VMworld 2015: The Future of Network Virtualization with VMware NSX
VMworld 2014: Introduction to NSX
-
Upload
vmworld -
Category
Technology
-
view
337 -
download
2
Transcript of VMworld 2014: Introduction to NSX
Disclaimer • This presentation may contain product features that are currently under development. • This overview of new technology represents no commitment from VMware to deliver these
features in any generally available product. • Features are subject to change, and must not be included in contracts, purchase orders, or
sales agreements of any kind.
• Technical feasibility and market demand will affect final delivery. • Pricing and packaging for any new technologies or features discussed or presented have not
been determined.
CONFIDENTIAL 2
Agenda
1 Intro to NSX
2 NSX Momentum
3 NSX Use Cases
4 What’s New in NSX 2014
5 NSX Operations
6 In closing
CONFIDENTIAL 3
Agenda
1 Intro to NSX
2 NSX Momentum
3 NSX Use Cases
4 What’s New in NSX 2014
5 NSX Operations
6 In closing
CONFIDENTIAL 4
The Anatomy of the Most Agile and Efficient Data Centers is SDDC
5
Custom Application
Google / Facebook / Amazon Data Centers
Custom Platform
Any x86
Any Storage
Any IP network
Software / Hardware Abstraction
Software / Hardware Abstraction
The Choice for “New IT” for “All Applications”
6
Software Defined Data Center (SDDC)
Any Application
SDDC Platform
Any x86
Any Storage
Any IP network
With NSX
Custom Application
Google / Facebook / Amazon Data Centers
Custom Platform
Any x86
Any Storage
Any IP network
Software / Hardware Abstraction
Software / Hardware Abstraction
Provides A Faithful Reproduction of Network & Security Services in Software
Management APIs, UI
Switching Routing
Firewalling
Load Balancing
VPN
Connectivity to Physical Networks
Policies, Groups, Tags
Data Security Activity Monitoring
Enables Dynamic creation of complex application topologies in minutes
Network and Security Virtualization with NSX
Hardware
Software
NSX Components Cloud
Consumption • Self Service Portal • vCloud Automation Center, OpenStack,
Custom CMS
Data Plane
NSX Edge
ESXi Hypervisor Kernel Modules
Distributed Services • High – Performance Data Plane • Scale-out Distributed Forwarding Model
Management Plane
NSX Manager • Single configuration portal • REST API entry-point
Control Plane
NSX Controller • Manages Logical networks • Control-Plane Protocol • Separation of Control and Data Plane
Firewall Distributed Logical Router
Logical Switch
NSX in a 3-Tier App Deployment
10
Hypervisor
Host 3
Hypervisor
Host 4
Hypervisor
Host 5
Web Web Web App App DB
Hypervisor
Host 1
Hypervisor
Host 2
NSX Manager
NSX Controller Cluster
vCenter
Management Cluster
Hypervisor
Host 6
Hypervisor
Host 7
Edge Cluster Compute Clusters
Agenda
1 Intro to NSX
2 NSX Momentum
3 NSX Use Cases
4 What’s New in NSX 2014
5 NSX Operations
6 In closing
CONFIDENTIAL 11
VMware NSX Training & Certification: Making SDE Real in 2014
Career Path Certifications & Training Programs
12 Tr
aini
ng
Certified Network Virtualization Professional
Certified Network Virtualization Expert
Cer
tific
atio
n
NET 1214
NSX Training and Certification Portfolio • Training Courses (www.vmware.com/go/NSXtraining)
– VMware NSX Install, Configure, Manage – VMware NSX Fast Track for Internetworking Experts (coming) – VMware NSX Design and Deploy (coming)
• Certifications (www.vmware.com/certification) – VMware Certified Professional – Network Virtualization (VCP-NV) – VMware Certified Implementation Expert – Network Virtualization (VCIX-NV) – VMware Certified Design Expert – Network Virtualization (VCDX-NV)
CONFIDENTIAL 13
Designing with NSX
14
Reference Designs & Technical Papers on VMware Communities: https://communities.vmware.com/docs
Reference Designs and Technical Papers on the NSX Portal: http://www.vmware.com/products/nsx/resources.html
NSX Design Guides
NSX Partner Reference Design
NSX Partner Whitepaper
NSX Hardening Guide
SDDC Validated Guides
NET 2318
NET 1589
New Service Categories and Partners NSX Partner Extensions
Security Services Physical-to-Virtual Services Operations and Visibility Application Delivery Services
NET 2225
New Service Categories and Partners – GA Q32014 NSX Partner Extensions
Security Services Physical-to-Virtual Services Operations and Visibility Application Delivery Services
NET 2225
Agenda
1 Intro to NSX
2 NSX Momentum
3 NSX Use Cases
4 What’s New in NSX 2014
5 NSX Operations
6 In closing
CONFIDENTIAL 18
VMware NSX – Use Cases Self-Service IT
Dev X
Dev A
Test X Acquisition A
DevOps Cloud On-boarding M&A
Application specific networking Flexible IP Address Mgmt Simplified consumption
Key Capabilities
Examples
Data Center Automation
Micro-segmentation of App Simplifying Compute Silos DMZ Deployments
Programmatic Consumption Full featured stack Visibility and ops
Key Capabilities
Examples
Public Clouds
XaaS Clouds Vertical Clouds
Multi-tenant Deployment Programmatic L2, L3, Security Overlapping IP Addressing Any Hypervisor, Any CMP
Key Capabilities
Examples
Multi-Tier App, Multiple Networks Multi-Tier App, Single Flat Network
APP
DATABASE
WEB WEB APP DATABASE
Today’s app, PAAS, Containers ---- I want it all NOW
NSX Integrates with Cloud Automation Systems to Deliver Applications with Network and Security in Minutes
CONFIDENTIAL 23
Con
sum
ptio
n
Any
MGMT 1969
NET 2379
Self Service IT journey
CONFIDENTIAL 24
End user drops apps in pre-created instances
Provider
Cloud Consumer
End user instantiates dynamic topologies
Provider
Provider delivers Pre-Created instances
Provider delivers Templates for
Dynamic Instantiation
End user drives any topology
Provider delivers guard rails
VMware NSX –Use Cases Self-Service IT
Dev X
Dev A
Test X Acquisition A
DevOps Cloud On-boarding M&A
Application specific networking Flexible IP Address Mgmt Simplified consumption
Key Capabilities
Examples
Data Center Automation
Micro-segmentation of App Simplifying Compute Silos DMZ Deployments
Programmatic Consumption Full featured stack Visibility and ops
Key Capabilities
Examples
Public Clouds
XaaS Clouds Vertical Clouds
Multi-tenant Deployment Programmatic L2, L3, Security Overlapping IP Addressing Any Hypervisor, Any CMP
Key Capabilities
Examples
Problem: Data Center Network Security Perimeter-centric network security has proven insufficient, and micro-segmentation is operationally infeasible
Little or no lateral controls
inside perimeter
Internet Internet
Insufficient Operationally Infeasible
SEC
1959-S
NSX: Enabling a Needed Control Point in the Datacenter for Security
CONFIDENTIAL 27
An NSX platform is made up of distributed elements embedded in each hypervisor,
enabling each VM/app to have its own security policy
Security closest to the applications and aligned with application lifecycle.
SEC 1746
NSX is the platform for integrating advanced security services.
Security Partner Integrations
CONFIDENTIAL 28
Partner Ecosystem
Next-generation IPS Malware Protection
Granular protection of individual VM workloads with customizable policy definitions
Automation of advanced malware interception
Unified management for physical and virtual sensors
Data Center security with agentless anti-malware and guest network threat protection
Real-time, dynamic threat protection and response for workloads moving between hosts and virtual data centers
Vulnerability Management Automatic vulnerability risk assessment
Data Center wide real- time risk visibility
Auto segmentation of risky assets
Vulnerability prioritization for effective remediation
File and Malware Protection
Single virtual appliance provides agentless:
Anti-malware with URL filtering
Vulnerability and software scanning Detection of file changes
Intrusion Detection & Prevention
Next-Generation Firewall Multiple threat prevention disciplines including firewall, IPS, and antimalware
Safe application enablement with continuous content inspection for all threats Granular user-based controls for apps, content, users,
SEC 1958
NET 2225
NSX Micro-Segmentation Journey
29
Deployed Applications on Physical Networks
New Deployments/ Deployed applications
Apply NSX Security Full network and security virtualization
Agenda
1 Intro to NSX
2 NSX Momentum
3 NSX Use Cases
4 What’s New in NSX 2014
5 NSX Operations
6 In closing
CONFIDENTIAL 32
NSX – The Network Virtualization Platform: What’s New
33
Con
sum
ptio
n S
ervi
ces
Dat
a P
lane
O
pera
tions
NSX Edge Active-Active with Scale-Out (ECMP)
Physical Device Integration
Open Virtual Switch Flow optimization, multi-threading, Hyper-V (alpha)
NSX – The Network Virtualization Platform: What’s New
34
Con
sum
ptio
n S
ervi
ces
Dat
a P
lane
O
pera
tions
Distributed Firewall Operations Improvements
Firewall Ecosystem Enablement
Multi-Site & Hybrid Cloud Enablement Layer 2 VPN , Active-Active DC, SRM Validation
LBaaS UDP support, ecosystem enablement
DDI DHCP Relay
NSX – The Network Virtualization Platform: What’s New
35
Con
sum
ptio
n S
ervi
ces
Dat
a P
lane
O
pera
tions
Operations Guides & Best Practices
Integration with Existing Tools Riverbed, Gigamon, NetScout, EMC Smarts
Analytics VMware vCenter Ops, Log Insight
Firewall Operations Tufin, Algosec
New NSX Partners & Service Categories Physical-to-Virtual Services Operations & Visibility Application Delivery Services Security Services
NSX – The Network Virtualization Platform: What’s New
36
Con
sum
ptio
n S
ervi
ces
Dat
a P
lane
O
pera
tions
vCloud Automation Center More topologies and on demand use cases
OpenStack Juno Control plane scale & Docker integration
NSX – The Network Virtualization Platform: What’s New
37
Con
sum
ptio
n
• VMware vCloud Automation Center • OpenStack Juno
Ser
vice
s • Distributed Firewall Operations • LBaaS: UDP support • DDI: DHCP relay
Dat
a P
lane
• Continue advancements of Open Virtual Switch • NSX Edge: A-A with scale-out • Physical device integration
Ope
ratio
ns
Partner
Integration
• New NSX Partners & Service Categories • Operations Guides & Best Practices • Integrations with existing tools • Analytics, Firewall Ops
• Multi-site and hybrid enablement
Agenda
1 Intro to NSX
2 NSX Momentum
3 NSX Use Cases
4 What’s New in NSX 2014
5 NSX Operations
6 In closing
CONFIDENTIAL 38
NSX Operations – Beyond Packet Visibility
40
Plug into Existing Network
Monitoring Systems
Enable Advanced Analytics
Native NSX Ops for the Cloud Admins
Enable Existing Tools for the Network Operator
• Flow monitoring • Server access monitoring • Tunnel healthcheck
• SPAN/RSPAN • Netflow/IPFIX • LLDP • Syslog Integration
SDDC Operator
NET 1966
NSX – The Network Virtualization Platform: What’s New
41
Con
sum
ptio
n S
ervi
ces
Dat
a P
lane
O
pera
tions
Operations Guides & Best Practices
Integration with Existing Tools Riverbed, Gigamon, NetScout, EMC Smarts
Analytics VMware vCenter Ops, Log Insight
Firewall Operations Tufin, Algosec
New NSX Partners & Service Categories Physical-to-Virtual Services Operations & Visibility Application Delivery Services Security Services
NSX with physical workloads
Physical Workloads
VXLAN VLAN
x86-based bridge
Highest density but requires specific hardware
Leverages x86 server
Physical Workloads
VXLAN VLAN
HW VTEP
NSX with physical workloads
Native NSX support for containers
Ecosystem with OVSDB
x86 based bridging
CONFIDENTIAL 48
NSX Performance delivered by a Distributed, Scale-out Architecture
48
0
5
10
15
20
64 512 1500 32k 64k Send
thro
ughp
ut
in G
bps
TCP Message Size
0
5
10
15
20
64 512 1500 32k 64k Send
Thr
ough
put i
n G
bps
TCP Messge Size
0
5
10
15
20
64 512 1500 32k 64k Send
Thr
ough
put i
n G
bps
TCP Message Size
0
5
10
64 512 1500 32k 64k TCP
Send
thro
ughp
ut
in G
bps
TCP Message Size
Logical Switching Logical Routing
Firewalling Bridging
NET 1883
Agenda
1 Intro to NSX
2 NSX Momentum
3 NSX Use Cases
4 What’s New in NSX 2014
5 NSX Operations
6 In closing
CONFIDENTIAL 49
NSX – The Network Virtualization Platform
50
Con
sum
ptio
n
How an end user consumes NSX services via a Cloud Management Platform. The operator interacts with the system through UI or API.
Ser
vice
s
NSX logical services and 3rd party extensions for networking and security (ex. Logical switch , Logical router, Firewall, Load Balancer, VPN, DDI)
Dat
a P
lane
Provides workload connectivity & services processing (ex. hypervisors, physical switches and appliances)
Ope
ratio
ns
Partner
Integration
NSX operator uses tools (built-in and 3rd party) for troubleshooting, visibility
Management, Control & Data plane integration of 3rd party services
Dat
a P
lane
XenServer NSX Edge Hyper-V vSphere KVM 3rd Party GW
Ser
vice
s S
ervi
ces
L2 Switch Firewall Load Balancer L3 Router VPN DDI
Ope
ratio
ns
Partner
Integration
Software partner extensions
Hardware partner extensions
Partner extensions
vCOPs
Con
sum
ptio
n
Any
SDDC Approach with NSX Enables Choice and Flexibility
2-Tier / 3-Tier Leaf / Spine
Build Your Own
Converged Systems
Hyper-Converged Systems
Today’s Application PAAS Containers . . .
. . .
< Any Network >
< Any Infrastructure >
< Any Application >
What’s Next…
VMware NSX Hands-on Labs
labs.hol.vmware.com
VMware Booth #1229 3 NSX Demo Stations
53
Explore, Engage, Evolve virtualizeyournetwork.com
Network Virtualization Blog
blogs.vmware.com/networkvirtualization
NSX Product Page vmware.com/go/nsx
NSX Training & Certification
www.vmware.com/go/NVtraining
NSX Technical Resources Reference Designs
vmware.com/products/nsx/resources
VMware NSX YouTube Channel youtube.com/user/vmwarensx
VMware NSX Community
communities.vmware.com/community/vmtn/nsx
Play Learn Deploy
Business Solution • NET1214 NSX Certification – the Next Step in your Networking Career • NET1745 The Case for Network Virtualization: Customer Case Study • NET1786 The Business Case for Network Virtualization • NET2293 Bridging Enterprise Networks to Hybrid Cloud Using NSX
Hands-on Labs
CONFIDENTIAL 54
• SDC-1402 vSphere Distributed Switch from A to Z • SDC-1403 Introduction to VMware NSX • SDC-1420 OpenStack with VMware vSphere and NSX • SDC-1423 vCloud Suite Basic Networking • SDC-1424 VMware NSX and SDDC • SDC-1425 VMware NSX Advanced
Technical Track - Networking
CONFIDENTIAL 55
• NET1846 Introduction to NSX • NET1743 VMware NSX – A Technical Deep Dive • NET1957 NFV for Telco Infrastructure • NET1468 A Tale of Two Perspectives: IT Operations with VMware NSX • NET1586 Advanced Network Services with NSX • NET1560 The NSX Guide to Horizon View • NET1883 NSX Performance Overview • NET1588 Load Balancer as a Service, using NSX or Partner Solutions • NET1401 vSphere Distributed Switch Best Practices for NSX • NET2318 Scale-Out NSX Deployments: With VMware-powered SDDC • NET1581 Reference Design for SDDC with NSX for Multi-Hypervisors • NET2379 Dynamically Configuring Application Specific Network Services for vCAC &NSX • NET2225 NSX Platform: Enabling 3rd Party Network & Security Solutions
Advanced Technical Track - Networking
CONFIDENTIAL 56
• NET1949 VMware NSX for Docker, Containers & More • NET1589 Reference Design for SDDC with NSX & vSphere • NET1583 NSX for vSphere Logical Routing Deep Dive • NET1974 Multi-Site Data Center Solutions with VMware NSX • NET1674 Advanced Topics & Future Directions in Network Virtualization with NSX • NET1966 Operational Best Practices for VMware NSX • NET1592 Under the Hood: Network Virtualization with OpenStack Neutron & VMware NSX
Group Discussions - Networking • NET3441-GD vSphere Distributed Switch • NET3442-GD vCAC and NSX • NET3443-GD NSX Routing Design Best Practices • NET3445-GD NSX Multi Site Deployments • NET3444-GD NSX Network Services
Technical Track - Security
CONFIDENTIAL 57
• SEC1196 Who Can You Trust? Strategies & Designs for Implementing Zero-Trust Model Leveraging NSX • SEC2238 Security & Micro-Segmentation for the SDDC • SEC1959-S The “Goldilocks Zone” for Security • SEC1958 Automating Security Policy Enforcement with VMware NSX • SEC1698 Optimize Security with Context & Isolation using NSX Guest Introspection • SEC2567 Unleashing Collaborative Security with VMware NSX – Advanced Defense for Advanced Threats
Advanced Technical Track - Security • SEC2421 VMware NSX Security Operations Best Practices • SEC1746 NSX Distributed Firewall Deep Dive
Group Discussions - Security • SEC3446-GD Security & Micro-segmentation • SEC3449-GD Security Policy Automation using NSX Service Composer • SEC3448-GD NSX Platform Extensibility • SEC3447-GD Compliance Reference Architecture
Technical Track – Management
CONFIDENTIAL 58
• MGT1833 How to Perform Troubleshooting and Root Cause Analysis Using Log Insight • MGT1878 Deep Dive into How vCenter Operations Simplifies NSX Operations • MGT1969 vCloud Automation Center and NSX Integration Technical Deep Dive
Fill out a survey Every completed survey is entered into a
drawing for a $25 VMware company store gift certificate