NET3282BU The NSX Practical Path or distribution for ... · 2016 Q2 2,600+ Q2 1,300+ 2,600+ customers across all industries and organizational sizes —representing 100% year-over-year

Nikhil Kelshikar, Sr. Director NSX Tech Prod Management @nikhilkelshikar

Ron Fuller, Staff NSX Systems Engineer@ccie5851

NET3282BU

#VMworld #NET3282BU

The NSX Practical Path

VMworld 2017 Content: Not fo

r publication or distri

bution

• This presentation may contain product features that are currently under development.

• This overview of new technology represents no commitment from VMware to deliver these features in any generally available product.

• Features are subject to change, and must not be included in contracts, purchase orders, or sales agreements of any kind.

• Technical feasibility and market demand will affect final delivery.

• Pricing and packaging for any new technologies or features discussed or presented have not been determined.

Disclaimer

CONFIDENTIAL 2



bution

Session Objectives – NSX Practical Path

• Understand why are customers deploying NSX

• Learn the top use cases for how NSX is being deployed

• Watch demos showcasing security, app continuity and automation

• Hear about where NSX can take your business

#NET3282BU CONFIDENTIAL 3



bution

Agenda – The NSX Practical Path

1 NSX today

2 Why are customers deploying NSX

3 NSX for security

4 NSX for application continuity

5 NSX for automation

6 What next for NSX and you




bution


1 NSX today


3 NSX for security




5#NET3282BU CONFIDENTIAL



bution

APP

The goals haven’t changed…

Focus on the app

Security of applications and data

Speed of delivery

Application availability

…but everything else has

Changes in threats landscapeAttack Sophistication | Persistent Threats | Weaponization of Cyberspace

Changes in application architecturesContainerization | Microservices | PaaS

Changes to infrastructureConvergence | Private Cloud | Public Cloud



bution

Enabling Digital Transformation in a Software-defined WorldVMware NSX network virtualization and security platform helps our customers make the transition

to the digital era

Works across hypervisors,

application frameworks, clouds

Infrastructure

independent

Security wrapped around the

VM, container, microservice




bution


1 NSX today


3 NSX for security







bution

NSX Customer Momentum Is Growing Exponentially

Customers CertificationsDeployments

2017

2016

Q2 2,600+

Q2 1,300+

2,600+ customers across all

industries and organizational

sizes — representing 100%

year-over-year growth

Over two new deployments of NSX

per day. Number of deployments

increased 3x year-over-year

8,800+ Certified NSX

professionals

NSX




bution

NSX Is Everywhere

SERVICEPROVIDER

HEALTHCARE FINANCE TECHNOLOGY PUBLICSECTOR

EDUCATION RETAIL TRAVEL ANDTRANSPORT




bution

SecurityInherently secure infrastructure

AutomationApps at the speed of business

Application continuityData center anywhere

NSX Customer Use Cases

Micro-segmentation IT automating IT Disaster recovery

DMZ anywhere Multi-tenant infrastructure Cross cloud

Secure end user Developer cloud Multi data center pooling




bution

Getting Started with NSX

12

Deploy NSX Manager

Use the step-by-step “Deploy OVF

Template” wizard to get you started.

1

It’s as simple

as deploying

a VM.

2

3

Register NSX with vCenter

Enables access to all vCenter

objects and NSX firewall policy

management and deployment

through vCenter.

Deploy NSX Controllers

Deploy NSX controllers to run

the control plane for NSX

Uses the same

familiar vSphere

interface.

Three controllers

are deployed for

high-availability

4

5

Prepare Clusters

NSX components are automatically

pushed down to the hosts.

Configure and Deploy

EdgeService Gateways

Enables connectivity between

the physical and virtual

networks.

All hosts are

ready no manual

interaction

needed

Gateways are

just VMs and are

easily scalable.

#NET3282BU CONFIDENTIAL



bution

Demo – NSX Deployment (fully automated)

13https://github.com/vmware/powernsx/blob/master/Examples/NSXBuildFromScratch.ps1

NET2119BUTuesday, 5:30 pm



bution


1 NSX today


3 NSX for security







bution

Our Security Focus


Secure Identity

and EndpointsSecure Application

Infrastructure

Establish & Maintain

Least Privilege Environments

Align Security Controls

To Applications & Data

COMPUTENETWORKUSER DEVICEs

USERS USERS

Data

DATA



bution

Security

Inherently secure infrastructure

NSX Security Features

Micro-segmentation

DMZ anywhere

Secure end user

• Distributed firewall for inter / intra zone segmentation

• Rules based on IP, MAC, VM attributes, vCenter & external context

• VDI security with NSX distributed firewall context based on active directory

• Guest introspection for anti-virus, malware protection

• DMZ for PCI, HIPAA and other compliance

• Guest introspection for anti-virus, malware protection, 3rd party FW, IPS/IDS




bution

Getting Started with NSX Security

17

Run Virtual Network Assessment

Deploy VRNI to understand current

state of infrastructure based on flow

analysis

1

No need to

install NSX

yet!

2

3

Deploy NSX

Install NSX bits and prepare hosts

to deploy NSX distributed firewall.

No changes to your existing

infrastructure.

Create Infrastructure DFW Rules

Use data from Virtual Network

Assessment to build firewall

policy for core services like

DNS, syslog, AD and more.

Hint – you can

automate this!

Gives apps

access to core

services

4

5

Run Application Rule Manager

ARM analysis can be used to analyze

posture of your apps and

automatically create new rules

Micro-segment and monitor

Repeat for other apps, send

logs to syslog and monitor

your apps

Build a micro-

segmentation

policy

Micro-

segmentation

done!




bution

Demo – Application Rule Manager

18

SAI2803BUWednesday, 3:30 pm



bution

Context-Aware Micro-SegmentationDeeper Introspection & Strengthened Ecosystem

File /

BinaryProc / Exe Socket L4/5-tuple AppID-UserID

Endpoint Monitoring (EM) Application Rule Manager (ARM)

vCenter

OpenStack

Cloud

Container

In-Guest NetworkSource

VMware

EDR / AV-AM / DLP / APT

Action-Driven Context TriggersNSX Dynamic Rulesets NSX Tags, Alerts, Logs

AirWatch / AppDefense

NGFW / IPSPartners




bution

NSX Security Certifications and Compliance

20

Distributed

Firewall

Edge

Firewall

VPN

http://pubs.vmware.com/Release_Notes/en/nsx/6.3.0/releasenotes_nsx_vsphere_630.html

https://solutionexchange.vmware.com/store/products/vmware-pci-compliance-and-cyber-risk-solutions

http://ir.vmware.com/overview/press-releases/press-release-

details/2016/Newly-Released-STIG-Validates-VMware-NSX-

Meets-the-Security-Hardening-Guidance-Required-for-

Installment-on-Department-of-Defense-DoD-

Networks/default.aspx

https://www.vmware.com/content/dam/digitalmarketing/vmware/e

n/pdf/vmware-product-applicability-guide-hipaa-hitech.pdf

https://www.vmware.com/content/dam/digitalmarketing/vmware/e

n/pdf/vmware-product-applicability-guide-for-fedramp-v1-0.pdf

https://www.vmware.com/content/dam/digitalmarketing/vmware/en/

pdf/vmware-product-applicability-guide-nerc-cip.pdf




bution

http://pubs.vmware.com/Release_Notes/en/nsx/6.3.0/releasenotes_nsx_vsphere_630.html

https://solutionexchange.vmware.com/store/products/vmware-pci-compliance-and-cyber-risk-solutions#.VRLGzZPF9Fg

http://ir.vmware.com/overview/press-releases/press-release-details/2016/Newly-Released-STIG-Validates-VMware-NSX-Meets-the-Security-Hardening-Guidance-Required-for-Installment-on-Department-of-Defense-DoD-Networks/default.aspx

https://www.vmware.com/content/dam/digitalmarketing/vmware/en/pdf/vmware-product-applicability-guide-hipaa-hitech.pdf

https://www.vmware.com/content/dam/digitalmarketing/vmware/en/pdf/vmware-product-applicability-guide-for-fedramp-v1-0.pdf


1 NSX today


3 NSX for security







bution

Application continuityData center anywhere

NSX Features for Application Continuity

Disaster recovery

Cross cloud

Multi data center pooling

• Cross vCenter NSX - Universal Logical Switches, Universal firewall

• Active / DR Security tag synchronization

• Multiple active – active vCenter deployment

• Cross VC NSX with egress routing optimizations

• Extension to public cloud – VMware Cloud on AWS

• L2VPN, L3VPN for cloud on-boarding




bution

Applications that Span Data

Centers and Clouds

“Our ability to develop something once and extend it to

both private and public clouds allows us to deliver new

products, services, and updates much faster, so we

can keep up with and even lead the pace of change in

our industry. That means happy guests, happy

employees, and a very productive IT team.”

Alan Rosa

Sr. Vice President

Technology Delivery & IT Security

Marriott International

Cross cloud



bution

Getting Started with NSX Application Continuity

24

Deploy NSX on primary site and host prep

Install NSX bits and prepare hosts

to deploy NSX distributed firewall

1

Install NSX on

primary and

secondary

sites

3

2

Deploy Secondary NSX managers and register

Register secondary NSX managers

with primary for Cross

vCenter functionality..

Deploy Universal NSX Controllers

Deploy NSX controllers and

configure universal transport

zones.

Cross vCenter

Connectivity

Three controllers

are deployed for

high-availability

4

5

Create Universal Objects

Create Universal logical switches,

universal routers, universal firewall

rules and policies– optimized with

local egress

Configure and Deploy

EdgeService Gateways

Enables access between the

physical and virtual networks.

Universal objects

are extended

across sites

Gateways are

just VMs and are

easily scalable.




bution

DemoDR to Public Cloud

25

NET1190BU/1191BUThursday, 10:30 am



bution

Multisite networking and security (cross-vCenter)

26

vCenter-A

<150ms

Local storage Local storage

Site-A Site-B

vCenter-B

Universal distributed logical router

Secure, high availability, distributed, virtualized resource pool




bution


1 NSX today


3 NSX for security







bution

Automation Apps at the speed of business

NSX Customer Use Cases

IT automating IT

Multi-tenant infrastructure

Developer cloud

• Automation of IT tasks using NSX API and scripting

• Integration with cloud management platforms – vRealize Automation, etc.

• OpenStack environments using VIO

• Container deployments

• Multi-tenant Cloud deployments using vCloud Director, OpenStack




bution

Agility for Developers and Beyond

“Whether I’m deploying containers, whether I’m deploying

VMs, whether I’m doing bare metal, whether I’m using

OpenStack, it’s all a means to an end. Ultimately, what the

customer is expecting is ability, agility, and continuously

driving down costs. And that’s what NSX allows

us to provide.”

Wolfgang Krips

EVP Global Operations

Amadeus

Developer cloud



bution

NSX IT Automation Capabilities

UI and workflow-based consumption of networking and security

GUI

Programmatic consumption

Enables easy automation of both installation and deployment processes

APICloud management

platform

Networking and security deployment as a part of application deployment




bution

Demo – Automation of Security Rule Creation with Powershell



bution


1 NSX today


3 NSX for security







bution


NSX Vision: Driving NSX EverywhereManaging security and connectivity for many heterogeneous end points

New app frameworks

Branch offices/Edge computing/IOT

End usersOn-premises data center

Automation

IT at the speed of business

Security

Inherently secure infrastructure

Application Continuity

Data center anywhere

Cloud

vCloud AirNetwork

33




bution

Modernizing an Application with Kubernetes


Network, load balancing, and security configured as part of K8s deployment

Admin config

App-driven config

K8s

django-frontend

Network

redis-backend

Network

Layer 3

Namespace

Logical Routerdjango-frontend.k8scloud.com redis.k8scloud.com

App: Django

ingress

Deployment

Namespace

django-frontend

App: Redis

service

Deployment

Namespace

redis-backend

34



bution

Demo – K8s + NSX

NET1522Done



bution



bution

This new approach to networking enables IT organizations to transform, resulting in delivering greater value to the business.

+ =People

Break down traditional IT

siloes for more cross-

functional teams

#NSXmindset

ProcessesAutomate processes to

reduce complexity and

manual tasks

CultureIT becomes more agile

in how it delivers value

to the business

VMware NSX Enables a Big Step Forward for IT




bution

APPLICATIONS ARE SOFTWARE.

YOUR NETWORK SHOULD BE, TOO.VMworld 2017 Content: N

ot for publicatio

n or distribution

Join VMUG for exclusive access to NSX

vmug.com/VMUG-Join/VMUG-Advantage

Connect with your peers

communities.vmware.com

Find NSX Resources

vmware.com/products/nsx

Network Virtualization Blog

blogs.vmware.com/networkvirtualization

Where to Get Started


Dozens of Unique NSX Sessions

Spotlights, breakouts, quick talks & group discussions

Visit the VMware Booth

Product overview, use-case demos

Visit Technical Partner Booths

Integration demos – Infrastructure, security, operations,

visibility, and more

Meet the Experts

Join our Experts in an intimate roundtable discussion

Free Hands-on Labs

Test drive NSX yourself with expert-led or self-paces

hands-on labs

labs.hol.vmware.com

Training and Certification

Several paths to professional certifications. Learn

more at the Education & Certification Lounge.

vmware.com/go/nsxtraining

Engage and Learn Experience

Try Take

39



bution

https://www.vmug.com/VMUG-Join/VMUG-Advantage

https://communities.vmware.com/community/vmtn/nsx

http://vmware.com/products/nsx

http://blogs.vmware.com/networkvirtualization

http://labs.hol.vmware.com/

http://www.vmware.com/go/nsxtraining



bution



bution

Documents

NET3282BU The NSX Practical Path or distribution for ... · 2016 Q2 2,600+ Q2 1,300+ 2,600+ customers across all industries and organizational sizes —representing 100% year-over-year