Post on 17-Jul-2015
Cloud Service Automation with NSX and vCloud
Automation Center
Gargi Keeling, VMware
Valentina Reutova, VMware
VCM5477
#VCM5477
Agenda
Consumption Models and Tradeoffs
What Users Want from Cloud Infrastructure
Where We Are Today
Technology Preview + DEMO – vCloud Automation Center
with NSX
Summary of Automation Capabilities – vCloud Automation
Center with NSX
Next Steps
A Valid Model for Consumption – Fully Stocked Inventory
Advantages
Items always available
Requests immediately
fulfilled
Considerable choice
Disadvantages
Inventory costs
Unused items go to waste
Requires planning
Pay a premium for instant
gratification and
convenience (little choice)
Another Model - “Pay As You Go”
Advantages
No inventory costs
Only pay for what you use
Disadvantages
Restricted by product
availability and store hours
No instant gratification
It could be worse…?
What Are You Trying to Optimize For Application Infrastructure?
COST (Money)
CHOICE (Scope)
AGILITY (Time)
APP
DATABASE
WEB
Agenda
Consumption Models and Tradeoffs
What Users Want from Cloud Infrastructure
Where We Are Today
Technology Preview + DEMO – vCloud Automation Center
with NSX
Summary of Automation Capabilities – vCloud Automation
Center with NSX
Next Steps
End Users Still Wait Weeks for Their Apps
Network and security challenges hamper cloud
service provisioning.
VI Admin /
Cloud
Operator
I need to check with the
network team for VLANs
and IP addresses.
Hmmm….I’ll need to ask the ops team
for available addresses, put in a change
request for new firewall rules, ask for a
load balancer pool…
Get back to you in a month?
Network
Architect
They said a few
weeks…
Oh…just
forget it.
Aargh!
Business User
I need this,
NOW.
What if …
Your cloud service provisioning solution could spin up and tear
down logical networks and services as needed, to deliver
application infrastructure on-demand?
VI Admin /
Cloud
Operator
I saved a lot of time,
too. Now I can work
on other stuff.
Business User
Got my machines.
Now I’m in
business. Thanks!
I’ve got visibility and control over
virtual network infrastructure. No
complaints here.
Network
Architect
Agenda
Consumption Models and Tradeoffs
What Users Want from Cloud Infrastructure
Where We Are Today
Technology Preview + DEMO – vCloud Automation Center
with NSX
Summary of Automation Capabilities – vCloud Automation
Center with NSX
Next Steps
Most Requested Deployment Models for Multi-Tiered Apps
Cloud Automation + Network Virtualization
Leverage pre-created logical networks and services to deliver application
infrastructure on-demand.
Create On-
Demand
Leverage Existing
Infrastructure
WEB APP DATABASE
APPLICATION
APP
DATABASE
WEB
APPLICATION Network
Router
Load
Balancer
Firewall
Rules
The Solution
Cloud Automation
Self - Service
IaaS PaaS DaaS XaaS
Cloud Service Automation
Heterogeneous Infrastructure
Policy-Based Governance with Automated Delivery
Network Virtualization
Any Application (without modification)
Virtual Networks
VMware NSX Network Virtualization Platform
Logical L2
Any Network Hardware
Any Cloud Management Platform
Logical
Firewall
Logical
Load Balancer
Logical L3
Logical
VPN
Any Hypervisor
Templates Address a Big Part of the Problem
“We are really striving to create a frictionless
environment for any common, allowed,
repeatable configurations that would allow
people to point and click provision from an
approved template.” Don Wood, Cloud Architect, McKesson
Policy Enforcement At Multiple Layers
Cloud Automation
Resource
Reservations
Enforce at
infrastructure layer
Application
Blueprints
Enforce based on end
user entitlements
Network Virtualization +
Compute Virtualization
► Logical Firewalls (Security Groups)
►Logical Switches ►Load Balancer
Resources
provisioned in
infrastructure
Provisioning
Group
Enforce based on
group entitlements
Why NSX?
Built-in, logical services that are programmable for
easy consumption by cloud automation solutions.
Logical Firewall Logical Switch
Logical
Load Balancer Logical Router
VM
VM
VM VM
VM VM
VM
VM
VM VM
VM
VM
VM
VM
VM VM VM
VM VM VM VM
VM VM
VM VM VM
VM
VM
VM
VM
Security Groups
Agenda
Consumption Models and Tradeoffs
What Users Want from Cloud Infrastructure
Where We Are Today
Technology Preview + DEMO – vCloud Automation Center
with NSX
Summary of Automation Capabilities – vCloud Automation
Center with NSX
Next Steps
Future Direction
Cloud Automation + Network Virtualization
Spin up and tear down logical networks and services as needed, to deliver
application infrastructure on-demand.
Create On-
Demand
Leverage Existing
Infrastructure
APP
DATABASE
WEB
WEB APP DATABASE
Hierarchy of Needs for Networking & Security of Applications
Simplicity
Availability
Security
Connectivity & Scale
Connect the App
Perimeter Gateway to
External Networks
Gateway
Logical
Router
Create On-
Demand
Leverage Existing
Infrastructure
WEB
APP
DATABASE
Logical
Switch
1. Spin up the workloads
2. Attach them to new logical switches
3. Spin up a logical router and attach new switches to
router interfaces
4. Connect logical router uplink to perimeter gateway
Scale Within App, Across Apps
Perimeter Gateway
to External Networks
Gateway
Create On-
Demand
Leverage Existing
Infrastructure
1. Add more workloads to existing apps
2. Create more apps
3. Destroy apps
Secure the App
1. Place app in appropriate security zones, protected by
firewall rules
Multi Network Model Use security group to isolate entire app,
virtual firewall to control traffic between tiers.
Flat Network Model Use security groups to isolate entire app and
app tiers, virtual firewall to control all traffic.
APP
DATABASE
WEB
WEB APP DATABASE
APPLICATION
APPLICATION
Create On-
Demand
Leverage Existing
Infrastructure
Add Availability and Performance to App
1. Spin up a new NSX gateway edge
2. Create load balancer pool based on app workloads,
network
APP
DATABASE
WEB WEB APP DATABASE Services
Edge (Load Balancer)
Services
Edge (Load Balancer)
Create On-
Demand
Leverage Existing
Infrastructure
Simplify Networking for the App
1. Network team pre-defines ‘profiles’ for connectivity
2. Cloud architect defines blueprints using these profiles
PRIVATE NAT
ROUTED
Create On-
Demand
Leverage Existing
Infrastructure
Simplify Deployment Topology for the App
1. Provide flat network topology for each new app
2. Use shared or dedicated logical router for
connectivity
3. Rely on security groups for app isolation
4. Repeat
Create On-
Demand
Leverage Existing
Infrastructure
Perimeter Gateway
to External Networks
Gateway
Automate, Then Customize
“The only time they (users) should need
to come to us is for a non-standard
request or a request that requires an
additional level of security sign-off.”
Don Wood, Cloud Architect, McKesson
Agenda
Consumption Models and Tradeoffs
What Users Want from Cloud Infrastructure
Where We Are Today
Technology Preview + DEMO – vCloud Automation Center
with NSX
Summary of Automation Capabilities – vCloud Automation
Center with NSX
Next Steps
Network Profiles Simplify Network Consumption in Cloud
Cloud Operator creates network profiles based on guidance
from networking team.
Is this
what you
wanted?
VI Admin /
Cloud Operator
Yup.
Looks
good.
Network
Architect
Blueprints Can Provision Logical Networks and Services
VI Admin /
Cloud
Operator
Good to know.
We’ll spin it up and
tear it down when
you’re done.
Blueprints can now create infrastructure on demand - networks,
routers, firewall and load balancer services. Infrastructure can
be torn down when lease is up.
Business User
I only need
this for 2
months.
I get to optimize my
cloud resource pools
AND I didn’t have to
deal with the physical
network!
Optimize with vCloud Automation Center + NSX
COST CHOICE
AGILITY
APP
DATABASE
WEB
Agenda
Consumption Models and Tradeoffs
What Users Want from Cloud Infrastructure
Where We Are Today
Technology Preview + DEMO – vCloud Automation Center
with NSX
Summary of Automation Capabilities – vCloud Automation
Center with NSX
Next Steps
Back at the Office…
VI Admin /
Cloud
Operator
What do you
need from us?
Network
Architect
Plan your evaluation of NSX with vCloud Automation Center.
Talk to your networking team about collaborating to build network
profiles, for on-demand creation of logical networks and services.
Anything
else? Let us know how to
connect these apps
to the IP network. OK. We’ll help
you define
network profiles.
Any hardware, any IP
fabric. We will deploy NSX.
Thanks!
Our users need app infrastructure
on-demand, but relying on physical
networks is slowing us down.
It IS Possible
Your cloud service automation solution CAN spin up and tear down
logical networks and services on-demand, with configurable
options, and with optimal value.
VI Admin / Cloud
Operator
I saved a lot of time,
too. Now I can work
on other stuff.
Business User
Got my machines.
Now I’m in
business. Thanks!
I’ve got visibility and control over
virtual network infrastructure.
No complaints here.
Network
Architect
Templates: Pre-defined,
some customization
Infrastructure: On-demand
Consumption, Your Way
Templates: Pre-defined,
no customization
Infrastructure: Pre-created
Other VMware Activities Related to This Session
HOL:
HOL-SDC-1303
VMware NSX Network Virtualization Platform
Group Discussions:
VCM1003-GD
Cloud Automation with Naomi Sullivan
VCM5477
THANK YOU
Cloud Service Automation with NSX and vCloud
Automation Center
Gargi Keeling, VMware
Valentina Reutova, VMware
VCM5477
#VCM5477
Background Slides vCloud Automation Center, NSX
Most Requested Deployment Models for Multi-Tiered Apps
Multiple
Networks
Flat
Network
APP
DATABASE
WEB
WEB APP DATABASE
Most Requested Network and Security Services
Built-in, logical services that are programmable for easy consumption
by cloud automation solutions.
Firewall Network
Load Balancer Router
Where We Are Today
Create On-
Demand
Leverage Existing
Infrastructure
APP
DATABASE
WEB
Pre-Created, Logical Networks
Applications can be spun up on-demand, using logical networks that have
already been created.
APP DATABASE WEB Routed
Network A.B.C.#
A.B.C.#
NAT
Network
A.B.C.# X.Y.Z.#
Where We Are Today
Create On-
Demand
Leverage Existing
Infrastructure
Pre-created, Firewall Rules
Apps can be added to existing security groups.
APP
DATABASE
WEB
WEB APP DATABASE
APPLICATION
APPLICATION
Where We Are Today
Pre-created, Load Balancer Pool
Apps can be added to existing load balancer pools.
APP
DATABASE
WEB WEB APP DATABASE Services
Edge (Load Balancer)
Services
Edge (Load Balancer)
Create On-
Demand
Leverage Existing
Infrastructure
vCloud Automation Center Extensibility Spectrum Flexibility without Complexity
Key Software-Defined Data Center Capabilities
Hybrid cloud
extensibility
App deployment across
multiple hardware
stacks physical or
virtual
Support for multiple
hypervisors (Hyper-V,
KVM) and clouds
(OpenStack, Amazon
AWS)
Choice
Compute virtualization
Network and security
virtualization
Software-defined
storage
Automated operations
management
Control
Automated Business
Continuity / Disaster
Recovery
Virtualization aware
security and
compliance across
clouds
Management across
private and public
clouds
Operational analytics
Agility
Service provisioning
across multi-platform
multi- cloud
Policy driven
automation
Self-service portal and
catalog
VMware Cloud Service Provisioning Solution
vCloud Automation Center
Business Impact
• Increase customer satisfaction by reducing
service delivery times
• Reduce OPEX - reallocate resources to high
impact projects
• Reduce CAPEX – eliminate over provisioning
and automate resource reclamation
• Improve perception & relevancy of IT
• Automate delivery of Infrastructure and
Desktop as a Service
Rapidly deploy the right size machine at the right service level
Self - Service
IaaS PaaS DaaS XaaS
Cloud Service Provisioning
Heterogeneous Infrastructure
Policy-Based Governance with Automated Delivery
The VMware User Centric, Business Relevant Cloud
Desktop
Production
Dev/Test
vCloud Automation Center Shared Infrastructure
vCloud Automation Center Policy Management
Business
Groups
B
A
C
USERS
A
C
B
A
Authentication & Role-Based
Authorization
Authorized
Users
Resource
Reservations
Cost Profile
A
Tier 1
Public
Physical
Virtual
Shared Infrastructure
Service
Blueprints
A
Requisition
Cost Profile
Provision
Manage
Retire
Public
Physical
Virtual
C
B
B
A
B
A
C
B A
VMware NSX – The Platform for Network Virtualization
VMware NSX Transforms the Operational Model of the Network
• Network provisioning time reduced from 7 days to 30 sec
Reduce network provisioning time from
days to seconds
Cost Savings
• Reduce operational costs by 80%
• Increase compute asset utilization upto 90%
• Reduce hardware costs by 40-50%
Operational Automation
Simplified IP hardware
Choice
• Any Hypervisor: vSphere, KVM, Xen, HyperV
• Any CMP: vCAC, Openstack
• Any Network Hardware • Partner Ecosystem
Any hypervisor Any CMP
with Partner
VMware NSX – Networking & Security Capabilities
Rich Networking & Security Services • Scalable Logical Switching
• Physical to Virtual L2 Bridging
• Dynamic L3 Routing: OSPF, BGP, IS-IS
• Logical Services:
Firewall, Identity-based Firewall, Load-
balancing, VPN (IPSec, SSL, L2VPN)
Automation & Operations • API Driven Integration
• Service Composer for Security Workflows
• Server Access Monitoring
• Troubleshooting & Visibility
Partner Extensibility • Physical ToR L2 Integration
• Security Services – IDS / IPS, AV,
Vulnerability Mgmt
• Network Services – Load Balancers, WAN
Optimization
Any Application (without modification)
Virtual Networks
VMware NSX Network Virtualization Platform
Logical L2
Any Network Hardware
Any Cloud Management Platform
Logical
Firewall
Logical
Load Balancer
Logical L3
Logical
VPN
Any Hypervisor
VMware NSX – Networking & Security Capabilities
Any Application (without modification)
Virtual Networks
VMware NSX Network Virtualization Platform
Logical L2
Any Network Hardware
Any Cloud Management Platform
Logical
Firewall
Logical
Load Balancer
Logical L3
Logical
VPN
Any Hypervisor
Logical Switching– Layer 2 over Layer 3,
decoupled from the physical network
Logical Routing– Routing between virtual
networks without exiting the software
container
Logical Firewall – Distributed Firewall,
Kernel Integrated, High Performance
Logical Load Balancer – Application Load
Balancing in software
Logical VPN – Site-to-Site & Remote
Access VPN in software
NSX API – RESTful API for integration into
any Cloud Management Platform
Partner Eco-System
Comparing vCNS 5.5 to NSX Optimized for vSphere
vCNS (part of vCloud Suite) NSX
Layer 2 - Switching
• Virtual Distributed Switch (vDS),+
VXLAN Overlay, requires multicast in
physical network
• NSX vSwitch
• Complete Network Virtualization Overlay
(no multicast required)
• L2 logical to physical bridging
(VXLAN to VLAN)
Layer 3 – Routing
• Centralized Virtual Router Appliance
• Static Routing
• NAT
• E-W Distributed Routing
• N-S Centralized Routing
• Dynamic Routing (BGP, OSPF)
• Static Routing
• NAT
Firewall Services
• Firewall Virtual Appliance (~2Gbps)
• Virtualization Aware
• Distributed Virtual Firewall
• Kernel enabled line rate (~18+Gbps)
• Virtualization and Identity Aware
• Activity Monitoring
Load Balancer Services • Load Balancer Virtual Appliance • Logical Load Balancer
• Layer 7 rules
• SSL Termination
Virtual Private Network (VPN) • Site-to-Site & Remote Access VPN • Site-to-Site & Remote Access VPN
Hypervisor Support • ESXi • ESXi
Management
• Basic management UI • Full NGC Integration
• Service Composer
• NSX Manager
• NSX API 1
Cloud Management Platforms • vCenter/vCD, vCAC • vCenter/vCD, vCAC, Custom
THIS IS NOT A ROADMAP 1 POC only
Reserving Resources for Each Group
• VXLANs appear as
network paths
in resource reservations
• Security Groups, Load
Balancers
− Can be specified as custom
properties on the reservation or
on the blueprint
VXLANs can be reserved by
Provisioning Group
Current Release: vCloud Automation Center
5.2 with vCloud Networking and Security 5.1
Configuring Service Blueprints
VCAC Blueprint Custom Properties define the
Load Balancer and Security Groups, that will be associated
with the Machine being provisioned.
Current Release: vCloud Automation Center
5.2 with vCloud Networking and Security 5.1
End User Experience
Completely Pre-defined Partially Customizable
Organizations can have users select templates with networking and security that
is completely pre-defined or partially customizable.
FW
FW
LB NW
New Network Profiles
PRIVATE No routes to outside app. Routing only
between networks within app. Can use
distributed router for optimal scalability
and performance.
ROUTED Network addresses are routable (no
private addresses). Routes enabled to
outside application boundary. Routing
inside app supported.
NAT Private addressing for application
networks. External IP is routable. Routing
inside app supported. Supports DNAT
(destination), SNAT (source), 1:1 NAT)
NSX – Existing Logical Switches
NSX – Existing Edge Gateways
NSX – Existing Edge Gateway, Network Interfaces
NSX – Existing Edge Gateway, Dynamic Routing
vCloud Automation Center – Service Catalog
vCloud Automation Center – Multi-Machine Blueprint (Request)
vCloud Automation Center – Multi-Machine Blueprint (Manage)
vCloud Automation Center – Manage Network for Blueprint
NSX – Networks Created On-Demand by vCloud Automation Center
NSX - Logical Router Created On-Demand by vCloud Automation Center
NSX – Network Interfaces Configured by vCloud Automation Center
NSX – VM Connected to Network by vCloud Automation Center
NSX – VMs Placed in Security Groups Protected by Firewall Rules, by vCloud Automation Center
vCloud Automation Center – Reservations
NSX – VMs Placed in Security Groups by vCloud Automation Center
vCloud Automation Center – Scale Blueprint by Adding VM
vCloud Automation Center – Specify Load Balancer Rules
vCloud Automation Center – Specify Virtual IP for Load Balancer Rule
NSX – Load Balancer Rules Configured by vCloud Automation Center
vCloud Automation Center – Two Different Networks for Multi-Machine Blueprint
vCloud Automation Center – Network Profile for Private Network
vCloud Automation Center – IP Addressing for Private Network Profile
vCloud Automation Center – Network Profile for NAT
vCloud Automation Center – Load Balancer Configuration
NSX – Multiple Logical Routers Created by Different Blueprints from vCloud Automation Center
NSX – NAT Configured by vCloud Automation Center
NSX – NAT Firewall Rule Configured by vCloud Automation Center
vCloud Automation Center – Blueprint with Flat, Logical Switch (Network)
vCloud Automation Center – Configure Flat Network
vCloud Automation Center – Add Load Balancer to Blueprint with Flat Network