MMC2046BU Using VMware NSX Cloud for Enhanced or …...Percy Wadia Amol Tipnis MMC2046BU #VMworld...

Percy WadiaAmol Tipnis

MMC2046BU

#VMworld #MMC2046BU

Using VMware NSX Cloud for Enhanced Networking and Security for AWS Native Workloads: Part 1

VMworld 2017 Content: Not fo

r publication or distri

bution

• This presentation may contain product features that are currently under development.

• This overview of new technology represents no commitment from VMware to deliver these features in any generally available product.

• Features are subject to change, and must not be included in contracts, purchase orders, or sales agreements of any kind.

• Technical feasibility and market demand will affect final delivery.

• Pricing and packaging for any new technologies or features discussed or presented have not been determined.

Disclaimer

#MMC2046BU CONFIDENTIAL 2



bution

Agenda

1 VMware Cloud Services

2 Introducing NSX Cloud

3 Key Customer Challenges

4 NSX Cloud Service Approach

5 Next Steps

3#MMC2046BU CONFIDENTIAL



bution

Consistent InfrastructureVM Infrastructure • Container Infrastructure

Consistent OperationsManagement and Operations • Across Clouds

VMware Cloud Infrastructure Public Cloud IaaS

VISIBILITY OPERATIONS AUTOMATION SECURITY GOVERNANCE

Cloud Management

VMware Cloud Services

Cloud Native AppsTime to market • Innovation • Scale • Differentiation

Existing AppsReduce Costs • Security • Reliability • Control

CONTAINERSVIRTUAL MACHINES

VMware CloudRun, Manage, Connect, Secure Any App on Any Cloud to Any Device

VMware Cloud on AWSfor VMware



bution

VMware Cloud ServicesManage, Govern and Secure Public and Private Cloud Apps

Discovery

Cost Insight

NSX Cloud

Network Insight

AppDefense

Wavefront

ON PREMISES DATA CENTER

Visibility into apps and resources they consume. Analyze usage and utilization across clouds.

Accounting and cost optimization for multiple clouds. Track and analyze your costs and trends.

Secure networks with micro-segmentationCreate private networks within or across clouds.

Operational visibility, control, and compliance across clouds. Optimize performance, health, and availability.

Metrics-driven monitoring and real-time analytics.

Governance for running workloads.VMworld 2017 Content: Not fo


bution

Key Challenges In Public Clouds

6

AWS Account 1

Cloud Network Admin Cloud Security Admin

DevOps / Developer

Extending enterprise network to cloud

Lack of visibility in cloud traffic flows

Remain focused on Application development and deployment

Security policy consistency across hybrid

Dev-ops compliance to enterprise security policies

Leverage enterprise operational tools



bution

VMware NSX Cloud

7

Visibility across clouds

Unified security policy

Network Portability

Consistent Operations VPC

AppWeb DB AppWeb DB

VNET

VMware NSX Cloud

ConsistencyVisibility Security Networking

AppWeb DB

VPC

Consistent networking and security for applications running natively in public clouds



bution

Visibility into your cloud environment becomes challenging ...

8

DevOps – 1

Cloud Admin

AWS Account 1

How do I consistently know what I am managing and securing...

Within my VPC?

Web App DB Web App DB

...


...

VPC



bution

... With VPC Sprawl increasing the complexity ...

9

DevOps – 1


Across VPCs within an Account?


...


...

VPC C


...


...

VPC B

AWS Account 1


...


...

VPC A

Cloud Admin



bution

... Adding the multiple cloud accounts exacerbates the challenge

10

DevOps – 1

DevOps – 2

DevOps – 3


Across multiple Accounts?


...


...

VPC C


...


...

VPC B

AWS Account 3


...


...

VPC A Web App DB Web App DB

...


...

VPC C


...


...

VPC B

AWS Account 2


...


...

VPC A Web App DB Web App DB

...


...

VPC C


...


...

VPC B

AWS Account 1


...


...

VPC A



bution

Demo: Visibility through VMware NSX Cloud Service Manager

11



bution

12

Single Inventory View across all

accounts and all VPCs

Operational network / security status of

every VM enables Rapid Response

1: A Single Pane of Glass across all VPCs, all accounts ...



bution

... And eventually, across all clouds

13

FUTURES

Manage and Monitor your cloud across AWS and Azure from a

single, consolidated inventory view in NSX Cloud



bution

AWS VPC 3 Security Groups



VPC 3

...Web App DB Web App DB

VPC 2

...

Cloud Security controls are different... with their own limitations

14

• Multiple VPCs create multiple security touch-points

• Cloud Security Resource Limitations inhibit consolidation

• Static Group membership and IP-address rules require coordination at deployment

• Cloud Operational framework Inconsistent from On-premise

AWS Account 1

Cloud Admin


VPC 1

...




bution

2: A Single Security Posture Across your hybrid cloud

15

✓ Single Security Policy

✓ Rich set of abstractions

✓ Dynamic security group membership

✓ No cloud-resource limitations

VPC 1 VPC 2

Security Group 2

Security Policy

VNET 1

Security Group 3

Security Group 1

Cloud Admin



bution

3: Real Time Operational Visibility Into Firewall Rule Invocations

16

SYSLOG

• Route firewall logs to industry-standard syslog, leverage SIEM tool of your choice

• Real-time Operational visibility into your cloud security posture

• Operationally consistency with your on-premise security environment

AWS Account 1

Web App DB

VPC



bution

Demo: Decoupling Application Deployment and Security

17



bution

4: Defense in Depth through Default Quarantine

18

• Multi-layered security through NSX and AWS security groups managed by NSX

• Fully Configurable to each VPC with exclusion lists

• Best of Both Worlds – Greater agility for test&dev, higher structural integrity for production

Test and Dev

NSX Managed

...

NSX Unmanaged

...

Production

✘QuarantinedNSX Managed

...

+



bution

Demo: Multi-layered Security through Default Quarantine

19



bution

5: Extend Enterprise Network Policy to Cloud

20

✓ Single network policy, deploy anywhere

✓ Full control of IP addresses

✓ Stretch subnets across public cloud availability zones

Static VPC Network Topology

...

VPC A

NSX Logical Network Topology


...

...

VPC N

...



bution

6: Network Trace and Visibility

21

✓ East-west traffic visibility within VPCs

✓ Trouble-shooting ease in cloud environments

✓ Consistency with on-prem operational toolsVMworld 2017 Content: N

ot for publicatio

n or distribution

Demo: Troubleshooting through NSX Traceflow

22



bution

NSX on - premise and in the cloud

23

NSX on-premises NSX Cloud

We give you bits

You install

You patch, upgrade

Perpetual license (usually)

Features are (mostly) the same

On your servers / In your network

Just log in and use

No installation

We take care of patches/ upgrades

Pay per use

Runs in cloud



bution

A Dedicated NSX instance for your Cloud Environment

24

CUSTOMER NSX MANAGERS

NSX CLOUDDASHBOARD

NSX Manager Cloud Service Manager

VPC -N VPC -1

NSX cloud gateway NSX cloud gateway

...

VPC -N VPC -1

NSX cloud gateway NSX cloud gateway

...

CUSTOMER COMPUTE VPCs


CUSTOMER 1 CUSTOMER 2



bution

VMware NSX Cloud – Under the Covers Architecture

25

Customer AWS Account

CONTROLPLANE

DATAPLANE

MANAGEMENT PLANE

CLOUDGATEWAY

Linux VM Windows VM

NSX Cloud Gateway

NSX CLOUDDASHBOARD

Public cloud infrastructure

with hypervisor (ex: AWS)

VMware AWS Account

NSX Controller Cluster




bution

Operational Control Without Infrastructure Management

26

NSX Operations VMware Customer

NSX Cloud Deployment ✓

Onboard Compute VPCs ✓

Manage Security, Network policies ✓

NSX Maintenance / Upgrades ✓



bution

Getting Started with VMware NSX Cloud is Easy

27Request Access @ cloud.vmware.com



bution

28

MMC1464QU How to Use Cloud Formations in vRealize Automation to Build Hybrid Applications That Span and Reside On-Premises & on VMware Cloud on AWS and AWS Cloud Quick Talk Vijay Raghavan, Manu Prasanna

MMC1532BU Using VMware NSX for Enhanced Networking and Security for AWS Native Workloads: Part 2 Breakout Session Amol Tipnis, Percy Wadia

MMC2046BU Using VMware NSX for Enhanced Networking and Security for AWS Native Workloads: Part 1 Breakout Session Amol Tipnis, Percy Wadia

MMC2210BU Best Practices: How the City of New York Has Configured AWS for the Best vRealize Automation Integration Breakout Session Stefan Andrieux

MMC2256BU Watching the Clouds: Challenges with Monitoring Hybrid Cloud Environments Breakout Session Craig Lee, John Dias

MMC2455BU On-Demand Disaster Recovery for Enterprise Applications with the VMware Cloud on AWS Breakout Session GS Khalsa, Mohan Potheri, Potheri Mohan

MMC2623BU Integrated Multicloud Management for Automating Standardized Security and Governance in Federal Agencies Breakout Session Kris Ostergard, Sean VanDruff, Douglas Bourgeois

MMC2820BU Deploying Applications into AWS EC2 with VMware Cross-Cloud Services Breakout Session Bahubali Shetti, Bill shetti

MMC2877BU Deep Dive into Cost Insight: Understand, Analyze, and Optimize Your Cloud Expenses (Cross-Cloud Service) Breakout Session Kumar Gaurav, Kameswaran Subramanian

MMC2884GU Manage Cross-Cloud Applications Using vRealize Operations Insight Group Discussion Karl Fultz, Manish Bhaskar

MMC2888GU How We’ve Accelerated Innovation While Keeping Our Cloud Spending in Check Group Discussion Burt Toma

MMC3062BU How Customer XYZ Secures and Monitors On-Premises Software-Defined Data Center Virtual and Physical Networks Using Network Insight SaaS Breakout Session Sean O'Dell, Manish Bhaskar

MMC3066BU How Do You Use Network Insights' SaaS to Secure Multitier Hybrid Apps Running on vSphere, VMware Cloud on AWS, and AWS Native? Breakout Session Sean O'Dell, Anuj Jaiswal

MMC3074BU 3 ways to use VMware’s new Cross-Cloud SaaS Services to efficiently run workloads across AWS, Azure and vSphere: VMware and Customer technical session Breakout Session Jason Walker, Burt Toma

MMC3110PU How IT Can Enable Development Teams to Build Apps on AWS, Azure, and VMware Without Compromising on Costs and Security Panel Discussion Mark Leake, Ben Mitchell

MMC3112BU Customer Story: Monitoring Costs and Rightsizing Workloads in AWS, Azure, and VMware-Based Clouds Breakout Session Nikhil Girdhar

MMC3164BU How Data Science is Transforming Operations: The Wavefront Story Breakout Session Dev Nag

MMC3165BU Becoming a DevOps Superhero: Introduction to Wavefront for Optimizing Cloud-Native Applications Breakout Session Stela Udovicic, Demetri Mouratis

MMC3321BUS Move, Manage, Use: The New Hybrid IT Breakout Session Donald Foster, Don Foster, Deepak Verma

MMC3406BUS Cloudy Days Ahead!! Leverage F5 to provide application continuity and consistent security policy provisioning and enforcement in an intercloud world. Breakout Session Kent Munson

MMC3424SU VMware Cloud Services and how you can leverage SaaS for your vSphere data center or the public cloud. Spotlight Session Guido Appenzeller

Continue the NSX Cloud journey!

Learn more about NSX Cloud in Part 2, MMC1532BU tomorrow!

Tuesday 5.00pm, Oceanside G, Level 2

Learn more about VMware Cloud Services



bution



bution

MMC2046BU Using VMware NSX Cloud for Enhanced or …...Percy Wadia Amol Tipnis MMC2046BU #VMworld...

Documents

Transcript of MMC2046BU Using VMware NSX Cloud for Enhanced or …...Percy Wadia Amol Tipnis MMC2046BU #VMworld...