Tomáš Michaeli, VMware
Juniper Day, Praha, 13.5.2015
Jestliže SlideShare nezobrazí prezentaci korektně, můžete si ji stáhnout ve formátu .ppsx nebo .pdf (kliknutím na tlačitko v dolní liště snímků).
2. Cíle nových datových center
2
• Obchodní požadavky nedefinuje IT ale obchodník a zákazník
• Konkurenceschopnost Opex / Capex
• Agilita a jednoduchost
• Bezpečnost
• Flexibilita
• Škálování
3. The next generation networking model
Network & Security Services
Now in the Hypervisor
L2 Switching
L3 Routing
Firewalling/ACLs
Load Balancing
Software
Hardware
Applications
Virtual
Machines
Virtual
Networks
Virtual
Storage
Data Center Virtualization
Location Independence
Compute
Capacity
Network
Capacity
Storage
Capacity
Software Defined Data Center
5. Micro-segmentation simplifies network security
Each VM inside own perimeter
Policies align with logical groups
Prevents threats from spreading
VM Data Compliance – PCI, HIPPA
Security Tagging concept
Firewall automation
App
DMZ
Services
DB
Perimeter
firewall
AD NTP DHCP DNS CERT
Inside
firewall
Finance EngineeringHR
5
7. NSX for vSphere Deployment Use Cases
Self-Service IT
Dev X
Dev A
Test X
Acquisition A
DevOps Cloud
On-boarding M&A
Usecases
Data Center
Automation
Micro-segmentation of App
Simplifying Compute Silos
DMZ Deployments
Migration
Usecases
Public Clouds
XaaS Clouds
Migration
Usecases
9. NSX – The Network Virtualization Platform
9
Consumption
How an end user consumes NSX services via a Cloud Management Platform.
The operator interacts with the system through UI or API.
Services
NSX logical services and 3rd party extensions for networking and security (ex. Logical switch , Logical
router, Firewall, Load Balancer, VPN, DDI)
DataPlane
Provides workload connectivity & services processing
(ex. hypervisors, physical switches and appliances)
Operations
Partner
Integration
NSX operator uses tools (built-in and 3rd party) for
troubleshooting, visibility
Management, Control & Data plane integration
of 3rd party services
DataPlane
XenServerNSX Edge Hyper-VvSphere KVM3rd Party GW
ServicesServices
L2 Switch Firewall Load BalancerL3 Router VPN DDI
Operations
Partner
Integration
Software partner extensions
Hardware partner extensions
Partner extensions
vCOPs
Consumption
Any
10. NSX | The Strategic Platform for the Next-Gen DC
CONFIDENTIAL 10
Micro-
Segmentation
Security
Disaster
Recovery
IT
Automation
Developer
Cloud
Data Center
Migration
/Refresh
Iaas
NSX
Distributed firewalling makes network security
inside data center perimeter operationally
feasible
Reduce RTO by 80%
Reduce infrastructure provisioning
time from weeks to minutes
Self Service Cloud
(vRealize Automation or Openstack
SDDC)
Live migrate workloads to new data
center without changing IP
addresses.
Best price / performance choice for
new network hardware
Provision or repurpose
generic physical capacity on
demand
So, What exactly is a “virtual network”?
A virtual network is a software container that delivers network services that connected workloads expect from a network.
Click – Logical switching, layer 2 connectivity which may be between two VMs on the same hypervisor and host, never leaving the hypervisor or between two VMs which are on two different sides of the data center across multiple L3 subnets and availability zones.
Click – Logical Routing, Layer 3 connectivity which may be between two VMs on the same hypervisor and host, but in different IP subnets and on different logical switches, without leaving the hypervisor to use a physical router or between two VMs which are on two different sides of the data center, again, without ever leaving the virtual network construct.
Click – Logical load balancers, and
Click –Logical Firewalls…all in software, all isolated from any other virtual network and from the underlying physical network.
click
Faithful reproduction of L2 – L7 network & security services
Services design for scale-out
Central API for provisioning & monitoring
All NSX components designed with resiliency
Extensive 3rd party ecosystem for NSX platform
NSX in vCloud Air and on-premises you can take your existing application and move it to vCloud Air or back without changing the firewall rules or network.
In order to understand our product direction it is important to share how we think about the functional elements of our platform first
The Data Plane provides workload connectivity & services processing (ex. hypervisors, switches and appliances)
Services refer to logical Network Services offered by NSX or extended by third party engines (ex. Logical switching, Logical routing, Firewalling, Load Balancing, VPN, DDI)
Partner Integration is complete orchestration of MGMT, Control & Data plane integration of 3rd party services
Operations is about tools used by NSX operator for troubleshooting and visibility
And Consumption is how an end user consumes NSX services through a CMS or an NSX The operator interacting with the system through UI or API