5. Server Virtualization Issues Need Shared Nomenclature Between Network Admin and Server Admin 3 VMware vCenter Manager Switch Supervisor Interface
6. Key Findings of the 1000V ROI Study Virtualize More Apps with 1000V Spend Fewer Hours Running the vNetwork With 1000V 30% APPS 30% HOURS
7.
8. Spend 30% Less Hours/Yr on vNetwork Fewer Hours “ Keeping the Lights on” Means More Hours “ Innovating”
9.
10. Policy-Based VM Connectivity Mobility of Network and Security Properties Non-Disruptive Operational Model Nexus 1000V VM VM VM VM Nexus 1000V VM VM VM VM Nexus 1000V VSM Server Server Physical Switches vSphere vSphere VMware vCenter
21. Nexus Switch Family Product Technology Cisco Nexus 7000 Cisco Nexus 5000 Cisco Nexus 1000V Cisco Nexus 1010 Cisco Nexus 2000 NX-OS: Unified OS for the data center Unified Fabric: Lossless 10Gb transport for next-generation DC Fibre Channel over Ethernet (FCoE): Unified transport for LAN and FC VN-Link: Virtual Machine Aware Network RAB, DAL: High performance for HPC environments 10GbE: Enhanced speed for growing demand Access Access Core Server
22.
23.
24. Architecture Comparison Nexus 1000V VM VM VM 1000V VSM x 1 Server VSM on Virtual Machine Nexus 1000V VEM VM VM VM Server VM Cisco Nexus 1010 1000V VSM x 4 VSM on Nexus 1010 Physical Switches Physical Switches vSphere vSphere
25. Benefits for Both Teams Server Admin Network Admin Offload VSM Install/Mgmt to Network Team VSM Doesn’t Need VMware ESX Licensing Install The VSM Like a Standard Cisco Switch Prepare for VM Sprawl with Ample Scalability (256 Hosts Per Nexus 1010 Appliance)
26. Feature Comparison VSM on Virtual Machine VSM on Nexus 1010 Nexus 1000V features and scalability VEM running on vSphere 4 Enterprise Plus NX-OS high availability of VSM 64 hosts per VSM Nexus 1000V features and scalability VEM running on vSphere 4 Enterprise Plus NX-OS high availability of VSM 64 hosts per VSM, 4 VSMs, 256 hosts in total Installation like a standard Cisco switch Network Team manages the switch hardware Dedicated services appliance (NAM, etc.) Pure software deployment
27.
28.
29. Switch Feature Comparison 1 Feature ESX 3.5: Standard vSwitch ESX 4.0: vNetwork Standard Switch (U1) ESX 4.0: vNetwork Distributed Switch (U1) Cisco Nexus 1000V (U1) Switching Features Layer 2 Forwarding Yes Yes Yes Yes IEEE 802.1Q VLAN Tagging Yes Yes Yes Yes Multicast Support (IGMP v2 and v3) Yes Yes Yes Yes IGMPv3 Snooping - - - Yes VMware VMotion Support Yes Yes Yes Yes Network VMware VMotion (Network Policy) - - Yes Yes Upstream Switch Connectivity Virtual MAC Pinning Yes Yes Yes Yes EtherChannel Yes Yes Yes Yes Virtual Port Channels - - - Yes Link Aggregation Control Protocol (LACP) - - - Yes Load Balancing Algorithms Virtual Switchport ID Yes Yes Yes Yes Source MAC Yes Yes Yes Yes Source and Destination IP Yes Yes Yes Yes Source and Destination MAC - - - Yes Source and Destination Port IP - - - Yes Additional Hashing Options - - - Yes
30. Switch Feature Comparison 2 Feature ESX 3.5: Standard vSwitch ESX 4.0: vNetwork Standard Switch (U1) ESX 4.0: vNetwork Distributed Switch (U1) Cisco Nexus 1000V (U1) Traffic Management Features Tx Rate Limiting (from virtual machine) Yes Yes Yes Yes Rx Rate Limiting (from virtual machine) - - Yes Yes iSCSI Multipathing - Yes Yes Yes Quality-of-service (QoS) marking Differentiated Services Code Point (DSCP) - - - Yes Type of Service - - - Yes Class of Service - - - Yes Security Features Port Security Yes Yes Yes Yes VMware VMSafe compatible Yes Yes Yes Yes Private VLANs (PVLANs) - - Yes Yes Local PVLAN enforcement - - - Yes Access Control Lists (ACL) - - - Yes DHCP Snooping - - - Yes IP Source Guard - - - Yes Dynamic ARP Inspection - - - Yes Virtual Service Domain - - - Yes
31. Switch Feature Comparison 3 ** Virtual switch network syslog information is exported and included with VMware ESX Server events. Feature ESX 3.5: Standard vSwitch ESX 4.0: vNetwork Standard Switch (U1) ESX 4.0: vNetwork Distributed Switch (U1) Cisco Nexus 1000V (U1) Management Features VMware vCenter Support Yes Yes Yes Yes Third Party Accessible APIs Yes Yes Yes Yes Network Policy Groups Yes Yes Yes Yes VMware port mirroring (promiscuous) Yes Yes Yes - Multi-Tier Policy Groups (inheritance) - - - Yes SPAN - - - Yes ERSPAN - - - Yes Netflow v9 - - - Yes SNMP v3 Read/Write - - - Yes CDP v1/v2 Yes Yes Yes Yes Syslog ** ** ** Yes Packet Capture & Analysis - - - Yes Radius/TACACS+ - - - Yes Configuration and management console and interface VI Client VI Client VI Client to VMware vCenter Server VMware vCenter and Cisco CLI IPv6 for Management Yes Yes Yes Yes NX-OS XML API - - - Yes
Bullet1: vMotion moves VMs across physical ports—the network policy must follow From a network perspective, one would like to have a security policy that is attached to the virtual machine as it moves. Unfortunately, today’s tools only allow for network policy to be attached to the physical server. In fact, VMware has a tool called DRS, or Dynamic Resource Scheduler, that automatically migrates the VM depending on CPU and memory loads. Regardless of the time of day, network administrators need to know what the VMs are doing. What they really need is mobile security policy attached to the VM Bullet2: Impossible to view or apply network policy to locally switched traffic The second issue with server virtualization is the virtual switch inside the hypervisor that switches packets between virtual machines. It is actually fairly difficult to see which VM is actually talking to other VMs inside the server. Customers are demanding troubleshooting and debugging capabilities inside the server. Bullet3: Need collaboration between network and server admin There is muddled ownership of the virtual switch. Nowadays, server admins manage the virtual switch, and they need constant communication with their nework administrator to configure the virtual switch. On one hand, Server admins want their network team to configure the virtual network. On the other hand, network admins are demanding network tools to configure the virtual switch and they want visibility down to the virtual machine. Nexus 1000V overcomes these three server virtualization issues, and accelerates datacenter virtualization.
Bullet1: vMotion moves VMs across physical ports—the network policy must follow From a network perspective, one would like to have a security policy that is attached to the virtual machine as it moves. Unfortunately, today’s tools only allow for network policy to be attached to the physical server. In fact, VMware has a tool called DRS, or Dynamic Resource Scheduler, that automatically migrates the VM depending on CPU and memory loads. Regardless of the time of day, network administrators need to know what the VMs are doing. What they really need is mobile security policy attached to the VM Bullet2: Impossible to view or apply network policy to locally switched traffic The second issue with server virtualization is the virtual switch inside the hypervisor that switches packets between virtual machines. It is actually fairly difficult to see which VM is actually talking to other VMs inside the server. Customers are demanding troubleshooting and debugging capabilities inside the server. Bullet3: Need collaboration between network and server admin There is muddled ownership of the virtual switch. Nowadays, server admins manage the virtual switch, and they need constant communication with their nework administrator to configure the virtual switch. On one hand, Server admins want their network team to configure the virtual network. On the other hand, network admins are demanding network tools to configure the virtual switch and they want visibility down to the virtual machine. Nexus 1000V overcomes these three server virtualization issues, and accelerates datacenter virtualization.
Bullet1: vMotion moves VMs across physical ports—the network policy must follow From a network perspective, one would like to have a security policy that is attached to the virtual machine as it moves. Unfortunately, today’s tools only allow for network policy to be attached to the physical server. In fact, VMware has a tool called DRS, or Dynamic Resource Scheduler, that automatically migrates the VM depending on CPU and memory loads. Regardless of the time of day, network administrators need to know what the VMs are doing. What they really need is mobile security policy attached to the VM Bullet2: Impossible to view or apply network policy to locally switched traffic The second issue with server virtualization is the virtual switch inside the hypervisor that switches packets between virtual machines. It is actually fairly difficult to see which VM is actually talking to other VMs inside the server. Customers are demanding troubleshooting and debugging capabilities inside the server. Bullet3: Need collaboration between network and server admin There is muddled ownership of the virtual switch. Nowadays, server admins manage the virtual switch, and they need constant communication with their nework administrator to configure the virtual switch. On one hand, Server admins want their network team to configure the virtual network. On the other hand, network admins are demanding network tools to configure the virtual switch and they want visibility down to the virtual machine. Nexus 1000V overcomes these three server virtualization issues, and accelerates datacenter virtualization.
How will the Nexus 1000V allow me to virtualize 30% more of my datacenter?... Mileage may vary. 30% is conservative. Many customers are seeking to virtualize in excess of 60% of their datacenter. Operational readiness assessments across a variety of VMware customers have shown that network hurdles are some of the most difficult challenges in virtualizing more servers. That is where the Nexus 1000V comes in to increase the rate of server virtualization and allow companies to realize the benefits of more server virtualization right away. Virtualize 30% more applications DMZ applications can be virtualized with the help of private VLAN isolation, and security policy enforcement with ACL Regulatory applications can be virtualized with Netflow, ERSPAN, port statistics that persist after vMotion Tier-1 applications can be virtualized with increased visibility and IO optimization with LACP, vPC host mode How will the Nexus 1000V allow me to spend 30% less time maintaining my virtual network?...
How will the Nexus 1000V allow me to spend 30% less time maintaining my virtual network?... Example, in a 3 server cluster it would take 30 minutes each (or 1.5 hours) for a typical change request. With the 1000V this same change takes 1 hour for all 3 servers in the cluster. This is a 30% reduction in the number of hours to manage the virtual network, which grows as the cluster grows. Let’s try it out for ourselves… With a distributed switch, network change requests take 1 hour per domain rather than 30 minutes per server (for 3 servers that is 30% less hours/yr) With Nexus 1000V, regulatory and organizational audits take 20 minutes per server rather than 1 hour With Nexus 1000V, the server admin may offload network configuration to the network admin, this division of labor increases productivity
Accelerate & Simplify deployment of new ESX hosts Network Admin provisions physical switch trunks & ESX host PNICs in a uniform and consistent way (takes care of both sides of physical connection) Virtualization Admin 1) plugs in a new ESX host, 2) assigns PNICs to Cisco vNetwork Distributed Switch in vCenter, 3) ESX PNIC configuration (including vMotion & Console) automatically assigned and enabled, 4) ESX host ready for VMs Ensure proper connectivity & networking safeguards are in place Virtualization Admin leverages existing workflow (vCenter & Port Groups) to assign VNIC policy. Network Admin responsible for ensuring Port Groups provide proper VLAN access & DC network security policy Cisco Nexus 1000V extends VM networking to include IP/Port security rules, multi-host PVLAN, Flow Statistics, Quality of Service.
VM workflow doesn’t change Virtualization administrator continues to leverage vCenter for VM creation, maintenance, monitoring ESX vSwitch configuration & management responsibility offloaded vSwitch and Port Groups now provisioned along with the physical network infrastructure ensuring consistency, virtualization administrator subscribes VMs to available Port Groups and vSwitch is dynamically provisioned Equip Data Center operations teams to respond to applications issues By extending the data center network operations model and troubleshooting toolkit down to the virtualization infrastructure, customers can leverage physical world tools and diagnostic procedures for their VM-based applications – 1 consistent model for the whole data center
1000V overcomes network hurdles to virtualize tier-1, regulatory and DMZ applications 1000V makes ESX deployment faster, “one and done” 1000V offloads network workflow to the network admin Three largest hurdles to server virtualization (once the low hanging fruit has been virtualized) are highly secure DMZ applications, high risk regulatory applications, and high uptime Tier-1 applications. The applications are hard to virtualize without the 1000V’s VM-level visibility and port-profile security.
1000V overcomes hurdles to virtualize applications with DMZ, high bandwidth, highly secure applications 1000V standardizes workflow for virtual and physical networks 1000V allows visibility into VM traffic
-- slide 4 – [Nexus-An Unmatched rate of Innovation] Soni and Rajiv, I think we would all clearly agree that not only has Cisco delivered a number of high impact announcements in the last year, there has been major technology innovation in these announcements. In quick review we first introduced the Cisco Nexus 7000 in January at CiscoLive in Barcelona, This device formed the basis a new product category, the Data Center Class switch, that fundamentally reinvented and elevated what a switch must do in a core datacenter role. At the same time, we introduced NX-OS, a unified OS for the data center that drew on the legacy of all we had learned with IOS and SAN-OS and combined them At our Partner conference in April, with the Introduction of the Nexus 5000, we delivered both Data Center Ethernet (lossless 10 Gb transport for this next generation data center and FCOE, that provides the unified transport of both LAN and FC. There was also the very important news about a series of ecosystem partner and their announcements so crucial to making this effort a success. Finally, at the recently created VMWorld we revolutionized virtual machine internetworking with the introduction of Nexus 1000V ..—our theme there was Virtual machine Aware network, storage and unified fabric, given that the virtual machine is the new Data Center atomic unit.
NAM Virtual Blade on Nexus 1010 appliance is the first step of multi-phased NAM product strategy to address virtualization challenges Offers Nexus 1000v differentiation through integrated solution for performance monitoring and operational manageability
Can I evaluate the Nexus 1000V?... Yes, for 60-days. Special promotion for $795 for bundled upgrade of both vSphere and Nexus 1000V Want to learn more about the Nexus 1000V?...
Can I evaluate the Nexus 1000V?... Yes, for 60-days. Special promotion for $795 for bundled upgrade of both vSphere and Nexus 1000V Want to learn more about the Nexus 1000V?...