AWS? Understand Application, Network and or distribution ... · Identify Application Security...
Transcript of AWS? Understand Application, Network and or distribution ... · Identify Application Security...
Manish Bhaskar, Brandon Wagoner, Sean O’Dell
MMC3062BU
#VMworld #MMC3062BU
Migrating Applications to AWS? Understand Application, Network and Security Dependencies with Network Insight Service- Cardinal Health Story
VMworld 2017 Content: Not fo
r publication or distri
bution
• This presentation may contain product features that are currently under development.
• This overview of new technology represents no commitment from VMware to deliver these features in any generally available product.
• Features are subject to change, and must not be included in contracts, purchase orders, or sales agreements of any kind.
• Technical feasibility and market demand will affect final delivery.
• Pricing and packaging for any new technologies or features discussed or presented have not been determined.
Disclaimer
2#MMC3062BU CONFIDENTIAL
VMworld 2017 Content: Not fo
r publication or distri
bution
Agenda
#MMC3062BU CONFIDENTIAL 3
1 VMware Cloud Services Overview
2 Network Insight Service Overview
3 Cardinal Health story
4 Demo
5 Q&AVMworld 2017 Content: Not fo
r publication or distri
bution
Cloud Adoption
#MMC3062BU CONFIDENTIAL 4
PUBLIC
CLOUD
ADOPTIO
N
50% of workloads will
be in the public
cloud by 2030
48% already using
multiple clouds
Source: Dimensional Research, Feb 2016
Organizations are now adopting multiple clouds at scale
VMworld 2017 Content: Not fo
r publication or distri
bution
VMware Cloud Services
Manage, Govern and Secure Public and Private Cloud Apps
7
Discovery
Cost Insight
NSX Cloud
Network Insight
AppDefense
Wavefront
ON PREMISES DATA CENTER
Visibility into apps and resources they consume. Analyze usage and utilization across clouds.
Accounting and cost optimization for multiple clouds. Track and analyze your costs and trends.
Secure networks with micro-segmentationCreate private networks within or across clouds.
Operational visibility, control, and compliance across clouds. Optimize performance, health, and availability.
Metrics-driven monitoring and real-time analytics.
Governance for running workloads.
#MMC3062BU CONFIDENTIAL
VMworld 2017 Content: Not fo
r publication or distri
bution
Virtual Network
Operations
Visibility and Trouble
ShootingSecurity and Planning
Visualize | Plan | Secure | Operate | Troubleshoot
#MMC3062BU CONFIDENTIAL 9
Converged 360 Network
Visibility & Analytics
Ensure health and availability of
NSX deploymentsApplication Flow Analysis and
Micro-Segmentation
On-premises data center
• Analyze application behavior and dependencies
• Plan micro-segmentation
• Ensure security compliance
• Discover vSphere, NSX, AWS VPC, security groups, physical infra
• Troubleshoot network connectivity between VMs
• Change tracking with alerts
• Visualization, topology and health at scale
• Configuration deployment support and ensure best practices
• Quick NSX issue resolution VMworld 2017 Content: Not fo
r publication or distri
bution
Expansive Data Source Support
• VMware virtualization
• Public Clouds
• Firewall Infrastructure
• Physical Networking
• Converged Infrastructure
#MMC3062BU CONFIDENTIAL 10
VMworld 2017 Content: Not fo
r publication or distri
bution
Data Collection Requirements
#MMC3062BU CONFIDENTIAL 11
Private CloudData Collector
• Data Center to Cloud
communication (one way)
• Appliance installed as a
OVF
• One time secret key for
security
• AWS API access via
access/secret key
• VPC flow logs via log
group
Network Insight Service
VMworld 2017 Content: Not fo
r publication or distri
bution
About Cardinal Health
13
• #15 on the Fortune 500
• Medical/Pharmaceutical distribution
• 50,000+ Employees
• 125 locations globally w/ virtual infrastructure
Public cloud
• 10 accounts
• 25-30 VPCs across 4 AZs
• 1000+ instances
Private cloud
• 9 VCs
• 950+ ESXi hosts
• 10K VMs
• 1400 Applications
#MMC3062BU CONFIDENTIAL
VMworld 2017 Content: Not fo
r publication or distri
bution
Business Context
14
• New projects looking to leverage cloud technologies
• A phased lift and shift strategy Multiple Cloud Workstreams
• Used internally developed questionnaire
• Relied heavily on tribal knowledge
• Identified gaps in application team knowledge
Initial Migrations
• Manual effort and time to discover and fix
• Production outages creates problemsPost Migration Issues
• Expand to other clouds like Azure/GCP
• Enable automation Future Vision
#MMC3062BU CONFIDENTIAL
VMworld 2017 Content: Not fo
r publication or distri
bution
15
Public CloudEast-West
North-South
DATA CENTER PERIMETER
A shift towards SDDC and Hybrid Applications
Past – Most
communication
within data center
East-West
New
communication
patterns equals
new security
policies
Hybrid apps split
between private
and public cloud
#MMC3062BU CONFIDENTIAL
VMworld 2017 Content: Not fo
r publication or distri
bution
Challenges
16
• No single source of truth for application information
• Application owners have inconsistent levels of
knowledge of their application landscape
• Lack comprehensive visibility into application
communication patterns
• Ability to maintain consistent security posture
across clouds
#MMC3062BU CONFIDENTIAL
VMworld 2017 Content: Not fo
r publication or distri
bution
Perspective on Network Insight Service
17
• Provide application visibility with dependencies
– Starting point for communication with application owners (like ports, source/destination IP etc..)
– Verification of application communication information and patterns
• Single pane of visibility across clouds
• Secure and optimize communication paths with firewall rules and policies
#MMC3062BU CONFIDENTIAL
VMworld 2017 Content: Not fo
r publication or distri
bution
Request Access @ cloud.vmware.com
Visit Cloud.vmware.com
19#MMC3062BU CONFIDENTIAL
VMworld 2017 Content: Not fo
r publication or distri
bution
Sessions, Booth and Theatre Presentations forVMware Cloud Services
20
Session # Session Title Type Speakers
MMC1464QUHow to Use CloudFormations in vRealize Automation to Build Hybrid Applications That
Span and Reside On-Premises & on VMware Cloud on AWS and AWS Cloud Quick Talk Vijay Raghavan, Manu Prasanna
MMC1532BUUsing VMware NSX for Enhanced Networking and Security for AWS Native Workloads:
Part 2 Breakout Session Amol Tipnis, Percy Wadia
MMC2046BUUsing VMware NSX for Enhanced Networking and Security for AWS Native Workloads:
Part 1 Breakout Session Amol Tipnis, Percy Wadia
MMC2820BU Deploying Applications into AWS EC2 with VMware Cross-Cloud Services Breakout Session Bahubali Shetti, Dan Illson
MMC2877BUDeep Dive into Cost Insight: Understand, Analyze, and Optimize Your Cloud Expenses
(Cross-Cloud Service) Breakout Session Kumar Gaurav, Kameswaran Subramanian
MMC2884GULive Demo: Search driven log analytics SaaS for troubleshooting vSphere, VSAN and
NSX issues using machine learning algorithms Group Discussion Karl Fultz, Manish Bhaskar, Steven Flanders
MMC2888GU How We’ve Accelerated Innovation While Keeping Our Cloud Spending in Check Group Discussion Burt Toma
MMC3112BUIdentify Application Security Vulnerabilities and Troubleshoot Network Issues Across
AWS EC2 and vSphere VMs: Fox Media Story and demo Breakout Session Manish Bhaskar, Anuj Jaiswal
MMC3066BUHow Do You Use Network Insights' SaaS to Secure Multitier Hybrid Apps Running on
vSphere, VMware Cloud on AWS, and AWS Native? Breakout Session Sean O'Dell, Anuj Jaiswal
MMC3074BU3 ways to use VMware’s new Cross-Cloud SaaS Services to efficiently run workloads
across AWS, Azure and vSphere: VMware and Customer technical session Breakout Session Jason Walker, Burt Toma
MMC3110PUHow IT Can Enable Development Teams to Build Apps on AWS, Azure, and VMware
Without Compromising on Costs and Security Panel Discussion Mark Leake, Ben Mitchell
#MMC3062BU CONFIDENTIAL
VMworld 2017 Content: Not fo
r publication or distri
bution