Vmware tt.08 gallagher-vmwarett.08 - intro to nsx (1)
-
Upload
rajesh-nambiar -
Category
Documents
-
view
135 -
download
0
Transcript of Vmware tt.08 gallagher-vmwarett.08 - intro to nsx (1)
1 © Copyright 2015 EMC Corporation. All rights reserved. 1 © Copyright 2015 EMC Corporation. All rights reserved.
2 © Copyright 2015 EMC Corporation. All rights reserved.
INTRODUCTION TO VMWARE NSX VIRTUALIZE YOUR NETWORK
2 © Copyright 2015 EMC Corporation. All rights reserved.
3 © Copyright 2015 EMC Corporation. All rights reserved.
AGENDA
1 NSX & Software Defined Data Center
2 NSX Use Cases: Micro-Segmentation
3 NSX Use Cases: Self-Service IT
4 NSX Use Cases: Disaster Recovery
5 NSX & Converged Infrastructure
4 © Copyright 2015 EMC Corporation. All rights reserved.
AGENDA
1 NSX & Software Defined Data Center
2 NSX Use Cases: Micro-Segmentation
3 NSX Use Cases: Self-Service IT
4 NSX Use Cases: Disaster Recovery
5 NSX & Converged Infrastructure
5 © Copyright 2015 EMC Corporation. All rights reserved.
Data Center Virtualization Layer
Intelligence in Software Operational Model of VM for Data Center Automated Configuration & Management
WHAT IS A SOFTWARE DEFINED DATA CENTER ?
Intelligence in Hardware Dedicated, Vendor Specific Infrastructure Manual Configuration & Management
Software
Hardware Compute, Network and Storage Capacity Pooled, Vendor Independent, Best Price/Performance Infrastructure Simplified Configuration & Management
6 © Copyright 2015 EMC Corporation. All rights reserved.
THE ANATOMY OF THE MOST AGILE AND EFFICIENT DATA CENTERS IS SDDC
Custom Application
Google / Facebook / Amazon Data Centers
Custom Platform
Any x86
Any Storage
Any IP network
Software / Hardware Abstraction
Software / Hardware Abstraction
7 © Copyright 2015 EMC Corporation. All rights reserved.
THE CHOICE FOR “NEW IT” FOR “ALL APPLICATIONS”
Software Defined Data Center (SDDC)
Any Application
SDDC Platform
Any x86
Any Storage
Any IP network
With NSX
Custom Application
Google / Facebook / Amazon Data Centers
Custom Platform
Any x86
Any Storage
Any IP network
Software / Hardware Abstraction
Software / Hardware Abstraction
8 © Copyright 2015 EMC Corporation. All rights reserved.
TAKING WHAT WE HAVE LEARNED….
Software
Hardware
Virtual Machines
Compute Capacity Network Storage
Applications
Server Virtualization
• Intelligence in the virtualization layer • Vendor independent x86 capacity • Transformative operational model • Automated configuration & management
Intelligence in hardware Dedicated, vendor specific infrastructure Manual configuration & management
Manual Operational Model
Automated Operational Model
Programmatically Create, Snapshot,
Store, Move,
Delete, Restore
9 © Copyright 2015 EMC Corporation. All rights reserved.
TO DELIVER A SDDC APPROACH
Software
Hardware
Virtual Machines
Virtual Networks
Virtual Storage
Compute Capacity
Network Capacity
Storage Capacity
Applications
Location Independence
Data Center Virtualization
Pooled compute, network and storage capacity Vendor independent, best price/performance Simplified configuration & management
Automated Operational Model
Programmatically Create, Snapshot,
Store, Move,
Delete, Restore
10 © Copyright 2015 EMC Corporation. All rights reserved.
NETWORK VIRTUALIZATION IS AT THE CORE OF AN SDDC APPROACH
Software Hardware
Virtual Machines
Virtual Storage
Compute Capacity
Network Capacity
Storage Capacity
Applications
Data Center Virtualization
Automated Operational Model
Programmatically Create, Snapshot,
Store, Move,
Delete, Restore
Virtual Networks
11 © Copyright 2015 EMC Corporation. All rights reserved.
Provides A Faithful Reproduction of Network & Security Services in Software
Management APIs, UI
Switching Routing
Firewalling
Load Balancing
VPN
Connectivity to Physical Networks
Policies, Groups, Tags
Data Security Activity Monitoring
12 © Copyright 2015 EMC Corporation. All rights reserved.
VMWARE NSX: VIRTUALIZE THE NETWORK
13 © Copyright 2015 EMC Corporation. All rights reserved.
VMWARE NSX: VIRTUALIZE THE NETWORK
14 © Copyright 2015 EMC Corporation. All rights reserved.
VMWARE NSX: VIRTUALIZE THE NETWORK
15 © Copyright 2015 EMC Corporation. All rights reserved.
VMWARE NSX: VIRTUALIZE THE NETWORK
Logical Switching
Logical Routing
Load Balancing
Physical to Virtual
Firewalling & Security
16 © Copyright 2015 EMC Corporation. All rights reserved.
VMWARE NSX: VIRTUALIZE THE NETWORK
Logical Switching
Logical Routing
Load Balancing
Physical to Virtual
Firewalling & Security
One-Click Deployment via Cloud Management Platform
17 © Copyright 2015 EMC Corporation. All rights reserved.
NSX | THE STRATEGIC PLATFORM FOR THE NEXT GENERATION DATA CENTER
Micro- Segmentation
Security Automation
Beyond the Datacenter
NSX
NSX makes network security inside data center perimeter operationally feasible
Reduce RTO by 80%
Reduce infrastructure provisioning time from weeks to minutes
Self service Cloud (vRealize Automation or Openstack)
Live migrate workloads to new data center without changing IP addresses.
Provision or repurpose generic physical capacity on demand
18 © Copyright 2015 EMC Corporation. All rights reserved.
AGENDA
1 NSX & Software Defined Data Center
2 NSX Use Cases: Micro-Segmentation
3 NSX Use Cases: Self-Service IT
4 NSX Use Cases: Disaster Recovery
5 NSX & Converged Infrastructure
19 © Copyright 2015 EMC Corporation. All rights reserved.
WHY DO BREACHES STILL OCCUR?
Data Center Perimeter
Today’s data centers are protected by strong perimeter defense…
But threats and exploits still infect servers. Low-priority systems are often the target.
Threats can lie dormant, waiting for the right moment to strike.
Server-server traffic growth has outpaced client-server traffic. The attack spreads and goes unnoticed.
Possibly after months of reconnaissance, the infiltration relays secret data to the attacker.
Attacks spread inside the data center, where internal controls are often weak. Critical systems are targeted.
10110100110 101001010000010 1001110010100
20 © Copyright 2015 EMC Corporation. All rights reserved.
SECURITY IN A TRADITIONAL NETWORKING MODEL Traditional Networking Model
Layer 2 Sprawl Everywhere
Security Enforcement & Segmentation is Complex
Open E-W Communication
Enforcement via Stateless ACLs
Expensive Hardware-based Firewalls
Static Security Model
21 © Copyright 2015 EMC Corporation. All rights reserved.
DistributedFirewalling
SECURE MICRO-SEGMENTATION WITH NSX
Web Tier
App Tier
DB Tier
Logical Switching
22 © Copyright 2015 EMC Corporation. All rights reserved.
NSX DELIVERING BETTER SECURITY AND MAKING MICRO-SEGMENTATION OPERATIONALLY FEASIBLE
Reduce attack surface for every application/VM Security Policy aligned to the application/project lifecycle Each Hypervisor acts as a firewall providing line rate performance
23 © Copyright 2015 EMC Corporation. All rights reserved.
MICRO-SEGMENTATION IN DETAIL Segmentation Isolation Advanced services
Controlled communication path within a single network
• Fine-grained enforcement of security
• Security policies based on logical groupings of VMs
Advanced services: addition of 3rd party security, as needed by policy
• Platform for including leading security solutions
• Dynamic addition of advanced security to adapt to changing security conditions
No communication path between unrelated networks
• No cross-talk between networks
• Overlay technology assures networks are separated by default
24 © Copyright 2015 EMC Corporation. All rights reserved.
MICRO-SEGMENTATION DEPLOYMENT EXAMPLES
Perimeter firewall
DMZ/Web
App
DB
HR Group
App
DMZ/Web
DB
Finance Group
Services Mgmt
Services/Management Group
Perimeter firewall
DMZ/Web
App
DB
HR Group
App
DMZ/Web
DB
Finance Group
Services
Mgmt
Services/Management Group
Perimeter firewall
DMZ/Web
App
DB
HR Group
App
DMZ/Web
DB
Finance Group
Services
Mgmt
Services/Management Group
Network Segmentation / DMZ Multi-Tenancy with Adv. Service
Isolation
Tenant 1 Tenant 2
25 © Copyright 2015 EMC Corporation. All rights reserved.
A CONVERGED INFRASTRUCTURE MEANS VIRTUAL DESKTOPS RUN ON THE SAME INFRASTRUCTURE AS SERVERS…
SECURITY CHALLENGES IN A VDI ENVIRONMENT
Bringing desktops into the data center opens up new risks for attack.
And a matrix of policies is needed on centralized, choke-point firewalls for the correct security posture.
VDI to VDI Desktop-to-desktop hacking inside the DC
VDI to VM Desktop-to-server hacking inside the DC
Finance
HR
Engineering
26 © Copyright 2015 EMC Corporation. All rights reserved.
SOLVING VDI SECURITY WITH NSX MICRO-SEGMENTATION
Ente
rpri
se
App
licat
ions
Vir
tual
D
eskt
ops
Sha
red
Infr
astr
uctu
re
Firewall based on Logical Grouping
BENEFITS
Distributed Firewall provides Isolation & Segmentation
3rd Party Integration for AV, IPS/IDS, NGFW, etc.
Programmable & Automated Application of Networking
& Security
27 © Copyright 2015 EMC Corporation. All rights reserved.
AGENDA
1 NSX & Software Defined Data Center
2 NSX Use Cases: Micro-Segmentation
3 NSX Use Cases: Self-Service IT
4 NSX Use Cases: Disaster Recovery
5 NSX & Converged Infrastructure
28 © Copyright 2015 EMC Corporation. All rights reserved.
SOLUTIONS FOR EVERY LEVEL OF IT AUTOMATION
IT Admin End User (Pre-Defined)
Community Cloud User (Pre-Defined or Custom)
End User (Custom)
Templates
Internal IT / Cloud External Cloud
NSX Manager vRealize Automation Openstack
29 © Copyright 2015 EMC Corporation. All rights reserved.
Logical Switch
Logical Router
NSX
Logical Firewall
Logical Load Balancer
NSX WITH VREALIZE AUTOMATION
On Demand Application Delivery vRealize Automation
Resource Reservation
Multi-Machine Blueprint
Service Catalog
Cloud Management
Platform
Network Profiles
Security Policies
Security Groups
Web
App
Database
VM VM
VM VM VM
VM
30 © Copyright 2015 EMC Corporation. All rights reserved.
NSX USE CASE – SELF SERVICE IT
Multi-Machine
Blueprints
Cloud Consumer
Cloud Admin
SLA
Cost Profile
Security
Networking
Service Catalog
Service Request
Network Profiles Security Groups Security Policies
Network Admin
Load Balancer Admin
Standardized Templates
Logical Load Balancer
Security Admin
AVAILABILITY SECURITY CONNECTIVITY
Security Tags External Networks
31 © Copyright 2015 EMC Corporation. All rights reserved.
NSX USE CASE – ON DEMAND MICRO-SEGMENTATION
Web
App
Database
PRIVATE
No external connectivity
VM
VM VM
VM VM VM
Isolation
Controlled Communication Path
Advanced Services Communication Path
Segmentation Advanced Services
No Communication Path
32 © Copyright 2015 EMC Corporation. All rights reserved.
AGENDA
1 NSX & Software Defined Data Center
2 NSX Use Cases: Micro-Segmentation
3 NSX Use Cases: Self-Service IT
4 NSX Use Cases: Disaster Recovery
5 NSX & Converged Infrastructure
33 © Copyright 2015 EMC Corporation. All rights reserved.
CHALLENGES WITH DC EXTENSIONS Workload Mobility & Disaster Recovery Solutions Require Layer 2 Extensions across Data Centers
Technologies Required today: Cisco OTV MPLS / VPLS Dark Fiber
Challenges: Expensive, mostly hardware-based Manual Configuration Model
L2 Connection
Data Center 1 Data Center 2
34 © Copyright 2015 EMC Corporation. All rights reserved.
NSX FOR DATA CENTER MULTI-SITE EXTENSIONS
L2 Extensions
Data Center 2 Data Center 1 Logical Switch Extension L2 VPN
Data Center 2
Software-based solution with support for Logical Switching, Distributed Routing, Distributed Firewall
vCloud Air
35 © Copyright 2015 EMC Corporation. All rights reserved.
NSX FOR DATA CENTER MULTI-SITE EXTENSIONS
Data Center 2 Data Center 1
SRM-based Disaster Recovery
No Re-IPing, Instantaneous Availability of Apps upon Disaster Failover of Logical Switching, Routing & Firewall Rules
36 © Copyright 2015 EMC Corporation. All rights reserved.
DR TODAY (SIMPLE VIEW)
10.0.10/24 10.0.20/24
10.0.10.21 10.0.20.21 Major RTO Impact
Change IP Address 4
Primary Site Recovery Site
Recover the VM 3
Replicate VM & Storage
2 Physical Network Infrastructure Physical Network Infrastructure
SAN
1 Snapshot VM
SAN
Step 1&2 (e.g VMware SRM)
37 © Copyright 2015 EMC Corporation. All rights reserved.
DR WITH NSX NETWORK VIRTUALIZATION (SIMPLE VIEW)
SAN SAN
10.0.30.21 10.0.30.21
Virtual Network 10.0.30/24
80% RTO
Virtual Network 10.0.30/24
NSX Controller NSX Controller
Snapshot Network & Security
2b
Primary Site Recovery Site
1 Snapshot VM Network & Security
already exists
Recover the VM
3
Physical Network Infrastructure Physical Network Infrastructure 2a Replicate
VM & Storage
10.0.10/24 10.0.20/24
Step 1&2 (e.g VMware SRM)
38 © Copyright 2015 EMC Corporation. All rights reserved.
DR WITH NSX NETWORK VIRTUALIZATION (SIMPLE VIEW)
SAN SAN
10.0.30.21 10.0.30.21
Virtual Network 10.0.30/24
80% RTO
Virtual Network 10.0.30/24
NSX Controller NSX Controller
Snapshot Network & Security
2b
Primary Site Recovery Site
1 Snapshot VM Network & Security
already exists
Recover the VM
3
Physical Network Infrastructure Physical Network Infrastructure 2a Replicate
VM & Storage
10.0.10/24 10.0.20/24
Step 1&2 (e.g VMware SRM)
39 © Copyright 2015 EMC Corporation. All rights reserved.
AGENDA
1 NSX & Software Defined Data Center
2 NSX Use Cases: Micro-Segmentation
3 NSX Use Cases: Self-Service IT
4 NSX Use Cases: Disaster Recovery
5 NSX & Converged Infrastructure
40 © Copyright 2015 EMC Corporation. All rights reserved.
SDDC APPROACH WITH NSX ENABLES CHOICE AND FLEXIBILITY
“Build Your Own” Converged Infrastructure Hyper-Converged Infrastructure
Hyper-Converged Infrastructure
Software-Defined Data Center
Today’s Application PAAS Containers
41 © Copyright 2015 EMC Corporation. All rights reserved.
• NSX Pre-installed on VxBlock Systems from VCE
• Complete Validated architecture based on Cisco UCS, Nexus 9K, EMC Storage, VMware vSphere and NSX
• Supported by VCE
• Availability Early Q3 2015
• NSX Deployments on VBlock systems supported by VMware – Reference Designs Here
VCE VXBLOCK WITH NSX
42 © Copyright 2015 EMC Corporation. All rights reserved.
• NSX Validated as part of Federation Enterprise Hybrid Cloud
• NSX Integrated with vRealize for Self-Service IT
• NSX in DR
FEDERATION ENTERPRISE HYBRID CLOUD WITH NSX
43 © Copyright 2015 EMC Corporation. All rights reserved.
• NSX is a Foundational Part of the SDDC
• NSX is being deployed for solving key customer challenges – Security, Agility & Availability
• NSX is available as a part of Validated Architectures
KEY TAKEAWAYS