SlideShare ist ein Scribd-Unternehmen logo

NSX: La Virtualizzazione di Rete e il Futuro della Sicurezza

VMUG IT
VMUG IT

VMUGIT Meeting a Napoli - 6 aprile 2016 NSX: La Virtualizzazione di Rete e il Futuro della Sicurezza Luca Morelli, VMware

Technologie
1 von 36
Downloaden Sie, um offline zu lesen
© 2016 VMware Inc. All rights reserved. NSX La Virtualizzazione di Rete e il Futuro della Sicurezza Luca Morelli Sr. Systems Engineer @ VMware
Qualche Info sullo Speaker… © 2016 VMware Inc. All rights reserved. 2 •  Nato a Catanzaro, la città delle 3 V, circa 37 anni fà •  Ingegnere Informatico – Università di Rende •  Nell’IT da circa 15 anni – Esperienze in Spagna, Francia, Olanda e altri paesi •  Iniziato con lo sviluppo software quindi prevendita da circa 8 anni •  Quasi 7 anni con un vendor di rete “fisica” •  “Virtualizzato” dal Gennaio 2015 •  Appassionato di subacquea, apnea, arrampicata e della mia splendida compagna •  Aggiungetemi su LinkedIn (Non solo NSX)
Agenda 3 1 La Visione di VMware nel Software Defined Data Center 2 Introduzione alla Virtualizzazione di Rete con NSX 3 Il Paradigma della Micro-Segmentazione 4 Principali Casi d’Uso © 2016 VMware Inc. All rights reserved.
Software-Defined Data Center (SDDC) The Foundation of the New Model of IT © 2016 VMware Inc. All rights reserved. 4 Any Application One Cloud Any Device Build-Your-Own Converged Infrastructure Hyper-Converged Infrastructure Software-Defined Data Center Cloud Management Compute Network Storage Extensibility Traditional Applications Modern, Cloud Applications Business Mobility: Applications | Devices | Content Hybrid Cloud PRIVATE Your Data Center PUBLIC vCloud Air MANAGED vCloud Air Network
Compute Virtualization Abstraction Layer The Network Is a Barrier to Software Defined Data Center!! Physical Network Software Defined Data Center •  Provisioning is slow •  Mobility is limited •  Hardware dependent •  Operationally intensive 5 Servers © 2016 VMware Inc. All rights reserved.
NSX - Distributed Services in the Hypervisor Applications Virtual Machines Virtual Networks Virtual Storage Data Center Virtualization Location Independence Software Hardware L2 Switching L3 Routing Firewalling/ACLs Load Balancing Automated operational model of the SDDC Network & Security Services Now in the Hypervisor Pooled compute, network and storage capacity; Vendor independent, best price/perf; Simplified config and mgt. Compute Capacity Network Capacity Storage Capacity © 2016 VMware Inc. All rights reserved.
NSX Logical Switching •  Per Application/Multi-tenant segmentation •  VM Mobility requires L2 everywhere •  Large L2 Physical Network Sprawl – STP Issues •  HW Memory (MAC, FIB) Table Limits •  Scalable Multi-tenancy across data center •  Enabling L2 over L3 Infrastructure •  Overlay Based with VXLAN, etc. •  Logical Switches span across Physical Hosts and Network Switches Challenges Benefits VMware NSX Logical Switch 1 Logical Switch 2 Logical Switch 3
Generic IP Fabric Host A vSphere Distributed Switch NSX and VXLAN 8 dvUplink-PG Logical SW A VM1 dvPG-VTEP VXLAN VTEP •  VXLAN can be seen as service on the host •  VXLAN uses a vmknic and implements a VXLAN Virtual Tunnel End Point (VTEP) functionality •  Depending on the uplink configuration, there might be several VTEPs on a host –  A single dvPortGroup is created for all VTEPs •  A logical switch is a L2 broadcast domain implemented using VXLAN –  A dvPortGroup is created for each logical switch
Generic IP Fabric Host A Host B vSphere Distributed Switch Traffic Flowing on a VXLAN Backed VDS 9 •  In this setup, VM1 and VM2 are on different hosts but belong to the same logical switch •  A VXLAN tunnel is established between the two hosts dvUplink-PG Logical SW A VM1 dvUplink-PG dvPG-VTEP VTEP dvPG-VTEP VTEP VXLAN Tunnel Logical SW A VM2
Host BHost A vSphere Distributed Switch Traffic Flowing on a VXLAN Backed VDS 10 •  Assume VM1 sends some traffic to VM2: dvUplink-PG Logical SW A VM1 dvUplink-PG dvPG-VTEP VTEP dvPG-VTEP VTEP Logical SW A VM2L2 frame L2 frame VM1 sends L2 frame to local VTEP1 VTEP adds VXLAN, UDP & IP headers2 Physical Transport Network forwards as a regular IP packet 3 Destination Hypervisor VTEP decapsulates frame4 L2 frame delivered to VM25 Generic IP Fabric VXLAN Tunnel IP/UDP/VXLAN L2 frame
NSX Routing: Distributed, Feature-Rich •  Physical Infrastructure Scale Challenges – Routing Scale •  VM Mobility is a challenge •  Multi-Tenant Routing Complexity •  Traffic hair-pins Challenges •  Distributed Routing in Hypervisor •  Dynamic, API based Configuration •  Full featured – OSPF, BGP, IS-IS •  Logical Router per Tenant •  Routing Peering with Physical Switch Benefits SCALABLE ROUTING – Simplifying Multi-tenancy L2 L2 Tenant A Tenant B L2 L2 L2 Tenant C L2 L2 L2 CMP
NSX vSwitch With NSXBefore NSX Default Gateway UCS Fabric A UCS Fabric B UCS Blade 1 vswitch 6 wire hops 6 wire hops UCS Fabric A UCS Fabric B UCS Blade 1 UCS Blade 2 vswitch vswitch UCS Fabric A UCS Fabric B 0 wire hops UCS Fabric A UCS Fabric B UCS Blade 1 UCS Blade 2 With NSXBefore NSX East-West Routing / Same host East-West Routing / Host to host 2 wire hops NSX vSwitch UCS Blade 1 The Advantage of Distributing Services Routing - more efficient networking, fewer hops Default Gateway Default Gateway Default Gateway © 2016 VMware Inc. All rights reserved.
NSX Edge Services Gateway: Integrated Network Services …. Firewall Load Balancer VPN Routing/NAT DHCP/DNS relayDDI VM VM VM VM VM •  Integrated L3 – L7 services •  Virtual appliance model to provide rapid deployment and scale-out Overview •  Real time service instantiation •  Support for dynamic service differentiation per tenant/application •  Uses x86 compute capacity Benefits
VLAN 20 Edge Uplink External Network Physical Router Web1 App1 DB1 Webn Appn DBn NSX Edge VXLAN 5020 Transit Link Distributed Routing RoutingPeering 14 How it looks like a Basic NSX Topology …
High Scale Multi Tenant Topology External Network Tenant 1 Web Logical Switch App Logical Switch DB Logical Switch … Web Logical Switch App Logical Switch DB Logical Switch Tenant NSX Edge Services Gateway NSX Edge X-Large (Route Aggregation Layer) Tenant NSX Edge Services Gateway VXLAN Uplinks (or VXLAN Trunk) VXLAN Uplinks (or VXLAN Trunk) VXLAN 5100 Transit 15
NSX provides Highest Level of Visibility in the Network 16 Log Insight NSX content pack Native capabilities Integration with partner ecosystem NSX API Syslog IPFIX Port mirroring SNMP Traceflow And more. vRealize Operations Suite
How do I manage NSX ? 17
Traditional approaches to Micro-Segmentation 18 Centralized firewalls •  Create firewall rules before provisioning •  Update firewall rules when moving or changing •  Delete firewall rules when app decommissioned •  Problem increases with more east-west traffic Internet
Internet How an SDDC approach makes Micro-Segmentation feasible 19 Security policy Perimeter firewalls Cloud Management Platform
NSX Distributed Firewalling •  Centralized Firewall Model •  Static Configuration •  IP Address based Rules •  40 Gbps per Appliance •  Lack of visibility with encapsulated traffic •  Distributed at Hypervisor Level •  Dynamic, API based Configuration •  VM Name, VC Objects, Identity-based Rules •  Line Rate ~20 Gbps per host •  Full Visibility to encapsulated traffic Challenges Benefits PHYSICAL SECURITY MODEL DISTRIBUTED FIREWALLING Firewall Mgmt VMware NSX API CMP
NSX Distributed Firewall Enablement DFW enforces rules at vNIC layer: •  DFW independent of transport network (VLAN or VXLAN) •  All VM ingress and egress packets are subject to DFW processing •  Security Policy independent of VM location •  V-to-V and P-to-V support 21 DFW has NO Dependancy on Network Topology ! VXLAN 5001 vSphere Host VM1 MAC1 IP1 VTEP IP: 10.20.10.10 vSphere Distributed Switch vSphere Host VM2 VTEP IP: 10.20.10.11 VM3 MAC2 IP2 MAC3 IP3 DFW Policy Rules: Source Destination Service Action VM1 VM2, VM3 TCP port 123 Allow VM1 VM2, VM3 any Block DVS port-group vSphere Host VM1 MAC1 IP1 VTEP IP: 10.20.10.10 vSphere Distributed Switch vSphere Host VM2 VTEP IP: 10.20.10.11 VM3 MAC2 IP2 MAC3 IP3 DFW Policy Rules: Source Destination Service Action VM1 VM2, VM3 TCP port 123 Allow VM1 VM2, VM3 any Block VLAN 501 VLAN 501 VLAN 501 VXLAN 5001 Logical Switch VXLAN 5001
CONFIDENTIAL NSX DFW Policy Objects •  Policy rules construct: •  Rich dynamic container based rules apart from just IP addresses: VC containers •  Clusters •  datacenters •  Portgroups •  VXLAN VM containers •  VM names •  VM tags •  VM attributes Identity •  AD Groups IPv6 compliant •  IPv6 address •  IPv6 sets Services •  Protocol •  Ports •  Custom IPv6 Services Choice of PEP (Policy Enforcement Point) •  Clusters •  VXLAN •  vNICs •  … Rule ID Rule Name Source Destination Service Action Applied To Action •  Allow •  Block •  Reject 22
23 Configure Policies with Security Groups Select elements to uniquely identify application workloads Use attributes to create Security Groups Apply policies to security groups 1 2 3 ABC DEF Group XYZ App 1 OS: Windows 8 TAG: “Production” §  Enforce policy based on logical constructs §  Reduce configuration errors §  Policy follows VM, not IP §  Reduce rule sprawl and complexity Use security groups to abstract policy from application workloads. Group XYZ Policy 1 “IPS for Desktops” “FW for Desktops” Policy 2 “AV for Production” “FW for Production” Element type Static Dynamic Data center Virtual net Virtual machine vNIC VM name OS type User ID Security tag
Micro-segmentation simplifies network security §  Each VM can now be its own perimeter §  Policies align with logical groups §  Prevents threats from spreading App DMZ Services DB Perimeter firewall AD NTP DHCP DNS CERT Inside firewall Finance EngineeringHR
WAN Internet Compute Cluster Compute Cluster Perimeter Firewall (Physical) NSX EDGE Service Gateway Compute Cluster SDDC (Software Defined DC) DFW DFW DFW DFW: E-W NSX EDGE Service Gateway positioned to protect border of the SDDC: EDGE: North – South traffic protection NSX DFW positioned for internal SDDC traffic protection: DFW: East – West traffic protection Physical Virtual Compute Cluster EDGE:N-S NSX Security in SDDC 25
Micro-segmentation in detail SegmentationIsolation Advanced services Controlled communication path within a single network •  Fine-grained enforcement of security •  Security policies based on logical groupings of VMs Advanced services: addition of 3rd party security, as needed by policy •  Platform for including leading security solutions •  Dynamic addition of advanced security to adapt to changing security conditions No communication path between unrelated networks •  No cross-talk between networks •  Overlay technology assures networks are separated by default
Third-Party Firewall, Network Security Options for NSX Integration Src Dst Action ANY Shared Service Allow Desktop WEB_GROUP Redirect to 3rd party Platform for Distributed Services Redirect via global rule to 3rd party WEB_ GROUP “Web Policy” þ  Firewall – redirect to 3rd party þ  3rd party – do deep packet inspection Redirect via policy template, for reuse in automation workflows 3rd party can program NSX distributed firewall directly – and set/get context to inform policy 27
Example : Orchestrating Security Between Multiple Services (Vulnerability Scan) SG: QuarantineSG: Web Servers 1.Web Server VM running IIS is deployed, unknowingly having a vulnerability 2.Vulnerability Scan is initiated on web server (3rd party AV product) 3.VM is tagged in NSX Manager with the CVE and CVSS Score 4.NSX Manager associates the VM with the Quarantine (F/W Deny) 5.[Externally] Admin applies patches, 3rd party AV product re-scans VMs, clears tag 6.NSX Manager removes the VM from Quarantine ; VM returns to it’s normal duties Services Services Membership: Include VMs which have CVSS score >= 9Membership: Include VMs which have been provisioned as “WebServer” NSX Manager antivirus antivirus
NSX Partners and Service Categories Application Delivery Services Physical-to-Virtual Services Operations and Visibility Security NSX Partner Extensions http://www.vmware.com/products/nsx/resources.html
Ground-breaking use cases 30 Enterprises can often justify the cost of NSX through a single use case Micro segmentation DMZ anywhere Secure end user Security IT automating IT Multi-tenant infrastructure Developer cloud IT automation Disaster recovery Metro pooling Hybrid cloud networking Application continuity IT optimization Server asset utilization Price | performance Hardware lifecycle $
Use Case: Infrastructure Management with vRealize Automation New Features §  Simplified Multi-Tier App Deployment §  Improved Connectivity − Deployment of logical switches and networks §  Enhanced Security −  Intelligent placement of workloads in security groups protected by firewalls §  Increased Availability −  Via deployment of NSX distributed firewalls and load balancers Benefits §  Deliver secure, scalable, performing application-specific infrastructure on-demand Dynamically Provision and Decommission NSX Logical Services
Use Case: Disaster recovery with NSX network virtualization SAN SAN 10.0.30.21 10.0.30.21 Virtual Network 10.0.30/24 Virtual Network 10.0.30/24 NSX Controller NSX Controller Snapshot network security 2b 1 Snapshot VM Network and security already exists Recover the VM 3 Physical network infrastructure Physical network infrastructure2a Replicate VM and storage 10.0.10/24 10.0.20/24 Step 1 & 2 (e.g VMware SRM) 32 Primary site Recovery Site
Use Case: A True Hybrid Cloud powered by VMware NSX Local Data Center InternetIPSec VPN (vCloud Air Network)(vCloud Air Network) vCloud Air L2 VPN Some Benefits: •  L2VPN for DC Extension •  Granular Network Security with Trust Groups •  Bi-directional workload migration using vSphere web client 33 Some Benefits: •  Today with vCloud AIR •  Tomorrow with Amazon AWS, Azure, Google and other Public Cloud Providers
NSX Vision: Driving NSX Everywhere Managing Security and Connectivity for many Heterogeneous End Points 34 Automation IT at the Speed of Business Security Inherently Secure Infrastructure Application Continuity Data Center Anywhere On-Premise Data Center New app frameworks Mobile Devices (Airwatch) Virtual Desktop (VDI) Branch offices (Partner) Internet of things Public clouds
What’s Next… VMware NSX Hands-on Labs labs.hol.vmware.com 35 Explore, Engage, Evolve virtualizeyournetwork.com Network Virtualization Blog blogs.vmware.com/networkvirtualization NSX Product Page vmware.com/go/nsx NSX Training & Certification www.vmware.com/go/NVtraining NSX Technical Resources Reference Designs vmware.com/products/nsx/resources VMware NSX YouTube Channel youtube.com/user/vmwarensx VMware NSX Community communities.vmware.com/community/vmtn/nsx Play Learn Deploy
Thank you.

Empfohlen

VMUG.IT Meeting Napoli - Opening
VMUG.IT Meeting Napoli - OpeningVMUG.IT Meeting Napoli - Opening
VMUG.IT Meeting Napoli - OpeningAndrea Mauro
 
Si fa presto a dire SDDC: come, quando e perché?
Si fa presto a dire SDDC: come, quando e perché?Si fa presto a dire SDDC: come, quando e perché?
Si fa presto a dire SDDC: come, quando e perché?Andrea Mauro
 
VMworld 2013: Virtualized Network Services Model with VMware NSX
VMworld 2013: Virtualized Network Services Model with VMware NSX VMworld 2013: Virtualized Network Services Model with VMware NSX
VMworld 2013: Virtualized Network Services Model with VMware NSX VMworld
 
VMworld 2013: VMware NSX Integration with OpenStack
VMworld 2013: VMware NSX Integration with OpenStack VMworld 2013: VMware NSX Integration with OpenStack
VMworld 2013: VMware NSX Integration with OpenStack VMworld
 
An Introduction to VMware NSX
An Introduction to VMware NSXAn Introduction to VMware NSX
An Introduction to VMware NSXScott Lowe
 
VMworld 2016: How to Deploy VMware NSX with Cisco Infrastructure
VMworld 2016: How to Deploy VMware NSX with Cisco InfrastructureVMworld 2016: How to Deploy VMware NSX with Cisco Infrastructure
VMworld 2016: How to Deploy VMware NSX with Cisco InfrastructureVMworld
 
The Vision for the Future of Network Virtualization with VMware NSX
The Vision for the Future of Network Virtualization with VMware NSXThe Vision for the Future of Network Virtualization with VMware NSX
The Vision for the Future of Network Virtualization with VMware NSXScott Lowe
 
IaaS with Software Defined Networking
IaaS with Software Defined NetworkingIaaS with Software Defined Networking
IaaS with Software Defined NetworkingPrasenjit Sarkar
 

Empfohlen

VMUG.IT Meeting Napoli - Opening
VMUG.IT Meeting Napoli - OpeningVMUG.IT Meeting Napoli - Opening
VMUG.IT Meeting Napoli - OpeningAndrea Mauro
 
Si fa presto a dire SDDC: come, quando e perché?
Si fa presto a dire SDDC: come, quando e perché?Si fa presto a dire SDDC: come, quando e perché?
Si fa presto a dire SDDC: come, quando e perché?Andrea Mauro
 
VMworld 2013: Virtualized Network Services Model with VMware NSX
VMworld 2013: Virtualized Network Services Model with VMware NSX VMworld 2013: Virtualized Network Services Model with VMware NSX
VMworld 2013: Virtualized Network Services Model with VMware NSX VMworld
 
VMworld 2013: VMware NSX Integration with OpenStack
VMworld 2013: VMware NSX Integration with OpenStack VMworld 2013: VMware NSX Integration with OpenStack
VMworld 2013: VMware NSX Integration with OpenStack VMworld
 
An Introduction to VMware NSX
An Introduction to VMware NSXAn Introduction to VMware NSX
An Introduction to VMware NSXScott Lowe
 
VMworld 2016: How to Deploy VMware NSX with Cisco Infrastructure
VMworld 2016: How to Deploy VMware NSX with Cisco InfrastructureVMworld 2016: How to Deploy VMware NSX with Cisco Infrastructure
VMworld 2016: How to Deploy VMware NSX with Cisco InfrastructureVMworld
 
The Vision for the Future of Network Virtualization with VMware NSX
The Vision for the Future of Network Virtualization with VMware NSXThe Vision for the Future of Network Virtualization with VMware NSX
The Vision for the Future of Network Virtualization with VMware NSXScott Lowe
 
IaaS with Software Defined Networking
IaaS with Software Defined NetworkingIaaS with Software Defined Networking
IaaS with Software Defined NetworkingPrasenjit Sarkar
 
The Future of Cloud Networking is VMware NSX
The Future of Cloud Networking is VMware NSXThe Future of Cloud Networking is VMware NSX
The Future of Cloud Networking is VMware NSXScott Lowe
 
VMUGbe 21 Filip Verloy
VMUGbe 21 Filip VerloyVMUGbe 21 Filip Verloy
VMUGbe 21 Filip VerloyFilip Verloy
 
VMworld 2013: Real-world Deployment Scenarios for VMware NSX
VMworld 2013: Real-world Deployment Scenarios for VMware NSX VMworld 2013: Real-world Deployment Scenarios for VMware NSX
VMworld 2013: Real-world Deployment Scenarios for VMware NSX VMworld
 
Software Defined Networking (SDN) with VMware NSX
Software Defined Networking (SDN) with VMware NSXSoftware Defined Networking (SDN) with VMware NSX
Software Defined Networking (SDN) with VMware NSXZivaro Inc
 
NSX 9 Core Use Cases
NSX 9 Core Use CasesNSX 9 Core Use Cases
NSX 9 Core Use CasesKevin Groat
 
NSX-MH
NSX-MHNSX-MH
NSX-MHsethuraman ramanathan
 
VMworld 2014: VMware NSX and vCloud Automation Center Integration Technical D...
VMworld 2014: VMware NSX and vCloud Automation Center Integration Technical D...VMworld 2014: VMware NSX and vCloud Automation Center Integration Technical D...
VMworld 2014: VMware NSX and vCloud Automation Center Integration Technical D...VMworld
 
Network Virtualization with VMware NSX
Network Virtualization with VMware NSXNetwork Virtualization with VMware NSX
Network Virtualization with VMware NSXScott Lowe
 
VMworld 2015: The Future of Network Virtualization with VMware NSX
VMworld 2015: The Future of Network Virtualization with VMware NSXVMworld 2015: The Future of Network Virtualization with VMware NSX
VMworld 2015: The Future of Network Virtualization with VMware NSXVMworld
 
VMware NSX primer 2014
VMware NSX primer 2014VMware NSX primer 2014
VMware NSX primer 2014Sanjay Basu
 
VMware NSX + Cumulus Networks: Software Defined Networking
VMware NSX + Cumulus Networks: Software Defined NetworkingVMware NSX + Cumulus Networks: Software Defined Networking
VMware NSX + Cumulus Networks: Software Defined NetworkingCumulus Networks
 
VMworld 2013: Operational Best Practices for NSX in VMware Environments
VMworld 2013: Operational Best Practices for NSX in VMware Environments VMworld 2013: Operational Best Practices for NSX in VMware Environments
VMworld 2013: Operational Best Practices for NSX in VMware Environments VMworld
 
VMworld 2013: Advanced VMware NSX Architecture
VMworld 2013: Advanced VMware NSX Architecture VMworld 2013: Advanced VMware NSX Architecture
VMworld 2013: Advanced VMware NSX Architecture VMworld
 
VMworld Europe 2014: Advanced Network Services with NSX
VMworld Europe 2014: Advanced Network Services with NSXVMworld Europe 2014: Advanced Network Services with NSX
VMworld Europe 2014: Advanced Network Services with NSXVMworld
 
VMware NSX - Lessons Learned from real project
VMware NSX - Lessons Learned from real projectVMware NSX - Lessons Learned from real project
VMware NSX - Lessons Learned from real projectDavid Pasek
 
Self service it with v realizeautomation and nsx
Self service it with v realizeautomation and nsxSelf service it with v realizeautomation and nsx
Self service it with v realizeautomation and nsxsolarisyougood
 
VMworld 2015: VMware NSX Deep Dive
VMworld 2015: VMware NSX Deep DiveVMworld 2015: VMware NSX Deep Dive
VMworld 2015: VMware NSX Deep DiveVMworld
 
VMworld 2014: Introduction to NSX
VMworld 2014: Introduction to NSXVMworld 2014: Introduction to NSX
VMworld 2014: Introduction to NSXVMworld
 
VMware NSX 101: What, Why & How
VMware NSX 101: What, Why & HowVMware NSX 101: What, Why & How
VMware NSX 101: What, Why & HowAniekan Akpaffiong
 
SEC8022_Securing_SDDC_NSX_Hammad_Shahzad
SEC8022_Securing_SDDC_NSX_Hammad_ShahzadSEC8022_Securing_SDDC_NSX_Hammad_Shahzad
SEC8022_Securing_SDDC_NSX_Hammad_Shahzadshezy22
 
VMworld 2015: VMware NSX Deep Dive
VMworld 2015: VMware NSX Deep DiveVMworld 2015: VMware NSX Deep Dive
VMworld 2015: VMware NSX Deep DiveVMworld
 
VMware nsx network virtualization tool
VMware nsx network virtualization toolVMware nsx network virtualization tool
VMware nsx network virtualization toolDaljeet Singh Randhawa
 

Weitere ähnliche Inhalte

Was ist angesagt?

The Future of Cloud Networking is VMware NSX
The Future of Cloud Networking is VMware NSXThe Future of Cloud Networking is VMware NSX
The Future of Cloud Networking is VMware NSXScott Lowe
 
VMUGbe 21 Filip Verloy
VMUGbe 21 Filip VerloyVMUGbe 21 Filip Verloy
VMUGbe 21 Filip VerloyFilip Verloy
 
VMworld 2013: Real-world Deployment Scenarios for VMware NSX
VMworld 2013: Real-world Deployment Scenarios for VMware NSX VMworld 2013: Real-world Deployment Scenarios for VMware NSX
VMworld 2013: Real-world Deployment Scenarios for VMware NSX VMworld
 
Software Defined Networking (SDN) with VMware NSX
Software Defined Networking (SDN) with VMware NSXSoftware Defined Networking (SDN) with VMware NSX
Software Defined Networking (SDN) with VMware NSXZivaro Inc
 
NSX 9 Core Use Cases
NSX 9 Core Use CasesNSX 9 Core Use Cases
NSX 9 Core Use CasesKevin Groat
 
VMworld 2014: VMware NSX and vCloud Automation Center Integration Technical D...
VMworld 2014: VMware NSX and vCloud Automation Center Integration Technical D...VMworld 2014: VMware NSX and vCloud Automation Center Integration Technical D...
VMworld 2014: VMware NSX and vCloud Automation Center Integration Technical D...VMworld
 
Network Virtualization with VMware NSX
Network Virtualization with VMware NSXNetwork Virtualization with VMware NSX
Network Virtualization with VMware NSXScott Lowe
 
VMworld 2015: The Future of Network Virtualization with VMware NSX
VMworld 2015: The Future of Network Virtualization with VMware NSXVMworld 2015: The Future of Network Virtualization with VMware NSX
VMworld 2015: The Future of Network Virtualization with VMware NSXVMworld
 
VMware NSX primer 2014
VMware NSX primer 2014VMware NSX primer 2014
VMware NSX primer 2014Sanjay Basu
 
VMware NSX + Cumulus Networks: Software Defined Networking
VMware NSX + Cumulus Networks: Software Defined NetworkingVMware NSX + Cumulus Networks: Software Defined Networking
VMware NSX + Cumulus Networks: Software Defined NetworkingCumulus Networks
 
VMworld 2013: Operational Best Practices for NSX in VMware Environments
VMworld 2013: Operational Best Practices for NSX in VMware Environments VMworld 2013: Operational Best Practices for NSX in VMware Environments
VMworld 2013: Operational Best Practices for NSX in VMware Environments VMworld
 
VMworld 2013: Advanced VMware NSX Architecture
VMworld 2013: Advanced VMware NSX Architecture VMworld 2013: Advanced VMware NSX Architecture
VMworld 2013: Advanced VMware NSX Architecture VMworld
 
VMworld Europe 2014: Advanced Network Services with NSX
VMworld Europe 2014: Advanced Network Services with NSXVMworld Europe 2014: Advanced Network Services with NSX
VMworld Europe 2014: Advanced Network Services with NSXVMworld
 
VMware NSX - Lessons Learned from real project
VMware NSX - Lessons Learned from real projectVMware NSX - Lessons Learned from real project
VMware NSX - Lessons Learned from real projectDavid Pasek
 
Self service it with v realizeautomation and nsx
Self service it with v realizeautomation and nsxSelf service it with v realizeautomation and nsx
Self service it with v realizeautomation and nsxsolarisyougood
 
VMworld 2015: VMware NSX Deep Dive
VMworld 2015: VMware NSX Deep DiveVMworld 2015: VMware NSX Deep Dive
VMworld 2015: VMware NSX Deep DiveVMworld
 
VMworld 2014: Introduction to NSX
VMworld 2014: Introduction to NSXVMworld 2014: Introduction to NSX
VMworld 2014: Introduction to NSXVMworld
 
VMware NSX 101: What, Why & How
VMware NSX 101: What, Why & HowVMware NSX 101: What, Why & How
VMware NSX 101: What, Why & HowAniekan Akpaffiong
 
SEC8022_Securing_SDDC_NSX_Hammad_Shahzad
SEC8022_Securing_SDDC_NSX_Hammad_ShahzadSEC8022_Securing_SDDC_NSX_Hammad_Shahzad
SEC8022_Securing_SDDC_NSX_Hammad_Shahzadshezy22
 

Was ist angesagt? (20)

The Future of Cloud Networking is VMware NSX
The Future of Cloud Networking is VMware NSXThe Future of Cloud Networking is VMware NSX
The Future of Cloud Networking is VMware NSX
 
VMUGbe 21 Filip Verloy
VMUGbe 21 Filip VerloyVMUGbe 21 Filip Verloy
VMUGbe 21 Filip Verloy
 
VMworld 2013: Real-world Deployment Scenarios for VMware NSX
VMworld 2013: Real-world Deployment Scenarios for VMware NSX VMworld 2013: Real-world Deployment Scenarios for VMware NSX
VMworld 2013: Real-world Deployment Scenarios for VMware NSX
 
Software Defined Networking (SDN) with VMware NSX
Software Defined Networking (SDN) with VMware NSXSoftware Defined Networking (SDN) with VMware NSX
Software Defined Networking (SDN) with VMware NSX
 
NSX 9 Core Use Cases
NSX 9 Core Use CasesNSX 9 Core Use Cases
NSX 9 Core Use Cases
 
NSX-MH
NSX-MHNSX-MH
NSX-MH
 
VMworld 2014: VMware NSX and vCloud Automation Center Integration Technical D...
VMworld 2014: VMware NSX and vCloud Automation Center Integration Technical D...VMworld 2014: VMware NSX and vCloud Automation Center Integration Technical D...
VMworld 2014: VMware NSX and vCloud Automation Center Integration Technical D...
 
Network Virtualization with VMware NSX
Network Virtualization with VMware NSXNetwork Virtualization with VMware NSX
Network Virtualization with VMware NSX
 
VMworld 2015: The Future of Network Virtualization with VMware NSX
VMworld 2015: The Future of Network Virtualization with VMware NSXVMworld 2015: The Future of Network Virtualization with VMware NSX
VMworld 2015: The Future of Network Virtualization with VMware NSX
 
VMware NSX primer 2014
VMware NSX primer 2014VMware NSX primer 2014
VMware NSX primer 2014
 
VMware NSX + Cumulus Networks: Software Defined Networking
VMware NSX + Cumulus Networks: Software Defined NetworkingVMware NSX + Cumulus Networks: Software Defined Networking
VMware NSX + Cumulus Networks: Software Defined Networking
 
VMworld 2013: Operational Best Practices for NSX in VMware Environments
VMworld 2013: Operational Best Practices for NSX in VMware Environments VMworld 2013: Operational Best Practices for NSX in VMware Environments
VMworld 2013: Operational Best Practices for NSX in VMware Environments
 
VMworld 2013: Advanced VMware NSX Architecture
VMworld 2013: Advanced VMware NSX Architecture VMworld 2013: Advanced VMware NSX Architecture
VMworld 2013: Advanced VMware NSX Architecture
 
VMworld Europe 2014: Advanced Network Services with NSX
VMworld Europe 2014: Advanced Network Services with NSXVMworld Europe 2014: Advanced Network Services with NSX
VMworld Europe 2014: Advanced Network Services with NSX
 
VMware NSX - Lessons Learned from real project
VMware NSX - Lessons Learned from real projectVMware NSX - Lessons Learned from real project
VMware NSX - Lessons Learned from real project
 
Self service it with v realizeautomation and nsx
Self service it with v realizeautomation and nsxSelf service it with v realizeautomation and nsx
Self service it with v realizeautomation and nsx
 
VMworld 2015: VMware NSX Deep Dive
VMworld 2015: VMware NSX Deep DiveVMworld 2015: VMware NSX Deep Dive
VMworld 2015: VMware NSX Deep Dive
 
VMworld 2014: Introduction to NSX
VMworld 2014: Introduction to NSXVMworld 2014: Introduction to NSX
VMworld 2014: Introduction to NSX
 
VMware NSX 101: What, Why & How
VMware NSX 101: What, Why & HowVMware NSX 101: What, Why & How
VMware NSX 101: What, Why & How
 
SEC8022_Securing_SDDC_NSX_Hammad_Shahzad
SEC8022_Securing_SDDC_NSX_Hammad_ShahzadSEC8022_Securing_SDDC_NSX_Hammad_Shahzad
SEC8022_Securing_SDDC_NSX_Hammad_Shahzad
 

Ähnlich wie NSX: La Virtualizzazione di Rete e il Futuro della Sicurezza

VMworld 2015: VMware NSX Deep Dive
VMworld 2015: VMware NSX Deep DiveVMworld 2015: VMware NSX Deep Dive
VMworld 2015: VMware NSX Deep DiveVMworld
 
VMware nsx network virtualization tool
VMware nsx network virtualization toolVMware nsx network virtualization tool
VMware nsx network virtualization toolDaljeet Singh Randhawa
 
VMworld 2013: Bringing Network Virtualization to VMware Environments with NSX
VMworld 2013: Bringing Network Virtualization to VMware Environments with NSX VMworld 2013: Bringing Network Virtualization to VMware Environments with NSX
VMworld 2013: Bringing Network Virtualization to VMware Environments with NSX VMworld
 
VMUG - NSX Architettura e Design
VMUG - NSX Architettura e DesignVMUG - NSX Architettura e Design
VMUG - NSX Architettura e DesignVMUG IT
 
OVHcloud Hosted Private Cloud Platform Network use cases with VMware NSX
OVHcloud Hosted Private Cloud Platform Network use cases with VMware NSXOVHcloud Hosted Private Cloud Platform Network use cases with VMware NSX
OVHcloud Hosted Private Cloud Platform Network use cases with VMware NSXOVHcloud
 
Tech Talk by John Casey (CTO) CPLANE_NETWORKS : High Performance OpenStack Ne...
Tech Talk by John Casey (CTO) CPLANE_NETWORKS : High Performance OpenStack Ne...Tech Talk by John Casey (CTO) CPLANE_NETWORKS : High Performance OpenStack Ne...
Tech Talk by John Casey (CTO) CPLANE_NETWORKS : High Performance OpenStack Ne...nvirters
 
The Data Center Network Evolution
The Data Center Network EvolutionThe Data Center Network Evolution
The Data Center Network EvolutionCisco Canada
 
[OpenStack Day in Korea 2015] Track 2-3 - 오픈스택 클라우드에 최적화된 네트워크 가상화 '누아지(Nuage)'
[OpenStack Day in Korea 2015] Track 2-3 - 오픈스택 클라우드에 최적화된 네트워크 가상화 '누아지(Nuage)'[OpenStack Day in Korea 2015] Track 2-3 - 오픈스택 클라우드에 최적화된 네트워크 가상화 '누아지(Nuage)'
[OpenStack Day in Korea 2015] Track 2-3 - 오픈스택 클라우드에 최적화된 네트워크 가상화 '누아지(Nuage)'OpenStack Korea Community
 
Reference design for v mware nsx
Reference design for v mware nsxReference design for v mware nsx
Reference design for v mware nsxsolarisyougood
 
VMworld 2014: Advanced Topics & Future Directions in Network Virtualization w...
VMworld 2014: Advanced Topics & Future Directions in Network Virtualization w...VMworld 2014: Advanced Topics & Future Directions in Network Virtualization w...
VMworld 2014: Advanced Topics & Future Directions in Network Virtualization w...VMworld
 
VMworld 2013: Designing Network Virtualization for Data-Centers: Greenfield D...
VMworld 2013: Designing Network Virtualization for Data-Centers: Greenfield D...VMworld 2013: Designing Network Virtualization for Data-Centers: Greenfield D...
VMworld 2013: Designing Network Virtualization for Data-Centers: Greenfield D...VMworld
 
VMworld 2013: Deploying VMware NSX Network Virtualization
VMworld 2013: Deploying VMware NSX Network Virtualization VMworld 2013: Deploying VMware NSX Network Virtualization
VMworld 2013: Deploying VMware NSX Network Virtualization VMworld
 
Understanding and deploying Network Virtualization
Understanding and deploying Network VirtualizationUnderstanding and deploying Network Virtualization
Understanding and deploying Network VirtualizationSDN Hub
 
Operators experience and perspective on SDN with VLANs and L3 Networks
Operators experience and perspective on SDN with VLANs and L3 NetworksOperators experience and perspective on SDN with VLANs and L3 Networks
Operators experience and perspective on SDN with VLANs and L3 NetworksJakub Pavlik
 
Banv meetup-contrail
Banv meetup-contrailBanv meetup-contrail
Banv meetup-contrailnvirters
 
Open stack networking_101_update_2014-os-meetups
Open stack networking_101_update_2014-os-meetupsOpen stack networking_101_update_2014-os-meetups
Open stack networking_101_update_2014-os-meetupsyfauser
 
VMworld 2013: An Introduction to Network Virtualization
VMworld 2013: An Introduction to Network Virtualization VMworld 2013: An Introduction to Network Virtualization
VMworld 2013: An Introduction to Network Virtualization VMworld
 
Understanding network and service virtualization
Understanding network and service virtualizationUnderstanding network and service virtualization
Understanding network and service virtualizationSDN Hub
 
Design and Deployment of Enterprise WLANs
Design and Deployment of Enterprise WLANsDesign and Deployment of Enterprise WLANs
Design and Deployment of Enterprise WLANsFab Fusaro
 

Ähnlich wie NSX: La Virtualizzazione di Rete e il Futuro della Sicurezza (20)

VMworld 2015: VMware NSX Deep Dive
VMworld 2015: VMware NSX Deep DiveVMworld 2015: VMware NSX Deep Dive
VMworld 2015: VMware NSX Deep Dive
 
VMware nsx network virtualization tool
VMware nsx network virtualization toolVMware nsx network virtualization tool
VMware nsx network virtualization tool
 
VMworld 2013: Bringing Network Virtualization to VMware Environments with NSX
VMworld 2013: Bringing Network Virtualization to VMware Environments with NSX VMworld 2013: Bringing Network Virtualization to VMware Environments with NSX
VMworld 2013: Bringing Network Virtualization to VMware Environments with NSX
 
VMUG - NSX Architettura e Design
VMUG - NSX Architettura e DesignVMUG - NSX Architettura e Design
VMUG - NSX Architettura e Design
 
OVHcloud Hosted Private Cloud Platform Network use cases with VMware NSX
OVHcloud Hosted Private Cloud Platform Network use cases with VMware NSXOVHcloud Hosted Private Cloud Platform Network use cases with VMware NSX
OVHcloud Hosted Private Cloud Platform Network use cases with VMware NSX
 
Tech Talk by John Casey (CTO) CPLANE_NETWORKS : High Performance OpenStack Ne...
Tech Talk by John Casey (CTO) CPLANE_NETWORKS : High Performance OpenStack Ne...Tech Talk by John Casey (CTO) CPLANE_NETWORKS : High Performance OpenStack Ne...
Tech Talk by John Casey (CTO) CPLANE_NETWORKS : High Performance OpenStack Ne...
 
The Data Center Network Evolution
The Data Center Network EvolutionThe Data Center Network Evolution
The Data Center Network Evolution
 
[OpenStack Day in Korea 2015] Track 2-3 - 오픈스택 클라우드에 최적화된 네트워크 가상화 '누아지(Nuage)'
[OpenStack Day in Korea 2015] Track 2-3 - 오픈스택 클라우드에 최적화된 네트워크 가상화 '누아지(Nuage)'[OpenStack Day in Korea 2015] Track 2-3 - 오픈스택 클라우드에 최적화된 네트워크 가상화 '누아지(Nuage)'
[OpenStack Day in Korea 2015] Track 2-3 - 오픈스택 클라우드에 최적화된 네트워크 가상화 '누아지(Nuage)'
 
Reference design for v mware nsx
Reference design for v mware nsxReference design for v mware nsx
Reference design for v mware nsx
 
VMworld 2014: Advanced Topics & Future Directions in Network Virtualization w...
VMworld 2014: Advanced Topics & Future Directions in Network Virtualization w...VMworld 2014: Advanced Topics & Future Directions in Network Virtualization w...
VMworld 2014: Advanced Topics & Future Directions in Network Virtualization w...
 
VMworld 2013: Designing Network Virtualization for Data-Centers: Greenfield D...
VMworld 2013: Designing Network Virtualization for Data-Centers: Greenfield D...VMworld 2013: Designing Network Virtualization for Data-Centers: Greenfield D...
VMworld 2013: Designing Network Virtualization for Data-Centers: Greenfield D...
 
VMworld 2013: Deploying VMware NSX Network Virtualization
VMworld 2013: Deploying VMware NSX Network Virtualization VMworld 2013: Deploying VMware NSX Network Virtualization
VMworld 2013: Deploying VMware NSX Network Virtualization
 
A consolidated virtualization approach to deploying distributed cloud networks
A consolidated virtualization approach to deploying distributed cloud networksA consolidated virtualization approach to deploying distributed cloud networks
A consolidated virtualization approach to deploying distributed cloud networks
 
Understanding and deploying Network Virtualization
Understanding and deploying Network VirtualizationUnderstanding and deploying Network Virtualization
Understanding and deploying Network Virtualization
 
Operators experience and perspective on SDN with VLANs and L3 Networks
Operators experience and perspective on SDN with VLANs and L3 NetworksOperators experience and perspective on SDN with VLANs and L3 Networks
Operators experience and perspective on SDN with VLANs and L3 Networks
 
Banv meetup-contrail
Banv meetup-contrailBanv meetup-contrail
Banv meetup-contrail
 
Open stack networking_101_update_2014-os-meetups
Open stack networking_101_update_2014-os-meetupsOpen stack networking_101_update_2014-os-meetups
Open stack networking_101_update_2014-os-meetups
 
VMworld 2013: An Introduction to Network Virtualization
VMworld 2013: An Introduction to Network Virtualization VMworld 2013: An Introduction to Network Virtualization
VMworld 2013: An Introduction to Network Virtualization
 
Understanding network and service virtualization
Understanding network and service virtualizationUnderstanding network and service virtualization
Understanding network and service virtualization
 
Design and Deployment of Enterprise WLANs
Design and Deployment of Enterprise WLANsDesign and Deployment of Enterprise WLANs
Design and Deployment of Enterprise WLANs
 

Mehr von VMUG IT

04 vmugit aprile_2018_raff_poltronieri
04 vmugit aprile_2018_raff_poltronieri04 vmugit aprile_2018_raff_poltronieri
04 vmugit aprile_2018_raff_poltronieriVMUG IT
 
03 vmugit aprile_2018_veeam
03 vmugit aprile_2018_veeam03 vmugit aprile_2018_veeam
03 vmugit aprile_2018_veeamVMUG IT
 
02 vmugit aprile_2018_il_restodelcarlino
02 vmugit aprile_2018_il_restodelcarlino02 vmugit aprile_2018_il_restodelcarlino
02 vmugit aprile_2018_il_restodelcarlinoVMUG IT
 
01 vmugit aprile_2018_bologna_benvenuto
01 vmugit aprile_2018_bologna_benvenuto01 vmugit aprile_2018_bologna_benvenuto
01 vmugit aprile_2018_bologna_benvenutoVMUG IT
 
07 vmugit aprile_2018_massimiliano_moschini
07 vmugit aprile_2018_massimiliano_moschini07 vmugit aprile_2018_massimiliano_moschini
07 vmugit aprile_2018_massimiliano_moschiniVMUG IT
 
06 vmugit aprile_2018_alessandro_tinivelli
06 vmugit aprile_2018_alessandro_tinivelli06 vmugit aprile_2018_alessandro_tinivelli
06 vmugit aprile_2018_alessandro_tinivelliVMUG IT
 
05 vmugit aprile_2018_7_layers
05 vmugit aprile_2018_7_layers05 vmugit aprile_2018_7_layers
05 vmugit aprile_2018_7_layersVMUG IT
 
07 - VMUGIT - Lecce 2018 - Antonio Gentile, Fortinet
07 - VMUGIT - Lecce 2018 - Antonio Gentile, Fortinet07 - VMUGIT - Lecce 2018 - Antonio Gentile, Fortinet
07 - VMUGIT - Lecce 2018 - Antonio Gentile, FortinetVMUG IT
 
06 - VMUGIT - Lecce 2018 - Rodolfo Rotondo, VMware
06 - VMUGIT - Lecce 2018 - Rodolfo Rotondo, VMware06 - VMUGIT - Lecce 2018 - Rodolfo Rotondo, VMware
06 - VMUGIT - Lecce 2018 - Rodolfo Rotondo, VMwareVMUG IT
 
05 - VMUGIT - Lecce 2018 - Raff Poltronieri, CloudItalia
05 - VMUGIT - Lecce 2018 - Raff Poltronieri, CloudItalia05 - VMUGIT - Lecce 2018 - Raff Poltronieri, CloudItalia
05 - VMUGIT - Lecce 2018 - Raff Poltronieri, CloudItaliaVMUG IT
 
04 - VMUGIT - Lecce 2018 - Giampiero Petrosi, Rubrik
04 - VMUGIT - Lecce 2018 - Giampiero Petrosi, Rubrik04 - VMUGIT - Lecce 2018 - Giampiero Petrosi, Rubrik
04 - VMUGIT - Lecce 2018 - Giampiero Petrosi, RubrikVMUG IT
 
03 - VMUGIT - Lecce 2018 - Massimiliano Mortillaro, Tech Unplugged
03 - VMUGIT - Lecce 2018 - Massimiliano Mortillaro, Tech Unplugged03 - VMUGIT - Lecce 2018 - Massimiliano Mortillaro, Tech Unplugged
03 - VMUGIT - Lecce 2018 - Massimiliano Mortillaro, Tech UnpluggedVMUG IT
 
02 - VMUGIT - Lecce 2018 - Enrico Signoretti, OpenIO
02 - VMUGIT - Lecce 2018 - Enrico Signoretti, OpenIO02 - VMUGIT - Lecce 2018 - Enrico Signoretti, OpenIO
02 - VMUGIT - Lecce 2018 - Enrico Signoretti, OpenIOVMUG IT
 
01 - VMUGIT - Lecce 2018 - Fabio Rapposelli, VMware
01 - VMUGIT - Lecce 2018 - Fabio Rapposelli, VMware01 - VMUGIT - Lecce 2018 - Fabio Rapposelli, VMware
01 - VMUGIT - Lecce 2018 - Fabio Rapposelli, VMwareVMUG IT
 
00 - VMUGIT - Lecce 2018 - Intro
00 - VMUGIT - Lecce 2018 - Intro00 - VMUGIT - Lecce 2018 - Intro
00 - VMUGIT - Lecce 2018 - IntroVMUG IT
 
Luca dell'oca - italian vmug usercon 2017
Luca dell'oca - italian vmug usercon 2017 Luca dell'oca - italian vmug usercon 2017
Luca dell'oca - italian vmug usercon 2017 VMUG IT
 
Luc Dekens - Italian vmug usercon
Luc Dekens - Italian vmug usercon Luc Dekens - Italian vmug usercon
Luc Dekens - Italian vmug usercon VMUG IT
 
Gianni Resti
Gianni Resti Gianni Resti
Gianni Resti VMUG IT
 
Frank Denneman keynote
Frank Denneman keynoteFrank Denneman keynote
Frank Denneman keynoteVMUG IT
 
Vmug 2017 Guido Frabotti
Vmug 2017 Guido FrabottiVmug 2017 Guido Frabotti
Vmug 2017 Guido FrabottiVMUG IT
 

Mehr von VMUG IT (20)

04 vmugit aprile_2018_raff_poltronieri
04 vmugit aprile_2018_raff_poltronieri04 vmugit aprile_2018_raff_poltronieri
04 vmugit aprile_2018_raff_poltronieri
 
03 vmugit aprile_2018_veeam
03 vmugit aprile_2018_veeam03 vmugit aprile_2018_veeam
03 vmugit aprile_2018_veeam
 
02 vmugit aprile_2018_il_restodelcarlino
02 vmugit aprile_2018_il_restodelcarlino02 vmugit aprile_2018_il_restodelcarlino
02 vmugit aprile_2018_il_restodelcarlino
 
01 vmugit aprile_2018_bologna_benvenuto
01 vmugit aprile_2018_bologna_benvenuto01 vmugit aprile_2018_bologna_benvenuto
01 vmugit aprile_2018_bologna_benvenuto
 
07 vmugit aprile_2018_massimiliano_moschini
07 vmugit aprile_2018_massimiliano_moschini07 vmugit aprile_2018_massimiliano_moschini
07 vmugit aprile_2018_massimiliano_moschini
 
06 vmugit aprile_2018_alessandro_tinivelli
06 vmugit aprile_2018_alessandro_tinivelli06 vmugit aprile_2018_alessandro_tinivelli
06 vmugit aprile_2018_alessandro_tinivelli
 
05 vmugit aprile_2018_7_layers
05 vmugit aprile_2018_7_layers05 vmugit aprile_2018_7_layers
05 vmugit aprile_2018_7_layers
 
07 - VMUGIT - Lecce 2018 - Antonio Gentile, Fortinet
07 - VMUGIT - Lecce 2018 - Antonio Gentile, Fortinet07 - VMUGIT - Lecce 2018 - Antonio Gentile, Fortinet
07 - VMUGIT - Lecce 2018 - Antonio Gentile, Fortinet
 
06 - VMUGIT - Lecce 2018 - Rodolfo Rotondo, VMware
06 - VMUGIT - Lecce 2018 - Rodolfo Rotondo, VMware06 - VMUGIT - Lecce 2018 - Rodolfo Rotondo, VMware
06 - VMUGIT - Lecce 2018 - Rodolfo Rotondo, VMware
 
05 - VMUGIT - Lecce 2018 - Raff Poltronieri, CloudItalia
05 - VMUGIT - Lecce 2018 - Raff Poltronieri, CloudItalia05 - VMUGIT - Lecce 2018 - Raff Poltronieri, CloudItalia
05 - VMUGIT - Lecce 2018 - Raff Poltronieri, CloudItalia
 
04 - VMUGIT - Lecce 2018 - Giampiero Petrosi, Rubrik
04 - VMUGIT - Lecce 2018 - Giampiero Petrosi, Rubrik04 - VMUGIT - Lecce 2018 - Giampiero Petrosi, Rubrik
04 - VMUGIT - Lecce 2018 - Giampiero Petrosi, Rubrik
 
03 - VMUGIT - Lecce 2018 - Massimiliano Mortillaro, Tech Unplugged
03 - VMUGIT - Lecce 2018 - Massimiliano Mortillaro, Tech Unplugged03 - VMUGIT - Lecce 2018 - Massimiliano Mortillaro, Tech Unplugged
03 - VMUGIT - Lecce 2018 - Massimiliano Mortillaro, Tech Unplugged
 
02 - VMUGIT - Lecce 2018 - Enrico Signoretti, OpenIO
02 - VMUGIT - Lecce 2018 - Enrico Signoretti, OpenIO02 - VMUGIT - Lecce 2018 - Enrico Signoretti, OpenIO
02 - VMUGIT - Lecce 2018 - Enrico Signoretti, OpenIO
 
01 - VMUGIT - Lecce 2018 - Fabio Rapposelli, VMware
01 - VMUGIT - Lecce 2018 - Fabio Rapposelli, VMware01 - VMUGIT - Lecce 2018 - Fabio Rapposelli, VMware
01 - VMUGIT - Lecce 2018 - Fabio Rapposelli, VMware
 
00 - VMUGIT - Lecce 2018 - Intro
00 - VMUGIT - Lecce 2018 - Intro00 - VMUGIT - Lecce 2018 - Intro
00 - VMUGIT - Lecce 2018 - Intro
 
Luca dell'oca - italian vmug usercon 2017
Luca dell'oca - italian vmug usercon 2017 Luca dell'oca - italian vmug usercon 2017
Luca dell'oca - italian vmug usercon 2017
 
Luc Dekens - Italian vmug usercon
Luc Dekens - Italian vmug usercon Luc Dekens - Italian vmug usercon
Luc Dekens - Italian vmug usercon
 
Gianni Resti
Gianni Resti Gianni Resti
Gianni Resti
 
Frank Denneman keynote
Frank Denneman keynoteFrank Denneman keynote
Frank Denneman keynote
 
Vmug 2017 Guido Frabotti
Vmug 2017 Guido FrabottiVmug 2017 Guido Frabotti
Vmug 2017 Guido Frabotti
 

Kürzlich hochgeladen

Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESmohitsingh558521
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfPrecisely
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxBkGupta21
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfLoriGlavin3
 

Kürzlich hochgeladen (20)

Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptx
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
 

NSX: La Virtualizzazione di Rete e il Futuro della Sicurezza

  • 1. © 2016 VMware Inc. All rights reserved. NSX La Virtualizzazione di Rete e il Futuro della Sicurezza Luca Morelli Sr. Systems Engineer @ VMware
  • 2. Qualche Info sullo Speaker… © 2016 VMware Inc. All rights reserved. 2 •  Nato a Catanzaro, la città delle 3 V, circa 37 anni fà •  Ingegnere Informatico – Università di Rende •  Nell’IT da circa 15 anni – Esperienze in Spagna, Francia, Olanda e altri paesi •  Iniziato con lo sviluppo software quindi prevendita da circa 8 anni •  Quasi 7 anni con un vendor di rete “fisica” •  “Virtualizzato” dal Gennaio 2015 •  Appassionato di subacquea, apnea, arrampicata e della mia splendida compagna •  Aggiungetemi su LinkedIn (Non solo NSX)
  • 3. Agenda 3 1 La Visione di VMware nel Software Defined Data Center 2 Introduzione alla Virtualizzazione di Rete con NSX 3 Il Paradigma della Micro-Segmentazione 4 Principali Casi d’Uso © 2016 VMware Inc. All rights reserved.
  • 4. Software-Defined Data Center (SDDC) The Foundation of the New Model of IT © 2016 VMware Inc. All rights reserved. 4 Any Application One Cloud Any Device Build-Your-Own Converged Infrastructure Hyper-Converged Infrastructure Software-Defined Data Center Cloud Management Compute Network Storage Extensibility Traditional Applications Modern, Cloud Applications Business Mobility: Applications | Devices | Content Hybrid Cloud PRIVATE Your Data Center PUBLIC vCloud Air MANAGED vCloud Air Network
  • 5. Compute Virtualization Abstraction Layer The Network Is a Barrier to Software Defined Data Center!! Physical Network Software Defined Data Center •  Provisioning is slow •  Mobility is limited •  Hardware dependent •  Operationally intensive 5 Servers © 2016 VMware Inc. All rights reserved.
  • 6. NSX - Distributed Services in the Hypervisor Applications Virtual Machines Virtual Networks Virtual Storage Data Center Virtualization Location Independence Software Hardware L2 Switching L3 Routing Firewalling/ACLs Load Balancing Automated operational model of the SDDC Network & Security Services Now in the Hypervisor Pooled compute, network and storage capacity; Vendor independent, best price/perf; Simplified config and mgt. Compute Capacity Network Capacity Storage Capacity © 2016 VMware Inc. All rights reserved.
  • 7. NSX Logical Switching •  Per Application/Multi-tenant segmentation •  VM Mobility requires L2 everywhere •  Large L2 Physical Network Sprawl – STP Issues •  HW Memory (MAC, FIB) Table Limits •  Scalable Multi-tenancy across data center •  Enabling L2 over L3 Infrastructure •  Overlay Based with VXLAN, etc. •  Logical Switches span across Physical Hosts and Network Switches Challenges Benefits VMware NSX Logical Switch 1 Logical Switch 2 Logical Switch 3
  • 8. Generic IP Fabric Host A vSphere Distributed Switch NSX and VXLAN 8 dvUplink-PG Logical SW A VM1 dvPG-VTEP VXLAN VTEP •  VXLAN can be seen as service on the host •  VXLAN uses a vmknic and implements a VXLAN Virtual Tunnel End Point (VTEP) functionality •  Depending on the uplink configuration, there might be several VTEPs on a host –  A single dvPortGroup is created for all VTEPs •  A logical switch is a L2 broadcast domain implemented using VXLAN –  A dvPortGroup is created for each logical switch
  • 9. Generic IP Fabric Host A Host B vSphere Distributed Switch Traffic Flowing on a VXLAN Backed VDS 9 •  In this setup, VM1 and VM2 are on different hosts but belong to the same logical switch •  A VXLAN tunnel is established between the two hosts dvUplink-PG Logical SW A VM1 dvUplink-PG dvPG-VTEP VTEP dvPG-VTEP VTEP VXLAN Tunnel Logical SW A VM2
  • 10. Host BHost A vSphere Distributed Switch Traffic Flowing on a VXLAN Backed VDS 10 •  Assume VM1 sends some traffic to VM2: dvUplink-PG Logical SW A VM1 dvUplink-PG dvPG-VTEP VTEP dvPG-VTEP VTEP Logical SW A VM2L2 frame L2 frame VM1 sends L2 frame to local VTEP1 VTEP adds VXLAN, UDP & IP headers2 Physical Transport Network forwards as a regular IP packet 3 Destination Hypervisor VTEP decapsulates frame4 L2 frame delivered to VM25 Generic IP Fabric VXLAN Tunnel IP/UDP/VXLAN L2 frame
  • 11. NSX Routing: Distributed, Feature-Rich •  Physical Infrastructure Scale Challenges – Routing Scale •  VM Mobility is a challenge •  Multi-Tenant Routing Complexity •  Traffic hair-pins Challenges •  Distributed Routing in Hypervisor •  Dynamic, API based Configuration •  Full featured – OSPF, BGP, IS-IS •  Logical Router per Tenant •  Routing Peering with Physical Switch Benefits SCALABLE ROUTING – Simplifying Multi-tenancy L2 L2 Tenant A Tenant B L2 L2 L2 Tenant C L2 L2 L2 CMP
  • 12. NSX vSwitch With NSXBefore NSX Default Gateway UCS Fabric A UCS Fabric B UCS Blade 1 vswitch 6 wire hops 6 wire hops UCS Fabric A UCS Fabric B UCS Blade 1 UCS Blade 2 vswitch vswitch UCS Fabric A UCS Fabric B 0 wire hops UCS Fabric A UCS Fabric B UCS Blade 1 UCS Blade 2 With NSXBefore NSX East-West Routing / Same host East-West Routing / Host to host 2 wire hops NSX vSwitch UCS Blade 1 The Advantage of Distributing Services Routing - more efficient networking, fewer hops Default Gateway Default Gateway Default Gateway © 2016 VMware Inc. All rights reserved.
  • 13. NSX Edge Services Gateway: Integrated Network Services …. Firewall Load Balancer VPN Routing/NAT DHCP/DNS relayDDI VM VM VM VM VM •  Integrated L3 – L7 services •  Virtual appliance model to provide rapid deployment and scale-out Overview •  Real time service instantiation •  Support for dynamic service differentiation per tenant/application •  Uses x86 compute capacity Benefits
  • 14. VLAN 20 Edge Uplink External Network Physical Router Web1 App1 DB1 Webn Appn DBn NSX Edge VXLAN 5020 Transit Link Distributed Routing RoutingPeering 14 How it looks like a Basic NSX Topology …
  • 15. High Scale Multi Tenant Topology External Network Tenant 1 Web Logical Switch App Logical Switch DB Logical Switch … Web Logical Switch App Logical Switch DB Logical Switch Tenant NSX Edge Services Gateway NSX Edge X-Large (Route Aggregation Layer) Tenant NSX Edge Services Gateway VXLAN Uplinks (or VXLAN Trunk) VXLAN Uplinks (or VXLAN Trunk) VXLAN 5100 Transit 15
  • 16. NSX provides Highest Level of Visibility in the Network 16 Log Insight NSX content pack Native capabilities Integration with partner ecosystem NSX API Syslog IPFIX Port mirroring SNMP Traceflow And more. vRealize Operations Suite
  • 17. How do I manage NSX ? 17
  • 18. Traditional approaches to Micro-Segmentation 18 Centralized firewalls •  Create firewall rules before provisioning •  Update firewall rules when moving or changing •  Delete firewall rules when app decommissioned •  Problem increases with more east-west traffic Internet
  • 19. Internet How an SDDC approach makes Micro-Segmentation feasible 19 Security policy Perimeter firewalls Cloud Management Platform
  • 20. NSX Distributed Firewalling •  Centralized Firewall Model •  Static Configuration •  IP Address based Rules •  40 Gbps per Appliance •  Lack of visibility with encapsulated traffic •  Distributed at Hypervisor Level •  Dynamic, API based Configuration •  VM Name, VC Objects, Identity-based Rules •  Line Rate ~20 Gbps per host •  Full Visibility to encapsulated traffic Challenges Benefits PHYSICAL SECURITY MODEL DISTRIBUTED FIREWALLING Firewall Mgmt VMware NSX API CMP
  • 21. NSX Distributed Firewall Enablement DFW enforces rules at vNIC layer: •  DFW independent of transport network (VLAN or VXLAN) •  All VM ingress and egress packets are subject to DFW processing •  Security Policy independent of VM location •  V-to-V and P-to-V support 21 DFW has NO Dependancy on Network Topology ! VXLAN 5001 vSphere Host VM1 MAC1 IP1 VTEP IP: 10.20.10.10 vSphere Distributed Switch vSphere Host VM2 VTEP IP: 10.20.10.11 VM3 MAC2 IP2 MAC3 IP3 DFW Policy Rules: Source Destination Service Action VM1 VM2, VM3 TCP port 123 Allow VM1 VM2, VM3 any Block DVS port-group vSphere Host VM1 MAC1 IP1 VTEP IP: 10.20.10.10 vSphere Distributed Switch vSphere Host VM2 VTEP IP: 10.20.10.11 VM3 MAC2 IP2 MAC3 IP3 DFW Policy Rules: Source Destination Service Action VM1 VM2, VM3 TCP port 123 Allow VM1 VM2, VM3 any Block VLAN 501 VLAN 501 VLAN 501 VXLAN 5001 Logical Switch VXLAN 5001
  • 22. CONFIDENTIAL NSX DFW Policy Objects •  Policy rules construct: •  Rich dynamic container based rules apart from just IP addresses: VC containers •  Clusters •  datacenters •  Portgroups •  VXLAN VM containers •  VM names •  VM tags •  VM attributes Identity •  AD Groups IPv6 compliant •  IPv6 address •  IPv6 sets Services •  Protocol •  Ports •  Custom IPv6 Services Choice of PEP (Policy Enforcement Point) •  Clusters •  VXLAN •  vNICs •  … Rule ID Rule Name Source Destination Service Action Applied To Action •  Allow •  Block •  Reject 22
  • 23. 23 Configure Policies with Security Groups Select elements to uniquely identify application workloads Use attributes to create Security Groups Apply policies to security groups 1 2 3 ABC DEF Group XYZ App 1 OS: Windows 8 TAG: “Production” §  Enforce policy based on logical constructs §  Reduce configuration errors §  Policy follows VM, not IP §  Reduce rule sprawl and complexity Use security groups to abstract policy from application workloads. Group XYZ Policy 1 “IPS for Desktops” “FW for Desktops” Policy 2 “AV for Production” “FW for Production” Element type Static Dynamic Data center Virtual net Virtual machine vNIC VM name OS type User ID Security tag
  • 24. Micro-segmentation simplifies network security §  Each VM can now be its own perimeter §  Policies align with logical groups §  Prevents threats from spreading App DMZ Services DB Perimeter firewall AD NTP DHCP DNS CERT Inside firewall Finance EngineeringHR
  • 25. WAN Internet Compute Cluster Compute Cluster Perimeter Firewall (Physical) NSX EDGE Service Gateway Compute Cluster SDDC (Software Defined DC) DFW DFW DFW DFW: E-W NSX EDGE Service Gateway positioned to protect border of the SDDC: EDGE: North – South traffic protection NSX DFW positioned for internal SDDC traffic protection: DFW: East – West traffic protection Physical Virtual Compute Cluster EDGE:N-S NSX Security in SDDC 25
  • 26. Micro-segmentation in detail SegmentationIsolation Advanced services Controlled communication path within a single network •  Fine-grained enforcement of security •  Security policies based on logical groupings of VMs Advanced services: addition of 3rd party security, as needed by policy •  Platform for including leading security solutions •  Dynamic addition of advanced security to adapt to changing security conditions No communication path between unrelated networks •  No cross-talk between networks •  Overlay technology assures networks are separated by default
  • 27. Third-Party Firewall, Network Security Options for NSX Integration Src Dst Action ANY Shared Service Allow Desktop WEB_GROUP Redirect to 3rd party Platform for Distributed Services Redirect via global rule to 3rd party WEB_ GROUP “Web Policy” þ  Firewall – redirect to 3rd party þ  3rd party – do deep packet inspection Redirect via policy template, for reuse in automation workflows 3rd party can program NSX distributed firewall directly – and set/get context to inform policy 27
  • 28. Example : Orchestrating Security Between Multiple Services (Vulnerability Scan) SG: QuarantineSG: Web Servers 1.Web Server VM running IIS is deployed, unknowingly having a vulnerability 2.Vulnerability Scan is initiated on web server (3rd party AV product) 3.VM is tagged in NSX Manager with the CVE and CVSS Score 4.NSX Manager associates the VM with the Quarantine (F/W Deny) 5.[Externally] Admin applies patches, 3rd party AV product re-scans VMs, clears tag 6.NSX Manager removes the VM from Quarantine ; VM returns to it’s normal duties Services Services Membership: Include VMs which have CVSS score >= 9Membership: Include VMs which have been provisioned as “WebServer” NSX Manager antivirus antivirus
  • 29. NSX Partners and Service Categories Application Delivery Services Physical-to-Virtual Services Operations and Visibility Security NSX Partner Extensions http://www.vmware.com/products/nsx/resources.html
  • 30. Ground-breaking use cases 30 Enterprises can often justify the cost of NSX through a single use case Micro segmentation DMZ anywhere Secure end user Security IT automating IT Multi-tenant infrastructure Developer cloud IT automation Disaster recovery Metro pooling Hybrid cloud networking Application continuity IT optimization Server asset utilization Price | performance Hardware lifecycle $
  • 31. Use Case: Infrastructure Management with vRealize Automation New Features §  Simplified Multi-Tier App Deployment §  Improved Connectivity − Deployment of logical switches and networks §  Enhanced Security −  Intelligent placement of workloads in security groups protected by firewalls §  Increased Availability −  Via deployment of NSX distributed firewalls and load balancers Benefits §  Deliver secure, scalable, performing application-specific infrastructure on-demand Dynamically Provision and Decommission NSX Logical Services
  • 32. Use Case: Disaster recovery with NSX network virtualization SAN SAN 10.0.30.21 10.0.30.21 Virtual Network 10.0.30/24 Virtual Network 10.0.30/24 NSX Controller NSX Controller Snapshot network security 2b 1 Snapshot VM Network and security already exists Recover the VM 3 Physical network infrastructure Physical network infrastructure2a Replicate VM and storage 10.0.10/24 10.0.20/24 Step 1 & 2 (e.g VMware SRM) 32 Primary site Recovery Site
  • 33. Use Case: A True Hybrid Cloud powered by VMware NSX Local Data Center InternetIPSec VPN (vCloud Air Network)(vCloud Air Network) vCloud Air L2 VPN Some Benefits: •  L2VPN for DC Extension •  Granular Network Security with Trust Groups •  Bi-directional workload migration using vSphere web client 33 Some Benefits: •  Today with vCloud AIR •  Tomorrow with Amazon AWS, Azure, Google and other Public Cloud Providers
  • 34. NSX Vision: Driving NSX Everywhere Managing Security and Connectivity for many Heterogeneous End Points 34 Automation IT at the Speed of Business Security Inherently Secure Infrastructure Application Continuity Data Center Anywhere On-Premise Data Center New app frameworks Mobile Devices (Airwatch) Virtual Desktop (VDI) Branch offices (Partner) Internet of things Public clouds
  • 35. What’s Next… VMware NSX Hands-on Labs labs.hol.vmware.com 35 Explore, Engage, Evolve virtualizeyournetwork.com Network Virtualization Blog blogs.vmware.com/networkvirtualization NSX Product Page vmware.com/go/nsx NSX Training & Certification www.vmware.com/go/NVtraining NSX Technical Resources Reference Designs vmware.com/products/nsx/resources VMware NSX YouTube Channel youtube.com/user/vmwarensx VMware NSX Community communities.vmware.com/community/vmtn/nsx Play Learn Deploy