Microsoft delivers a complete datacenter solution with Windows Server 2012 R2 out-of-the-box
Customer
ServiceProvider
MicrosoftConsistentPlatform
ONE
People-focused approach
Hybrid design
Enterprise-grade platform
Cloud OS
Development Management Identity Virtualization Data
Host NIC
Hyper-V extensible switch as the policy edge
Extension miniport
Extension protocol
Virtual switch
Capture extensions
Filtering extensions
Forwarding extension
VM NIC
Virtual Machine
Physical NIC
Rich Policies with ACLs, QoS, SLAs, isolation, DHCP guard, router guard
Extensible Switch extensions
Automated Using System Center VMM and PowerShell
Parent partition
Hyper-V Network Virtualization (HNV) for tenant network overlays
Physical server Physical network
Virtualization
Contoso virtual machine
Fabrikam virtual machine
Onboard customer networks (with overlapped addresses)
Live migrate VMs across subnets without touching the physical network
Support network isolation across millions of tenants
Contoso network Fabrikam network
And it is Extensible …
Virtualization
VM1 VM3VM2
Root Partition
3rd Party components
VMM Agent
VMM Service
SCVMM
Vendor network mgmt console
Policy database
VendorSCVMMPlugin
Capture Extension
Filtering Extension
Forwarding Extension
Physical NIC
• Hyper-V switch extensions and• SCVMM extensions from partners
5Nine will show how to configure security groups using Cloud Security for Hyper-VNEC will show how to configure their OpenFlow switch and Hyper-V Network Virtualization using Programmable Flow Virtual Switch PF1000Cisco will show how to configure the vSwitch and Hyper-V Network Virtualization using Nexus 1000V for Hyper-V
Agenda
5Nine Cloud Security for Hyper-VEnterprise-grade
Aggregate security controlSimplified deployment
Agentless Anti-Virus/Anti-Malware
• Agentless: no degradation
• All versions of guest OS supported by Microsoft Hyper-V
• Fastest AV Scans available
• Orchestrate scans and set thresholds across VMs
• Staggered scanning
• Caching across VMs
• Centralized management
Agentless Intrusion Detection
• Industrial-strength
• Real-time threat monitoring
• Signature-based
• Block application-level attacks (WAF)
• Behavioral: build baseline for known attacks (WAF)
• Pro-active - detect, warn, block (WAF)
Agentless Virtual Firewall
• Isolate VMs: manage security programmatically per VM
• Control and protect inbound, outbound, intra-VM traffic
• Multi-Tenant protection and support of network virtualization
• Stateful, deep packet inspection
• Granular QoS
• Aggregate, analyze, audit logs
• Virtual Machine Security Groups
• User/Role - level access: support of Security and Auditor accounts
• Application-level protection against a wide range of exploits (WAF)
Security groups and VMs isolationVirtual Machine 1
Virtual Machine 2
Virtual Machine 3
Web ServersSecurity Group
DB ServersSecurityGroup
Click icon to add picture
NECProgrammableFlow Virtual Switch PF1000Peter LeeAdvisory Software Engineer
What is ProgrammableFlow?ProgrammableFlow is a new networking solution that combines NEC’s unique functionalities and next generation network technology OpenFlow.The VTN network design enables deployment of virtual networks on top of any underlying physical network topology, reducing complexity of traditional network design and increasing service agility.
VTN2
ProgrammableFlow Controller
Independent and secure virtual networks
Control
Virtual Networks (VTNs)
Physical Network
Network Switch Pool
Server Pool
Network Appliance Pool
ProgrammableFlow Switch
VTN1
Demo EnvironmentVMM Setup: VMM 2012 R2 server with PF1000 VSEM Provider, managing 2 Hyper-V hostsProgrammableFlow Setup: PF6800(Controller), PF5240(Physical Switch), PF1000(Virtual Switch)
Each switch is redundantly connected to other switch
PF5240
Tenant Red
Tenant Red
VTN for OthersVTN for Others
PF5240
Path policy2
Hyper-V
HostHyper-V
Host
VMMVSEM Provider
PF1000PF1000
VTN for HNV tenantVTN for HNV tenant
VLAN: 200
Path policy1
PF6800
Demo OverviewFabric Operation
VMs and Services Operation
PF5240 PF5240
Hyper-V
HostHyper-V
HostLogical network
VM network
VM Subnet
Network site
VLAN-Subnet
Uplink port
VM
Virtual port
Configure HNV Logical NW
IP Pool
IP Pool
PF1000PF1000
Logical switch PF1000
Path-Control over Fabric Network
Add Network Service
Create IP Pool
Create Port Profile
Create Logical Switch
Configure Virtual Switches
Create Virtual Switches
Create VM Networks
Create IP Pools
Connect VMs to VM NWs
DCIM-B315 Cloud Optimized Networking in Windows Server 2012 R2
Related content
DCIM-B378 Converged Networking for Windows Server 2012 R2 Hyper-V
DCIM-B344 Network Tuning for Specific Workloads
Find us at the TechExpo hall
Nexus 1000V Architecture Respects DC Operational Model for PV
Hypervisor Hypervisor Hypervisor
Modular Switch
…Linecard-N
Supervisor-1 (Active)
Supervisor-2 (StandBy)
Linecard-1
Linecard-2
Bac
k P
lane
VEM-NVEM-2
VSM: Virtual Supervisor ModuleVEM: Virtual Ethernet Module
VSM-1 (active)
VSM-2 (standby)
Virtual Appliance
NetworkAdmin
ServerAdmin
NX-OSControl Plane
NX-OSData Plane
Extensible Switch
CaptureFiltering
ForwardingNexus 1000V
VEM
Port Profiles, Network Segments and VMs
Database Network
Clients Guests# port-profile database-clientip port access-group dbclient inno shutstate enabled
# port-profile database-serverip port access-group dbserver inno shutstate enabled
# port-profile database-adminip port access-group dbadmin inno shutstate enabled
# network-segment database1switchport mode accessswitchport access vlan 10
Nexus 1000V Installation Workflow …
1. Download Cisco Package
2. Install SCVMM Components
3. Install & Configure VSM
4. Create Nexus 1000V Logical Switch4.2 Create Logical Switch
4.1 Add Switch Extension Manager
4.3 Create VM Networks
2.1 Install Cisco Provider MSI
2.2 Install Cisco VSM Template Files
2.3 Copy VEM to SCVMM Repository
2.4 Copy VSM ISO to SCVMM Library
3.2 Install VSM VM using VM Template
3.3 Configure VSM
3.1 Create Microsoft Switch for VSM Connectivity
Nexus 1000V Installation Workflow …
7. Connect VMs to Nexus 1000V Logical Switch
6. Create Nexus 1000V Logical Switch Instance on hosts
5. Prepare Hyper-V Hosts
5.2 Configure VMQ RSS Settings
5.1 Configure PNIC MTU Settings
6.2.1 Select Host
6.2.2 Select the MGMT PNIC
6.2.4 Deploy Logical Switch
6.2.5 Add Remaining PNICs to Logical Switch
6.1.1 Select Host
6.1.2 Select the PNICs except MGMT PNIC
6.1.3 Deploy Logical Switch
6.1.4 Add any Remaining PNICs to Logical Switch
Management PNIC WorkflowNon - Management PNIC Workflow
6.2.3 Create MGMT Host Virtual Network Adapter
7.1 Select VM Network Adapter
7.2 Connect the VM Network Adapter to Logical Switch
7.3 Select VM Network and Port Classification for the Network Adapter
Both VXLAN and HNV are multi-tenant aware Network Virtualization overlay technologiesVXLAN more focused on Layer 2 (same service as a VLAN)HNV more focused on Layer 3 (same service as a router)Different Tenants can reuse the same network addressesNexus 1000V for Hyper-V is the first to support both
VXLAN and HNV Support
Cisco Virtual Security GatewayContext-based, Multi-tenant, Workload Segmentation
Nexus 1000VDistributed Virtual Switch
VM VM VM
VM VM
VM
VM VM VM
VM
VM
VM VM VM
VM VM VMVM
VM
vPath
Cisco PNSC
Log/Audit
VSG(active)
Secure Segmentation(VLAN agnostic)
Efficient Deployment(secure multiple hosts)
Transparent Insertion(topology agnostic)
High Availability
Dynamic policy-based provisioning
Mobility aware(policies follow Migration)
Condition
Cisco Virtual Security Gateway Security Rules with VM & Custom attributes
VM Attributes
VM Name
Guest OS name
Port Profile Name
VM DNS Name
Network Attributes
IP Address
Network Port
Operator
eq
neq
gt
lt
range
Not-in-range
Prefix
Operator
member
Not-member
Contains
And (Global Level)
Or (Global Level)
Source
ConditionDestination Condition Action
Rule
Attribute Type
Network
VM
User Defined
vZone
Condition Match Criteria
Match All (And)
Match Any (Or)
VSG Workflow
5. Configure VSM
1. Install & Configure Microsoft Service Provider Foundation
2. Download Cisco PNSC & VSG Pacakges
3. Install & Configure PNSC
4. Configure Tenants and Security Profiles
7. Install VSG
6. Configure Hyper-V Hosts
8. Assign Firewall from PNSC
9. Apply Security Profile from SCVMM
Come Visit Us in the Microsoft Solutions Experience!
Look for Datacenter and Infrastructure ManagementTechExpo Level 1 Hall CD
For More InformationWindows Server 2012 R2http://technet.microsoft.com/en-US/evalcenter/dn205286
Windows Server
Microsoft Azure
Microsoft Azurehttp://azure.microsoft.com/en-us/
System Center
System Center 2012 R2http://technet.microsoft.com/en-US/evalcenter/dn205295
Azure PackAzure Packhttp://www.microsoft.com/en-us/server-cloud/products/windows-azure-pack
Resources
Learning
Microsoft Certification & Training Resources
www.microsoft.com/learning
msdn
Resources for Developers
http://microsoft.com/msdn
TechNet
Resources for IT Professionals
http://microsoft.com/technet
Sessions on Demand
http://channel9.msdn.com/Events/TechEd
© 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.