breakout - rainfocus...•this presentation may contain product features that are currently under...

Jude Niles, Director, Internet Operations, Shutterfy IncAnand Rangaswamy, Staff Systems Engineer, Networking and Security Business Unit VMware

NET1728BU

Shutterfly: Life with VMware NSX—Year 3

Session Type: Breakout Session

VMworld 2017 Content: Not fo

r publication or distri

bution

• This presentation may contain product features that are currently under development.

• This overview of new technology represents no commitment from VMware to deliver these features in any generally available product.

• Features are subject to change, and must not be included in contracts, purchase orders, or sales agreements of any kind.

• Technical feasibility and market demand will affect final delivery.

• Pricing and packaging for any new technologies or features discussed or presented have not been determined.

Disclaimer

2



bution

Agenda

1 Session Introduction

2 Shutterfly Overview

3 NSX Deployment Overview

4 Micro-segmentation

5 NSX Load Balancer

6 vRA + NSX for Self Service IT

7 vRealize Network Insight

8 Summary and Q&A

3



bution

Shutterfly, Inc

CONFIDENTIAL 4

1999 2006 2013 2015

Founded in 1999, offeredcustomers 4”x6” prints

Listed on NASDAQ as SFLY

Reached $1B in revenue

Launched SBS- Shutterfly Business Solutions

At Shutterfly, Inc., our vision is to make the world a better place by helping people share life's joy.



bution

CONFIDENTIAL 5



bution

CONFIDENTIAL 6

Shutterfly Business Solutions



bution

Shutterfly Business Requirements



bution

Problem Statement

On-Prem Data Center

PC: CloudTweaks.com



bution

Requirements for SDDC Platform

Agile, Scalable and Reliable

Isolation for tenants

Hardware Abstraction

Self-Service IT portal

Compliance & Audit Support

9



bution

NSX Deployment Overview



bution

vSphere 6.0

vRealize Automation

6.3.xNSX 6.2.x vRNI 3.4

Shutterfly Private Cloud: Valhalla

Multi-tenant Infrastructure

Micro-segmentation NSX Load-Balancer

Alerts

Audit Compliance

Flow visibility& Micro-segmentation

planningVMworld 2017 Content: Not fo


bution

Valhalla: NSX Topology

12

Distributed logical router

Physical

Networks

Web LS App LS DB LS

Tenant 1

172.16.10.0/24 172.16.20.0/24 172.16.30.0/24

Web LS App LS DB LS

Tenant 2

172.17.10.0/24 172.17.20.0/24 172.17.30.0/24

Web LS App LS DB LS

Tenant 3

172.18.10.0/24 172.18.20.0/24 172.18.30.0/24

4 ESG’s in ECMP ModeManagement

Cluster



bution

56VM:1Consolidation ratio

60% Improvement



bution

Data Center Security



bution

East-West micro-segmentation

SOC-2 Compliance, PCI

Automated Security Policy

Advanced FW Services and Context Isolation

Security



bution

400% Increase in workload footprint

1600TB 30 day Data flow out of Valhalla

Number of Physical Firewalls added: 0



bution

NSX Load Balancer



bution

NSX Load Balancer

19

VM

VM VM

VM

DLR

One-Arm LB

Transit L.S.

Provider

NSX Edges

(HA or ECMP)

DLR

Web LS

App LS

DB LS



bution

Web server maintenance

0 Downtime300TB 30 day NSX LB flow data



bution

Automated workload delivery – vRA+NSX



bution

SFLY Self ServicePortal

Choose VM OS

VM Size, Qty

OptionalHostname

Environment

Lease days

Valhalla Cloud: Self Service IT

▪ Agile

▪ Days to minutes

▪ Stable

▪ Consistent, repeatable

▪ Secure

▪ Define the security policy once

and reuse the same policy

22



bution

Automating Production workloads is

directly tied to business revenue

Automating Production & Dev-Test

Automating Dev & Test can significantly

reduce application time to market

23

Admin

Converged Blueprint

Developer

Physical Infrastructure

Dev and Test workloads

• Agile Developer Cloud

• Minimal manual intervention

• Provision VM+ Services

• Consistent environment

• Secure

• Easy decommissioning

Production Workloads

• Business agility

• Proactive to business needs

• Security is not compromised

• Easy decommissioning

• Some manual interventionExternal

Users



bution

3-5 MinsDeployment time

50-75 VM’s recycled weekly



bution

Day 2 operations with vRNI



bution

vRealize Network Insight (vRNI)

26

Visibility

Micro -Segmentation

planning

Audit SupportPro-active Alerts

Monitoring & Troubleshooting

• Visibility into flows• Micro-segmentation planning• Audit Support• Pro-active alerts• Monitoring and Troubleshooting



bution

Advanced Firewall Services: IPS+IDS with PAN 1000v



bution

Then and now..

CONFIDENTIAL 29

Business Agility > 1 week 3-5 minutes

Security Perimeter Firewall, no E-W

segmentation

E-W with automated policy

provisioning

Elasticity/Scalability Manual effort Elastic – minutes to scale up

Availability SLA challenge SLAs easily achieved

Automation

capabilities

None Automated provisioning with

security policy

Operations High resolution times Unified Management



bution

Summary

• Entering Year 3 of production with NSX• Agile, Scalable, Reliable network• Single pane of glass management• Simplified underlay network

"Some people are always trying to ice-skate uphill"



bution



bution

Anand Rangaswamy

Linked In: https://www.linkedin.com/in/rangaswamyanand/

Twitter- @tech_trojan

Personal Blog (coming soon) www.cloud-simple.net

Jude Niles

Linked In: https://www.linkedin.com/in/jude-niles-04aa854



bution

breakout - rainfocus...•this presentation may contain product features that are currently under...

Documents