2. The Transformation is Happening…
CAR THAT
DRIVES ITSELF
CONTACT LENS THAT
CONTROLS BLOOD SUGAR
THERMOSTAT THAT
KNOWS YOU’RE AWAY
SATELLITE-BASED APPS FOR
PRECISION AGRICULTURE
GLASSES THAT DIRECT
US WHERE TO GO
DRONES THAT DELIVER
OUR GROCERIES
CLASSROOMS THAT
EXTEND GLOBALLY
3. App
Generation 2.5
Emerging
Market Majority
• Mixed Application
Types
• VMs and Containers
• Emerging DevOps
Discipline
• Cross Cloud The
New Norm
3
A Mixed
Mode World
App
Generation 2.0
• Client Server Apps
• VMs Only
• Little DevOps
• Mostly Private Cloud
Diminishing
Market Presence
App
Generation 3.0
• Cloud Native Apps
• Containers
• Maturing DevOps
• Mostly Public Cloud
Market
Vanguard
4. Bring Developer and IT Together
DEVELOPER
Increase Feature Velocity
Decrease Spend
OPERATOR
Increase Service Levels
Decrease Cost
5. VMware Highly Confidential – VMWARE INTERNAL USE ONLY DO NOT DISTRIBUTE
VMware PKS
Analytics Automation
SecurityOperations
MonitoringLogging
Physical Infrastructure
Container
Registry
vSphere vSAN
Kubernetes on BOSH (Kubo)
NSX
BOSH
GCP
Service
Broker
masteretcd workermasteretcd worker
6. Developer Ready Infrastructure
Automation and
Security for
infrastructure
Microservices for
Developers
VMware NSX
Pivotal Cloud Foundry
AppApp
. . .
Developer
IT
Enterprise Security is now App-Aware and Fully Automated
Greater Compliance
and Better Developer
Productivity
Microsegmentation
Meets Microservices
Agility Meets Security
7. 1st and 2nd Mover Advantage
Business leaders need IT to be like Amazon
7
No IT Outsourced
New IT
Internal/Hybrid
or
Hardware Defined
Data Center (HDDC)
Software Defined
Data Center (SDDC)
or
9. Current State - Application Lifecycle
Test-Preproduction Environment – Test and Update
Update VM image
Re-Config
vlan
Re-Create
Security
Policies
Re-Config
LB
Re-Config
Routing
Move
VM
Time
5-7 days
Time
5-7 days
Time
5-7days
Time
5-7 days
Time
mins
Spin up
VM
Config
vlan
Config
LB
Config
Routing
Create
Security
Policies
Time
mins
Time
5-7 days
Time
5-7 days
Time
5-7 days
Time
5-7 days
Development Environment
Production Environment
10. Network virtualization overview
Decoupled
Hardware
Software
General Purpose Networking Hardware
Network Hypervisor
Requirement: IP Transport
Virtual
Network
Virtual
Network
Virtual
Network
Workload Workload Workload
L2, L3, L4-7 Network Services
General Purpose Server Hardware
Server Hypervisor
Requirement: x86
Virtual
Machine
Virtual
Machine
Virtual
Machine
Application Application Application
x86 Environment
10CONFIDENTIAL
11.
12. Web Tier
App Tier
DB Tier
L2 Switch
L3 Subnet
L3 Subnet
AllSoftwareConstruct
Physical Network
NAT
Internet
The next-generation networking model
L2 Switch
L2 Switch
L3 Subnet
13. Enabling PCI in a
Shared Environment
SECURING EVERY SINGLE
POINT IN THE NETWORK
Virtualization-aware controls
and enforcement
Automated security
provisioning
Secure transaction processing
75% improvement in securely
delivering time to value
Entire Development
Environments at the
Press of a Button
Rapid, repeatable deployment
of IT services
Standardized security policies
Operational efficiencies
Surpassing time, budget, and
delivery objectives
Rent-a-center
13
The Future of
US Government
Cybersecurity
Dynamic security provisioning
based on observed threats
Application-level enforcement
Blueprint-based provisioning
Supporting All Branches of
the U.S. Military, DoD, FBI,
Homeland Security
SECURE, AUTOMATED
GOVERNMENT CLOUD
14. The Only Thing Outpacing Growth in Security
Spend is Growth in Security Breaches
IT Spend Security Spend Security Breaches
Annual Cost of Security
Breaches: $445B
(Source: Center for Strategic and Int’l Studies)
Security as a % of
IT Spend:
2012: 11%
2015: 21 %
(Source: Forrester)
Projected Growth Rate
in IT Spend from 2014-
2019: Zero (Flat)
(Source: Gartner)
15. Why are breaches still happening?
15
Unconstrained communication
Little or no lateral controls inside perimeter
Low priority systems are
targeted first.
Attackers can move freely
around the data center.
10110100110
101001010000010
1001110010100
Attackers then gather and
exfiltrate data over weeks
or even months.
Internet
Data Center
Perimeter
18. Disaster recovery today (simple view)
18
10.0.10/24 10.0.20/24
10.0.10.21
10.0.20.21 Major
RTO
impact
Change IP address,
reconfigure security4
Primary site Recovery site
Recover
the VM3
Replicate
VM and storage
2Physical network infrastructure Physical network infrastructure
SAN
1
Snapshot VM
SAN
Step 1&2
(e.g VMware SRM)
19. Disaster recovery with NSX network virtualization (simple view)
SAN SAN
10.0.30.21 10.0.30.21
Virtual Network
10.0.30/24
80%
RTO
Virtual Network
10.0.30/24
NSX Controller NSX Controller
Snapshot
network
security
2b
1
Snapshot VM
Network and security
already exists
Recover
the VM
3
Physical network infrastructure Physical network infrastructure2a
Replicate
VM and storage
10.0.10/24 10.0.20/24
Step 1 & 2
(e.g VMware SRM)
19
Primary site Recovery Site
20. VMware Highly Confidential – VMWARE INTERNAL USE ONLY DO NOT DISTRIBUTE
PCF Consolidated Monitoring Dashboard with
VMware vR OPs
DEA Heatmap
DEA CPU
Utilization
DEA Memory
Available
DEA Disk
Available
PCF Foundation
Component Health
DEA Health
Dashboard
DEA Health Graph
Active PCF Alerts
21. VMware Highly Confidential – VMWARE INTERNAL USE ONLY DO NOT DISTRIBUTE
vRealize Log Insight Dashboard for PCF Logs
vRealize Log Insight complements
PCF’s Loggregator service to take
action upon or store long term
historical application Logs, hence
providing a critical service
1. Enter [ application url ] for primary filter string
2. Enter an additional filter 'text contains SEVERE'
3. Select 'Latest Hour of Data'
4. Review the log entry for your [ application url ]
(It almost created a memory leak :( ..... )
22. VMware Highly Confidential – VMWARE INTERNAL USE ONLY DO NOT DISTRIBUTE
Inherently secure
infrastructure
High performance
distributed networking
Availability for the PaaS
NSX delivers …
22
Be more efficient
Run things cheaper
Improved data center operations
CapEx ( increase compute efficiency, ensure full life of network hardware)