Where Network Virtualization Fits Into Data

Center InitiativesThe Role of Network Virtualization in the

Modern, Secure Data Center and in Hybrid Cloud

Strategies

W H I T E PA P E R

W H I T E P A P E R / 2

Table of Contents

Supporting the Velocity of Business Change with Network Virtualization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3

What Would You Virtualize in Your Network? . . . . . . . . . . . . . . . . .4

How Network Virtualization Fits Into Your Existing Physical Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

Leverage What You Have Rather Than Rip and Replace . . . . . . 5

Physically Fit and Not Locked In . . . . . . . . . . . . . . . . . . . . . . . . . . . 6

How Network Virtualization Fits Into Software-Defined Data Center . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7

Security with Micro-Segmentation . . . . . . . . . . . . . . . . . . . . . . . . . . .7

IT Automation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8

Application Continuity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9

VMware NSX: The Leading Network Virtualization Platform . . . . 10

A True Network Virtualization Platform vs . Virtualization Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10

“Any” Thing Is Possible . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11

Iron Is Slow to Grow, While NSX Network Virtualization Is Exponentially Speedy . . . . . . . . . . . . . . . . . . . . . . 11

Integrated Best-of-Breed Networking and Security Services . . . . . . . . . . . . . . . . . . . . . . . . . . 12

Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13

W H I T E P A P E R / 3

Supporting the Velocity of Business Change with Network Virtualization

For years, the networking infrastructure has been referred to as the

“plumbing” of the enterprise. Certainly routers and switches have

become incredibly sophisticated over the years. But increasingly,

the constraints of physical networks are being exposed by the

management, agility, scalability and security demands required

for hybrid cloud strategies and the modern, secure data center.

When you enter the world of network virtualization, the pace of change accelerates. You

can transform data center economics and operations. The obstacles of physical networks

vanish, while all of your physical transport capacity becomes simpler and easier to use.

The result is a transformative model with service delivery that matches the velocity

demands of today’s businesses.

When a technology fundamentally changes an old model to support new strategies,

it is natural to ask, “Where does this fit into my data center initiatives?” In this paper,

we look at where network virtualization fits with these IT goals:

Reducing the cost and complexity

of existing physical infrastructure assets

(without disrupting your existing infrastructure)

Moving towards the Software-Defined

Data Center (SDDC)

Accelerating (and simplifying) private and hybrid cloud initiatives

Improving data center security, automation and applications continuity

W H I T E P A P E R / 4

Workload Workload Workload

L2, L3, L4-7 Network Services

Network Virtualization Platform

Requirement: IP Transport

Physical Network

Application Application Application

x86 Environment

Server Hypervisor

Requirement: x86

Physical Compute and Memory

Software

Hardware

Decoupled

What Would You Virtualize in Your Network?Network virtualization is conceptually very similar to server virtualization (see Figure 1).

Figure 1: Network virtualization is similar to server virtualization, with equally impressive benefits .

With server virtualization, a software abstraction layer (server hypervisor) reproduces

the familiar attributes of an x86 physical server (e.g., CPU, RAM, Disk, NIC) in software,

allowing them to be programmatically assembled in any arbitrary combination to

produce a unique virtual machine (VM) in a matter of seconds.

With network virtualization, the functional equivalent of a “network hypervisor”

reproduces the complete set of Layer 2 to Layer 7 networking services (e.g., switching,

routing, access control, firewalling, QoS, and load balancing) in software. As a result,

they, too, can be programmatically assembled in any arbitrary combination, this time

to produce a unique virtual network in a matter of seconds.

Not surprisingly, similar benefits are also derived. For example, just as VMs are

independent of the underlying x86 platform and allow IT to treat physical hosts

as a pool of compute capacity, virtual networks are independent of the underlying

IP network hardware and allow IT to treat the physical network as a pool of transport

capacity that can be consumed and repurposed on demand.

W H I T E P A P E R / 5

How Network Virtualization Fits Into Your Existing Physical NetworkIn retrospect, it may seem like compute virtualization happened overnight. But

compute virtualization with VMware vSphere® was never an “all or nothing” proposition.

IT organizations appreciated the fact that virtualizing servers with VMware was low

risk, incremental and non-disruptive. The same tenants—low risk, incremental and

nondisruptive— are true with network virtualization as architected by VMware.

This is why network virtualization has moved up so quickly on the IT agenda.

Leverage What You Have Rather Than Rip and Replace

IT organizations would rather not be forced to rip and replace the physical network in

order to realize the benefits of agility, automation, and security. The right network

virtualization technology should be a completely non-disruptive solution, which means:

• Requires no changes to existing applications and workloads

• Allows you to incrementally implement virtual networks at whatever pace you choose

(without any impact to existing applications and network configurations)

• Extends visibility to existing networking monitoring and management tools

to deliver increased visibility into virtualized networks

In addition to being non-disruptive, network virtualization can help increase IT uptime

and agility by enabling networking professionals to perform fewer activities that are

manual and error-prone (as shown in Figure 2). For example:

• Provisioning: Manipulating a multitude of VLANs, subnets, firewall rules,

load balancers and ACL, QoS, VRF and MAC/IP tables; in an enterprise network,

provisioning also involves multiple vendor-specific command line interface (CLIs),

exacerbating the “time and error” problem.

• Ongoing change management: Painstaking box-by-box tasks required to ensure

that changes to the network for the placement and mobility of one application

do not adversely impact other applications.

This can free up valuable time for senior networking professionals for strategic data

center initiatives, such as global network architecture design and traffic engineering.

W H I T E P A P E R / 6

Virtual SwitchHypervisor

Existing Physical Network

Simplified IP Backplane, No VLANs, No ACLs, No Firewall Rules

Virtual Network

Virtual SwitchHypervisor

Figure 2: Network virtualization preserves but greatly simplifies the existing physical network . At the virtualization level, you gain the ability to define policies for applications continuity with QoS, uptime and performance . With micro-segmentation, you can create pervasive, granular and adaptable security to protect the data center .

Physically Fit and Not Locked In

Network virtualization actually opens up more possibilities for hardware and vendor

choices. Because the physical network is only required for reliable high-speed packet

forwarding, you have the freedom to pick the right products without being held captive

by compatibility restrictions. It gives IT greater freedom in hardware choices going

forward—which is not something that traditional network vendors are keen to see.

What does that mean for the future? It means that you can support next-generation

fabrics and topologies from any vendor. Imagine the ability to follow your own roadmap

for success, rather than letting a single vendor set your agenda or pace.

W H I T E P A P E R / 7

How Network Virtualization Fits Into Software-Defined Data Center (SDDC)With network virtualization, you can achieve the operational model of a VM for the entire

data center. You can programmatically create, snapshot, store, move, delete and restore

entire applications environments with the same simplicity and speed that you spin up

a VM. Create any network topology in minutes or even seconds.

Generally, companies have a specific problem to solve when they start down the path

of network virtualization. So what might send network virtualization to the top of your

agenda? Let’s look at three of the most common problems that network virtualization

solves easily.

Security with Micro-Segmentation

Data center security is a major concern for IT. Security breaches within the walls of

the data center continue to escalate, along with the costs of loss and remediation.

The average company experiences two successful attacks each week, according to

a global survey by PriceWaterhouseCoopers.1

Security administrators are under pressure to secure workloads faster. The new model

for data center security will be: a) software-based, b) use the principle of micro-

segmentation, and c) embrace a Zero Trust2 (ZT) model. The ZT model says that in a

more virtualized world there should be no distinction between trusted and untrusted

networks or segments—protection must be pervasive and granular. In order to build

a ZT model, you need a virtualized network that provides micro-segmentation.

1 . Global State of Information Security Survey 2015, PriceWaterhouseCoopers, 2014

2 . Leverage Micro-Segmentation to Build a Zero Trust Network, Forrester Research 2015

Software-based

Use the principle of micro-

segmentation

Embrace a Zero Trust (ZT)

model

W H I T E P A P E R / 8

Micro-segmentation is not about “building up” but “infusing into.” It’s analogous to how plants can be engineered at the molecular or cellular levels for pest and disease resistance. That’s why VMware describes micro-segmentation as the ability to “build security into your network’s DNA.”

Security policies are enforced by firewall controls that are integrated into the hypervisors

already distributed throughout the data center. That means you have an instantly

ubiquitous security blanket across the data center. And because of its place in the

hypervisor, network virtualization is close enough to the applications and workloads

to have rich context, yet removed enough to isolate these assets from threats.

Security policies are tied to your virtual network, VMs, and operating system,

down to the virtual network interface card. You can create fine-grained policies

that simply aren’t possible with conventional physical firewalls. Security policies

can be updated in seconds—and even automatically—to respond to security threats

or changes in application topologies.

Because policies are tied to VMs, rather than VLANs or IP addresses, policies

automatically move with the workload. Keeping policies synchronized with workloads

not only simplifies administration, it eliminates gaps that can create vulnerabilities.

You can manage literally thousands of virtual firewalls as one firewall from a single

“pane of glass.” Administrators can automate workflows, policies and rules from

that single pane of glass and then propagate configuration changes to every virtual

firewall in seconds. In other words, network virtualization enables distributed security

policy enforcement with centralized management.

W H I T E P A P E R / 9

IT Automation

In large data centers, manual processes for routine tasks drain IT budgets and strain

administrators already stretched thin. Manual processes are also prone to human error

and variability from one administrator to another. Any task that has to be performed

manually is an anchor holding back agility and scalability.

Network virtualization makes automation practical and easy for a variety

of labor-intensive tasks, including:

Configuration Provisioning Management Updating security policies when

workloads move or are decommissioned

Let’s take a closer look at how automation applied to provisioning can reduce operational

expense, accelerate time to-market, and speed IT service delivery: With network

virtualization, a network engineer can create a template for a multi-tier application

for development purposes. The environment can then be provisioned to an application

developer in a matter of seconds via a self-service portal. The same can be done for

quality assurance (QA), staging and production environments—across hybrid clouds

and multiple applications and services—with consistent configuration and security.

Application Continuity

Keeping applications up and running is one of the top mandates of IT organizations.

With hardware-based networks, it is cost-prohibitive to completely reproduce the

network topology and services in a secondary location. Instead, the current practice

is to create a “good enough” version.

With network virtualization, you can snapshot a complete application architecture

(with no compromise in functionality), send a copy to the backup site, and use it

to restore the virtual network in seconds—on any hardware.

W H I T E P A P E R / 1 0

Figure 3: VMware NSX reproduces the entire network model in software (e .g ., switching, routing, firewalling, load-balancing, VPN, etc .), enabling any network topology—from simple to complex multi-tier networks— to be created and provisioned in minutes or even seconds without modifying the application .

Virtual Networks

NSX

Network Virtualization Platform

Any Application

Any Cloud Management Platform

Any Hypervisor

Any Network Hardware

Logical L2 Switch Logical L3 Router

LogicalFirewall

LogicalLoad Balancer

LogicalVPN

VMware NSX: The Leading Network Virtualization PlatformWhere does VMware NSX® fit in the field of vendors offering network virtualization

capabilities? VMware has the largest installed base of any network virtualization platform.

As more enterprises and service providers adopt the SDDC model, VMware is the

company that understands the people, processes, tools and technology implications

of network virtualization better than any other vendor.

A True Network Virtualization Platform vs . Virtualization Features

As shown in Figure 3, NSX is a full network virtualization platform.

Some solutions that are touted as offering network virtualization only offer virtualization

in specific and even restricted ways. Software-Defined Networking (SDN) is a perfect

example. SDN is actually an umbrella term for several technologies aimed at better

managing hardware boxes, such as switches. SDN accommodates virtualization where

necessary, but it is not a network virtualization model. It is hardware that leads the SDN

model, and virtualization is a supporting player. Which is why so many of the constraints

of physical networks are not solved with SDN.

W H I T E P A P E R / 1 1

One of the strengths of the wwVMware NSX platform is the depth and breadth of problems it can solve. No matter what the primary reason might be for adopting network virtualization today, you have a platform that can take you far in the future.

“Any” Thing Is Possible

VMware describes the brave new architecture for IT: One Cloud, Any Application,

Any Device™. VMware’s SDDC creates a unified hybrid cloud from private, public

and managed clouds and business mobility. All of these resources can be governed

from one unified Cloud Management Platform (CMP). Which means you can use this

enormous reservoir of resources to rapidly develop, automatically deliver and manage

all of your enterprise applications, no matter where they reside. The end goal is to

deliver high-value outcomes to your organization.

Virtual network

capacity scales linearly

(alongside VM capacity)

with the introduction

of each new x86-based

hypervisor/ host adding

40 Gbps of switching

and routing capacity

and 30 Gbps of

firewalling capacity

A single

NSX Controller™

cluster can deliver

over 10,000 virtual

networks in support

of over 100,000

virtual machines

The processing

required for execution

of distributed network

services is only

incremental to what

the vSwitch is already

doing for connected

workloads—typically

between 25% and 50%

of one core on each host

Iron Is Slow to Grow, While NSX Network Virtualization Is Exponentially Speedy

The NSX network virtualization is architected for connectivity in the era of cloud

computing and the Internet of Things. The economics of this degree of connectivity

is simply not feasible when you are dependent upon hardware to scale the network.

For example, with NSX:

W H I T E P A P E R / 1 2

Figure 4: VMware NSX is a platform that tightly integrates the industry’s leading networking and security solutions into the SDDC . This ever-expanding ecosystem means you can be confident that you can enhance any aspect of your virtualized environment .

NSX TECHNOLOGY PARTNERS

SDDC OPERATIONS

AND VISIBILITY

PHYSICAL-TO- VIRTUAL (P2V) DATA CENTER SERVICES

SECURITY SERVICES

APPLICATION DELIVERY SERVICES

Checkpoint

Intel

Palo Alto Networks

Rapid 7

Symantec

Trend Micro

Hytrust

Arkin

EMC

Gigamon

NetScout

Riverbed

Tufin

Arista

Brocade

Cumulus Networks

Dell

HP

Juniper Networks

Citrix

F5

Integrated Best-of-Breed Networking and Security Services

The VMware NSX platform is specifically designed to facilitate integration, applications

development and services from an ever-expanding ecosystem of networking and security

technologies (see Figure 4). These partner solutions ensure that you can quickly adapt

to constantly changing conditions in the data center and business demands. For example,

Palo Alto Networks’ integration with VMware NSX adds the ability to:

• Efficiently add advanced, next-gen firewalling and IPS security to workloads inside

the data center

• Share intelligence with other security products in the VMware NSX ecosystem to adapt

to emerging security conditions in the data center

W H I T E P A P E R / 1 3

ConclusionWhere does network virtualization fit into the data center?

Network virtualization fits with your physical infrastructure. It makes more efficient

use of the infrastructure you have, and gives you more choices in hardware vendors

going forward.

Network virtualization fits with your vision for SDDC, a data center model that’s more

adaptable, simpler to manage, and more responsive to your business. Amazon, Facebook

and Google seem to have set the bar high with their mega data centers. But what they

have accomplished is more easily attainable today than it was even a year ago. And one

of the big things that has changed in that time is the reality of network virtualization.

It’s a cornerstone of the modern, secure data center that business executives and lines

of business expect IT to deliver.

As an integral part of SDDC, network virtualization fits with your vision for turning

hybrid clouds into transparent, unified environments for building, delivering and

managing enterprise applications.

Network virtualization fits with your priorities today, whether that’s closing the dangerous

gaps in data center security. Or automating processes to make a measurable difference

in time-to- market with higher quality and consistency. Or not taking shortcuts on

backup, so there’s no half-measures in bringing your complete infrastructure back

online to support application continuity.

Network virtualization doesn’t just fit in with data center initiatives. It’s one of the primary

engines for expanding what’s possible with those initiatives.

Learn more: vmware.com/products/nsx

VMware, Inc . 3401 Hillview Avenue Palo Alto CA 94304 USA Tel 877-486-9273 Fax 650-427-5001 www .vmware .comCopyright © 2016 VMware, Inc. All rights reserved. This product is protected by U.S. and international copyright and intellectual property laws. VMware products are covered by one

or more patents listed at http://www.vmware.com/go/patents. VMware is a registered trademark or trademark of VMware, Inc. in the United States and/or other jurisdictions. All other

marks and names mentioned herein may be trademarks of their respective companies. Item No: 16VM066-Whitepaper 01/16