net2375bu intelligent operations for sddc … operations for ... vmware nsx virtualize your sddc...
TRANSCRIPT
Neelay Thaker, Product Marketing Manager
Waleed Akl, Lead Systems Engineer
NET2375BU
#VMworld #NET2375BU
Intelligent Operations for SDDC Network and Security with vRealizeNetwork Insight
VMworld 2017 Content: Not fo
r publication or distri
bution
• This presentation may contain product features that are currently under development.
• This overview of new technology represents no commitment from VMware to deliver these features in any generally available product.
• Features are subject to change, and must not be included in contracts, purchase orders, or sales agreements of any kind.
• Technical feasibility and market demand will affect final delivery.
• Pricing and packaging for any new technologies or features discussed or presented have not been determined.
Disclaimer
2#NET2375BU CONFIDENTIAL
VMworld 2017 Content: Not fo
r publication or distri
bution
2017 Digital Transformation Agenda
Business Agility
and Innovation
Exceptional Mobile
Experiences
Protection of Brand
and Customer Trust
Empower
Digital
Workspaces
Transform
Security
Modernize
Data
Centers
Integrate
Public
Clouds
B U S I N E S S O U T C O M E S
S T R AT E G I C I T P R I O R I T I E S
3
VMworld 2017 Content: Not fo
r publication or distri
bution
Networking & Security for the Software-Defined Data Center
4
VMWare NSXVirtualize your SDDC Network and Security
VMWare vRealize Network InsightIntelligent Operations for your SDDC Networking and Security
Use Cases:➢ Security: Architecting security as
an inherent part of the data center infrastructure
➢ Automation: Automating IT processes to deliver IT at the speed of business
➢ App Continuity: Enabling applications and data to reside and be accessible anywhere
Use Cases:➢ Micro-segmentation Planning: Identify
network segments and flows between them, get firewall rules recommendations
➢ 360 Visibility & Troubleshooting: Unify troubleshooting across the virtual and physical infrastructure
➢ Manage & Scale NSX: Scale across multiple NSX Managers with powerful visualizations for topology and health
➢ Secure Public Clouds
Benefits:➢ Typically 20%-40% better performance➢ Reduces time to value in the enterprise➢ Enables agility for better performance –
policies move with workloads
Benefits:➢ Accelerate micro-segmentation planning➢ Rapidly troubleshoot issues and identify
opportunities for optimization➢ Manage and scale NSX deployments
with confidence
VMworld 2017 Content: Not fo
r publication or distri
bution
Challenges with Traditional Network Operations Tools
Traditional
network
management
tools are
inadequate for
modern virtual
networks like
NSX
5
Silo’ed, Complex Tools & People Skill Set Gap
New, Dynamic Environment
Operational visibility, control, and compliance
are challenging
Limited Visibility
VMworld 2017 Content: Not fo
r publication or distri
bution
VMware Cloud Services1Intelligent Operations for SDDC
Cost Insight
Discovery
WavefrontNetwork Insight
vRealize Automation
vRealize Operations
vRealize Business for Cloud
vRealize Log Insight
vRealize Network Insight
Management
Packs
Deploy On-premises Delivered as a Service
ON PREMISES DATA
CENTER and CLOUD
VMware Cloud Management StrategyChoice of Delivery
1 – Includes other products or services not listed here
Multi-Cloud Management Platform
Secure Networking
AppDefense
Cloud Operations Services: Management, Governance and Security
VMworld 2017 Content: Not fo
r publication or distri
bution
VMware Delivers: Intelligent Operations for Software-Defined Datacenter
7
1 vRealize Suite components2 Included with vRealize Suite and ships with NSX
vRealize Operations1
Compute Storage
Hybrid Cloud
Network
& Security
vRealize
Network
Insight
vRealize Log Insight2
Physical/ Virtual/ Cloud Environment
Application
vRealize Business for Cloud1
vRealize Network Insight Delivers Intelligent Operations for Software-Defined Networking and Security across
virtual, physical and multi-cloud environments
VMworld 2017 Content: Not fo
r publication or distri
bution
Introducing vRealize Network Insight
8
Distributed, Scale Out
Software SolutionEasy to Try, Deploy and Use Vendor Agnostic and
Agentless
Best for SDDC Networking &
Security
Solution for Virtual Infra,
Network and Security ITBuilt For Multi-Cloud
Enterprise-grade efficient software
solution that enables “scale as you
grow”
Assessment provides quick actionable
insights, powerful search-based UI and
topology visualizations
Integrated with devices from leading
networking and security vendors. No end
point agents means no management
overhead
Deep integration with VMware NSX
Manager, VMware vCenter and other
SDDC components
Comprehensive networking and security
visibility and troubleshooting
capabilities across virtual and physical
infra
Integrated security planning, visibility
and troubleshooting experience across
SDDC and public clouds
VMworld 2017 Content: Not fo
r publication or distri
bution
Customer Momentum and Industry Recognition
PANW Ignite Conference 2016 Panel Session:
CA-DWR, USAA & Columbia Sports
Case Study - NSX, PANW & vRNI
Case Study: CA Dept. of Water Rolls Out
Secure Cloud Using vRNI
9
“Arkin (vRNI) real-time flow analytics makes it
extremely easy to implement micro-
segmentation security. The visibility and
troubleshooting capabilities that Arkin (vRNI)
provides to our networking and operations
teams enables us to more quickly and
confidently scale our NSX deployment.”
Brian Lancaster, Executive Director of
Information Management
“I cannot say enough good things about #vRNI if
you want visibility into your #NSX overlay/firewall
and physical network. @vmwarensx”
Daniel Hertzberg, Enterprise Engineer
“I love the visibility into configuration/env changes
that vRNI provides me. So glad to finally get this
product into production.”
Justin Bias, Cloud Technologies Specialist
Proven Solution for Fortune 500 / Global 2000 Customers Across Verticals!
Government
Financials
Healthcare Retail
Education
Pharma
Airlines
Security
Manufacturing
Technology
“Unbelievable! This makes implementing firewall segments easier.”
Gartner Cool
Vendor for
Enterprise
Networking
April 2016
Cyber Defense
Magazine – Most
Innovative
Enterprise Security
Solution
February 2016
Winner Best of
VMworld Finalist Award
(Networking and
Virtualization)
August 2016
“Most community colleges are challenged to provide
stronger information security on a limited budget and
with a small IT team. The combination of VMware NSX
and vRealize Network Insight works very well for us. It
makes our environment more secure, and it’s saving
us time every week. I look forward to the new NSX
Edge Health Dashboard and third-party device
integrations in vRealize Network Insight 3.5 to help
drastically reduce the amount of effort and time
required to plan, deploy and scale SDDC networking
and security infrastructure.”Brandon Lovelace, Santa Barbara City College
VMworld 2017 Content: Not fo
r publication or distri
bution
10
vRealize Network InsightIntelligent Operations for Network and Security Across Virtual, Physical and Multiple Clouds
Micro segmentation Planning,
Deployment and Compliance
• Plan and measure security impact
with micro segmentation
• Accelerate micro-segmentation
deployment with firewall rules
recommendations.
• Continuously monitor and audit
compliance postures over time.
360 Network Visibility and Troubleshooting
• Quickly troubleshoot connectivity issues
between VMs through powerful path
visualization
• Unify troubleshooting experience across the
virtual and physical infrastructure
• Rapidly identify issues through efficient event
and alert management
Manage and Scale NSX Deployments
• Scale across multiple NSX Managers
with powerful visualizations for
topology and health
• Avoid configuration issues through an
in-product best practices checklist
• Pinpoint and triage issues for quick
resolution with intuitive UI and search
Secure Public Cloud Infrastructure
• Extend micro-segmentation planning to
AWS security groups
• Analyze traffic flows in AWS and get visibility
into AWS Virtual Private Cloud (VPC)
• Troubleshoot firewall issues between VMs in
AWS
Across Virtual, Physical and Cloud
VMworld 2017 Content: Not fo
r publication or distri
bution
11
Journey To SDDC Security with NSX & vRealize Network Insight
AssessGet Traffic Profile
Get Micro-segmentation recommendations
Understand NSX ROI
DeployMap App Connectivity
Model Security Groups and DFW Rules
Ensure Best Practices
Manage VXLAN/Virtual Networks
ManageEnable overlay-underlay virtual to physical visibility
Operationalize NSX
Rapidly troubleshoot
Ensure Audit and Compliance
Ensure security across private and public clouds
Quick time to value with
most customers getting
benefits within 1-2 week
deployment period!
VMworld 2017 Content: Not fo
r publication or distri
bution
12
NSX Assessment Tool
• Analyze Customer Data Center Traffic (East-West, V-to-V, V-to-P, ..)
• Generate Risk Assessment and NSX Benefits Report
• Use “True” Traffic % from Customer Environment in NSX ROI Calculator
• Demo Speed and Ease of Micro-Segmentation Sample of SG and FW Rules
– Virtual Appliance Model
– Installs in Minutes, Get Results in Hours
– Requires Connection to vCenters and Hosts Only
– Analyzes IPFIX Data Continuously to Generate Traffic Profile and Reports for a 1-3 day period
VMworld 2017 Content: Not fo
r publication or distri
bution
VMware
NSX Edge
VMware
NSX
Manager
Various
Network Vendor
Switches /
Routers
Cisco UCS /
Rackmount
VMware
vCenter
VMware
NSX
Controller
VMware
vSphere
(ESX)
HTTP: 443
SSH: 22
SNMP: 161SSH: 22SSH: 22
HTTPS: 443SSH: 22
SNMP: 161HTTPS: 443
Read-Only Credentials
IPFix: 2055
Data Sources
Network Insight Proxy VM (Collector)
Network Insight Platform VM
HTTPS: 443
UI Access
HTTPS: 443
Additional ports access
needed for appliance
debugging:
Port 22 (SSH)
Port 5480 (HTTP)
HTTP: 443Amazon
Web
Services
vRealize Network Insight ArchitectureVMware Cloud
(Upgrade,
Registration and
Support Server)
HTTP: 443
NSX IPFIX records are generated via NSX DFW
and sent from each ESXi host
VMworld 2017 Content: Not fo
r publication or distri
bution
VMware
NSX Edge
VMware
NSX
Manager
Various
Network Vendor
Switches /
Routers
Cisco UCS /
Rackmount
VMware
vCenter
VMware
NSX
Controller
VMware
vSphere
(ESX)
HTTP: 443
SSH: 22
SNMP: 161SSH: 22SSH: 22
HTTPS: 443SSH: 22
SNMP: 161HTTPS: 443
Read-Only
IPFix: 2055
On-Premises
Data Sources
Proxy VM (Collector)
UI AccessHTTPS: 443
HTTP: 443
Amazon
Web
Services
Network Insight Service Architecture
VMware Cloud ServicesNetwork Insight
HTTP: 443Read-Only
Upgrade, Registration and
Support Services
NSX IPFIX records are generated via NSX DFW
and sent from each ESXi host
VMworld 2017 Content: Not fo
r publication or distri
bution
Micro-segmentation Planning, Deployment and Compliance
15
VMworld 2017 Content: Not fo
r publication or distri
bution
Application Traffic Analysis
16
• Understand need for micro-segmentation in your SDDC:
• East-West traffic shows portion of traffic unprotected by perimeter firewalls
• Understand opportunities for optimization:
• Proportion of Switched vs Routed traffic
• Proportion of VM to VM, Routed within host traffic
• Detailed flow information for on premises and AWS entities to understand traffic distribution
• Define and plan micro-segmentation for applications
VMworld 2017 Content: Not fo
r publication or distri
bution
360° Network Visibility & Troubleshooting
17
VMworld 2017 Content: Not fo
r publication or distri
bution
Data Paths Across Overlay And Underlay
18
NSX Firewall
PANW Virtual
FW
PANW Physical
Firewall
Physical Network
Switch, Router
VXLAN
VLAN
Converged
Infrastructure
(Ex: UCS)
Connectivity Graphs
• VM to VM, VM to Physical, VM to Internet
• Hop-by-Hop Path across Overlay (LDRs, Edge Gateways) and Underlay (Physical VDCs & VRFs). See V-To-P Boundary
• Correlated Problems And Performance Metrics Across Virtual and Physical
• See Effective Firewall Rules and Security Policies across NSX and PANW in Service-Chained Environment
• Support for NAT instance hops
VMworld 2017 Content: Not fo
r publication or distri
bution
NSX Infrastructure Monitoring and Troubleshooting
20
NSX Manager Dashboards With Powerful Visualizations
• View NSX Manager Topology including NSX services and vCenteras well as underlay connections
• Topology view flags elements with issues, single click to view issues for any element in the topology
• Comprehensive information on alerts color coded by severity and includes recommendations for fix
• Archive important events
Indicates
Issues
Color
coded by
severity
VMworld 2017 Content: Not fo
r publication or distri
bution
AWS Visibility and Security
Add AWS
credentials
• AWS CloudWatch Flow Logs
• Support for VPC, firewall rules, security groups, VMs, flows, tags
• Entities searchable via standard searches
• Troubleshoot network flows and configuration issues
Leverage powerful
search capabilities
Analyze flows for
AWS VPCs and
Security Groups
Analyze flows for
AWS VPCs and
Security Groups
VMworld 2017 Content: Not fo
r publication or distri
bution
AWS Visibility and Troubleshooting
• Support for VPC, firewall rules, security groups, VMs, flows, tags
• Comprehensive information for AWS VPC, Security Groups, VM Instances
• Troubleshoot connectivity between AWS instances using powerful search queries
• User defined events also work with AWS objects and tags
Comprehensive
information for AWS
elements
VMworld 2017 Content: Not fo
r publication or distri
bution
Flow Visibility For On-Premises, AWS and Hybrid Apps
• Model application tiers across on-premises, AWS, or both.
• Visualize flows between app tiers that span across SDDC and AWS
• Use data to confirm/estimate AWS costs and/or streamline infrastructure
Build applications
using AWS VMs
VMworld 2017 Content: Not fo
r publication or distri
bution
vRealize Network Insight 2017 Releases
March 2nd June 6th Sep 5th
vRealize Network Insight 3.5
vRealize Network Insight 3.4
vRealize Network Insight 3.3
Manage & Scale NSX NSX IPFIX integration: See flows
blocked by NSX firewall NSX Edge Health dashboard:
Enhanced visibility with Layer 3 topology view
PCI Compliance dashboard: Assess PCI compliance for NSX-V
Troubleshoot across virtual and physical infrastructure Support for Checkpoint firewall,
Brocade MLX, HP ONEView ECMP support for VM to VM path
Enterprise-grade platform Migrate data sources between proxies Enforce platform resource usage limits Support for multiple licenses
Manage & Scale NSX NSX 6.3 support Expanded support for NSX firewalls –
negation, direction, etc Support for 11 new NSX events
Troubleshoot across virtual and physical infra NAT visibility for VM to VM paths Support for user-defined “North-South”
IP addresses Support for Panorama 7.0-7.1
Enterprise-grade platform Expanded support for user-defined
events Detailed event descriptions, severity
and recommendations
Secure Public Clouds Micro-segmentation planning by AWS
VPC, Security Groups Visibility and troubleshooting for AWS
VPC, EC2, Security Groups Application modeling for hybrid and
AWS-based apps
Troubleshoot across virtual and physical infrastructure Layer 2 underlay visibility for VM to
VM paths Enhanced traffic and security analytics
with support for physical servers Support for vCenter tags, day 2 NSX
event reporting
Enterprise-grade platform Extended and configurable data
retention periods Export events as syslog messages for
integration with vRealize Log Insight Customization of alerts by object and
alert types
VMworld 2017 Content: Not fo
r publication or distri
bution
Learn More
#NET2375BU CONFIDENTIAL 26
Try the Hands-on Lab. Nothing to download!
Visit the website for resources and
purchasing information.
https://www.vmware.com/products/vrealize-network-insight.html
http://Labs.hol.vmware.com
Website:
Hands-on Lab:
VMworld 2017 Content: Not fo
r publication or distri
bution
Popular vRealize Operations Sessions at VMWorld 2017
27
Monday, Aug 28 _________________________________________________________________________
• NET2375BU: Intelligent Operations for SDDC Network and Security with vRealize Network Insight 1:00 p.m. - 2:00 p.m.
Tuesday, Aug 29 _________________________________________________________________________
• NET2598PU: Customer Panel – NSX Micro-segmentation and vRealize Network Insight 1:00 a.m. – 2:00 p.m.
• NET2810BU: Feel the vRNI: Overcoming operational challenges with NSX and Underlay Networking 2:30 p.m. - 3:30 p.m.
• SAI2806PU: Operationalizing micro-segmentation customer panel 5:00 p.m. – 6:00 p.m.
• VIRT1397BU: Optimize and increase performance of business critical architectures using VMware NSX and vRealize Network Insight 5:30p.m.
Wednesday, Aug 30_______________________________________________________________________
• MGT1908PU: Panel: Day 2 operations using vRealize Network Insight 4:00 p.m. – 5:00 p.m.
• SAI2803BU: The road to micro-segmentation with VMware NSX 3:30 p.m. - 4:30 p.m.
Thursday, Aug 31 _________________________________________________________________________
• NET1069GE: A new tool in Network Admin’s Toolbox: VMware vRealize Network Insight 10:30 a.m. – 11.30 a.m.
• VIRT2550BU: Reducing latency in enterprise applications with VMWare NSX – 1:30 p.m.
VMworld 2017 Content: Not fo
r publication or distri
bution