nsx and vrni - carahsoft
TRANSCRIPT
© 2014 VMware Inc. All rights reserved.
NSX and vRNI
Ethan Palmer VMware Technical Specialist
VCP5-DCV, VCP6-NV
703-230-7542
Partner Enablement Day – Technical Track
Confidential & Proprietary
2Confidential │ ©2018 VMware, Inc.
The Data Center Networking ChallengeThere Has Been a Lot of Innovation and Virtualization in the Data Center
Except for one area…
Compute Storage Networking
3Confidential │ ©2018 VMware, Inc.
The Data Center Networking ChallengeThe Lack of Networking Virtualization is Holding Back Your Ability to…
Keep up with the pace of business
Secure your data centers
Control cost
Compute Storage Networking
4Confidential │ ©2018 VMware, Inc.
Public clouds solve some of the limitations of data centers, but they can also introduce new networking and security challenges:
• Multiple clouds
• Inconsistent tools and policies
• Different skillsets
The Emerging Cloud Networking Challenge
5Confidential │ ©2018 VMware, Inc.
Driving Value With Our NSX Partner Ecosystem
Compute
Infrastructure
Network
Infrastructure
Networking
& Security Services
Orchestration
& Management
Platforms
Operations &
Visibility
vRealize Automation
vCloud Director
vRealize OrchestratorVIO
vSANReady Node
6Confidential │ ©2018 VMware, Inc.
Network Virtualization Solves These ProblemsAbstracting Networking and Security From the Underling Infrastructure
IoTCloudData Center Branch Office
7Confidential │ ©2018 VMware, Inc.
Identity
Apps and Data
Policy ScalabilityAnalytics and Insights
Secure Connectivity Availability
Users
Private Data Centers
VMs, Containers, Microservices
Branch Offices
Public Clouds
Telco Networks
Things
Consistent networking and
security across the
business fabric
Powering
the Virtual Cloud
Network
with NSX
8Confidential │ ©2018 VMware, Inc.
Ready for the future
Reinvent Wide Area
Networking (WAN)
Reinvent security
Expand the network
Value from the network
Rethink networking
Software-Defined Data Center
Nicira
Insights
Automation
Multi-Cloud andMulti-Hypervisor
App Security
Connectivity and Hybridity
Network Virtualization
NSX
Network Insight (Arkin)
vRealize Automation
NSX-T
AppDefense
Micro-Segmentation
vSphere Distributed Switch
NSX SD-WAN by VeloCloud
NSX Hybrid Connect
Container Frameworks
Pivotal Container Service (PKS)
Public Cloud AWS, IBM and Azure
Virtual Cloud Network
VMware Advancing
Business Transformation
with Networking and
Security in Software
9Confidential │ ©2018 VMware, Inc.
NETWORKING AND SECURITY MANAGEMENT AND AUTOMATION
vRealize AutomationEnd-to-end workload automation
Network InsightNetwork discovery and insights
Cloud-Based Management Workflow Automation Blueprints / Templates Insights / Discovery Visibility
NETWORK AND SECURITY VIRTUALIZATION
AppDefenseModern application
security
NSX SD-WAN
by VeloCloudWAN connectivity
services
NSX Hybrid ConnectData center and cloud
workload migration
NSX Data CenterNetworking and security
for all workloads
NSX CloudCloud-native
network services
Security Integration Extensibility Automation Elasticity
NEW NEWNEWNEW
VMware NSX as the Foundation for the Virtual Cloud Network
Confidential │ ©2018 VMware, Inc.
End-to-end Visibility and Operational Control
Consistent security across
clouds
Precise control over cloud
networking
Define a policy once, then
apply anywhere
Granular enforcement of
application workloads
NSX works alongside native
public cloud services
End-to-end visibility and
operational control
Dramatically Improve Monitoring, Troubleshooting, and Audits
AWS AzureFuture Public
CloudsPrivate Cloud
Visibility across your
clouds
Visibility
Performance
Security Consume with your existing
tools
Data Center Cloud
NSX
11Confidential │ ©2018 VMware, Inc.
How does VMware NSX Data Center deliver on the promise of network virtualization?
12Confidential │ ©2018 VMware, Inc.
Hypervisor
NSX Data Center Value Proposition
vSwitch
Hypervisor
vSwitch
Network, Storage, Compute
Virtualization Layer
13Confidential │ ©2018 VMware, Inc.
NSX Data Center Value Proposition
Network and Security Services
• Run in-hypervisor (on-prem)
• Run as a Service (public cloud)
• Hardware/cloud independentHypervisor
vSwitch
14Confidential │ ©2018 VMware, Inc.
NSX Data Center Value Proposition
Hypervisor
vSwitch
Network, Storage, Compute
NSX Platform
Virtualization Layer
Workloads
15Confidential │ ©2018 VMware, Inc.
Key NSX Data Center Use-cases
Security Automation Multi-Cloud Networking
16Confidential │ ©2018 VMware, Inc.
IT Automating IT
Developer Cloud
Multi-tenant Infrastructure
Benefits
• Accelerate
workload deployment
• Avoid risk from
human errors
• Compliance and
auditability
AutomationRapid and Repeatable Deployments With Automated Networking
and Security
Cloud Management
Platform
IT vRealize Automation
Blueprint
Infrastructure
Templates
Developer API
03
Multi-cloud Networking
02
Automation
01
Security
17Confidential │ ©2018 VMware, Inc.
Multi-cloud NetworkingConsistent Networking and Security Across Clouds
Protected Site Recovery Site
Data Center Extension
Disaster Recovery
Workload Mobility
Benefits
• Consistent Networking and
Security
• Improved Application Resiliency
• Rapid Workload Migration
03
Multi-cloud Networking
02
Automation
01
Security
18Confidential │ ©2018 VMware, Inc.
Security
Micro-Segmentation
Secure End User
DMZ Anywhere
Every endpoint can have:
• Individual firewalls
• Individual security policies
• Policies that span environments
Enforce Security at the Most Granular Level of the Data Center
03
Multi-cloud Networking
02
Automation
01
Security
19Confidential │ ©2018 VMware, Inc.
VMware NSX - Non-Disruptive Deployment of Distributed Networking Services
20Confidential │ ©2018 VMware, Inc.
VMware NSX - Non-Disruptive Deployment of
Distributed Security Services
VMware NSX Simplifies VDI Networking & Security
App
DMZ
Services
DB
Perimeter
firewall
AD NTP DHCP DNS CERT
Inside
firewall
Finance EngineeringHR Each VM can now be its own perimeter
Policies align with logical groups
Prevents threats from spreading
Simplified, programmable, automated
application of network/security policy to
desktop users/pools
Service-chaining with AV and NGFW
partners to deliver automated, policy-
integrated AV / malware protection, NGFW,
IPS, etc.
vRealize Network Insight
East-West Traffic Analysis
• East-West Traffic Flow Analysis
• Breakdown of Data Center Traffic by East-West, VM-to-VM, VM-to-Physical, Switched, Routed, etc.
• Get Detailed Flow stats behind each number
Security Policy Automation – Micro-Segmentation
• Discover vCenter and NSX constructs (folders, clusters, vlans, security tags)
• Automated Security Groupings Based on vCenter and NSX Constructs, Workload Characteristics, Ports, Common Services
• Recommended Security Policies / Firewall Rules (Zero-Trust Model)
• See Network Traffic Per Host, Per VM
• Export as CSV
Security Operations, Audit and Compliance
• Real Time Visibility into Security Group Memberships & Effective Firewall Rules for a VM, between VMs and between VM and Physical
• Datacenter Time Machine - Track Changes for Troubleshooting or Audit
• Compliance Engine with a Simple Google-like Search Interface to Write Policies and Set Alerts
• Instant Alerting Upon Policy Violation and Non Compliance
Visibility Across Overlay And Underlay
NSX Firewall
PANW Virtual FW
PANW Physical
Firewall
Physical Network
Switch, Router
VXLAN
VLAN
Converged
Infrastructure
(Ex: UCS)
Connectivity Graphs
• VM to VM, VM to Physical, VM to Internet
• Hop-by-Hop Path across Overlay (LDRs, Edge Gateways) and Underlay (Physical VDCs & VRFs). See V-To-P Boundary
• Correlated Problems And Performance Metrics Across Virtual and Physical
• See Effective Firewall Rules and Security Policies across NSX and PANW in Service-Chained Environment
Simple & Contextual Search
• Single pane of glass between virtual & physical
• Google-like search for ease of use
• Time aware search (go back in time)
• Fewer clicks to find and identify issues
• Simplified interface, reduce learning curve across admin teams
Hi Peter, what do you need help with today?
NSX Infrastructure Monitoring and Best Practices Checks
Configuration, Health and Consistency Validation
• VTEP Level Misconfigurations
• VTEPS – Underlay Mapping Checks
• Netcpa Health
• Hosts Version Validation
• LDR and Edge ConfigIssues
• Routing Misconfigurations/ Issues between LDR, Edge and Physical Routers
vSphere Platinum Secures Applications, Infrastructure, Data & Access
Secure Data
(VM Encryption,
Encrypted vMotion)
Secure Infrastructure
(Secure Boot, Support
for TPM 2.0, vTPM 2.0,
Support for VBS)
Secure Access
(Audit Quality Logging)
Secure Applications
(AppDefense – Visibility, Control, Detection, Response)
Enhanced
Security
Functionality
vSphere Platinum: Key Benefits
Visibility Readiness Detection Response
vSphere Admins Security Teams
• Visibility into intent of
VMs, inventory of apps
• Understand application
behavior
• Get alerted on potential
issues and deviations
• Shrink attack surface and
reduce risk of security
compromise
• Collaborate with security,
compliance, application
teams
• Increase accuracy of threat
detection with machine
learning and behavioral
analytics
• Enhance existing security
tools, support compliance
efforts
• Investigate alerts with
in-depth app context
• Automated/orchestrated
responses maximize
efficiency and reduce
potential damage
Faster detection, analysis, and time to response with greater accuracy gained from machine learning and behavioral
analytics
Better protection with a light-weight security solution, no agents to manage,
and minimal overhead
vCenter Plug-In for App Defense included with vSphere Platinum
Read more here: https://blogs.vmware.com/vsphere/2018/08/under-the-hood-vsphere-platinum.html
Confidential │ ©2018 VMware, Inc.
Data plane in the
cloud, not just
management
True multi-tenant
Gateways and
Orchestrator
Multi-tier, role-based
management
for SPs
SD-WAN Integrated with Service Providers
SD-WAN for last
mile/access
Access to private
network for mid mile
Hub-less deployment in DCs
and non-SD-WAN sites
NSX SD-WAN Orchestrator by VeloCloud
• BGP / CE elimination
• COS, MPLS policing, tunnel shaper
NSX-WAN Gateway by VeloCloud
with Embedded ControllerPublic Internet
Provider
Edge
Branch Site with
NSX-WAN Edge
by VeloCloud
or
NSX-WAN VNF
by VeloCloud
Legacy Enterprise
Data Center
Provider Edge
and Gateways
Private
Circuit
Provider Cloud Data Center
with Provider Gateways
Private—
MPLS
SAAS
Internet
Thank you!
Ethan Palmer VMware Technical Specialist, VCP5-DCV,
VCP6-NV
703-230-7542