net1188bu disaster recovery solutions with nsx or distribution€¦ · disaster recovery solutions...

Humair Ahmed, VMware NSBU, @Humair_AhmedIan Allie, EMC EHC, @Ian_AllieJustin Giardina, iland, @jgiardina

NET1188BU

#VMworld #NET1188BU

Disaster Recovery Solutions with NSX

VMworld 2017 Content: Not fo

r publication or distri

bution

• This presentation may contain product features that are currently under development.

• This overview of new technology represents no commitment from VMware to deliver these features in any generally available product.

• Features are subject to change, and must not be included in contracts, purchase orders, or sales agreements of any kind.

• Technical feasibility and market demand will affect final delivery.

• Pricing and packaging for any new technologies or features discussed or presented have not been determined.

Disclaimer

CONFIDENTIAL 2



bution

1 The Need for Better DR with NSX

2 NSX Features for DR

3 NSX DR Solutions with Examples

4 Demo

5 Customer Example: EMC Enterprise Hybrid Cloud (EHC)

6 Customer Example: iland

7 Summary and Q&A

Agenda

3

Multisite Networking and Security with

Cross-VC NSX: Part 1NET1190BU

Multisite Networking and Security with

Cross-VC NSX: Part 2NET1191BU



bution

NSX Networking and Security for DR Solutions

4

Ex:

▪ L2 Over Dark Fiber

▪ VPLS Over MPLS Back Bone

▪ Hardware-Based Solution (OTV)

Expensive, hardware-based, complex, operationally challenging, and/or long lead times required

What’s needed is a software based approach which can provide:

➢ Decoupling from physical hardware➢ Ease of deployment ➢ Ease of use➢ Better security with micro-segmentation➢ Leverage higher-level security constructs➢ Flexibility➢ High degree of automation➢ Rapid deployment/recovery and productivity➢ Ease of testing DR Plan➢ Extensive partner ecosystem for services➢ Integration with other DR & SDDC components (SRM, vSphere hypervisor, vRealize Suite, etc.)Not holistic solutions – only focused on the network and per-device configuration and lack automation and flexibility

Traditional Challenges for DR Solutions

• Change application IP addresses• Re-create/Re-configure physical network

for L2-L3 connectivity requirements• Re-create security policies • Update other physical device configuration

Ex: load balancer • Additional update/re-configuration (ACLs,

DNS, Application IP Dependencies, etc.)

Winter is coming.

Protect the workloads!

Site 1: Winterfell

Site 2: King’s Landing

Traditional Solutions::



bution




4 Demo



7 Summary and Q&A

Agenda

5



bution

Leveraging Cross-VC NSX for DR

6

• DR to another data center

APP

Active Stand-byActive - stand-by model

ULS - VNI 7000

ULS - VNI 8000

UDLR

APP

UDFW

ULS - VNI 9000

APP

APP

APP

APP

WEB

APP

DB

APP

APP

APP

Site 1 Site 2



bution

Flexibility for DR Solutions

• DR to another data center

Active Stand-by

Active - stand-by model

UDLR

UDFW

APPAPP

WEBAPPDB

APPAPP APP APP

WEBAPPDB APP APP APPAPPAPP APP

UDLR

ActiveStand-by

Site 1 Site 2

7



bution

Transport Zone

Host 1 Host 2

Universal App Logical Switch: VNI 90000

Universal Controller Cluster

No CDO Mode

VDS

Cluster

Successful PingPing Fails

NSX Control Plane Resiliency: CDO Mode

VDS

Cluster

Site 1 Site 2

Universal Transport Zone

No CDO Mode

8



bution

Transport Zone

Host 1 Host 2

Universal App Logical Switch: VNI 90000

Universal Controller Cluster

CDO CDO

VDS

Cluster

Successful Ping

BUM

• No issues when powering on a VM on

Host 2 or vMotioning a VM to Host 2

NSX Control Plane Resiliency: CDO Mode

VDS

Cluster

Site 1 Site 2

Universal Transport Zone

9



bution

On Primary NSX Manager - configure Unique ID Selection Criteria On Primary NSX Manager - create Universal Security Tag

Synchronization of Security Tags between

Primary/Secondary NSX Managers

On Secondary NSX Manager - Security Tags attached to

respective VMs based on Unique Selection criteria

Ex: Universal Security TagsOn Primary NSX Manager – Statically

attach security tag(s) to respective VM(s)

NSX Security: Leveraging Higher-Level Security Constructs

10



bution

Leveraging NSX for DR to Cloud

11

• DR to a cloud environment


WEBAPPDB

APPAPP APP

Stand-by

L2 over L3 via

Cross-VC NSX

Active

Direct Connectivity

WEBAPPDB

VMware Cloud Provider

APPAPP APP

Site 1 Site 2



bution

Leveraging NSX for DR to Cloud

12

• DR to a cloud environment


WEBAPPDB

APPAPP APP

Stand-by

APP APP

VMware Cloud Provider

IPSECL2VPN

WEBAPPDB

Active

APP

Site 1 Site 2



bution




4 Demo



7 Summary and Q&A

Agenda

13



bution

NSX Enhanced DR Solutions

vSphere 6.0+ NSX 6.2+

SRM

Compute and Networking DR Orchestration Storage Replication

vSphere/Array Replication

Dell EMC RP4VM

Other DR VendorsVRA VRA

VM-Level Replication

RP4VM

Replication

14



bution

Cross-VC NSX + SRM for DR

15

Storage

Servers

VMware vSphere

vCenter ServerSite

Recovery Manager

Virtual Machines

Site Recovery Manager

• Manages recovery plans

• Automates failovers and failbacks

• Tightly integrated with vCenter and replication

Storage-Based Replication (3rd party)

• Provided by replication vendor

• Integrated via replication adapters created, certified and supported by replication vendor

vSphere Replication

• Part of vSphere platform

• Replicates virtual machines between

vSphere clusters

Replication Options

Required at both protected

and recovery sites

Networking ?

Compute

Storage

Source and destination networks are automatically mapped with Storage Policy Protection Group (SPPG)

APP APP APP APP APP APP



bution

16

Palo Alto Networks

SRM SRM

Palo Alto Networks

vSphere Replication vSphere Replication

.1

.1

.1

Active Application Standby Application

1

2

3

Protection GroupPriorities/Dependencies



bution

17

ULS – Web: 172.20.1.0/24

ULS – App: 172.20.2.0/24

UDLR

DB

UDFW

ULS – DB: 172.20.3.0/24

Web

App

Test ULS – Web: 172.20.1.0/24

Test ULS – App: 172.20.2.0/24

Test UDLR

DBTest ULS – DB: 172.20.3.0/24

Web

App

Site 1Palo Alto, CA

Site 2San Jose, CA

SRM

DB

Web

App

Run on Isolated Test Network



bution

Cross-VC NSX + RP4VM for DR

18

Recover Point Manager

• Manages recovery plans

• Automates failovers and failbacks

• Tightly integrated with vCenter

• Protect VMs with VM level granularity

• Replicates virtual machines between

vSphere clusters

• Orchestrated DR test, failover, failback to

any point in time

Hypervisor Based Replication



bution

19

Cross-VC NSX + Zerto for DR



bution




4 Demo



7 Summary and Q&A

Agenda

20



bution

21



bution




4 Demo



7 Summary and Q&A

Agenda

22



bution

DR Solutions with NSXDell EMC Enterprise Hybrid Cloud

Ian Allie – Consultant Solutions Engineer Dell EMC

Enterprise Hybrid Cloud

23



bution


CI / HCI PlatformSoftware Defined

InfrastructureCloud Management

and OperationsSelf-service and automated IaaS

Continuous Availability

Disaster Recovery

Encryption Services

Data Protection

Engineered Modular Add-ons


24



bution

Business value NSX with EHC delivered to our customers

4X faster

provisioning time

90% reduction

in downtime

50% reduction

in data center costs

Consolidated data

centers by 71%

Reduced resource

provisioning time from

months to hours

Unification of

entire IT department

vs. siloed teams

Reduced provisioning

times from 2–3 weeks

to minutes

Decreased total IT

spend by 60%

Reduced time to market

for new business

services by 65%

25% time saved from

operational activities

Provisioning time

reduced from days

to minutes

Increased resource

utilization

25



bution

NSX Simplifies EHC DR add-on

RecoverPoint for

Virtual Machines

(RP4VM)

• VM-level disaster recovery

granularity

• Virtual Appliance Replication

• vSphere web client

integration

26



bution

Use Case: Requirements

12

45 6

3

2 Sites, 2 vCentersActive workloads

Bi-directional DR

Consistent security

Consistent networks and

traffic engineering

DR Consumption

through CMP

27



bution

Building the Network

Green_uDLR

Blue_uDLR

Site 1 Site 2

vCenterNSX

ManagerController

ClustervCenter

NSX Manager

Cross vCenter NSX 1

2

5

Web App DB

Blue App01

Web App DB

Green App0128



bution

Replicating the VMs

Green_uDLR

Blue_uDLR

Site 1 Site 2

vCenterNSX

ManagerController

ClustervCenter

NSX Manager

Cross vCenter NSX

Web App DB

Blue App01

Web App DB

Green App01

RP4VMvRPA

RP4VMvRPA

Recoverpoint for VM

RP4VM CG

RP4VM CG

Web App DB

Green App01

Web App DB

Blue App01

3

29



bution

Securing the Applications

Green_uDLR

Blue_uDLR

Site 1 Site 2

vCenterNSX

ManagerController

ClustervCenter

NSX Manager

Cross vCenter NSX

Web App DB

Blue App01

Web App DB

Green App01

RP4VMvRPA

RP4VMvRPA

Recoverpoint for VM

RP4VM CG

RP4VM CG

Web App DB

Green App01

Web App DB

Blue App01

Universal

Security

Groups, tags

and DFW

rules

6

4Static Inclusion

192.168.0.100

00:50:56:XX:YY:ZZ

Dynamic Inclusion

Universal Security Groups

30



bution




4 Demo



7 Summary and Q&A

Agenda

31



bution

justin giardinaCTO

iland Secure Cloud | http://iland.com

[email protected]

32



bution

about

Began my journey with iland in 2008 Network and sysadmin at heartStarted in technology in early 90’s

- vmware technical advisory board member

- content creator for vmware certifications

33



bution

The Forrester Wave™: Disaster-Recovery-As-A-Service Providers , 2017

20Years delivering

IT Services

8ISO 27001 & SSAE16 global data centers

10Years cloud

& disaster recovery expertise

A “Leader” in Gartner Magic Quadrant for DRaaS, 2017



bution

iland delivers a breadth of secure cloud services

Enterprise Cloud Services - Advanced Security

Cloud Backup

Disaster Recovery as a Service

Public and Private Cloud

Global backup for on-premise

Fast and reliable DRaaS

All iland services are delivered with our industry-leading customer support

35



bution

Global cloud locations to support your growing business

• Datacenters: Los Angeles, Dallas, Washington, D.C., London, Manchester, Amsterdam, Singapore, Sydney

• Ongoing global customer-driven expansion

• Tier III and IV data centers

• Connected directly to 500 IP providers worldwide

• Clear data location for data sovereignty

• Local support in each region

• Standard global contract, SLA, and service catalogUS Headquarters

Houston, TX

EMEA HeadquartersLondon, UK

36



bution

and NSX

relying on public and private nsx functionality

2010

vcd and vcni vcloud networking and

security

nsx

2017

global nsx footprint

across 8 data

centers

10,000networks deployed

over ten thousand

leveraging vxlan

primarilysmall percentage of vlan

leveraging the

nsx api

extensively

37



bution

multi-tenant draas use case

• ability to pre-configure security rules

• firewalling, load balancing, routing, vpn, etc.

• stretch layer-2 with our without customer nsx, partial and full

failover

• complete control prior and during dr event

one or multiple

edges per

customer

Production VM

Firewall

Production VM

complete replica of customer network

segments to iland cloud

38



bution

Customer Data Center

Replicated VM

Production VM

Firewall

Production VM

Replicated VM NSX Edge

- Firewall

- L2VPN

- Load

Balancing

- BGP

multi-tenant draas use case (partial)

39



bution

NSX Edge

- Firewall

- L2VPN

- Load

Balancing

- BGP

Customer Data Center

Replicated VM

Production VM

Firewall

Production VM

Replicated VM

multi-tenant draas use case (full)

40



bution

iland secure cloud – nsx api integrations

41



bution

iland secure cloud console – draas integrations

42



bution




4 Demo



7 Summary and Q&A

Agenda

43



bution



bution

Humair Ahmed, VMware NSBU, [email protected], @Humair_Ahmed

Ian Allie, EMC EHC, [email protected], @Ian_Allie

Justin Giardina, [email protected], @jgiardina



bution

mailto:[email protected]



net1188bu disaster recovery solutions with nsx or distribution€¦ · disaster recovery solutions...

Documents