The document is a presentation for a VMUG IT Meeting in Naples on April 6, 2016. It discusses VMUG, an independent global organization for VMware customers with over 195 local groups and 100,000 members worldwide. It outlines the agenda for the meeting which includes presentations on software-defined data centers, network virtualization with NSX, vRealize Automation with NSX, Nutanix, always-on enterprises with Veeam, software-defined storage, and a panel discussion. It promotes VMUG membership advantages like discounts on VMware software and events.
Si fa presto a dire SDDC: come, quando e perché?Andrea Mauro
This document discusses the software-defined data center (SDDC) and provides an overview of what it is, its benefits, and how it can be implemented. Some key points:
- An SDDC abstracts all data center resources (compute, storage, networking) and automates management and provisioning through software. This allows for greater agility, flexibility and automation than traditional hardware-defined data centers.
- Benefits of an SDDC include scalability, simplicity, seamlessness and an "as a service" model. Virtualization is the foundation that enables the modern, cloud-based business world.
- There are two approaches to building an SDDC - building your own using individual
VMworld 2013: Virtualized Network Services Model with VMware NSX VMworld
This document summarizes a presentation about VMware's NSX virtualized networking solution. It introduces NSX Edge gateways which provide routing, firewalling, load balancing, and VPN services. It discusses how NSX addresses the needs of cloud computing through automation, standard hardware, and a single management plane. Example use cases are shown. Key features of the NSX Edge including scalable performance are outlined. The document also briefly discusses NSX operations and management tools, and its deployment on VMware vCloud Hybrid Service.
VMworld 2013: VMware NSX Integration with OpenStack VMworld
VMworld 2013
Somik Behera, VMware
Mark McClain, DreamHost & OpenStack
Salvatore Orlando, VMware
Learn more about VMworld and register at http://www.vmworld.com/index.jspa?src=socmed-vmworld-slideshare
VMworld 2016: How to Deploy VMware NSX with Cisco InfrastructureVMworld
This document provides an overview of how to deploy VMware NSX with Cisco infrastructure, including:
- NSX has minimal requirements of 1600 MTU and IP connectivity and is agnostic to the underlying network topology.
- When using Cisco Nexus switches, VLANs must be configured for various traffic types and SVIs created with consistent IP subnets. Jumbo MTU is required across all links.
- NSX is also compatible with Cisco ACI fabrics using Fabric Path or DFA topologies, with the VXLAN VLAN spanning multiple pods/clusters across the fabric.
The Vision for the Future of Network Virtualization with VMware NSXScott Lowe
This presentation recaps some announcements and demonstrations made at VMworld 2015 regarding new features and new functionality tentatively anticipated for future versions of VMware NSX.
Customer interest is increasing well beyond just what our standalone products offer. In fact, customer don’t care about the products, they care about the solution. IaaS with SDN as a solution is extremely popular. Therefore, this is focused on joint solution of vRA, vRO, NSX-v and 3rd party options.
The document is a presentation for a VMUG IT Meeting in Naples on April 6, 2016. It discusses VMUG, an independent global organization for VMware customers with over 195 local groups and 100,000 members worldwide. It outlines the agenda for the meeting which includes presentations on software-defined data centers, network virtualization with NSX, vRealize Automation with NSX, Nutanix, always-on enterprises with Veeam, software-defined storage, and a panel discussion. It promotes VMUG membership advantages like discounts on VMware software and events.
Si fa presto a dire SDDC: come, quando e perché?Andrea Mauro
This document discusses the software-defined data center (SDDC) and provides an overview of what it is, its benefits, and how it can be implemented. Some key points:
- An SDDC abstracts all data center resources (compute, storage, networking) and automates management and provisioning through software. This allows for greater agility, flexibility and automation than traditional hardware-defined data centers.
- Benefits of an SDDC include scalability, simplicity, seamlessness and an "as a service" model. Virtualization is the foundation that enables the modern, cloud-based business world.
- There are two approaches to building an SDDC - building your own using individual
VMworld 2013: Virtualized Network Services Model with VMware NSX VMworld
This document summarizes a presentation about VMware's NSX virtualized networking solution. It introduces NSX Edge gateways which provide routing, firewalling, load balancing, and VPN services. It discusses how NSX addresses the needs of cloud computing through automation, standard hardware, and a single management plane. Example use cases are shown. Key features of the NSX Edge including scalable performance are outlined. The document also briefly discusses NSX operations and management tools, and its deployment on VMware vCloud Hybrid Service.
VMworld 2013: VMware NSX Integration with OpenStack VMworld
VMworld 2013
Somik Behera, VMware
Mark McClain, DreamHost & OpenStack
Salvatore Orlando, VMware
Learn more about VMworld and register at http://www.vmworld.com/index.jspa?src=socmed-vmworld-slideshare
VMworld 2016: How to Deploy VMware NSX with Cisco InfrastructureVMworld
This document provides an overview of how to deploy VMware NSX with Cisco infrastructure, including:
- NSX has minimal requirements of 1600 MTU and IP connectivity and is agnostic to the underlying network topology.
- When using Cisco Nexus switches, VLANs must be configured for various traffic types and SVIs created with consistent IP subnets. Jumbo MTU is required across all links.
- NSX is also compatible with Cisco ACI fabrics using Fabric Path or DFA topologies, with the VXLAN VLAN spanning multiple pods/clusters across the fabric.
The Vision for the Future of Network Virtualization with VMware NSXScott Lowe
This presentation recaps some announcements and demonstrations made at VMworld 2015 regarding new features and new functionality tentatively anticipated for future versions of VMware NSX.
Customer interest is increasing well beyond just what our standalone products offer. In fact, customer don’t care about the products, they care about the solution. IaaS with SDN as a solution is extremely popular. Therefore, this is focused on joint solution of vRA, vRO, NSX-v and 3rd party options.
The Future of Cloud Networking is VMware NSXScott Lowe
This presentation was first given at Varrow Madness 2014 and discusses the need for a solution specifically designed (like VMware NSX) for cloud networking
The document discusses VMware NSX and its technical overview. It begins with defining what software defined networking means, including decoupling the control plane from the data plane. It then provides an agenda and overview of NSX architecture, including its components in the data plane, control plane, and management plane. Key features of NSX like logical switching, routing, and distributed firewalling are described.
VMworld 2013: Real-world Deployment Scenarios for VMware NSX VMworld
VMworld 2013
Taruna Gandhi, VMware
Jeremy Hanmer, DreamHost
Funs Kessen, Schuberg Philis
Learn more about VMworld and register at http://www.vmworld.com/index.jspa?src=socmed-vmworld-slideshare
Software Defined Networking (SDN) with VMware NSXZivaro Inc
Combining SDN with VMware’s NSX can accelerate application deployment and delivery in a secure and virtualized network. No longer will your network create a bottleneck when trying to administer new applications. Key topics include:
- How SDN allows for innovative ways to use a virtualized network
- Why SDN creates greater span of control, network analytics and response
- What intelligence can be gained from a global view of the network
- How SDN and NSX together allow IT to treat their physical network as a pool of transport capacity that can be consumed and repurposed on demand
From: "Software Defined Networking for NSX" webinar presented by Scott Hogg of GTRI and Hunter Hansen of VMware on February 3, 2016. Webinar recording: https://youtu.be/t_3DpN3nIXQ
NSX provides micro-segmentation that allows each machine to have its own firewall, preventing attackers from moving freely within the datacenter. It also provides security for virtual machines and mobile devices accessing infrastructure resources. NSX enables scaling resources up and down without compromising security, including using it for developer clouds, multi-tenant infrastructure, disaster recovery, hybrid networking, and metro pooling across datacenters with Layer 2 stretching.
VXLAN with NSX -MH describes VXLAN and how it is implemented with NSX Micro Segmentation. It discusses VXLAN basics like encapsulation and VTEPs. It then covers the NSX control plane and data plane views including logical network view with logical switches/ports and physical transport node view. It provides examples of VXLAN L2 and L3 gateways for inter and intra-subnet communication deployed on NSX managed switches or physical gateways.
VMworld 2014: VMware NSX and vCloud Automation Center Integration Technical D...VMworld
This document provides an overview and agenda for a presentation on integrating VMware NSX and vCloud Automation Center. It discusses how the integration enables dynamic configuration and deployment of NSX logical networking and security services through vCloud Automation Center. Key features covered include network profiles for different application topologies, microsegmentation using security groups, applying firewall and security policies, and load balancing. The integration leverages the new NSX vCenter Orchestrator plugin to abstract workflows and make them more extensible.
VMware NSX provides the right abstraction—the virtual network—to enable operational change that addresses networking pain points and meets business needs. A virtual network must do more than provide connectivity - it must deliver virtual network services like routing, firewalling, and load balancing. It also decouples the network from physical hardware, allowing workloads to be placed and moved anywhere. This enables programmatic provisioning, placement of workloads anywhere, and mobility of workloads, addressing common challenges in software-defined data centers.
VMworld 2015: The Future of Network Virtualization with VMware NSXVMworld
Since launch, VMware has seen a steady expansion in the use cases that are addressed by network virtualization. So what is next for NSX and network virtualization? This session answers this question, taking a look at how NSX is expanding beyond a single data center. It also reviews the technical state of NSX and looks forward to where network virtualization will head in the coming years.
VMware NSX is a software-defined networking and security platform that delivers virtual network services like logical switches, routers, firewalls, and load balancers. It allows for the creation of isolated, software-based virtual networks independent of physical network hardware. NSX provides capabilities like network automation, security segmentation, and multi-tenancy that can be used for data center automation, rapid application deployment, and isolating development, test, and production environments.
VMware NSX + Cumulus Networks: Software Defined NetworkingCumulus Networks
Witness the enablement of a true integration of a virtual network platform and an underlay physical network for a scalable data center orchestration, automation and multi-tenancy solution over high-capacity IP fabrics. With the integration of VMware NSX Layer 2 gateway services on networking hardware running Cumulus Linux, customers can now connect virtual workloads to physical workloads with no performance impact.
VMworld 2013: Operational Best Practices for NSX in VMware Environments VMworld
VMworld 2013
Ben Basler, VMware
Roberto Mari, VMware
Learn more about VMworld and register at http://www.vmworld.com/index.jspa?src=socmed-vmworld-slideshare
VMworld Europe 2014: Advanced Network Services with NSXVMworld
This document provides an overview and agenda for a presentation on Network and Security services provided by VMware's NSX software-defined networking platform, including:
1. What network and security services are used by applications today.
2. Details on NSX firewalling, load balancing, and VPN services, including demos.
3. How NSX integrates with third-party security and load balancer vendors to enhance services.
VMware NSX - Lessons Learned from real projectDavid Pasek
This document provides an overview and agenda for a presentation on implementing end-to-end quality of service (QoS) for VMware vSphere with NSX on Cisco UCS. It discusses the project requirements of guaranteeing network traffic for FCoE storage, vSphere management, vMotion and VM backups. It then presents three design options for implementing QoS by marking and prioritizing different classes of service on the virtual network interface cards, VMware distributed virtual switch port groups, Cisco UCS fabric interconnects and Nexus switches. The optimal solution must meet requirements within the constraints of the Cisco and VMware infrastructure components.
Self service it with v realizeautomation and nsxsolarisyougood
This document discusses using VMware's NSX and vRealize Automation (vRA) products to provide self-service IT capabilities. It outlines how NSX logical networking and security services like logical switches, firewalls, and load balancers can be dynamically configured and deployed through vRA blueprints and service catalogs. The document also covers updates in NSX and vRA integration in version 6.2, including network profiles, security groups, tags, and distributed logical routing support. Finally, it discusses considerations for deploying NSX with vRA and demonstrates the networking and security workflows.
Get a technical understanding of the components of NSX, including how switching, routing, firewalling, load-balancing and other services work within NSX.
This document provides an introduction and overview of VMware's NSX network virtualization platform. It begins with a disclaimer about features being under development. The agenda then covers an introduction to NSX, its momentum and use cases, new features in NSX 2014, and NSX operations. It demonstrates NSX's ability to provide network and security services in software and enable dynamic application topologies. It also discusses NSX components, deployments, partnerships, and upcoming training and certification opportunities.
VMware NSX provides a platform for deployment of software-defined network (SDN) and network function virtualization (NFV) services across physical network devices in a way that is analogous to server virtualization.
This presentation discusses implementing agentless antivirus (AV) and intrusion detection/prevention system (IDS/IPS) security solutions with VMware NSX. It covers using NSX guest introspection for agentless AV and network introspection for IPS/IDS. The presentation demonstrates how these technologies can be tied together and automated through common security policies. It also includes a demo of using NSX features like security groups and distributed firewall to quarantine systems and enforce security policies.
This document provides an overview and deep dive into VMware's NSX networking and security virtualization platform. It begins with a brief introduction to NSX's architecture, including its data plane, control plane, and management plane components. The presentation then covers key NSX capabilities like logical switching, distributed routing, microsegmentation using the distributed firewall, and network services. It aims to provide attendees with an in-depth understanding of the NSX platform and how it implements virtual networking and security functions.
VMware NSX is a network virtualization and security platform that provides logical switching, routing, firewalling, and load balancing capabilities. It emerged from VMware's acquisition of Nicira. NSX for vSphere is deployed most often as it integrates natively with VMware platforms like vCenter. The NSX architecture consists of edge nodes, controllers, and a manager to program the hypervisor kernel modules that implement the distributed data, control, and management planes. Key NSX components provide distributed logical routing, switching, and firewalling at the hypervisor level for scalability. The NSX edge services gateway delivers integrated network functions like firewall, VPN, and load balancing as virtual appliances.
The Future of Cloud Networking is VMware NSXScott Lowe
This presentation was first given at Varrow Madness 2014 and discusses the need for a solution specifically designed (like VMware NSX) for cloud networking
The document discusses VMware NSX and its technical overview. It begins with defining what software defined networking means, including decoupling the control plane from the data plane. It then provides an agenda and overview of NSX architecture, including its components in the data plane, control plane, and management plane. Key features of NSX like logical switching, routing, and distributed firewalling are described.
VMworld 2013: Real-world Deployment Scenarios for VMware NSX VMworld
VMworld 2013
Taruna Gandhi, VMware
Jeremy Hanmer, DreamHost
Funs Kessen, Schuberg Philis
Learn more about VMworld and register at http://www.vmworld.com/index.jspa?src=socmed-vmworld-slideshare
Software Defined Networking (SDN) with VMware NSXZivaro Inc
Combining SDN with VMware’s NSX can accelerate application deployment and delivery in a secure and virtualized network. No longer will your network create a bottleneck when trying to administer new applications. Key topics include:
- How SDN allows for innovative ways to use a virtualized network
- Why SDN creates greater span of control, network analytics and response
- What intelligence can be gained from a global view of the network
- How SDN and NSX together allow IT to treat their physical network as a pool of transport capacity that can be consumed and repurposed on demand
From: "Software Defined Networking for NSX" webinar presented by Scott Hogg of GTRI and Hunter Hansen of VMware on February 3, 2016. Webinar recording: https://youtu.be/t_3DpN3nIXQ
NSX provides micro-segmentation that allows each machine to have its own firewall, preventing attackers from moving freely within the datacenter. It also provides security for virtual machines and mobile devices accessing infrastructure resources. NSX enables scaling resources up and down without compromising security, including using it for developer clouds, multi-tenant infrastructure, disaster recovery, hybrid networking, and metro pooling across datacenters with Layer 2 stretching.
VXLAN with NSX -MH describes VXLAN and how it is implemented with NSX Micro Segmentation. It discusses VXLAN basics like encapsulation and VTEPs. It then covers the NSX control plane and data plane views including logical network view with logical switches/ports and physical transport node view. It provides examples of VXLAN L2 and L3 gateways for inter and intra-subnet communication deployed on NSX managed switches or physical gateways.
VMworld 2014: VMware NSX and vCloud Automation Center Integration Technical D...VMworld
This document provides an overview and agenda for a presentation on integrating VMware NSX and vCloud Automation Center. It discusses how the integration enables dynamic configuration and deployment of NSX logical networking and security services through vCloud Automation Center. Key features covered include network profiles for different application topologies, microsegmentation using security groups, applying firewall and security policies, and load balancing. The integration leverages the new NSX vCenter Orchestrator plugin to abstract workflows and make them more extensible.
VMware NSX provides the right abstraction—the virtual network—to enable operational change that addresses networking pain points and meets business needs. A virtual network must do more than provide connectivity - it must deliver virtual network services like routing, firewalling, and load balancing. It also decouples the network from physical hardware, allowing workloads to be placed and moved anywhere. This enables programmatic provisioning, placement of workloads anywhere, and mobility of workloads, addressing common challenges in software-defined data centers.
VMworld 2015: The Future of Network Virtualization with VMware NSXVMworld
Since launch, VMware has seen a steady expansion in the use cases that are addressed by network virtualization. So what is next for NSX and network virtualization? This session answers this question, taking a look at how NSX is expanding beyond a single data center. It also reviews the technical state of NSX and looks forward to where network virtualization will head in the coming years.
VMware NSX is a software-defined networking and security platform that delivers virtual network services like logical switches, routers, firewalls, and load balancers. It allows for the creation of isolated, software-based virtual networks independent of physical network hardware. NSX provides capabilities like network automation, security segmentation, and multi-tenancy that can be used for data center automation, rapid application deployment, and isolating development, test, and production environments.
VMware NSX + Cumulus Networks: Software Defined NetworkingCumulus Networks
Witness the enablement of a true integration of a virtual network platform and an underlay physical network for a scalable data center orchestration, automation and multi-tenancy solution over high-capacity IP fabrics. With the integration of VMware NSX Layer 2 gateway services on networking hardware running Cumulus Linux, customers can now connect virtual workloads to physical workloads with no performance impact.
VMworld 2013: Operational Best Practices for NSX in VMware Environments VMworld
VMworld 2013
Ben Basler, VMware
Roberto Mari, VMware
Learn more about VMworld and register at http://www.vmworld.com/index.jspa?src=socmed-vmworld-slideshare
VMworld Europe 2014: Advanced Network Services with NSXVMworld
This document provides an overview and agenda for a presentation on Network and Security services provided by VMware's NSX software-defined networking platform, including:
1. What network and security services are used by applications today.
2. Details on NSX firewalling, load balancing, and VPN services, including demos.
3. How NSX integrates with third-party security and load balancer vendors to enhance services.
VMware NSX - Lessons Learned from real projectDavid Pasek
This document provides an overview and agenda for a presentation on implementing end-to-end quality of service (QoS) for VMware vSphere with NSX on Cisco UCS. It discusses the project requirements of guaranteeing network traffic for FCoE storage, vSphere management, vMotion and VM backups. It then presents three design options for implementing QoS by marking and prioritizing different classes of service on the virtual network interface cards, VMware distributed virtual switch port groups, Cisco UCS fabric interconnects and Nexus switches. The optimal solution must meet requirements within the constraints of the Cisco and VMware infrastructure components.
Self service it with v realizeautomation and nsxsolarisyougood
This document discusses using VMware's NSX and vRealize Automation (vRA) products to provide self-service IT capabilities. It outlines how NSX logical networking and security services like logical switches, firewalls, and load balancers can be dynamically configured and deployed through vRA blueprints and service catalogs. The document also covers updates in NSX and vRA integration in version 6.2, including network profiles, security groups, tags, and distributed logical routing support. Finally, it discusses considerations for deploying NSX with vRA and demonstrates the networking and security workflows.
Get a technical understanding of the components of NSX, including how switching, routing, firewalling, load-balancing and other services work within NSX.
This document provides an introduction and overview of VMware's NSX network virtualization platform. It begins with a disclaimer about features being under development. The agenda then covers an introduction to NSX, its momentum and use cases, new features in NSX 2014, and NSX operations. It demonstrates NSX's ability to provide network and security services in software and enable dynamic application topologies. It also discusses NSX components, deployments, partnerships, and upcoming training and certification opportunities.
VMware NSX provides a platform for deployment of software-defined network (SDN) and network function virtualization (NFV) services across physical network devices in a way that is analogous to server virtualization.
This presentation discusses implementing agentless antivirus (AV) and intrusion detection/prevention system (IDS/IPS) security solutions with VMware NSX. It covers using NSX guest introspection for agentless AV and network introspection for IPS/IDS. The presentation demonstrates how these technologies can be tied together and automated through common security policies. It also includes a demo of using NSX features like security groups and distributed firewall to quarantine systems and enforce security policies.
This document provides an overview and deep dive into VMware's NSX networking and security virtualization platform. It begins with a brief introduction to NSX's architecture, including its data plane, control plane, and management plane components. The presentation then covers key NSX capabilities like logical switching, distributed routing, microsegmentation using the distributed firewall, and network services. It aims to provide attendees with an in-depth understanding of the NSX platform and how it implements virtual networking and security functions.
VMware NSX is a network virtualization and security platform that provides logical switching, routing, firewalling, and load balancing capabilities. It emerged from VMware's acquisition of Nicira. NSX for vSphere is deployed most often as it integrates natively with VMware platforms like vCenter. The NSX architecture consists of edge nodes, controllers, and a manager to program the hypervisor kernel modules that implement the distributed data, control, and management planes. Key NSX components provide distributed logical routing, switching, and firewalling at the hypervisor level for scalability. The NSX edge services gateway delivers integrated network functions like firewall, VPN, and load balancing as virtual appliances.
VMworld 2013: Bringing Network Virtualization to VMware Environments with NSX VMworld
1. NSX brings network virtualization to VMware environments by providing scalable logical switching and distributed logical routing without dependency on physical network hardware or topology.
2. NSX has two consumption models - optimized for vSphere which leverages VMware infrastructure or as a multi-hypervisor, multi-cloud platform.
3. NSX deployment involves three simple steps - deploying the network infrastructure, deploying NSX manager and controllers, and consuming applications on the virtual networks.
This document discusses VMware NSX architecture and design. It provides an overview of NSX components like the NSX manager, controllers, distributed logical routing, and NSX edge services gateway. It also covers NSX design considerations such as transport zones, VTEPs, logical networks, and VDS configuration. The document emphasizes that NSX is agnostic to underlying network topology and flexible in its deployment.
OVHcloud Hosted Private Cloud Platform Network use cases with VMware NSXOVHcloud
In this workshop VMware will provide a quick reminder of the main contributions of the NSX network virtualization platform: consistent network and security management, increased application resiliency, rapid migration of workloads to and from the cloud.
VMware and OVH will then move on to practical cases with implementation of micro-segmentation, dynamic routing, automatic deployment of an application, load balancing in the OVH Hosted Private Cloud. This workshop is aimed at a technical audience.
Tech Talk by John Casey (CTO) CPLANE_NETWORKS : High Performance OpenStack Ne...nvirters
OpenStack is HOT! No doubt about it. A recent survey by The New Stack and The Linux Foundation shows OpenStack as the most popular open source project ahead of other hot projects like Docker and KVM. OpenStack is now taking its rightful place as the open source cloud solution for enterprises and service providers.
To date OpenStack networking has not yet achieved the performance, scalability and reliability that many large enterprises demand. CPLANE NETWORKS solves that problem by delivering secure multi-tenant virtual networking that overcomes the limitations of the standard Neutron networking service. By making all networking services local to the compute node and achieving near line-rate throughput, CPLANE NETWORKS Dynamic Virtual Networks (DVN) delivers mega-scale networking for the most demanding application environments.
In this session John Casey will cover the basics of DVN and explain how CPLANE NETWORKS achieves "at scale" network performance within and across data centers.
About John Casey
John Casey has over 20 years of deep technology leadership. His proven success with a variety of technical leadership roles in Telecom, Enterprise and Government and in software design and development provide the foundation for the system architecture and engineering team.
Previously John led worldwide deployment teams for both IBM’s Software Group and Narus, Inc. His work in large scale, high performance system design at Transarc Labs and Walker Interactive Systems brings leadership to the CPLANE NETWORKS product suite.
Session: The Data Center Network Evolution: Journey to the Programmable Fabric
Presenter: Robert Zalobinski, Technical Solutions Architect
Date: October 6, 2015
The document discusses NSX design and deployment considerations including:
1. Physical and logical infrastructure requirements for NSX including IP connectivity and MTU size.
2. Edge cluster design with options for collapsed or separated edge and infrastructure racks.
3. NSX manager and controller placement and sizing within management clusters.
4. Transport zone, VTEP, and VXLAN switching concepts which are fundamental to the NSX overlay architecture.
This document provides an overview and update on VMware's NSX network virtualization platform and previews future directions. It discusses expanding NSX capabilities like physical network integration, new encapsulation formats, and multi-site network virtualization. The presentation also explores advanced topics such as distributed logical routing, handling elephant flows, and enabling service chaining through network virtualization. Overall, the document outlines how NSX provides network virtualization and previews exciting new capabilities and use cases for virtualized networking.
VMworld 2013: Designing Network Virtualization for Data-Centers: Greenfield D...VMworld
VMworld 2013
Ben Basler, VMware
Roberto Mari, VMware
Learn more about VMworld and register at http://www.vmworld.com/index.jspa?src=socmed-vmworld-slideshare
This document discusses deploying VMware NSX Network Virtualization. It covers:
1. The objectives are to learn about NSX deployments with multiple hypervisors, NSX components required, and packet flows in logical networks.
2. The NSX architecture includes features like logical switching, routing, firewall, load balancing and VPN. Key components are the NSX controller, vSwitch, logical switches and NSX gateway.
3. Deploying NSX involves building the physical infrastructure, preparing NSX including the controller and manager, and then consuming applications through the network API.
HPE Distributed Cloud Networking (DCN) enables service providers and large organizations to manage a distributed, multi data center environment in a simple, open and agile way using software-defined networking and network virtualization. At this session, we'll explore HPE Distributed Cloud Networking (DCN), Layer 2 to Layer 4. You will learn how this network virtualization platform optimizes the network by removing inefficiencies.
Understanding and deploying Network VirtualizationSDN Hub
Analogous to server virtualization, Network Virtualization decouples and isolates virtual networks (i.e. tenant) from the underlying network hardware. One of the key value propositions of Software-Defined Networking (SDN) is to enable the provisioning and operation of virtual networks. This tutorial motivates the need for network virtualization, describes the high-level requirements, provides an overview of all architectural approaches, and gives you a clear picture of the vendor landscape.
Previously presented at ONUG Fall 2013 and Spring 2014.
This hands on workshop for OpenContrail will be led by Sreelakshmi Sarva & Aniket Daptari.
This is a labs session so we will have hard RSVP limits. Please RSVP only if you are confident that you will be able to attend.
About Sreelakshmi Sarva
Sree is currently working as part of solution engineering team at Juniper’s Contrail team. She is responsible for delivering & managing SDN solutions & partnerships relating to Contrail. She has been with Juniper for the last 13 years working on various Routing, Switching, Network programmability & virtualization platforms. Prior to Juniper, She worked at Nortel networks in the Systems Engineering group. Sree received her Masters in Computer Science from University of Texas at Dallas and Bachelor’s in Computer Science from India.
About Aniket Daptari
Aniket is currently working as part of Juniper Networks' Contrail Cloud Solutions team. He is responsible for delivering SDN solutions and technology partnerships related to Contrail. He has been with Juniper for the last 3 years working on various Network programmability & virtualization platforms. Prior to Juniper, he worked at Cisco Systems in the Internet Systems Business Unit (Catalyst 6500). Aniket received his Masters in Computer Science from University of Southern California and a graduate certificate in Management Science and Engineering from Stanford University.
Course Abstract
This session will be the first of a series of OpenContrail hands-on tutorials for developers who want to get deep into OpenContrail code.
This “Basic OpenContrail Programming” Hands-on Session will focus on making developers proficient in writing and contributing code for our OpenContrail Project.
Session will cover the following areas
1) Contrail Overview
· Use Cases
· Architecture recap
2) Contrail Hands on
· Demo + Hands on - Configuration , VN, VM, Network Policies etc
· DevStack introduction
Open stack networking_101_update_2014-os-meetupsyfauser
This is the latest Update to my OpenStack Networking / Neutron 101 Slides with some more Information and caveats on the new DVR and Gateway HA Features
VMworld 2013: An Introduction to Network Virtualization VMworld
The document discusses network virtualization and VMware NSX. It begins with an agenda that covers objectives, network virtualization, NSX system architecture and use cases. It then discusses what network virtualization is, how it abstracts and automates the network. The NSX architecture uses Open vSwitch and tunnels traffic between virtual networks. Key use cases include automated provisioning and cross-datacenter connectivity. Physical and logical relationships are illustrated on a whiteboard. Takeaways focus on the benefits of network virtualization in building scalable software-defined datacenters.
Understanding network and service virtualizationSDN Hub
This document discusses network and service virtualization technologies. It begins with an overview of challenges with current network architectures and how virtualization addresses them. It then covers three key trends: 1) network virtualization using SDN to program networks dynamically, 2) service virtualization using NFV to virtualize network functions, and 3) new infrastructure tools like Open vSwitch, OpenDaylight, and Docker networking. Finally, it discusses approaches to deploying network and service virtualization and provides a vendor landscape.
Design and Deployment of Enterprise WLANsFab Fusaro
The document discusses Cisco's controller-based wireless LAN architecture and mobility solutions. It covers topics like:
- The components of Cisco's unified wireless network including wireless LAN controllers, Aironet access points, management software, and mobility services.
- Key principles like how access points must have CAPWAP connectivity to controllers to download configurations and forward all Wi-Fi traffic.
- How mobility is supported through mobility groups that allow controllers to peer and exchange information to enable seamless roaming across controller boundaries.
- Technologies and protocols that help enable fast and secure roaming like CCKM, 802.11r, eliminating full reauthentication, and not requiring reacquisition of IP addresses.
Similar to NSX: La Virtualizzazione di Rete e il Futuro della Sicurezza (20)
07 vmugit aprile_2018_massimiliano_moschiniVMUG IT
VMware Hyper-Converged Software provides Virtual SAN, which allows for storage to be pooled and shared across servers. Virtual SAN enables the creation of a shared datastore that can be accessed by any VM running on the servers in the Virtual SAN cluster. It provides a simple, efficient and resilient way to store and protect VM data without the need for external shared storage.
07 - VMUGIT - Lecce 2018 - Antonio Gentile, FortinetVMUG IT
VMUGIT Meeting - Lecce, 5 Aprile 2018
Antonio Gentile - System Engineer Fortinet Italy - Fortinet Security Fabric - Le nuove sfide della cyber security su infrastrutture software defined
VMUGIT Meeting - Lecce, 5 Aprile 2018
Rodolfo Rotondo VMware Sr. Business Solution Strategist, SEMEA - Difendere tutto... difendere niente! Come sviluppare un approccio strategico alla cyber security nell'era del mobile-cloud e degli oggetti interconnessi
Rubrik offers a software-defined data management platform that can help organizations accelerate their GDPR compliance efforts. The platform provides centralized management of data across on-premises, edge, and cloud environments. It employs security measures like encryption and immutable storage that are designed with privacy and compliance in mind. Rubrik also simplifies compliance through policy-driven automation that enforces data protection, retention, and deletion policies. Reporting tools give insights into policy effectiveness. The unified platform streamlines compliance processes around identifying, managing, and securing personal data.
This document discusses blockchain and enterprise IT, dispelling myths around distributed ledgers. It provides an overview of blockchain concepts like data integrity, actors, and public vs private blockchains. It also includes decision diagrams to help determine if a blockchain is needed and compares databases to blockchains. Example use cases for blockchains are listed such as supply chain management. Considerations for blockchain projects like requirements and limitations are also covered.
VMUGIT Meeting - Lecce, 5 Aprile 2018
Enrico Signoretti, Head of Product Strategy at OpenIO, blogger at Juku - IIoT. Il futuro è nell'integrazione Cloud-Edge
This document describes various "rebels" or non-virtualized applications in a datacenter that need to be managed. It discusses "Filerix", an old file server that has grown significantly in size and files. It also mentions "Maniscalchix", an application installed long ago whose purpose is unknown, and "Nonmifotografarix", which produces a lot of I/O and could crash during snapshots. The document provides information on how to back up these different applications using Veeam solutions like NAS shares, agents, I/O filtering, and archive tier despite their non-virtualized nature or other challenges.
The document provides an agenda for a PowerCLI session that will cover topics like getting started with PowerCLI, common errors and pitfalls, advanced functionality, and the PowerCLI community. It includes code snippets and examples for working with PowerCLI to retrieve and report on VMware vSphere infrastructure information using PowerShell. The session aims to help attendees become more proficient PowerCLI users.
Storage Policy Based Management (SPBM) allows data services like replication, encryption, and performance policies to be applied on a per-VM or per-VMDK level through configurable storage policies. The presenter discusses how SPBM is central to VMware's software-defined storage vision and allows administrators to take an application-centric approach to assigning storage services and service level agreements. Administrators can define storage policies, apply them dynamically to VMs, and change policies without disrupting services.
VMware Cloud on AWS allows customers to run VMware workloads on AWS infrastructure providing operational consistency, existing skillsets and tools, and control and security. It introduces VMware's software-defined data center (SDDC) technologies like vSphere, vSAN, and NSX running on AWS. This provides enterprises hybrid cloud capabilities with elasticity, portability of applications between on-premises and cloud, and access to AWS native services. Customers can easily deploy and manage their VMware environments on AWS.
Security groups and security policies were created to microsegment the network and restrict traffic flows based on the new segmentation. This was done using vRNI to visualize traffic before and after the changes. Security groups were defined using dynamic membership based on VM name, security tag, or other attributes. A shared services security policy template was also created to securely allow access to common management and services resources from different security groups.
GraphRAG for Life Science to increase LLM accuracyTomaz Bratanic
GraphRAG for life science domain, where you retriever information from biomedical knowledge graphs using LLMs to increase the accuracy and performance of generated answers
Best 20 SEO Techniques To Improve Website Visibility In SERPPixlogix Infotech
Boost your website's visibility with proven SEO techniques! Our latest blog dives into essential strategies to enhance your online presence, increase traffic, and rank higher on search engines. From keyword optimization to quality content creation, learn how to make your site stand out in the crowded digital landscape. Discover actionable tips and expert insights to elevate your SEO game.
For the full video of this presentation, please visit: https://www.edge-ai-vision.com/2024/06/building-and-scaling-ai-applications-with-the-nx-ai-manager-a-presentation-from-network-optix/
Robin van Emden, Senior Director of Data Science at Network Optix, presents the “Building and Scaling AI Applications with the Nx AI Manager,” tutorial at the May 2024 Embedded Vision Summit.
In this presentation, van Emden covers the basics of scaling edge AI solutions using the Nx tool kit. He emphasizes the process of developing AI models and deploying them globally. He also showcases the conversion of AI models and the creation of effective edge AI pipelines, with a focus on pre-processing, model conversion, selecting the appropriate inference engine for the target hardware and post-processing.
van Emden shows how Nx can simplify the developer’s life and facilitate a rapid transition from concept to production-ready applications.He provides valuable insights into developing scalable and efficient edge AI solutions, with a strong focus on practical implementation.
In his public lecture, Christian Timmerer provides insights into the fascinating history of video streaming, starting from its humble beginnings before YouTube to the groundbreaking technologies that now dominate platforms like Netflix and ORF ON. Timmerer also presents provocative contributions of his own that have significantly influenced the industry. He concludes by looking at future challenges and invites the audience to join in a discussion.
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdfMalak Abu Hammad
Discover how MongoDB Atlas and vector search technology can revolutionize your application's search capabilities. This comprehensive presentation covers:
* What is Vector Search?
* Importance and benefits of vector search
* Practical use cases across various industries
* Step-by-step implementation guide
* Live demos with code snippets
* Enhancing LLM capabilities with vector search
* Best practices and optimization strategies
Perfect for developers, AI enthusiasts, and tech leaders. Learn how to leverage MongoDB Atlas to deliver highly relevant, context-aware search results, transforming your data retrieval process. Stay ahead in tech innovation and maximize the potential of your applications.
#MongoDB #VectorSearch #AI #SemanticSearch #TechInnovation #DataScience #LLM #MachineLearning #SearchTechnology
AI 101: An Introduction to the Basics and Impact of Artificial IntelligenceIndexBug
Imagine a world where machines not only perform tasks but also learn, adapt, and make decisions. This is the promise of Artificial Intelligence (AI), a technology that's not just enhancing our lives but revolutionizing entire industries.
In the rapidly evolving landscape of technologies, XML continues to play a vital role in structuring, storing, and transporting data across diverse systems. The recent advancements in artificial intelligence (AI) present new methodologies for enhancing XML development workflows, introducing efficiency, automation, and intelligent capabilities. This presentation will outline the scope and perspective of utilizing AI in XML development. The potential benefits and the possible pitfalls will be highlighted, providing a balanced view of the subject.
We will explore the capabilities of AI in understanding XML markup languages and autonomously creating structured XML content. Additionally, we will examine the capacity of AI to enrich plain text with appropriate XML markup. Practical examples and methodological guidelines will be provided to elucidate how AI can be effectively prompted to interpret and generate accurate XML markup.
Further emphasis will be placed on the role of AI in developing XSLT, or schemas such as XSD and Schematron. We will address the techniques and strategies adopted to create prompts for generating code, explaining code, or refactoring the code, and the results achieved.
The discussion will extend to how AI can be used to transform XML content. In particular, the focus will be on the use of AI XPath extension functions in XSLT, Schematron, Schematron Quick Fixes, or for XML content refactoring.
The presentation aims to deliver a comprehensive overview of AI usage in XML development, providing attendees with the necessary knowledge to make informed decisions. Whether you’re at the early stages of adopting AI or considering integrating it in advanced XML development, this presentation will cover all levels of expertise.
By highlighting the potential advantages and challenges of integrating AI with XML development tools and languages, the presentation seeks to inspire thoughtful conversation around the future of XML development. We’ll not only delve into the technical aspects of AI-powered XML development but also discuss practical implications and possible future directions.
Full-RAG: A modern architecture for hyper-personalizationZilliz
Mike Del Balso, CEO & Co-Founder at Tecton, presents "Full RAG," a novel approach to AI recommendation systems, aiming to push beyond the limitations of traditional models through a deep integration of contextual insights and real-time data, leveraging the Retrieval-Augmented Generation architecture. This talk will outline Full RAG's potential to significantly enhance personalization, address engineering challenges such as data management and model training, and introduce data enrichment with reranking as a key solution. Attendees will gain crucial insights into the importance of hyperpersonalization in AI, the capabilities of Full RAG for advanced personalization, and strategies for managing complex data integrations for deploying cutting-edge AI solutions.
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAUpanagenda
Webinar Recording: https://www.panagenda.com/webinars/hcl-notes-und-domino-lizenzkostenreduzierung-in-der-welt-von-dlau/
DLAU und die Lizenzen nach dem CCB- und CCX-Modell sind für viele in der HCL-Community seit letztem Jahr ein heißes Thema. Als Notes- oder Domino-Kunde haben Sie vielleicht mit unerwartet hohen Benutzerzahlen und Lizenzgebühren zu kämpfen. Sie fragen sich vielleicht, wie diese neue Art der Lizenzierung funktioniert und welchen Nutzen sie Ihnen bringt. Vor allem wollen Sie sicherlich Ihr Budget einhalten und Kosten sparen, wo immer möglich. Das verstehen wir und wir möchten Ihnen dabei helfen!
Wir erklären Ihnen, wie Sie häufige Konfigurationsprobleme lösen können, die dazu führen können, dass mehr Benutzer gezählt werden als nötig, und wie Sie überflüssige oder ungenutzte Konten identifizieren und entfernen können, um Geld zu sparen. Es gibt auch einige Ansätze, die zu unnötigen Ausgaben führen können, z. B. wenn ein Personendokument anstelle eines Mail-Ins für geteilte Mailboxen verwendet wird. Wir zeigen Ihnen solche Fälle und deren Lösungen. Und natürlich erklären wir Ihnen das neue Lizenzmodell.
Nehmen Sie an diesem Webinar teil, bei dem HCL-Ambassador Marc Thomas und Gastredner Franz Walder Ihnen diese neue Welt näherbringen. Es vermittelt Ihnen die Tools und das Know-how, um den Überblick zu bewahren. Sie werden in der Lage sein, Ihre Kosten durch eine optimierte Domino-Konfiguration zu reduzieren und auch in Zukunft gering zu halten.
Diese Themen werden behandelt
- Reduzierung der Lizenzkosten durch Auffinden und Beheben von Fehlkonfigurationen und überflüssigen Konten
- Wie funktionieren CCB- und CCX-Lizenzen wirklich?
- Verstehen des DLAU-Tools und wie man es am besten nutzt
- Tipps für häufige Problembereiche, wie z. B. Team-Postfächer, Funktions-/Testbenutzer usw.
- Praxisbeispiele und Best Practices zum sofortigen Umsetzen
Threats to mobile devices are more prevalent and increasing in scope and complexity. Users of mobile devices desire to take full advantage of the features
available on those devices, but many of the features provide convenience and capability but sacrifice security. This best practices guide outlines steps the users can take to better protect personal devices and information.
“An Outlook of the Ongoing and Future Relationship between Blockchain Technologies and Process-aware Information Systems.” Invited talk at the joint workshop on Blockchain for Information Systems (BC4IS) and Blockchain for Trusted Data Sharing (B4TDS), co-located with with the 36th International Conference on Advanced Information Systems Engineering (CAiSE), 3 June 2024, Limassol, Cyprus.
Monitoring and Managing Anomaly Detection on OpenShift.pdfTosin Akinosho
Monitoring and Managing Anomaly Detection on OpenShift
Overview
Dive into the world of anomaly detection on edge devices with our comprehensive hands-on tutorial. This SlideShare presentation will guide you through the entire process, from data collection and model training to edge deployment and real-time monitoring. Perfect for those looking to implement robust anomaly detection systems on resource-constrained IoT/edge devices.
Key Topics Covered
1. Introduction to Anomaly Detection
- Understand the fundamentals of anomaly detection and its importance in identifying unusual behavior or failures in systems.
2. Understanding Edge (IoT)
- Learn about edge computing and IoT, and how they enable real-time data processing and decision-making at the source.
3. What is ArgoCD?
- Discover ArgoCD, a declarative, GitOps continuous delivery tool for Kubernetes, and its role in deploying applications on edge devices.
4. Deployment Using ArgoCD for Edge Devices
- Step-by-step guide on deploying anomaly detection models on edge devices using ArgoCD.
5. Introduction to Apache Kafka and S3
- Explore Apache Kafka for real-time data streaming and Amazon S3 for scalable storage solutions.
6. Viewing Kafka Messages in the Data Lake
- Learn how to view and analyze Kafka messages stored in a data lake for better insights.
7. What is Prometheus?
- Get to know Prometheus, an open-source monitoring and alerting toolkit, and its application in monitoring edge devices.
8. Monitoring Application Metrics with Prometheus
- Detailed instructions on setting up Prometheus to monitor the performance and health of your anomaly detection system.
9. What is Camel K?
- Introduction to Camel K, a lightweight integration framework built on Apache Camel, designed for Kubernetes.
10. Configuring Camel K Integrations for Data Pipelines
- Learn how to configure Camel K for seamless data pipeline integrations in your anomaly detection workflow.
11. What is a Jupyter Notebook?
- Overview of Jupyter Notebooks, an open-source web application for creating and sharing documents with live code, equations, visualizations, and narrative text.
12. Jupyter Notebooks with Code Examples
- Hands-on examples and code snippets in Jupyter Notebooks to help you implement and test anomaly detection models.
Have you ever been confused by the myriad of choices offered by AWS for hosting a website or an API?
Lambda, Elastic Beanstalk, Lightsail, Amplify, S3 (and more!) can each host websites + APIs. But which one should we choose?
Which one is cheapest? Which one is fastest? Which one will scale to meet our needs?
Join me in this session as we dive into each AWS hosting service to determine which one is best for your scenario and explain why!
Infrastructure Challenges in Scaling RAG with Custom AI modelsZilliz
Building Retrieval-Augmented Generation (RAG) systems with open-source and custom AI models is a complex task. This talk explores the challenges in productionizing RAG systems, including retrieval performance, response synthesis, and evaluation. We’ll discuss how to leverage open-source models like text embeddings, language models, and custom fine-tuned models to enhance RAG performance. Additionally, we’ll cover how BentoML can help orchestrate and scale these AI components efficiently, ensuring seamless deployment and management of RAG systems in the cloud.
UiPath Test Automation using UiPath Test Suite series, part 6DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 6. In this session, we will cover Test Automation with generative AI and Open AI.
UiPath Test Automation with generative AI and Open AI webinar offers an in-depth exploration of leveraging cutting-edge technologies for test automation within the UiPath platform. Attendees will delve into the integration of generative AI, a test automation solution, with Open AI advanced natural language processing capabilities.
Throughout the session, participants will discover how this synergy empowers testers to automate repetitive tasks, enhance testing accuracy, and expedite the software testing life cycle. Topics covered include the seamless integration process, practical use cases, and the benefits of harnessing AI-driven automation for UiPath testing initiatives. By attending this webinar, testers, and automation professionals can gain valuable insights into harnessing the power of AI to optimize their test automation workflows within the UiPath ecosystem, ultimately driving efficiency and quality in software development processes.
What will you get from this session?
1. Insights into integrating generative AI.
2. Understanding how this integration enhances test automation within the UiPath platform
3. Practical demonstrations
4. Exploration of real-world use cases illustrating the benefits of AI-driven test automation for UiPath
Topics covered:
What is generative AI
Test Automation with generative AI and Open AI.
UiPath integration with generative AI
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
7. NSX Logical Switching
• Per Application/Multi-tenant segmentation
• VM Mobility requires L2 everywhere
• Large L2 Physical Network Sprawl – STP
Issues
• HW Memory (MAC, FIB) Table Limits
• Scalable Multi-tenancy across data center
• Enabling L2 over L3 Infrastructure
• Overlay Based with VXLAN, etc.
• Logical Switches span across Physical Hosts
and Network Switches
Challenges Benefits
VMware NSX
Logical Switch 1 Logical Switch 2 Logical Switch 3
8. Generic IP Fabric
Host A
vSphere
Distributed Switch
NSX and VXLAN
8
dvUplink-PG
Logical SW A
VM1
dvPG-VTEP
VXLAN
VTEP
• VXLAN can be seen as service on the host
• VXLAN uses a vmknic and implements a VXLAN Virtual
Tunnel End Point (VTEP) functionality
• Depending on the uplink configuration, there might be
several VTEPs on a host
– A single dvPortGroup is created for all VTEPs
• A logical switch is a L2 broadcast domain implemented
using VXLAN
– A dvPortGroup is created for each logical switch
9. Generic IP Fabric
Host A Host B
vSphere Distributed Switch
Traffic Flowing on a VXLAN Backed VDS
9
• In this setup, VM1 and VM2 are on different hosts but belong to the same logical switch
• A VXLAN tunnel is established between the two hosts
dvUplink-PG
Logical SW A
VM1
dvUplink-PG
dvPG-VTEP
VTEP
dvPG-VTEP
VTEP
VXLAN Tunnel
Logical SW A
VM2
10. Host BHost A
vSphere Distributed Switch
Traffic Flowing on a VXLAN Backed VDS
10
• Assume VM1 sends some traffic to VM2:
dvUplink-PG
Logical SW A
VM1
dvUplink-PG
dvPG-VTEP
VTEP
dvPG-VTEP
VTEP
Logical SW A
VM2L2 frame L2 frame
VM1 sends L2 frame to
local VTEP1
VTEP adds VXLAN, UDP
& IP headers2 Physical Transport
Network forwards as a
regular IP packet
3 Destination Hypervisor
VTEP decapsulates frame4 L2 frame delivered
to VM25
Generic IP Fabric
VXLAN Tunnel
IP/UDP/VXLAN L2 frame
11. NSX Routing: Distributed, Feature-Rich
• Physical Infrastructure Scale
Challenges – Routing Scale
• VM Mobility is a challenge
• Multi-Tenant Routing Complexity
• Traffic hair-pins
Challenges
• Distributed Routing in Hypervisor
• Dynamic, API based Configuration
• Full featured – OSPF, BGP, IS-IS
• Logical Router per Tenant
• Routing Peering with Physical Switch
Benefits
SCALABLE ROUTING – Simplifying Multi-tenancy
L2
L2
Tenant A
Tenant B
L2
L2
L2
Tenant C
L2
L2
L2
CMP
13. NSX Edge Services Gateway: Integrated Network Services
….
Firewall
Load Balancer
VPN
Routing/NAT
DHCP/DNS relayDDI
VM VM VM VM VM
• Integrated L3 – L7 services
• Virtual appliance model to provide
rapid deployment and scale-out
Overview
• Real time service instantiation
• Support for dynamic service
differentiation per tenant/application
• Uses x86 compute capacity
Benefits
14. VLAN 20
Edge Uplink
External Network
Physical Router
Web1 App1 DB1 Webn Appn DBn
NSX Edge
VXLAN 5020
Transit Link
Distributed
Routing
RoutingPeering
14
How it looks like a Basic NSX Topology
…
15. High Scale Multi Tenant Topology
External Network
Tenant 1
Web Logical
Switch App Logical Switch DB Logical Switch
…
Web Logical
Switch App Logical Switch DB Logical Switch
Tenant NSX Edge
Services Gateway
NSX Edge X-Large
(Route Aggregation Layer)
Tenant NSX Edge
Services Gateway
VXLAN Uplinks (or
VXLAN Trunk)
VXLAN Uplinks (or
VXLAN Trunk)
VXLAN 5100
Transit
15
16. NSX provides Highest Level of Visibility in the Network
16
Log Insight
NSX content pack
Native
capabilities
Integration with
partner ecosystem
NSX API
Syslog
IPFIX
Port mirroring
SNMP
Traceflow
And more.
vRealize
Operations Suite
18. Traditional approaches to Micro-Segmentation
18
Centralized
firewalls
• Create firewall rules before provisioning
• Update firewall rules when moving or changing
• Delete firewall rules when app decommissioned
• Problem increases with more east-west traffic
Internet
19. Internet
How an SDDC approach makes Micro-Segmentation feasible
19
Security policy
Perimeter
firewalls
Cloud
Management
Platform
20. NSX Distributed Firewalling
• Centralized Firewall Model
• Static Configuration
• IP Address based Rules
• 40 Gbps per Appliance
• Lack of visibility with encapsulated traffic
• Distributed at Hypervisor Level
• Dynamic, API based Configuration
• VM Name, VC Objects, Identity-based Rules
• Line Rate ~20 Gbps per host
• Full Visibility to encapsulated traffic
Challenges Benefits
PHYSICAL SECURITY MODEL DISTRIBUTED FIREWALLING
Firewall Mgmt
VMware NSX
API
CMP
21. NSX Distributed Firewall Enablement
DFW enforces rules at
vNIC layer:
• DFW independent of
transport network (VLAN
or VXLAN)
• All VM ingress and egress
packets are subject to
DFW processing
• Security Policy
independent of
VM location
• V-to-V and P-to-V support
21
DFW has NO Dependancy on Network Topology !
VXLAN 5001
vSphere Host
VM1
MAC1
IP1
VTEP IP: 10.20.10.10
vSphere Distributed Switch
vSphere Host
VM2
VTEP IP: 10.20.10.11
VM3
MAC2
IP2
MAC3
IP3
DFW Policy Rules:
Source Destination Service Action
VM1 VM2, VM3 TCP port 123 Allow
VM1 VM2, VM3 any Block
DVS port-group
vSphere Host
VM1
MAC1
IP1
VTEP IP: 10.20.10.10
vSphere Distributed Switch
vSphere Host
VM2
VTEP IP: 10.20.10.11
VM3
MAC2
IP2
MAC3
IP3
DFW Policy Rules:
Source Destination Service Action
VM1 VM2, VM3 TCP port 123 Allow
VM1 VM2, VM3 any Block
VLAN 501 VLAN 501 VLAN 501
VXLAN 5001
Logical Switch
VXLAN 5001
22. CONFIDENTIAL
NSX DFW Policy Objects
• Policy rules construct:
• Rich dynamic container based rules apart from just IP addresses:
VC containers
• Clusters
• datacenters
• Portgroups
• VXLAN
VM containers
• VM names
• VM tags
• VM attributes
Identity
• AD Groups
IPv6 compliant
• IPv6 address
• IPv6 sets
Services
• Protocol
• Ports
• Custom
IPv6 Services
Choice of PEP (Policy
Enforcement Point)
• Clusters
• VXLAN
• vNICs
• …
Rule ID Rule Name Source Destination Service Action Applied To
Action
• Allow
• Block
• Reject
22
23. 23
Configure Policies with Security Groups
Select elements to uniquely identify
application workloads
Use attributes to create Security Groups Apply policies to security groups
1 2 3
ABC
DEF
Group
XYZ
App 1
OS: Windows 8
TAG: “Production”
§ Enforce policy based on logical constructs
§ Reduce configuration errors
§ Policy follows VM, not IP
§ Reduce rule sprawl and complexity
Use security groups to abstract policy from application workloads.
Group
XYZ
Policy 1
“IPS for Desktops”
“FW for Desktops”
Policy 2
“AV for Production”
“FW for Production”
Element type
Static Dynamic
Data center
Virtual net
Virtual machine
vNIC
VM name
OS type
User ID
Security tag
24. Micro-segmentation simplifies network security
§ Each VM can now be its own perimeter
§ Policies align with logical groups
§ Prevents threats from spreading
App
DMZ
Services
DB
Perimeter
firewall
AD NTP DHCP DNS CERT
Inside
firewall
Finance EngineeringHR
25. WAN
Internet
Compute Cluster Compute Cluster
Perimeter
Firewall
(Physical)
NSX
EDGE
Service
Gateway
Compute Cluster
SDDC (Software Defined DC)
DFW DFW DFW
DFW: E-W
NSX EDGE Service
Gateway positioned to
protect border of the
SDDC:
EDGE: North – South
traffic protection
NSX DFW positioned for
internal SDDC traffic
protection:
DFW: East – West
traffic protection
Physical
Virtual
Compute Cluster
EDGE:N-S
NSX Security in SDDC
25
26. Micro-segmentation in detail
SegmentationIsolation Advanced services
Controlled communication path within
a single network
• Fine-grained enforcement of security
• Security policies based on logical
groupings of VMs
Advanced services: addition of 3rd
party security, as needed by policy
• Platform for including leading
security solutions
• Dynamic addition of advanced
security to adapt to changing
security conditions
No communication path between
unrelated networks
• No cross-talk between networks
• Overlay technology assures networks
are separated by default
27. Third-Party Firewall, Network Security Options for
NSX Integration
Src Dst Action
ANY Shared Service Allow
Desktop WEB_GROUP Redirect to
3rd party
Platform for Distributed Services
Redirect via global rule to 3rd party
WEB_ GROUP
“Web Policy”
þ Firewall – redirect to 3rd
party
þ 3rd party – do deep packet
inspection
Redirect via policy template,
for reuse in automation
workflows
3rd party can program NSX
distributed firewall directly –
and set/get context to inform
policy
27
28. Example : Orchestrating Security Between Multiple Services
(Vulnerability Scan)
SG: QuarantineSG: Web Servers
1.Web Server VM running IIS is deployed, unknowingly having a vulnerability
2.Vulnerability Scan is initiated on web server (3rd party AV product)
3.VM is tagged in NSX Manager with the CVE and CVSS Score
4.NSX Manager associates the VM with the Quarantine (F/W Deny)
5.[Externally] Admin applies patches, 3rd party AV product re-scans VMs, clears tag
6.NSX Manager removes the VM from Quarantine ; VM returns to it’s normal duties
Services Services
Membership: Include VMs which have CVSS score >= 9Membership: Include VMs which have been provisioned as “WebServer”
NSX Manager
antivirus antivirus
29. NSX Partners and Service Categories
Application
Delivery Services
Physical-to-Virtual
Services Operations and Visibility Security
NSX Partner Extensions
http://www.vmware.com/products/nsx/resources.html
30. Ground-breaking use cases
30
Enterprises can often justify the cost of NSX through a single use case
Micro segmentation
DMZ anywhere
Secure end user
Security
IT automating IT
Multi-tenant
infrastructure
Developer cloud
IT automation
Disaster recovery
Metro pooling
Hybrid cloud
networking
Application continuity IT optimization
Server asset utilization
Price | performance
Hardware lifecycle
$
31. Use Case: Infrastructure Management with vRealize Automation
New Features
§ Simplified Multi-Tier App Deployment
§ Improved Connectivity
− Deployment of logical switches and networks
§ Enhanced Security
− Intelligent placement of workloads in security groups
protected by firewalls
§ Increased Availability
− Via deployment of NSX distributed
firewalls and load balancers
Benefits
§ Deliver secure, scalable, performing
application-specific infrastructure on-demand
Dynamically Provision and Decommission
NSX Logical Services
32. Use Case: Disaster recovery with NSX network virtualization
SAN SAN
10.0.30.21 10.0.30.21
Virtual Network
10.0.30/24
Virtual Network
10.0.30/24
NSX Controller NSX Controller
Snapshot
network
security
2b
1
Snapshot VM
Network and security
already exists
Recover
the VM
3
Physical network infrastructure Physical network infrastructure2a
Replicate
VM and storage
10.0.10/24 10.0.20/24
Step 1 & 2
(e.g VMware SRM)
32
Primary site Recovery Site
33. Use Case: A True Hybrid Cloud powered by VMware NSX
Local Data Center
InternetIPSec VPN
(vCloud Air Network)(vCloud Air Network)
vCloud Air
L2 VPN
Some Benefits:
• L2VPN for DC Extension
• Granular Network Security with Trust Groups
• Bi-directional workload migration using
vSphere web client
33
Some Benefits:
• Today with vCloud AIR
• Tomorrow with Amazon AWS,
Azure, Google and other
Public Cloud Providers
34. NSX Vision: Driving NSX Everywhere
Managing Security and Connectivity for many Heterogeneous End Points
34
Automation
IT at the Speed
of Business
Security
Inherently Secure
Infrastructure
Application Continuity
Data Center
Anywhere
On-Premise Data Center
New app frameworks
Mobile Devices
(Airwatch)
Virtual Desktop
(VDI)
Branch offices
(Partner)
Internet of things
Public clouds