Embed Size (px)
Citation preview
Business Agility and Security with VMware 15 Apr 2015, Madrid
Ángel Villar Garea SDDC Systems Engineer @AVillarGarea
VMware – One Cloud, Any Application, Any Device
2 vmware.com/cloud
Physical Infrastructure
• Provisioning is slow • Placement is limited • Mobility is limited • Hardware dependent • Operationally intensive
Introducing VMware NSX
3
Network Virtualization with NSX
L2 Switch Firewall
Operational model of a VM
Software
• Programmatic provisioning • Place any workload anywhere • Move any workload anywhere • Decoupled from hardware • Operationally efficient Load Balancer L3 Router
Switching Routing Load Balancing
VPN Connectivity to Physical
VMware NSX, a complete Network and Security Solution
Advanced service insertion and chaining, including but not limited to: - NGFW - FIM (File Integrity Management) - IDS/IPS - Vulnerability Scanning - AV - Policy Management and Compliance
4
Micro- Segmentation
VMware NSX Ecosystem: http://www.vmware.com/products/nsx/resources
Rack N’ Roll!!
5
Web
App
Database
VM VM
VM VM VM
VM
Deploy complete Applications from CMP, including VMs, Logical Networks and Security
Add Capacity on Demand
Multitenant Isolation
VMware NSX Micro-Segmentation
6
Isolation and segmentation
Unit-level trust / least privilege
Ubiquity and centralized control
Zero-Trust security model that follows the VM
1
2
3
Microsegmentation is now possible in dynamic, multi-tenant environments: • High performance, in kernel distributed stateful firewall • Security between VMs on same IP Subnet • Integration with best-of-breed security partners
VMware NSX Ecosystem: http://www.vmware.com/products/nsx/resources Developing a Framework to Improve Critical Infrastructure Cybersecurity: http://csrc.nist.gov/cyberframework/rfi_comments/040813_forrester_research.pdf
VMware NSX Momentum
Top investment banks
Enterprises, public & service providers
7
VMware solutions, easy to deploy and manage
8 Synergent Use Case: http://virtualizeyournetwork.com/articles/explore/synergent-taps-vmware-nsx-for-micro-segmentation-and-it-automation-in-the-software-defined-data-center/
VMware NSX Network Virtualization
• Transforms networking and security for the SDDC
• Over 400 paying customers • Application provisioning from
weeks to minutes • New architecture for security
Available Since Q4 2013
Hybrid Networking Services
Powered by VMware NSX
Extend vCloud Air advanced networking
services into customers’ private data centers
Availability starts H12015
The Power of a Single Network – vCloud Air Securely Bridging Public and Private Clouds
VMware NSX Ecosystem Extensibility
Hybrid Cloud
vCloud Air Advanced Networking Services
Powered by VMware NSX, enabling customers to
achieve Zero Trust security model in the
public cloud
Available Jan 2015
Private Cloud Public Cloud
AVAILABILITY STARTS H12015
9 VMware vCloudAir: http://vcloud.vmware.com Ten Advantages of Virtual Private Cloud OnDemand: http://www.vmware.com/files/pdf/vcloud-air/VMW-vCloud-Air-OnDemand-Infographic.pdf
Some other things moving…
10
OVN: http://openvswitch.org/pipermail/dev/2015-January/050380.html NSX at OpenStack Summit: https://www.youtube.com/watch?v=nGkzINmtR8o
NSX and Containers, VMworld2014: https://www.youtube.com/watch?v=bsesu83mXdY Bruce Davie Interview: https://www.youtube.com/watch?v=cMd05lKYqjg
ü Official OpenStack distribution ü Open source code packaged, hardened, and supported by VMware ü Free for all vSphere ENT+ Customers (including vCloud Suite, vSOM Ent+), Optional support
Included OpenStack Components: Integrated VMware Technologies:
Current Future
11
Horizon (web portal) CLI Tools / SDKs
vRealize Business Cost visibility
vCenter
Nova (compute)
Neutron (network)
Cinder (block storage)
Glance (images)
vCenter Datastores 3rd-party / Virtual SAN
Trove, Ceilometer, etc. (Additional higher layer services in future releases)
Keystone (identity)
Local DB & LDAP
SSO
vRealize Log Insight Log collection,
O/S Content pack
NSX
vRealize Operations OpenStack mgmt packs
Swift (object store)
Basic open
source
vSphere Web Client Install, Configure and Troubleshoot
3rd Party
Heat
vRealize Automation
Governance
VMware Integrated OpenStack (VIO)
VMware Integrated OpenStack: https://www.vmware.com/products/openstack
VIO in production – Adobe Marketing Cloud
12
Company Background
Adobe Digital Marketing Cloud provides SaaS digital marketing capabilities to large B2B enterprises. […] superior web experience management, analytics, social marketing, media optimization, testing and targeting, and campaign management for hundreds of organizations around the world.
The choice VMware Integrated OpenStack (VIO) offered a full, standard OpenStack distribution. The best combination of capabilities, maturity, roadmap, and VMware integration enabled Adobe Digital Marketing efficient infrastructure modernization while building on the strengths of their existing environment
Addressing concerns
Deploying VIO components took about ten minutes While issues such as upgrade paths were concerns, VIO’s roadmap and ease of upgrade mitigated potential problems.
Adobe Digital Marketing’s IT Transformation with OpenStack!
Game changer: inside Adobe’s new Marketing Cloud architecture: http://superuser.openstack.org/articles/game-changer-inside-adobe-s-new-marketing-cloud-architecture
And not only VIO – VMware OpenStack Ecosystem
13
* NSX only
VMware works openly with the OpenStack vendor ecosystem to make sure technologies like vSphere, NSX, vRealize Operations, vRealize Automation, etc. all work with third-party distros.
VMware – One Cloud, Any Application, Any Device
14 vmware.com/cloud
Thank you!
More information
16
Description Link
VMware NSX web site http://www.vmware.com/products/nsx/
VMware NSX Twitter https://twitter.com/vmwarensx
Hands-on-Labs Networking http://labs.hol.vmware.com/HOL/catalogs/catalog/130
NSX for vSphere Design Guide 2.1 https://communities.vmware.com/servlet/JiveServlet/previewBody/27683-102-3-37383/NSXvSphereDesignGuidev2.1.pdf
VMware NSX customer case – WestJet http://www.youtube.com/watch?v=3OsXGuZjxxY
VMware NSX customer case – Colt http://blogs.vmware.com/networkvirtualization/2014/08/vmware-nsx-customer-story-colt-decreases-data-center-networking-complexity.html
VMware NSX customer case – NTT http://www.vmware.com/company/news/releases/vmw-ntt-netvirt-061013
Brad Hedlund on end-to-end visibility in VMware NSX http://www.youtube.com/watch?v=wRL47AmFAUU
VMware NSX and Splunk - Operational Visibility Across Virtual and Physical Domains http://www.youtube.com/watch?v=PzMvQFeojCk
Gartner Data Center Networking Magic Quadrant 2014
17
“The NSX solu-on should be considered by exis-ng VMware customers as a way of providing network agility and reducing network opera3onal challenges within the data center.”
Gartner Data Center Networking Magic Quadrant, April 24, 2014
Automated Security Example – Anti Virus Protection Quarantine Vulnerable Systems until Remediated
Security Group = Quarantine ZoneMembers = {Tag = ‘ANTI_VIRUS.VirusFound’, L2 Isolated Network}
Security Group = Web TierPolicy Definition Standard Desktop VM Policy þ Anti-Virus – Scan Quarantined VM Policy þ Firewall – Block all except security tools þ Anti-Virus – Scan and remediate
18
vSphere 6.0 improvements
19
Instantaneous Failover
Cross switch and Cross vCenter Server vMotions
Long-Distance vMotion Fault Tolerance for Multi-Processor VMs
Instantaneous Failover
4 vCPU 4 vCPU
vSphere Primary Secondary
Fast Checkpointing
NIOCv3 – Network SLAs • Network-Wide Bandwidth Allocation • Granular QoS management at vNIC level • Used by DRS to guarantee hosts meet VM requirements
vSphere 6.0: http://www.vmware.com/products/vsphere/ What’s New in VMware vSphere 6.0?: http://www.vmware.com/files/pdf/vsphere/VMware-vSphere-Whats-New.pdf
vCloud Air OnDemand, just a Browser and a Credit Card
20 VMware vCloudAir: http://vcloud.vmware.com Ten Advantages of Virtual Private Cloud OnDemand: http://www.vmware.com/files/pdf/vcloud-air/VMW-vCloud-Air-OnDemand-Infographic.pdf
vCloud Air Disaster Recovery
1Dependent on available bandwidth
Simple and Secure Asynchronous Replication and Failover for vSphere
• Warm standby capacity on vCloud Air • Self-service protection, failover and
failback workflows per VM • 15 min1 – 24 hr. recovery point
objective (RPO) • Initial data seeding by shipping a disk
21
Site A (Primary) vCloud Air, Site B (Recovery)
DR Instance
vCloud Air Disaster Recovery: http://vcloud.vmware.com/uk/service-offering/disaster-recovery
vCloud for NFV with Integrated OpenStack
22 vCloud For NFV With Integrated OpenStack: http://ir.vmware.com/releasedetail.cfm?ReleaseID=899052
