My view on VMware approach to Hybrid- and Software-Defined Infrastructure: NSX, Hybrid Cloud and OpenStack. Get the agility of a startup with the guarantees of Enterprise-class IT. Session delivered at asLAN Congress 2015 in Madrid on April 15th.
1. Business Agility and Security with VMware
15 Apr 2015, Madrid
Ángel Villar Garea
SDDC Systems Engineer
@AVillarGarea
2. VMware – One Cloud, Any Application, Any Device
2
vmware.com/cloud
3. Physical
Infrastructure
• Provisioning is slow
• Placement is limited
• Mobility is limited
• Hardware dependent
• Operationally intensive
Introducing VMware NSX
3
Network Virtualization with NSX
L2 Switch Firewall
Operational model
of a VM
Software
• Programmatic provisioning
• Place any workload anywhere
• Move any workload anywhere
• Decoupled from hardware
• Operationally efficientLoad BalancerL3 Router
4. Switching Routing Load
Balancing
VPN Connectivity
to Physical
VMware NSX, a complete Network and Security Solution
Advanced service insertion and chaining, including but not limited to:
- NGFW - FIM (File Integrity Management)
- IDS/IPS - Vulnerability Scanning
- AV - Policy Management and Compliance
4
Micro-
Segmentation
VMware NSX Ecosystem: http://www.vmware.com/products/nsx/resources
5. Rack N’ Roll!!
5
Web
App
Database
VM VM
VM VM VM
VM
Deploy complete Applications from CMP, including
VMs, Logical Networks and Security
Add Capacity on Demand
Multitenant Isolation
6. VMware NSX Micro-Segmentation
6
Isolation and segmentation
Unit-level trust / least privilege
Ubiquity and centralized control
Zero-Trust security model that
follows the VM
1
2
3
Microsegmentation is now possible in dynamic, multi-tenant environments:
• High performance, in kernel distributed stateful firewall
• Security between VMs on same IP Subnet
• Integration with best-of-breed security partners
VMware NSX Ecosystem: http://www.vmware.com/products/nsx/resources
Developing a Framework to Improve Critical Infrastructure Cybersecurity:
http://csrc.nist.gov/cyberframework/rfi_comments/040813_forrester_research.pdf
8. VMware solutions, easy to deploy and manage
8
Synergent Use Case:
http://virtualizeyournetwork.com/articles/explore/synergent-taps-vmware-nsx-for-micro-segmentation-and-it-automation-in-the-software-defined-data-center/
9. VMware NSX Network
Virtualization
• Transforms networking and
security for the SDDC
• Over 400 paying customers
• Application provisioning from
weeks to minutes
• New architecture for security
Available Since Q4 2013
Hybrid Networking
Services
Powered by VMware NSX
Extend vCloud Air
advanced networking
services into customers’
private data centers
Availability starts H12015
The Power of a Single Network – vCloud Air
Securely Bridging Public and Private Clouds
VMware NSX Ecosystem Extensibility
Hybrid Cloud
vCloud Air Advanced
Networking Services
Powered by VMware NSX,
enabling customers to
achieve Zero Trust
security model in the
public cloud
Available Jan 2015
Private Cloud Public Cloud
AVAILABILITY STARTS H12015
9
VMware vCloudAir: http://vcloud.vmware.com Ten Advantages of Virtual Private Cloud OnDemand: http://www.vmware.com/files/pdf/vcloud-air/VMW-vCloud-Air-OnDemand-Infographic.pdf
10. Some other things moving…
10
OVN: http://openvswitch.org/pipermail/dev/2015-January/050380.html NSX at OpenStack Summit: https://www.youtube.com/watch?v=nGkzINmtR8o
NSX and Containers, VMworld2014: https://www.youtube.com/watch?v=bsesu83mXdY
Bruce Davie Interview: https://www.youtube.com/watch?v=cMd05lKYqjg
11. ü Official OpenStack distribution
ü Open source code packaged, hardened, and supported by VMware
ü Free for all vSphere ENT+ Customers (including vCloud Suite, vSOM Ent+), Optional support
Included OpenStack Components:
Integrated VMware Technologies:
Current Future
11
Horizon
(web portal)
CLI Tools / SDKs
vRealize Business
Cost visibility
vCenter
Nova
(compute)
Neutron
(network)
Cinder
(block storage)
Glance
(images)
vCenter Datastores
3rd-party / Virtual SAN
Trove, Ceilometer, etc.
(Additional higher layer services in future releases)
Keystone
(identity)
Local
DB &
LDAP
SSO
vRealize Log Insight
Log collection,
O/S Content pack
NSX
vRealize Operations
OpenStack mgmt packs
Swift
(object store)
Basic
open
source
vSphere Web Client
Install, Configure and Troubleshoot
3rd
Party
Heat
vRealize Automation
Governance
VMware Integrated OpenStack (VIO)
VMware Integrated OpenStack: https://www.vmware.com/products/openstack
12. VIO in production – Adobe Marketing Cloud
12
Company
Background
Adobe Digital Marketing Cloud provides SaaS digital marketing capabilities to large
B2B enterprises. […] superior web experience management, analytics, social
marketing, media optimization, testing and targeting, and campaign management for
hundreds of organizations around the world.
The choice
VMware Integrated OpenStack (VIO) offered a full, standard OpenStack distribution.
The best combination of capabilities, maturity, roadmap, and VMware integration
enabled Adobe Digital Marketing efficient infrastructure modernization while building on
the strengths of their existing environment
Addressing
concerns
Deploying VIO components took about ten minutes
While issues such as upgrade paths were concerns, VIO’s roadmap and ease of
upgrade mitigated potential problems.
Adobe Digital Marketing’s IT Transformation with OpenStack!
Game changer: inside Adobe’s new Marketing Cloud architecture:
http://superuser.openstack.org/articles/game-changer-inside-adobe-s-new-marketing-cloud-architecture
13. And not only VIO – VMware OpenStack Ecosystem
13
* NSX only
VMware works openly with the OpenStack vendor ecosystem to make sure technologies like
vSphere, NSX, vRealize Operations, vRealize Automation, etc. all work with third-party distros.
14. VMware – One Cloud, Any Application, Any Device
14
vmware.com/cloud
16. More information
16
Description Link
VMware NSX web site http://www.vmware.com/products/nsx/
VMware NSX Twitter https://twitter.com/vmwarensx
Hands-on-Labs Networking http://labs.hol.vmware.com/HOL/catalogs/catalog/130
NSX for vSphere Design Guide 2.1
https://communities.vmware.com/servlet/JiveServlet/previewBody/
27683-102-3-37383/NSXvSphereDesignGuidev2.1.pdf
VMware NSX customer case – WestJet http://www.youtube.com/watch?v=3OsXGuZjxxY
VMware NSX customer case – Colt
http://blogs.vmware.com/networkvirtualization/2014/08/vmware-nsx-
customer-story-colt-decreases-data-center-networking-complexity.html
VMware NSX customer case – NTT http://www.vmware.com/company/news/releases/vmw-ntt-netvirt-061013
Brad Hedlund on end-to-end visibility in VMware NSX http://www.youtube.com/watch?v=wRL47AmFAUU
VMware NSX and Splunk - Operational Visibility Across
Virtual and Physical Domains
http://www.youtube.com/watch?v=PzMvQFeojCk
17. Gartner Data Center Networking Magic Quadrant 2014
17
“The
NSX
solu-on
should
be
considered
by
exis-ng
VMware
customers
as
a
way
of
providing
network
agility
and
reducing
network
opera3onal
challenges
within
the
data
center.”
Gartner
Data
Center
Networking
Magic
Quadrant,
April
24,
2014
18. Automated Security Example – Anti Virus Protection
Quarantine Vulnerable Systems until Remediated
Security Group = Quarantine Zone
Members = {Tag = ‘ANTI_VIRUS.VirusFound’, L2
Isolated Network}
Security Group = Web TierPolicy Definition
Standard Desktop VM Policy
þ Anti-Virus – Scan
Quarantined VM Policy
þ Firewall – Block all except security tools
þ Anti-Virus – Scan and remediate
18
19. vSphere 6.0 improvements
19
Instantaneous
Failover
Cross switch and Cross vCenter Server
vMotions
Long-Distance vMotion Fault Tolerance for Multi-Processor VMs
Instantaneous Failover
4 vCPU 4 vCPU
vSphere
Primary Secondary
Fast Checkpointing
NIOCv3 – Network SLAs
• Network-Wide Bandwidth Allocation
• Granular QoS management at vNIC level
• Used by DRS to guarantee hosts meet VM requirements
vSphere 6.0: http://www.vmware.com/products/vsphere/
What’s New in VMware vSphere 6.0?: http://www.vmware.com/files/pdf/vsphere/VMware-vSphere-Whats-New.pdf
20. vCloud Air OnDemand, just a Browser and a Credit Card
20VMware vCloudAir: http://vcloud.vmware.com
Ten Advantages of Virtual Private Cloud OnDemand: http://www.vmware.com/files/pdf/vcloud-air/VMW-vCloud-Air-OnDemand-Infographic.pdf
21. vCloud Air Disaster Recovery
1Dependent on available bandwidth
Simple and Secure Asynchronous Replication and Failover for vSphere
• Warm standby capacity on vCloud Air
• Self-service protection, failover and
failback workflows per VM
• 15 min1 – 24 hr. recovery point
objective (RPO)
• Initial data seeding by shipping a disk
21
Site A (Primary) vCloud Air, Site B
(Recovery)
DR Instance
vCloud Air Disaster Recovery: http://vcloud.vmware.com/uk/service-offering/disaster-recovery
22. vCloud for NFV with Integrated OpenStack
22vCloud For NFV With Integrated OpenStack: http://ir.vmware.com/releasedetail.cfm?ReleaseID=899052