SlideShare a Scribd company logo

VMworld 2013: vCloud Hybrid Service Jump Start Part Two of Five: vCloud Hybrid Service: Networking and Security Basics

VMworld
VMworld

VMworld 2013 Ninad Desai, VMware Greg Herzog, VMware Learn more about VMworld and register at http://www.vmworld.com/index.jspa?src=socmed-vmworld-slideshare

Technology
1 of 36
Download to read offline
vCloud Hybrid Service Jump Start Part Two of Five: vCloud Hybrid Service: Networking and Security Basics Ninad Desai, VMware Greg Herzog, VMware PHC5409 #PHC5409
2 What’s in it for You?  You will leave with: An understanding of the vCloud Hybrid Service networking building blocks A strong networking foundation for building a Hybrid Cloud The Security concepts you need to be successful
3 Agenda  vCloud Hybrid Service Introduction • Basic Stack and Constructs  Networking • Key Components • Network Virtualization • Edge Gateway • Services Overview • Default Setup  Security • Infrastructure Security • Network Security • User Access Security
4 Why is Networking with the vCloud Hybrid Service so Easy?  Key Takeaways • Same stuff you know – vSphere, VXLAN, vCNS, vCloud Director • Seemless integration – vCloud Connector • No changes to apps • No having to figure out weird networking models • Security you know and understand – Role Based Access Control
5 vCloud Hybrid Service: Any Mixture of Two Flavors Minimum size:  120GB vRAM  30GHz vCPU Starts at:  6 TB  50 Mbps allocated  1 Gbps burstable  3 Public IPs Your own private cloud instance Physically isolated Minimum size:  20GB vRAM  5GHz vCPU (burst to 10GHz) Starts at:  2 TB  10 Mbps allocated  50 Mbps burstable  2 Public IPs Logically isolated Guaranteed resource allocation Dedicated Cloud Virtual Private Cloud
6 Dedicated vCloud Stack per Dedicated Cloud Fully Integrated vCloud Stack vCloud Management and Automation vCloud Hybrid Service Management Console vCloud Infrastructure vCloud Networking and Security vCloud Director with vCloud Connector vSphere / vCenter Customer A Physically Isolated Servers Storage pool VPN and Network pool … Dedicated Cloud
7 Hybrid Service Basic Networking Constructs Organization Network (isolated)Organization Network (Customer Controlled)
8 Network Virtualization in vCloud Hybrid Service vCloud Hybrid Service Networking & Security vCloud Hybrid Service vSphere VDC 1 VDC 2 VXLAN Integrated Management Console Edge Gateway Secures the edge of the virtual datacenter and delivers network services:  Firewall  NAT  Load Balancer  Site-to-Site IPSec VPN  Active/Standby High Availability  Stateful Session Failover VXLAN Foundation for elastic portable virtual datacenters. Encapsulation allows  Isolation between Organization Networks  Bring-your-own private IPv4 layer 3 address space10GbE network interconnect with 20G link aggregation vCloud Hybrid Service Networking • Nine routable IP spaces • Intuitive design replicates traditional networks • Customizable to support production applications
9 vCloud Hybrid Service Advanced Networking Web Servers VM App Servers DB Servers Organization Network (DMZ) Org Net 1 VM VM Log Servers RSA Edge Gateway  10 Total Interfaces  9 For Customer Use  Static Routes between Zones 3rd Party Appliance  Customer Supplied  F5, RSA, Cisco, Riverbed Organization Network (Test/Dev) Organization Network (Isolated) VM Org Net 1Organization Network (App) VMVM VM VM VM VM
10 Available Services  IP Address  DHCP  Firewall  NAT  Load Balancer  VPN
11 IP Address Assignment  IP Pool • Pool of IPs created by default on auto generated isolated and routed networks • VMs attached to those networks get IP addresses from that default pool  Static IP • Fixed IP for a VM • Change configuration in vCloud Director  DHCP • Part of edge gateway service • Change configuration in vCloud Director • Basic DHCP service
12 DHCP Service on vCloud Hybrid Service Edge Gateway Assign an IP range on a desired network
13 Firewall Rules  Where do they live?  What do they do? Routed Network 1 Routed Network 2 Routed Network 3 Firewall Rules: - By default: Deny all - Policies for traffic that passes through the gateway Gateway  5 Tuple F/W policies (Protocol, Source/Dest. IP, Source/Dest. Port )  Can have multiple policies across multiple networks  Ideal for enterprise grade application deployment
14 Firewall Rules in vCloud Hybrid Service Portal
15 Network Address Translation (NAT)  Source NAT & Destination NAT rules. • Supports multiple rules on multiple interfaces  Can use internal/private IP space. • Bring your own internal IP space • Create/Manage subnets within IP space • Multiple IP space under the same gateway NAT rules: - SNAT & DNAT rules - Options include protocol/port selection Gateway Public IPs Internal IPs 10.x.x.x 172.16.x.x 192.168.x.x  Need to create F/W rules to allow traffic  IPv4 NAT Organization Net 1 Organization Net 2 Organization Net 3
16 Edge Gateway Services – Load Balancing Pool Servers Load Balanced - Round Robin - IP Hash - URI - Least Connected Virtual Server – - Virtual IP (Public IP) - Front end traffic - Assigned to a server pool Can have multiple virtual servers and pools Edge gateway Load balancer
17 Load Balancer – Pool Server
18 Load Balancer – Virtual Server
19 IPSEC VPN Overview  vCNS 5.1 Edge/vCloud Hybrid Service features include IPSEC VPN • Definition: • Internet Protocol Security (IPsec) is a protocol suite for securing Internet Protocol (IP) communications by authenticating and encrypting each IP packet of a communication session • Create a secured tunnel using the IPSEC VPN service from one physical/virtual datacenter to another  IPSEC is a framework of open standards “Protect the series of internet tubes with VPN!”
20 VPN Architecture Diagram vSphere (On-Premise) Sharepoint-Routed Network (10.0.10.0/24) vCHS Edge Gateway  LEP – 69.194.137.230  Peer ID – 10.0.1.150  Peer IP – 68.108.102.47 10.0.1.150 10.0.10.1 External Router 10.0.1.1 68.108.102.47 192.168.109.1 vCloud Hybrid Service 69.194.137.230 vSphere Edge Gateway  LEP – 10.0.1.150  Peer ID – 69.194.137.230  Peer IP – 69.194.137.230 VPN Traffic Internet Traffic Virtual Machine 1 Virtual Machine 2 Sharepoint-Default Routed Network (192.168.109/24) IP Protocol ID 50 (ESP) IP Protocol ID 51 (AH) UDP Port 500 (IKE) UDP Port 4500
21 Hybrid Service is Just Another Site – Networking & Security US East Region US West Region The Same Networking Topology Full network virtualization at layer 2 and layer 3 Layer 2 Extensions Your Data Center vCloud Hybrid Service The Same Security Policies Integrated L4-7 services for Firewall/NAT, IPSec VPN, Load Balancers, VXLAN gateways Primary Regional Office Regional Office
22 Default Setup  Dedicated Cloud – 3 IPs • Edge Gateway – Can add additional • 2 Default Networks • Default Isolated • DHCP Enabled - Only Service Available • Default Routed • DHCP Disabled • Firewall Enabled • VPN, NAT & Load Balancer • Assigned public IP address  Virtual Private Cloud – 2 IPs • Edge Gateway – 1 Max • 2 Networks – Same Setup
23 Security  Infrastructure  Network Security  User Access Security
24 Infrastructure Security  Shared Cloud • Logically separated network, compute and storage  No vDC segmentation  One edge gateway  Ideal for shared access within a single org  Dedicated Cloud • Physically separated hosts • Logically separated network and storage  Regulated Apps  Require segmentation and no multi-tenancy  Segment vDCs based on orgs VDC1 VDC2 VDC3 VDC4 VDC
25 Network Security & Access  Secure networks • Isolated networks • Ideal for internal apps/VMs • Log servers, tracking servers, DB servers • Routed networks • For VMs that need external access • VMs that need Gateway services ( F/W, NAT, LB)  Secure access • IPSec VPN • Secure site-to-site VPN • Data Center Extension • SSLVPN • Private line connectivity • Dedicated/private connection • Ideal for regulated apps Isolated networks – internal access only VPN F/W NAT LB DHCP Routed networks Internet Private connection Secure VPN vCHS
26 vCloud Networking and Security – Components Edge Gateway: F/W, IPAM, routing VXLAN: Foundation for elastic portable virtual datacenters Third party appliance: Virtual appliance of choice Bring your own appliance and policies Threat mitigation: Third party AV, traffic analysis and threat mitigation appliances AV Edge Gateway Isolated networks IPSec: Data in transit encryption Gateway Networks F/W
27 User Level Rights and Security Role Rights Cannot do Ideal for Account Administrator Can add/edit users and user rights VDC resource management, Network mgmt etc. Account management Virtualization Infrastructure Administrator Create VDCs Add/edit compute and storage resources Cannot create users, manage networking VI admin App admin Network Administrator Create networks Add gateways Add gateway services User management, VDC resource management Network admin Read-only Administrator Read only rights for all setups/configs Any adds/edits Supervisor Subscription Administrator Access to myVmware. Purchase resources, file support tickets No vCloud Hybrid Service management rights For all personnel with purchasing rights and/or support needs
28 User Rights – Configuration
29 User Level Rights and Security Configuration
30 Corporate SSO: Bring Your Own SAML IDP Dedicated Location 1 Servers Dedicated Location 2 Servers VPC Tier 1 Services Remote office vCHS Cloud Customer Portal Setup SAML/IDP1 VPC Access Request2 Company A
31 Summary  You will leave with: An understanding of the vCloud Hybrid Service networking building blocks A strong networking foundation for building a Hybrid Cloud The Security concepts you need to be successful  Key Takeaways • Same stuff you know – vSphere, VXLAN, vCNS, vCD • Seemless integration – vCloud Connector • Security you know and understand – RBAC • Just another datacenter
32 Call to Action/Resources Keep up with the latest on vCloud Hybrid Service • Facebook - https://www.facebook.com/vmwarevcloud • Blog - http://blogs.vmware.com/vcloud/ • Twitter - @vcloud 1 Call to Action  Get more information about the service: http://vcloud.vmware.com  Hands on Labs  HOL HBD 1301 vCloud Hybrid Service – Jumpstart for vSphere Admins  HOL HBD 1302 vCloud Hybrid Service – Networking and Security  HOL HBD 1303 vCloud Hybrid Service – Manage Your Cloud  Breakout Sessions – PHCxxxx  vCloud Hybrid Service Jumpstart Series  PHC1001-Group Discussion- vCHS Networking with Greg Herzog 2
33 Q & A
THANK YOU
vCloud Hybrid Service Jump Start Part Two of Five: vCloud Hybrid Service: Networking and Security Basics Ninad Desai, VMware Greg Herzog, VMware PHC5409 #PHC5409

Recommended

Design and Deployment of Enterprise WLANs
Design and Deployment of Enterprise WLANsDesign and Deployment of Enterprise WLANs
Design and Deployment of Enterprise WLANs
Fab Fusaro
 
POE+ L2 switches HPE FlexNetwork 5130 vs Dell Networking N2048P
POE+ L2 switches HPE FlexNetwork 5130 vs Dell Networking N2048PPOE+ L2 switches HPE FlexNetwork 5130 vs Dell Networking N2048P
POE+ L2 switches HPE FlexNetwork 5130 vs Dell Networking N2048P
juet-y
 
7256 ccna security_chapter_8_vpn_dl3_oz_20130409031455
7256 ccna security_chapter_8_vpn_dl3_oz_201304090314557256 ccna security_chapter_8_vpn_dl3_oz_20130409031455
7256 ccna security_chapter_8_vpn_dl3_oz_20130409031455ytrui
 
CommScope RUCKUS ICX Switching Configuration
CommScope RUCKUS ICX Switching ConfigurationCommScope RUCKUS ICX Switching Configuration
CommScope RUCKUS ICX Switching Configuration
Carla Nadin
 
CCNA (R & S) Module 04 - Scaling Networks - Chapter 2
CCNA (R & S) Module 04 - Scaling Networks - Chapter 2CCNA (R & S) Module 04 - Scaling Networks - Chapter 2
CCNA (R & S) Module 04 - Scaling Networks - Chapter 2
Waqas Ahmed Nawaz
 
Midokura Gluecon 2014 - Level up your OpenStack Neutron Networking
Midokura Gluecon 2014 - Level up your OpenStack Neutron NetworkingMidokura Gluecon 2014 - Level up your OpenStack Neutron Networking
Midokura Gluecon 2014 - Level up your OpenStack Neutron Networking
Adam Johnson
 
CCNA (R & S) Module 04 - Scaling Networks - Chapter 5
CCNA (R & S) Module 04 - Scaling Networks - Chapter 5CCNA (R & S) Module 04 - Scaling Networks - Chapter 5
CCNA (R & S) Module 04 - Scaling Networks - Chapter 5
Waqas Ahmed Nawaz
 
CCNA (R & S) Module 04 - Scaling Networks - Chapter 6
CCNA (R & S) Module 04 - Scaling Networks - Chapter 6CCNA (R & S) Module 04 - Scaling Networks - Chapter 6
CCNA (R & S) Module 04 - Scaling Networks - Chapter 6
Waqas Ahmed Nawaz
 

Recommended

Design and Deployment of Enterprise WLANs
Design and Deployment of Enterprise WLANsDesign and Deployment of Enterprise WLANs
Design and Deployment of Enterprise WLANs
Fab Fusaro
 
POE+ L2 switches HPE FlexNetwork 5130 vs Dell Networking N2048P
POE+ L2 switches HPE FlexNetwork 5130 vs Dell Networking N2048PPOE+ L2 switches HPE FlexNetwork 5130 vs Dell Networking N2048P
POE+ L2 switches HPE FlexNetwork 5130 vs Dell Networking N2048P
juet-y
 
7256 ccna security_chapter_8_vpn_dl3_oz_20130409031455
7256 ccna security_chapter_8_vpn_dl3_oz_201304090314557256 ccna security_chapter_8_vpn_dl3_oz_20130409031455
7256 ccna security_chapter_8_vpn_dl3_oz_20130409031455ytrui
 
CommScope RUCKUS ICX Switching Configuration
CommScope RUCKUS ICX Switching ConfigurationCommScope RUCKUS ICX Switching Configuration
CommScope RUCKUS ICX Switching Configuration
Carla Nadin
 
CCNA (R & S) Module 04 - Scaling Networks - Chapter 2
CCNA (R & S) Module 04 - Scaling Networks - Chapter 2CCNA (R & S) Module 04 - Scaling Networks - Chapter 2
CCNA (R & S) Module 04 - Scaling Networks - Chapter 2
Waqas Ahmed Nawaz
 
Midokura Gluecon 2014 - Level up your OpenStack Neutron Networking
Midokura Gluecon 2014 - Level up your OpenStack Neutron NetworkingMidokura Gluecon 2014 - Level up your OpenStack Neutron Networking
Midokura Gluecon 2014 - Level up your OpenStack Neutron Networking
Adam Johnson
 
CCNA (R & S) Module 04 - Scaling Networks - Chapter 5
CCNA (R & S) Module 04 - Scaling Networks - Chapter 5CCNA (R & S) Module 04 - Scaling Networks - Chapter 5
CCNA (R & S) Module 04 - Scaling Networks - Chapter 5
Waqas Ahmed Nawaz
 
CCNA (R & S) Module 04 - Scaling Networks - Chapter 6
CCNA (R & S) Module 04 - Scaling Networks - Chapter 6CCNA (R & S) Module 04 - Scaling Networks - Chapter 6
CCNA (R & S) Module 04 - Scaling Networks - Chapter 6
Waqas Ahmed Nawaz
 
Development of a Cisco ACI device package for NGINX as a Load-Balancer
Development of a Cisco ACI device package for NGINX as a Load-BalancerDevelopment of a Cisco ACI device package for NGINX as a Load-Balancer
Development of a Cisco ACI device package for NGINX as a Load-Balancer
Fabrice Servais
 
Secure Multi Tenant Cloud with OpenContrail
Secure Multi Tenant Cloud with OpenContrailSecure Multi Tenant Cloud with OpenContrail
Secure Multi Tenant Cloud with OpenContrail
Priti Desai
 
Direct access for dummies
Direct access for dummiesDirect access for dummies
Direct access for dummies
Alex de Jong
 
gkkSecurity essentials domain 2
gkkSecurity essentials domain 2gkkSecurity essentials domain 2
gkkSecurity essentials domain 2
Anne Starr
 
Da for dummies techdays 2012
Da for dummies techdays 2012Da for dummies techdays 2012
Da for dummies techdays 2012
Alex de Jong
 
F5 link controller
F5 link controllerF5 link controller
F5 link controllerJimmy Saigon
 
F5 DDoS Protection
F5 DDoS ProtectionF5 DDoS Protection
F5 DDoS Protection
MarketingArrowECS_CZ
 
OpenStack and OpenContrail for FreeBSD platform by Michał Dubiel
OpenStack and OpenContrail for FreeBSD platform by Michał DubielOpenStack and OpenContrail for FreeBSD platform by Michał Dubiel
OpenStack and OpenContrail for FreeBSD platform by Michał Dubiel
eurobsdcon
 
ONIC Japan 2016 - Contrail アップデート
ONIC Japan 2016 - Contrail アップデートONIC Japan 2016 - Contrail アップデート
ONIC Japan 2016 - Contrail アップデート
Juniper Networks (日本)
 
SVR402: DirectAccess Technical Drilldown, Part 2 of 2: Putting it all together.
SVR402: DirectAccess Technical Drilldown, Part 2 of 2: Putting it all together.SVR402: DirectAccess Technical Drilldown, Part 2 of 2: Putting it all together.
SVR402: DirectAccess Technical Drilldown, Part 2 of 2: Putting it all together.
Louis Göhl
 
3 cucm database
3 cucm database3 cucm database
3 cucm database
pasabakac
 
Brksec 2101 deploying web security
Brksec 2101 deploying web securityBrksec 2101 deploying web security
Brksec 2101 deploying web security
Alfredo Boiero Sanders
 
PLNOG 13: Nicolai van der Smagt: SDN
PLNOG 13: Nicolai van der Smagt: SDNPLNOG 13: Nicolai van der Smagt: SDN
PLNOG 13: Nicolai van der Smagt: SDN
PROIDEA
 
Vpnppt1884
Vpnppt1884Vpnppt1884
Vpnppt1884Nisha Qazi
 
MidoNet 101: Face to Face with the Distributed SDN
MidoNet 101: Face to Face with the Distributed SDNMidoNet 101: Face to Face with the Distributed SDN
MidoNet 101: Face to Face with the Distributed SDN
MidoNet
 
A Guide to Secure Remote Access - Eric Vanderburg
A Guide to Secure Remote Access - Eric VanderburgA Guide to Secure Remote Access - Eric Vanderburg
A Guide to Secure Remote Access - Eric Vanderburg
Eric Vanderburg
 
20 - IDNOG03 - Franki Lim (ARISTA) - Overlay Networking with VXLAN
20 - IDNOG03 - Franki Lim (ARISTA) - Overlay Networking with VXLAN20 - IDNOG03 - Franki Lim (ARISTA) - Overlay Networking with VXLAN
20 - IDNOG03 - Franki Lim (ARISTA) - Overlay Networking with VXLAN
Indonesia Network Operators Group
 
CCNA Wireless Lan (WLAN)
CCNA Wireless Lan (WLAN)CCNA Wireless Lan (WLAN)
CCNA Wireless Lan (WLAN)
Networkel
 
CCNA Quality of Services (QoS)
CCNA Quality of Services (QoS)CCNA Quality of Services (QoS)
CCNA Quality of Services (QoS)
Networkel
 
Cisco at v mworld 2015 theater presentation brfarnha
Cisco at v mworld 2015 theater presentation brfarnhaCisco at v mworld 2015 theater presentation brfarnha
Cisco at v mworld 2015 theater presentation brfarnha
ldangelo0772
 
VMworld 2013: vCloud Hybrid Service Jump Start Part Three of Five: vCloud Hyb...
VMworld 2013: vCloud Hybrid Service Jump Start Part Three of Five: vCloud Hyb...VMworld 2013: vCloud Hybrid Service Jump Start Part Three of Five: vCloud Hyb...
VMworld 2013: vCloud Hybrid Service Jump Start Part Three of Five: vCloud Hyb...
VMworld
 
VMware vCloud Air: Networking
VMware vCloud Air: NetworkingVMware vCloud Air: Networking
VMware vCloud Air: Networking
VMware
 

More Related Content

What's hot

Development of a Cisco ACI device package for NGINX as a Load-Balancer
Development of a Cisco ACI device package for NGINX as a Load-BalancerDevelopment of a Cisco ACI device package for NGINX as a Load-Balancer
Development of a Cisco ACI device package for NGINX as a Load-Balancer
Fabrice Servais
 
Secure Multi Tenant Cloud with OpenContrail
Secure Multi Tenant Cloud with OpenContrailSecure Multi Tenant Cloud with OpenContrail
Secure Multi Tenant Cloud with OpenContrail
Priti Desai
 
Direct access for dummies
Direct access for dummiesDirect access for dummies
Direct access for dummies
Alex de Jong
 
gkkSecurity essentials domain 2
gkkSecurity essentials domain 2gkkSecurity essentials domain 2
gkkSecurity essentials domain 2
Anne Starr
 
Da for dummies techdays 2012
Da for dummies techdays 2012Da for dummies techdays 2012
Da for dummies techdays 2012
Alex de Jong
 
F5 link controller
F5 link controllerF5 link controller
F5 link controllerJimmy Saigon
 
OpenStack and OpenContrail for FreeBSD platform by Michał Dubiel
OpenStack and OpenContrail for FreeBSD platform by Michał DubielOpenStack and OpenContrail for FreeBSD platform by Michał Dubiel
OpenStack and OpenContrail for FreeBSD platform by Michał Dubiel
eurobsdcon
 
ONIC Japan 2016 - Contrail アップデート
ONIC Japan 2016 - Contrail アップデートONIC Japan 2016 - Contrail アップデート
ONIC Japan 2016 - Contrail アップデート
Juniper Networks (日本)
 
SVR402: DirectAccess Technical Drilldown, Part 2 of 2: Putting it all together.
SVR402: DirectAccess Technical Drilldown, Part 2 of 2: Putting it all together.SVR402: DirectAccess Technical Drilldown, Part 2 of 2: Putting it all together.
SVR402: DirectAccess Technical Drilldown, Part 2 of 2: Putting it all together.
Louis Göhl
 
3 cucm database
3 cucm database3 cucm database
3 cucm database
pasabakac
 
Brksec 2101 deploying web security
Brksec 2101 deploying web securityBrksec 2101 deploying web security
Brksec 2101 deploying web security
Alfredo Boiero Sanders
 
PLNOG 13: Nicolai van der Smagt: SDN
PLNOG 13: Nicolai van der Smagt: SDNPLNOG 13: Nicolai van der Smagt: SDN
PLNOG 13: Nicolai van der Smagt: SDN
PROIDEA
 
MidoNet 101: Face to Face with the Distributed SDN
MidoNet 101: Face to Face with the Distributed SDNMidoNet 101: Face to Face with the Distributed SDN
MidoNet 101: Face to Face with the Distributed SDN
MidoNet
 
A Guide to Secure Remote Access - Eric Vanderburg
A Guide to Secure Remote Access - Eric VanderburgA Guide to Secure Remote Access - Eric Vanderburg
A Guide to Secure Remote Access - Eric Vanderburg
Eric Vanderburg
 
20 - IDNOG03 - Franki Lim (ARISTA) - Overlay Networking with VXLAN
20 - IDNOG03 - Franki Lim (ARISTA) - Overlay Networking with VXLAN20 - IDNOG03 - Franki Lim (ARISTA) - Overlay Networking with VXLAN
20 - IDNOG03 - Franki Lim (ARISTA) - Overlay Networking with VXLAN
Indonesia Network Operators Group
 
CCNA Wireless Lan (WLAN)
CCNA Wireless Lan (WLAN)CCNA Wireless Lan (WLAN)
CCNA Wireless Lan (WLAN)
Networkel
 
CCNA Quality of Services (QoS)
CCNA Quality of Services (QoS)CCNA Quality of Services (QoS)
CCNA Quality of Services (QoS)
Networkel
 
Cisco at v mworld 2015 theater presentation brfarnha
Cisco at v mworld 2015 theater presentation brfarnhaCisco at v mworld 2015 theater presentation brfarnha
Cisco at v mworld 2015 theater presentation brfarnha
ldangelo0772
 

What's hot (20)

Development of a Cisco ACI device package for NGINX as a Load-Balancer
Development of a Cisco ACI device package for NGINX as a Load-BalancerDevelopment of a Cisco ACI device package for NGINX as a Load-Balancer
Development of a Cisco ACI device package for NGINX as a Load-Balancer
 
Secure Multi Tenant Cloud with OpenContrail
Secure Multi Tenant Cloud with OpenContrailSecure Multi Tenant Cloud with OpenContrail
Secure Multi Tenant Cloud with OpenContrail
 
Direct access for dummies
Direct access for dummiesDirect access for dummies
Direct access for dummies
 
gkkSecurity essentials domain 2
gkkSecurity essentials domain 2gkkSecurity essentials domain 2
gkkSecurity essentials domain 2
 
Da for dummies techdays 2012
Da for dummies techdays 2012Da for dummies techdays 2012
Da for dummies techdays 2012
 
F5 link controller
F5 link controllerF5 link controller
F5 link controller
 
F5 DDoS Protection
F5 DDoS ProtectionF5 DDoS Protection
F5 DDoS Protection
 
OpenStack and OpenContrail for FreeBSD platform by Michał Dubiel
OpenStack and OpenContrail for FreeBSD platform by Michał DubielOpenStack and OpenContrail for FreeBSD platform by Michał Dubiel
OpenStack and OpenContrail for FreeBSD platform by Michał Dubiel
 
ONIC Japan 2016 - Contrail アップデート
ONIC Japan 2016 - Contrail アップデートONIC Japan 2016 - Contrail アップデート
ONIC Japan 2016 - Contrail アップデート
 
SVR402: DirectAccess Technical Drilldown, Part 2 of 2: Putting it all together.
SVR402: DirectAccess Technical Drilldown, Part 2 of 2: Putting it all together.SVR402: DirectAccess Technical Drilldown, Part 2 of 2: Putting it all together.
SVR402: DirectAccess Technical Drilldown, Part 2 of 2: Putting it all together.
 
3 cucm database
3 cucm database3 cucm database
3 cucm database
 
Brksec 2101 deploying web security
Brksec 2101 deploying web securityBrksec 2101 deploying web security
Brksec 2101 deploying web security
 
PLNOG 13: Nicolai van der Smagt: SDN
PLNOG 13: Nicolai van der Smagt: SDNPLNOG 13: Nicolai van der Smagt: SDN
PLNOG 13: Nicolai van der Smagt: SDN
 
Vpnppt1884
Vpnppt1884Vpnppt1884
Vpnppt1884
 
MidoNet 101: Face to Face with the Distributed SDN
MidoNet 101: Face to Face with the Distributed SDNMidoNet 101: Face to Face with the Distributed SDN
MidoNet 101: Face to Face with the Distributed SDN
 
A Guide to Secure Remote Access - Eric Vanderburg
A Guide to Secure Remote Access - Eric VanderburgA Guide to Secure Remote Access - Eric Vanderburg
A Guide to Secure Remote Access - Eric Vanderburg
 
20 - IDNOG03 - Franki Lim (ARISTA) - Overlay Networking with VXLAN
20 - IDNOG03 - Franki Lim (ARISTA) - Overlay Networking with VXLAN20 - IDNOG03 - Franki Lim (ARISTA) - Overlay Networking with VXLAN
20 - IDNOG03 - Franki Lim (ARISTA) - Overlay Networking with VXLAN
 
CCNA Wireless Lan (WLAN)
CCNA Wireless Lan (WLAN)CCNA Wireless Lan (WLAN)
CCNA Wireless Lan (WLAN)
 
CCNA Quality of Services (QoS)
CCNA Quality of Services (QoS)CCNA Quality of Services (QoS)
CCNA Quality of Services (QoS)
 
Cisco at v mworld 2015 theater presentation brfarnha
Cisco at v mworld 2015 theater presentation brfarnhaCisco at v mworld 2015 theater presentation brfarnha
Cisco at v mworld 2015 theater presentation brfarnha
 

Similar to VMworld 2013: vCloud Hybrid Service Jump Start Part Two of Five: vCloud Hybrid Service: Networking and Security Basics

VMworld 2013: vCloud Hybrid Service Jump Start Part Three of Five: vCloud Hyb...
VMworld 2013: vCloud Hybrid Service Jump Start Part Three of Five: vCloud Hyb...VMworld 2013: vCloud Hybrid Service Jump Start Part Three of Five: vCloud Hyb...
VMworld 2013: vCloud Hybrid Service Jump Start Part Three of Five: vCloud Hyb...
VMworld
 
VMware vCloud Air: Networking
VMware vCloud Air: NetworkingVMware vCloud Air: Networking
VMware vCloud Air: Networking
VMware
 
GAMO VMware vCloud Air
GAMO VMware vCloud AirGAMO VMware vCloud Air
GAMO VMware vCloud Air
GAMO a.s.
 
VMworld 2014: vCloud Hybrid Service Networking Technical Deep Dive
VMworld 2014: vCloud Hybrid Service Networking Technical Deep DiveVMworld 2014: vCloud Hybrid Service Networking Technical Deep Dive
VMworld 2014: vCloud Hybrid Service Networking Technical Deep Dive
VMworld
 
Brocade Ethernet Fabrics and the ODDC
Brocade Ethernet Fabrics and the ODDCBrocade Ethernet Fabrics and the ODDC
Brocade Ethernet Fabrics and the ODDC
EMC Nederland
 
2014-09-15 cloud platform master class
2014-09-15 cloud platform master class2014-09-15 cloud platform master class
2014-09-15 cloud platform master class
Citrix
 
VMworld 2013: Virtualized Network Services Model with VMware NSX
VMworld 2013: Virtualized Network Services Model with VMware NSX VMworld 2013: Virtualized Network Services Model with VMware NSX
VMworld 2013: Virtualized Network Services Model with VMware NSX
VMworld
 
08 sdn system intelligence short public beijing sdn conference - 130828
08 sdn system intelligence short public beijing sdn conference - 13082808 sdn system intelligence short public beijing sdn conference - 130828
08 sdn system intelligence short public beijing sdn conference - 130828
Mason Mei
 
VMworld 2013: vCloud Hybrid Service 101: The Basics
VMworld 2013: vCloud Hybrid Service 101: The Basics VMworld 2013: vCloud Hybrid Service 101: The Basics
VMworld 2013: vCloud Hybrid Service 101: The Basics
VMworld
 
VMworld 2013: vCloud Hybrid Service: Enterprise Applications on vCloud Hybrid...
VMworld 2013: vCloud Hybrid Service: Enterprise Applications on vCloud Hybrid...VMworld 2013: vCloud Hybrid Service: Enterprise Applications on vCloud Hybrid...
VMworld 2013: vCloud Hybrid Service: Enterprise Applications on vCloud Hybrid...
VMworld
 
Banv meetup-contrail
Banv meetup-contrailBanv meetup-contrail
Banv meetup-contrail
nvirters
 
VMware NSX for vSphere - Intro and use cases
VMware NSX for vSphere - Intro and use casesVMware NSX for vSphere - Intro and use cases
VMware NSX for vSphere - Intro and use cases
Angel Villar Garea
 
VMworld 2014: How to Build a Hybrid Cloud
VMworld 2014: How to Build a Hybrid CloudVMworld 2014: How to Build a Hybrid Cloud
VMworld 2014: How to Build a Hybrid Cloud
VMworld
 
PLNOG14: The benefits of "OPEN" in networking for operators - Joerg Ammon, Br...
PLNOG14: The benefits of "OPEN" in networking for operators - Joerg Ammon, Br...PLNOG14: The benefits of "OPEN" in networking for operators - Joerg Ammon, Br...
PLNOG14: The benefits of "OPEN" in networking for operators - Joerg Ammon, Br...
PROIDEA
 
VMworld 2013: Technical Deep Dive: Build a Collapsed DMZ Architecture for Opt...
VMworld 2013: Technical Deep Dive: Build a Collapsed DMZ Architecture for Opt...VMworld 2013: Technical Deep Dive: Build a Collapsed DMZ Architecture for Opt...
VMworld 2013: Technical Deep Dive: Build a Collapsed DMZ Architecture for Opt...
VMworld
 
09 (IDNOG02) Services SDN & NFV Delivering more with less by Mochammad Irzan
09 (IDNOG02) Services SDN & NFV Delivering more with less by Mochammad Irzan09 (IDNOG02) Services SDN & NFV Delivering more with less by Mochammad Irzan
09 (IDNOG02) Services SDN & NFV Delivering more with less by Mochammad Irzan
Indonesia Network Operators Group
 
VMUGbe 21 Filip Verloy
VMUGbe 21 Filip VerloyVMUGbe 21 Filip Verloy
VMUGbe 21 Filip Verloy
Filip Verloy
 
The Data Center Network Evolution
The Data Center Network EvolutionThe Data Center Network Evolution
The Data Center Network Evolution
Cisco Canada
 
App to Cloud: Patrick Kerpan's DataCenter Dynamics Converged Keynote
App to Cloud: Patrick Kerpan's DataCenter Dynamics Converged KeynoteApp to Cloud: Patrick Kerpan's DataCenter Dynamics Converged Keynote
App to Cloud: Patrick Kerpan's DataCenter Dynamics Converged Keynote
Cohesive Networks
 
Secure SDN
Secure SDNSecure SDN
Secure SDN
APNIC
 

Similar to VMworld 2013: vCloud Hybrid Service Jump Start Part Two of Five: vCloud Hybrid Service: Networking and Security Basics (20)

VMworld 2013: vCloud Hybrid Service Jump Start Part Three of Five: vCloud Hyb...
VMworld 2013: vCloud Hybrid Service Jump Start Part Three of Five: vCloud Hyb...VMworld 2013: vCloud Hybrid Service Jump Start Part Three of Five: vCloud Hyb...
VMworld 2013: vCloud Hybrid Service Jump Start Part Three of Five: vCloud Hyb...
 
VMware vCloud Air: Networking
VMware vCloud Air: NetworkingVMware vCloud Air: Networking
VMware vCloud Air: Networking
 
GAMO VMware vCloud Air
GAMO VMware vCloud AirGAMO VMware vCloud Air
GAMO VMware vCloud Air
 
VMworld 2014: vCloud Hybrid Service Networking Technical Deep Dive
VMworld 2014: vCloud Hybrid Service Networking Technical Deep DiveVMworld 2014: vCloud Hybrid Service Networking Technical Deep Dive
VMworld 2014: vCloud Hybrid Service Networking Technical Deep Dive
 
Brocade Ethernet Fabrics and the ODDC
Brocade Ethernet Fabrics and the ODDCBrocade Ethernet Fabrics and the ODDC
Brocade Ethernet Fabrics and the ODDC
 
2014-09-15 cloud platform master class
2014-09-15 cloud platform master class2014-09-15 cloud platform master class
2014-09-15 cloud platform master class
 
VMworld 2013: Virtualized Network Services Model with VMware NSX
VMworld 2013: Virtualized Network Services Model with VMware NSX VMworld 2013: Virtualized Network Services Model with VMware NSX
VMworld 2013: Virtualized Network Services Model with VMware NSX
 
08 sdn system intelligence short public beijing sdn conference - 130828
08 sdn system intelligence short public beijing sdn conference - 13082808 sdn system intelligence short public beijing sdn conference - 130828
08 sdn system intelligence short public beijing sdn conference - 130828
 
VMworld 2013: vCloud Hybrid Service 101: The Basics
VMworld 2013: vCloud Hybrid Service 101: The Basics VMworld 2013: vCloud Hybrid Service 101: The Basics
VMworld 2013: vCloud Hybrid Service 101: The Basics
 
VMworld 2013: vCloud Hybrid Service: Enterprise Applications on vCloud Hybrid...
VMworld 2013: vCloud Hybrid Service: Enterprise Applications on vCloud Hybrid...VMworld 2013: vCloud Hybrid Service: Enterprise Applications on vCloud Hybrid...
VMworld 2013: vCloud Hybrid Service: Enterprise Applications on vCloud Hybrid...
 
Banv meetup-contrail
Banv meetup-contrailBanv meetup-contrail
Banv meetup-contrail
 
VMware NSX for vSphere - Intro and use cases
VMware NSX for vSphere - Intro and use casesVMware NSX for vSphere - Intro and use cases
VMware NSX for vSphere - Intro and use cases
 
VMworld 2014: How to Build a Hybrid Cloud
VMworld 2014: How to Build a Hybrid CloudVMworld 2014: How to Build a Hybrid Cloud
VMworld 2014: How to Build a Hybrid Cloud
 
PLNOG14: The benefits of "OPEN" in networking for operators - Joerg Ammon, Br...
PLNOG14: The benefits of "OPEN" in networking for operators - Joerg Ammon, Br...PLNOG14: The benefits of "OPEN" in networking for operators - Joerg Ammon, Br...
PLNOG14: The benefits of "OPEN" in networking for operators - Joerg Ammon, Br...
 
VMworld 2013: Technical Deep Dive: Build a Collapsed DMZ Architecture for Opt...
VMworld 2013: Technical Deep Dive: Build a Collapsed DMZ Architecture for Opt...VMworld 2013: Technical Deep Dive: Build a Collapsed DMZ Architecture for Opt...
VMworld 2013: Technical Deep Dive: Build a Collapsed DMZ Architecture for Opt...
 
09 (IDNOG02) Services SDN & NFV Delivering more with less by Mochammad Irzan
09 (IDNOG02) Services SDN & NFV Delivering more with less by Mochammad Irzan09 (IDNOG02) Services SDN & NFV Delivering more with less by Mochammad Irzan
09 (IDNOG02) Services SDN & NFV Delivering more with less by Mochammad Irzan
 
VMUGbe 21 Filip Verloy
VMUGbe 21 Filip VerloyVMUGbe 21 Filip Verloy
VMUGbe 21 Filip Verloy
 
The Data Center Network Evolution
The Data Center Network EvolutionThe Data Center Network Evolution
The Data Center Network Evolution
 
App to Cloud: Patrick Kerpan's DataCenter Dynamics Converged Keynote
App to Cloud: Patrick Kerpan's DataCenter Dynamics Converged KeynoteApp to Cloud: Patrick Kerpan's DataCenter Dynamics Converged Keynote
App to Cloud: Patrick Kerpan's DataCenter Dynamics Converged Keynote
 
Secure SDN
Secure SDNSecure SDN
Secure SDN
 

More from VMworld

VMworld 2016: vSphere 6.x Host Resource Deep Dive
VMworld 2016: vSphere 6.x Host Resource Deep DiveVMworld 2016: vSphere 6.x Host Resource Deep Dive
VMworld 2016: vSphere 6.x Host Resource Deep Dive
VMworld
 
VMworld 2016: Troubleshooting 101 for Horizon
VMworld 2016: Troubleshooting 101 for HorizonVMworld 2016: Troubleshooting 101 for Horizon
VMworld 2016: Troubleshooting 101 for Horizon
VMworld
 
VMworld 2016: Advanced Network Services with NSX
VMworld 2016: Advanced Network Services with NSXVMworld 2016: Advanced Network Services with NSX
VMworld 2016: Advanced Network Services with NSX
VMworld
 
VMworld 2016: How to Deploy VMware NSX with Cisco Infrastructure
VMworld 2016: How to Deploy VMware NSX with Cisco InfrastructureVMworld 2016: How to Deploy VMware NSX with Cisco Infrastructure
VMworld 2016: How to Deploy VMware NSX with Cisco Infrastructure
VMworld
 
VMworld 2016: Enforcing a vSphere Cluster Design with PowerCLI Automation
VMworld 2016: Enforcing a vSphere Cluster Design with PowerCLI AutomationVMworld 2016: Enforcing a vSphere Cluster Design with PowerCLI Automation
VMworld 2016: Enforcing a vSphere Cluster Design with PowerCLI Automation
VMworld
 
VMworld 2016: What's New with Horizon 7
VMworld 2016: What's New with Horizon 7VMworld 2016: What's New with Horizon 7
VMworld 2016: What's New with Horizon 7
VMworld
 
VMworld 2016: Virtual Volumes Technical Deep Dive
VMworld 2016: Virtual Volumes Technical Deep DiveVMworld 2016: Virtual Volumes Technical Deep Dive
VMworld 2016: Virtual Volumes Technical Deep Dive
VMworld
 
VMworld 2016: Advances in Remote Display Protocol Technology with VMware Blas...
VMworld 2016: Advances in Remote Display Protocol Technology with VMware Blas...VMworld 2016: Advances in Remote Display Protocol Technology with VMware Blas...
VMworld 2016: Advances in Remote Display Protocol Technology with VMware Blas...
VMworld
 
VMworld 2016: The KISS of vRealize Operations!
VMworld 2016: The KISS of vRealize Operations! VMworld 2016: The KISS of vRealize Operations!
VMworld 2016: The KISS of vRealize Operations!
VMworld
 
VMworld 2016: Getting Started with PowerShell and PowerCLI for Your VMware En...
VMworld 2016: Getting Started with PowerShell and PowerCLI for Your VMware En...VMworld 2016: Getting Started with PowerShell and PowerCLI for Your VMware En...
VMworld 2016: Getting Started with PowerShell and PowerCLI for Your VMware En...
VMworld
 
VMworld 2016: Ask the vCenter Server Exerts Panel
VMworld 2016: Ask the vCenter Server Exerts PanelVMworld 2016: Ask the vCenter Server Exerts Panel
VMworld 2016: Ask the vCenter Server Exerts Panel
VMworld
 
VMworld 2016: Virtualize Active Directory, the Right Way!
VMworld 2016: Virtualize Active Directory, the Right Way! VMworld 2016: Virtualize Active Directory, the Right Way!
VMworld 2016: Virtualize Active Directory, the Right Way!
VMworld
 
VMworld 2016: Migrating from a hardware based firewall to NSX to improve perf...
VMworld 2016: Migrating from a hardware based firewall to NSX to improve perf...VMworld 2016: Migrating from a hardware based firewall to NSX to improve perf...
VMworld 2016: Migrating from a hardware based firewall to NSX to improve perf...
VMworld
 
VMworld 2015: Troubleshooting for vSphere 6
VMworld 2015: Troubleshooting for vSphere 6VMworld 2015: Troubleshooting for vSphere 6
VMworld 2015: Troubleshooting for vSphere 6
VMworld
 
VMworld 2015: Monitoring and Managing Applications with vRealize Operations 6...
VMworld 2015: Monitoring and Managing Applications with vRealize Operations 6...VMworld 2015: Monitoring and Managing Applications with vRealize Operations 6...
VMworld 2015: Monitoring and Managing Applications with vRealize Operations 6...
VMworld
 
VMworld 2015: Advanced SQL Server on vSphere
VMworld 2015: Advanced SQL Server on vSphereVMworld 2015: Advanced SQL Server on vSphere
VMworld 2015: Advanced SQL Server on vSphere
VMworld
 
VMworld 2015: Virtualize Active Directory, the Right Way!
VMworld 2015: Virtualize Active Directory, the Right Way!VMworld 2015: Virtualize Active Directory, the Right Way!
VMworld 2015: Virtualize Active Directory, the Right Way!
VMworld
 
VMworld 2015: Site Recovery Manager and Policy Based DR Deep Dive with Engine...
VMworld 2015: Site Recovery Manager and Policy Based DR Deep Dive with Engine...VMworld 2015: Site Recovery Manager and Policy Based DR Deep Dive with Engine...
VMworld 2015: Site Recovery Manager and Policy Based DR Deep Dive with Engine...
VMworld
 
VMworld 2015: Building a Business Case for Virtual SAN
VMworld 2015: Building a Business Case for Virtual SANVMworld 2015: Building a Business Case for Virtual SAN
VMworld 2015: Building a Business Case for Virtual SAN
VMworld
 
VMworld 2015: Explaining Advanced Virtual Volumes Configurations
VMworld 2015: Explaining Advanced Virtual Volumes ConfigurationsVMworld 2015: Explaining Advanced Virtual Volumes Configurations
VMworld 2015: Explaining Advanced Virtual Volumes Configurations
VMworld
 

More from VMworld (20)

VMworld 2016: vSphere 6.x Host Resource Deep Dive
VMworld 2016: vSphere 6.x Host Resource Deep DiveVMworld 2016: vSphere 6.x Host Resource Deep Dive
VMworld 2016: vSphere 6.x Host Resource Deep Dive
 
VMworld 2016: Troubleshooting 101 for Horizon
VMworld 2016: Troubleshooting 101 for HorizonVMworld 2016: Troubleshooting 101 for Horizon
VMworld 2016: Troubleshooting 101 for Horizon
 
VMworld 2016: Advanced Network Services with NSX
VMworld 2016: Advanced Network Services with NSXVMworld 2016: Advanced Network Services with NSX
VMworld 2016: Advanced Network Services with NSX
 
VMworld 2016: How to Deploy VMware NSX with Cisco Infrastructure
VMworld 2016: How to Deploy VMware NSX with Cisco InfrastructureVMworld 2016: How to Deploy VMware NSX with Cisco Infrastructure
VMworld 2016: How to Deploy VMware NSX with Cisco Infrastructure
 
VMworld 2016: Enforcing a vSphere Cluster Design with PowerCLI Automation
VMworld 2016: Enforcing a vSphere Cluster Design with PowerCLI AutomationVMworld 2016: Enforcing a vSphere Cluster Design with PowerCLI Automation
VMworld 2016: Enforcing a vSphere Cluster Design with PowerCLI Automation
 
VMworld 2016: What's New with Horizon 7
VMworld 2016: What's New with Horizon 7VMworld 2016: What's New with Horizon 7
VMworld 2016: What's New with Horizon 7
 
VMworld 2016: Virtual Volumes Technical Deep Dive
VMworld 2016: Virtual Volumes Technical Deep DiveVMworld 2016: Virtual Volumes Technical Deep Dive
VMworld 2016: Virtual Volumes Technical Deep Dive
 
VMworld 2016: Advances in Remote Display Protocol Technology with VMware Blas...
VMworld 2016: Advances in Remote Display Protocol Technology with VMware Blas...VMworld 2016: Advances in Remote Display Protocol Technology with VMware Blas...
VMworld 2016: Advances in Remote Display Protocol Technology with VMware Blas...
 
VMworld 2016: The KISS of vRealize Operations!
VMworld 2016: The KISS of vRealize Operations! VMworld 2016: The KISS of vRealize Operations!
VMworld 2016: The KISS of vRealize Operations!
 
VMworld 2016: Getting Started with PowerShell and PowerCLI for Your VMware En...
VMworld 2016: Getting Started with PowerShell and PowerCLI for Your VMware En...VMworld 2016: Getting Started with PowerShell and PowerCLI for Your VMware En...
VMworld 2016: Getting Started with PowerShell and PowerCLI for Your VMware En...
 
VMworld 2016: Ask the vCenter Server Exerts Panel
VMworld 2016: Ask the vCenter Server Exerts PanelVMworld 2016: Ask the vCenter Server Exerts Panel
VMworld 2016: Ask the vCenter Server Exerts Panel
 
VMworld 2016: Virtualize Active Directory, the Right Way!
VMworld 2016: Virtualize Active Directory, the Right Way! VMworld 2016: Virtualize Active Directory, the Right Way!
VMworld 2016: Virtualize Active Directory, the Right Way!
 
VMworld 2016: Migrating from a hardware based firewall to NSX to improve perf...
VMworld 2016: Migrating from a hardware based firewall to NSX to improve perf...VMworld 2016: Migrating from a hardware based firewall to NSX to improve perf...
VMworld 2016: Migrating from a hardware based firewall to NSX to improve perf...
 
VMworld 2015: Troubleshooting for vSphere 6
VMworld 2015: Troubleshooting for vSphere 6VMworld 2015: Troubleshooting for vSphere 6
VMworld 2015: Troubleshooting for vSphere 6
 
VMworld 2015: Monitoring and Managing Applications with vRealize Operations 6...
VMworld 2015: Monitoring and Managing Applications with vRealize Operations 6...VMworld 2015: Monitoring and Managing Applications with vRealize Operations 6...
VMworld 2015: Monitoring and Managing Applications with vRealize Operations 6...
 
VMworld 2015: Advanced SQL Server on vSphere
VMworld 2015: Advanced SQL Server on vSphereVMworld 2015: Advanced SQL Server on vSphere
VMworld 2015: Advanced SQL Server on vSphere
 
VMworld 2015: Virtualize Active Directory, the Right Way!
VMworld 2015: Virtualize Active Directory, the Right Way!VMworld 2015: Virtualize Active Directory, the Right Way!
VMworld 2015: Virtualize Active Directory, the Right Way!
 
VMworld 2015: Site Recovery Manager and Policy Based DR Deep Dive with Engine...
VMworld 2015: Site Recovery Manager and Policy Based DR Deep Dive with Engine...VMworld 2015: Site Recovery Manager and Policy Based DR Deep Dive with Engine...
VMworld 2015: Site Recovery Manager and Policy Based DR Deep Dive with Engine...
 
VMworld 2015: Building a Business Case for Virtual SAN
VMworld 2015: Building a Business Case for Virtual SANVMworld 2015: Building a Business Case for Virtual SAN
VMworld 2015: Building a Business Case for Virtual SAN
 
VMworld 2015: Explaining Advanced Virtual Volumes Configurations
VMworld 2015: Explaining Advanced Virtual Volumes ConfigurationsVMworld 2015: Explaining Advanced Virtual Volumes Configurations
VMworld 2015: Explaining Advanced Virtual Volumes Configurations
 

Recently uploaded

UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3
DianaGray10
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
Alan Dix
 
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Jeffrey Haguewood
 
The Future of Platform Engineering
The Future of Platform EngineeringThe Future of Platform Engineering
The Future of Platform Engineering
Jemma Hussein Allen
 
Accelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish CachingAccelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish Caching
Thijs Feryn
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance
 
Essentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with ParametersEssentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with Parameters
Safe Software
 
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Product School
 
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Tobias Schneck
 
When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...
Elena Simperl
 
Knowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backKnowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and back
Elena Simperl
 
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance
 
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
Product School
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
James Anderson
 
Generating a custom Ruby SDK for your web service or Rails API using Smithy
Generating a custom Ruby SDK for your web service or Rails API using SmithyGenerating a custom Ruby SDK for your web service or Rails API using Smithy
Generating a custom Ruby SDK for your web service or Rails API using Smithy
g2nightmarescribd
 
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Product School
 
PCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase TeamPCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase Team
ControlCase
 
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance
 
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMsTo Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
Paul Groth
 
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdfSmart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
91mobiles
 

Recently uploaded (20)

UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
 
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
 
The Future of Platform Engineering
The Future of Platform EngineeringThe Future of Platform Engineering
The Future of Platform Engineering
 
Accelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish CachingAccelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish Caching
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
 
Essentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with ParametersEssentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with Parameters
 
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...
 
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
 
When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...
 
Knowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backKnowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and back
 
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
 
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
 
Generating a custom Ruby SDK for your web service or Rails API using Smithy
Generating a custom Ruby SDK for your web service or Rails API using SmithyGenerating a custom Ruby SDK for your web service or Rails API using Smithy
Generating a custom Ruby SDK for your web service or Rails API using Smithy
 
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
 
PCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase TeamPCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase Team
 
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdf
 
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMsTo Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
 
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdfSmart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
 

VMworld 2013: vCloud Hybrid Service Jump Start Part Two of Five: vCloud Hybrid Service: Networking and Security Basics

  • 1. vCloud Hybrid Service Jump Start Part Two of Five: vCloud Hybrid Service: Networking and Security Basics Ninad Desai, VMware Greg Herzog, VMware PHC5409 #PHC5409
  • 2. 2 What’s in it for You?  You will leave with: An understanding of the vCloud Hybrid Service networking building blocks A strong networking foundation for building a Hybrid Cloud The Security concepts you need to be successful
  • 3. 3 Agenda  vCloud Hybrid Service Introduction • Basic Stack and Constructs  Networking • Key Components • Network Virtualization • Edge Gateway • Services Overview • Default Setup  Security • Infrastructure Security • Network Security • User Access Security
  • 4. 4 Why is Networking with the vCloud Hybrid Service so Easy?  Key Takeaways • Same stuff you know – vSphere, VXLAN, vCNS, vCloud Director • Seemless integration – vCloud Connector • No changes to apps • No having to figure out weird networking models • Security you know and understand – Role Based Access Control
  • 5. 5 vCloud Hybrid Service: Any Mixture of Two Flavors Minimum size:  120GB vRAM  30GHz vCPU Starts at:  6 TB  50 Mbps allocated  1 Gbps burstable  3 Public IPs Your own private cloud instance Physically isolated Minimum size:  20GB vRAM  5GHz vCPU (burst to 10GHz) Starts at:  2 TB  10 Mbps allocated  50 Mbps burstable  2 Public IPs Logically isolated Guaranteed resource allocation Dedicated Cloud Virtual Private Cloud
  • 6. 6 Dedicated vCloud Stack per Dedicated Cloud Fully Integrated vCloud Stack vCloud Management and Automation vCloud Hybrid Service Management Console vCloud Infrastructure vCloud Networking and Security vCloud Director with vCloud Connector vSphere / vCenter Customer A Physically Isolated Servers Storage pool VPN and Network pool … Dedicated Cloud
  • 7. 7 Hybrid Service Basic Networking Constructs Organization Network (isolated)Organization Network (Customer Controlled)
  • 8. 8 Network Virtualization in vCloud Hybrid Service vCloud Hybrid Service Networking & Security vCloud Hybrid Service vSphere VDC 1 VDC 2 VXLAN Integrated Management Console Edge Gateway Secures the edge of the virtual datacenter and delivers network services:  Firewall  NAT  Load Balancer  Site-to-Site IPSec VPN  Active/Standby High Availability  Stateful Session Failover VXLAN Foundation for elastic portable virtual datacenters. Encapsulation allows  Isolation between Organization Networks  Bring-your-own private IPv4 layer 3 address space10GbE network interconnect with 20G link aggregation vCloud Hybrid Service Networking • Nine routable IP spaces • Intuitive design replicates traditional networks • Customizable to support production applications
  • 9. 9 vCloud Hybrid Service Advanced Networking Web Servers VM App Servers DB Servers Organization Network (DMZ) Org Net 1 VM VM Log Servers RSA Edge Gateway  10 Total Interfaces  9 For Customer Use  Static Routes between Zones 3rd Party Appliance  Customer Supplied  F5, RSA, Cisco, Riverbed Organization Network (Test/Dev) Organization Network (Isolated) VM Org Net 1Organization Network (App) VMVM VM VM VM VM
  • 10. 10 Available Services  IP Address  DHCP  Firewall  NAT  Load Balancer  VPN
  • 11. 11 IP Address Assignment  IP Pool • Pool of IPs created by default on auto generated isolated and routed networks • VMs attached to those networks get IP addresses from that default pool  Static IP • Fixed IP for a VM • Change configuration in vCloud Director  DHCP • Part of edge gateway service • Change configuration in vCloud Director • Basic DHCP service
  • 12. 12 DHCP Service on vCloud Hybrid Service Edge Gateway Assign an IP range on a desired network
  • 13. 13 Firewall Rules  Where do they live?  What do they do? Routed Network 1 Routed Network 2 Routed Network 3 Firewall Rules: - By default: Deny all - Policies for traffic that passes through the gateway Gateway  5 Tuple F/W policies (Protocol, Source/Dest. IP, Source/Dest. Port )  Can have multiple policies across multiple networks  Ideal for enterprise grade application deployment
  • 14. 14 Firewall Rules in vCloud Hybrid Service Portal
  • 15. 15 Network Address Translation (NAT)  Source NAT & Destination NAT rules. • Supports multiple rules on multiple interfaces  Can use internal/private IP space. • Bring your own internal IP space • Create/Manage subnets within IP space • Multiple IP space under the same gateway NAT rules: - SNAT & DNAT rules - Options include protocol/port selection Gateway Public IPs Internal IPs 10.x.x.x 172.16.x.x 192.168.x.x  Need to create F/W rules to allow traffic  IPv4 NAT Organization Net 1 Organization Net 2 Organization Net 3
  • 16. 16 Edge Gateway Services – Load Balancing Pool Servers Load Balanced - Round Robin - IP Hash - URI - Least Connected Virtual Server – - Virtual IP (Public IP) - Front end traffic - Assigned to a server pool Can have multiple virtual servers and pools Edge gateway Load balancer
  • 17. 17 Load Balancer – Pool Server
  • 18. 18 Load Balancer – Virtual Server
  • 19. 19 IPSEC VPN Overview  vCNS 5.1 Edge/vCloud Hybrid Service features include IPSEC VPN • Definition: • Internet Protocol Security (IPsec) is a protocol suite for securing Internet Protocol (IP) communications by authenticating and encrypting each IP packet of a communication session • Create a secured tunnel using the IPSEC VPN service from one physical/virtual datacenter to another  IPSEC is a framework of open standards “Protect the series of internet tubes with VPN!”
  • 20. 20 VPN Architecture Diagram vSphere (On-Premise) Sharepoint-Routed Network (10.0.10.0/24) vCHS Edge Gateway  LEP – 69.194.137.230  Peer ID – 10.0.1.150  Peer IP – 68.108.102.47 10.0.1.150 10.0.10.1 External Router 10.0.1.1 68.108.102.47 192.168.109.1 vCloud Hybrid Service 69.194.137.230 vSphere Edge Gateway  LEP – 10.0.1.150  Peer ID – 69.194.137.230  Peer IP – 69.194.137.230 VPN Traffic Internet Traffic Virtual Machine 1 Virtual Machine 2 Sharepoint-Default Routed Network (192.168.109/24) IP Protocol ID 50 (ESP) IP Protocol ID 51 (AH) UDP Port 500 (IKE) UDP Port 4500
  • 21. 21 Hybrid Service is Just Another Site – Networking & Security US East Region US West Region The Same Networking Topology Full network virtualization at layer 2 and layer 3 Layer 2 Extensions Your Data Center vCloud Hybrid Service The Same Security Policies Integrated L4-7 services for Firewall/NAT, IPSec VPN, Load Balancers, VXLAN gateways Primary Regional Office Regional Office
  • 22. 22 Default Setup  Dedicated Cloud – 3 IPs • Edge Gateway – Can add additional • 2 Default Networks • Default Isolated • DHCP Enabled - Only Service Available • Default Routed • DHCP Disabled • Firewall Enabled • VPN, NAT & Load Balancer • Assigned public IP address  Virtual Private Cloud – 2 IPs • Edge Gateway – 1 Max • 2 Networks – Same Setup
  • 23. 23 Security  Infrastructure  Network Security  User Access Security
  • 24. 24 Infrastructure Security  Shared Cloud • Logically separated network, compute and storage  No vDC segmentation  One edge gateway  Ideal for shared access within a single org  Dedicated Cloud • Physically separated hosts • Logically separated network and storage  Regulated Apps  Require segmentation and no multi-tenancy  Segment vDCs based on orgs VDC1 VDC2 VDC3 VDC4 VDC
  • 25. 25 Network Security & Access  Secure networks • Isolated networks • Ideal for internal apps/VMs • Log servers, tracking servers, DB servers • Routed networks • For VMs that need external access • VMs that need Gateway services ( F/W, NAT, LB)  Secure access • IPSec VPN • Secure site-to-site VPN • Data Center Extension • SSLVPN • Private line connectivity • Dedicated/private connection • Ideal for regulated apps Isolated networks – internal access only VPN F/W NAT LB DHCP Routed networks Internet Private connection Secure VPN vCHS
  • 26. 26 vCloud Networking and Security – Components Edge Gateway: F/W, IPAM, routing VXLAN: Foundation for elastic portable virtual datacenters Third party appliance: Virtual appliance of choice Bring your own appliance and policies Threat mitigation: Third party AV, traffic analysis and threat mitigation appliances AV Edge Gateway Isolated networks IPSec: Data in transit encryption Gateway Networks F/W
  • 27. 27 User Level Rights and Security Role Rights Cannot do Ideal for Account Administrator Can add/edit users and user rights VDC resource management, Network mgmt etc. Account management Virtualization Infrastructure Administrator Create VDCs Add/edit compute and storage resources Cannot create users, manage networking VI admin App admin Network Administrator Create networks Add gateways Add gateway services User management, VDC resource management Network admin Read-only Administrator Read only rights for all setups/configs Any adds/edits Supervisor Subscription Administrator Access to myVmware. Purchase resources, file support tickets No vCloud Hybrid Service management rights For all personnel with purchasing rights and/or support needs
  • 28. 28 User Rights – Configuration
  • 29. 29 User Level Rights and Security Configuration
  • 30. 30 Corporate SSO: Bring Your Own SAML IDP Dedicated Location 1 Servers Dedicated Location 2 Servers VPC Tier 1 Services Remote office vCHS Cloud Customer Portal Setup SAML/IDP1 VPC Access Request2 Company A
  • 31. 31 Summary  You will leave with: An understanding of the vCloud Hybrid Service networking building blocks A strong networking foundation for building a Hybrid Cloud The Security concepts you need to be successful  Key Takeaways • Same stuff you know – vSphere, VXLAN, vCNS, vCD • Seemless integration – vCloud Connector • Security you know and understand – RBAC • Just another datacenter
  • 32. 32 Call to Action/Resources Keep up with the latest on vCloud Hybrid Service • Facebook - https://www.facebook.com/vmwarevcloud • Blog - http://blogs.vmware.com/vcloud/ • Twitter - @vcloud 1 Call to Action  Get more information about the service: http://vcloud.vmware.com  Hands on Labs  HOL HBD 1301 vCloud Hybrid Service – Jumpstart for vSphere Admins  HOL HBD 1302 vCloud Hybrid Service – Networking and Security  HOL HBD 1303 vCloud Hybrid Service – Manage Your Cloud  Breakout Sessions – PHCxxxx  vCloud Hybrid Service Jumpstart Series  PHC1001-Group Discussion- vCHS Networking with Greg Herzog 2
  • 35.
  • 36. vCloud Hybrid Service Jump Start Part Two of Five: vCloud Hybrid Service: Networking and Security Basics Ninad Desai, VMware Greg Herzog, VMware PHC5409 #PHC5409