The document discusses VMware NSX and its technical overview. It begins with defining what software defined networking means, including decoupling the control plane from the data plane. It then provides an agenda and overview of NSX architecture, including its components in the data plane, control plane, and management plane. Key features of NSX like logical switching, routing, and distributed firewalling are described.
VMworld 2013: vSphere Distributed Switch – Design and Best Practices VMworld
VMworld 2013
Vyenkatesh (Venky) Deshpande, VMware
Marcos Hernandez, VMware
Learn more about VMworld and register at http://www.vmworld.com/index.jspa?src=socmed-vmworld-slideshare
VMware NSX provides a platform for deployment of software-defined network (SDN) and network function virtualization (NFV) services across physical network devices in a way that is analogous to server virtualization.
VMworld 2013: vSphere Distributed Switch – Design and Best Practices VMworld
VMworld 2013
Vyenkatesh (Venky) Deshpande, VMware
Marcos Hernandez, VMware
Learn more about VMworld and register at http://www.vmworld.com/index.jspa?src=socmed-vmworld-slideshare
VMware NSX provides a platform for deployment of software-defined network (SDN) and network function virtualization (NFV) services across physical network devices in a way that is analogous to server virtualization.
CloudStack - Top 5 Technical Issues and TroubleshootingShapeBlue
Cloudstack Top 5 technical issues and troubleshooting. Cloudstack is a mature product in use by companies world-wide. While being associated with CloudStack development for over 5 years, Abhi has come across some technical issues that once in a while affect the CloudStack deployment. This presentation is an effort to put together top 5 such issues, analyze their symptoms, see them from CloudStack architecture perspective and from the distributed nature of cloud orchestration, then look at ways to avoid them and finally be able to troubleshoot if they occur.
This was a tutorial which Mark McClain and I led at ONUG, Spring 2015. It was well received and serves as a walk through of OpenStack Neutron and it's features and usage.
Alphorm.com Support de la formation Vmware Esxi 6.0Alphorm
Formation complète ici :
http://www.alphorm.com/tutoriel/formation-en-ligne-vmware-esxi-6
L'hyperviseur VMware ESXi 6 est la solution GRATUITE de virtualisation des serveurs la plus aboutie et répandue dans le monde de la virtualisation. Avec VMware ESXi 6 vous pouvez ainsi consolider vos applications sur moins de matériel.
Cette formation VMware ESXi 6 vous donnera toutes les clefs afin d'obtenir des bases solides sur l'installation et la gestion d'un Hyperviseur VMware ESXi 6. Mais aussi sur sa mise en place dans le monde complexe et hétérogène du DataCenter.
Durant cette formation VMware ESXi 6, votre formateur vExpert Fouad EL AKKAD, vous montrera comment installer et configurer un VMware ESXi 6, créer, installer et configurer des machines virtuelles, installer des VMware tools, configurer la délégation et sécuriser votre hyperviseur VMware ESXi 6, et enfin mettre à jour et à niveau vos serveurs VMware ESXi 6.
Après cette formation, VMware ESXi 6 n’aura plus de secret pour vous.
D’autres formations sur VMware vSphere 6, vCenter 6, Update Manager 6 sont en cours de réalisation.
Bienvenue dans le monde de la virtualisation des serveurs sous formation VMware ESXi 6.
The Vision for the Future of Network Virtualization with VMware NSXScott Lowe
This presentation recaps some announcements and demonstrations made at VMworld 2015 regarding new features and new functionality tentatively anticipated for future versions of VMware NSX.
CloudStack - Top 5 Technical Issues and TroubleshootingShapeBlue
Cloudstack Top 5 technical issues and troubleshooting. Cloudstack is a mature product in use by companies world-wide. While being associated with CloudStack development for over 5 years, Abhi has come across some technical issues that once in a while affect the CloudStack deployment. This presentation is an effort to put together top 5 such issues, analyze their symptoms, see them from CloudStack architecture perspective and from the distributed nature of cloud orchestration, then look at ways to avoid them and finally be able to troubleshoot if they occur.
This was a tutorial which Mark McClain and I led at ONUG, Spring 2015. It was well received and serves as a walk through of OpenStack Neutron and it's features and usage.
Alphorm.com Support de la formation Vmware Esxi 6.0Alphorm
Formation complète ici :
http://www.alphorm.com/tutoriel/formation-en-ligne-vmware-esxi-6
L'hyperviseur VMware ESXi 6 est la solution GRATUITE de virtualisation des serveurs la plus aboutie et répandue dans le monde de la virtualisation. Avec VMware ESXi 6 vous pouvez ainsi consolider vos applications sur moins de matériel.
Cette formation VMware ESXi 6 vous donnera toutes les clefs afin d'obtenir des bases solides sur l'installation et la gestion d'un Hyperviseur VMware ESXi 6. Mais aussi sur sa mise en place dans le monde complexe et hétérogène du DataCenter.
Durant cette formation VMware ESXi 6, votre formateur vExpert Fouad EL AKKAD, vous montrera comment installer et configurer un VMware ESXi 6, créer, installer et configurer des machines virtuelles, installer des VMware tools, configurer la délégation et sécuriser votre hyperviseur VMware ESXi 6, et enfin mettre à jour et à niveau vos serveurs VMware ESXi 6.
Après cette formation, VMware ESXi 6 n’aura plus de secret pour vous.
D’autres formations sur VMware vSphere 6, vCenter 6, Update Manager 6 sont en cours de réalisation.
Bienvenue dans le monde de la virtualisation des serveurs sous formation VMware ESXi 6.
The Vision for the Future of Network Virtualization with VMware NSXScott Lowe
This presentation recaps some announcements and demonstrations made at VMworld 2015 regarding new features and new functionality tentatively anticipated for future versions of VMware NSX.
SDN 101: Software Defined Networking Course - Sameh Zaghloul/IBM - 2014SAMeh Zaghloul
Sameh Zaghloul
Technology Manager @ IBM
+2 0100 6066012
zaghloul@eg.ibm.com
SDN: Technology that enables data center team to use software to efficiently control network resources
SDN Overview
SDN Standards
NFV – Network Function Virtualization
SDN Scenarios and Use Cases
SDN Sample Research Projects
SDN Technology Survey
SDN Case Study
SDN Online Courses
SDN Lab SW Tools
- OpenStack Framework
- OpenDayLighyt – SDN Controller
- FloodLight – SDN Controller
- Open vSwitch – Virtual Switch
- MiniNet – Virtual Network: OpenFlow Switches, SDN Controllers, and Servers/Hosts
- OMNet++ Network Simulator
- Avior – Sample FloodLight Java Application
- netem - Network Emulation
- NOX/POX - C++/ Python OpenFlow API for building network control applications
- Pyretic = Python + Frenetic - Enables network programmers and operators to write modular network applications by providing powerful abstractions
- Resonance - Event-Driven Control for Software-Defined Networks (written in Pyretic)
SDN Project
Introduction to Software Defined Networking (SDN)rjain51
Class lecture by Prof. Raj Jain on Introduction to . The talk covers Origins of SDN, What is SDN?, Original Definition of SDN, What = Why We need SDN?, SDN Definition, XMPP, XMPP in Data Centers, Path Computation Element, PCE, Forwarding and Control Element, Sample ForCES Exchanges, Application Layer Traffic Optimization, ALTO, ALTO Extension, Current SDN Debate: What vs. How?, SDN Controller Functions, RESTful APIs, OSGi Framework, Open Daylight SDN Controller, OpenDaylight Tools, Affinity Metadata Service, SDN Related Organizations and Projects, SDN Web Sites, Hierarchy of Operations, Introduction to, Origins of SDN, What is SDN?, Original Definition of SDN, What = Why We need SDN?, SDN Definition, XMPP, XMPP in Data Centers, Path Computation Element, PCE, Forwarding and Control Element, Sample ForCES Exchanges, Application Layer Traffic Optimization, ALTO, ALTO Extension, Current SDN Debate: What vs. How?, SDN Controller Functions, RESTful APIs, OSGi Framework, Open Daylight SDN Controller, OpenDaylight Tools, Affinity Metadata Service, SDN Related Organizations and Projects, SDN Web Sites. Video recording available in YouTube.
An introductory slides for explaining the SDN and NFV technologies. what's the difference between them and when each one is used. Also it talk about some of Cisco products in each area either SDN or NFV or the Automation with some of real use cases deployed in today's service provider network.
Hope you like it
VMworld 2013: Bringing Network Virtualization to VMware Environments with NSX VMworld
VMworld 2013
Rajiv Krishnamurthy, VMware
Manish Mittal, VMware
Learn more about VMworld and register at http://www.vmworld.com/index.jspa?src=socmed-vmworld-slideshare
Get a technical understanding of the components of NSX, including how switching, routing, firewalling, load-balancing and other services work within NSX.
VMworld 2013: An Introduction to Network Virtualization VMworld
VMworld 2013
Thomas Kraus, VMware
Eric Lopez, VMware
Learn more about VMworld and register at http://www.vmworld.com/index.jspa?src=socmed-vmworld-slideshare
VMworld 2013
Archish Dalal, VMware
Nikhil Kelshikar, VMware
Learn more about VMworld and register at http://www.vmworld.com/index.jspa?src=socmed-vmworld-slideshare
VMworld 2015: The Future of Network Virtualization with VMware NSXVMworld
Since launch, VMware has seen a steady expansion in the use cases that are addressed by network virtualization. So what is next for NSX and network virtualization? This session answers this question, taking a look at how NSX is expanding beyond a single data center. It also reviews the technical state of NSX and looks forward to where network virtualization will head in the coming years.
VMworld 2013: Virtualized Network Services Model with VMware NSX VMworld
VMworld 2013
Arun Goel, VMware
Serge Maskalik, VMware
Learn more about VMworld and register at http://www.vmworld.com/index.jspa?src=socmed-vmworld-slideshare
OVHcloud Hosted Private Cloud Platform Network use cases with VMware NSXOVHcloud
In this workshop VMware will provide a quick reminder of the main contributions of the NSX network virtualization platform: consistent network and security management, increased application resiliency, rapid migration of workloads to and from the cloud.
VMware and OVH will then move on to practical cases with implementation of micro-segmentation, dynamic routing, automatic deployment of an application, load balancing in the OVH Hosted Private Cloud. This workshop is aimed at a technical audience.
VMworld 2013: Operational Best Practices for NSX in VMware Environments VMworld
VMworld 2013
Ben Basler, VMware
Roberto Mari, VMware
Learn more about VMworld and register at http://www.vmworld.com/index.jspa?src=socmed-vmworld-slideshare
VMworld 2013: vCloud Hybrid Service Jump Start Part Three of Five: vCloud Hyb...VMworld
VMworld 2013
Ninad Desai, VMware
Greg Herzog, VMware
Jon Kim, Force 3
Gregory Stemberger, Force 3
Learn more about VMworld and register at http://www.vmworld.com/index.jspa?src=socmed-vmworld-slideshare
VMworld 2013: Designing Network Virtualization for Data-Centers: Greenfield D...VMworld
VMworld 2013
Ben Basler, VMware
Roberto Mari, VMware
Learn more about VMworld and register at http://www.vmworld.com/index.jspa?src=socmed-vmworld-slideshare
VMworld 2013: Real-world Deployment Scenarios for VMware NSX VMworld
VMworld 2013
Taruna Gandhi, VMware
Jeremy Hanmer, DreamHost
Funs Kessen, Schuberg Philis
Learn more about VMworld and register at http://www.vmworld.com/index.jspa?src=socmed-vmworld-slideshare
This hands on workshop for OpenContrail will be led by Sreelakshmi Sarva & Aniket Daptari.
This is a labs session so we will have hard RSVP limits. Please RSVP only if you are confident that you will be able to attend.
About Sreelakshmi Sarva
Sree is currently working as part of solution engineering team at Juniper’s Contrail team. She is responsible for delivering & managing SDN solutions & partnerships relating to Contrail. She has been with Juniper for the last 13 years working on various Routing, Switching, Network programmability & virtualization platforms. Prior to Juniper, She worked at Nortel networks in the Systems Engineering group. Sree received her Masters in Computer Science from University of Texas at Dallas and Bachelor’s in Computer Science from India.
About Aniket Daptari
Aniket is currently working as part of Juniper Networks' Contrail Cloud Solutions team. He is responsible for delivering SDN solutions and technology partnerships related to Contrail. He has been with Juniper for the last 3 years working on various Network programmability & virtualization platforms. Prior to Juniper, he worked at Cisco Systems in the Internet Systems Business Unit (Catalyst 6500). Aniket received his Masters in Computer Science from University of Southern California and a graduate certificate in Management Science and Engineering from Stanford University.
Course Abstract
This session will be the first of a series of OpenContrail hands-on tutorials for developers who want to get deep into OpenContrail code.
This “Basic OpenContrail Programming” Hands-on Session will focus on making developers proficient in writing and contributing code for our OpenContrail Project.
Session will cover the following areas
1) Contrail Overview
· Use Cases
· Architecture recap
2) Contrail Hands on
· Demo + Hands on - Configuration , VN, VM, Network Policies etc
· DevStack introduction
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Welcome to the first live UiPath Community Day Dubai! Join us for this unique occasion to meet our local and global UiPath Community and leaders. You will get a full view of the MEA region's automation landscape and the AI Powered automation technology capabilities of UiPath. Also, hosted by our local partners Marc Ellis, you will enjoy a half-day packed with industry insights and automation peers networking.
📕 Curious on our agenda? Wait no more!
10:00 Welcome note - UiPath Community in Dubai
Lovely Sinha, UiPath Community Chapter Leader, UiPath MVPx3, Hyper-automation Consultant, First Abu Dhabi Bank
10:20 A UiPath cross-region MEA overview
Ashraf El Zarka, VP and Managing Director MEA, UiPath
10:35: Customer Success Journey
Deepthi Deepak, Head of Intelligent Automation CoE, First Abu Dhabi Bank
11:15 The UiPath approach to GenAI with our three principles: improve accuracy, supercharge productivity, and automate more
Boris Krumrey, Global VP, Automation Innovation, UiPath
12:15 To discover how Marc Ellis leverages tech-driven solutions in recruitment and managed services.
Brendan Lingam, Director of Sales and Business Development, Marc Ellis
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...SOFTTECHHUB
The choice of an operating system plays a pivotal role in shaping our computing experience. For decades, Microsoft's Windows has dominated the market, offering a familiar and widely adopted platform for personal and professional use. However, as technological advancements continue to push the boundaries of innovation, alternative operating systems have emerged, challenging the status quo and offering users a fresh perspective on computing.
One such alternative that has garnered significant attention and acclaim is Nitrux Linux 3.5.0, a sleek, powerful, and user-friendly Linux distribution that promises to redefine the way we interact with our devices. With its focus on performance, security, and customization, Nitrux Linux presents a compelling case for those seeking to break free from the constraints of proprietary software and embrace the freedom and flexibility of open-source computing.
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex ProofsAlex Pruden
This paper presents Reef, a system for generating publicly verifiable succinct non-interactive zero-knowledge proofs that a committed document matches or does not match a regular expression. We describe applications such as proving the strength of passwords, the provenance of email despite redactions, the validity of oblivious DNS queries, and the existence of mutations in DNA. Reef supports the Perl Compatible Regular Expression syntax, including wildcards, alternation, ranges, capture groups, Kleene star, negations, and lookarounds. Reef introduces a new type of automata, Skipping Alternating Finite Automata (SAFA), that skips irrelevant parts of a document when producing proofs without undermining soundness, and instantiates SAFA with a lookup argument. Our experimental evaluation confirms that Reef can generate proofs for documents with 32M characters; the proofs are small and cheap to verify (under a second).
Paper: https://eprint.iacr.org/2023/1886
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionAggregage
Join Maher Hanafi, VP of Engineering at Betterworks, in this new session where he'll share a practical framework to transform Gen AI prototypes into impactful products! He'll delve into the complexities of data collection and management, model selection and optimization, and ensuring security, scalability, and responsible use.
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
Elevating Tactical DDD Patterns Through Object CalisthenicsDorra BARTAGUIZ
After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
In his public lecture, Christian Timmerer provides insights into the fascinating history of video streaming, starting from its humble beginnings before YouTube to the groundbreaking technologies that now dominate platforms like Netflix and ORF ON. Timmerer also presents provocative contributions of his own that have significantly influenced the industry. He concludes by looking at future challenges and invites the audience to join in a discussion.
Climate Impact of Software Testing at Nordic Testing DaysKari Kakkonen
My slides at Nordic Testing Days 6.6.2024
Climate impact / sustainability of software testing discussed on the talk. ICT and testing must carry their part of global responsibility to help with the climat warming. We can minimize the carbon footprint but we can also have a carbon handprint, a positive impact on the climate. Quality characteristics can be added with sustainability, and then measured continuously. Test environments can be used less, and in smaller scale and on demand. Test techniques can be used in optimizing or minimizing number of tests. Test automation can be used to speed up testing.
Removing Uninteresting Bytes in Software FuzzingAftab Hussain
Imagine a world where software fuzzing, the process of mutating bytes in test seeds to uncover hidden and erroneous program behaviors, becomes faster and more effective. A lot depends on the initial seeds, which can significantly dictate the trajectory of a fuzzing campaign, particularly in terms of how long it takes to uncover interesting behaviour in your code. We introduce DIAR, a technique designed to speedup fuzzing campaigns by pinpointing and eliminating those uninteresting bytes in the seeds. Picture this: instead of wasting valuable resources on meaningless mutations in large, bloated seeds, DIAR removes the unnecessary bytes, streamlining the entire process.
In this work, we equipped AFL, a popular fuzzer, with DIAR and examined two critical Linux libraries -- Libxml's xmllint, a tool for parsing xml documents, and Binutil's readelf, an essential debugging and security analysis command-line tool used to display detailed information about ELF (Executable and Linkable Format). Our preliminary results show that AFL+DIAR does not only discover new paths more quickly but also achieves higher coverage overall. This work thus showcases how starting with lean and optimized seeds can lead to faster, more comprehensive fuzzing campaigns -- and DIAR helps you find such seeds.
- These are slides of the talk given at IEEE International Conference on Software Testing Verification and Validation Workshop, ICSTW 2022.
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
1. VMware NSX
21st VMUGBE+ Meeting
Filip Verloy
Sr. Specialist Systems Engineer, Networking and Security
Twitter: @filipv
2. Agenda
1 What does Software Defined mean?
2 VMware NSX Technical Overview
3 Q&A
2
3.
4. Software Defined: Technical What & Technical Why
• Decoupling and abstracting
control and policy (control plane)
from physical stuff that does work
(data plane).
• Where the physical stuff that does
work (data plane) can be software
on commodity hardware, do it that
way
• Programmable infrastructure
APIs: automate everything
4
• Reduce infrastructure “fragility” by
abstraction and reducing
operational complexity
• Increase agility
• Open up new architectural options
(converged, software data planes)
6. Software Defined vs Hardware Defined
6
• Tesla OTA firmware update v6.0 adds
location-based smart air suspension.
Example: Auto raise when arriving at
home’s steep entry way.
• You make an appointment at your local
garage and 3 weeks later Joe the
mechanic installs new suspension and
throws old the old ones.
7. Agenda
1 What does Software Defined mean?
2 VMware NSX Technical Overview
3 Q&A
7
13. 1 NSX Architecture and Components
2 Switching
3 Routing
4 Distributed Firewall & Micro-Segmentation
5 Services
6 Next Steps
14. Provides
A Faithful Reproduction of Network & Security Services
in Software
Switching Routing Firewalling Load
Balancing
VPN Connectivity
to Physical
What is NSX?
14
15. Creating Sophisticated Application Topologies
Web-Tier
App-Tier
DB-Tier
VMs Connect to
Virtual Networks
Virtual Networks Connect to
non-virtualized Workloads
Security Enforcement at
vnic level
16. Creating Sophisticated Application Topologies
Web-Tier
App-Tier
DB-Tier
VMs Connect to
Virtual Networks
Virtual Networks Connect to
non-virtualized Workloads
Security Enforcement at
vnic level
With Physical Services
Integration
17. NSX Architecture and Components
Cloud Consumption • Self Service Portal
• vCloud Automation Center, OpenStack, Custom
Data Plane
NSX Edge
Distributed Services
ESXi Hypervisor Kernel Modules
• High – Performance Data Plane
• Scale-out Distributed Forwarding Model
Management Plane
NSX Manager
• Single configuration portal
• REST API entry-point
Control Plane
NSX Controller
• Manages Logical networks
• Control-Plane Protocol
• Separation of Control and Data Plane
Distributed Firewall
Logical Router
Logical
Switch
Logical Network
Physical
Network
…
…
20. NSX Control Plane Components
Properties
NSX Controllers
Virtual Form Factor (4 vCPU, 4GB RAM)
Data plane programming
Control plane Isolation
Benefits
Scale Out
High Availability
VXLAN - no Multicast
ARP Suppression
vSphere Cluster
vSphere HA
DRS with Anti-affinity
Host Agent
Data-Path Kernel Modules
VM ESXi VM VM
20
21. Management Plane Components
vSphere APIs NSX REST APIs
NSX Manager 1:1
NSX Manager
• Runs as a Virtual Machine
• Provisioning and Management of
Network and Network services
• VXLAN Preparation
• Logical Network Consumption
• Network Services Configuration
Management Plane
vCAC/Openstack/Custom
vCenter
3rd Party
Management Console
NSX Manager
vSphere Plugin
Single Pane of Glass
24. 1 NSX Architecture and Components
2 Switching
3 Routing
4 Distributed Firewall & Micro-Segmentation
5 Services
6 Next Steps
25. NSX Logical Switching
VMware NSX
Logical Switch 1 Logical Switch 2 Logical Switch 3
Challenges Benefits
• Per Application/Multi-tenant segmentation
• VM Mobility requires L2 everywhere
• Large L2 Physical Network Sprawl – STP
Issues
• HW Memory (MAC, FIB) Table Limits
• Scalable Multi-tenancy across data center
• Enabling L2 over L3 Infrastructure
• Overlay Based with VXLAN, etc.
• Logical Switches span across Physical Hosts
and Network Switches
26. Network Overlays
Outer
MAC
HDR L2 Frame
L2 Frame VXLAN
UDP
L2 Frame HDR
HDR
Outer
IP
HDR
1
VM Sends a
standard L2 Frame
2
Source Hypervisor
(VTEP)
Adds VXLAN, UDP &
IP Headers
4
Destination
Hypevisor (VTEP)
de-encapsulates
headers
3
Physical Network
forwards frame as
standard IP frame
5
Original L2 Frame
delivered to VM
VXLAN VXLAN
27. Physical Workload Integration
Use-case: Integrate non-virtualized workloads seamlessly with virtual networks
Solution: NSX providing Bridging Functionality or use of 3rd party hardware Gateways
Physical Workloads
x86-based bridge
VXLAN VLAN
Leverages any x86 server
Physical Workloads
HW VTEP
VXLAN VLAN
Highest density requiring specific hardware
28. Logical View: VMs in a Single Logical Switch
172.16.10.11 172.16.10.12 172.16.10.13
Web LS
172.16.10.0/24
VM1 VM2 VM3
172.16.20.12
VM5
172.16.20.11
VM4
App LS
172.16.20.0/24
29. Physical View: VMs in a Single Logical Switch
VM1
172.16.10.11 172.16.10.12 172.16.10.13
vSphere Distributed Switch
VM2
Logical Switch 5001
VM3
Transport Subnet A 192.168.150.0/24
192.168.150.51 192.168.150.52 192.168.250.51
Physical Network
30. 1 NSX Architecture and Components
2 Switching
3 Routing
4 Distributed Firewall & Micro-Segmentation
5 Services
6 Next Steps
31. NSX Routing: Distributed, Feature-Rich
Challenges
CMP
• Physical Infrastructure Scale
Challenges – Routing Scale
• VM Mobility is a challenge
• Multi-Tenant Routing Complexity
• Traffic hair-pins
L2
Tenant A
Tenant B
L2 Tenant C
L2
L2
Benefits
L2
• Distributed Routing in Hypervisor
• Dynamic, API based Configuration
• Full featured – OSPF, BGP, IS-IS
• Logical Router per Tenant
• Routing Peering with Physical Switch
L2
L2
L2
SCALABLE ROUTING – Simplifying Multi-tenancy
32. Logical View: VMs in a Single Logical Switch
172.16.10.11 172.16.10.12 172.16.10.13
VM1 VM2 VM3
VM4 VM5
Web LS
172.16.10.0/24
172.16.20.11 172.16.20.12
App LS
172.16.20.0/24
33. Logical View: VMs with Distributed Routing
172.16.10.1
192.168.10.0/29
192.168.10.1
Distributed Logical
Router Service
172.16.10.11 172.16.10.12 172.16.10.13
VM1 VM2 VM3
VM4 VM5
Web LS
172.16.10.0/24
172.16.20.11 172.16.20.12
App LS
172.16.20.0/24
172.16.20.1
34. Physical View: VMs in a Single Logical Switch
VM1
172.16.10.11 172.16.10.12 172.16.10.13
vSphere Distributed Switch
VM2
Logical Switch 5001
VM3
Physical Network
Transport Subnet A 192.168.150.0/24
192.168.150.51 192.168.150.52 192.168.250.51
35. Physical View: Logical Routing
Transport Subnet A 192.168.150.0/24 Transport Subnet B 192.168.250.0/24
VM5
VM1
vSphere Distributed Switch
VM2
Logical Switch 5001
VM3
Physical Network
VM4
Logical Switch 5002
Controller
Management Cluster
L3 Control Plane Programming
Data Plane
192.168.150.51 192.168.150.52 192.168.250.51
39. 1 NSX Architecture and Components
2 Switching
3 Routing
4 Distributed Firewall & Micro-Segmentation
5 Services
6 Next Steps
40. NSX Distributed Firewalling
PHYSICAL SECURITY MODEL DISTRIBUTED FIREWALLING
Challenges Benefits
• Centralized Firewall Model
• Static Configuration
• IP Address based Rules
• 40 Gbps per Appliance
• Lack of visibility with encapsulated traffic
• Distributed at Hypervisor Level
• Dynamic, API based Configuration
• VM Name, VC Objects, Identity-based Rules
• Line Rate ~20 Gbps per host
• Full Visibility to encapsulated traffic
Firewall Mgmt
VMware NSX
API
CMP
41. Distributed Firewall Features
VM5
VM1
Web-LS1
VM2
vSphere Distributed Switch
VM4
App-LS1
192.168.150.51 192.168.150.52 192.168.250.51 Management Cluster
Capabilities
• Firewall rules are enforced at VNIC Level
• Policy independent of location (L2 or L3 adjacency)
• State persistent across vMotion
• Enforcement based on VM attributes like Tags, VM Names, Logical Switch, etc
42. Distributed Firewall Rules
VM5
VM1
Web-LS1
VM2
vSphere Distributed Switch
VM4
App-LS1
192.168.150.51 192.168.150.52 192.168.250.51 Management Cluster
Rules Based on VM Names
45. 1 NSX Architecture and Components
2 Switching
3 Routing
4 Distributed Firewall & Micro-Segmentation
5 Services
6 Next Steps
46. NSX Load Balancing
Tenant A
Tenant B
VM1 VM2 VM1 VM2
Challenges Benefits
• Application Mobility
• Multi-tenancy
• Configuration complexity – manual
deployment model
• On-demand load balancer service
• Simplified deployment model for
applications – one-arm or inline
• Layer 7, SSL, …
LOAD BALANCER – Per Tenant Application Availability Model
47. NSX VPN Services
• VPN Services are delivered as a
service via Edge
• Interoperable with IPSec Clients
• Hardware Offload for Performance
• Ability to extend L2 across sites for
active-active DC
Site to Site
Internet / WAN
Internet / WAN
Public
Cloud
Hybrid Cloud
48. vCAC/vRA integrated with NSX
Dynamic Configuration and Deployment of NSX Logical Services
NSX
Logical Switch
Logical Router
Logical Firewall
Logical Load
Balancer
vCloud Automation Center On Demand Application Delivery
Service Catalog
Resource
Reservation
Cloud
Management
Platform
Multi-Machine
Blueprint
Security Policies
Security Groups
Network Profiles
Web
App
Database
VM VM VM
VM VM
VM
49. Cloud Consumer Profile
The Typical User Wants Easy
I just want my app. Don’t ask me
about networking and security.
Cloud
Consumer
Pre-defined
by Cloud Architect
Logical Load Balancer
Security Policies
Security Groups
Network Profiles
Leverage
Templates
Cloud Admin
Web
App
DB
Policy=Default_TestDev
VM VM VM
VM VM
VM
50. Cloud Consumer Profiles
Some Users Want to Customize
I know exactly what I need for
connecting, securing and scaling my
app. Let me deal with it.
Cloud
Consumer
Multi-Machine
Blueprint
Configurable
Customizable
For Cloud Consumer
Cloud Admin
Web
App
DB
Policy=Default_TestDev
VM VM VM
VM VM
VM