2. 2
Agenda
Network & Security Virtualization – The Industry Context
The Problem Statement – Various Perspectives
• Application, CMP perspective
• VI admin / cloud operator perspective
VMware NSX Platform
VMware NSX Architecture
VMware NSX Use cases
3. 3
Enterprise
Data Center
Networking
The Industry Context - Three Major Forces in Networking
- Separation of control, OpenFlow
- X86 programmability
- Centralized management
Research, GOOG, Telco, Nicira
- Interconnect heterogeneous
compute/storage pools
- COTS hybrid server/switch
- L3 to the rack, scale out PODs
AMZN, RAX, FB, Ebay, Nicira
- SDDC: beyond servers
- Net / sec virtualization
- Fast / flat / fat fabrics, UCS
VMW, CSCO, …
N + V = NV leadership!
4. 4
Network Virtualization = SDN+
L2
L3
Virtual
Networks
L2
All the properties of SDN
• Separation of control, forwarding
• Software innovation
• Time to market
• Service extensibility
With the benefits of virtualization
• Agility, efficiency, mobility
• Non-disruptive deployment
• Decoupled from physical
• Hardware independence
Distributed
Forwarding
Manual
Configuration
Network virtualization will leverage the network fabric / SDN controller shift
5. 5
Agenda
Network Virtualization – The Industry Context
The Problem Statement – Various Perspectives
• Application, CMP perspective
• VI admin / cloud operator perspective
VMware NSX Platform
VMware NSX Architecture
VMware NSX Use cases
6. 6
Enterprise Data Center Security & Networking Today
vSphere
Users
Sites
Backend
Services
- VLANs, ACLs, Firewalls, IDS/IPS, monitoring
- Server A/V Agents, guest security
- App | data | identity aware security, compliance
- DMZ firewall, NAT, DDI
- Site and user VPNs
- Web load balancers, WAF
- Desktop A/V Agents
- DLP, FIM, white listing
DMZ
Web
View
Way too complicated, fragmented, manual!OUCH
7. 7
SDDC & NSX – Enabling App-Cloud
APP
CLOUD
VIRTUAL
PHYSICAL
HYPERVISOR HYPERVISOR HYPERVISOR
SDDC = A better way to build clouds
NSX = Solves SDDC networking & security
8. 8
What Applications and Cloud Consumers Want…
Bridge
Physical
L2
L3
Firewall
WAN
Internet
Edge
Apps should be completely un-aware of the underlying infrastructure
That is someone else’s problem i.e. OUR problem
9. 9
NSX: Closing the Gap Between Provider and Consumer
NSX
L2
CMP
Bridge
Physical
WAN
Internet
Edge
L3
Firewall
Any Physical
Infrastructure
Compute, Storage & Network Hardware Independent
10. 10
On any network On any network
The NSX Requirements
INTERNET
WAN
On ramp, off ramp
& edge services
ESX, KVM, Xen
Non-vSphere
compute clusters
vSphere
vSphere (incl vCenter)
compute clusters
NSX needs to deliver:
L2-L3 Network Services
L4-L7 Network Services
On demand, at scale
OperatorsPartners
Common model for
provider provisioning,
fault, perf, stats, logs
Common model for
partner service insertion
LAN
Physical
vCloud Suites Open Stack
Consumers
Common consumption
Model for CMPs, apps
11. 11
Agenda
Network Virtualization – The Industry Context
The Problem Statement – Various Perspectives
• Application, CMP perspective
• VI admin / cloud operator perspective
VMware NSX Platform
VMware NSX Architecture
VMware NSX Use cases
12. 12
VMware NSX – Networking & Security Capabilities
Any Application
(without modification)
Virtual Networks
VMware NSX Network Virtualization Platform
Logical L2
Any Network Hardware
Any Cloud Management Platform
Logical
Firewall
Logical
Load Balancer
Logical L3
Logical
VPN
Any Hypervisor
Logical Switching– Layer 2 over Layer 3,
decoupled from the physical network
Logical Routing– Routing between virtual
networks without exiting the software container
Logical Firewall – Distributed Firewall, Kernel
Integrated, High Performance
Logical Load Balancer – Application Load
Balancing in software
Logical VPN – Site-to-Site & Remote Access VPN
in software
NSX API – RESTful API for integration into any
Cloud Management Platform
Partner Eco-System
13. 13
Server Virtualization Cloud Infrastructure
vCloud
vCloud
VMware’s Network & Security Virtualization Journey
vSwitch
Host 1 Host 2
vSwitch vSwitch vSwitch
Host Y Host Z
Abstract: vSwitch started the network virtualization journey
Pool: NSX Switch with distributed routing & overlays extend diameter
Burst: NSX Edge provides on/off ramp to/from data center
Secure: NSX Firewall is the basis for security virtualization
Automate: NSX Manager, APIs and CMP plugins provide integration
NSX Switch NSX Switch
Overlay
NSX Edge
NSX Firewall
14. 14
Agenda
Network Virtualization – The Industry Context
The Problem Statement – Various Perspectives
• Application, CMP perspective
• VI admin / cloud operator perspective
VMware NSX Platform
VMware NSX Architecture
VMware NSX Use cases
26. 26
Agenda
Network Virtualization – The Industry Context
The Problem Statement – Various Perspectives
• Application, CMP perspective
• VI admin / cloud operator perspective
VMware NSX Platform
VMware NSX Architecture
VMware NSX Use cases
27. 27
VMware NSX – Network Virtualization
VMware NSX Transforms the Operational Model of the Network
• Network provisioning time
reduced from days to
minutes
Reduce network
provisioning time from
days to seconds
Cost Savings
• Reduce opex by 80%
• Increase compute asset
utilization upto 90%
• Reduce capex by 40-50%
Operational
Automation
Simplified IP hardware
Choice
• Hypervisor: vSphere, KVM
• CMP: vCAC, Openstack
• Any Network Hardware
• Partner Ecosystem
Any hypervisor
Any CMP
with Partner
28. 28
Looking Forward: Interconnected SDDCs
• Any service, anywhere, any scale,
on any hardware
• Full API for implementing auto-scale
distributed services
• Leverage the power of virtualization
for next generation network services
Data Center
Data Center
Data Center
Logical Networks & Services
Consistent across multiple data centers
29. 29
In Summary, NSX …
Transforms Networking and Security in the Software-
defined Data Center
Virtualizes networking and security to create efficient,
agile and extensible constructs
Increases operational efficiency and improves utilization
Simplifies operations and enables IT agility to drive
business agility and protect business critical applications
Delivers the most extensible platform and broadest set of
ecosystem partners
START YOUR NETWORK & SECURITY VIRTUALIZATION JOURNEY TODAY!
30. 30
Other VMware Activities Related to This Session
HOL:
HOL-SDC-1302
vSphere Distributed Switch from A to Z
HOL-SDC-1303
VMware NSX Network Virtualization Platform