NET1510 Introduction to NSX-T Architecture or …...Dimitri Desmidt –[email protected] Andrew...
Transcript of NET1510 Introduction to NSX-T Architecture or …...Dimitri Desmidt –[email protected] Andrew...
Dimitri Desmidt – [email protected] Voltmer – [email protected]
NET1510
#VMworld #NET1510BU
Introduction to NSX-T Architecture
VMworld 2017 Content: Not fo
r publication or distri
bution
#NET1510BU CONFIDENTIAL
• This presentation may contain product features that are currently under development.
• This overview of new technology represents no commitment from VMware to deliver these features in any generally available product.
• Features are subject to change, and must not be included in contracts, purchase orders, or sales agreements of any kind.
• Technical feasibility and market demand will affect final delivery.
• Pricing and packaging for any new technologies or features discussed or presented have not been determined.
Disclaimer
2
VMworld 2017 Content: Not fo
r publication or distri
bution
#NET1510BU CONFIDENTIAL
NSX Vision: NSX Everywhere Managing Security and Connectivity for many Heterogeneous End Points
End users
Branch offices/Edge computing/IOT
Cloud
vCloud AirNetwork
New app frameworks
On-premise
BARE METAL
Automation
IT at the Speed of Business
Security
Inherently Secure Infrastructure
Application Continuity
Data Center Anywhere
VMworld 2017 Content: Not fo
r publication or distri
bution
#NET1510BU CONFIDENTIAL
Agenda
1 NSX Architecture
2 NSX Network & Security Services
3 NSX Management & Operations Tools
4 NSX Use Cases
4
VMworld 2017 Content: Not fo
r publication or distri
bution
#NET1510BU CONFIDENTIAL
Agenda
5
1 NSX Architecture
2 NSX Network & Security Services
3 NSX Management & Operations Tools
4 NSX Use CasesVMworld 2017 Content: N
ot for publicatio
n or distribution
#NET1510BU CONFIDENTIAL
Transport Nodes
NSX Manager
NSX Controllers
NSX Architecture and Components
6
Cloud Consumption• Self Service Portal
• OpenStack, Custom
Data Plane
• High Performance Data Plane
• Scale-out Distributed Forwarding Model
Management Plane (MP) Node – VM form factor
• Concurrent configuration portal
• REST API entry-point
• GUI
Central Control Plane (CCP) Nodes- VM form factor
• Programs data
• Control-Plane Protocol
• Separation of Control and Data Plane
ESXi(+ kernel modules)
Control Plane
Management Plane
NSX Edge(L3 + Adv
Services)
Physical Infrastructure
Hypervisors
L2 Bridge(L2 Overlay-
VLAN)
KVM(+ kernel modules)
VPN
VMworld 2017 Content: Not fo
r publication or distri
bution
#NET1510BU CONFIDENTIAL
CCP Node CCP Node CCP Node
Manager
NSX Operations Workflow
7
User makes a configuration
Transport
Node
MPA LCP
Transport
Node
MPA LCP
Transport
Node
MPA LCP
XConfiguration is “persisted”
Configuration is pushed to Central Control Plane
Configuration is realized by Local Control Plane
VMworld 2017 Content: Not fo
r publication or distri
bution
#NET1510BU CONFIDENTIAL
Logical View
NSX Architecture
8
Quick Demo
Tenant1-LS1 Tenant1-LS2
Physical View
Rack2
(KVM)
Rack1
(ESXi)
Rack3
(Edges)
External
NSX Mgr
NSX Ctrl
Physical
Router
VMworld 2017 Content: Not fo
r publication or distri
bution
NSX Architecture Demo
VMworld 2017 Content: Not fo
r publication or distri
bution
#NET1510BU CONFIDENTIAL
Agenda
10
1 NSX Architecture
2 NSX Network & Security Services
3 NSX Management & Operations Tools
4 NSX Use CasesVMworld 2017 Content: N
ot for publicatio
n or distribution
#NET1510BU CONFIDENTIAL
NSX Network & Security Services
11
Faithful Reproduction of Network & Security Services in Software
Distributed Centralized
Switching
Routing
Firewall
Firewall
Routing Load Balancing
Bridging to Physical
VMworld 2017 Content: Not fo
r publication or distri
bution
#NET1510BU CONFIDENTIAL
NSX Network & Security Services
12
Advanced Network and Security Topologies
VM1 VM2
NAT
VM1 VM2L2 Overlay/VLAN
Bridging
VM1 VM2 VM3
Firewalling
VM1 VM2
LB-Pool
Load Balancing
Routing
VM1 VM2 VM3
Switching
VM4
Switching
One-Arm
LB
In-Line
LB
NSX API & UI
VMworld 2017 Content: Not fo
r publication or distri
bution
#NET1510BU CONFIDENTIAL
NSX Network & Security Services
13
Quick Demo
13
Logical View
Tenant1-LS1
10.1.1.0/24
Tenant1-LS2
10.1.2.0/24
Physical
Router
Tenant1-LR1(Tier-1)
.1 .1
VM
.3
VM
.3
VM
.2
VM
.2
Note: One Cloud Management Platform (OpenStack) is used to create those
different Network & Security
Physical View
Rack2
(KVM)
Rack1
(ESXi)
Rack3
(Edges)
External
NSX Mgr
NSX Ctrl
Physical
Router
VMworld 2017 Content: Not fo
r publication or distri
bution
NSX Network and Security Services Demo
VMworld 2017 Content: Not fo
r publication or distri
bution
#NET1510BU CONFIDENTIAL
NSX Network & Security Services
15
More Information . . .
NSX-T Advanced Architecture ConceptsThe Future of Networking and Security with
NSX-T
Session: NET1863BU
Francois Tallet and Dimitri Desmidt
Deep dive into NSX architecture including
design, performance and high-availability
capabilities.
Wednesday, August 30th
10:00 am to 11:00 am
Session: NET1821BU
Bruce Davie - CTO VMware
A view into the future of NSX and how it can
address a variety of modern use cases.
Tuesday, August 29th
11:30 am to 12:30 pm
VMworld 2017 Content: Not fo
r publication or distri
bution
#NET1510BU CONFIDENTIAL
Agenda
16
1 NSX Architecture
2 NSX Network & Security Services
3 NSX Management & Operations Tools
4 NSX Use CasesVMworld 2017 Content: N
ot for publicatio
n or distribution
#NET1510BU CONFIDENTIAL
Visibility
Statistics
Backup / Restore
Management
Tools
Upgrade
Without visibility
all features are useless!
VMworld 2017 Content: Not fo
r publication or distri
bution
#NET1510BU CONFIDENTIAL
Troubleshooting Tools
In depth logging
with support for
logging analytic
tools
View logical and
physical traffic
paths between
virtual machines
Find quickly
logical topology
between virtual
machines
Capture specific
traffic for deeper
analysis
VMworld 2017 Content: Not fo
r publication or distri
bution
#NET1510BU CONFIDENTIAL
NSX Management & Operations Tools
19
Quick Demo
19
Logical View
Tenant1-LS1
10.1.1.0/24
Tenant1-LS2
10.1.2.0/24
Physical
Router
Tenant1-LR1(Tier-1)
.1 .1
VM
.3
VM
.3
VM
.2
VM
.2
Physical View
Rack2
(KVM)
Rack1
(ESXi)
Rack3
(Edges)
External
NSX Mgr
NSX Ctrl
Physical
Router
VMworld 2017 Content: Not fo
r publication or distri
bution
NSX Management and Operations Tools Demo
VMworld 2017 Content: Not fo
r publication or distri
bution
#NET1510BU CONFIDENTIAL
Agenda
21
1 NSX Architecture
2 NSX Network & Security Services
3 NSX Management & Operations Tools
4 NSX Use CasesVMworld 2017 Content: N
ot for publicatio
n or distribution
#NET1510BU CONFIDENTIAL
Infrastructure Components
NSX in the IaaS Stack
22
Infrastructure treated
as code and
templated
Singular interface for
DevOps Automation
Compute, storage,
networking and
security APIs
APIs abstract
underlying
virtual infrastructure
Web Portal APIs/SDKs CLI Tools
OpenStack Cloud Management Platform
ESXi & KVM
DevOps Automation
vSANNSX
Infrastructure as
CodeContinuous Delivery
Automated
Deployment
VMworld 2017 Content: Not fo
r publication or distri
bution
NSX with OpenStack for IaaS
VMworld 2017 Content: Not fo
r publication or distri
bution
#NET1510BU CONFIDENTIAL
OpenStack and Hypervisor Ecosystem
24
The NSX Networking and Security Platform
Open
source
VIO Redhat SUSE / HPEMirantis Canonical
VMware Redhat Canonical
• ESXi 6.0u2• ESXi 6.5
• RHEL 7.2• RHEL 7.3
• Ubuntu 14.04 LTS• Ubuntu 16.04 LTS
VMworld 2017 Content: Not fo
r publication or distri
bution
Next Generation Apps with Container Networking
VMworld 2017 Content: Not fo
r publication or distri
bution
#NET1510BU CONFIDENTIAL
Container Networking Challenges
• Micro-services are connected to Private Container
network that only spans the PaaS platform
• Requires ramp nodes and NAT for integrating
physical services – e.g. Firewall, Load Balancer
• No means for a DevOps and security admin to
define, implement & monitor security policy for
Micro-services
• Not possible to apply policy for
Micro-services database traffic due to NAT
Ramp
Node (NAT)
CaaS / PaaS platform
Container Network
VMworld 2017 Content: Not fo
r publication or distri
bution
#NET1510BU CONFIDENTIAL
The Benefits of NSX Container Networking
27
• A single network fabric that connects VMs and
containers across on-premise and public cloud
• Container Network integrates with data center
network with BGP
• Layer 3 reachability between LB, FW and
Containers
simplifies integration of network services
• NSX enables both the DevOps admin and the
security admin to define & monitor policy for Micro-
services
• Prioritizes security admin policy
CaaS / PaaS platform
VMworld 2017 Content: Not fo
r publication or distri
bution
#NET1510BU CONFIDENTIAL
Next Generation Application with Containers
28
More Information . . .
Container Networking with
NSX-T
Kubernetes Networking
with NSX-T
Session: NET1521BU
Sai Chatanya and Yves
Fauser
An overview of container
networking with NSX.
Monday, August 28th
1:00 pm to 2:00 pm
Session: NET1522BU
Yasen Simeonov and Yves
Fauser
A deep dive into NSX and
Kubernetes.
Monday, August 28th
11:30 am to 12:30 pm
One-Stop Container
Networking
Session: CNA1091BU
Sai Chatanya
Container networking with
CloudFoundry, Kubernetes,
Docker, and More
Monday, August 28th
5:00 pm to 6:00 pm
VMworld 2017 Content: Not fo
r publication or distri
bution
Public Cloud Networking and Security with NSX
VMworld 2017 Content: Not fo
r publication or distri
bution
#NET1510BU CONFIDENTIAL
• Managed Service Consumption Model
• Self-service portal for pre and post-pay options
• VMware takes over NSX lifecycle management
• Simplified GUI for policy-driven configuration
and deployment
• Attributes based security policies
• Single pane of glass for management across
VPCs and Cloud Accounts
• Seamless Integration with Cross-cloud
Services Portfolio
VMware NSX Cloud with AWS
30
Consistent networking and security for applications running natively in public clouds
VMworld 2017 Content: Not fo
r publication or distri
bution
#NET1510BU CONFIDENTIAL
VMware NSX Cloud with AWS
31
More Information . . .
Reference Design for SDDC with NSXUsing NSX for Enhanced Networking and
Security for AWS
Session: NET1535BU
Nimish Desai
An overview of container networking with NSX.
Wednesday, August 30th
11:30 am to 12:30 pm
Session: MMC1532BU
Amol Tipnis and Percy Wadia
Discover how NSX can provide enhanced
networking and security in AWS.
Tuesday, August 29th
5:00 pm to 6:00 pm
VMworld 2017 Content: Not fo
r publication or distri
bution
#NET1510BU CONFIDENTIAL
Join VMUG for exclusive access to NSX
vmug.com/VMUG-Join/VMUG-Advantage
Connect with your peers
communities.vmware.com
Find NSX Resources
vmware.com/products/nsx
Network Virtualization Blog
blogs.vmware.com/networkvirtualization
Where to Get Started
Dozens of Unique NSX Sessions
Spotlights, breakouts, quick talks & group discussions
Visit the VMware Booth
Product overview, use-case demos
Visit Technical Partner Booths
Integration demos – Infrastructure, security, operations,
visibility, and more
Meet the Experts
Join our Experts in an intimate roundtable discussion
Free Hands-on Labs
Test drive NSX yourself with expert-led or self-paces
hands-on labs
labs.hol.vmware.com
Training and Certification
Several paths to professional certifications. Learn
more at the Education & Certification Lounge.
vmware.com/go/nsxtraining
Engage and Learn Experience
Try Take
32
VMworld 2017 Content: Not fo
r publication or distri
bution
VMworld 2017 Content: Not fo
r publication or distri
bution
VMworld 2017 Content: Not fo
r publication or distri
bution