matteo marini senior systems engineermatteo marini – senior systems engineer securing and...
TRANSCRIPT
© 2009 VMware Inc. All rights reserved
Matteo Marini – Senior Systems Engineer
Securing and Protecting the Software Defined
Data Center – Better than physical!
2
First…Lets SECURE the Software
Defined Data Center
vCloud Networking and Security
3
Security and Compliance are Key Concerns On Cloud Migrations
Q.What are the top challenges or barriers to
implementing a cloud computing strategy?
Source: 2012 IDG Cloud Computing Study. January 2012
4
Storage/ Availability Servers Networking Security Management/
Monitoring
2008 2012 FUTURE
SOFTWARE-DEFINED DATACENTER SERVICES
WEEKS
DAYS/
HOURS
MINUTES/
SECONDS
But Why Does It Still Take So Long To Deploy?
5
Compute Virtualization Abstraction Layer
The Network is a Barrier to Software Defined Data Center
Physical Infrastructure
• Provisioning is slow
• Placement is limited
• Mobility is limited
• Hardware dependent
• Operationally intensive
Software Defined Data Center One
6
The Solution – Virtualize the Network
Physical Infrastructure
Compute Virtualization Abstraction Layer
• Programmatic provisioning
• Place any workload anywhere
• Move any workload anywhere
• Decoupled from hardware
• Operationally efficient
Network Virtualization Abstraction Layer
Software Defined Data Center One
• Provisioning is slow
• Placement is limited
• Mobility is limited
• Hardware dependent
• Operationally intensive
7
So, What is Network Virtualization?
Physical Compute & Memory
(Dell, HP, IBM, Quanta,…)
Server Hypervisor
Requirement: x86
Virtual
Machine
Virtual
Machine
Virtual
Machine
Application Application Application
x86 Environment
Physical Network
(Arista, Cisco, HP, Juniper, Cumulus,…)
Network Virtualization Platform
Requirement: IP Transport
Virtual
Network
Virtual
Network
Virtual
Network
Workload Workload Workload
L2, L3, L4-7 Network Services
Decoupled
8
3rd p
arty
serv
ices
Key Components of vCloud Networking and Security
VMware Networking & Security
vSphere
Edge gateway: Secure the
edge of the virtual datacenter
and provide gateway services
App: Isolate and protect
applications and Virtual
Machines
VXLAN: Foundation for
elastic portable virtual
datacenters
Data Security: Protect
against data leaks
vCloud Ecosystem
Framework: Integrate 3rd
party services
vShield Manager: Seamless
integration with datacenter
management via plugin
Integrated Management with vCenter/vCD
VDC 1 VDC 2
9
vSphere
Top Use Cases
VMware Networking & Security
Integrated Management with vCenter/vCD
3rd p
arty
serv
ices
VDC 1 VDC 2
Isolate critical servers
Implement compliance controls
Protect Business Critical Apps
Provide security and load balancing
Tight integration with vCD
Insert 3rd party solutions
Create Virtual Private Clouds
Secure View (VDI) Desktops
Limit internal network access by
VDI users
Protect sensitive data on VDI
desktops
VXLAN supports flexible workload
placement
Maximize server utilization
Datacenter Networking
10
vShield Endpoint Migrates into vSphere, Not vCNS
*All editions and kits with the exception of Essentials
vShield Endpoint license Included in
vSphere 5.1*. NOT part of vCNS
More antivirus (AV) partners
Partner enablement beyond AV – file
integrity monitoring, vulnerability
management, white listing and more
Features
Higher consolidation ratios
Extend endpoint security to ALL
workloads in virtual data center
More choices in endpoint security
Benefits
12 Confidential
Third-Party Networking and Security Service Integration
Management and Context
VDC 3 VDC 2 VDC 1
Inside Virtual
Server
Access into the
workloads.
Eliminate agents
Edge of Virtual
Server
Access to network
data into/out of the
workload.
Isolate & Protect
Critical Apps
Edge of Virtual
Network
Access to network
data into/out of the
Virtual Datacenter.
Insert Edge Services
Three Integration Points for Security and Networking
13
Fully Extensible Network & Security 3rd Party Service Insertion
Security Services Network Services
VMware vShield Manager(VSM)
vCloud Ecosystem Framework
IDS
IPS
NGFW
VPN
SLB ADC
WOC
Hypervisor level Insertion for 3rd party
services
Automation via configuration
templates
Integration with vCenter/vCloud
Director management
Features
Flexibility to insert physical or virtual
services into the virtual network
Broad ecosystem of networking and
security partner solutions
Operational efficiency gains with
single pane of glass management and
automation.
Benefits
14 Confidential
Two Ways of Purchasing vCloud Networking and Security
vCloud Networking
and Security
Licensing
Options
Licensing
Metric What is included with each license?
Stand-Alone Per VM Available in two editions – vCloud Networking
and Security Standard and Advanced
vCloud Suites Per Processor
vCloud Networking and Security Standard
included in vCloud Standard
vCloud Networking and Security Advanced
included in vCloud Advanced and vCloud
Enterprise
15
In Summary, vCNS …..
Delivers the leading software-defined networking
and security solution
Virtualizes networking and security to create on-
demand domains, isolate workloads, and
implement compliance controls
Increases operational efficiency and improves
utilization
Simplifies operations and enables IT agility to
drive business agility
Brings the most extensible platform and broadest
set of ecosystem partners
16
Now…We Want to PROTECT the
Software Defined Data Center
vSphere Site Recovery Manager
17
43% of companies experiencing
disasters never re-open, and 29% close
within two years. (McGladrey and Pullen)
93% of business that lost their data
center for 10 days went bankrupt within
one year. (National Archives & Records Administration)
Top executives say 10 hours to recovery;
IT managers say up to 30 hours. (Harris Interactive)
Disasters Happen. Do You Need Protection?
18
BC/DR Is At The Top Of IT And Data Center Initiatives
Improving BCDR capabilities
is a key priority:
• #1 for SMBs
• #2 for Enterprises
BCDR is #1 driver for
virtualization:
• 46% of our customers
reported “Use virtualization
to improve BCDR” in their
top 5 objectives for
virtualization
Source: Forrester
19
vCenter Site Recovery Manager
Simple, reliable disaster protection
and site migration for all applications
VMware vSphere
VMware
vCenter Server
Site Recovery
Manager
VMware
vCenter Server
Site Recovery
Manager
VMware vSphere
Site A (Primary) Site B (Recovery)
Servers Servers
Overview
Benefits
Cost efficient replication solution
Automate and simplify failover and
migration processes
New plan setup reduced from weeks
to minutes
Enable frequent non-disruptive
testing
Site to site replication built into
vSphere
Replace manual runbooks with
centralized recovery plans
Broad support for storage-based
replication
20 Confidential
SRM Simplifies Setup And Management of Recovery Plans
Weeks or months to set up
Error-prone
Quickly falls out of sync with apps and infrastructure changes
Simple recovery plan set up in minutes
Fewer steps means far less room for errors
Simple to keep in sync with changes
…to Simple Recovery Plans From Complex Runbooks…
21
SRM Maturity and Reliability
SRM 1.0 GA’d Q2 2008
End of 2012 > 10,000 customers worldwide
End of 2012 > 1M protected VMs
vSphere Replication accelerated customer aquistions > 50%
“2012 WindowsIT Pro Community Choice Award – Best HA
Product”
“2013 Virtualization Review Readers Choice Award Winner –
Business Continuity”
22
SRM Workflows
Failover Automation
• User defined recovery plan
• Minimize errors
Non-disruptive Failover Testing
• Isolated test environment
• Increase confidence in DR process
Planned Migration
• Zero data loss
• Operational migration
Failback Automation
• Re-protect VM’s, migrate back
23
SRM - Replication Options
SRM can utilize BOTH array
based AND vSphere Replication
SRM will “see” existing
standalone vSphere Replication
protected VMs
SRM can install vSphere
Replication from scratch if
needed
Hub LUN 2
Web
Multi-tier App
DB
App
vSphere Replication
Storage-based Replication
LUN 1
Web
DB
App
Multi-tier App
24
Replication Software
VMFS VMFS
Replication Software
VMFS VMFS
SRM Required Components
“Protected” Site “Recovery” Site
Storage Storage
vSphere Client
vSphere Replication
SRM Server
SRM Plug-in
SRM Server vCenter Server
ESX ESX
SRA SRA
Array Replication
ESX ESX
vCenter Server
25
Packaging
SRM Licensing
Options
Licensing
Metric What is included with each license?
A-la-carte Per VM
• SRM only (available in two editions – Standard,
Advanced)
• Entitlement to use SRM to protect a certain
number of VMs running on separately licensed
vSphere or vCloud Suite processors
With vCloud Suite
Enterprise Per Processor
• Access to vSphere, SRM and all the other
components of VMware vCloud Suite Enterprise
• Entitlement to run full SRM functionality for
unlimited number of VMs on each properly
licensed processor
26
VMware Offers Low-cost Disaster Recovery Solutions for SMBs
vSphere Essentials Plus
or
vSphere Acceleration Kits
Site Recovery Manager
(a-la-carte editions – Standard, Enterprise)
DR to the Cloud SRM-based service from VMware SP
Multi-Site
Production & DR
1 2
Site B
Site A
VMwre SP
Single Site
Production & DR
to the Cloud
Overview
Benefits
vSphere and SRM 5.1 new capabilities drastically
lower cost and complexity of BCDR:
New! vSphere Storage Appliance and vSphere
Replication included in Ess+ and AKs
New! vSphere Data Protection for backup to disk
with dedup included in Ess + and AKs
New! SRM 5.1 adds support for vSphere Ess +
New! SRM-based DR to the Cloud Services
offered by VMware partners
Run apps on leading virtualization platform
Improve app uptime with built-in features, like
vMotion, HA, FT, Storage vMotion
Reduce cost eliminating need for external shared
storage and third-party replication and backup
Automate failover and DR testing with SRM
Eliminate the cost of a secondary site (SRM-
based DR to the Cloud services)
FusionStorm, Hosting.com, iland,
VeriStor, Terremark, SunGard
27
Thank you