net3282bu the nsx practical path or distribution for ... · 2016 q2 2,600+ q2 1,300+ 2,600+...
TRANSCRIPT
Nikhil Kelshikar, Sr. Director NSX Tech Prod Management @nikhilkelshikar
Ron Fuller, Staff NSX Systems Engineer@ccie5851
NET3282BU
#VMworld #NET3282BU
The NSX Practical Path
VMworld 2017 Content: Not fo
r publication or distri
bution
• This presentation may contain product features that are currently under development.
• This overview of new technology represents no commitment from VMware to deliver these features in any generally available product.
• Features are subject to change, and must not be included in contracts, purchase orders, or sales agreements of any kind.
• Technical feasibility and market demand will affect final delivery.
• Pricing and packaging for any new technologies or features discussed or presented have not been determined.
Disclaimer
CONFIDENTIAL 2
VMworld 2017 Content: Not fo
r publication or distri
bution
Session Objectives – NSX Practical Path
• Understand why are customers deploying NSX
• Learn the top use cases for how NSX is being deployed
• Watch demos showcasing security, app continuity and automation
• Hear about where NSX can take your business
#NET3282BU CONFIDENTIAL 3
VMworld 2017 Content: Not fo
r publication or distri
bution
Agenda – The NSX Practical Path
1 NSX today
2 Why are customers deploying NSX
3 NSX for security
4 NSX for application continuity
5 NSX for automation
6 What next for NSX and you
#NET3282BU CONFIDENTIAL 4
VMworld 2017 Content: Not fo
r publication or distri
bution
Agenda – The NSX Practical Path
1 NSX today
2 Why are customers deploying NSX
3 NSX for security
4 NSX for application continuity
5 NSX for automation
6 What next for NSX and you
5#NET3282BU CONFIDENTIAL
VMworld 2017 Content: Not fo
r publication or distri
bution
APP
The goals haven’t changed…
Focus on the app
Security of applications and data
Speed of delivery
Application availability
…but everything else has
Changes in threats landscapeAttack Sophistication | Persistent Threats | Weaponization of Cyberspace
Changes in application architecturesContainerization | Microservices | PaaS
Changes to infrastructureConvergence | Private Cloud | Public Cloud
VMworld 2017 Content: Not fo
r publication or distri
bution
Enabling Digital Transformation in a Software-defined WorldVMware NSX network virtualization and security platform helps our customers make the transition
to the digital era
Works across hypervisors,
application frameworks, clouds
Infrastructure
independent
Security wrapped around the
VM, container, microservice
#NET3282BU CONFIDENTIAL 7
VMworld 2017 Content: Not fo
r publication or distri
bution
Agenda – The NSX Practical Path
1 NSX today
2 Why are customers deploying NSX
3 NSX for security
4 NSX for application continuity
5 NSX for automation
6 What next for NSX and you
8#NET3282BU CONFIDENTIAL
VMworld 2017 Content: Not fo
r publication or distri
bution
NSX Customer Momentum Is Growing Exponentially
Customers CertificationsDeployments
2017
2016
Q2 2,600+
Q2 1,300+
2,600+ customers across all
industries and organizational
sizes — representing 100%
year-over-year growth
Over two new deployments of NSX
per day. Number of deployments
increased 3x year-over-year
8,800+ Certified NSX
professionals
NSX
#NET3282BU CONFIDENTIAL 9
VMworld 2017 Content: Not fo
r publication or distri
bution
NSX Is Everywhere
SERVICEPROVIDER
HEALTHCARE FINANCE TECHNOLOGY PUBLICSECTOR
EDUCATION RETAIL TRAVEL ANDTRANSPORT
#NET3282BU CONFIDENTIAL 10
VMworld 2017 Content: Not fo
r publication or distri
bution
SecurityInherently secure infrastructure
AutomationApps at the speed of business
Application continuityData center anywhere
NSX Customer Use Cases
Micro-segmentation IT automating IT Disaster recovery
DMZ anywhere Multi-tenant infrastructure Cross cloud
Secure end user Developer cloud Multi data center pooling
#NET3282BU CONFIDENTIAL 11
VMworld 2017 Content: Not fo
r publication or distri
bution
Getting Started with NSX
12
Deploy NSX Manager
Use the step-by-step “Deploy OVF
Template” wizard to get you started.
1
It’s as simple
as deploying
a VM.
2
3
Register NSX with vCenter
Enables access to all vCenter
objects and NSX firewall policy
management and deployment
through vCenter.
Deploy NSX Controllers
Deploy NSX controllers to run
the control plane for NSX
Uses the same
familiar vSphere
interface.
Three controllers
are deployed for
high-availability
4
5
Prepare Clusters
NSX components are automatically
pushed down to the hosts.
Configure and Deploy
EdgeService Gateways
Enables connectivity between
the physical and virtual
networks.
All hosts are
ready no manual
interaction
needed
Gateways are
just VMs and are
easily scalable.
#NET3282BU CONFIDENTIAL
VMworld 2017 Content: Not fo
r publication or distri
bution
Demo – NSX Deployment (fully automated)
13https://github.com/vmware/powernsx/blob/master/Examples/NSXBuildFromScratch.ps1
NET2119BUTuesday, 5:30 pm
VMworld 2017 Content: Not fo
r publication or distri
bution
Agenda – The NSX Practical Path
1 NSX today
2 Why are customers deploying NSX
3 NSX for security
4 NSX for application continuity
5 NSX for automation
6 What next for NSX and you
14#NET3282BU CONFIDENTIAL
VMworld 2017 Content: Not fo
r publication or distri
bution
Our Security Focus
#NET3282BU CONFIDENTIAL 15
Secure Identity
and EndpointsSecure Application
Infrastructure
Establish & Maintain
Least Privilege Environments
Align Security Controls
To Applications & Data
COMPUTENETWORKUSER DEVICEs
USERS USERS
Data
DATA
VMworld 2017 Content: Not fo
r publication or distri
bution
Security
Inherently secure infrastructure
NSX Security Features
Micro-segmentation
DMZ anywhere
Secure end user
• Distributed firewall for inter / intra zone segmentation
• Rules based on IP, MAC, VM attributes, vCenter & external context
• VDI security with NSX distributed firewall context based on active directory
• Guest introspection for anti-virus, malware protection
• DMZ for PCI, HIPAA and other compliance
• Guest introspection for anti-virus, malware protection, 3rd party FW, IPS/IDS
#NET3282BU CONFIDENTIAL 16
VMworld 2017 Content: Not fo
r publication or distri
bution
Getting Started with NSX Security
17
Run Virtual Network Assessment
Deploy VRNI to understand current
state of infrastructure based on flow
analysis
1
No need to
install NSX
yet!
2
3
Deploy NSX
Install NSX bits and prepare hosts
to deploy NSX distributed firewall.
No changes to your existing
infrastructure.
Create Infrastructure DFW Rules
Use data from Virtual Network
Assessment to build firewall
policy for core services like
DNS, syslog, AD and more.
Hint – you can
automate this!
Gives apps
access to core
services
4
5
Run Application Rule Manager
ARM analysis can be used to analyze
posture of your apps and
automatically create new rules
Micro-segment and monitor
Repeat for other apps, send
logs to syslog and monitor
your apps
Build a micro-
segmentation
policy
Micro-
segmentation
done!
#NET3282BU CONFIDENTIAL
VMworld 2017 Content: Not fo
r publication or distri
bution
Demo – Application Rule Manager
18
SAI2803BUWednesday, 3:30 pm
VMworld 2017 Content: Not fo
r publication or distri
bution
Context-Aware Micro-SegmentationDeeper Introspection & Strengthened Ecosystem
File /
BinaryProc / Exe Socket L4/5-tuple AppID-UserID
Endpoint Monitoring (EM) Application Rule Manager (ARM)
vCenter
OpenStack
Cloud
Container
In-Guest NetworkSource
VMware
EDR / AV-AM / DLP / APT
Action-Driven Context TriggersNSX Dynamic Rulesets NSX Tags, Alerts, Logs
AirWatch / AppDefense
NGFW / IPSPartners
#NET3282BU CONFIDENTIAL
VMworld 2017 Content: Not fo
r publication or distri
bution
NSX Security Certifications and Compliance
20
Distributed
Firewall
Edge
Firewall
VPN
http://pubs.vmware.com/Release_Notes/en/nsx/6.3.0/releasenotes_nsx_vsphere_630.html
https://solutionexchange.vmware.com/store/products/vmware-pci-compliance-and-cyber-risk-solutions
http://ir.vmware.com/overview/press-releases/press-release-
details/2016/Newly-Released-STIG-Validates-VMware-NSX-
Meets-the-Security-Hardening-Guidance-Required-for-
Installment-on-Department-of-Defense-DoD-
Networks/default.aspx
https://www.vmware.com/content/dam/digitalmarketing/vmware/e
n/pdf/vmware-product-applicability-guide-hipaa-hitech.pdf
https://www.vmware.com/content/dam/digitalmarketing/vmware/e
n/pdf/vmware-product-applicability-guide-for-fedramp-v1-0.pdf
https://www.vmware.com/content/dam/digitalmarketing/vmware/en/
pdf/vmware-product-applicability-guide-nerc-cip.pdf
#NET3282BU CONFIDENTIAL
VMworld 2017 Content: Not fo
r publication or distri
bution
Agenda – The NSX Practical Path
1 NSX today
2 Why are customers deploying NSX
3 NSX for security
4 NSX for application continuity
5 NSX for automation
6 What next for NSX and you
21#NET3282BU CONFIDENTIAL
VMworld 2017 Content: Not fo
r publication or distri
bution
Application continuityData center anywhere
NSX Features for Application Continuity
Disaster recovery
Cross cloud
Multi data center pooling
• Cross vCenter NSX - Universal Logical Switches, Universal firewall
• Active / DR Security tag synchronization
• Multiple active – active vCenter deployment
• Cross VC NSX with egress routing optimizations
• Extension to public cloud – VMware Cloud on AWS
• L2VPN, L3VPN for cloud on-boarding
#NET3282BU CONFIDENTIAL 22
VMworld 2017 Content: Not fo
r publication or distri
bution
Applications that Span Data
Centers and Clouds
“Our ability to develop something once and extend it to
both private and public clouds allows us to deliver new
products, services, and updates much faster, so we
can keep up with and even lead the pace of change in
our industry. That means happy guests, happy
employees, and a very productive IT team.”
Alan Rosa
Sr. Vice President
Technology Delivery & IT Security
Marriott International
Cross cloud
VMworld 2017 Content: Not fo
r publication or distri
bution
Getting Started with NSX Application Continuity
24
Deploy NSX on primary site and host prep
Install NSX bits and prepare hosts
to deploy NSX distributed firewall
1
Install NSX on
primary and
secondary
sites
3
2
Deploy Secondary NSX managers and register
Register secondary NSX managers
with primary for Cross
vCenter functionality..
Deploy Universal NSX Controllers
Deploy NSX controllers and
configure universal transport
zones.
Cross vCenter
Connectivity
Three controllers
are deployed for
high-availability
4
5
Create Universal Objects
Create Universal logical switches,
universal routers, universal firewall
rules and policies– optimized with
local egress
Configure and Deploy
EdgeService Gateways
Enables access between the
physical and virtual networks.
Universal objects
are extended
across sites
Gateways are
just VMs and are
easily scalable.
#NET3282BU CONFIDENTIAL 24
VMworld 2017 Content: Not fo
r publication or distri
bution
DemoDR to Public Cloud
25
NET1190BU/1191BUThursday, 10:30 am
VMworld 2017 Content: Not fo
r publication or distri
bution
Multisite networking and security (cross-vCenter)
26
vCenter-A
<150ms
Local storage Local storage
Site-A Site-B
vCenter-B
Universal distributed logical router
Secure, high availability, distributed, virtualized resource pool
#NET3282BU CONFIDENTIAL
VMworld 2017 Content: Not fo
r publication or distri
bution
Agenda – The NSX Practical Path
1 NSX today
2 Why are customers deploying NSX
3 NSX for security
4 NSX for application continuity
5 NSX for automation
6 What next for NSX and you
27#NET3282BU CONFIDENTIAL
VMworld 2017 Content: Not fo
r publication or distri
bution
Automation Apps at the speed of business
NSX Customer Use Cases
IT automating IT
Multi-tenant infrastructure
Developer cloud
• Automation of IT tasks using NSX API and scripting
• Integration with cloud management platforms – vRealize Automation, etc.
• OpenStack environments using VIO
• Container deployments
• Multi-tenant Cloud deployments using vCloud Director, OpenStack
#NET3282BU CONFIDENTIAL 28
VMworld 2017 Content: Not fo
r publication or distri
bution
Agility for Developers and Beyond
“Whether I’m deploying containers, whether I’m deploying
VMs, whether I’m doing bare metal, whether I’m using
OpenStack, it’s all a means to an end. Ultimately, what the
customer is expecting is ability, agility, and continuously
driving down costs. And that’s what NSX allows
us to provide.”
Wolfgang Krips
EVP Global Operations
Amadeus
Developer cloud
VMworld 2017 Content: Not fo
r publication or distri
bution
NSX IT Automation Capabilities
UI and workflow-based consumption of networking and security
GUI
Programmatic consumption
Enables easy automation of both installation and deployment processes
APICloud management
platform
Networking and security deployment as a part of application deployment
#NET3282BU CONFIDENTIAL 30
VMworld 2017 Content: Not fo
r publication or distri
bution
Demo – Automation of Security Rule Creation with Powershell
VMworld 2017 Content: Not fo
r publication or distri
bution
Agenda – The NSX Practical Path
1 NSX today
2 Why are customers deploying NSX
3 NSX for security
4 NSX for application continuity
5 NSX for automation
6 What next for NSX and you
32#NET3282BU CONFIDENTIAL
VMworld 2017 Content: Not fo
r publication or distri
bution
#NET3282BU CONFIDENTIAL
NSX Vision: Driving NSX EverywhereManaging security and connectivity for many heterogeneous end points
New app frameworks
Branch offices/Edge computing/IOT
End usersOn-premises data center
Automation
IT at the speed of business
Security
Inherently secure infrastructure
Application Continuity
Data center anywhere
Cloud
vCloud AirNetwork
33
#NET3282BU CONFIDENTIAL
VMworld 2017 Content: Not fo
r publication or distri
bution
Modernizing an Application with Kubernetes
#NET3282BU CONFIDENTIAL
Network, load balancing, and security configured as part of K8s deployment
Admin config
App-driven config
K8s
django-frontend
Network
redis-backend
Network
Layer 3
Namespace
Logical Routerdjango-frontend.k8scloud.com redis.k8scloud.com
App: Django
ingress
Deployment
Namespace
django-frontend
App: Redis
service
Deployment
Namespace
redis-backend
34
VMworld 2017 Content: Not fo
r publication or distri
bution
This new approach to networking enables IT organizations to transform, resulting in delivering greater value to the business.
+ =People
Break down traditional IT
siloes for more cross-
functional teams
#NSXmindset
ProcessesAutomate processes to
reduce complexity and
manual tasks
CultureIT becomes more agile
in how it delivers value
to the business
VMware NSX Enables a Big Step Forward for IT
#NET3282BU CONFIDENTIAL 37
VMworld 2017 Content: Not fo
r publication or distri
bution
APPLICATIONS ARE SOFTWARE.
YOUR NETWORK SHOULD BE, TOO.VMworld 2017 Content: N
ot for publicatio
n or distribution
Join VMUG for exclusive access to NSX
vmug.com/VMUG-Join/VMUG-Advantage
Connect with your peers
communities.vmware.com
Find NSX Resources
vmware.com/products/nsx
Network Virtualization Blog
blogs.vmware.com/networkvirtualization
Where to Get Started
#NET3282BU CONFIDENTIAL
Dozens of Unique NSX Sessions
Spotlights, breakouts, quick talks & group discussions
Visit the VMware Booth
Product overview, use-case demos
Visit Technical Partner Booths
Integration demos – Infrastructure, security, operations,
visibility, and more
Meet the Experts
Join our Experts in an intimate roundtable discussion
Free Hands-on Labs
Test drive NSX yourself with expert-led or self-paces
hands-on labs
labs.hol.vmware.com
Training and Certification
Several paths to professional certifications. Learn
more at the Education & Certification Lounge.
vmware.com/go/nsxtraining
Engage and Learn Experience
Try Take
39
VMworld 2017 Content: Not fo
r publication or distri
bution