NET1846 Introduction to NSX Milin Desai, VMware, Inc Kausum Kumar, VMware, Inc Disclaimer • This presentation may contain product features that are currently under development. • This overview of new technology represents no commitment from VMware to deliver these features in any generally available product. • Features are subject to change, and must not be included in contracts, purchase orders, or sales agreements of any kind. • Technical feasibility and market demand will affect final delivery. • Pricing and packaging for any new technologies or features discussed or presented have not been determined. CONFIDENTIAL 2 Agenda 1 Intro to NSX 2 NSX Momentum 3 NSX Use Cases 4 What’s New in NSX 2014 5 NSX Operations 6 In closing CONFIDENTIAL 3 Agenda 1 Intro to NSX 2 NSX Momentum 3 NSX Use Cases 4 What’s New in NSX 2014 5 NSX Operations 6 In closing CONFIDENTIAL 4 The Anatomy of the Most Agile and Efficient Data Centers is SDDC Google / Facebook / Amazon Data Centers Custom Application Software / Hardware Abstraction Custom Platform Software / Hardware Abstraction Any x86 Any Storage Any IP network CONFIDENTIAL 5 The Choice for “New IT” for “All Applications” Google / Facebook / Amazon Data Centers Custom Application Software / Hardware Abstraction Custom Platform Software / Hardware Abstraction Software Defined Data Center (SDDC) Any Application SDDC Platform With NSX Any x86 Any x86 Any Storage Any Storage Any IP network Any IP network CONFIDENTIAL 6 Provides A Faithful Reproduction of Network & Security Services in Software Switching Routing Load Balancing VPN Data Security Connectivity to Physical Networks Management APIs, UI Policies, Groups, Tags Firewalling Activity Monitoring CONFIDENTIAL 7 Enables Dynamic creation of complex application topologies in minutes Network and Security Virtualization with NSX Software Hardware CONFIDENTIAL 8 NSX Components Cloud Consumption • • Self Service Portal vCloud Automation Center, OpenStack, Custom CMS • • Single configuration portal REST API entry-point • • • Manages Logical networks Control-Plane Protocol Separation of Control and Data Plane • • High – Performance Data Plane Scale-out Distributed Forwarding Model NSX Manager Management Plane NSX Controller Control Plane Distributed Services NSX Edge Data Plane Logical Switch ESXi Distributed Logical Router Firewall Hypervisor Kernel Modules CONFIDENTIAL 9 NSX in a 3-Tier App Deployment NSX Manager NSX Controller Cluster vCenter Hypervisor Hypervisor Host 1 Host 2 Management Cluster Web App Web App DB Web Hypervisor Hypervisor Hypervisor Hypervisor Hypervisor Host 3 Host 4 Host 5 Host 6 Host 7 Compute Clusters Edge Cluster CONFIDENTIAL 10 Agenda 1 Intro to NSX 2 NSX Momentum 3 NSX Use Cases 4 What’s New in NSX 2014 5 NSX Operations 6 In closing CONFIDENTIAL 11 NET 1214 Certified Network Virtualization Expert Certified Network Virtualization Professional Certification Training VMware NSX Training & Certification: Making SDE Real in 2014 Career Path Certifications & Training Programs CONFIDENTIAL 12 NSX Training and Certification Portfolio • Training Courses (www.vmware.com/go/NSXtraining) – VMware NSX Install, Configure, Manage – VMware NSX Fast Track for Internetworking Experts (coming) – VMware NSX Design and Deploy (coming) • Certifications (www.vmware.com/certification) – VMware Certified Professional – Network Virtualization (VCP-NV) – VMware Certified Implementation Expert – Network Virtualization (VCIX-NV) – VMware Certified Design Expert – Network Virtualization (VCDX-NV) CONFIDENTIAL 13 NET 1589 Designing with NSX NSX Partner Whitepaper NSX Partner Reference Design SDDC Validated Guides NSX Design Guides NET 2318 NSX Hardening Guide Reference Designs and Technical Papers on the NSX Portal: http://www.vmware.com/products/nsx/resources.html Reference Designs & Technical Papers on VMware Communities: CONFIDENTIAL https://communities.vmware.com/docs 14 NET 2225 New Service Categories and Partners NSX Partner Extensions Physical-to-Virtual Services Operations and Visibility Application Delivery Services Security Services CONFIDENTIAL 15 NET 2225 New Service Categories and Partners – GA Q32014 NSX Partner Extensions Physical-to-Virtual Services Operations and Visibility Application Delivery Services Security Services CONFIDENTIAL 16 VMware NSX Momentum: Over 150 Customers top investment banks enterprises & service providers CONFIDENTIAL 17 Agenda 1 Intro to NSX 2 NSX Momentum 3 NSX Use Cases 4 What’s New in NSX 2014 5 NSX Operations 6 In closing CONFIDENTIAL 18 VMware NSX – Use Cases Self-Service IT Data Center Automation Public Clouds Dev X Test X Acquisition A Dev A Examples Examples Examples DevOps Cloud On-boarding M&A Micro-segmentation of App Simplifying Compute Silos DMZ Deployments XaaS Clouds Vertical Clouds Key Capabilities Key Capabilities Key Capabilities Application specific networking Flexible IP Address Mgmt Simplified consumption Programmatic Consumption Full featured stack Visibility and ops Multi-tenant Deployment Programmatic L2, L3, Security Overlapping IP Addressing Any Hypervisor, Any CMP CONFIDENTIAL 19 Consumer Experience vs. Corporate Experience CONFIDENTIAL 20 Enterprise Business Leaders Want their IT to be like Amazon Hybrid New IT or No IT Outsourced CONFIDENTIAL 21 Today’s app, PAAS, Containers ---- I want it all NOW Multi-Tier App, Multiple Networks WEB Multi-Tier App, Single Flat Network WEB APP DATABASE APP DATABASE CONFIDENTIAL 22 Consumption NSX Integrates with Cloud Automation Systems to Deliver Applications with Network and Security in Minutes MGMT 1969 NET 2379 Any CONFIDENTIAL 23 Self Service IT journey End user instantiates dynamic topologies End user drives any topology Cloud Consumer End user drops apps in pre-created instances Provider Provider Provider delivers guard rails Provider delivers Templates for Dynamic Instantiation Provider delivers Pre-Created instances CONFIDENTIAL 24 VMware NSX –Use Cases Self-Service IT Data Center Automation Public Clouds Dev X Test X Acquisition A Dev A Examples Examples Examples DevOps Cloud On-boarding M&A Micro-segmentation of App Simplifying Compute Silos DMZ Deployments XaaS Clouds Vertical Clouds Key Capabilities Key Capabilities Key Capabilities Application specific networking Flexible IP Address Mgmt Simplified consumption Programmatic Consumption Full featured stack Visibility and ops Multi-tenant Deployment Programmatic L2, L3, Security Overlapping IP Addressing Any Hypervisor, Any CMP CONFIDENTIAL 25 SEC 1959-S Problem: Data Center Network Security Perimeter-centric network security has proven insufficient, and micro-segmentation is operationally infeasible Internet Internet Little or no lateral controls inside perimeter Insufficient Operationally Infeasible CONFIDENTIAL 26 NSX: Enabling a Needed Control Point in the Datacenter for Security An NSX platform is made up of distributed elements embedded in each hypervisor, SEC 1746 enabling each VM/app to have its own security policy Security closest to the applications and aligned with application lifecycle. CONFIDENTIAL 27 SEC 1958 Security Partner Integrations NET 2225 Partner Ecosystem Next-generation IPS Malware Protection Granular protection of individual VM workloads with customizable policy definitions Data Center security with agentless anti-malware and guest network threat protection Automation of advanced malware interception Unified management for physical and virtual sensors Real-time, dynamic threat protection and response for workloads moving between hosts and virtual data centers Vulnerability Management Next-Generation Firewall File and Malware Protection Automatic vulnerability risk assessment Multiple threat prevention disciplines including firewall, IPS, and antimalware Single virtual appliance provides agentless: Auto segmentation of risky assets Safe application enablement with continuous content inspection for all threats Vulnerability and software scanning Vulnerability prioritization for effective remediation Granular user-based controls for apps, content, users, NSX is the platform for integrating advanced security services. Data Center wide real- time risk visibility Anti-malware with URL filtering Detection of file changes Intrusion Detection & Prevention CONFIDENTIAL 28 NSX Micro-Segmentation Journey Deployed Applications on Physical Networks Apply NSX Security Full network and security virtualization New Deployments/ Deployed applications CONFIDENTIAL 29 Demo Demo Agenda 1 Intro to NSX 2 NSX Momentum 3 NSX Use Cases 4 What’s New in NSX 2014 5 NSX Operations 6 In closing CONFIDENTIAL 32 Data Plane Services Operations Consumption NSX – The Network Virtualization Platform: What’s New NSX Edge Active-Active with Scale-Out (ECMP) Physical Device Integration Open Virtual Switch Flow optimization, multi-threading, Hyper-V (alpha) CONFIDENTIAL 33 Data Plane Services Operations Consumption NSX – The Network Virtualization Platform: What’s New Distributed Firewall Operations Improvements Multi-Site & Hybrid Cloud Enablement Layer 2 VPN , Active-Active DC, SRM Validation Firewall Ecosystem Enablement LBaaS UDP support, ecosystem enablement DDI DHCP Relay CONFIDENTIAL 34 Operations Consumption NSX – The Network Virtualization Platform: What’s New Operations Guides & Best Practices Integration with Existing Tools Riverbed, Gigamon, NetScout, EMC Smarts New NSX Partners & Service Categories Physical-to-Virtual Services Operations & Visibility Application Delivery Services Security Services Services Analytics VMware vCenter Ops, Log Insight Firewall Operations Data Plane Tufin, Algosec CONFIDENTIAL 35 vCloud Automation Center OpenStack Juno More topologies and on demand use cases Control plane scale & Docker integration Data Plane Services Operations Consumption NSX – The Network Virtualization Platform: What’s New CONFIDENTIAL 36 Services Data Plane • • • • • Operations Guides & Best Practices Integrations with existing tools Analytics, Firewall Ops • • • Distributed Firewall Operations LBaaS: UDP support DDI: DHCP relay • • • Continue advancements of Open Virtual Switch NSX Edge: A-A with scale-out Physical device integration VMware vCloud Automation Center OpenStack Juno • New NSX Partners & Service Categories • Multi-site and hybrid enablement CONFIDENTIAL Partner Integration Operations Consumption NSX – The Network Virtualization Platform: What’s New 37 Agenda 1 Intro to NSX 2 NSX Momentum 3 NSX Use Cases 4 What’s New in NSX 2014 5 NSX Operations 6 In closing CONFIDENTIAL 38 Operationalizing NSX NET 1966 NSX Operations – Beyond Packet Visibility Native NSX Ops for the Cloud Admins • Flow monitoring • Server access monitoring • Tunnel healthcheck Enable Existing Tools for the Network Operator • • • • SPAN/RSPAN Netflow/IPFIX LLDP Syslog Integration SDDC Operator Enable Advanced Analytics Plug into Existing Network Monitoring Systems CONFIDENTIAL 40 Operations Consumption NSX – The Network Virtualization Platform: What’s New Operations Guides & Best Practices Integration with Existing Tools Riverbed, Gigamon, NetScout, EMC Smarts New NSX Partners & Service Categories Physical-to-Virtual Services Operations & Visibility Application Delivery Services Security Services Services Analytics VMware vCenter Ops, Log Insight Firewall Operations Data Plane Tufin, Algosec CONFIDENTIAL 41 Demo Demo Integrating with Physical NSX with physical workloads Physical Workloads x86-based bridge VXLAN VLAN Leverages x86 server Physical Workloads HW VTEP VXLAN VLAN Highest density but requires specific hardware CONFIDENTIAL 45 NSX with physical workloads x86 based bridging Ecosystem with OVSDB Native NSX support for containers CONFIDENTIAL 46 NSX Performance NET 1883 Send Throughput in Gbps NSX Performance delivered by a Distributed, Scale-out Architecture 20 10 5 0 Logical Switching Send Throughput in Gbps 64 512 1500 32k TCP Message Size 5 0 1500 5 0 512 1500 32k 64k TCP Message Size Firewalling 512 Logical Routing 64 15 64 10 64k 20 10 15 TCP Send throughput in Gbps 15 Send throughput in Gbps 20 32k TCP Messge Size 64k 10 Bridging 5 0 64 512 1500 32k 64k TCP Message Size CONFIDENTIAL 48 Agenda 1 Intro to NSX 2 NSX Momentum 3 NSX Use Cases 4 What’s New in NSX 2014 5 NSX Operations 6 In closing CONFIDENTIAL 49 Services How an end user consumes NSX services via a Cloud Management Platform. The operator interacts Any with the system through UI or API. Partner extensions NSX operator uses tools (built-in and 3rd party) for troubleshooting, visibility vCOPs Hardware partner extensions NSX logical services and 3rd party extensions for networking and security (ex. Logical switch , Logical router, Firewall, Load Balancer, VPN, DDI) L2 Switch Data Plane Management, Control Software & Datapartner planeextensions integration of 3rd party services Partner Partner Integration Integration Operations Operations Consumption Consumption NSX – The Network Virtualization Platform vSphere Firewall L3 Router NSX Edge Load Balancer 3rd Party GW KVM VPN XenServer DDI Hyper-V Provides workload connectivity & services processing (ex. hypervisors, physical switches and appliances) CONFIDENTIAL 50 SDDC Approach with NSX Enables Choice and Flexibility Today’s Application PAAS 2-Tier / 3-Tier Build Your Own Converged Systems < Any Application > < Any Network > < Any Infrastructure > Containers ... Leaf / Spine HyperConverged Systems CONFIDENTIAL ... Thank You What’s Next… Play VMware NSX Hands-on Labs labs.hol.vmware.com VMware Booth #1229 3 NSX Demo Stations Learn Explore, Engage, Evolve virtualizeyournetwork.com Network Virtualization Blog blogs.vmware.com/networkvirtualization Deploy NSX Technical Resources Reference Designs vmware.com/products/nsx/resources NSX Product Page vmware.com/go/nsx VMware NSX YouTube Channel youtube.com/user/vmwarensx NSX Training & Certification www.vmware.com/go/NVtraining VMware NSX Community communities.vmware.com/community/vmtn/nsx CONFIDENTIAL 53 Business Solution • NET1214 NSX Certification – the Next Step in your Networking Career • NET1745 The Case for Network Virtualization: Customer Case Study • NET1786 The Business Case for Network Virtualization • NET2293 Bridging Enterprise Networks to Hybrid Cloud Using NSX Hands-on Labs • SDC-1402 vSphere Distributed Switch from A to Z • SDC-1403 Introduction to VMware NSX • SDC-1420 OpenStack with VMware vSphere and NSX • SDC-1423 vCloud Suite Basic Networking • SDC-1424 VMware NSX and SDDC • SDC-1425 VMware NSX Advanced CONFIDENTIAL 54 Technical Track - Networking • NET1846 Introduction to NSX • NET1743 VMware NSX – A Technical Deep Dive • NET1957 NFV for Telco Infrastructure • NET1468 A Tale of Two Perspectives: IT Operations with VMware NSX • NET1586 Advanced Network Services with NSX • NET1560 The NSX Guide to Horizon View • NET1883 NSX Performance Overview • NET1588 Load Balancer as a Service, using NSX or Partner Solutions • NET1401 vSphere Distributed Switch Best Practices for NSX • NET2318 Scale-Out NSX Deployments: With VMware-powered SDDC • NET1581 Reference Design for SDDC with NSX for Multi-Hypervisors • NET2379 Dynamically Configuring Application Specific Network Services for vCAC &NSX • NET2225 NSX Platform: Enabling 3rd Party Network & Security Solutions CONFIDENTIAL 55 Advanced Technical Track - Networking • NET1949 VMware NSX for Docker, Containers & More • NET1589 Reference Design for SDDC with NSX & vSphere • NET1583 NSX for vSphere Logical Routing Deep Dive • NET1974 Multi-Site Data Center Solutions with VMware NSX • NET1674 Advanced Topics & Future Directions in Network Virtualization with NSX • NET1966 Operational Best Practices for VMware NSX • NET1592 Under the Hood: Network Virtualization with OpenStack Neutron & VMware NSX Group Discussions - Networking • NET3441-GD vSphere Distributed Switch • NET3442-GD vCAC and NSX • NET3443-GD NSX Routing Design Best Practices • NET3445-GD NSX Multi Site Deployments • NET3444-GD NSX Network Services CONFIDENTIAL 56 Technical Track - Security • SEC1196 Who Can You Trust? Strategies & Designs for Implementing Zero-Trust Model Leveraging NSX • SEC2238 Security & Micro-Segmentation for the SDDC • SEC1959-S The “Goldilocks Zone” for Security • SEC1958 Automating Security Policy Enforcement with VMware NSX • SEC1698 Optimize Security with Context & Isolation using NSX Guest Introspection • SEC2567 Unleashing Collaborative Security with VMware NSX – Advanced Defense for Advanced Threats Advanced Technical Track - Security • SEC2421 VMware NSX Security Operations Best Practices • SEC1746 NSX Distributed Firewall Deep Dive Group Discussions - Security • SEC3446-GD Security & Micro-segmentation • SEC3449-GD Security Policy Automation using NSX Service Composer • SEC3448-GD NSX Platform Extensibility • SEC3447-GD Compliance Reference Architecture CONFIDENTIAL 57 Technical Track – Management • MGT1833 How to Perform Troubleshooting and Root Cause Analysis Using Log Insight • MGT1878 Deep Dive into How vCenter Operations Simplifies NSX Operations • MGT1969 vCloud Automation Center and NSX Integration Technical Deep Dive CONFIDENTIAL 58 Fill out a survey Every completed survey is entered into a drawing for a $25 VMware company store gift certificate NET1846 Introduction to NSX Milin Desai, VMware, Inc
