NET1338BU VMware Integrated OpenStack and NSX or … · VMware Integrated OpenStack and NSX ......

35
Russ Starr, Cerner Marcos Hernandez, VMware NET1338BU #NET8343 VMware Integrated OpenStack and NSX Integration Deep Dive VMworld 2017 Content: Not for publication or distribution

Transcript of NET1338BU VMware Integrated OpenStack and NSX or … · VMware Integrated OpenStack and NSX ......

Page 1: NET1338BU VMware Integrated OpenStack and NSX or … · VMware Integrated OpenStack and NSX ... •This presentation may contain product ... documentation and better integration with

Russ Starr, CernerMarcos Hernandez, VMware

NET1338BU

#NET8343

VMware Integrated OpenStack and NSX Integration Deep Dive

VMworld 2017 Content: Not fo

r publication or distri

bution

Page 2: NET1338BU VMware Integrated OpenStack and NSX or … · VMware Integrated OpenStack and NSX ... •This presentation may contain product ... documentation and better integration with

#NET1338BU CONFIDENTIAL

VMworld 2017 Content: Not fo

r publication or distri

bution

Page 3: NET1338BU VMware Integrated OpenStack and NSX or … · VMware Integrated OpenStack and NSX ... •This presentation may contain product ... documentation and better integration with

• This presentation may contain product features that are currently under development.

• This overview of new technology represents no commitment from VMware to deliver these features in any generally available product.

• Features are subject to change, and must not be included in contracts, purchase orders, or sales agreements of any kind.

• Technical feasibility and market demand will affect final delivery.

• Pricing and packaging for any new technologies or features discussed or presented have not been determined.

Disclaimer

#NET1338BU CONFIDENTIAL 3

VMworld 2017 Content: Not fo

r publication or distri

bution

Page 4: NET1338BU VMware Integrated OpenStack and NSX or … · VMware Integrated OpenStack and NSX ... •This presentation may contain product ... documentation and better integration with

Agenda

1 Introduction and Objectives

2 IaaS Options from VMware

3OpenStack + NSX - High Level Architecture

OpenStack vSphere and NSX Integration Points

Basic Neutron Workflows and NSX Equivalents

NSX Neutron Plugin – Supported Topologies

4

Tenant Networks vs. Provider NetworksTenant Self Service Networking – Is This What You Need?

Tenant Reachability Using Neutron Networks

Dynamic Routing – BGP

Neutron Availability Zones

NSX Micro-segmentation in OpenStack

Service Chaining in OpenStack and FWaaS

5 Next steps - Q&A

6 SummaryCONFIDENTIAL 4

VMworld 2017 Content: Not fo

r publication or distri

bution

Page 5: NET1338BU VMware Integrated OpenStack and NSX or … · VMware Integrated OpenStack and NSX ... •This presentation may contain product ... documentation and better integration with

Introduction and Objectives

• VMware NSX vSphere and NSX Transformers (multi-hypervisor) both integrate with OpenStack Neutron to deliver robust network capabilities in vSphere and/or KVM OpenStack-based clouds

• This session is largely focused on the vSphere edition of NSX, but some of the interactions between Neutron and NSX-T are also discussed, as well as some of the differences between the two implementations of the plugin.

• We will review advanced network and security services provided by OpenStack, including Load-Balancing-as-a-Service (LBaaS), Firewall-as-a-Service (FWaaS), advanced micro-segmentation, service chaining and dynamic routing (BGP).

• Networking remains a challenge in most OpenStack deployments, as signaled by the results of the latest OpenStack User Survey.

– Users want a “networking service to be less complicated to use, with more substantial documentation and better integration with compute functions and PaaS layer integration” Source: OpenStack User Survey

• Where do I start? What does my journey look like?

CONFIDENTIAL 5

VMworld 2017 Content: Not fo

r publication or distri

bution

Page 6: NET1338BU VMware Integrated OpenStack and NSX or … · VMware Integrated OpenStack and NSX ... •This presentation may contain product ... documentation and better integration with

CONFIDENTIAL

Consistent

Virtual

Infrastructure

Virtual

Infrastructure

vRealize Automation

vSphere NSX VSAN

Basic IaaS &

Virtual Infra Consumption

Compliance & Governance

Service Catalog

Chargeback

Configuration and Change

Management

App Lifecycle Management

Policies

Orc

he

str

ati

on

Exte

rnal

Clo

ud

Co

nn

ec

tor

AWS

Google

Cloud

• vRealize Suite is a complete Cloud Management Platform• OpenStack delivers APIs to consume infrastructure

• Additional CMP components needed for Governance

Developer Owned Toolsets-or-

3rd Party Tool

Nova Neutron Cinder

Vendor Neutral APIs

“Restrictions with Quotas”Simple IaaS

IaaS Options from VMware

6

VMworld 2017 Content: Not fo

r publication or distri

bution

Page 7: NET1338BU VMware Integrated OpenStack and NSX or … · VMware Integrated OpenStack and NSX ... •This presentation may contain product ... documentation and better integration with

▪ Founders of the Neutron Project in OpenStack (formerly known as “Quantum”)

▪ Founders and largest contributor to the Open vSwitch Project (OVS)

• Founders of Open Virtual Networking (OVN), an open source control plane for OVS

• Authors of OVSDB, the de-facto standard for physical switch (ToR) ecosystem compatibility

• Don’t take our word for it:

– http://stackalytics.com/ - Who is doing what in OpenStack

– http://openvswitch.org/ - OVS/OVN project page

– https://tools.ietf.org/html/rfc7047 - RFC7047 - The Open vSwitch Database Management Protocol

VMware Is Committed to Open Source and OpenStack

CONFIDENTIAL

VMworld 2017 Content: Not fo

r publication or distri

bution

Page 8: NET1338BU VMware Integrated OpenStack and NSX or … · VMware Integrated OpenStack and NSX ... •This presentation may contain product ... documentation and better integration with

OpenStack + NSX – High Level ArchitectureOpenStack + NSX – High Level Architecture

ESXi

(+ kernel modules)

KVM

(+ kernel modules)

NSX Edge VM

Or Bare Metal

Layer 2

Bridge

OpenStack

Built for consumption by developers

Cloud Consumption

Management Plane

Control Plane

Support for endpoint heterogeneity

Central Control Cluster – CCP

Local Control Plane – LCP

Data Plane

Improved performance and resiliency

VMworld 2017 Content: Not fo

r publication or distri

bution

Page 9: NET1338BU VMware Integrated OpenStack and NSX or … · VMware Integrated OpenStack and NSX ... •This presentation may contain product ... documentation and better integration with

Ecosystem

9

The NSX Networking and Security Platform

Open

source

VIO HPE Mirantis Redhat SUSE Canonical

VMware Redhat Canonical

• ESXi 6.5 U1 • RHEL 7.2• RHEL 7.3

• Ubuntu 16.04 LTS

VMworld 2017 Content: Not fo

r publication or distri

bution

Page 10: NET1338BU VMware Integrated OpenStack and NSX or … · VMware Integrated OpenStack and NSX ... •This presentation may contain product ... documentation and better integration with

CONFIDENTIAL\

Nova Compute Nova Services

NSX

Manager

Neutron Plugin

Neutron Server Heat

Glance RabbitMQ

vCenter

ESXi-2

vSphere Plugin

NSX

OpenStack

ESXi-1

NSX

KeystoneCinder

VMDK Driver

VMDK Driver

OpenStack vSphere and NSX Integration Points

10

VMworld 2017 Content: Not fo

r publication or distri

bution

Page 11: NET1338BU VMware Integrated OpenStack and NSX or … · VMware Integrated OpenStack and NSX ... •This presentation may contain product ... documentation and better integration with

3rd Party OpenStack vSphere and NSX Integration Points

Nova Compute Nova Services

NSX

Control/MGMT Plane

Neutron Plugin

Neutron Server Heat

Glance RabbitMQ

ESXi-2

vSphere Plugin

OpenStack

ESXi-1

Host Switch

KeystoneCinder

VMDK Driver

VMDK Driver

KVM-1

Host Switch Host Switch

Nova Compute

vCenter (s)

VMworld 2017 Content: Not fo

r publication or distri

bution

Page 12: NET1338BU VMware Integrated OpenStack and NSX or … · VMware Integrated OpenStack and NSX ... •This presentation may contain product ... documentation and better integration with

DHCP (NSX Edge Services Gateway)

Web Network (Logical Switch or VLAN)

App Network (Logical Switch or VLAN)

Floating IP (NSX Edge Services Gateway-DNAT)

Load Balancer (NSX Edge Services Gateway)

Intranet

Internet

Router (NSX ESG - SNAT or NO-NAT)

Security Group (Distributed Firewall Security Group)

Basic Neutron Workflows and NSX Equivalents

12CONFIDENTIAL

VMworld 2017 Content: Not fo

r publication or distri

bution

Page 13: NET1338BU VMware Integrated OpenStack and NSX or … · VMware Integrated OpenStack and NSX ... •This presentation may contain product ... documentation and better integration with

CONFIDENTIAL

NSX Neutron Plugin – Supported TopologiesAvailable out-of-the-box

Use CaseL2

Technology

L3

Technology

NSX Micro-

segmentationNotes

1 VLAN-Backed Networks VLAN Physical router Yes ▪ Micro-segmentation with NSGs

2.1VLAN-Backed with NSX L3

Services and NATVLAN • NSX Edge Yes

▪ No Distributed Routing support

▪ Load Balancers

▪ Provider Networks

▪ Micro-segmentation with NSGs and FWaaS

2.2

VLAN-Backed with NSX L3

Services and No-NAT VLAN • NSX Edge Yes

▪ No Distributed Routing support

▪ Dynamic routing

▪ Load Balancers

▪ Provider Networks

▪ Micro-segmentation with NSGs and FWaaS

3.1VXLAN-backed with NSX

L3 Services and NATVXLAN

• NSX Edge

• NSX DLR

• NAT

Yes

▪ Overlapping IPs allowed

▪ Load Balancers

▪ Provider and Tenant Networks

▪ Micro-segmentation with NSGs and FWaaS

3.2VXLAN-backed with NSX

L3 Services and No-NATVXLAN

• NSX Edge

• NSX DLR

• No-NAT

Yes

▪ No overlapping IPs allowed

▪ Dynamic routing

▪ Load Balancers

▪ Provider and Tenant Networks

▪ Micro-segmentation with NSGs and FWaaS

Enterprise

Model

Enterprise

Model

Enterprise

Model

13

VMworld 2017 Content: Not fo

r publication or distri

bution

Page 14: NET1338BU VMware Integrated OpenStack and NSX or … · VMware Integrated OpenStack and NSX ... •This presentation may contain product ... documentation and better integration with

Management Cluster Edge Cluster Compute Cluster(s)

OpenStack Framework

Nova Neutron Cinder

Glance KeystoneLoad

Balancer

Neutron Routers Instances

Management and Edge VDS Compute VDS

Option 3

Option 2

Compute and Management/Edge VDSOption 1

Management VDS Compute VDSEdge VDS

Distributed Switch Options in the Neutron NSX Plugin

CONFIDENTIAL 14

VMworld 2017 Content: Not fo

r publication or distri

bution

Page 15: NET1338BU VMware Integrated OpenStack and NSX or … · VMware Integrated OpenStack and NSX ... •This presentation may contain product ... documentation and better integration with

Tenant Networks vs. Provider Networks

• The primary difference revolves around who provisions the network:

– Provider networks are created by the OpenStack administrator on behalf of tenants

– Tenant networks are created by tenants for use by their instances and cannot be shared

• Provider networks typically rely on the physical network infrastructure to provide default gateway/first hop routing services

– Tenant networks rely on Neutron routers to fulfill this role

• The Neutron NSX-v Plugin supports the following:

– VXLAN-Backed Tenant Networks

– VLAN-backed and VXLAN-backed Provider Networks

– VLAN-backed and VXLAN-backed External Networks

• All version of the Neutron-NSX Plugins are available at https://github.com/openstack/vmware-nsx

CONFIDENTIAL 15

VMworld 2017 Content: Not fo

r publication or distri

bution

Page 16: NET1338BU VMware Integrated OpenStack and NSX or … · VMware Integrated OpenStack and NSX ... •This presentation may contain product ... documentation and better integration with

Tenant Reachability Using Neutron Networks

Source NAT/destination NAT- instances use IP addresses from an external provider network, aka “Floating IPs”

If NAT is disabled, how do you make tenant networks reachable? Answer: Routing configuration (static or BGP)

* Dynamic routing support was added in VIO 4.0

16

VMworld 2017 Content: Not fo

r publication or distri

bution

Page 17: NET1338BU VMware Integrated OpenStack and NSX or … · VMware Integrated OpenStack and NSX ... •This presentation may contain product ... documentation and better integration with

BGP Design Considerations

• BGP is configured and owned by the Cloud Admin

• Use eBGP for external peering (AWS/Cloud model)

• Use same AS number on all OpenStack objects in same region.

• Neutron only supports 2-byte AS and does not offer AS_TRANS support, even though NSX does it

• Connect to 4-byte AS clos-fabric using BGP Local-AS feature

• neighbor nsx local-as 65535

• Can advertise self-service networks or only networks defined by Cloud Admin

• Neutron Address Scopes are used.

• External Network – used for BGP peering

• Internal Network – The prefixes that will be advertised over BGP

• Advertise only a default route (0.0.0.0/0) to OpenStack’s BGP speaker

• Create BGP peers, routes, networks per AZ for resiliency

VMworld 2017 Content: Not fo

r publication or distri

bution

Page 18: NET1338BU VMware Integrated OpenStack and NSX or … · VMware Integrated OpenStack and NSX ... •This presentation may contain product ... documentation and better integration with

Neutron Object Relationships

CONFIDENTIAL

VMworld 2017 Content: Not fo

r publication or distri

bution

Page 19: NET1338BU VMware Integrated OpenStack and NSX or … · VMware Integrated OpenStack and NSX ... •This presentation may contain product ... documentation and better integration with

Tenant Self-Service Networking – Is this What You Need?

• With Tenant Networks, Tenants are free to create their own IP Subnets

• Will most cloud users in your organization know what to do when presented with these configuration options?

CONFIDENTIAL 19

VMworld 2017 Content: Not fo

r publication or distri

bution

Page 20: NET1338BU VMware Integrated OpenStack and NSX or … · VMware Integrated OpenStack and NSX ... •This presentation may contain product ... documentation and better integration with

Managing IP Subnet Assignment and ConsumptionAdmin Controlled DHCP Scopes

Subnet configured

by the Admin

• When using Provider Networks, which can only be provisioned by an OpenStack Admin, the DHCP scope could also be provided by the Admin

• Tenants will launch VMs on these pre-created networks/subnets and get an IP address from a controlled pool

• This ensures proper connectivity and reachability is in place

CONFIDENTIAL 20

VMworld 2017 Content: Not fo

r publication or distri

bution

Page 21: NET1338BU VMware Integrated OpenStack and NSX or … · VMware Integrated OpenStack and NSX ... •This presentation may contain product ... documentation and better integration with

Managing IP Subnet Assignment and Consumption

• In Kilo, a new feature called Neutron Subnet Pools was added to the OpenStack networking workflows

• Neutron subnet pools allow an administrator to create a large Classless Inter-Domain Routing (CIDR) IP address range for a Neutron network, from which Tenants can create subnets without specifying a CIDR

• In cases where valid, routable IPs are used, subnet pools are very useful. Tenants only need to specify minimal configuration parameters for creating a subnet without worrying about the IP subnet on which the VMs/Instances will sit.

Neutron Subnet Pools

# neutron subnetpool-create --default-prefixlen 24 --pool-prefix 10.10.0.0/16

TestSubnetPoolCreated a new subnetpool:

+-------------------+--------------------------------------+

| Field | Value |

+-------------------+--------------------------------------+

| default_prefixlen | 24 |

| default_quota | |

| id | d963acd5-1afc-477c-a434-cef46f017b17 |

| ip_version | 4 |

| max_prefixlen | 32 |

| min_prefixlen | 8 |

| name | TestSubnetPool |

| prefixes | 10.10.0.0/16 |

| shared | False |

| tenant_id | 4b36a201448b4fc19b91439d8e883b36 |

+-------------------+--------------------------------------+

CONFIDENTIAL 21

VMworld 2017 Content: Not fo

r publication or distri

bution

Page 22: NET1338BU VMware Integrated OpenStack and NSX or … · VMware Integrated OpenStack and NSX ... •This presentation may contain product ... documentation and better integration with

Neutron Availability Zones

CONFIDENTIAL

Edge Cluster 2

Neutron Routers, DHCP, LB and FW

Edge VDS 2 Edge VDS 3Edge VDS 1

Edge Cluster 1

Neutron Routers, DHCP, LB and FW

Edge Cluster 3

Neutron Routers, DHCP, LB and FW

Datastore 1 Datastore 2 Datastore 3

AZ 1 AZ 2 AZ 3

VMworld 2017 Content: Not fo

r publication or distri

bution

Page 23: NET1338BU VMware Integrated OpenStack and NSX or … · VMware Integrated OpenStack and NSX ... •This presentation may contain product ... documentation and better integration with

Neutron Availability Zones (continued)

CONFIDENTIAL

• Core plugin must support the following extensions:

• availability_zone

• network_availability_zone

• router_availability_zone

• Attributes (router & network)

• availability_zone_hints – Which zones to prefer placement in

• availability_zone – Which zones actually got selected after scheduling

• If hints are not specified look in /etc/neutron/neutron.conf

• default_availability_zones = az1,az2,az3

VMworld 2017 Content: Not fo

r publication or distri

bution

Page 24: NET1338BU VMware Integrated OpenStack and NSX or … · VMware Integrated OpenStack and NSX ... •This presentation may contain product ... documentation and better integration with

Neutron Role Based Access Control (RBAC) for NetworksLimiting Neutron Networks to Specific Tenants

• Starting with Liberty, Neutron added a new policy model allowing the sharing of networks for a group of tenants, as opposed to this being a global operation.

• Both the Admin and a User can leverage this capability, but there are some restrictions for non-Admin users (inability to delete Neutron ports, for example)

• This feature, when combined with Provider Networks, enables more granular control of access and connectivity without delegating complex operations to the end user.

# neutron rbac-create --target-tenant 118dedfc737d46f49ab176a657bf23ce --action access_as_shared

--type network 40bff173-355a-4a42-847c-f02e7ef7abbf

Created a new rbac_policy:

+---------------+--------------------------------------+

| Field | Value |

+---------------+--------------------------------------+

| action | access_as_shared |

| id | f7a3ecd9be054d8782663202f6cc9c4e |

| object_id | 134a5f236a11477583d67400786017a2 |

| object_type | network |

| target_tenant | 118dedfc737d46f49ab176a657bf23ce |

| tenant_id | d0d3aca886ad4ddcac8e2233e4598dc1 |

+---------------+--------------------------------------+

VMworld 2017 Content: Not fo

r publication or distri

bution

Page 25: NET1338BU VMware Integrated OpenStack and NSX or … · VMware Integrated OpenStack and NSX ... •This presentation may contain product ... documentation and better integration with

Enterprise Migration Option: VXLAN/VLAN Bridging in Neutron

▪ The Neutron NSX Plugin supports the creation of a L2 Bridge:

▪ VXLAN - VLAN bridging can help customers preserve physical L3 services while leveraging the benefits of VXLAN for Tenant topologies.

# neutron-l2gw l2-gateway-create L2GW1 –device name=L2GW1,interface_names=dvportgroup-456

Created a new l2_gateway:

+-----------+------------------------------------------------------------------------+

| Field | Value |

+-----------+------------------------------------------------------------------------+

| devices | {"interfaces": [{"segmentation_id": [], "name": "dvportgroup-456"}],

"id": "21d7078c-10b9-40bc-bbb3-418d296eac3c", "device_name": "edge-164"} |

| id | 84c59e94-b0ce-43e7-9c52-a0a5f88b7014 |

| name | L2GW1 |

| tenant_id | b0131a0680144c079eeeca26c2265ec0 |

+-----------+------------------------------------------------------------------------+

# neutron-l2gw l2-gateway-connection-create

L2GW1 VXLAN-A --default-segmentation-id 10

Created a new l2_gateway_connection:

+-----------------+--------------------------------------+

| Field | Value |

+-----------------+--------------------------------------+

| id | ddf11ca0-16ed-40ab-8892-a208d532627a |

| l2_gateway_id | 84c59e94-b0ce-43e7-9c52-a0a5f88b7014 |

| network_id | 61b83f49-c258-4175-bbe2-05c8666ef1b7 |

| segmentation_id | 10 |

| tenant_id | b0131a0680144c079eeeca26c2265ec0 |

+-----------------+--------------------------------------+

1

2

VMworld 2017 Content: Not fo

r publication or distri

bution

Page 26: NET1338BU VMware Integrated OpenStack and NSX or … · VMware Integrated OpenStack and NSX ... •This presentation may contain product ... documentation and better integration with

Web App DB

Alignment of Policy ControlsSecurity and networking policy that travels with the workload independent of physical network topology

Granular Policy EnforcementEnabling least privilege security with policy enforced at every workload

What Is NSX Microsegmentation?

CONFIDENTIAL 26

VMworld 2017 Content: Not fo

r publication or distri

bution

Page 27: NET1338BU VMware Integrated OpenStack and NSX or … · VMware Integrated OpenStack and NSX ... •This presentation may contain product ... documentation and better integration with

CONFIDENTIAL

Microsegmentation with Provider Networks Using NSX

• Traditionally, network security has been enforced at the network perimeter, where a layer 3 boundary exists (firewall, router)

• Neutron Security Groups and Neutron Port Security provide vNIC-level security protection

▪ Perimeter firewall cannot protect what it cannot see▪ Traffic must be steered to security appliance▪ Firewall policy controlled by security admin

▪ No traffic steering required▪ vNIC-level stateful FW protection▪ If using NSX, global security policy is controlled

by security admin (Neutron Admin Rules):– https://review.openstack.org/#/c/200847

Neutron

Security

Group 1

Neutron

Security

Group 2

Neutron

Security

Group 3

Controlled Path

Controlled Path

Controlled Path

27

VMworld 2017 Content: Not fo

r publication or distri

bution

Page 28: NET1338BU VMware Integrated OpenStack and NSX or … · VMware Integrated OpenStack and NSX ... •This presentation may contain product ... documentation and better integration with

Advanced Networking and Service Chaining in Neutron

▪ As of OpenStack Newton, Neutron has added support for Service Function Chaining, to enable a number of NFV use cases

• There is applicability in the Enterprise when using this feature with NSX NetX partner extensibility:

– Next Generation Firewall inspection for East-West traffic

– IPS/IDS services for E-W

– Visibility and troubleshootingRedirect TCP port 81

for additional

inspection

20.0.0.0/24

CONFIDENTIAL 28

VMworld 2017 Content: Not fo

r publication or distri

bution

Page 29: NET1338BU VMware Integrated OpenStack and NSX or … · VMware Integrated OpenStack and NSX ... •This presentation may contain product ... documentation and better integration with

Firewall-as-a-Service - FWaaS

CONFIDENTIAL

• Ability for Tenants to define and apply their own North-South Firewall rules

• Compatible with version 1.0 of the Neutron FWaaS spec (v 2.0 is under consideration)

• Implemented on the NSX Edge Firewall, for both NSX-v and NSX-T

• In NSX-v, FWaaS requires an exclusive router, i.e. an Edge dedicated for this function

• Can combine Allow and Deny rules

VMworld 2017 Content: Not fo

r publication or distri

bution

Page 30: NET1338BU VMware Integrated OpenStack and NSX or … · VMware Integrated OpenStack and NSX ... •This presentation may contain product ... documentation and better integration with

▪ VLAN-backed

Provider Net

▪ DHCP

▪ Neutron Security

Groups

▪ Neutron Routers

▪ LBaaS

▪ VXLAN Networks

(Provider/Tenant)

▪ DHCP

▪ Neutron Security

Groups

▪ Neutron Routers

▪ LBaaS

Network Virtualization Journey with OpenStackWhat Does My Journey Look Like?

▪ VLAN-backed

Provider Net

▪ DHCP

▪ Neutron Security

Groups

CONFIDENTIAL 30

VMworld 2017 Content: Not fo

r publication or distri

bution

Page 31: NET1338BU VMware Integrated OpenStack and NSX or … · VMware Integrated OpenStack and NSX ... •This presentation may contain product ... documentation and better integration with

Summary

• Tenant networks and provider networks are different tools in the OpenStack administrator’s toolbox

– Tenant networks present some unique challenges for the enterprise private cloud (especially if you’re simultaneously hosting both cattle and pets)

• The Ocata release of the NSX plugin offers rich and robust Enterprise-grade networking and security services, such as BGP, Load Balancing, East-West and North-South Firewalling and Service Chaining

• Application tiering/security zones no longer necessitate the deployment of dedicated layer 2 networks and can be implemented using security groups on a common, shared provider network

• Leverage vSphere and NSX investments, knowledge and expertise to deliver on your OpenStack mandate

– The API that I want with the Infrastructure that I know

• Crawl, Walk, Run: Journey to Network Virtualization

CONFIDENTIAL 31

VMworld 2017 Content: Not fo

r publication or distri

bution

Page 32: NET1338BU VMware Integrated OpenStack and NSX or … · VMware Integrated OpenStack and NSX ... •This presentation may contain product ... documentation and better integration with

NSX partner ecosystem

Physical Infrastructure

Security

Application Delivery

Operations and Visibility

DYNAMIC INSERTION OF

PARTNER SERVICES

VMworld 2017 Content: Not fo

r publication or distri

bution

Page 33: NET1338BU VMware Integrated OpenStack and NSX or … · VMware Integrated OpenStack and NSX ... •This presentation may contain product ... documentation and better integration with

Learn

Connect & Engagecommunities.vmware.com

NSX Product Page & Technical Resourcesvmware.com/products/nsx

Network Virtualization Blogblogs.vmware.com/networkvirtualization

VMware NSX on YouTubeyoutube.com/user/vmwarensx

Where to get started

Experience

70+ Unique NSX SessionsSpotlights, breakouts, quick talks & group discussions

Visit the VMware BoothUse case demos, chat with NSX experts

Visit NSX Technical Partner BoothsIntegration demos – EPSec & NetX, Hardware VTEP,

Ops & Visibility

Test Drive NSX with free Hands-on LabsExpert-led or Self-paced. labs.hol.vmware.com

Use

NSX Proactive Support ServiceOptimize performance based on data monitoring

and analytics to help resolve problems, mitigate

risk and improve operational efficiency.

vmware.com/consulting

Take

Training and CertificationSeveral paths to professional certifications. Learn

more at the Education & Certification Lounge.

vmware.com/go/nsxtraining

VMworld 2017 Content: Not fo

r publication or distri

bution

Page 34: NET1338BU VMware Integrated OpenStack and NSX or … · VMware Integrated OpenStack and NSX ... •This presentation may contain product ... documentation and better integration with

VMworld 2017 Content: Not fo

r publication or distri

bution

Page 35: NET1338BU VMware Integrated OpenStack and NSX or … · VMware Integrated OpenStack and NSX ... •This presentation may contain product ... documentation and better integration with

VMworld 2017 Content: Not fo

r publication or distri

bution