VMs Tiny vCenter Appliance with Embedded PSC 2 8 116 1 NSX Manager 4 16 60 1 Controllers 4 x 3 4 x 3 20 x 3 3 Edge VM (Large)* 2 x 2 0.5 x 2 ~1 x 2 2* Total 22 37 ~ 238 7 * ESG with High Availability with static routing NSX EDGE NSX EDGE Shahzad Ali NSX For Small DC
  • 19. vCenter (VC) • Tiny vCenter (VC) Appliance with Embedded PSC – If reduced resource utilization are key factors for the environment • Majority Small DC Customers: – Deploy Small VC appliance – Future growth vSphere / VC is the foundation Options Hosts VM Potential NSX Deployment Type vCPU MEM (GB) Disk (GB) Embedded PSC Tiny 10 100 Small DC 2 8 116 Small 100 1000 Small DC 4 16 136 Medium 400 4000 Medium DC 8 24 275 Large 1000 10,000 Large DC 16 32 325 http://tinyurl.com/DeployVC6 http://tinyurl.com/PerformanceVC6 Reference Shahzad Ali NSX For Small DC
  • 20. License Considerations – NSX supported for all vSphere licenses – VDS included with NSX (vSphere 5.5 U3 or 6.0+) 21 NSX vSphere Enterprise is EoA: https://kb.vmware.com/kb/2143987 Compare License Options: http://www.vmware.com/products/vsphere.html#compare Essential+ • Up to 3 hosts, vSphere HA Standard • 1000 hosts per vCenter, vSphere HA Enterprise or Enterprise+ • vSphere Standard + DRS Related Features vSphere Features Standard Advance Enterprise Distributed Routing and Switching (DLR/VXLAN) ✓ ✓ ✓ NSX ESG (except load balancer) ✓ ✓ ✓ SW L2 bridging ✓ ✓ ✓ Distributed Firewall (DFW – Micro-Segmentation) ✓ ✓ NSX Edge load balancing ✓ ✓ Cross vCenter NSX ✓ Reference Shahzad Ali NSX For Small DC
  • 21. Design Considerations: vCenter • VC with embedded PSC is recommended for small DC – 1 single sign-on domain with single site – No growth plans in near future • External PSC is recommended for medium-large environments with multiple vCenters – Consider this option if planning to grow • VC should be first to boot 22 • Add management VMs in the NSX “VM Exclusion List” • Or create fine grained rules in DFW • NSX components are automatically part of exclusion list vCenter Server Platform Services Controller (PSC) Virtual Machine Shahzad Ali NSX For Small DC
  • 22. Design Considerations: NSX Manager • vCPU and Mem modification allowed – Recommended to stick with the defaults • Second in VM boot order • Management plane only – Never in the data path 23 16 GB reserved by default Schedule Backup Shahzad Ali NSX For Small DC
  • 23. Design Considerations: NSX Controllers • Must deploy 3 – Each on separate hosts – Use “SHOULD” anti-affinity rules – Use 4 hosts for additional redundancy – Controller VM (vCPU/MEM) modification not possible (4 vCPU, 4GB Mem) • Only needed for VXLAN and DLR • 3rd in VM boot order • Never in the data-path 24 Default 2GB reserved 4GB total Shahzad Ali NSX For Small DC
  • 24. Design Considerations: DLR Control VM • Needed for dynamic routing • Deploy in HA mode (Active/Standby) • vCPU/MEM modification disabled • Anti-affinity rule is created automatically 25 No vCPU or Mem reserved by default Shahzad Ali NSX For Small DC
  • 25. Design Considerations: ESG Stateful Services? Yes Throughput Requirement >10G Multi-tiered Design < 10G ESG-HA No Throughput Requirement >10G 2 or more ESG-ECMP < 10G ESG-HA 26Other designs possible depending on scale ESG in HA or ECMP? Shahzad Ali NSX For Small DC
  • 26. Deployment Consideration: ESG (1/2) • ESG VM Form factor – Large: Good for majority design/features – X-Large: For L7 NSX Load Balancer (LB) – Reserves vCPU and Mem at creation – Form factor can be upgraded any time later • ESG VMs have reservation enabled by default – Locked down VM • ESG Deployed in HA – Anti-affinity rules automatically created (DRS) – Avoid: Active ESG and Active DLR Control VM on same host – Example config: • Host1: Active ESG + Standby DLR Control VM • Host2: Standby ESG + Active DLR Control VM 27 Automatic Rule VM Size vCPU Memory (GB) HD (GB) Suitable For Large 2 1 1 Small DC X-Large 6 8 2.5 L7 LB Shahzad Ali NSX For Small DC
  • 27. Deployment Consideration: ESG (2/2) • ESG Deployed in ECMP – Avoid: ESG VM and Active DLR Control VM on same host – Example config: • Host1: ESG-1 + ESG-2 • Host2: ESG-3 + ESG-4 • Host3: Active DLR Control VM • Host4: Standby DLR Control VM • Manually create anti-affinity rules 28 Host 1 Host 3 Host 2 Host 4 NSX EDGE NSX EDGE NSX EDGE NSX EDGE Active DLR Control VM Standby DLR Control VM Shahzad Ali NSX For Small DC
  • 28. VDS (vSphere Distributed Switch) Considerations • VDS requires vSphere Enterprise+ – Free with NSX (vSphere 5.5 U3 or 6.0+) • Use single VDS – keep it simple • Recommended VTEP vmknic teaming policy is Route Based on Originating Port (Source-ID) – Provides VXLAN multipath  with multiple VTEPs per host – VM-to-VTEP pinning based on the VM source virtual port ID – For single VTEP without VXLAN multipath - use “Fail Over” Shahzad Ali NSX For Small DC
  • 29. Growing NSX Small DC Deployments 30 Without Any Boundary
  • 30. Business Use-Case 31 Starting Small – Upfront Cost Grow NSX Compute Throughput Multi-SiteMigration AutomationStart Anywhere Grow Anywhere
  • 31. DFW  Service Insertion  Full Stack 32 Enhancing DC Security Beyond DFW Note: Other topologies are possible – the pictures shown are representative only Partner SVM GI SVM VDS Distributed Firewall Partner SVM GI SVM VLAN Backed Port Groups NSX EDGE VXLAN Backed Port Groups NSX EDGE VXLAN Transit Logical Switch Uplink Port Group Uplink Port Group Shahzad Ali NSX For Small DC
  • 32. ESG HA  DFW  L2 Bridging 33Note: Other topologies are possible – the pictures shown are representative only DLR NSX Edge Features Routing Firewall LB Distributed Firewall Shahzad Ali NSX For Small DC
  • 33. Single Site  Multi-Site (Cross-VC NSX) 34 Site-A Site-B DLR Universal DLR Shahzad Ali NSX For Small DC
  • 35. Shahzad Ali NSX For Small DC NSX Already Deployed In Small DCs Modular and Flexible Any Size Any Vertical Any Use-Case BeyondLargeMediumSmall
  • 36. Learn More Connect & Engage communities.vmware.com NSX Product Page & Technical Resources vmware.com/products/nsx Network Virtualization Blog blogs.vmware.com/networkvirtualization VMware NSX on YouTube youtube.com/user/vmwarensx Where to get started At VMworld 70+ Unique NSX Sessions Spotlights, breakouts, quick talks & group discussions Visit the VMware Booth View use case demos and chat with NSX experts Visit NSX Technical Partner Booths Integration demos – EPSec & NetX, Hardware VTEP, Ops & Visibility Test Drive NSX with free Hands-on Labs Expert-led or Self-paced. labs.hol.vmware.com VMware Services for NSX NSX Proactive Support Service Optimize performance based on data monitoring and analytics to help resolve problems, mitigate risk and improve operational efficiency. vmware.com/products/nsx/services.html Training and Certification Several paths to professional certifications. Learn more at the Education & Certification Lounge. vmware.com/go/nsxtraining Reference
  • 37. NSX partner ecosystem Physical Infrastructure Security Application Delivery Operations and Visibility DYNAMIC INSERTION OF PARTNER SERVICES Reference

Editor's Notes

  1. Shahzad Ali . Aug 31. 2016