GAMO VMware vCloud Air

download GAMO VMware vCloud Air

of 32

  • date post

    28-Jan-2018
  • Category

    Technology

  • view

    419
  • download

    1

Embed Size (px)

Transcript of GAMO VMware vCloud Air

  1. 1. 2016 VMware Inc. All rights reserved. Slovak Defined Data Center GAMO - VMware vCloud Air Network Customer Presentation Frantisek Ferencik, Systems Engineer 10.5.2016 Hosted infrastructure services based on vSphere, the leading server virtualization platform IaaS Powered
  2. 2. GAMO Cloud Customer Benefits Hybridity Security & Compliance Data Sovereignty CONFIDENTIAL 2
  3. 3. Unlock the flexibility to move existing and future workloads from on- premises environments to public clouds and back again for a true hybrid cloud experience Ensure compatibility with services based on the same VMware platform you already use Customer Benefits: Hybridity CONFIDENTIAL 3
  4. 4. Bypass risk and uncertainty with clouds offering compliance certifications and built-in standards for security and reporting to meet business and industry requirements Trust the inherent isolation provided by vSphere as well as the network virtualization and per VM security policies provided by NSX Customer Benefits: Security & Compliance CONFIDENTIAL 4
  5. 5. National cloud give you the peace of mind of knowing exactly where your data is being stored and transferred Cloud provider keep data and applications local for simplified adherence to national data security and privacy regulations Customer Benefits: Data Sovereignty CONFIDENTIAL 5
  6. 6. Pre-Hypervisor Challenges 6 OS : Physical Hardware mapping is 1:1 Higher Scale = More Hardware Resources Mostly Underutilized Network Configurations are mostly Manual Security = Perimeter Pre-Hypervisor L2 + L3 Application OS x86 Storage Network Interface Physical Gateway + Router Firewall, VPN
  7. 7. Virtualization of x86 resolves some issues 7 1:1 mapping between OS & Hardware Scale = more hardware Under Utilized resources Manual Configurations Perimeter Security Pre-Hypervisor L2 + L3 Application OS x86 Storage Network Interface Physical Gateway + Router Firewall, VPN 1:X mapping between OS & Hardware Scale != more Hardware Optimized Resource Consumption Addition of Manual Routes X # Firewall Rules Choke Points No Cross vSwitch Security Perimeter Security Post-Hypervisor Virtual L2 L3 Hypervisor x86 Storage Network Interface Physical Gateway + Router Firewall, VPN VM VMVMVM vSwitch
  8. 8. Hypervisor + NSX Virtual L2 + L3 Hypervisor x86 Storage Network Interface Physical Gateway + Router Firewall, VPN VM VMVMVM vSwitch Abstracts Physical Networking Services 8 Pre-Hypervisor L2 + L3 Application OS x86 Storage Network Interface Physical Gateway + Router Firewall, VPN Virtual Gateway + Router Virtual Firewall, VPN Hypervisor NSX Post-Hypervisor Virtual L2 L3 Hypervisor x86 Storage Network Interface Physical Gateway + Router Firewall, VPN VM VMVMVM vSwitch Decouple Network Services
  9. 9. NSX is fundamental to the SDDC 9 The software-defined data center (SDDC) is crucial to the long-term evolution of an agile digital business, according to Gartner, Inc. Gartner predicts that the programmatic capabilities of the SDDC will be considered a requirement for 75 percent of Global 2000 enterprises by 2020. Static Rigid / fragile Prone to security issues Expensive Hard to change Manual Data centers of today Benefits of the SDDC NSX is fundamental to the SDDC VMware and NSX are best positioned to deliver the SDDC to organizations because we are positioned at the right place in the data center to enable the benefits of the SDDC. Without NSX, the benefits of the SDDC cant be realized. Dramatically higher efficiency and lower costs Application provisioning in minutes The right availability and security for every application App and workload mobility
  10. 10. Provides A Faithful Reproduction of Network & Security Services in Software Switching Routing Firewalling Load Balancing VPN Connectivity to Physical What is NSX? 11
  11. 11. Construct Network Services in Virtual Layers 12 Provider Peripheral Network Infrastructure SwitchingRouting Firewalling Load Balancing VPN Decouple Network Services Decouple Network Services Core infrastructure backbone is agnostic of network demands at the virtual data centers Flexibility of Operations Consumer serviced networks Defined Micro-segments for various workloads Consumer End Customer Network Infrastructure Virtual Data Center VM VM VM Priv ate Network (192.168.50.0/24) VM VM VM DMZ Network (192.168.52.0/24) Virtual Data Center VM VM VM Priv ate Network (192.168.50.0/24) VM VM VM DMZ Network (192.168.52.0/24) Virtual Data Center VM VM VM Priv ate Network (192.168.50.0/24) VM VM VM DMZ Network (192.168.52.0/24) Provider
  12. 12. Physical Firewall Rules VMs in Data Center VM VM VM VM VM VM VM VM VM With NSX DFW Lower Perimeter Firewall requirements and cost 13 Lower # of Physical Firewalls VMs in Data Center VM VM VM VM VM VM VM VM VM Physical Firewall Without NSX DFW Distributed Firewall Rules VM with Security Policy VM with Default Security Policy VM VM Rules
  13. 13. Lower Routing equipment requirements and cost 14 Lower # of Routers VMs in Data Center Physical Routers VM VMVM vSwitch3 VMs in Data Center Physical Routers VM VMVM vSwitch3 VM VMVM vSwitch1 VM VMVM vSwitch2 Distributed Routing + Edge Gateway VM VMVM vSwitch1 VM VMVM vSwitch2 Distributed Routers
  14. 14. Distributed Logical Router .1 .1 .1 .1 App Logical Switch 172.16.20.0/24 DB Logical Switch 172.16.30.0/24 .2 Perimeter Gateway Control Center 192.168.110.10 Web Logical Switch 172.16.10.0/24 Micro-Segmentation/Inside Perimeter Security Zero Trust Model VM fin-web- sv-02b .12.11 fin-web- sv-01a VM VM hr-web- sv-02b .22.21 hr-web- sv-01a VM VM .11 fin-app-sv-01a VM .21 hr-app-sv-01a VM .11 fin-db-sv-01b VM .21 hr-db-sv-01b VM Finance HR TCP 1234 SSH Traffic from WEB tier to APP tier (per organization) protected by DFW MySQL Traffic from APP tier to DB tier (per organization) protected by DFW HTTP HTTPS Traffic from USER to WEB Tier protected by DFW 15
  15. 15. Distributed networking services allow better performance and modelling 16
  16. 16. NSX and vCloud Director Use Cases NSX functionality can be consumed out of band from vCD to enable provider side use cases Enables providers to deliver value added services to their cloud consumers Does not require direct product integration Can be automated for rapid provisioning or even self-service CONFIDENTIAL 17 Use Case Benefit NSX Components L2VPN & L2 Bridging Cloud Bursting Cloud Migration Network Extension Disaster Recovery as as Service NSX Edge Gateway NSX L2 Bridging Micro-segmentation of provider managed networks Securely provide network based services to tenants, eg: Backup Monitoring Patching NSX Distributed Firewall SpoofGuard Guest/Network Introspection NSX Partners Services Agentless guest and network based services from NSX Partners, eg: Anti Virus IDS/IPS NSX Service Composer Partner Ecosystem Gateway Virtualization Virtualize network functions on commodity x86 hardware Common interface and vendor across all services NSX Edge Gateway VXLAN
  17. 17. Y SSL secured L2 extension technology over any IP network Separate NSX Edge GWs run as server & client Independent of vCenter Server boundaries Managed and Unmanaged options UI and API based configuration Able to bridge any combination of VLAN or VXLAN networks No specialized hardware required (will leverage AES-NI CPU instruction set where available) Supports both Enterprise and Hybrid Cloud use cases Features Benefits NSX and vCloud Director L2 VPN CONFIDENTIAL 18 Internet / WAN Enterprise NSX Edge Services GW L2VPN Client NSX Edge Services GW L2VPN Server Internet / WAN Public Cloud Hybrid Cloud NSX Edge Services GW L2VPN Client NSX Edge Services GW L2VPN Server
  18. 18. NSX and vCloud Director L2 Bridging NSX L2 Bridging Physical to Virtual connectivity Intra-DC Migration & IP Mobility CONFIDENTIAL 19 Tenant 1 Servers & VMs (VLAN 10) Tenant 2 Servers & VMs (VLAN 20) Bridging Instance Tenant 1 (VXLAN 5000 to VLAN 10) Bridging Instance Tenant 2 (VXLAN 5001 to VLAN 20) VXLAN 5000 VXLAN 5001 vCloud Director & NSX Managed Resources Colocation Resources VXLAN VLAN L3 Physical Network
  19. 19. NSX and vCloud Director Secure Provider Services NSX enables Provider managed services to be attached to VMs (Monitoring, Backup, etc.) All VMs are attached to a common Service Network NSX Distributed Firewall and SpoofGuard enforce security and isolation CONFIDENTIAL 20 Edge Gateway VM VM VM VM VM VMVM VM Org 2 Org 1 Net Org 2 Net App X Net Provider Routers App Y Net App Z Net App K Net vApp X vApp Y vApp Z vApp K NSX Edge NSX Edge Internet/WAN External Net Monitoring Service Backup Service Patching Service Common Services Net Tenant 1 Managed Org 1 Tenant 2 Managed Provider Managed
  20. 20. NSX and vCloud Director Value Added Services Both native NSX and 3rd party Solutions can be added as Value Added Services (VAS) NSX Service Composer allows Providers to deliver VAS on a per-Tenant or per-VM basis 21 Data Security Firewall Activity Monitoring Anti VirusVulnerability Management IPS/IDS Different service categories from several vendors are supported
  21. 21. Hyper-Converged Infrastructure Architecture 22 HYPER-CONVERGED SOFTWARE Compute, storage and networking Tightly integrated software stack INDUSTRY-STANDARD HARDWARE Convergence of physical storage on x86 hardware Building-block approach
  22. 22. Industry-Leading Hyper-Converged Software 23 From the market leader in virtualization software and management VMware Hyper-Converged Software x86 Server Hardware vSphere vCenter Virtual SAN VMware Hyper-Converged Software Market-leading hypervisor Radically simple enterprise-class storage Most flexible depl