VMware NSX: A Customer’s Perspective

Taruna Gandhi, VMware

Jason Puig, Symantec

Richard Sillito, WestJet

NET5529

#NET5529

2

Agenda

VMware NSX Overview

Customer Deployments

• WestJet: Flight Path to a Better Network

• Symantec: Self Service Lab Cloud

Q&A

3

Software Defined Data Center

SOFTWARE-DEFINED

DATACENTER

All infrastructure is virtualized and delivered as a

service, and the control of this datacenter is

entirely automated by software.

4

WEEKS DAYS/

HOURS MINUTES/ SECONDS

Storage/ Availability Servers Networking Security

Management/

Monitoring

SOFTWARE-DEFINED DATACENTER SERVICES

VDC

Time to Provision New Services

2008 2012 2013

5

Compute

Network

DC Services

DB DB

App App

Web Web

Corpnet/Internet

• Provisioning is slow

• Placement is limited

• Mobility is limited

• Hardware dependent

• Operationally intensive

Current Network Operational Model is a Barrier to Software Defined

Data Center

6

Provisioning Network Virtualization with NSX

• Programmatic provisioning

• Place any workload anywhere

• Move any workload anywhere

• Decoupled from hardware

• Operationally efficient

Compute

Network

DC Services

7

Provisioning Network Virtualization with NSX

• Programmatic provisioning

• Place any workload anywhere

• Move any workload anywhere

• Decoupled from hardware

• Operationally efficient

Compute

Network

VMware NSX

DC Services

8

VMware NSX – Network and Security for SDDC

Public Clouds Private Clouds

Hybrid Cloud Seamlessly extend your data center to the public cloud

Virtual Workspace Manage access to services, applications and data for any device

The New Role for IT: IT as a Service

Software-Defined Data Center Virtualize the entire data center

Management and Automation

Storage and Availability Compute Network and Security Network and Security

Any Application (without modification)

Virtual Networks

VMware NSX Network Virtualization Platform

Logical L2 - Switch

Any Network Hardware

Any Cloud Management Platform

Logical

Firewall Logical

Load Balancer

Logical L3 - Router

Logical

VPN

Any Hypervisor

9

VMware NSX – Networking & Security Capabilities

Rich Networking & Security Services • Scalable Logical Switching

• Physical to Virtual L2 Bridging

• Dynamic L3 Routing: OSPF, BGP, IS-IS

• Logical Services:

Firewall, Identity-based Firewall, Load-

balancing, VPN (IPSec, SSL, L2VPN)

Automation & Operations • API Driven Integration

• Service Composer for Security Workflows

• Server Access Monitoring

• Troubleshooting & Visibility

Partner Extensibility • Physical ToR L2 Integration

• Security Services – IDS / IPS, AV,

Vulnerability Mgmt

• Network Services – Load Balancers, WAN

Optimization

Any Application (without modification)

Virtual Networks

VMware NSX Network Virtualization Platform

Logical L2

Any Network Hardware

Any Cloud Management Platform

Logical

Firewall

Logical

Load Balancer

Logical L3

Logical

VPN

Any Hypervisor

10

VMware NSX – Network Virtualization Benefits

VMware NSX Transforms the Operational Model of the Network

• Network provisioning time reduced from 7 days to 30 sec

Reduce network provisioning time from

days to seconds

Cost Savings

• Reduce operational costs by 80%

• Increase compute asset utilization upto 90%

• Reduce hardware costs by 40-50%

Operational Automation

Simplified IP hardware

Choice

• Any Hypervisor: vSphere, KVM, Xen, HyperV

• Any CMP: vCAC, Openstack

• Any Network Hardware

• Partner Ecosystem

Any hypervisor

Any CMP with Partner

11

Customers Deploying Network Virtualization Today!

Westjet: Flight Path to a Better Network

Symantec: Self Service Lab Cloud

Richard Sillito rsillito@westjet.com

Network/Security/Virtualization

Flight Path to a

Better Network

Defy Convention

Fort Henry Ontario

Flight Plan

Let’s get our bearings

No

rth/So

uth

East/West

The Current State

Navigating in an Alternate Reality (aka “the future”)

• Automation, Continuous Delivery & Self Service

• Support low CASM through reduced TCO

• Commoditization hardware

• Leverage Virtualize network components

• Less complex information environments

• Enable the future workforce with service such as Mobile Workspace, Bring Your Own Device and Capacity on Demand

Flight Following

Security Architecture Made Simple (SAMS)

Security Architecture Made Simple (SAMS) SAMS - Infrastructure

Flight Following

SAMS Infrastructure using a VMware Solution

Gateway Firewall (Layer 3)

Connects the outside world

Simple firewall rules

Basic Functionality

High Availability – 4 nines

Embedded Firewalls (Layer 2)

Firewall distributed into each hypervisor

Central Management and reporting

Transparent Firewall

Networking occurs at hypervisor speed

Firewall has more visibility

Innovators

The Evolution

Flight Following

Physical Network

Virtual Network

Flight Following

Software Defined Datacenter

Flight Following

Summary

Defy Convention • Security

• Performance

• Simplicity

• Automation

Inspiration/Thanks

VMWare

• Vern Bolinius

• Ray Budavari

• Bruno germain

My Family

• Patrick, Brittney, Taz

Thanks VTeam

• Dominador DeLeon – Sr. TSA - Infrastructure Ops

• Justin Domshy – Manager of Environments

• Mike Gromek - Technical Architect III

• Darrell Lizotte – Technical Architect III

• Randy Seabrook – Manager Architecture

• Derek Sharman - Sr. Analyst-Config Management

• Nanda Weicker - Business Architect III

• Walter Wenzl - Sr Analyst-Config Management

• Dallas Young - Security Support Analyst III

Inspiration • Dump your DMZ by Joern Wettern

• BYOD and the Death of the DMZ by Lori MacVittie

• Zero Trust Model John Kindervag

32

Granite Labs - Symantec’s Self Service Lab Cloud

Real-World Experiences with a VMware Software-Defined Data Center

Jason Puig Symantec Manager, Cloud Services – Global Symantec Labs

Current Deployment Summary

• Symantec Granite Labs is a large scale implementation of a Software-Defined Data Center (SDDC)

– Based on VMware and Symantec technologies

– 250,000 VMs deployed, 27,000 under management today with 3,800 users

– 15-month implementation

– Have saved 32,000 Symantec staff hours

– While delivering better quality to end-users, in less time

IT Pressures – a Constant Over the Decades

“Are you getting the maximum efficiency out of your infrastructure?”

“How quickly can IT respond to LOB requests?”

• Legislative Compliance • Risk Reduction – SLAs & Business Continuity • Security – Corp Assets & IP

Why a Cloud Lab in an SDDC?

• Cost

– Single shared pool of networking, storage, and compute resources.

– Reduced administration

– Reduced integration costs

• Agility

– Data Centers available in minutes instead of days or weeks.

– Abstraction of hardware at all layers allows flexibility and reduced downtime.

– Faster turn around when implementing new solutions

– Reduce provisioning effort allowing employees to focus on their primary job - helping customers.

– Removing the burden of managing labs from engineers and trainers.

– Helps to break down barriers between departments and reduces silos

• Governance

– Secured within the Symantec Firewall / Private Enterprise Cloud

– Complete oversight into the datacenter topologies allow for improved control.

Cloud Based Labs: The ultimate challenge.

• Legacy Labs

Cloud Based Labs: The ultimate challenge.

• Legacy Labs

• Lab Complexity

• Dynamic Workloads

• “Hands On” / Self Service Required

• Scale

• Security / Protection

• Multiple Geographies

• Virtual on Virtual

• Hybrid Physical and Virtual Provisioning

• Cost

What we Deployed

• vCloud Suite

– vCloud Director

– vSphere

– vCloud Networking & Security

– vCenter Orchestrator

• NetBackup

• Endpoint Protection

• IT Management Suite

– Deployment Solution

– Asset Management Suite

– Service Desk

• 7xxx Core Switching

• UCS Blades

• FAS6240

• FAS6280

Demo

Metrics / Lessons Learned

• Cost

– Single shared pool of networking, storage, and compute resources.

• Explosive adoption, over 3,800 employees have used the solution since launch. Average over 2,000 active users every month.

• Over 250,000 virtual machines deployed since launch.

• Over 27,000 virtual machines under management

• Unified library of over 700 lab topologies within our Software Defined Data Center

– Reduced administration

• While fewer admins are needed, they need to be cross functional and understand the latest virtualization trends.

• Choosing the right vendors who understand cloud

– Reduced integration costs

• Cloud integration is complex, use as many integrated solutions as you can which are proven to work together. Symantec is seeing the savings in the ability to leverage integrations across the cloud.

• Agility

– Software Defined Data Centers available in minutes instead of weeks or months

• Average Provisioning Time: 14 Minutes, completely changes the way employees work.

– Abstraction of hardware at all layers allows flexibility and reduced downtime.

• Multiple hardware transitions since inception, zero user impact.

• Orchestration is a must

– Faster turn around when implementing new solutions

• Our entire cloud topology is actually stored in an SDDC vApp inside of the cloud, allowing for on the fly testing of new solutions even with the cloud itself.

– Reduce provisioning effort allowing employees to refocus their actual jobs - helping customers.

• Saved over 11,000 weeks of effort

– Removing the burden of managing labs from engineers and trainers.

• Transitioned to Cloud Operations

– Helps to break down barriers between departments and reduces silos

• Over 700 shared labs covering most Symantec product lines currently available

• Support Services, Training, and Engineering are finally able to share… everything.

Metrics / Lessons Learned

• Governance

– Secured within the Symantec Firewall / Private Enterprise Cloud

– Complete oversight into the datacenter topologies allow for improved control.

• Auditing of topologies to reduce human error.

• Ensure proper security is in place prior to allowing deployment.

Metrics / Lessons Learned

Future

• Unparalleled Cloud Integration with Symantec Products

• Incorporate enhancements to virtual networking (VMware NSX)

• Reference Architectures

Visit the VMware and Symantec booths.

Talk to us about how we can help your organization get to IT-as-a-Service, and a Software-Defined Data Center

45

Thoughts & Questions

Richard Sillito

rsillito@westjet.com

Jason Puig

Jason_puig@symantec.com

Taruna Gandhi

gandhit@vmware.com

46

Other VMware Activities Related to This Session

HOL:

HOL-SDC-1303

VMware NSX Network Virtualization Platform

Group Discussions:

NET1001-GD

vCloud Networking and Security & NSX for VMware Environments with

Ray Budavari

NET5529

THANK YOU

VMware NSX: A Customer’s Perspective

Taruna Gandhi, VMware

Jason Puig, Symantec

Richard Sillito, WestJet

NET5529

#NET5529