NSX scenariji

Jelena Tatomirović, rež i i že jer

Mila Vujo ić, rež i i že jer

Virtualiza ija u da aš je data e tru

Applications

Compute Storage Networking

Zašto je virtualiza ija reže it a?

3

NSX komponente

Control Plane NSX Controller

Run-time state

• Decouples virtual networks

form physical topology

• Not in Data Path

• Highly Available

Data Plane

NSX Edge

VDS

Hypervisor Extension Modules

Firewall Distributed

Logical Router VXLAN

NSX vSwitch

• Highly Available VM form factor

• Data Plane for N-S traffic

• Routing and Advanced services

• Intelligent network edge

• Line Rate performance

Management

Plane

NSX Manager • Single point of configuration

• REST API and UI interface

CMP Consumption

• Self Service Portal

• vRealize Automation

• Etc.

4

NSX – rež i odel ove ge era ije

Switching

Routing

Firewalling/ACLs

Load Balancing

Šta se do ija uvođe je NSX-a?

Bezbednost

Automatizacija

Kontinuitet aplikacija (DR)

Bezbednost virtuelne infrastrukture

Web App DB

Mikrosegmentacija

Bezbednost krajnjih korisnika

DMZ bilo gde

Bezbednost i VDI

APP1

Web 1 App 1

APP2

Web 2 App 2

Engineering External

Contractor 1 External

Contractor 2

Eng Eng net 4

Exter al * Web 1 4

Exter al * Web 2 4

APP1

Web 1 App 1

APP2

Web 2 App 2

Engineering External

Contractor 1 External

Contractor 2

Traditional Data Center NSX Data Center

VLANs

Engineering

External Contractor 1

External Contractor 2

Eng Web 1 4

Eng App 1 4

Eng Web 2 4

Eng App 2 4

Ext1 Web 1 4

Ext1 App 1 5

Ext2 Web 2 4

Ext2 App 2 5

…

Inteligentno grupisanje epodrža ih OS

Smanjiti rizik koji nose operativni sistemi koji nisu

podrža i od stra e proiz ođača pr. Wi do s Ser er

Unsupported OS Group

Automatizovana sigurnost u SDDC-u

10

Security Group = Quarantine Zone

Members = {Tag = ‘ANTI_VIRUS.VirusFound’, L2 Isolated Network}

Security Group = Web

Tier Policy Definition

Standard Desktop VM Policy

Anti-Virus – Scan

Quarantined VM Policy

Firewall – Block all except security tools

Anti-Virus – Scan and remediate

Automatizacija

Web App DB BLUEPRINT

IT Automating IT

Developer Cloud

Multi-tenant Cloud

Brzo kreiranje aplikacija iz template-a

12

• Dynamic Configuration and Deployment of templated application (NSX and vRealize Automation)

Logical Switch

Logical Router

NSX

Logical Firewall

Logical Load Balancer

On Demand Application Delivery vRealize Automation

Resource Reservation

Multi-Machine

Blueprint

Service Catalog

Cloud

Management

Platform

Network Profiles

Security Policies

Security Groups

Web

App

Database

VM VM

VM VM VM

VM

Kontinuitet aplikacije

Disaster recovery

Multi DC pooling

Cross Cloud

Data Center 1

Data Center 2

VM VM

VM VM

VM VM

VM VM

VM VM

VM VM

VM VM

VM VM

VM

VM VM VM

VM VM

VM

VM VM VM

VM VM

VM VM

VM VM VM VM

VM VM

VM VM

VM VM VM VM

VM VM

VM VM

VM VM

VM VM

VM VM

Multisite networking and security

14

vCenter-A vCenter-B

<150ms

Local Storage Local Storage

Universal Distributed Logical Router

App Web D

B

App Web D

B

Secure, High Availability, Distributed, Virtualized Resource Pool

Site-A Site-B

Disaster recovery

APP APP APP

15

Data Center 2 Data Center 1

Disaster Recovery

APP APP APP APP APP APP APP APP APP

Network Storage Compute Network Storage Compute

Recover

Always Synchronized

No IP change, Instantaneous Availability of Apps upon Disaster Failover of Logical Switching, Routing & Firewall Rules

Implementacija NSX-a u ali okruže ji a

NSX bez overlay reže

• NSX e adžer

• vCenter server

• Bez VXLAN-ova

• Bez izmene MTU vrednosti

NSX sa overlay režo (Full stack NSX)

• NSX e adžer

• vCenter server

• 1600 byte MTU

• 3 NSX kontrolera

• 2 NSX EDGE-a (HA/ECMP)

Pitanja?

NSX – monitoring i upravljanje

• NSX Flow monitoring

• NSX Traceflow

• vRealize Log Insight

• VRNI – vRealize Network Insight

vRealize Network Insight

9

Transformative Operations for NSX based Software-Defined Data Center

Optimize Network

Performance with

3600 Visibility &

Analytics

Ensure Best Practices,

Health and Availability

of NSX Deployment

Plan Micro-

segmentation

Deployment and

Ensure Compliance

Across Virtual, Physical and Cloud

vRealize Network Insight

21

• A aliza sao raćaja data e tra: East-West, VM-to-VM, VM-to-Physical, Switched, Routed..

• Detalj i statistički poda i o s i tipo i a sao raćaja

Hvala na paž ji! Pitanja?