© 2014 VMware Inc. All rights reserved.

Maqsood Siddiqui 10th June 2014

© 2014 VMware Inc. All rights reserved.

Bringing Network Virtualisation to VMware Environments With NSX VMware vForums 2014

Maqsood Siddiqui

10th June 2014

Agenda

• The Software-Defined Data Center and the Network

• How Does It Work

• Better Security

• Better Operational Visibility

• Use Cases

• Eco System

The Software-Defined Data Center and the Network

Intelligence in Software Operational Model of VM for Data Center Automated Configuration & Management

What is a Software-Defined Data Center (SDDC)?

Intelligence in ASICs Dedicated, Vendor Specific Hardware Manual Configuration & Management

Software

Hardware Compute, Network and Storage Capacity Vendor Independent, Best Price/Performance Hardware Simplified Configuration & Management

Infrastructure

Servers Clouds

Be more responsive to business, change economics of IT

• Fast Workload Provisioning – weeks to minutes

• Unlimited Workload Placement & Mobility

• Any Hardware or Topology

• Improved cloud security

The Transformation of Infrastructure

Compute Virtualization

The Network is a Barrier to Software Defined Data Center

Any Physical Infrastructure

• Provisioning is slow

• Placement & Mobility is limited

• Operational visibility is limited

• Hardware dependent

• Operationally intensive

Network

Server

Storage

The Solution – Transform the Network with Virtualization

Compute Virtualization

• Programmatic provisioning

• Any workload anywhere

• End-to-end operational visibility

• Decoupled from hardware

• Operationally efficient

Network Virtualization

Hardware Independent

Network

Server

Storage

Any Physical Infrastructure

Software Defined Virtual Network

What is a Network Hypervisor?

General Purpose Server Hardware (Dell, HP, IBM, Quanta,…)

Server Hypervisor

Requirement: x86

Virtual

Machine

Virtual

Machine

Virtual

Machine

Application Application Application

x86 Environment

Decoupled

Hardware

Software

General Purpose IP Hardware (Arista, Cisco, HP, Juniper, Cumulus,…)

Network Hypervisor

Requirement: IP Transport

Virtual

Network

Virtual

Network Virtual

Network

Workload Workload Workload

L2, L3, L4-7 Network Services

Virtualize the Network

Decouple

Any

Hardware

Platform

Network Virtualisation Layer

Network Virtualization Decouples and reproduces the network model

Network Hypervisor Decoupled

Physical Network

(Arista, Cisco, HP, Juniper, Cumulus,…)

Workload Workload Workload

L2

L2

L3

Virtual Network

Workload Workload Workload

Virtual Network

L2

WAN

Subnet A Subnet B Subnet C

How Does It Work?

A Data Centre Network…

Internet

Compute Infrastructure….

Internet

Hypervisors and vSwitches…

Internet

NSX | The “Network Hypervisor”

Internet

Virtual Networks – Like Virtual Machines for the Network

Internet

Programmatic Provisioning

Services Distributed to the Virtual Switch

Physical Workloads and Legacy VLANs

The Power of Distribution

Better Security

22

Security – Complete Isolation

Virtual Networks are isolated from each other (Overlapping IP Addresses)

Virtual Networks are isolated from underlying physical network (IPv6 over IPv4)

Central Policies, Distributed Enforcement, Move with VMs

Internet

Security Policy Security Policy

- Reduce Choke Point Security

- Centrally Define Policies, Distribute Rule Enforcement for Segmentation

- Security Policies Move with VMs

- Changes to central policies automatically

distributed to affected VMs

The Power of Distribution

Service Insertion – Example: Palo Alto Networks Next Generation Firewall

Internet

Security Policy

Security Admin

Traffic Steering

Better Operational Visibility

27

Visibility & Troubleshooting

Visibility & Troubleshooting

Use the network troubleshooting tools you use today,

but with better information

Visibility & Troubleshooting

Use the network troubleshooting tools you use today,

but with better information

IPFIX Log

syslog Netflow Log

Use Cases

31

VMware NSX Use Case Examples

• Self Service R&D Clouds & Data Center Automation

– Speed & Agility

– Automated Provisioning

• Data Center Refresh

– Flexibility and choice for physical infrastructure

– Hardware independence

• Data Center Migration and Disaster Recovery

– No Re-IPing application workloads

• Scale-out DMZ

• Micro-segmentation

– Leverages inherent isolation and distributed firewalling

32

Ecosystem

33

VMware NSX Ecosystem – Technology Partners

More Information

CONFIDENTIAL 35

Hands on Labs (HOL): http://labs.hol.vmware.com/ NSX Design Guide: http://www.vmware.com/products/nsx/resources NSX Public Landing Page: http://www.vmware.com/products/nsx

Thank You Questions?

CONFIDENTIAL 36