LHC2105BE NSX and VMware Cloud on AWS: The Path to … · NSX and VMware Cloud on AWS: The Path to...

Ray Budavari, Sr Staff Technical Product Manager NSX

LHC2105BE

#VMworld #LHC2105BE

NSX and VMware Cloud on AWS: The Path to Hybrid Cloud

VMworld 2017 Content: Not fo

r publication or distri

bution

• This presentation may contain product features that are currently under development.

• This overview of new technology represents no commitment from VMware to deliver these features in any generally available product.

• Features are subject to change, and must not be included in contracts, purchase orders, or sales agreements of any kind.

• Technical feasibility and market demand will affect final delivery.

• Pricing and packaging for any new technologies or features discussed or presented have not been determined.

Disclaimer

2#LHC2105BE CONFIDENTIAL



bution

Session Objectives – NSX and VMC: The Path to Hybrid Cloud

• Understand the different use cases and functionality for networking and security in VMware Cloud on AWS

– LHC2103BU: NSX and VMware Cloud on AWS: Deep Dive session will cover the technical implementation details

• See cool demos showcasing networking in VMware Cloud on AWS

• Learn how to take a phased approach to leveraging Hybrid Cloud capabilities




bution

Agenda – NSX and VMC: The Path to Hybrid Cloud

1 VMware Cloud on AWS Overview

2 Phase 1: Standalone VMC

3 Phase 2: Secure Connectivity

4 Phase 3: Hybrid Management

5 Phase 4: Native Cloud Services

6 Phase 5: Workload Mobility

7 Q&A

4



bution

VMware Cloud on AWS Overview



bution

VMware Cloud on AWS: Enabling Hybrid Cloud

Leading compute, storage and

network virtualization capabilities

Support for broad range of

workloads

De-facto standard for the

enterprise DC

Flexible consumption economics

Broadest set of cloud services

Global scale and reach

#LHC2105BE CONFIDENTIAL 6



bution

VMware Cloud on AWS

7

AWS Global Infrastructure

VMware Cloud™ on AWS

AWS Global InfrastructureCustomer Data

Center

vSphere vSAN NSX

Operational

ManagementNative AWS

Services

vRealize Suite, ISV ecosystem

vCentervCenter

• VMware SDDC running on AWS bare metal

• Sold, operated and supported by VMware

• Support for all VM types

• On-demand capacity & flexible consumption

• Operational consistency with on-premises

SDDC

• Workload portability and hybrid operations

• Global AWS footprint, reach, availability

• Direct access to native AWS services

Service Highlights

#LHC2105BE CONFIDENTIAL



bution

VMware Cloud on AWSPath to Hybrid



bution

VMware Cloud on AWS – Hybrid Cloud Phases

Phase 5:Workload Mobility

Phase 4:Native Cloud

Services

Phase 3:Hybrid

Management

Phase 2:Secure

Connectivity

Phase 1:Standalone

Public Cloud (VMC)

Capabilities




bution

Phase 1: Standalone VMCNetworking and Security



bution

VMware Cloud on AWS – Standalone SDDC

12

VMware software deployed on dedicated AWS - Elastic Bare Metal hardware

VMware Cloud

NSX

Manager

ESXi …

MGW CGW …

ESXi

ESXi

ESXi …

Fully configured VMware software stack

running on AWS infrastructure provisioned

on-demand

Latest Software

• VCSA, ESXi, NSX, VSAN, H5 Client

Dynamic Capacity

• DRS/HA Compute Cluster

• VSAN Storage Cluster

• NSX Network Virtualization

Prescriptive Topology

• Stand Alone Cloud Cluster

• Hybrid Connectivity to on-premises

• Secure by Default Policy

Overview

vCenter

Server

NSX

Controllers

VM

VM

VM

VM

VM

VM

Operate

VPN VPN




bution

Standalone VMC – Topology

Software Defined Data Center (SDDC)

Management

Network

Management GW

(NAT, FW, VPN)

VMware Cloud

on AWS

Compute GW

(NAT, FW,

VPN, DHCP)

DB: 192.168.103.0/24Web: 192.168.101.0/24

On-PremGateway

Customer DC

On-Prem Mgmt

On-Prem

Workloads

Internet

Internet GW

East-West

North-South

Customer VPC

VPC Endpoints

Internet GW

VPC subnets

Amazon

S3

EC2 Instances

Compute Traffic

DLR

App: 192.168.102.0/24

VPC route

table

192.168.101.0

192.168.102.0

192.168.103.0




bution

DemoSDDC DeploymentNetwork & Security Consumption in VMC

14



bution

Standalone VMC – Key Points

15

▪ Run VMware software using a cloud like consumption model, while retaining the familiar vSphere experience

▪ Provision standalone workloads in Cloud supporting both East/West and North/South network connectivity requirements

▪ VMC supports flexible network topologies: Single or Multi tier applications

▪ Stateful Perimeter Firewalling and NAT services for Management & Compute workloads provided by NSX




bution

Phase 2: Secure ConnectivityConnecting to On-Premises



bution

Secure Connectivity – IPsec VPN

• IKEv1

• PFS DH2,DH5,DH14,DH15,DH16

• PSK authentication

• SHA1

• Encryption – AES-CBC (128, 256), AES-CGM (128), 3DES-CBC (192)

• NAT Traversal, Dead Peer Detection

• UI & API based Configuration

• Interoperable IPsec implementation tested with all major vendors

NSX IPsec VPN Features

• AES-NI H/W Offload

• 2+ Gbps throughput per edge

Performance

• Site to Site VPN

• Securely Connect VMC to On-Premises DC

Use Cases

17

Internet / WAN

VMC on AWS

Hybrid Cloud

VPN

VMware Cloud on AWS

NSX Edge

IPsec VPN

Tunnel

IPsec VPN

Tunnel

IPsec VPN

Tunnel

IPsec VPN

Tunnel

Remote Gateway Remote Gateway

Remote GatewayRemote Gateway




bution

Secure Connectivity– Topology


Management

Network

Management GW

(NAT, FW, VPN)

VMware Cloud

on AWS

Compute GW

(NAT, FW,

VPN, DHCP)

DB: 192.168.103.0/24Web: 192.168.101.0/24

On-PremGateway

Customer DC

On-Prem Mgmt

On-Prem

Workloads

Internet

Internet GW

Customer VPC

VPC Endpoints

Internet GW

VPC subnets

Amazon

S3

EC2 Instances

Management Traffic

Compute Traffic

DLR

App: 192.168.102.0/24

VPC route

table

192.168.101.0

192.168.102.0

192.168.103.0




bution

DemoVPN Connectivity

19



bution

Secure Connectivity – Key Points

20

▪ IPsec VPN enables secure management and workload access from VMCto on-premises

• Provides choice of Remote Gateway:

– Physical or Virtual form factor

– From any standards compliant vendor

• VMC leverages NSX Edge for networking services

▪ VMware has validated common VPN devices for interoperability

▪ In addition whitepapers will be published with VMC Partners




bution

Phase 3: Hybrid ManagementCentralized Management



bution

Hybrid Linked Mode

22

▪ Single pane of glass for Hybrid Cloud Management

▪ Hybrid Linked Mode provides operational consistency

▪ On-Premises vCenter connects to SDDC vCenters

▪ Decouple version dependencies between Cloud and

On-Premises

▪ Support Cross-Cloud vMotion in Future Releases




bution

vCenter Content Library

23

▪ Automatically synchronize content across

cloud instances and on-premises

▪ Distribute your content effortlessly

▪ OVA

▪ ISO Images

▪ Scripts

▪ Templates

SUBSCRIBERVMC SDDC

ON-PREMSDDC

SUBSCRIBERVMC SDDC




bution

Hybrid Management – Topology


Management

Network

Management GW

(NAT, FW, VPN)

VMware Cloud

on AWS

Compute GW

(NAT, FW,

VPN, DHCP)

DB: 192.168.103.0/24Web: 192.168.101.0/24

On-PremGateway

Customer DC

On-Prem Mgmt

On-Prem

Workloads

Internet

Internet GW

Customer VPC

VPC Endpoints

Internet GW

VPC subnets

Amazon

S3

EC2 Instances

Hybrid Management

DLR

App: 192.168.102.0/24

VPC route

table

192.168.101.0

192.168.102.0

192.168.103.0




bution

DemoHybrid Linked Mode & Content Library

25



bution

Hybrid Management – Key Points

26

▪ Leverage secure connectivity to use VMC as an extension of your on-premises environment

▪ Consistent Management enabled through:

▪ Hybrid Linked Mode

▪ Content Library

▪ Using the same interfaces (UI and API) across both environments

▪ Supports different administrative domains:

▪ Software Versions

▪ SSO Configuration




bution

Phase 4: Native Cloud ServicesConnected AWS VPC through ENIs



bution

AWS VPC Connectivity

28

Compute GW

(NAT, FW,

VPN, DHCP)

192.168.101.0/24 192.168.102.0/24

Customer VPC

VPC Endpoints Internet GW

VPC subnets

Amazon

S3

EC2 Instances

DLR

• High BW connectivity to AWS Service

• One VPC connection support

• Access to EC2 Instance and S3 endpoint at IA

• Establishing Connectivity through ENIs

• Access control using AWS Security Group and CGW FW

Overview

• Optimized access to AWS services without transit charges

Benefits

• Establish connectivity between traditional and cloud native applications

• Utilize S3 object storage for backup and other use cases

Use Cases

VPC Router

VPC Connectivity throughENI

VMC SDDC

VMware

Cloud on

AWS




bution

Native Cloud Services – Topology


Management

Network

Management GW

(NAT, FW, VPN)

VMware Cloud

on AWS

Compute GW

(NAT, FW,

VPN, DHCP)

DB: 192.168.103.0/24Web: 192.168.101.0/24

On-PremGateway

Customer DC

On-Prem Mgmt

On-Prem

Workloads

Internet

Internet GW

Customer VPC

VPC Endpoints

Internet GW

VPC subnets

Amazon

S3

EC2 Instances

Optimized VPCConnectivity

Hybrid Management

Access to AWSServices

DLR

App: 192.168.102.0/24

VPC route

table

192.168.101.0

192.168.102.0

192.168.103.0




bution

DemoAccess to Native AWS Services

30



bution

Native Cloud Services – Key Points

31

▪ Enabled as part of the Technical Partnership between VMware and AWS

▪ Unique capability to VMware Cloud on AWS

▪ Access AWS native services without transit charges

▪ High Bandwidth, optimized connectivity

▪ Enables new use cases for cloud consumption from VMC workloads




bution

Phase 5: Workload MobilityFuture Releases



bution

NSX L2VPN

• SSL secured L2 extension over any IP network

• Multiple management domains

• Can co-exist with existing default gateway

• No specialized hardware required

• Long Distance / High Latency connectivity

• Supports Client site with or without NSX

NSX L2VPN Features

• Supports up to 750Mbps per tunnel

• AES-NI supported if available

Performance

• Data Center Migrations (P2V, V2V, VLAN2VXLAN)

• Disaster Recovery & Testing

• Cloud Bursting & Onboarding

• Limited VM Mobility

Use Cases

33

SSLL3

NetworkRemote

GatewaysAWS

Gateways

Site A

Networks

Site B

Networks

SSL

L2 Extensions

On-Prem DC VMC on AWS

L2VPNClient

L2VPNServer

VM

VM

VM

VM

VM

VM

VM

VM VPNVPN

SSLL3

NetworkRemote

GatewaysAWS

Gateways

Site A

Networks

Site B

Networks

SSL

L2 Extensions

On-Prem DC VMC on AWS

L2VPNClient

L2VPNServer

VM

VM

VM

VM

VM

VM

VM

VM VPNVPN

OVA

VPN

Managed or Unmanaged L2VPN Client

NSX Manager




bution

Workload Mobility – Topology


Management

Network

Management GW

(NAT, FW, VPN)

VMware Cloud

on AWS

Compute GW

(NAT, FW,

VPN, DHCP)

DB: 192.168.103.0/24Web: 192.168.101.0/24

On-PremGateway

Customer DC

On-Prem Mgmt

On-Prem

Workloads

Internet

Internet GW

Customer VPC

VPC Endpoints

Internet GW

VPC subnets

Amazon

S3

EC2 Instances


Management Traffic

Hybrid Management

DLR

App: 192.168.102.0/24

VPC route

table

192.168.101.0

192.168.102.0

192.168.103.0

NetworkExtension




bution

DemoWorkload Mobility via Network Extension

35



bution

Workload Mobility – Key Points

36

▪ Leverage NSX L2VPN (even without NSX on-premises) to enable migration use cases:

▪ Cold Migration

▪ vMotion

▪ Disaster Recovery

▪ Cloud Bursting

▪ Move workloads to and from VMC while retaining IP Addressing

▪ Flexible deployment model

▪ Any network combination of VLAN and VXLAN supported




bution

Network Services in VMC on AWS


Management

Network

Management GW

(NAT, FW, VPN)

VMware Cloud

on AWS

Compute GW

(NAT, FW,

VPN, DHCP)

DB: 192.168.103.0/24Web: 192.168.101.0/24

On-PremGateway

Customer DC

On-Prem Mgmt

On-Prem

Workloads

Internet

Internet GW

East-West

North-South

Customer VPC

VPC Endpoints

Internet GW

VPC subnets

Amazon

S3

EC2 Instances


Management Traffic

Hybrid Management

Compute Traffic

Access to AWSServices

DLR

App: 192.168.102.0/24

VPC route

table

192.168.101.0

192.168.102.0

192.168.103.0




bution

VMware Cloud on AWS and NSX – Summary

• VMware Cloud on AWS is a major initiative for VMware

• Extends key SDDC capabilities to Public Cloud

• VMC can accelerate and simplify your adoptionof Public Cloud

• Enables Hybrid Cloud with flexibility

• Choose the path that is right for you




bution



bution

Questions




bution

Ray Budavari, @rbudavari



bution

LHC2105BE NSX and VMware Cloud on AWS: The Path to … · NSX and VMware Cloud on AWS: The Path to...

Documents

Transcript of LHC2105BE NSX and VMware Cloud on AWS: The Path to … · NSX and VMware Cloud on AWS: The Path to...