GAMO VMware vCloud Air

32
© 2016 VMware Inc. All rights reserved. Slovak Defined Data Center GAMO VMware vCloud Air Network Customer Presentation Frantisek Ferencik, Systems Engineer 10.5.2016 Hosted infrastructure services based on vSphere, the leading server virtualization platform IaaS Powered

Transcript of GAMO VMware vCloud Air

©  2016   VMware  Inc.  All  rights  reserved.

Slovak  Defined  Data  CenterGAMO  -­ VMware  vCloud Air  NetworkCustomer  Presentation

Frantisek  Ferencik,  Systems  Engineer10.5.2016

Hosted  infrastructure  services  based  on  vSphere,  the  leading  server  virtualization  platform  

IaaS  Powered

GAMO  Cloud  Customer  Benefits

HybriditySecurity  &  Compliance

Data  Sovereignty

CONFIDENTIAL 2

Unlock  the  flexibility  to  move  existing  and  future  workloads  from  on-­premises  environments  to  public  clouds  and  back  again  for  a  true  hybrid  cloud  experience

Ensure  compatibility  with  services  based  on  the  same  VMware  platform  you  already  use

Customer  Benefits:  Hybridity

CONFIDENTIAL 3

Bypass  risk  and  uncertainty  with  clouds  offering  compliance  certifications  and  built-­in  standards  for  security  and  reporting  to  meet  business  and  industry  requirements

Trust  the  inherent  isolation  provided  by  vSphere  as  well  as  the  network  virtualization  and  per  VM  security  policies  provided  by  NSX

Customer  Benefits:  Security  &  Compliance

CONFIDENTIAL 4

National  cloud  give  you  the  peace  of  mind  of  knowing  exactly  where  your  data  is  being  stored  and  transferred

Cloud  provider  keep  data  and  applications  local  for  simplified  adherence  to  national  data  security  and  privacy  regulations  

Customer  Benefits:  Data  Sovereignty

CONFIDENTIAL 5

Pre-­Hypervisor  Challenges

6

• OS  :  Physical   Hardware  mapping   is  1:1

• Higher  Scale  =  More  Hardware

• Resources  Mostly  Underutilized

• Network  Configurations   are  mostly  Manual

• Security  =  Perimeter

Pre-­Hypervisor

L2  +  L3

Application

OS

x86

Storage

Network  Interface

Physical  Gateway  +  Router

Firewall,  VPN

Virtualization  of  x86  resolves  some  issues…  

7

1:1  mapping  between    OS  &  Hardware

Scale  =  more  hardware

Under  Utilized  resources

Manual  Configurations

Perimeter  Security

Pre-­Hypervisor

L2  +  L3

Application

OS

x86

Storage

Network  Interface

Physical  Gateway  +  Router

Firewall,  VPN

1:X  mapping  between  OS  &  Hardware

Scale  !=  more  Hardware

Optimized  Resource  Consumption

Addition  of  Manual  Routes

‘X’  #  Firewall  Rules  

Choke  Points

No  Cross  vSwitchSecurity

Perimeter  Security

Post-­Hypervisor

VirtualL2

L3

Hypervisor

x86

Storage

Network  Interface

Physical  Gateway  +  Router

Firewall,  VPN

VM VMVMVM

vSwitch

Hypervisor  +  NSX

VirtualL2  +  L3

Hypervisor

x86

Storage

Network  Interface

Physical  Gateway  +  Router

Firewall,  VPN

VM VMVMVM

vSwitch

Abstracts  Physical  Networking  Services

8

Pre-­Hypervisor

L2  +  L3

Application

OS

x86

Storage

Network  Interface

Physical  Gateway  +  Router

Firewall,  VPN

Virtual  Gateway  +  Router

Virtual  Firewall,  VPN

Hypervisor NSX

Post-­Hypervisor

VirtualL2

L3

Hypervisor

x86

Storage

Network  Interface

Physical  Gateway  +  Router

Firewall,  VPN

VM VMVMVM

vSwitch

Decouple  Network  Services

NSX  is fundamental to  the  SDDC

9

The  software-­defined  data  center  (SDDC)  is  crucial  to  the  long-­term  evolution  of  an  agile  digital  business,  according  to  Gartner,  Inc.

Gartner  predicts  that  the  programmatic  capabilities  of  the  SDDC  will  be  considered  a  requirement  for  75  percent  of  Global  2000  enterprises  by  2020.

• Static• Rigid  /  fragile• Prone  to  security  issues• Expensive• Hard  to  change• Manual  

Data  centers  of  today Benefits  of  the  SDDC

NSX  is  fundamental   to  the  SDDCVMware  and  NSX  are  best  positioned  to  deliver  the  SDDC  to  organizations  because  we  are  positioned  at  the  right  place  in  the  data  center  to  enable  the  benefits  of  the  SDDC.  Without  NSX,  the  benefits  of  the  SDDC  can’t  be  realized.

Dramatically  higher  efficiency  and  lower  costs  Application  provisioning  in  minutes  The  right  availability  and  security  for  every  application  App  and  workload  mobility  

ProvidesA  Faithful  Reproduction  of  Network  &  Security  Services  in  Software  

Switching Routing Firewalling LoadBalancing

VPN Connectivityto  Physical

What is NSX?

11

Construct  Network  Services  in  Virtual  Layers

12

Provider  Peripheral  Network  Infrastructure

SwitchingRouting Firewalling LoadBalancing

VPN

Decouple  Network  Services

Decouple  Network  Services

• Core  infrastructure  backbone  is  agnostic  of  network  demands  at  the  virtual  data  centers

• Flexibility of  Operations

− Consumer  serviced  networks− Defined  Micro-­segments  for  various  workloads

Consumer

End  Customer  Network  Infrastructure

Virtual  Data  Center

VM VM VM

Priv ate  Network(192.168.50.0/24)

VM VM VM

DMZ   Network(192.168.52.0/24)

Virtual  Data  Center

VM VM VM

Priv ate  Network(192.168.50.0/24)

VM VM VM

DMZ   Network(192.168.52.0/24)

Virtual  Data  Center

VM VM VM

Priv ate  Network(192.168.50.0/24)

VM VM VM

DMZ   Network(192.168.52.0/24)

Provider

Physical   Firewall

Rules

VM’s  in  Data  Center

VM VM

VM VM VM

VM VM VM

VM

With  NSX  DFW

Lower  Perimeter  Firewall  requirements  and  cost

13

Lower  #  of  Physical   Firewalls

VM’s  in  Data  Center

VM VM

VM VM VM

VM VM VM

VM

Physical   Firewall

Without   NSX  DFW

Distributed  Firewall  Rules

VM  with  Security   Policy

VM  with  Default  Security   Policy

VM

VM

Rules

Lower  Routing  equipment  requirements  and  cost

14

Lower  #  of  Routers

VM’s  in  Data  Center

Physical   Routers

VM VMVMvSwitch3

VM’s  in  Data  Center

Physical   Routers

VM VMVMvSwitch3

VM VMVMvSwitch1

VM VMVMvSwitch2

Distributed  Routing+

Edge  Gateway

VM VMVMvSwitch1

VM VMVMvSwitch2

Distributed  Routers

Distributed   Logical   Router

.1

.1

.1

.1

App   Logical   Switch172.16.20.0/24

DB   Logical   Switch172.16.30.0/24

.2

Perimeter  Gateway

Control  Center192.168.110.10

Web   Logical   Switch172.16.10.0/24

Micro-­Segmentation/Inside  Perimeter  SecurityZero  Trust  Model

VM

fin-­web-­sv-­02b

.12.11

fin-­web-­sv-­01a

VM VMhr-­web-­sv-­02b

.22.21

hr-­web-­sv-­01a

VM VM.11

fin-­app-­sv-­01a

VM.21

hr-­app-­sv-­01a

VM.11

fin-­db-­sv-­01b

VM.21

hr-­db-­sv-­01b

VM

Finance

HR

TCP  1234SSH

Traffic   from  WEB  tier   to  APP  tier  (per  organization)  protected   by  DFW

MySQL

Traffic   from  APP  tier   to  DB  tier  (per  organization)  protected   by  DFWHTTP

HTTPS

Traffic   from  USER  to  WEB  Tier  protected   by  DFW

15

Distributed  networking  services  allow  better  performance  and  modelling

16

NSX  and  vCloud  Director  Use  Cases• NSX  functionality  can  be  consumed  out  of  band  from  vCD  to  enable  provider  side  use  cases

• Enables  providers  to  deliver  value  added  services  to  their  cloud  consumers• Does  not  require  direct  product  integration

• Can  be  automated   for  rapid  provisioning  or  even  self-­service

CONFIDENTIAL 17

Use  Case Benefit NSX  Components

L2VPN  &  L2  Bridging • Cloud  Bursting• Cloud  Migration• Network  Extension• Disaster Recovery  as  as  Service

NSX  Edge  GatewayNSX  L2  Bridging

Micro-­segmentation  of  provider  managed  networks

• Securely  provide  network  based  services  to  tenants,  eg:• Backup• Monitoring• Patching

NSX  Distributed  FirewallSpoofGuard

Guest/Network  Introspection  NSX  Partners  Services

• Agentless  guest  and  network  based  services  from  NSX  Partners,  eg:• Anti   Virus• IDS/IPS

NSX  Service  ComposerPartner  Ecosystem

Gateway  Virtualization • Virtualize  network  functions  on  commodity  x86  hardware• Common  interface  and  vendor  across  all  services

NSX  Edge  GatewayVXLAN

Y

• SSL  secured  L2  extension  technology  over  any  IP  network

• Separate  NSX  Edge  GWs  run  as  server  &  client• Independent  of  vCenter  Server  boundaries• Managed  and  Unmanaged  options• UI  and  API  based  configuration

• Able  to  bridge  any  combination  of  VLAN  or  VXLAN  networks

• No  specialized  hardware  required  (will  leverage  AES-­NI  CPU  instruction  set  where  available)

• Supports  both  Enterprise  and  Hybrid  Cloud  use  cases

Features Benefits

NSX  and  vCloud  Director  – L2  VPN

CONFIDENTIAL 18

Internet   /  WAN

Enterprise

NSX   Edge   Services   GW  L2VPN   Client

NSX   Edge   Services   GW  L2VPN   Server

Internet   /  WAN

PublicCloud

Hybrid  Cloud

NSX   Edge   Services   GW  L2VPN   Client

NSX   Edge   Services   GW  L2VPN   Server

NSX  and  vCloud  Director  – L2  Bridging• NSX  L2  Bridging– Physical  to  Virtual  connectivity– Intra-­DC  Migration   &  IP  Mobility

CONFIDENTIAL 19

Tenant  1Servers  &  VMs(VLAN  10)

Tenant  2Servers  &  VMs(VLAN  20)

Bridging   Instance  Tenant  1(VXLAN   5000   to  VLAN   10)

Bridging   Instance  Tenant  2(VXLAN   5001   to  VLAN   20)

VXLAN  5000VXLAN  5001

vCloud  Director  &  NSXManaged  Resources Colocation  Resources

VXLAN

VLANL3  PhysicalNetwork

NSX  and  vCloud  Director  – Secure  Provider  Services• NSX  enables  Provider  managed   services  to  be  attached  to  VMs  (Monitoring,  Backup,  etc.)

• All  VMs  are  attached  to  a  common  Service  Network• NSX  Distributed  Firewall  and  SpoofGuard  enforce  security  and  isolation

CONFIDENTIAL 20

Edge  Gateway

VM VM VM VM VM VMVM VM

Org  2

Org  1  Net Org  2  Net

App  X  Net

ProviderRouters

App  Y  Net App  Z  Net App  K  Net

vApp X vApp Y vApp Z vApp KNSX  Edge NSX  Edge

Internet/WAN

External   Net

Monitoring  Service

Backup  Service

Patching  Service

Common   Services   Net

Tenant   1Managed Org  1 Tenant   2

Managed

ProviderManaged

NSX  and  vCloud  Director  – Value  Added  Services• Both  native  NSX  and  3rd  party  Solutions  can  be  added  as  Value  Added  Services  (VAS)

• NSX  Service  Composer  allows  Providers  to  deliver  VAS  on  a  per-­Tenant  or  per-­VM  basis

21Data  

Security  Firewall Activity  

MonitoringAnti  VirusVulnerability  

ManagementIPS/IDS

Different   service  categories from  several  vendors  are  supported

Hyper-­Converged  Infrastructure  Architecture

22

HYPER-­CONVERGED  SOFTWARE

Compute,   storageand  networking

Tightly   integrated  software  stack

INDUSTRY-­STANDARD  HARDWARE

Convergence   ofphysical  storage  onx86  hardware

Building-­blockapproach

Industry-­Leading  Hyper-­Converged  Software

23

From   the  market   leader   in  virtualization   software  and  management

VMware  Hyper-­Converged  Software

x86  Server  Hardware

vSphere

vCenter

Virtual  SAN

VMware  Hyper-­Converged  Software

Market-­leading  hypervisor

Radically  simple  enterprise-­class  storage

Most  flexible  deployment  options

Unified  management

The  Best  Building  Block  for  the  Software-­Defined  Data  Center

24

NSX:  Leading   network  virtualization  platform   for  the  SDDC

vRealize Operations:  Advanced  storage  management   and  planning

vRealize  Log  Insight:  Real-­time   log  management   of  Virtual  SAN

Horizon:  Single   platform   for  virtual  and  hosted  desktops

x86  Server  Hardware

vSphere

vCenter

Virtual  SANVMware  HCS

SDDC  software

Why  VMware  Hyper-­Converged  Software?

25

Radically  Simple

>100Pre-­Certified  Ready  Nodes  to  Match  

Existing  Infrastructure

1Integrated  SW  stack  

<1msLatency  with  all-­flash  

systems

>100KIOPS  per  node

$1/GBAs  low  as  $1  per  

usable  GB  of  all-­flash  Virtual  SAN

50%Lower  TCO

1Platform  for  business  critical  apps,  Openstack  

and  containers

>6M  IOPS  per  cluster

Highest  Performance

Lowest  Cost$ Any  App,

Any  Scale

Most  Widely  Deployed  HCI  Solution  in  the  Market

Total  Customer  Count

Q2’13 Q2’14 Q2’15

VMware  HCS#2  HCI  Vendor**

VMware  HCS

#1 >20,000  CPUs  in  Q4’15Units  Deployed*

>3,000  customers>500  new/quarter

Customer  Adoption*#1

~200%  YoY in  Q4’15Revenue  Growth*#1

*  Source:  VMware   internal  analysis,  January  2016.  Compared   to  leading  HCI   vendors  only.  **  Source:  IDC  MarketScape  Hyperconverged  Market,  Dec  2014.  SEC  S-­1  Form,   December   2015.  

VMware  Virtual  SAN

27

Radically  Simple   Hypervisor-­Converged   Storage   for  VMs  

• Software-­defined   storage   optimized   for  VMs

• Embedded   in  the  hypervisor

• Runs  on  any  standard  x86  server

• Supports  hybrid  and  all-­flash  configurations

• Delivers  enterprise-­level   scalability  and  performance

• Managed   through   per-­VM  storage  policies

• Deeply   integrated   with  the  VMware   stack

Overview

Virtual  SAN  Datastore

vSphere  +  Virtual  SAN

VM VM VMVM VM VM

Accelerating  Innovation

28

VSAN  5.5March  2014

VSAN  6.0March  2015

All  Flash64  Node  ClusterX2  Hybrid  PerformanceVSAN  SnapshotsVSAN  ClonesRack  Awareness

VSAN  6.2March  2016

VSAN  6.1September   2015

Stretched  ClusterReplication  -­ 5  Min  RPORoot  Cause  AnalysisHealth  Monitoring

DeduplicationCompressionErasure  Coding  (RAID  5/6)Quality  of  Service  Performance  &  Capacity  MonitoringExpanded  Virtual  SAN  Ready  Nodes

Virtual  SAN  Simplifies  and  Automates  Storage  Management  

29

Per-­VM  Storage   Service  Levels  From  a  Single   Self-­tuning   Datastore

Storage  Policy-­Based  Management

Virtual  SAN  Shared  Datastore

vSphere  +  Virtual  SAN

SLAs

Software  Automates  Control  of  Service  Levels

No  more  LUNs/Volumes!

Policies  Set  Basedon  Application  Needs

Capacity

Performance

Availability

Per  VM  Storage  Policies

Efficiency  of  a  Single,  Hyper-­Converged  Software  Stack

StorageVM

vSphere vSphere  +  Virtual  SAN

One in every server

ü Kernel-­embedded   for  optimized  I/O  data  path

ü Major  advantage   in  resource  utilization• 2x  CPU  efficiency  and  3x  memory  efficiency

ü All  features  work  natively• Native  vMotion and  DRS

✖ Overhead  of  virtual  appliance

✖ Long  data  paths

✖ Bolted-­on   integration

Tiered  All-­Flash  and  Hybrid  Options

31

Caching

DataPersistenceVirtual  SAN

All-­Flash

100K  IOPS  per  Host+

sub-­millisecond   latency

Writes  cached  first,Reads  from  capacity  tier

Capacity  TierFlash  Devices

Reads  primarily  from  capacity  tier

SSD PCIe NVMe

Hybrid

40K  IOPS  per  Host

Read  and  Write  Cache

Capacity  TierSAS  /  NL-­SAS  /  SATA

SSD PCIe NVMe

Virtual  SAN  Delivers  Enterprise-­Grade  Scale

32

6M+IOPS

6,400VMs

8.8Petabytes

Maximum  Scalability  per  Virtual  SAN  Cluster

64Hosts “I  am  looking   for  cost-­savings,  efficiency  

and   the  ability   to  expand   when  we  need  to,  quickly.  And   that’s  something   the  Virtual  SAN  lets  us  do  in  every  case.For   the  Doe  Fund,  you  know,  it  is  the  holy  grail  of  storage.”— Ryan  HoenleDirector  of  IT,  The  DOE  Fund,  Inc.

Notes:  based  on  IOMeter  100%  Read  benchmark

Thank  YouQuestions?