© 2014 VMware Inc. All rights reserved.

Bringing Network Virtualization to VMware environments with NSX

Dan Watson Senior Systems Engineer

$1,8005 days + 2 minutes

$3002 minutes

$10,00010 weeks

Enterprise storage

VLAN networks

Firewall, load-balancer

IDS, security, monitoring

Availability

+

Past, Present…

2 minutes + 5 days 3 minutes

Software Defined Data Center (SDDC)

Software Defined Data Center (SDDC)

Software-defined Datacenter Services

and Future

Server Virtualization Causes Networking Challenges

Physical Server

VM VM VM VMVirtual Machines Hypervisor Decouples VMs fromPhysical Servers

+ Operational Simplicity+ Operational Speed + Mobility+ Hardware Efficiency

IP AddressVLANACLsFirewallQoSL3…

Physical Network Challenges

• Provisioning is slow• Placement is limited• Mobility is limited• Hardware dependent• Operationally intensive

Network Virtualization…

1. Decouples

Physical

Virtual

2. Reproduces 3. Automates

NetworkOperations

Cloud Operations

Hardwareindependence

Operational benefits of virtualization

No change to networkfrom end host perspective

Virtual

Physical

What is a Network Hypervisor?

General Purpose Server Hardware(Dell, HP, IBM, Quanta,…)

Server Hypervisor

Requirement: x86

Virtual Machine

Virtual Machine

Virtual Machine

Application Application Application

x86 Environment

Decoupled

Hardware

Software

General Purpose IP Hardware(Arista, Cisco, HP, Juniper, Cumulus,…)

Network HypervisorRequirement: IP Transport

Virtual Network

Virtual Network

Virtual Network

Workload Workload Workload

L2, L3, L4-7 Network Services

Virtualize the Network

Decouple

AnyHardwarePlatform

Network Virtualisation Layer

Network VirtualizationDecouples and reproduces the network model

Network HypervisorDecoupled

Physical Network(Arista, Cisco, HP, Juniper, Cumulus,…)

Workload Workload Workload

L2

L2

L3

Virtual Network

Workload Workload Workload

Virtual Network

L2

WAN

Subnet A Subnet B Subnet C

A Virtual Network?

No Change to Workloads

Programmatically Provisioned

Services Distributed to the Virtual Switch

Physical Workloads and Legacy VLANs

Central Policies, Distributed Enforcement, Move wit h VMs

Internet

Security PolicySecurity Policy

- Reduce Choke Point Security- Centrally Define Policies, Distribute Rule Enforcement for Segmentation- Security Policies Move with VMs- Changes to central policies automatically distributed to affected VMs

The Power of Distribution – Routing

The Power of Distribution – Firewalling

Service Consumption Using NSX Service Composer

• NSX Service Composer unifies and integrates service consumption across NSX native and 3rd party services

NSX operational model now extended to partner services

Security Challenges: No orchestration between solutions

Datacenter

Internet

AV

IPS

Firewall

Data Sec

Vuln. Mgmt

Content Filtering

NSX Service Composer

Security services can now be consumed more efficiently in the software-defined data center.

Apply.

Apply and visualize security policies for

workloads, in one place.

Automate.

Automate workflows across different

services, without custom integration.

Provision.

Provision and monitor uptime of different services, using one

method.

How to Secure Applications with NSX Logical Containers

VM

VM

VM VM

VMVM

VM

VM

VMVM

VM

VM

VM

VM

VM VM VM

VMVMVMVM

VM VM

VM VM VM

VM

VM

VM

VM

VM

VM

VM VM

VMVM

VM

VM

VMVM

VM

VM

VM

VM

VM VM VM

VMVMVMVM

VM VM

VM VM VM

VM

VM

VM

VM

Simplify application management boundaries

NSX Service Composer UI

NSX Service Composer: Apply.

Extending with 3 rd party security solutions

External Network

vSwitchvSwitch

Guest VMIDS/IPS

DFWDFW

NGFW

NSX Manager Panorama NSM

Cloud admin view: Consuming security services

+ NGFW

Q&A