The document discusses vSphere networking and distributed switches. It describes the benefits of distributed switches over standard switches, such as simplifying administration and enabling features like private VLANs and port mirroring. It explains how to create and manage distributed switches and port groups, assign physical NICs and virtual machines, and configure properties and advanced features. Troubleshooting tips are provided for issues with virtual machine communication across distributed switch ports.
VMware vSphere Version Comparison 4.0 to 6.5Sabir Hussain
VMware vSphere leverages the power of virtualization to transform datacenters into simplified cloud computing infrastructures and enables IT organizations to deliver flexible and reliable IT services VMware vSphere virtualizes and aggregates the underlying physical hardware resources across multiple system and provides pools off virtual resources to the datacenter.
VM Virtualization
VMGate.com
Vitalization & HP TippingPoint
Virtual Firewall for Virtual machines, to validate the east west communications. As growth is tremendous in ES communication than legacy Datacenter architects more focus on North South traffic.
XenServer, Hyper-V, and ESXi - Architecture, API, and Coding_Humair_Ahmed_
XenServer, Hyper-V, and ESXi hypervisor comparison in regards to market share, architecture/installation, and APIs/coding. Technical details, demos, and code provided. Visit my blog at http://humairahmed.com/blog/.
VMware Infrastructure empowers businesses of all sizes and environments to move beyond traditional IT infrastructure boundaries and build a responsive data center that's dynamic, efficient and available. Learn to operate & maintain VMware vSphere 6.5 from a real-world perspective.
Learn more about:
- About the Netcom VMware vSphere Boot Camp
- Two different ways to integrate vSphere with Active Directory - Best Practices: Join Domain vs. AD LDAP
- Adding an AD Identity Source to vCenter 6.5
- Creating a Default vSphere Permission for users in an AD Group
VMworld 2013: Designing Network Virtualization for Data-Centers: Greenfield D...VMworld
VMworld 2013
Ben Basler, VMware
Roberto Mari, VMware
Learn more about VMworld and register at http://www.vmworld.com/index.jspa?src=socmed-vmworld-slideshare
VMworld 2013: vSphere Networking and vCloud Networking Suite Best Practices a...VMworld
VMworld 2013
Richard Cockett, VMware
Umesh Goyal, VMware Software India Pvt ltd
Learn more about VMworld and register at http://www.vmworld.com/index.jspa?src=socmed-vmworld-slideshare
VMware vSphere Version Comparison 4.0 to 6.5Sabir Hussain
VMware vSphere leverages the power of virtualization to transform datacenters into simplified cloud computing infrastructures and enables IT organizations to deliver flexible and reliable IT services VMware vSphere virtualizes and aggregates the underlying physical hardware resources across multiple system and provides pools off virtual resources to the datacenter.
VM Virtualization
VMGate.com
Vitalization & HP TippingPoint
Virtual Firewall for Virtual machines, to validate the east west communications. As growth is tremendous in ES communication than legacy Datacenter architects more focus on North South traffic.
XenServer, Hyper-V, and ESXi - Architecture, API, and Coding_Humair_Ahmed_
XenServer, Hyper-V, and ESXi hypervisor comparison in regards to market share, architecture/installation, and APIs/coding. Technical details, demos, and code provided. Visit my blog at http://humairahmed.com/blog/.
VMware Infrastructure empowers businesses of all sizes and environments to move beyond traditional IT infrastructure boundaries and build a responsive data center that's dynamic, efficient and available. Learn to operate & maintain VMware vSphere 6.5 from a real-world perspective.
Learn more about:
- About the Netcom VMware vSphere Boot Camp
- Two different ways to integrate vSphere with Active Directory - Best Practices: Join Domain vs. AD LDAP
- Adding an AD Identity Source to vCenter 6.5
- Creating a Default vSphere Permission for users in an AD Group
VMworld 2013: Designing Network Virtualization for Data-Centers: Greenfield D...VMworld
VMworld 2013
Ben Basler, VMware
Roberto Mari, VMware
Learn more about VMworld and register at http://www.vmworld.com/index.jspa?src=socmed-vmworld-slideshare
VMworld 2013: vSphere Networking and vCloud Networking Suite Best Practices a...VMworld
VMworld 2013
Richard Cockett, VMware
Umesh Goyal, VMware Software India Pvt ltd
Learn more about VMworld and register at http://www.vmworld.com/index.jspa?src=socmed-vmworld-slideshare
Software Defined Networking is seeing a lot of momentum these days. With server virtualization solving the virtual machines problem, and large scale object storage solving the distributed storage challenge, SDN is seen as key in virtual networking.
In this talk we don't try to define SDN but rather dive straight into what in our opinion is the core enabled of SDN: the virtual switch OVS.
OVS can help manage VLAN for guest network isolation, it can re-route any traffic at L2-L4 by keeping forwarding tables controlled by a remote controller (Openfow controller). We show these few OVS capabilities and highlight how they are used in CloudStack and Xen.
Xen Summit presentation of CloudStack and Software Defined Networks. OpenVswitch is the default bridge in Xen and supported in XenServer and Xen Cloud Platform
Midokura OpenStack Day Korea Talk: MidoNet Open Source Network Virtualization...Dan Mihai Dumitriu
OpenStack deployments for public or private clouds require overlay networking. Due to the scale and rate of change of virtual resources, it isn't practical to rely on traditional network constructs and isolation mechanims. Today's deployments require performance, resilience, and high availability to be considered truly production-ready. In this session, we deep dive into the MidoNet architecture, and process of sending a data packet across an OpenStack environment through a network overlay. A distributed architecture implements logical constructs that are used to build networks without a single point of failure, all while adding network functionality in a highly-scalable manner. Network functions are applied in a single virtual hop. By applying network services right at the ingress host, the network is free from unnecessary clogging and bottlenecks by avoiding additional hops. Packets reach their destination more efficiently with the single virtual hop. After this session, the audience will understand how distributed architectures allow efficient networking with routing decisions and network services applied at the edge. Also, the audience will understand how it is easier to scale clouds when the network intelligence is distributed.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024Neo4j
Neha Bajwa, Vice President of Product Marketing, Neo4j
Join us as we explore breakthrough innovations enabled by interconnected data and AI. Discover firsthand how organizations use relationships in data to uncover contextual insights and solve our most pressing challenges – from optimizing supply chains, detecting fraud, and improving customer experiences to accelerating drug discoveries.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
Unlocking Productivity: Leveraging the Potential of Copilot in Microsoft 365, a presentation by Christoforos Vlachos, Senior Solutions Manager – Modern Workplace, Uni Systems
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
A tale of scale & speed: How the US Navy is enabling software delivery from l...sonjaschweigert1
Rapid and secure feature delivery is a goal across every application team and every branch of the DoD. The Navy’s DevSecOps platform, Party Barge, has achieved:
- Reduction in onboarding time from 5 weeks to 1 day
- Improved developer experience and productivity through actionable findings and reduction of false positives
- Maintenance of superior security standards and inherent policy enforcement with Authorization to Operate (ATO)
Development teams can ship efficiently and ensure applications are cyber ready for Navy Authorizing Officials (AOs). In this webinar, Sigma Defense and Anchore will give attendees a look behind the scenes and demo secure pipeline automation and security artifacts that speed up application ATO and time to production.
We will cover:
- How to remove silos in DevSecOps
- How to build efficient development pipeline roles and component templates
- How to deliver security artifacts that matter for ATO’s (SBOMs, vulnerability reports, and policy evidence)
- How to streamline operations with automated policy checks on container images
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...SOFTTECHHUB
The choice of an operating system plays a pivotal role in shaping our computing experience. For decades, Microsoft's Windows has dominated the market, offering a familiar and widely adopted platform for personal and professional use. However, as technological advancements continue to push the boundaries of innovation, alternative operating systems have emerged, challenging the status quo and offering users a fresh perspective on computing.
One such alternative that has garnered significant attention and acclaim is Nitrux Linux 3.5.0, a sleek, powerful, and user-friendly Linux distribution that promises to redefine the way we interact with our devices. With its focus on performance, security, and customization, Nitrux Linux presents a compelling case for those seeking to break free from the constraints of proprietary software and embrace the freedom and flexibility of open-source computing.
Removing Uninteresting Bytes in Software FuzzingAftab Hussain
Imagine a world where software fuzzing, the process of mutating bytes in test seeds to uncover hidden and erroneous program behaviors, becomes faster and more effective. A lot depends on the initial seeds, which can significantly dictate the trajectory of a fuzzing campaign, particularly in terms of how long it takes to uncover interesting behaviour in your code. We introduce DIAR, a technique designed to speedup fuzzing campaigns by pinpointing and eliminating those uninteresting bytes in the seeds. Picture this: instead of wasting valuable resources on meaningless mutations in large, bloated seeds, DIAR removes the unnecessary bytes, streamlining the entire process.
In this work, we equipped AFL, a popular fuzzer, with DIAR and examined two critical Linux libraries -- Libxml's xmllint, a tool for parsing xml documents, and Binutil's readelf, an essential debugging and security analysis command-line tool used to display detailed information about ELF (Executable and Linkable Format). Our preliminary results show that AFL+DIAR does not only discover new paths more quickly but also achieves higher coverage overall. This work thus showcases how starting with lean and optimized seeds can lead to faster, more comprehensive fuzzing campaigns -- and DIAR helps you find such seeds.
- These are slides of the talk given at IEEE International Conference on Software Testing Verification and Validation Workshop, ICSTW 2022.
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
3. Learner Objectives
By the end of this lesson, you should be able to meet the following
objectives:
• List the benefits of using vSphere distributed switches
• Describe the distributed switch architecture
• Create a distributed switch
• Manage the distributed switch
• Describe the properties of a distributed switch
4. Benefits of vSphere Distributed Switches
The vSphere distributed switch greatly extends vSphere networking
features and centralizes vSphere management.
vSphere distributed switches have the following benefits over standard
switches:
• vSphere distributed switch simplifies data center administration.
• vSphere distributed switch configuration is consistent across all the hosts that
use it.
• vSphere distributed switch behavior is consistent with the behavior of standard
switches.
• vSphere distributed switch supports advanced features, such as private
VLANs, NetFlow, and port mirroring.
• vSphere distributed switch enables networking statistics and policies to migrate
with virtual machines during a migration with VMware vSphere® vMotion®.
• vSphere distributed switch allows for customization and third-party
development.
5. Feature Standard Switch Distributed Switch
Layer 2 switch
VLAN segmentation
IPv6 support
802.1Q tagging
NIC teaming
Outbound traffic shaping
Inbound traffic shaping
VM network port block
Private VLANs
Load-based teaming
Data center-level management
vSphere vMotion migration over a network
Per-port policy settings
Port state monitoring
NetFlow
Port mirroring
vSS and vDS Comparison
6. Distributed Switch Architecture
vCenter
Server
Host 1 Host 2
Virtual
PhysicalPhysical NICs
(Uplinks)
Distributed Ports
and Port Groups
Distributed Switch
(Control Plane)
Uplink
Port Groups
Hidden Virtual
Switches
(I/O Plane)
Management Port Management Port
vSphere vMotion
Port
vSphere vMotion
Port
7. ESXi01 ESXi02
Virtual
Physical
Uplinks
Distributed
Switch VDS01
vmnic1
Distributed Switch Example
You create a distributed switch named VDS01. You create a port group
named Production, which will be used for virtual machine networking.
You assign uplinks vmnic1 on host ESXi01 and vmnic1 on host ESXi02
to the distributed switch.
vmnic0 vmnic2 vmnic1vmnic0 vmnic2
Production
Uplink
Port Group
8. Viewing a Distributed Switch
You can view a host’s distributed switch configuration by clicking the
Manage tab and clicking the Networking link.
View distributed
switch settings.
Distributed
switch settings.
9. Creating a Distributed Switch
You can create a distributed switch on a data center to handle the
networking configuration of multiple hosts at the same time from a central
place.
10. Editing General and Advanced Distributed Switch Properties
General settings for a distributed switch include the switch name and the
number of uplinks.
Basic multicast filtering mode
forwards multicast traffic for virtual
machines according to the destination
multicast group MAC address.
11. Migrating Network Adapters to a Distributed Switch
For hosts associated with a distributed switch, you can migrate network
adapters from a standard switch to the distributed switch.
Migrate physical or
virtual network
adapters to this
distributed switch.
12. Assigning a Physical NIC of a Host to a Distributed Switch
You can assign physical NICs of a host that is associated with a
distributed switch to an uplink port on the host proxy switch.
Manage the physical
network adapters
connected to the
selected switch.
13. Connecting Virtual Machines to a Distributed Switch
You connect virtual machines to distributed switches by connecting their
associated virtual network adapters to distributed port groups.
For a single virtual machine,
modify the network adapter
configuration of the virtual
machine.
For a group of virtual machines,
migrate virtual machines from a
virtual network to a distributed
switch.
14. Editing Distributed Port Group General Properties
You can edit general distributed port group settings, such as the
distributed port group name, the port settings, and the network resource
pool.
Port binding options include static, dynamic, and ephemeral (no port
binding).
15. Editing Distributed Port Group Advanced Properties
From the advanced settings of a distributed port group, you can
configure the per-port overriding of the policies that are set at the port
group level.
16. About the VMkernel Networking Level
The VMkernel networking layer provides connectivity to hosts and
handles the standard system traffic of VMware vSphere® vMotion®, IP
storage, VMware vSphere® Fault Tolerance, VMware Virtual SAN™, and
others.
You can also create VMkernel adapters on the source and target
VMware vSphere® Replication™ hosts to isolate the replication data
traffic.
TCP/IP stacks at the VMkernel level:
• Default TCP/IP stack
• vMotion TCP/IP stack
• Provisioning TCP/IP stack
• Custom TCP/IP stacks
17. Creating a VMkernel Adapter on a Host Associated with a
Distributed Switch
You create a VMkernel adapter on a host that is associated with a
distributed switch to provide network connectivity to the host and to
handle the traffic for vSphere vMotion, IP storage, vSphere Fault
Tolerance logging, Virtual SAN, and others.
Click Add host networking to
start the Add Networking wizard.
Click VMkernel
Network Adapter.
18. Netflow
Netflow is configured on the settings of your dvSwitch (Right-
click dvSwitch->Edit Settings) on the NetFlow tab. There are a number of
items we can configure here. First off, our collector IP and port. This is
the IP and port of the actual NetFlow collector where we are sending the
data too. To allow all of your traffic to appear as coming from a single
source, rather than multipleESX management networks you can specify
an IP address for the dvSwitch here as well. This doesn't actually live
on your network, just shows up in your NetFlow collector.
19. DirectPath I/O
DirectPath I/O allows virtual machine access to physical PCI functions on
platforms with an I/O Memory Management Unit.
The following features are unavailable for virtual machines configured
with DirectPath:
• Hot adding and removing of virtual devices
• Suspend and resume
• Record and replay
• Fault tolerance
• High availability
• DRS (limited availability. The virtual machine can be part of a cluster,
but cannot migrate across hosts)
• Snapshots
20. Private VLANS
Private VLANs are used to solve VLAN ID limitations by adding a further
segmentation of the logical broadcast domain into multiple smaller
broadcast subdomains.
Ports on a secondary
VLAN can be either
Isolated, communicating
only with promiscuous
ports, or Community,
communicating with both
promiscuous ports and
other ports on the same
secondary VLAN.
21. DirectPath I/O vs SR-IOV
SR-IOV offers performance benefits and tradeoffs similar to
those of DirectPath I/O. DirectPath I/O and SR- IOV have similar
functionality but you use them to accomplish different things.
SR-IOV is beneficial in workloads with very high packet rates or
very low latency requirements. Like DirectPath I/O, SR-IOV is not
compatible with certain core virtualization features, such as vMotion. SR-
IOV does, however, allow for a single physical device to be shared
amongst multiple guests.
With DirectPath I/O you can map only one physical function to
one virtual machine. SR-IOV lets you share a single physical device,
allowing multiple virtual machines to connect directly to the physical
function.
22. Troubleshooting Distributed Switch Issues (1)
Under certain conditions, the virtual machines that are on the same
distributed port group but on different hosts cannot communicate with
one another.
Problems:
• Virtual machines residing on the same port group but on different hosts are
unable to communicate.
• Pings from one virtual machine to another fail. You cannot migrate the virtual
machines between the hosts by using vSphere vMotion.
Causes:
• On some of the hosts, no physical NICs are assigned to active or standby
uplinks in a NIC team. The failover order of a distributed port group is not
correctly configured.
• The physical NICs on the hosts assigned to the active or standby uplinks
reside on different VLANs on the physical switch. The physical NICs on
different VLANs are not visible to one another and thus fail to communicate.
23. Troubleshooting Distributed Switch Issues (2)
Solutions:
• In the topology of the distributed switch, check which host does not have
physical NICs assigned to an active or standby uplink on the distributed port
group. Assign at least one physical NIC on that host to an active uplink on the
port group.
• In the topology of the distributed switch, check the VLAN IDs of the physical
NICs assigned to the active uplinks on the distributed port group. On all hosts,
assign physical NICs from the same VLAN to an active uplink on the
distributed port group.
24. Physical Network Considerations
Your virtual networking environment relies on the physical network
infrastructure. As a vSphere administrator, you should discuss your
vSphere networking needs with your network administration team.
The following issues are topics for discussion:
• Number of physical switches
• Network bandwidth that is required
• Physical switch configuration support for 802.3ad, for NIC teaming
• Physical switch configuration support for 802.1Q, for VLAN tagging
• Physical switch configuration support for Link Aggregation Control Protocol
(LACP)
• Network port security
• Link Layer Discovery Protocol (LLDP) and Cisco Discovery Protocol (CDP) and
their operation modes, such as:
– Listen, broadcast, listen and broadcast, and disabled
25. Review of Learner Objectives
You should be able to meet the following objectives:
• List the benefits of using vSphere distributed switches
• Describe the distributed switch architecture
• Create a distributed switch
• Manage the distributed switch
• Describe the properties of a distributed switch
26. Key Points
• Three connection types can exist on a virtual switch: virtual machine port
group, VMkernel, and physical uplinks.
• A standard switch is a virtual switch configuration for a single host.
• Network policies set at the standard switch level can be overridden at the port
group level.
• A distributed switch provides centralized management and monitoring of the
networking configuration of all hosts that are associated with the switch.
• You set up a distributed switch at the data center level on a vCenter Server
system. The settings of the distributed switch are propagated to all hosts that
are associated with the switch.
• Distributed port groups define how a connection is made through the
distributed switch to the network.
Questions?
28. Review of Distributed Switch Network Connectivity
The cause of a network connectivity problem might be in the virtual
machines, the vCenter Server system, or the ESXi hosts that have NICs
assigned to the distributed switch and the physical network.
vCenter
Server
ESXi Host ESXi Host
Virtual
Physical
Physical NICs
(Uplinks)
Distributed Ports
and Port Groups
Distributed Switch
(Control Plane)
Uplink
Port Groups
Hidden Virtual
Switches
(I/O Plane)
Management Port
Management Port
vSphere vMotion Port
VM VM VM VMVM State
29. Distributed Switch Rollback
The distributed switch rollback is triggered when invalid updates are
made to distributed switch-related objects
Examples of events that might trigger a distributed switch rollback:
• Changing the MTU of a distributed switch
• Changing the following settings in the distributed port group of the
management VMkernel network adapter:
– NIC teaming and failover
– VLAN
– Traffic shaping
If an invalid configuration occurs, one or more hosts might be out of
synchronization with the distributed switch.
30. Recovering from a Distributed Switch Misconfiguration
Always back up your distributed switch before you make a change to its
configuration:
• If your distributed switch loses network connectivity because of a
misconfiguration, you can restore from your latest backup.
vSphere Web Client provides you with features to back up and restore
distributed switch configuration:
• Export: Back up your distributed switch configuration.
• Restore: Reset the configuration of a distributed switch from an exported
configuration file.
• Import: Create a distributed switch from an exported configuration file.
The export, restore, and import functions are available only with vSphere
Web Client. They are not available with VMware vSphere® Client™.
31. Backing Up a Distributed Switch Configuration
You can back up a distributed switch configuration by exporting the
configuration to a file.
Exporting enables you to do the following tasks:
• Make a backup of your distributed switch configuration.
• Create a template of a distributed switch configuration.
• Create a revision control system for your distributed switch configuration.
32. Restoring and Importing a Distributed Switch Configuration
After you export a distributed switch configuration, you can use the
restore or the import function to reset the configuration or to create a
distributed switch.
You can use restore to reset a distributed switch configuration that is
corrupted.
You can use import to create a distributed switch, for example, on a
different vCenter Server system.
33. Review of Learner Objectives
You should be able to meet the following objectives:
• Provide a network troubleshooting overview
• Analyze and troubleshoot standard switch problems
• Analyze and troubleshoot virtual machine connectivity problems
• Analyze and troubleshoot management network problems
• Analyze and troubleshoot distributed switch problems
34. Key Points
• Virtual network connectivity problems might occur with standard switches,
distributed switches, virtual machines, or management networks.
• A virtual machine connectivity problem might exist in the physical layer, the
virtual layer, or the guest operating system.
• The ping command is useful when troubleshooting ESXi host and virtual
machine connectivity issues.
• When an ESXi host frequently disconnects from vCenter Server, heartbeat
packets are being lost between vCenter Server and the ESXi host.
• vSphere network rollback prevents accidental misconfiguration of management
networking and loss of connectivity.
• A good practice is to back up your distributed switch configuration with the
vSphere Web Client whenever you make a change to the configuration.
• You can use the restore or the import function to reset the distributed switch
configuration.
Questions?
36. NSX
VMware NSX is the network virtualization platform for the
Software-Defined Data Center.
NSX embeds
networking and security
functionality that is typically
handled in hardware directly
into the hypervisor. The
NSX network virtualization
platform fundamentally
transforms the data center’s
network operational model
like server virtualization did
10 years ago, and is helping
thousands of customers
realize the full potential of
an SDDC.
37. Virtual Networks and Network Virtualization
Distributed Switch
VLAN50 VLAN60 VLAN70
ESXi
Distributed Switch
VXLAN
5050
VXLAN
5060
VXLAN
5070
ESXi
VLAN TRUNKING 50, 60
The configurations show the difference between virtual networking and
network virtualization.
38. VMware NSX Components (1)
VMware NSX includes the following components:
• VMware NSX Manager™: Represents the management plane of the solution.
It provides the single point of configuration and REST API entry points. NSX
Manager is registered with vCenter Server and there is a 1:1 mapping.
• VMware NSX Controller™ cluster: An advanced distributed state
management system that provides control plane functions for logical
switching and routing. It maintains information about all hosts, logical
switches, and distributed logical routers. Represents the control plane of the
solution.
• VMware NSX Virtual Switch™: Abstracts the physical network and provides
access-level switching in the hypervisor. It is based on VMware vSphere®
Distributed Switch™, with additional components (VXLAN, distributed logical
router, firewall) to enable services. The additional components are installed
as VIB packages on the ESXi hosts when the clusters are prepared through
NSX Manager.
• Edge services gateway: Provides access to all the VMware NSX Edge™
services, such as firewall, NAT, DHCP, VPN, load balancing, and high
availability.
39. VMware NSX Components (2)
VMware NSX includes the following components:
• VXLAN (logical switches): An overlay protocol that provides creation of
logical layer 2 networks over existing IP networks on existing physical
infrastructure without the need to rearchitect any of the data center networks.
• Distributed logical router: Provides optimal east-west routing at the
hypervisor level in a distributed fashion. Virtual machines that reside on the
same host on different subnets can communicate with one another without
having to traverse a traditional routing interface.
• Distributed logical firewall: Allows segmentation of virtual data center entities
such as virtual machines based on VM names and attributes, user identity,
and vCenter Server objects, in addition to traditional networking attributes
such as IP addresses and ports. Provides firewall filtering at line rate and is
distributed across all the hosts.
• Service Composer: Helps provision and assign network and security services
to applications in a virtual infrastructure. The services are mapped to a
security group and they are applied to the virtual machines in the security
group using a security policy.
40.
41. VMware NSX Logical Switch Example
Logical switches extend layer 2 connectivity across layer 3 boundaries.
vSphere Host
Logical Switch
172.16.10.11/24
Physical Network
vSphere Host vSphere Host
10.20.10.10/24 10.20.20.11/24 10.20.30.12/24
172.16.10.12/24
VM
1
VM
2
VXLAN 5001
172.16.10.13/24
VM
3
42. vCloud Networking and Security (vCNS)
vCloud Networking and Security (vCNS) is a solution that can be
used to block traffic between virtual machines. vCNS can be a bit
intimidating so this is a quick, getting started, guide on how you can test
it out in your environment.
VMware announced the End of Availability (EOA) for vCNS with the Q1
2015 general availability of vCloud Suite 6. This product was EOA’d as a
standalone product in September 2013. All the functionalities of vCNS is
replaced by NSX.
43. Review of Learner Objectives
You should be able to meet the following objectives:
• Describe network virtualization with VMware NSX
• Describe overlay networks
• Describe benefits of network virtualization
44. Key Points
• Software powers the evolution of networks and data center infrastructure.
• Using the software-defined data center, organizations can meet business
demands efficiently and flexibly.
• Using vSphere and VMware NSX, you can create virtual networks that
provide a complete set of network services.
• VMware NSX can increase data center security by enabling a rich set of
security services with micro segmentation.
Questions?