Manish Bhaskar, Ilan Koyshman, Anuj Jaiswal
MMC3112BU
#VMworld #MMC3112BU
Identify Application Security Vulnerabilities and Troubleshoot Network Issues Across AWS EC2 and vSphere VMs– Fox Media Story
VMworld 2017 Content: Not fo
r publication or distri
bution
• This presentation may contain product features that are currently under development.
• This overview of new technology represents no commitment from VMware to deliver these features in any generally available product.
• Features are subject to change, and must not be included in contracts, purchase orders, or sales agreements of any kind.
• Technical feasibility and market demand will affect final delivery.
• Pricing and packaging for any new technologies or features discussed or presented have not been determined.
Disclaimer
2#MMC3112BU CONFIDENTIAL
VMworld 2017 Content: Not fo
r publication or distri
bution
Agenda
1 VMware Cloud Services Overview
2 Network Insight Service Overview
3 Fox Media story
4 Demo
5 Q&A
3#MMC3112BU CONFIDENTIAL
VMworld 2017 Content: Not fo
r publication or distri
bution
Cloud Adoption
PUBLIC
CLOUD
ADOPTIO
N
50% of workloads will
be in the public
cloud by 2030
48% already using
multiple clouds
Source: Dimensional Research, Feb 2016
Organizations are now adopting multiple clouds at scale
4#MMC3112BU CONFIDENTIAL
VMworld 2017 Content: Not fo
r publication or distri
bution
VMware Cloud Services
VMworld 2017 Content: Not fo
r publication or distri
bution
VMware Cloud Services
Manage, Govern and Secure Public and Private Cloud Apps
7
Discovery
Cost Insight
NSX Cloud
Network Insight
AppDefense
Wavefront
ON PREMISES DATA CENTER
Visibility into apps and resources they consume. Analyze usage and utilization across clouds.
Accounting and cost optimization for multiple clouds. Track and analyze your costs and trends.
Secure networks with micro-segmentationCreate private networks within or across clouds.
Operational visibility, control, and compliance across clouds. Optimize performance, health, and availability.
Metrics-driven monitoring and real-time analytics.
Governance for running workloads.
#MMC3112BU CONFIDENTIAL
VMworld 2017 Content: Not fo
r publication or distri
bution
Network Insight Service
VMworld 2017 Content: Not fo
r publication or distri
bution
Virtual Network
Operations
Visibility and Trouble
ShootingSecurity and Planning
Visualize | Plan | Secure | Operate | Troubleshoot
9
Converged 360 Network
Visibility & Analytics
Ensure health and availability of
NSX deploymentsApplication Flow Analysis and
Micro-Segmentation
On-premises data center
• Analyze application behavior and dependencies
• Plan micro-segmentation
• Ensure security compliance
• Discover vSphere, NSX, AWS VPC, security groups, physical infra
• Troubleshoot network connectivity between VMs
• Change tracking with alerts
• Visualization, topology and health at scale
• Configuration deployment support and ensure best practices
• Quick NSX issue resolution
#MMC3112BU CONFIDENTIAL
VMworld 2017 Content: Not fo
r publication or distri
bution
Expansive Data Source Support
• VMware virtualization
• Public Clouds
• Firewall Infrastructure
• Physical Networking
• Converged Infrastructure
10#MMC3112BU CONFIDENTIAL
VMworld 2017 Content: Not fo
r publication or distri
bution
Data Collection Requirements
11
Private CloudData Collector
• Data Center to Cloud
communication (one way)
• Appliance installed as a
OVF
• One time secret key for
security
• AWS API access via
access/secret key
• VPC flow logs via log
group
Network Insight Service
#MMC3112BU CONFIDENTIAL
VMworld 2017 Content: Not fo
r publication or distri
bution
Fox Media Use Case
VMworld 2017 Content: Not fo
r publication or distri
bution
Fox Media Company
Fox
Global Mass Media company in 51+ countries
Create and distribute media content
Film, Television, Cable, News, Sports
• Global mass media company
– 51 countries
– 170 offices in 107 cities
– 91K+ networked devices
• Create and distribute media content
• Film, Television, Cable, News, Sports
13#MMC3112BU CONFIDENTIAL
VMworld 2017 Content: Not fo
r publication or distri
bution
Business Context
Fox
Global Mass Media company in 51+ countries
Create and distribute media content
Film, Television, Cable, News, Sports
Business Context–
• Over 6 Million active assets
• 7+ Petabytes of data
• 7000+ Active users in 85+ countries
• ~200,000 asset downloads monthly
• 10TB of new content being added daily
• Expanding infrastructure with new services
0
1,000,000
2,000,000
3,000,000
4,000,000
5,000,000
6,000,000
7,000,000
2002 2005 2008 2011 2014 2017
1+ Million
assets added
yearly
14#MMC3112BU CONFIDENTIAL
VMworld 2017 Content: Not fo
r publication or distri
bution
A Shift Towards SDDC and Hybrid Applications
• 2 primary Data Centers – Los Angeles and Las Vegas
• Hybrid cloud
– vSphere
– AWS & Azure … Extensions to Data Center
• 3+ Levels of firewall security –
– Public Cloud (Security groups)
– Physical
– Application layers and Micro segmentation using NSX
• Need to expand micro segmentation to all applications and hosting environment
Public Cloud East-West
North-South
DATA CENTER PERIMETER
Vision – 50%+
in Public Cloud
Today - 95% of
Applications
reside in vSphere
Today - 90%
East-West
Traffic
Growing North-
South Traffic
15#MMC3112BU CONFIDENTIAL
VMworld 2017 Content: Not fo
r publication or distri
bution
Multi-Cloud Architecture Overview
• Multi-cloud – Multi-Region availability
– vSphere Private Cloud – 3000+ VMs
– AWS EC2/PAAS/SAS – 300+ VMs and services
– Azure IAAS/SAS – 50+ VMs and services
– VMware on AWS – Future
• Asset availability closest to the customer
• Utilizing Micro-Segmentation security
– Enabling security for each Application and each VM/service
• Security, Monitoring and Visibility
16#MMC3112BU CONFIDENTIAL
VMworld 2017 Content: Not fo
r publication or distri
bution
Challenges
• Development teams are flying blind
– Lack of requirements for deployment of new services
(like ports and source/destination IP etc..)
– Ensure delivery Speed and Security?
• Too many tools !!, How do gain visibility to the network in a Single Pane of Glass
• How do we migrate services across clouds and secure them?
• Handling expanding infrastructure and adding new services
Fox
Global Mass Media company in 51+ countries
Create and distribute media content
Film, Television, Cable, News, Sports
17#MMC3112BU CONFIDENTIAL
VMworld 2017 Content: Not fo
r publication or distri
bution
Perspective on Network Insight & VMware Cloud Services
• Fits Fox strategy of “Cloud First”
• Assist with security creation for Micro-Segmentation in NSX and AWS/Security Groups
• Visibility of Private and Public cloud systems in a single view
• Ability to scale as Fox adds services
18#MMC3112BU CONFIDENTIAL
VMworld 2017 Content: Not fo
r publication or distri
bution
Demo
VMworld 2017 Content: Not fo
r publication or distri
bution
Request Access @ cloud.vmware.com
Visit Cloud.vmware.com
20#MMC3112BU CONFIDENTIAL
VMworld 2017 Content: Not fo
r publication or distri
bution
Sessions, Booth and Theatre Presentations forVMware Cloud Services
21
Session # Session Title Type Speakers
MMC1464QUHow to Use CloudFormations in vRealize Automation to Build Hybrid Applications That
Span and Reside On-Premises & on VMware Cloud on AWS and AWS Cloud Quick Talk Vijay Raghavan, Manu Prasanna
MMC1532BUUsing VMware NSX for Enhanced Networking and Security for AWS Native Workloads:
Part 2 Breakout Session Amol Tipnis, Percy Wadia
MMC2046BUUsing VMware NSX for Enhanced Networking and Security for AWS Native Workloads:
Part 1 Breakout Session Amol Tipnis, Percy Wadia
MMC2820BU Deploying Applications into AWS EC2 with VMware Cross-Cloud Services Breakout Session Bahubali Shetti, Dan Illson
MMC2877BUDeep Dive into Cost Insight: Understand, Analyze, and Optimize Your Cloud Expenses
(Cross-Cloud Service) Breakout Session Kumar Gaurav, Kameswaran Subramanian
MMC2884GULive Demo: Search driven log analytics SaaS for troubleshooting vSphere, VSAN and
NSX issues using machine learning algorithms Group Discussion Karl Fultz, Manish Bhaskar, Steven Flanders
MMC2888GU How We’ve Accelerated Innovation While Keeping Our Cloud Spending in Check Group Discussion Burt Toma
MMC3062BUMigrating applications to AWS ? Understand application, network and security
dependencies with Network Insight Service: Cardinal Health story and demo Breakout Session Sean O'Dell, Manish Bhaskar
MMC3066BUHow Do You Use Network Insights' SaaS to Secure Multitier Hybrid Apps Running on
vSphere, VMware Cloud on AWS, and AWS Native? Breakout Session Sean O'Dell, Anuj Jaiswal
MMC3074BU3 ways to use VMware’s new Cross-Cloud SaaS Services to efficiently run workloads
across AWS, Azure and vSphere: VMware and Customer technical session Breakout Session Jason Walker, Burt Toma
MMC3110PUHow IT Can Enable Development Teams to Build Apps on AWS, Azure, and VMware
Without Compromising on Costs and Security Panel Discussion Mark Leake, Ben Mitchell
#MMC3112BU CONFIDENTIAL
VMworld 2017 Content: Not fo
r publication or distri
bution
VMworld 2017 Content: Not fo
r publication or distri
bution
VMworld 2017 Content: Not fo
r publication or distri
bution