aws? understand application, network and or distribution ... · identify application security...

Manish Bhaskar, Brandon Wagoner, Sean O’Dell

MMC3062BU

#VMworld #MMC3062BU

Migrating Applications to AWS? Understand Application, Network and Security Dependencies with Network Insight Service- Cardinal Health Story

VMworld 2017 Content: Not fo

r publication or distri

bution

• This presentation may contain product features that are currently under development.

• This overview of new technology represents no commitment from VMware to deliver these features in any generally available product.

• Features are subject to change, and must not be included in contracts, purchase orders, or sales agreements of any kind.

• Technical feasibility and market demand will affect final delivery.

• Pricing and packaging for any new technologies or features discussed or presented have not been determined.

Disclaimer

2#MMC3062BU CONFIDENTIAL



bution

Agenda

#MMC3062BU CONFIDENTIAL 3

1 VMware Cloud Services Overview

2 Network Insight Service Overview

3 Cardinal Health story

4 Demo

5 Q&AVMworld 2017 Content: Not fo


bution

Cloud Adoption


PUBLIC

CLOUD

ADOPTIO

N

50% of workloads will

be in the public

cloud by 2030

48% already using

multiple clouds

Source: Dimensional Research, Feb 2016

Organizations are now adopting multiple clouds at scale



bution

VMware Cloud Services



bution

VMware Cloud Services

Manage, Govern and Secure Public and Private Cloud Apps

7

Discovery

Cost Insight

NSX Cloud

Network Insight

AppDefense

Wavefront

ON PREMISES DATA CENTER

Visibility into apps and resources they consume. Analyze usage and utilization across clouds.

Accounting and cost optimization for multiple clouds. Track and analyze your costs and trends.

Secure networks with micro-segmentationCreate private networks within or across clouds.

Operational visibility, control, and compliance across clouds. Optimize performance, health, and availability.

Metrics-driven monitoring and real-time analytics.

Governance for running workloads.

#MMC3062BU CONFIDENTIAL



bution

Network Insight Service



bution

Virtual Network

Operations

Visibility and Trouble

ShootingSecurity and Planning

Visualize | Plan | Secure | Operate | Troubleshoot


Converged 360 Network

Visibility & Analytics

Ensure health and availability of

NSX deploymentsApplication Flow Analysis and

Micro-Segmentation

On-premises data center

• Analyze application behavior and dependencies

• Plan micro-segmentation

• Ensure security compliance

• Discover vSphere, NSX, AWS VPC, security groups, physical infra

• Troubleshoot network connectivity between VMs

• Change tracking with alerts

• Visualization, topology and health at scale

• Configuration deployment support and ensure best practices

• Quick NSX issue resolution VMworld 2017 Content: Not fo


bution

Expansive Data Source Support

• VMware virtualization

• Public Clouds

• Firewall Infrastructure

• Physical Networking

• Converged Infrastructure




bution

Data Collection Requirements


Private CloudData Collector

• Data Center to Cloud

communication (one way)

• Appliance installed as a

OVF

• One time secret key for

security

• AWS API access via

access/secret key

• VPC flow logs via log

group

Network Insight Service



bution

Cardinal Health Use Case



bution

About Cardinal Health

13

• #15 on the Fortune 500

• Medical/Pharmaceutical distribution

• 50,000+ Employees

• 125 locations globally w/ virtual infrastructure

Public cloud

• 10 accounts

• 25-30 VPCs across 4 AZs

• 1000+ instances

Private cloud

• 9 VCs

• 950+ ESXi hosts

• 10K VMs

• 1400 Applications




bution

Business Context

14

• New projects looking to leverage cloud technologies

• A phased lift and shift strategy Multiple Cloud Workstreams

• Used internally developed questionnaire

• Relied heavily on tribal knowledge

• Identified gaps in application team knowledge

Initial Migrations

• Manual effort and time to discover and fix

• Production outages creates problemsPost Migration Issues

• Expand to other clouds like Azure/GCP

• Enable automation Future Vision




bution

15

Public CloudEast-West

North-South

DATA CENTER PERIMETER

A shift towards SDDC and Hybrid Applications

Past – Most

communication

within data center

East-West

New

communication

patterns equals

new security

policies

Hybrid apps split

between private

and public cloud




bution

Challenges

16

• No single source of truth for application information

• Application owners have inconsistent levels of

knowledge of their application landscape

• Lack comprehensive visibility into application

communication patterns

• Ability to maintain consistent security posture

across clouds




bution

Perspective on Network Insight Service

17

• Provide application visibility with dependencies

– Starting point for communication with application owners (like ports, source/destination IP etc..)

– Verification of application communication information and patterns

• Single pane of visibility across clouds

• Secure and optimize communication paths with firewall rules and policies




bution

Demo



bution

Request Access @ cloud.vmware.com

Visit Cloud.vmware.com

19#MMC3062BU CONFIDENTIAL



bution

Sessions, Booth and Theatre Presentations forVMware Cloud Services

20

Session # Session Title Type Speakers

MMC1464QUHow to Use CloudFormations in vRealize Automation to Build Hybrid Applications That

Span and Reside On-Premises & on VMware Cloud on AWS and AWS Cloud Quick Talk Vijay Raghavan, Manu Prasanna

MMC1532BUUsing VMware NSX for Enhanced Networking and Security for AWS Native Workloads:

Part 2 Breakout Session Amol Tipnis, Percy Wadia

MMC2046BUUsing VMware NSX for Enhanced Networking and Security for AWS Native Workloads:

Part 1 Breakout Session Amol Tipnis, Percy Wadia

MMC2820BU Deploying Applications into AWS EC2 with VMware Cross-Cloud Services Breakout Session Bahubali Shetti, Dan Illson

MMC2877BUDeep Dive into Cost Insight: Understand, Analyze, and Optimize Your Cloud Expenses

(Cross-Cloud Service) Breakout Session Kumar Gaurav, Kameswaran Subramanian

MMC2884GULive Demo: Search driven log analytics SaaS for troubleshooting vSphere, VSAN and

NSX issues using machine learning algorithms Group Discussion Karl Fultz, Manish Bhaskar, Steven Flanders

MMC2888GU How We’ve Accelerated Innovation While Keeping Our Cloud Spending in Check Group Discussion Burt Toma

MMC3112BUIdentify Application Security Vulnerabilities and Troubleshoot Network Issues Across

AWS EC2 and vSphere VMs: Fox Media Story and demo Breakout Session Manish Bhaskar, Anuj Jaiswal

MMC3066BUHow Do You Use Network Insights' SaaS to Secure Multitier Hybrid Apps Running on

vSphere, VMware Cloud on AWS, and AWS Native? Breakout Session Sean O'Dell, Anuj Jaiswal

MMC3074BU3 ways to use VMware’s new Cross-Cloud SaaS Services to efficiently run workloads

across AWS, Azure and vSphere: VMware and Customer technical session Breakout Session Jason Walker, Burt Toma

MMC3110PUHow IT Can Enable Development Teams to Build Apps on AWS, Azure, and VMware

Without Compromising on Costs and Security Panel Discussion Mark Leake, Ben Mitchell




bution



bution

aws? understand application, network and or distribution ... · identify application security...

Documents