nsx and vrni - carahsoft

© 2014 VMware Inc. All rights reserved.

NSX and vRNI

Ethan Palmer VMware Technical Specialist

VCP5-DCV, VCP6-NV

703-230-7542

[email protected]

Partner Enablement Day – Technical Track

Confidential & Proprietary

2Confidential │ ©2018 VMware, Inc.

The Data Center Networking ChallengeThere Has Been a Lot of Innovation and Virtualization in the Data Center

Except for one area…

Compute Storage Networking


The Data Center Networking ChallengeThe Lack of Networking Virtualization is Holding Back Your Ability to…

Keep up with the pace of business

Secure your data centers

Control cost

Compute Storage Networking


Public clouds solve some of the limitations of data centers, but they can also introduce new networking and security challenges:

• Multiple clouds

• Inconsistent tools and policies

• Different skillsets

The Emerging Cloud Networking Challenge


Driving Value With Our NSX Partner Ecosystem

Compute

Infrastructure

Network

Infrastructure

Networking

& Security Services

Orchestration

& Management

Platforms

Operations &

Visibility

vRealize Automation

vCloud Director

vRealize OrchestratorVIO

vSANReady Node


Network Virtualization Solves These ProblemsAbstracting Networking and Security From the Underling Infrastructure

IoTCloudData Center Branch Office


Identity

Apps and Data

Policy ScalabilityAnalytics and Insights

Secure Connectivity Availability

Users

Private Data Centers

VMs, Containers, Microservices

Branch Offices

Public Clouds

Telco Networks

Things

Consistent networking and

security across the

business fabric

Powering

the Virtual Cloud

Network

with NSX


Ready for the future

Reinvent Wide Area

Networking (WAN)

Reinvent security

Expand the network

Value from the network

Rethink networking

Software-Defined Data Center

Nicira

Insights

Automation

Multi-Cloud andMulti-Hypervisor

App Security

Connectivity and Hybridity

Network Virtualization

NSX

Network Insight (Arkin)

vRealize Automation

NSX-T

AppDefense

Micro-Segmentation

vSphere Distributed Switch

NSX SD-WAN by VeloCloud

NSX Hybrid Connect

Container Frameworks

Pivotal Container Service (PKS)

Public Cloud AWS, IBM and Azure

Virtual Cloud Network

VMware Advancing

Business Transformation

with Networking and

Security in Software


NETWORKING AND SECURITY MANAGEMENT AND AUTOMATION

vRealize AutomationEnd-to-end workload automation

Network InsightNetwork discovery and insights

Cloud-Based Management Workflow Automation Blueprints / Templates Insights / Discovery Visibility

NETWORK AND SECURITY VIRTUALIZATION

AppDefenseModern application

security

NSX SD-WAN

by VeloCloudWAN connectivity

services

NSX Hybrid ConnectData center and cloud

workload migration

NSX Data CenterNetworking and security

for all workloads

NSX CloudCloud-native

network services

Security Integration Extensibility Automation Elasticity

NEW NEWNEWNEW

VMware NSX as the Foundation for the Virtual Cloud Network

Confidential │ ©2018 VMware, Inc.

End-to-end Visibility and Operational Control

Consistent security across

clouds

Precise control over cloud

networking

Define a policy once, then

apply anywhere

Granular enforcement of

application workloads

NSX works alongside native

public cloud services

End-to-end visibility and

operational control

Dramatically Improve Monitoring, Troubleshooting, and Audits

AWS AzureFuture Public

CloudsPrivate Cloud

Visibility across your

clouds

Visibility

Performance

Security Consume with your existing

tools

Data Center Cloud

NSX


How does VMware NSX Data Center deliver on the promise of network virtualization?


Hypervisor

NSX Data Center Value Proposition

vSwitch

Hypervisor

vSwitch

Network, Storage, Compute

Virtualization Layer



Network and Security Services

• Run in-hypervisor (on-prem)

• Run as a Service (public cloud)

• Hardware/cloud independentHypervisor

vSwitch



Hypervisor

vSwitch

Network, Storage, Compute

NSX Platform

Virtualization Layer

Workloads


Key NSX Data Center Use-cases

Security Automation Multi-Cloud Networking


IT Automating IT

Developer Cloud

Multi-tenant Infrastructure

Benefits

• Accelerate

workload deployment

• Avoid risk from

human errors

• Compliance and

auditability

AutomationRapid and Repeatable Deployments With Automated Networking

and Security

Cloud Management

Platform

IT vRealize Automation

Blueprint

Infrastructure

Templates

Developer API

03

Multi-cloud Networking

02

Automation

01

Security


Multi-cloud NetworkingConsistent Networking and Security Across Clouds

Protected Site Recovery Site

Data Center Extension

Disaster Recovery

Workload Mobility

Benefits

• Consistent Networking and

Security

• Improved Application Resiliency

• Rapid Workload Migration

03


02

Automation

01

Security


Security

Micro-Segmentation

Secure End User

DMZ Anywhere

Every endpoint can have:

• Individual firewalls

• Individual security policies

• Policies that span environments

Enforce Security at the Most Granular Level of the Data Center

03


02

Automation

01

Security


VMware NSX - Non-Disruptive Deployment of Distributed Networking Services


VMware NSX - Non-Disruptive Deployment of

Distributed Security Services

VMware NSX Simplifies VDI Networking & Security

App

DMZ

Services

DB

Perimeter

firewall

AD NTP DHCP DNS CERT

Inside

firewall

Finance EngineeringHR Each VM can now be its own perimeter

Policies align with logical groups

Prevents threats from spreading

Simplified, programmable, automated

application of network/security policy to

desktop users/pools

Service-chaining with AV and NGFW

partners to deliver automated, policy-

integrated AV / malware protection, NGFW,

IPS, etc.

vRealize Network Insight

East-West Traffic Analysis

• East-West Traffic Flow Analysis

• Breakdown of Data Center Traffic by East-West, VM-to-VM, VM-to-Physical, Switched, Routed, etc.

• Get Detailed Flow stats behind each number

Security Policy Automation – Micro-Segmentation

• Discover vCenter and NSX constructs (folders, clusters, vlans, security tags)

• Automated Security Groupings Based on vCenter and NSX Constructs, Workload Characteristics, Ports, Common Services

• Recommended Security Policies / Firewall Rules (Zero-Trust Model)

• See Network Traffic Per Host, Per VM

• Export as CSV

Security Operations, Audit and Compliance

• Real Time Visibility into Security Group Memberships & Effective Firewall Rules for a VM, between VMs and between VM and Physical

• Datacenter Time Machine - Track Changes for Troubleshooting or Audit

• Compliance Engine with a Simple Google-like Search Interface to Write Policies and Set Alerts

• Instant Alerting Upon Policy Violation and Non Compliance

Visibility Across Overlay And Underlay

NSX Firewall

PANW Virtual FW

PANW Physical

Firewall

Physical Network

Switch, Router

VXLAN

VLAN

Converged

Infrastructure

(Ex: UCS)

Connectivity Graphs

• VM to VM, VM to Physical, VM to Internet

• Hop-by-Hop Path across Overlay (LDRs, Edge Gateways) and Underlay (Physical VDCs & VRFs). See V-To-P Boundary

• Correlated Problems And Performance Metrics Across Virtual and Physical

• See Effective Firewall Rules and Security Policies across NSX and PANW in Service-Chained Environment

Simple & Contextual Search

• Single pane of glass between virtual & physical

• Google-like search for ease of use

• Time aware search (go back in time)

• Fewer clicks to find and identify issues

• Simplified interface, reduce learning curve across admin teams

Hi Peter, what do you need help with today?

NSX Infrastructure Monitoring and Best Practices Checks

Configuration, Health and Consistency Validation

• VTEP Level Misconfigurations

• VTEPS – Underlay Mapping Checks

• Netcpa Health

• Hosts Version Validation

• LDR and Edge ConfigIssues

• Routing Misconfigurations/ Issues between LDR, Edge and Physical Routers

vSphere Platinum Secures Applications, Infrastructure, Data & Access

Secure Data

(VM Encryption,

Encrypted vMotion)

Secure Infrastructure

(Secure Boot, Support

for TPM 2.0, vTPM 2.0,

Support for VBS)

Secure Access

(Audit Quality Logging)

Secure Applications

(AppDefense – Visibility, Control, Detection, Response)

Enhanced

Security

Functionality

vSphere Platinum: Key Benefits

Visibility Readiness Detection Response

vSphere Admins Security Teams

• Visibility into intent of

VMs, inventory of apps

• Understand application

behavior

• Get alerted on potential

issues and deviations

• Shrink attack surface and

reduce risk of security

compromise

• Collaborate with security,

compliance, application

teams

• Increase accuracy of threat

detection with machine

learning and behavioral

analytics

• Enhance existing security

tools, support compliance

efforts

• Investigate alerts with

in-depth app context

• Automated/orchestrated

responses maximize

efficiency and reduce

potential damage

Faster detection, analysis, and time to response with greater accuracy gained from machine learning and behavioral

analytics

Better protection with a light-weight security solution, no agents to manage,

and minimal overhead

vCenter Plug-In for App Defense included with vSphere Platinum

Read more here: https://blogs.vmware.com/vsphere/2018/08/under-the-hood-vsphere-platinum.html

Confidential │ ©2018 VMware, Inc.

Data plane in the

cloud, not just

management

True multi-tenant

Gateways and

Orchestrator

Multi-tier, role-based

management

for SPs

SD-WAN Integrated with Service Providers

SD-WAN for last

mile/access

Access to private

network for mid mile

Hub-less deployment in DCs

and non-SD-WAN sites

NSX SD-WAN Orchestrator by VeloCloud

• BGP / CE elimination

• COS, MPLS policing, tunnel shaper

NSX-WAN Gateway by VeloCloud

with Embedded ControllerPublic Internet

Provider

Edge

Branch Site with

NSX-WAN Edge

by VeloCloud

or

NSX-WAN VNF

by VeloCloud

Legacy Enterprise

Data Center

Provider Edge

and Gateways

Private

Circuit

Provider Cloud Data Center

with Provider Gateways

Private—

MPLS

SAAS

Internet

Thank you!

Ethan Palmer VMware Technical Specialist, VCP5-DCV,

VCP6-NV

703-230-7542

[email protected]

nsx and vrni - carahsoft

Documents