NET1188BE Disaster Recovery Solutions with NSX or distribution · RecoverPoint for Virtual Machines...
Transcript of NET1188BE Disaster Recovery Solutions with NSX or distribution · RecoverPoint for Virtual Machines...
Humair Ahmed, VMware NSBU, @Humair_AhmedRichard Stinton, iland, @vstinto
NET1188BE
#VMworld #NET1188BE
Disaster Recovery Solutions with NSX
VMworld 2017 Content: Not fo
r publication or distri
bution
• This presentation may contain product features that are currently under development.
• This overview of new technology represents no commitment from VMware to deliver these features in any generally available product.
• Features are subject to change, and must not be included in contracts, purchase orders, or sales agreements of any kind.
• Technical feasibility and market demand will affect final delivery.
• Pricing and packaging for any new technologies or features discussed or presented have not been determined.
Disclaimer
CONFIDENTIAL 2
VMworld 2017 Content: Not fo
r publication or distri
bution
1 The Need for Better DR with NSX
2 NSX Features for DR
3 NSX DR Solutions with Examples
4 Demo
5 Customer Example: EMC Enterprise Hybrid Cloud (EHC)
6 Customer Example: iland
7 Third Party Services for DR with NSX
8 Summary and Q&A
Agenda
3
VMworld 2017 Content: Not fo
r publication or distri
bution
NSX Networking and Security for DR Solutions
4
Ex:
▪ L2 Over Dark Fiber
▪ VPLS Over MPLS Back Bone
▪ Hardware-Based Solution (OTV)
Expensive, hardware-based, complex, operationally challenging, and/or long lead times required
What’s needed is a software based approach which can provide:
➢ Decoupling from physical hardware➢ Ease of deployment ➢ Ease of use➢ Better security with micro-segmentation➢ Leverage higher-level security constructs➢ Flexibility➢ High degree of automation➢ Rapid deployment/recovery and productivity➢ Ease of testing DR Plan➢ Extensive partner ecosystem for services➢ Integration with other DR & SDDC components (SRM, vSphere hypervisor, vRealize Suite, etc.)Not holistic solutions – only focused on the network and per-device configuration and lack automation and flexibility
Traditional Challenges for DR Solutions
• Change application IP addresses• Re-create/Re-configure physical network
for L2-L3 connectivity requirements• Re-create security policies • Update other physical device configuration
Ex: load balancer • Additional update/re-configuration (ACLs,
DNS, Application IP Dependencies, etc.)
Winter is coming.
Protect the workloads!
Site 1: Winterfell
Site 2: King’s Landing
Traditional Solutions::
VMworld 2017 Content: Not fo
r publication or distri
bution
1 The Need for Better DR with NSX
2 NSX Features for DR
3 NSX DR Solutions with Examples
4 Demo
5 Customer Example: EMC Enterprise Hybrid Cloud (EHC)
6 Customer Example: iland
7 Third Party Services for DR with NSX
8 Summary and Q&A
Agenda
5
VMworld 2017 Content: Not fo
r publication or distri
bution
Leveraging Cross-VC NSX for DR
6
• DR to another data center
APP
Active Stand-byActive - stand-by model
ULS - VNI 7000
ULS - VNI 8000
UDLR
APP
UDFW
ULS - VNI 9000
APP
APP
APP
APP
WEB
APP
DB
APP
APP
APP
Site 1 Site 2
VMworld 2017 Content: Not fo
r publication or distri
bution
Flexibility for DR Solutions
• DR to another data center
Active Stand-by
Active - stand-by model
UDLR
UDFW
APPAPP
WEBAPPDB
APPAPP APP APP
WEBAPPDB APP APP APPAPPAPP APP
UDLR
ActiveStand-by
Site 1 Site 2
7
VMworld 2017 Content: Not fo
r publication or distri
bution
Transport Zone
Host 1 Host 2
Universal App Logical Switch: VNI 90000
Universal Controller Cluster
No CDO Mode
VDS
Cluster
Successful PingPing Fails
NSX Control Plane Resiliency: CDO Mode
VDS
Cluster
Site 1 Site 2
Universal Transport Zone
No CDO Mode
8
VMworld 2017 Content: Not fo
r publication or distri
bution
Transport Zone
Host 1 Host 2
Universal App Logical Switch: VNI 90000
Universal Controller Cluster
CDO CDO
VDS
Cluster
Successful Ping
BUM
• No issues when powering on a VM on
Host 2 or vMotioning a VM to Host 2
NSX Control Plane Resiliency: CDO Mode
VDS
Cluster
Site 1 Site 2
Universal Transport Zone
9
VMworld 2017 Content: Not fo
r publication or distri
bution
On Primary NSX Manager - configure Unique ID Selection Criteria On Primary NSX Manager - create Universal Security Tag
Synchronization of Security Tags between
Primary/Secondary NSX Managers
On Secondary NSX Manager - Security Tags attached to
respective VMs based on Unique Selection criteria
Ex: Universal Security TagsOn Primary NSX Manager – Statically
attach security tag(s) to respective VM(s)
NSX Security: Leveraging Higher-Level Security Constructs
10
VMworld 2017 Content: Not fo
r publication or distri
bution
Leveraging NSX for DR to Cloud
11
• DR to a cloud environment
Active - stand-by model
WEBAPPDB
APPAPP APP
Stand-by
L2 over L3 via
Cross-VC NSX
Active
Direct Connectivity
WEBAPPDB
VMware Cloud Provider
APPAPP APP
Site 1 Site 2
VMworld 2017 Content: Not fo
r publication or distri
bution
Leveraging NSX for DR to Cloud
12
• DR to a cloud environment
Active - stand-by model
WEBAPPDB
APPAPP APP
Stand-by
APP APP
VMware Cloud Provider
IPSECL2VPN
WEBAPPDB
Active
APP
Site 1 Site 2
VMworld 2017 Content: Not fo
r publication or distri
bution
1 The Need for Better DR with NSX
2 NSX Features for DR
3 NSX DR Solutions with Examples
4 Demo
5 Customer Example: EMC Enterprise Hybrid Cloud (EHC)
6 Customer Example: iland
7 Third Party Services for DR with NSX
8 Summary and Q&A
Agenda
13
VMworld 2017 Content: Not fo
r publication or distri
bution
NSX Enhanced DR Solutions
vSphere 6.0+ NSX 6.2+
SRM
Compute and Networking DR Orchestration Storage Replication
vSphere/Array Replication
Dell EMC RP4VM
Other DR VendorsVRA VRA
VM-Level Replication
RP4VM
Replication
14
VMworld 2017 Content: Not fo
r publication or distri
bution
Cross-VC NSX + SRM for DR
15
Storage
Servers
VMware vSphere
vCenter ServerSite
Recovery Manager
Virtual Machines
Site Recovery Manager
• Manages recovery plans
• Automates failovers and failbacks
• Tightly integrated with vCenter and replication
Storage-Based Replication (3rd party)
• Provided by replication vendor
• Integrated via replication adapters created, certified and supported by replication vendor
vSphere Replication
• Part of vSphere platform
• Replicates virtual machines between
vSphere clusters
Replication Options
Required at both protected
and recovery sites
Networking ?
Compute
Storage
Source and destination networks are automatically mapped with Storage Policy Protection Group (SPPG)
APP APP APP APP APP APP
VMworld 2017 Content: Not fo
r publication or distri
bution
16
Palo Alto Networks
SRM SRM
Palo Alto Networks
vSphere Replication vSphere Replication
.1
.1
.1
Active Application Standby Application
1
2
3
Protection GroupPriorities/Dependencies
VMworld 2017 Content: Not fo
r publication or distri
bution
17
ULS – Web: 172.20.1.0/24
ULS – App: 172.20.2.0/24
UDLR
DB
UDFW
ULS – DB: 172.20.3.0/24
Web
App
Test ULS – Web: 172.20.1.0/24
Test ULS – App: 172.20.2.0/24
Test UDLR
DBTest ULS – DB: 172.20.3.0/24
Web
App
Site 1Palo Alto, CA
Site 2San Jose, CA
SRM
DB
Web
App
Run on Isolated Test Network
VMworld 2017 Content: Not fo
r publication or distri
bution
Cross-VC NSX + RP4VM for DR
18
Recover Point Manager
• Manages recovery plans
• Automates failovers and failbacks
• Tightly integrated with vCenter
• Protect VMs with VM level granularity
• Replicates virtual machines between
vSphere clusters
• Orchestrated DR test, failover, failback to
any point in time
Hypervisor Based Replication
VMworld 2017 Content: Not fo
r publication or distri
bution
19
Cross-VC NSX + Zerto for DR
VMworld 2017 Content: Not fo
r publication or distri
bution
1 The Need for Better DR with NSX
2 NSX Features for DR
3 NSX DR Solutions with Examples
4 Demo
5 Customer Example: EMC Enterprise Hybrid Cloud (EHC)
6 Customer Example: iland
7 Third Party Services for DR with NSX
8 Summary and Q&A
Agenda
20
VMworld 2017 Content: Not fo
r publication or distri
bution
21
VMworld 2017 Content: Not fo
r publication or distri
bution
1 The Need for Better DR with NSX
2 NSX Features for DR
3 NSX DR Solutions with Examples
4 Demo
5 Customer Example: EMC Enterprise Hybrid Cloud (EHC)
6 Customer Example: iland
7 Third Party Services for DR with NSX
8 Summary and Q&A
Agenda
22
VMworld 2017 Content: Not fo
r publication or distri
bution
Enterprise Hybrid Cloud
CI / HCI PlatformSoftware Defined
InfrastructureCloud Management
and OperationsSelf-service and automated IaaS
Continuous Availability
Disaster Recovery
Encryption Services
Data Protection
Engineered Modular Add-ons
Enterprise Hybrid Cloud
24
VMworld 2017 Content: Not fo
r publication or distri
bution
Business value NSX with EHC delivered to our customers
4X faster
provisioning time
90% reduction
in downtime
50% reduction
in data center costs
Consolidated data
centers by 71%
Reduced resource
provisioning time from
months to hours
Unification of
entire IT department
vs. siloed teams
Reduced provisioning
times from 2–3 weeks
to minutes
Decreased total IT
spend by 60%
Reduced time to market
for new business
services by 65%
25% time saved from
operational activities
Provisioning time
reduced from days
to minutes
Increased resource
utilization
25
VMworld 2017 Content: Not fo
r publication or distri
bution
NSX Simplifies EHC DR add-on
RecoverPoint for
Virtual Machines
(RP4VM)
• VM-level disaster recovery
granularity
• Virtual Appliance Replication
• vSphere web client
integration
26
VMworld 2017 Content: Not fo
r publication or distri
bution
Use Case: Requirements
12
45 6
3
2 Sites, 2 vCentersActive workloads
Bi-directional DR
Consistent security
Consistent networks and
traffic engineering
DR Consumption
through CMP
27
VMworld 2017 Content: Not fo
r publication or distri
bution
Building the Network
Green_uDLR
Blue_uDLR
Site 1 Site 2
vCenterNSX
ManagerController
ClustervCenter
NSX Manager
Cross vCenter NSX 1
2
5
Web App DB
Blue App01
Web App DB
Green App0128
VMworld 2017 Content: Not fo
r publication or distri
bution
Replicating the VMs
Green_uDLR
Blue_uDLR
Site 1 Site 2
vCenterNSX
ManagerController
ClustervCenter
NSX Manager
Cross vCenter NSX
Web App DB
Blue App01
Web App DB
Green App01
RP4VMvRPA
RP4VMvRPA
Recoverpoint for VM
RP4VM CG
RP4VM CG
Web App DB
Green App01
Web App DB
Blue App01
3
29
VMworld 2017 Content: Not fo
r publication or distri
bution
Securing the Applications
Green_uDLR
Blue_uDLR
Site 1 Site 2
vCenterNSX
ManagerController
ClustervCenter
NSX Manager
Cross vCenter NSX
Web App DB
Blue App01
Web App DB
Green App01
RP4VMvRPA
RP4VMvRPA
Recoverpoint for VM
RP4VM CG
RP4VM CG
Web App DB
Green App01
Web App DB
Blue App01
Universal
Security
Groups, tags
and DFW
rules
6
4Static Inclusion
192.168.0.100
00:50:56:XX:YY:ZZ
Dynamic Inclusion
Universal Security Groups
VMworld 2017 Content: Not fo
r publication or distri
bution
1 The Need for Better DR with NSX
2 NSX Features for DR
3 NSX DR Solutions with Examples
4 Demo
5 Customer Example: EMC Enterprise Hybrid Cloud (EHC)
6 Customer Example: iland
7 Third Party Services for DR with NSX
8 Summary and Q&A
Agenda
30
VMworld 2017 Content: Not fo
r publication or distri
bution
richard stintoncloud solutions architect
iland Secure Cloud | http://iland.com
[email protected] / @vstinto
32
VMworld 2017 Content: Not fo
r publication or distri
bution
about
Began my journey with iland in 2016Microsoft AzureVMware
Techie at heartStarted in technology in mid 80’s
33
VMworld 2017 Content: Not fo
r publication or distri
bution
The Forrester Wave™: Disaster-Recovery-As-A-Service Providers , 2017
22Years delivering
IT Services
8ISO 27001 & SSAE16 global data centers
11Years cloud
& disaster recovery expertise
A “Leader” in Gartner Magic Quadrant for DRaaS, 2017
VMworld 2017 Content: Not fo
r publication or distri
bution
iland delivers a breadth of secure cloud services
iland Secure Cloud
iland Secure Cloud Backup
iland Secure Disaster Recovery as a Service
Public and Private Cloud
Global backup for on-premise
Fast and reliable DRaaS
All iland services are delivered with our industry-leading customer support
35
VMworld 2017 Content: Not fo
r publication or distri
bution
Global cloud locations to support your growing business
• Datacenters: Los Angeles, Dallas, Washington, D.C., London, Manchester, Amsterdam, Singapore, Sydney
• Ongoing global customer-driven expansion
• Tier III and IV data centers
• Connected directly to 500 IP providers worldwide
• Clear data location for data sovereignty
• Local support in each region
• Standard global contract, SLA, and service catalogUS Headquarters
Houston, TX
EMEA HeadquartersLondon, UK
36
VMworld 2017 Content: Not fo
r publication or distri
bution
and NSX
relying on public and private nsx functionality
2010
vcd and vcni vcloud networking and
security
nsx
2017
global nsx footprint
across 8 data
centers
10,000networks deployed
over ten thousand
leveraging vxlan
primarilysmall percentage of vlan
leveraging the
nsx api
extensively
37
VMworld 2017 Content: Not fo
r publication or distri
bution
multi-tenant draas use case
• ability to pre-configure security rules
• firewalling, load balancing, routing, vpn, etc.
• stretch layer-2 with our without customer nsx, partial and full
failover
• complete control prior and during dr event
one or multiple
edges per
customer
Production VM
Firewall
Production VM
complete replica of customer network
segments to iland cloud
38
VMworld 2017 Content: Not fo
r publication or distri
bution
Customer Data Center
Replicated VM
Production VM
Firewall
Production VM
Replicated VM NSX Edge
- Firewall
- L2VPN
- Load
Balancing
- BGP
multi-tenant draas use case (partial)
39
VMworld 2017 Content: Not fo
r publication or distri
bution
NSX Edge
- Firewall
- L2VPN
- Load
Balancing
- BGP
Customer Data Center
Replicated VM
Production VM
Firewall
Production VM
Replicated VM
multi-tenant draas use case (full)
40
VMworld 2017 Content: Not fo
r publication or distri
bution
iland secure cloud – nsx api integrations
41
VMworld 2017 Content: Not fo
r publication or distri
bution
iland secure cloud console – DRaaS integrations
42
VMworld 2017 Content: Not fo
r publication or distri
bution
1 The Need for Better DR with NSX
2 NSX Features for DR
3 NSX DR Solutions with Examples
4 Demo
5 Customer Example: EMC Enterprise Hybrid Cloud (EHC)
6 Customer Example: iland
7 Third Party Services for DR with NSX
8 Summary and Q&A
Agenda
42
VMworld 2017 Content: Not fo
r publication or distri
bution
4
3
NSX + F5 DNS for Active/Standby and Active/Active Designs
VMworld 2017 Content: Not fo
r publication or distri
bution
GSLB for Active-Standby and Active-Active Solutions
44
GSLB GSLB
SLB SLB
Application Pool Application Pool
VIP: 10.100.9.14 VIP: 10.200.9.14
Client DNS Request Client DNS Request
VMworld 2017 Content: Not fo
r publication or distri
bution
45
Site1–PaloAlto,CA Site2–SanJose,CA
Site1NSXManager1
Primary
Site2NSXManager2
Secondary
vCenter1 vCenter2
Universal
Controller
Cluster
CompueCluster1 CompueCluster2 EdgeCluster
MgmtvCenter
CompueCluster1 CompueCluster2 EdgeCluster
UniversalTransportZone
UniversalDistributedFirewall(UDFW)
ComputeVDS EdgeVDS ComputeVDS EdgeVDS
UniversalDistributedLogicalRouter(UDLR)
UniversalTransit:172.39.39.0/28
.1 .2
Universal
ControlVM
.14
VLAN279
10.100.9.2/28VLAN280
10.100.11.2/28
VLAN379
10.200.9.2/28VLAN380
10.200.11.2/28
.1 .1.1 .1
ESXi1-1:10.100.0.50/24
ESXi1-2:10.100.0.51/24ESXi1-3:10.100.0.52/24 ESXi1-4:10.100.1.51/24
ESXi1-5:10.100.1.52/24
ESXi1-6:10.100.1.53/24
ESXi2-1:10.200.0.50/24
ESXi2-2:10.200.0.51/24ESX2-3:10.200.0.52/24 ESXi2-4:10.200.1.51/24
ESXi2-5:10.200.1.52/24
ESXi1-6:10.200.1.53/24
UniversalWeb2:172.20.8.0/24
.1 .2
UniversalApp2:172.20.9.0/24
UniversalDB2:172.20.10.0/24
.1
.1
UniversalWeb:172.20.1.0/24
UniversalApp:172.20.2.0/24
UniversalDB:172.20.3.0/24
.254 .254 .254.254 .254.254
.1
.1
.1
SummaryRoute:
172.20.0.0/20
10.100.1.71/2410.100.1.72/24 10.200.1.71/2410.200.1.72/24
10.100.1.73-74/24
Cluster1 Cluster2
iBGP
BGPWeight:60
iBGP
BGPWeight:30
eBGPeBGP
Mgmt:10.200.1.80 Mgmt:10.200.1.81Internal(Web):172.20.8.248 Internal(Web):172.20.8.249
HA:172.90.90.2/30
InternalFloa?ngIP(Web):
172.20.8.250
ExternalFloa?ngIP(Web):
10.200.9.14
External(Edge):10.200.9.12 External(Edge):10.200.9.13
Mgmt:10.100.1.80/24 Mgmt:10.100.1.81Internal(Web):172.20.8.251 Internal(Web):172.20.8.252
HA:172.80.80.1/30 HA:172.80.80.2/30
InternalFloa?ngIP(Web):
172.20.8.253
ExternalFloa?ngIP(Web):
10.100.9.14
External(Edge):10.100.9.12 External(Edge):10.100.9.13
[BIG-IP DNS VE]
Mgmt:10.114.223.75 Dataplane:10.100.1.190
[BIG-IP DNS VE]
Mgmt:10.114.223.78 Dataplane:10.200.1.190
Laptop
1. DNS Request
2. Intelligent DNS response
3. Client Connects to LTM VIP
4. LB to local application
Compute Cluster 1 Compute Cluster 2 Compute Cluster 1 Compute Cluster 2
VMworld 2017 Content: Not fo
r publication or distri
bution
4
6
VMware NSX + Palo Alto Network for Advanced Multisite Security
4
6
VMworld 2017 Content: Not fo
r publication or distri
bution
47
Multi-site Security Policy
Security Policy Management Layer
HA
Active Standby
VMworld 2017 Content: Not fo
r publication or distri
bution
1 The Need for Better DR with NSX
2 NSX Features for DR
3 NSX DR Solutions with Examples
4 Demo
5 Customer Example: EMC Enterprise Hybrid Cloud (EHC)
6 Customer Example: iland
7 Third Party Services for DR with NSX
8 Summary and Q&A
Agenda
48
VMworld 2017 Content: Not fo
r publication or distri
bution
49
åç
vCenter-A
<150msLocal storage Local storage
Site-A
vCenter-B
SRM
Palo Alto
vSphere replication
Palo Alto
SRM
vSphere replication
APP APP
Secure, high availability, distributed, virtualized resource pool
Universal distributed logical router
Site-B
WEB APP DBWEB APP DB
NSX: Platform for Building Multi-site and DR Solutions
VMworld 2017 Content: Not fo
r publication or distri
bution
VMworld 2017 Content: Not fo
r publication or distri
bution
Humair Ahmed, VMware NSBU, [email protected], @Humair_Ahmed
Richard Stinton, iland,
[email protected], @vstinto
VMworld 2017 Content: Not fo
r publication or distri
bution