SlideShare ist ein Scribd-Unternehmen logo

VMware vCloud Air: Networking

VMware
VMware

Gain a solid understanding of VMware vCloud Air networking building blocks, and learn about connectivity options to vCloud Air. Visit the VMware Cloud Academy for more videos and resources delivered by technical subject-matter experts. http://vcloud.vmware.com/cloud-academy

Software
1 von 30
Downloaden Sie, um offline zu lesen
© 2014 VMware Inc. All rights reserved. VMware vCloud Air: Networking Formerly known as vCloud Hybrid Service
2 What’s in It for You? •  You will leave with: –  An understanding of the VMware vCloud® Air™ networking building blocks –  A strong networking foundation for building a complex hybrid cloud –  An understanding of advanced networking use cases and security
3 Agenda vCloud Air Networking •  Services Overview •  Key Components •  Network Virtualization Services •  Connectivity options to vCloud Air •  IPsec VPN •  L2 Stretching •  Direct Connect •  Advanced Use Cases •  Three tier Networking
4 Hybrid Service Basic Networking Constructs NAT FW Load Balancer IPsec DHCP Static routing Routed/Gateway networks (up to 9 networks) Isolated networks Customer’s virtual data center on vCloud Air
5 vCloud Air Cloud Options and Gateway Choices CONFIDENTIAL §  Shared Cloud •  Logically separated network, compute and storage §  5GHz CPU (burstable to 10GHz) §  20GB RAM, 2TB storage §  No virtual data center segmentation §  One Edge Gateway §  Dedicated Cloud •  Physically separated hosts •  Logically separated network and storage §  30GHz CPU, 120GB RAM, 6TB §  Segment virtual data centers based on orgs §  Multiple Edge Gateways VDC1 VDC2 VDC3 VDC4 VDC
6 Configuration Access Options CONFIDENTIAL vCloud Air Management Web Portal – for basic networking configurations
7 Configuration Access Options CONFIDENTIAL vCloud Air Management Web Portal – for basic networking configurations For Advanced configurations
8 Configuration Access Options CONFIDENTIAL vCloud Air Management Portal – for advanced networking configurations
9 vCloud Air Networking Services •  IP Addressing •  Network creation •  Firewall •  NAT •  DHCP •  Load Balancer •  VPN
10 IP Address Assignment •  IP Pool –  Pool of IPs created by default on auto generated isolated and routed networks –  Virtual machines attached to those networks get IP addresses from that default pool •  Static IP –  Fixed IP for a virtual machine –  Change configuration in VMware® vCloud Director® •  DHCP –  Part of Edge Gateway service –  Change configuration in vCloud Director –  Basic DHCP service Routed Network
11 Firewall Rules in vCloud Air
12 Firewall Rules: North-South and East-West Traffic Routed Network 1 Routed Network 2 Routed Network 3 Firewall Rules: -  By default: Deny all -  Policies for traffic that passes through the gateway Gateway •  5-tuple firewall policies (Protocol, Source/Dest. IP, Source/Dest. Port ) •  Can have multiple policies across multiple networks •  Ideal for enterprise grade application deployment
13 Network Address Translation (NAT) •  Source NAT and Destination NAT rules –  Supports multiple rules on multiple interfaces •  Can use internal/private IP space –  Bring your own internal IP space –  Create/manage subnets within IP space –  Multiple IP spaces under the same gateway •  Need to create firewall rules to allow traffic •  IPv4 NAT NAT rules: -  SNAT & DNAT rules -  Options include protocol/port selection Gateway Public IPs Internal IPs 10.x.x.x 172.16.x.x 192.168.x.x Organization Net 1 Organization Net 2 Organization Net 3
14 Edge Gateway Services – Load Balancing Pool Servers Load Balanced - Round Robin - IP Hash - URI - Least Connected Virtual Server – - Virtual IP (Public IP) - Frontend traffic - Assigned to a server pool Can have multiple virtual servers and pools Edge gateway Load balancer
15 Load Balancer – Pool Servers •  Pool Servers –  HTTP/HTTPS/TCP –  Load Balancing Methods •  IP Hash •  Round Robin •  URI •  Least Connected –  Health Check •  Each with +TCP as mode •  Monitoring Ports –  Add Servers •  Ratio Weight •  Change Ports/Services per Server
16 Load Balancer – Virtual Servers •  Virtual Servers –  Apply on outside network –  Server Pool –  Persistence Method •  HTTP – Cookie •  HTTPS – Session ID
Connecting to vCloud Air
18 Options to Connect to vCloud Air z Customer Data Center vCloud Air Private WAN / Direct Connect / Cross Connect IPsec Tunnel Public INTERNET Many Connectivity Choices to Support Many Use Cases
19 INTERNET Connecting to vCloud Air •  Over the Public Internet –  With Public IPs –  Use NAT for address translation –  By default firewall set to deny all and NAT not configured INTERNET •  IPsec VPN –  vCloud Air features include IPSEC VPN –  Multiple VPN tunnels can terminate to Edge Gateway –  Can connect to most of the major on-premises VPN devices
20 Connecting via VPN VMware vSphere® (On-Premises) SharePoint-Routed Network (10.0.10.0/24) vCloud Air Edge Gateway §  LEP – 69.194.137.230 §  Peer ID – 10.0.1.150 §  Peer IP – 68.108.102.47 10.0.1.150 10.0.10.1 Customer’s edge Router 10.0.1.1 68.108.102.47 SharePoint-Default Routed Network (192.168.109/24) 192.168.109.1 Virtual Machine 1 vCloud Air Virtual Machine 2 69.194.137.230 vSphere Edge Gateway §  LEP – 10.0.1.150 §  Peer ID – 69.194.137.230 §  Peer IP – 69.194.137.230 IP Protocol ID 50 (ESP) IP Protocol ID 51 (AH) UDP Port 500 (IKE) UDP Port 4500 VPN Traffic
21 Stretching L2 to vCloud Air - Logical Architecture (192.168.50.0/24) 184.61.71.155 74.204.180.41 VPN Traffic INTERNET Edge Gateway Edge Gateway Edge Gateway Corp Firewall (192.168.50.0/24) Default Gateway = 192.168.50.10 50.34 50.35 50.34 50.35 50.33 100.33 (192.168.50.0/24) 50.10 100.10
22 vCloud Air Direct Connect Customer Cage – in CoLo vCloud Air Cross Connection Direct Connect Partner Device Customer Data Center vCloud Air Private WAN connectivity Direct Connect Partner Device
23 Direct Connect – vCloud Air Connectivity 1 or 10 Gbps Direct Connect Traffic DMZ Network (192.168.52.0/24) Private Network (192.168.50.0/24) Private Network (192.168.110.0/24) Headquarters Direct Connect Line Edge Gateway INTERNET
24 Direct Connect – Connecting to Existing Security 1 Gbps Direct Connect Traffic DMZ Network (192.168.52.0/24) Internet Private Network (192.168.50.0/24) Private Network (192.168.110.0/24) 10.1.1.x/2410.1.1.x/24 On-Premises Edge Gateway IDS Existing Security Policies and Appliances IGW Direct Connect – Private Line IPS
25 Direct Connect – Cross Connect 1 or 10 Gbps Direct Connect Traffic DMZ Network (192.168.52.0/24) Private Network (192.168.50.0/24) Private Network (192.168.110.0/24) CUSTOMER CAGE Direct Connect Line Edge Gateway Note: Storage connection must be In- Guest based connectivity with NFS or Software iSCSI Initiator
26 User Level Rights and Security Role Rights Cannot do Ideal for Account Administrator Can add/edit users and user rights Virtual data center resource management, Network mgmt etc. Account management Virtualization Infrastructure Administrator Create virtual data centers Add/edit compute and storage resources Cannot create users, manage networking Virtual infrastructure admin App admin Network Administrator Create networks Add gateways Add gateway services User management, Virtual data center resource management Network admin Read-only Administrator Read only rights for all setups/configurations Any adds/edits Supervisor Subscription Administrator Access to myVMware. Purchase resources, file support tickets No vCloud Air management rights For all personnel with purchasing rights and/or support needs
27 Application Security – Access Rights •  Administration rights –  Clearly identify individuals, and rights that the individuals get –  An enterprise administrator can have more than one type of right –  Rights help enforce secure cloud usage •  User rights –  End user rights for virtual machine owners –  End user cannot do any admin activity –  Users have limited visibility to cloud resources
28 Summary •  You will leave with: ü  An understanding of the vCloud Air networking building blocks ü  A strong networking foundation for building a complex hybrid cloud ü  An understanding of advanced networking use cases and security •  Key Takeaways –  Building blocks you are used to – vSphere, VXLAN, VMware vCloud® Networking and Security Manager™vCNS, VMware® vCloud Director® –  Flexible and Powerful –  Supports all your complex networking •  IPSEC VPN •  Stretched Applications •  Layer 2 Extension - BYOIP –  Advanced application security
Go To VMware Cloud Academy •  See a video of this presentation and others to learn more about vCloud Air •  Condensed VMworld jump start presentations delivered by technical subject-matter experts •  Free and ungated to learn at your own pace •  All videos under 15 mins! •  Test your knowledge by taking a quiz •  Download vCloud Air eBook and other assets and tools 29 http://vcloud.vmware.com/cloud-academy
Thank You

Empfohlen

VMware vCloud Air Getting Started: Preparing Workloads for Migration
VMware vCloud Air Getting Started: Preparing Workloads for MigrationVMware vCloud Air Getting Started: Preparing Workloads for Migration
VMware vCloud Air Getting Started: Preparing Workloads for Migration
VMware
 
VMware vCloud Air Deep Dive into Hybrid Cloud Management
VMware vCloud Air Deep Dive into Hybrid Cloud ManagementVMware vCloud Air Deep Dive into Hybrid Cloud Management
VMware vCloud Air Deep Dive into Hybrid Cloud Management
VMware
 
vCloud Air - Infrastructure and Application Services for the Enterprise
vCloud Air - Infrastructure and Application Services for the EnterprisevCloud Air - Infrastructure and Application Services for the Enterprise
vCloud Air - Infrastructure and Application Services for the Enterprise
Philip Say
 
VCloud Air Network Guide
VCloud Air Network Guide VCloud Air Network Guide
VCloud Air Network Guide
CloudSyntrix
 
VMware vCloud Air Availability Solutions – Data Protection
VMware vCloud Air Availability Solutions – Data ProtectionVMware vCloud Air Availability Solutions – Data Protection
VMware vCloud Air Availability Solutions – Data Protection
VMware
 
VMware vCloud Air: Security Infrastructure and Process Overview
VMware vCloud Air: Security Infrastructure and Process OverviewVMware vCloud Air: Security Infrastructure and Process Overview
VMware vCloud Air: Security Infrastructure and Process Overview
VMware
 
Accelerating Public Cloud Migration with Multi-Cloud Load Balancing
Accelerating Public Cloud Migration with Multi-Cloud Load BalancingAccelerating Public Cloud Migration with Multi-Cloud Load Balancing
Accelerating Public Cloud Migration with Multi-Cloud Load Balancing
Avi Networks
 
Delivering Applications with Full Lifecycle Automation in a Multi-Cloud World
Delivering Applications with Full Lifecycle Automation in a Multi-Cloud WorldDelivering Applications with Full Lifecycle Automation in a Multi-Cloud World
Delivering Applications with Full Lifecycle Automation in a Multi-Cloud World
Avi Networks
 

Empfohlen

VMware vCloud Air Getting Started: Preparing Workloads for Migration
VMware vCloud Air Getting Started: Preparing Workloads for MigrationVMware vCloud Air Getting Started: Preparing Workloads for Migration
VMware vCloud Air Getting Started: Preparing Workloads for Migration
VMware
 
VMware vCloud Air Deep Dive into Hybrid Cloud Management
VMware vCloud Air Deep Dive into Hybrid Cloud ManagementVMware vCloud Air Deep Dive into Hybrid Cloud Management
VMware vCloud Air Deep Dive into Hybrid Cloud Management
VMware
 
vCloud Air - Infrastructure and Application Services for the Enterprise
vCloud Air - Infrastructure and Application Services for the EnterprisevCloud Air - Infrastructure and Application Services for the Enterprise
vCloud Air - Infrastructure and Application Services for the Enterprise
Philip Say
 
VCloud Air Network Guide
VCloud Air Network Guide VCloud Air Network Guide
VCloud Air Network Guide
CloudSyntrix
 
VMware vCloud Air Availability Solutions – Data Protection
VMware vCloud Air Availability Solutions – Data ProtectionVMware vCloud Air Availability Solutions – Data Protection
VMware vCloud Air Availability Solutions – Data Protection
VMware
 
VMware vCloud Air: Security Infrastructure and Process Overview
VMware vCloud Air: Security Infrastructure and Process OverviewVMware vCloud Air: Security Infrastructure and Process Overview
VMware vCloud Air: Security Infrastructure and Process Overview
VMware
 
Accelerating Public Cloud Migration with Multi-Cloud Load Balancing
Accelerating Public Cloud Migration with Multi-Cloud Load BalancingAccelerating Public Cloud Migration with Multi-Cloud Load Balancing
Accelerating Public Cloud Migration with Multi-Cloud Load Balancing
Avi Networks
 
Delivering Applications with Full Lifecycle Automation in a Multi-Cloud World
Delivering Applications with Full Lifecycle Automation in a Multi-Cloud WorldDelivering Applications with Full Lifecycle Automation in a Multi-Cloud World
Delivering Applications with Full Lifecycle Automation in a Multi-Cloud World
Avi Networks
 
Creating Microservices Application with IBM Cloud Private (ICP) - ICP Archite...
Creating Microservices Application with IBM Cloud Private (ICP) - ICP Archite...Creating Microservices Application with IBM Cloud Private (ICP) - ICP Archite...
Creating Microservices Application with IBM Cloud Private (ICP) - ICP Archite...
PT Datacomm Diangraha
 
Industry's Best Multi Cloud Application Services from Avi Networks, Now part ...
Industry's Best Multi Cloud Application Services from Avi Networks, Now part ...Industry's Best Multi Cloud Application Services from Avi Networks, Now part ...
Industry's Best Multi Cloud Application Services from Avi Networks, Now part ...
Avi Networks
 
VMWare and SoftLayer Hybrid IT
VMWare and SoftLayer Hybrid ITVMWare and SoftLayer Hybrid IT
VMWare and SoftLayer Hybrid IT
Benjamin Shrive
 
What's New VMware NSX Advanced Load Balancer (Avi Networks)
What's New VMware NSX Advanced Load Balancer (Avi Networks)What's New VMware NSX Advanced Load Balancer (Avi Networks)
What's New VMware NSX Advanced Load Balancer (Avi Networks)
Avi Networks
 
Deep Dive on GSLB with VMware NSX Advanced Load Balancer (Avi Networks)
Deep Dive on GSLB with VMware NSX Advanced Load Balancer (Avi Networks)Deep Dive on GSLB with VMware NSX Advanced Load Balancer (Avi Networks)
Deep Dive on GSLB with VMware NSX Advanced Load Balancer (Avi Networks)
Avi Networks
 
CompTIA Cloud Plus Certification Bootcamp June 2017
CompTIA Cloud Plus Certification Bootcamp June 2017CompTIA Cloud Plus Certification Bootcamp June 2017
CompTIA Cloud Plus Certification Bootcamp June 2017
Joseph Holbrook, Chief Learning Officer (CLO)
 
Bringing SaaS Simplicity to Proactive Support & Live Threat Updates
Bringing SaaS Simplicity to Proactive Support & Live Threat UpdatesBringing SaaS Simplicity to Proactive Support & Live Threat Updates
Bringing SaaS Simplicity to Proactive Support & Live Threat Updates
Avi Networks
 
How Multi-Cloud Load Balancing Automates Application Delivery and Drives Oper...
How Multi-Cloud Load Balancing Automates Application Delivery and Drives Oper...How Multi-Cloud Load Balancing Automates Application Delivery and Drives Oper...
How Multi-Cloud Load Balancing Automates Application Delivery and Drives Oper...
Avi Networks
 
Private Cloud with Microsoft Technologies
Private Cloud with Microsoft TechnologiesPrivate Cloud with Microsoft Technologies
Private Cloud with Microsoft Technologies
Chris Avis
 
Veeam: Cybersecurity protection solutions through Backup and Availability
Veeam: Cybersecurity protection solutions through Backup and AvailabilityVeeam: Cybersecurity protection solutions through Backup and Availability
Veeam: Cybersecurity protection solutions through Backup and Availability
Next Dimension Inc.
 
Гибридное облако - эффективность в квадрате
Гибридное облако - эффективность в квадратеГибридное облако - эффективность в квадрате
Гибридное облако - эффективность в квадрате
ActiveCloud
 
VMware 2015: Next Horizon for Cloud Networking and Security
VMware 2015: Next Horizon for Cloud Networking and SecurityVMware 2015: Next Horizon for Cloud Networking and Security
VMware 2015: Next Horizon for Cloud Networking and Security
VMworld
 
Openstack - Enterprise cloud management platform
Openstack - Enterprise cloud management platformOpenstack - Enterprise cloud management platform
Openstack - Enterprise cloud management platform
Nagaraj Shenoy
 
Kubernetes Basics - ICP Workshop Batch II
Kubernetes Basics - ICP Workshop Batch IIKubernetes Basics - ICP Workshop Batch II
Kubernetes Basics - ICP Workshop Batch II
PT Datacomm Diangraha
 
VMware vCloud Director
VMware vCloud DirectorVMware vCloud Director
VMware vCloud Director
Erik Bussink
 
How to Eliminate Load Balancer Upgrade Disruptions
How to Eliminate Load Balancer Upgrade DisruptionsHow to Eliminate Load Balancer Upgrade Disruptions
How to Eliminate Load Balancer Upgrade Disruptions
Avi Networks
 
Creating Microservices Application with IBM Cloud Private (ICP) - Container a...
Creating Microservices Application with IBM Cloud Private (ICP) - Container a...Creating Microservices Application with IBM Cloud Private (ICP) - Container a...
Creating Microservices Application with IBM Cloud Private (ICP) - Container a...
PT Datacomm Diangraha
 
Private IaaS Cloud Provider
Private IaaS Cloud ProviderPrivate IaaS Cloud Provider
Private IaaS Cloud Provider
David Pasek
 
Advanced Web Application Security with an Intelligent WAF
Advanced Web Application Security with an Intelligent WAFAdvanced Web Application Security with an Intelligent WAF
Advanced Web Application Security with an Intelligent WAF
Avi Networks
 
Prevent threats With Analytics Driven Web Application Firewall
Prevent threats With Analytics Driven Web Application FirewallPrevent threats With Analytics Driven Web Application Firewall
Prevent threats With Analytics Driven Web Application Firewall
Avi Networks
 
GAMO VMware vCloud Air
GAMO VMware vCloud AirGAMO VMware vCloud Air
GAMO VMware vCloud Air
GAMO a.s.
 
VMware vCloud® Air™
VMware vCloud® Air™VMware vCloud® Air™
VMware vCloud® Air™
MarketingArrowECS_CZ
 

Weitere ähnliche Inhalte

Was ist angesagt?

Industry's Best Multi Cloud Application Services from Avi Networks, Now part ...
Industry's Best Multi Cloud Application Services from Avi Networks, Now part ...Industry's Best Multi Cloud Application Services from Avi Networks, Now part ...
Industry's Best Multi Cloud Application Services from Avi Networks, Now part ...
Avi Networks
 
What's New VMware NSX Advanced Load Balancer (Avi Networks)
What's New VMware NSX Advanced Load Balancer (Avi Networks)What's New VMware NSX Advanced Load Balancer (Avi Networks)
What's New VMware NSX Advanced Load Balancer (Avi Networks)
Avi Networks
 
CompTIA Cloud Plus Certification Bootcamp June 2017
CompTIA Cloud Plus Certification Bootcamp June 2017CompTIA Cloud Plus Certification Bootcamp June 2017
CompTIA Cloud Plus Certification Bootcamp June 2017
Joseph Holbrook, Chief Learning Officer (CLO)
 
Bringing SaaS Simplicity to Proactive Support & Live Threat Updates
Bringing SaaS Simplicity to Proactive Support & Live Threat UpdatesBringing SaaS Simplicity to Proactive Support & Live Threat Updates
Bringing SaaS Simplicity to Proactive Support & Live Threat Updates
Avi Networks
 
How Multi-Cloud Load Balancing Automates Application Delivery and Drives Oper...
How Multi-Cloud Load Balancing Automates Application Delivery and Drives Oper...How Multi-Cloud Load Balancing Automates Application Delivery and Drives Oper...
How Multi-Cloud Load Balancing Automates Application Delivery and Drives Oper...
Avi Networks
 
VMware 2015: Next Horizon for Cloud Networking and Security
VMware 2015: Next Horizon for Cloud Networking and SecurityVMware 2015: Next Horizon for Cloud Networking and Security
VMware 2015: Next Horizon for Cloud Networking and Security
VMworld
 
Openstack - Enterprise cloud management platform
Openstack - Enterprise cloud management platformOpenstack - Enterprise cloud management platform
Openstack - Enterprise cloud management platform
Nagaraj Shenoy
 
How to Eliminate Load Balancer Upgrade Disruptions
How to Eliminate Load Balancer Upgrade DisruptionsHow to Eliminate Load Balancer Upgrade Disruptions
How to Eliminate Load Balancer Upgrade Disruptions
Avi Networks
 
Advanced Web Application Security with an Intelligent WAF
Advanced Web Application Security with an Intelligent WAFAdvanced Web Application Security with an Intelligent WAF
Advanced Web Application Security with an Intelligent WAF
Avi Networks
 
Prevent threats With Analytics Driven Web Application Firewall
Prevent threats With Analytics Driven Web Application FirewallPrevent threats With Analytics Driven Web Application Firewall
Prevent threats With Analytics Driven Web Application Firewall
Avi Networks
 

Was ist angesagt? (20)

Creating Microservices Application with IBM Cloud Private (ICP) - ICP Archite...
Creating Microservices Application with IBM Cloud Private (ICP) - ICP Archite...Creating Microservices Application with IBM Cloud Private (ICP) - ICP Archite...
Creating Microservices Application with IBM Cloud Private (ICP) - ICP Archite...
 
Industry's Best Multi Cloud Application Services from Avi Networks, Now part ...
Industry's Best Multi Cloud Application Services from Avi Networks, Now part ...Industry's Best Multi Cloud Application Services from Avi Networks, Now part ...
Industry's Best Multi Cloud Application Services from Avi Networks, Now part ...
 
VMWare and SoftLayer Hybrid IT
VMWare and SoftLayer Hybrid ITVMWare and SoftLayer Hybrid IT
VMWare and SoftLayer Hybrid IT
 
What's New VMware NSX Advanced Load Balancer (Avi Networks)
What's New VMware NSX Advanced Load Balancer (Avi Networks)What's New VMware NSX Advanced Load Balancer (Avi Networks)
What's New VMware NSX Advanced Load Balancer (Avi Networks)
 
Deep Dive on GSLB with VMware NSX Advanced Load Balancer (Avi Networks)
Deep Dive on GSLB with VMware NSX Advanced Load Balancer (Avi Networks)Deep Dive on GSLB with VMware NSX Advanced Load Balancer (Avi Networks)
Deep Dive on GSLB with VMware NSX Advanced Load Balancer (Avi Networks)
 
CompTIA Cloud Plus Certification Bootcamp June 2017
CompTIA Cloud Plus Certification Bootcamp June 2017CompTIA Cloud Plus Certification Bootcamp June 2017
CompTIA Cloud Plus Certification Bootcamp June 2017
 
Bringing SaaS Simplicity to Proactive Support & Live Threat Updates
Bringing SaaS Simplicity to Proactive Support & Live Threat UpdatesBringing SaaS Simplicity to Proactive Support & Live Threat Updates
Bringing SaaS Simplicity to Proactive Support & Live Threat Updates
 
How Multi-Cloud Load Balancing Automates Application Delivery and Drives Oper...
How Multi-Cloud Load Balancing Automates Application Delivery and Drives Oper...How Multi-Cloud Load Balancing Automates Application Delivery and Drives Oper...
How Multi-Cloud Load Balancing Automates Application Delivery and Drives Oper...
 
Private Cloud with Microsoft Technologies
Private Cloud with Microsoft TechnologiesPrivate Cloud with Microsoft Technologies
Private Cloud with Microsoft Technologies
 
Veeam: Cybersecurity protection solutions through Backup and Availability
Veeam: Cybersecurity protection solutions through Backup and AvailabilityVeeam: Cybersecurity protection solutions through Backup and Availability
Veeam: Cybersecurity protection solutions through Backup and Availability
 
Гибридное облако - эффективность в квадрате
Гибридное облако - эффективность в квадратеГибридное облако - эффективность в квадрате
Гибридное облако - эффективность в квадрате
 
VMware 2015: Next Horizon for Cloud Networking and Security
VMware 2015: Next Horizon for Cloud Networking and SecurityVMware 2015: Next Horizon for Cloud Networking and Security
VMware 2015: Next Horizon for Cloud Networking and Security
 
Openstack - Enterprise cloud management platform
Openstack - Enterprise cloud management platformOpenstack - Enterprise cloud management platform
Openstack - Enterprise cloud management platform
 
Kubernetes Basics - ICP Workshop Batch II
Kubernetes Basics - ICP Workshop Batch IIKubernetes Basics - ICP Workshop Batch II
Kubernetes Basics - ICP Workshop Batch II
 
VMware vCloud Director
VMware vCloud DirectorVMware vCloud Director
VMware vCloud Director
 
How to Eliminate Load Balancer Upgrade Disruptions
How to Eliminate Load Balancer Upgrade DisruptionsHow to Eliminate Load Balancer Upgrade Disruptions
How to Eliminate Load Balancer Upgrade Disruptions
 
Creating Microservices Application with IBM Cloud Private (ICP) - Container a...
Creating Microservices Application with IBM Cloud Private (ICP) - Container a...Creating Microservices Application with IBM Cloud Private (ICP) - Container a...
Creating Microservices Application with IBM Cloud Private (ICP) - Container a...
 
Private IaaS Cloud Provider
Private IaaS Cloud ProviderPrivate IaaS Cloud Provider
Private IaaS Cloud Provider
 
Advanced Web Application Security with an Intelligent WAF
Advanced Web Application Security with an Intelligent WAFAdvanced Web Application Security with an Intelligent WAF
Advanced Web Application Security with an Intelligent WAF
 
Prevent threats With Analytics Driven Web Application Firewall
Prevent threats With Analytics Driven Web Application FirewallPrevent threats With Analytics Driven Web Application Firewall
Prevent threats With Analytics Driven Web Application Firewall
 

Andere mochten auch

DRaaS at the museum, vCloud Air
DRaaS at the museum, vCloud AirDRaaS at the museum, vCloud Air
DRaaS at the museum, vCloud Air
VLCM Tech
 

Andere mochten auch (13)

GAMO VMware vCloud Air
GAMO VMware vCloud AirGAMO VMware vCloud Air
GAMO VMware vCloud Air
 
VMware vCloud® Air™
VMware vCloud® Air™VMware vCloud® Air™
VMware vCloud® Air™
 
VMworld 2014: vCloud Hybrid Service Networking Technical Deep Dive
VMworld 2014: vCloud Hybrid Service Networking Technical Deep DiveVMworld 2014: vCloud Hybrid Service Networking Technical Deep Dive
VMworld 2014: vCloud Hybrid Service Networking Technical Deep Dive
 
VMware Ready vRealize Automation Program
VMware Ready vRealize Automation ProgramVMware Ready vRealize Automation Program
VMware Ready vRealize Automation Program
 
DRaaS at the museum, vCloud Air
DRaaS at the museum, vCloud AirDRaaS at the museum, vCloud Air
DRaaS at the museum, vCloud Air
 
VMworld 2013: Moving Beyond Infrastructure: Meeting Demands on App Lifecycle ...
VMworld 2013: Moving Beyond Infrastructure: Meeting Demands on App Lifecycle ...VMworld 2013: Moving Beyond Infrastructure: Meeting Demands on App Lifecycle ...
VMworld 2013: Moving Beyond Infrastructure: Meeting Demands on App Lifecycle ...
 
Presentation v mware v-cloud director
Presentation v mware v-cloud directorPresentation v mware v-cloud director
Presentation v mware v-cloud director
 
RUN: VMworld 2015 Keynote (Fathers, Raghuram, Li)
RUN: VMworld 2015 Keynote (Fathers, Raghuram, Li)RUN: VMworld 2015 Keynote (Fathers, Raghuram, Li)
RUN: VMworld 2015 Keynote (Fathers, Raghuram, Li)
 
VMware vCloud NFV Reference Architecture
VMware vCloud NFV Reference Architecture VMware vCloud NFV Reference Architecture
VMware vCloud NFV Reference Architecture
 
VMworld 2015: vCloud Air 2015 – Getting Started with Hybrid Cloud
VMworld 2015: vCloud Air 2015 – Getting Started with Hybrid CloudVMworld 2015: vCloud Air 2015 – Getting Started with Hybrid Cloud
VMworld 2015: vCloud Air 2015 – Getting Started with Hybrid Cloud
 
VMware vCloud Suite
VMware vCloud SuiteVMware vCloud Suite
VMware vCloud Suite
 
AMER Webcast: Build Development and Testing Environments on VMware vCloud Air
AMER Webcast: Build Development and Testing Environments on VMware vCloud AirAMER Webcast: Build Development and Testing Environments on VMware vCloud Air
AMER Webcast: Build Development and Testing Environments on VMware vCloud Air
 
VMware vCloud Air: Introduction
VMware vCloud Air: IntroductionVMware vCloud Air: Introduction
VMware vCloud Air: Introduction
 

Ähnlich wie VMware vCloud Air: Networking

Ähnlich wie VMware vCloud Air: Networking (20)

VMworld 2013: vCloud Hybrid Service Jump Start Part Two of Five: vCloud Hybri...
VMworld 2013: vCloud Hybrid Service Jump Start Part Two of Five: vCloud Hybri...VMworld 2013: vCloud Hybrid Service Jump Start Part Two of Five: vCloud Hybri...
VMworld 2013: vCloud Hybrid Service Jump Start Part Two of Five: vCloud Hybri...
 
VMworld 2014: How to Build a Hybrid Cloud
VMworld 2014: How to Build a Hybrid CloudVMworld 2014: How to Build a Hybrid Cloud
VMworld 2014: How to Build a Hybrid Cloud
 
2014-09-15 cloud platform master class
2014-09-15 cloud platform master class2014-09-15 cloud platform master class
2014-09-15 cloud platform master class
 
Private cloud networking_cloudstack_days_austin
Private cloud networking_cloudstack_days_austinPrivate cloud networking_cloudstack_days_austin
Private cloud networking_cloudstack_days_austin
 
Presentation v mware v-cloud director technical overview
Presentation v mware v-cloud director technical overviewPresentation v mware v-cloud director technical overview
Presentation v mware v-cloud director technical overview
 
Azure privatelink
Azure privatelinkAzure privatelink
Azure privatelink
 
VMworld 2013: vCloud Hybrid Service: Enterprise Applications on vCloud Hybrid...
VMworld 2013: vCloud Hybrid Service: Enterprise Applications on vCloud Hybrid...VMworld 2013: vCloud Hybrid Service: Enterprise Applications on vCloud Hybrid...
VMworld 2013: vCloud Hybrid Service: Enterprise Applications on vCloud Hybrid...
 
VMworld 2013: vCloud Hybrid Service Jump Start Part Three of Five: vCloud Hyb...
VMworld 2013: vCloud Hybrid Service Jump Start Part Three of Five: vCloud Hyb...VMworld 2013: vCloud Hybrid Service Jump Start Part Three of Five: vCloud Hyb...
VMworld 2013: vCloud Hybrid Service Jump Start Part Three of Five: vCloud Hyb...
 
Citirx Day 2013: Citrix Enterprise Mobility
Citirx Day 2013: Citrix Enterprise MobilityCitirx Day 2013: Citrix Enterprise Mobility
Citirx Day 2013: Citrix Enterprise Mobility
 
IBM Notes in the Cloud
IBM Notes in the CloudIBM Notes in the Cloud
IBM Notes in the Cloud
 
Automated Deployment and Management of Edge Clouds
Automated Deployment and Management of Edge CloudsAutomated Deployment and Management of Edge Clouds
Automated Deployment and Management of Edge Clouds
 
Presentation citrix cloud platform for infrastructure as a service
Presentation citrix cloud platform for infrastructure as a servicePresentation citrix cloud platform for infrastructure as a service
Presentation citrix cloud platform for infrastructure as a service
 
Azure F5 Solutions
Azure F5 SolutionsAzure F5 Solutions
Azure F5 Solutions
 
Securely Publishing Azure Services
Securely Publishing Azure ServicesSecurely Publishing Azure Services
Securely Publishing Azure Services
 
Hybrid Cloud Tutorial Linkedin 2
Hybrid Cloud Tutorial Linkedin 2Hybrid Cloud Tutorial Linkedin 2
Hybrid Cloud Tutorial Linkedin 2
 
Infrastructure Migration from Windows Server 2003 to the Cloud: An Interoute ...
Infrastructure Migration from Windows Server 2003 to the Cloud: An Interoute ...Infrastructure Migration from Windows Server 2003 to the Cloud: An Interoute ...
Infrastructure Migration from Windows Server 2003 to the Cloud: An Interoute ...
 
Trust No-One Architecture For Services And Data
Trust No-One Architecture For Services And DataTrust No-One Architecture For Services And Data
Trust No-One Architecture For Services And Data
 
Presentation v mware v-cloud director overview
Presentation v mware v-cloud director overviewPresentation v mware v-cloud director overview
Presentation v mware v-cloud director overview
 
Microsoft Server Virtualization and Private Cloud
Microsoft Server Virtualization and Private CloudMicrosoft Server Virtualization and Private Cloud
Microsoft Server Virtualization and Private Cloud
 
Server Virtualization using Hyper-V
Server Virtualization using Hyper-VServer Virtualization using Hyper-V
Server Virtualization using Hyper-V
 

Mehr von VMware

VMWare on VMWare - How VMware IT Implemented Micro-Segmentation and Deployed ...
VMWare on VMWare - How VMware IT Implemented Micro-Segmentation and Deployed ...VMWare on VMWare - How VMware IT Implemented Micro-Segmentation and Deployed ...
VMWare on VMWare - How VMware IT Implemented Micro-Segmentation and Deployed ...
VMware
 
Case Study: EVO SDDC Powered Private Cloud
Case Study: EVO SDDC Powered Private CloudCase Study: EVO SDDC Powered Private Cloud
Case Study: EVO SDDC Powered Private Cloud
VMware
 

Mehr von VMware (20)

vRealize Network Insight 3.9
vRealize Network Insight 3.9vRealize Network Insight 3.9
vRealize Network Insight 3.9
 
VMware vRealize Network Insight 3.5 - Whats New
VMware vRealize Network Insight 3.5 - Whats NewVMware vRealize Network Insight 3.5 - Whats New
VMware vRealize Network Insight 3.5 - Whats New
 
VMware vRealize Network Insight 3.4 whats new
VMware vRealize Network Insight 3.4 whats newVMware vRealize Network Insight 3.4 whats new
VMware vRealize Network Insight 3.4 whats new
 
What's New in vRealize Business for Cloud 7.3
What's New in vRealize Business for Cloud 7.3What's New in vRealize Business for Cloud 7.3
What's New in vRealize Business for Cloud 7.3
 
How Secure Is Your Business?
How Secure Is Your Business?How Secure Is Your Business?
How Secure Is Your Business?
 
vRealize Network Insight 3.3
vRealize Network Insight 3.3vRealize Network Insight 3.3
vRealize Network Insight 3.3
 
VMWare on VMWare - How VMware IT Implemented Micro-Segmentation and Deployed ...
VMWare on VMWare - How VMware IT Implemented Micro-Segmentation and Deployed ...VMWare on VMWare - How VMware IT Implemented Micro-Segmentation and Deployed ...
VMWare on VMWare - How VMware IT Implemented Micro-Segmentation and Deployed ...
 
Case Study: EVO SDDC Powered Private Cloud
Case Study: EVO SDDC Powered Private CloudCase Study: EVO SDDC Powered Private Cloud
Case Study: EVO SDDC Powered Private Cloud
 
vRealize Operations 6.4: Supercharge your SDDC Intelligent Operations
vRealize Operations 6.4: Supercharge your SDDC Intelligent OperationsvRealize Operations 6.4: Supercharge your SDDC Intelligent Operations
vRealize Operations 6.4: Supercharge your SDDC Intelligent Operations
 
Running and Managing Your Network Just Got Easier
Running and Managing Your Network Just Got EasierRunning and Managing Your Network Just Got Easier
Running and Managing Your Network Just Got Easier
 
Modern Security for the Modern Data Center
Modern Security for the Modern Data CenterModern Security for the Modern Data Center
Modern Security for the Modern Data Center
 
Infographic: Why Businesses are Adopting Network Virtualization
Infographic: Why Businesses are Adopting Network VirtualizationInfographic: Why Businesses are Adopting Network Virtualization
Infographic: Why Businesses are Adopting Network Virtualization
 
Infographic: Supercharge your Networking Career
Infographic: Supercharge your Networking CareerInfographic: Supercharge your Networking Career
Infographic: Supercharge your Networking Career
 
Leverage Micro-Segmentation to Build a Zero Trust Network (Forrester)
Leverage Micro-Segmentation to Build a Zero Trust Network (Forrester)Leverage Micro-Segmentation to Build a Zero Trust Network (Forrester)
Leverage Micro-Segmentation to Build a Zero Trust Network (Forrester)
 
Moving Forward with Network Virtualization (VMware NSX)
Moving Forward with Network Virtualization (VMware NSX)Moving Forward with Network Virtualization (VMware NSX)
Moving Forward with Network Virtualization (VMware NSX)
 
4 Ways IT Can Drive Innovation
4 Ways IT Can Drive Innovation4 Ways IT Can Drive Innovation
4 Ways IT Can Drive Innovation
 
Level Up to a Seamless End-User Experience
Level Up to a Seamless End-User ExperienceLevel Up to a Seamless End-User Experience
Level Up to a Seamless End-User Experience
 
New Model for IT: Cloud Service Provider
New Model for IT: Cloud Service ProviderNew Model for IT: Cloud Service Provider
New Model for IT: Cloud Service Provider
 
Higher Efficiency and IT Empowerment with VMware vSphere with Operations Mana...
Higher Efficiency and IT Empowerment with VMware vSphere with Operations Mana...Higher Efficiency and IT Empowerment with VMware vSphere with Operations Mana...
Higher Efficiency and IT Empowerment with VMware vSphere with Operations Mana...
 
Virtualization Journey
Virtualization JourneyVirtualization Journey
Virtualization Journey
 

Kürzlich hochgeladen

W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
panagenda
 
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Steffen Staab
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
Delhi Call girls
 
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
MyIntelliSource, Inc.
 
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service provider
mohitmore19
 
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
harshavardhanraghave
 

Kürzlich hochgeladen (20)

W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
 
Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVOptimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTV
 
5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf
 
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
 
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfLearn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
 
HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comHR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.com
 
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
 
Unlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language ModelsUnlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language Models
 
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
 
How To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.jsHow To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.js
 
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service provider
 
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
 
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
 
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfThe Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
 
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerHow To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
 
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AISyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
 
Right Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsRight Money Management App For Your Financial Goals
Right Money Management App For Your Financial Goals
 
Software Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsSoftware Quality Assurance Interview Questions
Software Quality Assurance Interview Questions
 
A Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxA Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docx
 

VMware vCloud Air: Networking

  • 1. © 2014 VMware Inc. All rights reserved. VMware vCloud Air: Networking Formerly known as vCloud Hybrid Service
  • 2. 2 What’s in It for You? •  You will leave with: –  An understanding of the VMware vCloud® Air™ networking building blocks –  A strong networking foundation for building a complex hybrid cloud –  An understanding of advanced networking use cases and security
  • 3. 3 Agenda vCloud Air Networking •  Services Overview •  Key Components •  Network Virtualization Services •  Connectivity options to vCloud Air •  IPsec VPN •  L2 Stretching •  Direct Connect •  Advanced Use Cases •  Three tier Networking
  • 4. 4 Hybrid Service Basic Networking Constructs NAT FW Load Balancer IPsec DHCP Static routing Routed/Gateway networks (up to 9 networks) Isolated networks Customer’s virtual data center on vCloud Air
  • 5. 5 vCloud Air Cloud Options and Gateway Choices CONFIDENTIAL §  Shared Cloud •  Logically separated network, compute and storage §  5GHz CPU (burstable to 10GHz) §  20GB RAM, 2TB storage §  No virtual data center segmentation §  One Edge Gateway §  Dedicated Cloud •  Physically separated hosts •  Logically separated network and storage §  30GHz CPU, 120GB RAM, 6TB §  Segment virtual data centers based on orgs §  Multiple Edge Gateways VDC1 VDC2 VDC3 VDC4 VDC
  • 6. 6 Configuration Access Options CONFIDENTIAL vCloud Air Management Web Portal – for basic networking configurations
  • 7. 7 Configuration Access Options CONFIDENTIAL vCloud Air Management Web Portal – for basic networking configurations For Advanced configurations
  • 8. 8 Configuration Access Options CONFIDENTIAL vCloud Air Management Portal – for advanced networking configurations
  • 9. 9 vCloud Air Networking Services •  IP Addressing •  Network creation •  Firewall •  NAT •  DHCP •  Load Balancer •  VPN
  • 10. 10 IP Address Assignment •  IP Pool –  Pool of IPs created by default on auto generated isolated and routed networks –  Virtual machines attached to those networks get IP addresses from that default pool •  Static IP –  Fixed IP for a virtual machine –  Change configuration in VMware® vCloud Director® •  DHCP –  Part of Edge Gateway service –  Change configuration in vCloud Director –  Basic DHCP service Routed Network
  • 11. 11 Firewall Rules in vCloud Air
  • 12. 12 Firewall Rules: North-South and East-West Traffic Routed Network 1 Routed Network 2 Routed Network 3 Firewall Rules: -  By default: Deny all -  Policies for traffic that passes through the gateway Gateway •  5-tuple firewall policies (Protocol, Source/Dest. IP, Source/Dest. Port ) •  Can have multiple policies across multiple networks •  Ideal for enterprise grade application deployment
  • 13. 13 Network Address Translation (NAT) •  Source NAT and Destination NAT rules –  Supports multiple rules on multiple interfaces •  Can use internal/private IP space –  Bring your own internal IP space –  Create/manage subnets within IP space –  Multiple IP spaces under the same gateway •  Need to create firewall rules to allow traffic •  IPv4 NAT NAT rules: -  SNAT & DNAT rules -  Options include protocol/port selection Gateway Public IPs Internal IPs 10.x.x.x 172.16.x.x 192.168.x.x Organization Net 1 Organization Net 2 Organization Net 3
  • 14. 14 Edge Gateway Services – Load Balancing Pool Servers Load Balanced - Round Robin - IP Hash - URI - Least Connected Virtual Server – - Virtual IP (Public IP) - Frontend traffic - Assigned to a server pool Can have multiple virtual servers and pools Edge gateway Load balancer
  • 15. 15 Load Balancer – Pool Servers •  Pool Servers –  HTTP/HTTPS/TCP –  Load Balancing Methods •  IP Hash •  Round Robin •  URI •  Least Connected –  Health Check •  Each with +TCP as mode •  Monitoring Ports –  Add Servers •  Ratio Weight •  Change Ports/Services per Server
  • 16. 16 Load Balancer – Virtual Servers •  Virtual Servers –  Apply on outside network –  Server Pool –  Persistence Method •  HTTP – Cookie •  HTTPS – Session ID
  • 18. 18 Options to Connect to vCloud Air z Customer Data Center vCloud Air Private WAN / Direct Connect / Cross Connect IPsec Tunnel Public INTERNET Many Connectivity Choices to Support Many Use Cases
  • 19. 19 INTERNET Connecting to vCloud Air •  Over the Public Internet –  With Public IPs –  Use NAT for address translation –  By default firewall set to deny all and NAT not configured INTERNET •  IPsec VPN –  vCloud Air features include IPSEC VPN –  Multiple VPN tunnels can terminate to Edge Gateway –  Can connect to most of the major on-premises VPN devices
  • 20. 20 Connecting via VPN VMware vSphere® (On-Premises) SharePoint-Routed Network (10.0.10.0/24) vCloud Air Edge Gateway §  LEP – 69.194.137.230 §  Peer ID – 10.0.1.150 §  Peer IP – 68.108.102.47 10.0.1.150 10.0.10.1 Customer’s edge Router 10.0.1.1 68.108.102.47 SharePoint-Default Routed Network (192.168.109/24) 192.168.109.1 Virtual Machine 1 vCloud Air Virtual Machine 2 69.194.137.230 vSphere Edge Gateway §  LEP – 10.0.1.150 §  Peer ID – 69.194.137.230 §  Peer IP – 69.194.137.230 IP Protocol ID 50 (ESP) IP Protocol ID 51 (AH) UDP Port 500 (IKE) UDP Port 4500 VPN Traffic
  • 21. 21 Stretching L2 to vCloud Air - Logical Architecture (192.168.50.0/24) 184.61.71.155 74.204.180.41 VPN Traffic INTERNET Edge Gateway Edge Gateway Edge Gateway Corp Firewall (192.168.50.0/24) Default Gateway = 192.168.50.10 50.34 50.35 50.34 50.35 50.33 100.33 (192.168.50.0/24) 50.10 100.10
  • 22. 22 vCloud Air Direct Connect Customer Cage – in CoLo vCloud Air Cross Connection Direct Connect Partner Device Customer Data Center vCloud Air Private WAN connectivity Direct Connect Partner Device
  • 23. 23 Direct Connect – vCloud Air Connectivity 1 or 10 Gbps Direct Connect Traffic DMZ Network (192.168.52.0/24) Private Network (192.168.50.0/24) Private Network (192.168.110.0/24) Headquarters Direct Connect Line Edge Gateway INTERNET
  • 24. 24 Direct Connect – Connecting to Existing Security 1 Gbps Direct Connect Traffic DMZ Network (192.168.52.0/24) Internet Private Network (192.168.50.0/24) Private Network (192.168.110.0/24) 10.1.1.x/2410.1.1.x/24 On-Premises Edge Gateway IDS Existing Security Policies and Appliances IGW Direct Connect – Private Line IPS
  • 25. 25 Direct Connect – Cross Connect 1 or 10 Gbps Direct Connect Traffic DMZ Network (192.168.52.0/24) Private Network (192.168.50.0/24) Private Network (192.168.110.0/24) CUSTOMER CAGE Direct Connect Line Edge Gateway Note: Storage connection must be In- Guest based connectivity with NFS or Software iSCSI Initiator
  • 26. 26 User Level Rights and Security Role Rights Cannot do Ideal for Account Administrator Can add/edit users and user rights Virtual data center resource management, Network mgmt etc. Account management Virtualization Infrastructure Administrator Create virtual data centers Add/edit compute and storage resources Cannot create users, manage networking Virtual infrastructure admin App admin Network Administrator Create networks Add gateways Add gateway services User management, Virtual data center resource management Network admin Read-only Administrator Read only rights for all setups/configurations Any adds/edits Supervisor Subscription Administrator Access to myVMware. Purchase resources, file support tickets No vCloud Air management rights For all personnel with purchasing rights and/or support needs
  • 27. 27 Application Security – Access Rights •  Administration rights –  Clearly identify individuals, and rights that the individuals get –  An enterprise administrator can have more than one type of right –  Rights help enforce secure cloud usage •  User rights –  End user rights for virtual machine owners –  End user cannot do any admin activity –  Users have limited visibility to cloud resources
  • 28. 28 Summary •  You will leave with: ü  An understanding of the vCloud Air networking building blocks ü  A strong networking foundation for building a complex hybrid cloud ü  An understanding of advanced networking use cases and security •  Key Takeaways –  Building blocks you are used to – vSphere, VXLAN, VMware vCloud® Networking and Security Manager™vCNS, VMware® vCloud Director® –  Flexible and Powerful –  Supports all your complex networking •  IPSEC VPN •  Stretched Applications •  Layer 2 Extension - BYOIP –  Advanced application security
  • 29. Go To VMware Cloud Academy •  See a video of this presentation and others to learn more about vCloud Air •  Condensed VMworld jump start presentations delivered by technical subject-matter experts •  Free and ungated to learn at your own pace •  All videos under 15 mins! •  Test your knowledge by taking a quiz •  Download vCloud Air eBook and other assets and tools 29 http://vcloud.vmware.com/cloud-academy