VMworld 2014: Introduction to NSX

Introduction to NSX

NET1846

Milin Desai, VMware, Inc Kausum Kumar, Vmware, Inc

Disclaimer •  This presentation may contain product features that are currently under development. •  This overview of new technology represents no commitment from VMware to deliver these

features in any generally available product. •  Features are subject to change, and must not be included in contracts, purchase orders, or

sales agreements of any kind.

•  Technical feasibility and market demand will affect final delivery. •  Pricing and packaging for any new technologies or features discussed or presented have not

been determined.

CONFIDENTIAL 2

Agenda

1 Intro to NSX

2 NSX Momentum

3 NSX Use Cases

4 What’s New in NSX 2014

5 NSX Operations

6 In closing

CONFIDENTIAL 3

Agenda

1 Intro to NSX

2 NSX Momentum

3 NSX Use Cases


5 NSX Operations

6 In closing

CONFIDENTIAL 4

The Anatomy of the Most Agile and Efficient Data Centers is SDDC

5

Custom Application

Google / Facebook / Amazon Data Centers

Custom Platform

Any x86

Any Storage

Any IP network

Software / Hardware Abstraction


The Choice for “New IT” for “All Applications”

6

Software Defined Data Center (SDDC)

Any Application

SDDC Platform

Any x86

Any Storage

Any IP network

With NSX

Custom Application

Google / Facebook / Amazon Data Centers

Custom Platform

Any x86

Any Storage

Any IP network



Provides A Faithful Reproduction of Network & Security Services in Software

Management APIs, UI

Switching Routing

Firewalling

Load Balancing

VPN

Connectivity to Physical Networks

Policies, Groups, Tags

Data Security Activity Monitoring

Enables Dynamic creation of complex application topologies in minutes

Network and Security Virtualization with NSX

Hardware

Software

NSX Components Cloud

Consumption •  Self Service Portal •  vCloud Automation Center, OpenStack,

Custom CMS

Data Plane

NSX Edge

ESXi Hypervisor Kernel Modules

Distributed Services •  High – Performance Data Plane •  Scale-out Distributed Forwarding Model

Management Plane

NSX Manager •  Single configuration portal •  REST API entry-point

Control Plane

NSX Controller •  Manages Logical networks •  Control-Plane Protocol •  Separation of Control and Data Plane

Firewall Distributed Logical Router

Logical Switch

NSX in a 3-Tier App Deployment

10

Hypervisor

Host 3

Hypervisor

Host 4

Hypervisor

Host 5

Web Web Web App App DB

Hypervisor

Host 1

Hypervisor

Host 2

NSX Manager

NSX Controller Cluster

vCenter

Management Cluster

Hypervisor

Host 6

Hypervisor

Host 7

Edge Cluster Compute Clusters

Agenda

1 Intro to NSX

2 NSX Momentum

3 NSX Use Cases


5 NSX Operations

6 In closing

CONFIDENTIAL 11

VMware NSX Training & Certification: Making SDE Real in 2014

Career Path Certifications & Training Programs

12 Tr

aini

ng

Certified Network Virtualization Professional

Certified Network Virtualization Expert

Cer

tific

atio

n

NET 1214

NSX Training and Certification Portfolio •  Training Courses (www.vmware.com/go/NSXtraining)

–  VMware NSX Install, Configure, Manage –  VMware NSX Fast Track for Internetworking Experts (coming) –  VMware NSX Design and Deploy (coming)

•  Certifications (www.vmware.com/certification) –  VMware Certified Professional – Network Virtualization (VCP-NV) –  VMware Certified Implementation Expert – Network Virtualization (VCIX-NV) –  VMware Certified Design Expert – Network Virtualization (VCDX-NV)

CONFIDENTIAL 13

Designing with NSX

14

Reference Designs & Technical Papers on VMware Communities: https://communities.vmware.com/docs

Reference Designs and Technical Papers on the NSX Portal: http://www.vmware.com/products/nsx/resources.html

NSX Design Guides

NSX Partner Reference Design

NSX Partner Whitepaper

NSX Hardening Guide

SDDC Validated Guides

NET 2318

NET 1589

New Service Categories and Partners NSX Partner Extensions

Security Services Physical-to-Virtual Services Operations and Visibility Application Delivery Services

NET 2225

New Service Categories and Partners – GA Q32014 NSX Partner Extensions

Security Services Physical-to-Virtual Services Operations and Visibility Application Delivery Services

NET 2225

VMware NSX Momentum: Over 150 Customers

17

top investment banks

enterprises & service providers

Agenda

1 Intro to NSX

2 NSX Momentum

3 NSX Use Cases


5 NSX Operations

6 In closing

CONFIDENTIAL 18

VMware NSX – Use Cases Self-Service IT

Dev X

Dev A

Test X Acquisition A

DevOps Cloud On-boarding M&A

Application specific networking Flexible IP Address Mgmt Simplified consumption

Key Capabilities

Examples

Data Center Automation

Micro-segmentation of App Simplifying Compute Silos DMZ Deployments

Programmatic Consumption Full featured stack Visibility and ops

Key Capabilities

Examples

Public Clouds

XaaS Clouds Vertical Clouds

Multi-tenant Deployment Programmatic L2, L3, Security Overlapping IP Addressing Any Hypervisor, Any CMP

Key Capabilities

Examples

Consumer Experience vs. Corporate Experience

CONFIDENTIAL 20

Enterprise Business Leaders Want their IT to be like Amazon

21

No IT Outsourced

New IT Hybrid

or

Multi-Tier App, Multiple Networks Multi-Tier App, Single Flat Network

APP

DATABASE

WEB WEB APP DATABASE

Today’s app, PAAS, Containers ---- I want it all NOW

NSX Integrates with Cloud Automation Systems to Deliver Applications with Network and Security in Minutes

CONFIDENTIAL 23

Con

sum

ptio

n

Any

MGMT 1969

NET 2379

Self Service IT journey

CONFIDENTIAL 24

End user drops apps in pre-created instances

Provider

Cloud Consumer

End user instantiates dynamic topologies

Provider

Provider delivers Pre-Created instances

Provider delivers Templates for

Dynamic Instantiation

End user drives any topology

Provider delivers guard rails

VMware NSX –Use Cases Self-Service IT

Dev X

Dev A

Test X Acquisition A

DevOps Cloud On-boarding M&A

Application specific networking Flexible IP Address Mgmt Simplified consumption

Key Capabilities

Examples

Data Center Automation

Micro-segmentation of App Simplifying Compute Silos DMZ Deployments

Programmatic Consumption Full featured stack Visibility and ops

Key Capabilities

Examples

Public Clouds

XaaS Clouds Vertical Clouds

Multi-tenant Deployment Programmatic L2, L3, Security Overlapping IP Addressing Any Hypervisor, Any CMP

Key Capabilities

Examples

Problem: Data Center Network Security Perimeter-centric network security has proven insufficient, and micro-segmentation is operationally infeasible

Little or no lateral controls

inside perimeter

Internet Internet

Insufficient Operationally Infeasible

SEC

1959-S

NSX: Enabling a Needed Control Point in the Datacenter for Security

CONFIDENTIAL 27

An NSX platform is made up of distributed elements embedded in each hypervisor,

enabling each VM/app to have its own security policy

Security closest to the applications and aligned with application lifecycle.

SEC 1746

NSX is the platform for integrating advanced security services.

Security Partner Integrations

CONFIDENTIAL 28

Partner Ecosystem

Next-generation IPS Malware Protection

Granular protection of individual VM workloads with customizable policy definitions

Automation of advanced malware interception

Unified management for physical and virtual sensors

Data Center security with agentless anti-malware and guest network threat protection

Real-time, dynamic threat protection and response for workloads moving between hosts and virtual data centers

Vulnerability Management Automatic vulnerability risk assessment

Data Center wide real- time risk visibility

Auto segmentation of risky assets

Vulnerability prioritization for effective remediation

File and Malware Protection

Single virtual appliance provides agentless:

Anti-malware with URL filtering

Vulnerability and software scanning Detection of file changes

Intrusion Detection & Prevention

Next-Generation Firewall Multiple threat prevention disciplines including firewall, IPS, and antimalware

Safe application enablement with continuous content inspection for all threats Granular user-based controls for apps, content, users,

SEC 1958

NET 2225

NSX Micro-Segmentation Journey

29

Deployed Applications on Physical Networks

New Deployments/ Deployed applications

Apply NSX Security Full network and security virtualization

Demo

CONFIDENTIAL 30

Demo

CONFIDENTIAL 31

Agenda

1 Intro to NSX

2 NSX Momentum

3 NSX Use Cases


5 NSX Operations

6 In closing

CONFIDENTIAL 32

NSX – The Network Virtualization Platform: What’s New

33

Con

sum

ptio

n S

ervi

ces

Dat

a P

lane

O

pera

tions

NSX Edge Active-Active with Scale-Out (ECMP)

Physical Device Integration

Open Virtual Switch Flow optimization, multi-threading, Hyper-V (alpha)


34

Con

sum

ptio

n S

ervi

ces

Dat

a P

lane

O

pera

tions

Distributed Firewall Operations Improvements

Firewall Ecosystem Enablement

Multi-Site & Hybrid Cloud Enablement Layer 2 VPN , Active-Active DC, SRM Validation

LBaaS UDP support, ecosystem enablement

DDI DHCP Relay


35

Con

sum

ptio

n S

ervi

ces

Dat

a P

lane

O

pera

tions

Operations Guides & Best Practices

Integration with Existing Tools Riverbed, Gigamon, NetScout, EMC Smarts

Analytics VMware vCenter Ops, Log Insight

Firewall Operations Tufin, Algosec

New NSX Partners & Service Categories Physical-to-Virtual Services Operations & Visibility Application Delivery Services Security Services


36

Con

sum

ptio

n S

ervi

ces

Dat

a P

lane

O

pera

tions

vCloud Automation Center More topologies and on demand use cases

OpenStack Juno Control plane scale & Docker integration


37

Con

sum

ptio

n

•  VMware vCloud Automation Center •  OpenStack Juno

Ser

vice

s •  Distributed Firewall Operations •  LBaaS: UDP support •  DDI: DHCP relay

Dat

a P

lane

•  Continue advancements of Open Virtual Switch •  NSX Edge: A-A with scale-out •  Physical device integration

Ope

ratio

ns

Partner

Integration

•  New NSX Partners & Service Categories •  Operations Guides & Best Practices •  Integrations with existing tools •  Analytics, Firewall Ops

•  Multi-site and hybrid enablement

Agenda

1 Intro to NSX

2 NSX Momentum

3 NSX Use Cases


5 NSX Operations

6 In closing

CONFIDENTIAL 38

Operationalizing NSX

CONFIDENTIAL 39

NSX Operations – Beyond Packet Visibility

40

Plug into Existing Network

Monitoring Systems

Enable Advanced Analytics

Native NSX Ops for the Cloud Admins

Enable Existing Tools for the Network Operator

•  Flow monitoring •  Server access monitoring •  Tunnel healthcheck

•  SPAN/RSPAN •  Netflow/IPFIX •  LLDP •  Syslog Integration

SDDC Operator

NET 1966


41

Con

sum

ptio

n S

ervi

ces

Dat

a P

lane

O

pera

tions

Operations Guides & Best Practices

Integration with Existing Tools Riverbed, Gigamon, NetScout, EMC Smarts

Analytics VMware vCenter Ops, Log Insight

Firewall Operations Tufin, Algosec

New NSX Partners & Service Categories Physical-to-Virtual Services Operations & Visibility Application Delivery Services Security Services

Demo

CONFIDENTIAL 42

Demo

CONFIDENTIAL 43

Integrating with Physical

CONFIDENTIAL 44

NSX with physical workloads

Physical Workloads

VXLAN VLAN

x86-based bridge

Highest density but requires specific hardware

Leverages x86 server

Physical Workloads

VXLAN VLAN

HW VTEP

NSX with physical workloads

Native NSX support for containers

Ecosystem with OVSDB

x86 based bridging

NSX Performance

CONFIDENTIAL 47

CONFIDENTIAL 48

NSX Performance delivered by a Distributed, Scale-out Architecture

48

0

5

10

15

20

64 512 1500 32k 64k Send

thro

ughp

ut

in G

bps

TCP Message Size

0

5

10

15

20

64 512 1500 32k 64k Send

Thr

ough

put i

n G

bps

TCP Messge Size

0

5

10

15

20

64 512 1500 32k 64k Send

Thr

ough

put i

n G

bps

TCP Message Size

0

5

10

64 512 1500 32k 64k TCP

Send

thro

ughp

ut

in G

bps

TCP Message Size

Logical Switching Logical Routing

Firewalling Bridging

NET 1883

Agenda

1 Intro to NSX

2 NSX Momentum

3 NSX Use Cases


5 NSX Operations

6 In closing

CONFIDENTIAL 49

NSX – The Network Virtualization Platform

50

Con

sum

ptio

n

How an end user consumes NSX services via a Cloud Management Platform. The operator interacts with the system through UI or API.

Ser

vice

s

NSX logical services and 3rd party extensions for networking and security (ex. Logical switch , Logical router, Firewall, Load Balancer, VPN, DDI)

Dat

a P

lane

Provides workload connectivity & services processing (ex. hypervisors, physical switches and appliances)

Ope

ratio

ns

Partner

Integration

NSX operator uses tools (built-in and 3rd party) for troubleshooting, visibility

Management, Control & Data plane integration of 3rd party services

Dat

a P

lane

XenServer NSX Edge Hyper-V vSphere KVM 3rd Party GW

Ser

vice

s S

ervi

ces

L2 Switch Firewall Load Balancer L3 Router VPN DDI

Ope

ratio

ns

Partner

Integration

Software partner extensions

Hardware partner extensions

Partner extensions

vCOPs

Con

sum

ptio

n

Any

SDDC Approach with NSX Enables Choice and Flexibility

2-Tier / 3-Tier Leaf / Spine

Build Your Own

Converged Systems

Hyper-Converged Systems

Today’s Application PAAS Containers . . .

. . .

< Any Network >

< Any Infrastructure >

< Any Application >

Thank You

What’s Next…

VMware NSX Hands-on Labs

labs.hol.vmware.com

VMware Booth #1229 3 NSX Demo Stations

53

Explore, Engage, Evolve virtualizeyournetwork.com

Network Virtualization Blog

blogs.vmware.com/networkvirtualization

NSX Product Page vmware.com/go/nsx

NSX Training & Certification

www.vmware.com/go/NVtraining

NSX Technical Resources Reference Designs

vmware.com/products/nsx/resources

VMware NSX YouTube Channel youtube.com/user/vmwarensx

VMware NSX Community

communities.vmware.com/community/vmtn/nsx

Play Learn Deploy

Business Solution •  NET1214 NSX Certification – the Next Step in your Networking Career •  NET1745 The Case for Network Virtualization: Customer Case Study •  NET1786 The Business Case for Network Virtualization •  NET2293 Bridging Enterprise Networks to Hybrid Cloud Using NSX

Hands-on Labs

CONFIDENTIAL 54

•  SDC-1402 vSphere Distributed Switch from A to Z •  SDC-1403 Introduction to VMware NSX •  SDC-1420 OpenStack with VMware vSphere and NSX •  SDC-1423 vCloud Suite Basic Networking •  SDC-1424 VMware NSX and SDDC •  SDC-1425 VMware NSX Advanced

Technical Track - Networking

CONFIDENTIAL 55

•  NET1846 Introduction to NSX •  NET1743 VMware NSX – A Technical Deep Dive •  NET1957 NFV for Telco Infrastructure •  NET1468 A Tale of Two Perspectives: IT Operations with VMware NSX •  NET1586 Advanced Network Services with NSX •  NET1560 The NSX Guide to Horizon View •  NET1883 NSX Performance Overview •  NET1588 Load Balancer as a Service, using NSX or Partner Solutions •  NET1401 vSphere Distributed Switch Best Practices for NSX •  NET2318 Scale-Out NSX Deployments: With VMware-powered SDDC •  NET1581 Reference Design for SDDC with NSX for Multi-Hypervisors •  NET2379 Dynamically Configuring Application Specific Network Services for vCAC &NSX •  NET2225 NSX Platform: Enabling 3rd Party Network & Security Solutions

Advanced Technical Track - Networking

CONFIDENTIAL 56

•  NET1949 VMware NSX for Docker, Containers & More •  NET1589 Reference Design for SDDC with NSX & vSphere •  NET1583 NSX for vSphere Logical Routing Deep Dive •  NET1974 Multi-Site Data Center Solutions with VMware NSX •  NET1674 Advanced Topics & Future Directions in Network Virtualization with NSX •  NET1966 Operational Best Practices for VMware NSX •  NET1592 Under the Hood: Network Virtualization with OpenStack Neutron & VMware NSX

Group Discussions - Networking •  NET3441-GD vSphere Distributed Switch •  NET3442-GD vCAC and NSX •  NET3443-GD NSX Routing Design Best Practices •  NET3445-GD NSX Multi Site Deployments •  NET3444-GD NSX Network Services

Technical Track - Security

CONFIDENTIAL 57

•  SEC1196 Who Can You Trust? Strategies & Designs for Implementing Zero-Trust Model Leveraging NSX •  SEC2238 Security & Micro-Segmentation for the SDDC •  SEC1959-S The “Goldilocks Zone” for Security •  SEC1958 Automating Security Policy Enforcement with VMware NSX •  SEC1698 Optimize Security with Context & Isolation using NSX Guest Introspection •  SEC2567 Unleashing Collaborative Security with VMware NSX – Advanced Defense for Advanced Threats

Advanced Technical Track - Security •  SEC2421 VMware NSX Security Operations Best Practices •  SEC1746 NSX Distributed Firewall Deep Dive

Group Discussions - Security •  SEC3446-GD Security & Micro-segmentation •  SEC3449-GD Security Policy Automation using NSX Service Composer •  SEC3448-GD NSX Platform Extensibility •  SEC3447-GD Compliance Reference Architecture

Technical Track – Management

CONFIDENTIAL 58

•  MGT1833 How to Perform Troubleshooting and Root Cause Analysis Using Log Insight •  MGT1878 Deep Dive into How vCenter Operations Simplifies NSX Operations •  MGT1969 vCloud Automation Center and NSX Integration Technical Deep Dive

Fill out a survey Every completed survey is entered into a

drawing for a $25 VMware company store gift certificate

Introduction to NSX

NET1846

Milin Desai, VMware, Inc

VMworld 2014: Introduction to NSX

Technology

Transcript of VMworld 2014: Introduction to NSX