maqsood siddiqui · virtual machine virtual machine virtual machine network application application...
TRANSCRIPT
© 2014 VMware Inc. All rights reserved.
Maqsood Siddiqui 10th June 2014
© 2014 VMware Inc. All rights reserved.
Bringing Network Virtualisation to VMware Environments With NSX VMware vForums 2014
Maqsood Siddiqui
10th June 2014
Agenda
• The Software-Defined Data Center and the Network
• How Does It Work
• Better Security
• Better Operational Visibility
• Use Cases
• Eco System
The Software-Defined Data Center and the Network
Intelligence in Software Operational Model of VM for Data Center Automated Configuration & Management
What is a Software-Defined Data Center (SDDC)?
Intelligence in ASICs Dedicated, Vendor Specific Hardware Manual Configuration & Management
Software
Hardware Compute, Network and Storage Capacity Vendor Independent, Best Price/Performance Hardware Simplified Configuration & Management
Infrastructure
Servers Clouds
Be more responsive to business, change economics of IT
• Fast Workload Provisioning – weeks to minutes
• Unlimited Workload Placement & Mobility
• Any Hardware or Topology
• Improved cloud security
The Transformation of Infrastructure
Compute Virtualization
The Network is a Barrier to Software Defined Data Center
Any Physical Infrastructure
• Provisioning is slow
• Placement & Mobility is limited
• Operational visibility is limited
• Hardware dependent
• Operationally intensive
Network
Server
Storage
The Solution – Transform the Network with Virtualization
Compute Virtualization
• Programmatic provisioning
• Any workload anywhere
• End-to-end operational visibility
• Decoupled from hardware
• Operationally efficient
Network Virtualization
Hardware Independent
Network
Server
Storage
Any Physical Infrastructure
Software Defined Virtual Network
What is a Network Hypervisor?
General Purpose Server Hardware (Dell, HP, IBM, Quanta,…)
Server Hypervisor
Requirement: x86
Virtual
Machine
Virtual
Machine
Virtual
Machine
Application Application Application
x86 Environment
Decoupled
Hardware
Software
General Purpose IP Hardware (Arista, Cisco, HP, Juniper, Cumulus,…)
Network Hypervisor
Requirement: IP Transport
Virtual
Network
Virtual
Network Virtual
Network
Workload Workload Workload
L2, L3, L4-7 Network Services
Virtualize the Network
Decouple
Any
Hardware
Platform
Network Virtualisation Layer
Network Virtualization Decouples and reproduces the network model
Network Hypervisor Decoupled
Physical Network
(Arista, Cisco, HP, Juniper, Cumulus,…)
Workload Workload Workload
L2
L2
L3
Virtual Network
Workload Workload Workload
Virtual Network
L2
WAN
Subnet A Subnet B Subnet C
How Does It Work?
A Data Centre Network…
Internet
Compute Infrastructure….
Internet
Hypervisors and vSwitches…
Internet
NSX | The “Network Hypervisor”
Internet
Virtual Networks – Like Virtual Machines for the Network
Internet
Programmatic Provisioning
Services Distributed to the Virtual Switch
Physical Workloads and Legacy VLANs
The Power of Distribution
Better Security
22
Security – Complete Isolation
Virtual Networks are isolated from each other (Overlapping IP Addresses)
Virtual Networks are isolated from underlying physical network (IPv6 over IPv4)
Central Policies, Distributed Enforcement, Move with VMs
Internet
Security Policy Security Policy
- Reduce Choke Point Security
- Centrally Define Policies, Distribute Rule Enforcement for Segmentation
- Security Policies Move with VMs
- Changes to central policies automatically
distributed to affected VMs
The Power of Distribution
Service Insertion – Example: Palo Alto Networks Next Generation Firewall
Internet
Security Policy
Security Admin
Traffic Steering
Better Operational Visibility
27
Visibility & Troubleshooting
Visibility & Troubleshooting
Use the network troubleshooting tools you use today,
but with better information
Visibility & Troubleshooting
Use the network troubleshooting tools you use today,
but with better information
IPFIX Log
syslog Netflow Log
Use Cases
31
VMware NSX Use Case Examples
• Self Service R&D Clouds & Data Center Automation
– Speed & Agility
– Automated Provisioning
• Data Center Refresh
– Flexibility and choice for physical infrastructure
– Hardware independence
• Data Center Migration and Disaster Recovery
– No Re-IPing application workloads
• Scale-out DMZ
• Micro-segmentation
– Leverages inherent isolation and distributed firewalling
32
Ecosystem
33
VMware NSX Ecosystem – Technology Partners
More Information
CONFIDENTIAL 35
Hands on Labs (HOL): http://labs.hol.vmware.com/ NSX Design Guide: http://www.vmware.com/products/nsx/resources NSX Public Landing Page: http://www.vmware.com/products/nsx
Thank You Questions?
CONFIDENTIAL 36