Cisco Dec 6 Toronto VMUG

Virtualization
Aware
Networking and
Security
Eugene Minchenko, @CiscoDC
@CiscoCanada
CSE Data Center Solutions www.cisco.com/go/ucs

December 6th, 2011

© 2010 Cisco and/or its affiliates. All rights reserved. 1

• Vision
• Virtual Switching
Nexus 1000V
Nexus 1010

• Virtual Services and Security
Virtual Security Gateway (VSG)

• What’s New?
VSG DCNM
Virtual ASA VSM NAM

VXLAN and vCD Integration

• Resources


PHYSICAL VIRTUAL CLOUD
WORKLOAD WORKLOAD WORKLOAD

• One app per Server • Many apps per Server • Multi-tenant per Server
• Static • Mobile • Elastic
• Manual provisioning • Dynamic provisioning • Automated Scaling

HYPERVISOR
VDC-1 VDC-2

APPLICATION CONSISTENCY: PERFORMANCE, SCALE, AND SECURITY

OPERATIONAL CONSISTENCY: MANAGEMENT AND POLICY


PHYSICAL VIRTUAL CLOUD
WORKLOAD WORKLOAD WORKLOAD

• One app per Server • Many apps per Server • Multi-tenant per Server
• Static • Mobile • Elastic
• Manual provisioning • Dynamic provisioning • Automated Scaling

HYPERVISOR
VDC-1 VDC-2

Nexus 7K/5K/3K/2K Nexus 1000V, VM-FEX

WAAS, ASA, NAM, ACE VSG, Virtual WAAS, Virtual ASA

UCS for Bare Metal UCS for Virtualized Workloads


1. vMotion moves VMs across
physical ports—the network
policy must follow vMotion

2. Must view or apply
network/security policy to
locally switched traffic

Port
Group
3. Need to maintain segregation
of duties while ensuring
non-disruptive operations
Security
Admin
Server Admin

Network Admin


Accelerate Data Center Virtualization

APP APP APP APP APP APP
APP OS APP OS APP OS APP OS APP OS APP OS
OS OS OS OS OS OS
OS OS OS OS OS OS
OS OS OS OS OS OS
Virtualized
Agile
Policy-Driven
Multitenant

Virtual Machine (VM) Networking Virtual Network Services

Extend networking to virtualized Extend network services to virtualized
environments: environments
• Hypervisor Switch (SW): Nexus 1000V – • Virtual Security Gateway (for Nexus 1000V)
IEEE 802.1Q standard based, feature rich • Virtual WAAS
• External switch (HW): UCS6100/N5K* + • NAM virtual service blade on Nexus 1010
VM-FEX (IEEE 802.1Qbh pre-standard)
• Virtual ASA

*N5K support for VM-FEX in 4Q CY11

Nexus 1000V
Overview


Comparison to a Physical Switch

Network
Admin

Modular Switch

Supervisor-1
Supervisor-2
Back Plane

Linecard-1
Linecard-2
…
Linecard-N

Server
Server 1 Server 2 Server 3 Admin


Moving to a Virtual Environment

Network
Admin

Modular Switch

Supervisor-1
Supervisor-2
Back Plane

Linecard-1
Linecard-2
…
Linecard-N

ESX ESX ESX
Server
Admin


Supervisors Virtual Supervisor Modules (VSMs)
Virtual Appliance
VSM1
Network
Admin
VSM2

Modular Switch

Supervisor-1
Supervisor-2
Back Plane

Linecard-1
Linecard-2
…
Linecard-N

Hypervisor Hypervisor Hypervisor
VSM: Virtual Supervisor Module Server
Admin


Linecards Virtual Ethernet Modules (VEMs)
Virtual Appliance
VSM1
Network
Admin
VSM2

Modular Switch

Supervisor-1
Supervisor-2
Back Plane

Linecard-1
Linecard-2
…
Linecard-N

VEM-1 VEM-2 VEM-N

VSM: Virtual Supervisor Module Server
VEM: Virtual Ethernet Module
Admin


VSM + VEMs = Nexus 1000 Virtual Chassis
Virtual Appliance
VSM1

• 200+ vEth ports per VEM VSM2

• 2K vEths per N1K

• 64 VEMs per N1K
(connected by L2 or L3)

L2 Mode

L3 Mode
• Multiple N1Ks can be created
(under single hypervisor
management center)

VEM-1 VEM-2 VEM-N

VSM: Virtual Supervisor Module
VEM: Virtual Ethernet Module


vPath – Virtual Service Datapath
Virtual Appliance

vWAAS VSG VSM

vPath
• Virtual Service Datapath

L2 Mode

L3 Mode
VSG
• Virtual Security Gateway for N1K
vWAAS
• Virtual WAAS
vPath
VEM-1 VEM-2
vPath vPath • Service Binding
(Traffic Steering)
Hypervisor Hypervisor
• Fast-Path Offload


Faster VM Deployment
Cisco Virtual Machine Networking

Policy-Based Mobility of Network and Non-Disruptive
VM Connectivity Security Properties Operational Model

Port Profile VM VM VM VM VM VM VM VM

Defined Policies
WEB Apps Nexus Nexus
HR 1000V 1000V
VEM VEM
DB
DMZ

VM Connection Policy
• Defined in the network
• Applied in Virtual Center
• Linked to VM UUID

vCenter Nexus 1000V VSM


n1000v# show port-profile name WebProfile Support Commands
port-profile WebServers Include:
description:
status: enabled  Port management
capability uplink: no
system vlans:  VLAN
port-group: WebServers
config attributes:  PVLAN
switchport mode access
switchport access vlan 110
 Port-Channel
no shutdown  ACL
evaluated config attributes:
switchport mode access  Netflow
switchport access vlan 110
no shutdown  Port security
assigned interfaces:
Veth10  QoS


Richer Network Services


VM VM VM VM
VM VM VM VM VM VM VM VM

VMs Need to Move
• VMotion Nexus Nexus
1000V 1000V
• DRS VEM VEM
• SW upgrade/patch
• Hardware failure

VN-Link Property
Mobility
• VMotion for the network
• Ensures VM security
• Maintains connection state



Increased Operational Efficiency


VM VM VM VM VM VM VM VM
VI Admin Benefits
• Maintains existing VM mgmt
• Reduces deployment time
Nexus Nexus
• Improves scalability 1000V 1000V
• Reduces operational workload VEM VEM
• Enables VM-level visibility

Network Admin Benefits
• Unifies network management
and operations
• Improves operational security
• Enhances VM network features
• Ensures policy persistence
• Enables VM-level visibility


 L2 Switching, 802.1Q Tagging, VLAN Segmentation, Rate Limiting (TX)
Switching  IGMP Snooping, QoS Marking (COS & DSCP), Class-based WFQ

 Policy Mobility, Private VLANs w/ local PVLAN Enforcement
Security  Access Control Lists (L2–4 w/ Redirect), Port Security
 Dynamic ARP inspection, IP Source Guard, DHCP Snooping

 Virtual Services Datapath (vPath) support for traffic steering & fast-path
Network Services off-load [leveraged by Virtual Security Gateway (VSG) and vWAAS]

 Automated vSwitch Config, Port Profiles, Virtual Center Integration
Provisioning  Optimized NIC Teaming with Virtual Port Channel – Host Mode

 VMotion Tracking, NetFlow v.9 w/ NDE, CDP v.2
Visibility  VM-Level Interface Statistics
 SPAN & ERSPAN (policy-based)

 Virtual Center VM Provisioning, Cisco Network Provisioning, CiscoWorks
Management  Cisco CLI, Radius, TACACs, Syslog, SNMP (v.1, 2, 3)
 Hitless upgrade, SW Installer


• Network integrity is critical to
long distance vMotion
Nexus
1000V
• Security
vSphere
• Quality of Service
Layer-2 extension across • Network Monitoring
DCs with Nexus 7K OTV
Cisco Nexus
• Troubleshooting
7000 Series

• Nexus 1000V provides these
critical network functions
across data centers
Nexus
1000V
vSphere
O T V
Cisco Nexus
7000 Series

Design Guides: Virtual Workload Mobility
(aka Long-distance vMotion)
Cisco, VMware and EMC (with 1000V and VSG)
OTV: Overlay Transport Virtualization Cisco, VMware and NetApp (with 1000V and VSG)


Solution Nexus Nexus 1010 Virtual
1000V Security
Gateway
vBlock 
FlexPOD  
Virtual Desktop  Implicit 
Support
Virtual Multi-tenant  Implicit Planned
DC (VMDC) support
Long-distance  Implicit 
vMotion support
PCI 2.0  Implicit 
support


VMware Product Nexus 1000V support

vSphere 4 R

vSphere 5 R
(with stateless ESX)
VMware View R

VMware vCloud Director R*

* Full integration planned in 4Q CY11


Cisco Nexus 1010

VSM
VSM VSG NAM
VSM DCNM


• Dedicated appliance hosting
Nexus 1000V virtual supervisor modules
Virtual Service Blades (VSB)

• Network Analysis Module (NAM) VSB

• Additional VSBs*: VSG, DCNM

VSM
VSM VSG NAM
VSM DCNM

UCS C200 M1 Physical Appliance:
• 2 * Intel X5650- 2.66GHz, 6 core • 1 * Broadcom Quadport GbE 5709 NIC Card

• 4 * 4 GB RDIMMs RAM • 1 * Serial Port

• 2 * 500GB SATA-II HDD • 1 * Rail-Kit

© 2010 Cisco and/or its affiliates. All rights reserved. DCNM: 4QCY11 25

VSM on Virtual Machine VSM on Nexus 1010

1000V VM VM VM VM VM VM VM
VSM x 1

Nexus Nexus
1000V 1000V

Server Server
1000V
VSM x 4

Cisco Nexus 1010

Physical Switches Physical Switches


VSM as VM VSM on
Nexus 1010

Nexus 1000V features and scalability  
VEM running on vSphere 4 Enterprise Plus  
NX-OS high availability of VSM  
Software-only deployment 
Installation like a standard Cisco switch 
Network Team owns/manages the VSM 


Optimize Application Performance and Network Resources

VM VM VM VM • Application Performance Monitoring

• Traffic Analysis and Reporting
Nexus Applications, Host, Conversations, VLAN,
1000V QoS, etc.
VEM
Per-application, per-user traffic analysis
vSphere
• View VM-level Interface Statistics
• Packet Capture and Decodes

• Historical Reporting and Trending

ERSPAN
NAM
Virtual
Blade on
NetFlow Nexus
Nexus 1000V
vCenter VSM 1010


Virtual Security Gateway
(VSG)


Traditional Data Center Virtual/Cloud Data Center

VDC-1
APP

OS

Hypervisor
VDC-2
FW WAN ADC/
Opt SLB

• Application-specific • Virtual appliance form factor
services Virtual • Dynamic instantiation/provisioning
• Form factors: Service
• Service transparent to VM mobility
Appliance Node
• Support scale-out
Switch module (VSN)
• Large scale multitenant operation


Redirect VM traffic via VLANs Apply hypervisor-based
to external (physical) firewall virtual network services

Web App Database Web App Database
Server Server Server Server Server Server

Hypervisor Hypervisor

VLANs

Virtual Contexts
VSN
VSN
Virtual Service Nodes
Virtual Service Nodes
Traditional Service Nodes


Features
• Secure segmentation with zone-based FW
• VM-level granularity with context-aware rules

• Virtual Network Management Center:
Centralized policy-based management
Business Benefits
• Operational simplicity

• Deployment flexibility
• Performance optimization

• Consistent security policy compliance
and auditing Virtual Security Gateway on
Nexus 1000V with vPath


Virtual Security Gateway for Nexus 1000V
Content-based, Virtualization-aware, Multi-tenant, Workload
Segmentation for Data Centers and Clouds
VNMC
VM VM

VM VM VM VM VM VM VM

VM VM VM VM VM VM VM VM VM

Nexus 1000V vPath
Distributed Virtual Switch
VSG VSG
(Stand-by) (active)

Secure Segmentation Efficient Deployment
(VLAN agnostic) (secure multiple hosts)
Transparent Insertion
High Availability Log/Audit
(topology agnostic)
VNMC: Virtual Network Management Center

VNMC
VM VM VM



Nexus 1000V vPath
VSG VSG
(Stand-by) (active)

Secure Segmentation Efficient Deployment Dynamic policy-based
(VLAN agnostic) (secure multiple hosts) provisioning
Transparent Insertion
(topology agnostic)

VNMC
VM VM VM



Nexus 1000V vPath
VSG VSG
(Stand-by) (active)

Secure Segmentation Efficient Deployment Dynamic policy-based
(VLAN agnostic) (secure multiple hosts) provisioning
Transparent Insertion Mobility aware
(topology agnostic) (policies follow vMotion)

Intelligent Traffic Steering with vPath
VNMC
VM VM VM



4

Nexus 1000V vPath

Decision VSG
Caching 3

Initial Packet 2 Flow Access Control
1
Flow (policy evaluation) Log/Audit


VNMC
VM VM VM



Nexus 1000V vPath

VSG
ACL offloaded to
Nexus 1000V
(policy enforcement)

Remaining
packets from flow
Log/Audit


• No need to deploy virtual services on
every host
• Plan CPU capacity indepently across
application workloads & virtual services
• Simpler to deploy with multiple
operations teams (server, network,
© 2010 Cisco and/or its affiliates. All rights reserved.
security, etc.) 38

Rule  
Source Destination
Action
Condition Condition

Condition

ACE: Access Control Entry 39

Rule  
Source Destination
Action
Condition Condition
Attribute Type

Network
Condition
VM

User Defined

vZone

VM Attributes Network Attributes Operator Operator
Instance Name IP Address eq member
Guest OS full name Network Port neq Not-member
Guest OS Host name
gt Contains
Parent App Name
lt
Cluster Name
range
Hypervisor Name
Not-in-range
Resource-pool
Prefix
Port Profile Name

ZoneCisco and/or its affiliates. All rights reserved.
© 2011 Name
ACE: Access Control Entry 40

Virtual Network Management Center (VNMC)

Tenant A Tenant B
VDC VDC
vApp

vApp

vPath
Nexus 1000V
vSphere

Specify zoning policy with the appropriate granularity
 Tenant, VDC, vApp, Resourse Pool


VM
VM VMVM VM
VM VMVM VM
VM VMVM
VM VM VM VM VM VM
VM VM VM VM VM VM
VM VM VM VM VM VM

Database Servers Dev Servers Exchange Servers

VM
VM VMVM VM
VM VMVM VM
VM VMVM
VM VM VM VM VM VM
VM VM VM VM VM VM
VM VM VM VM VM VM

QA Servers Training Servers R&D Servers

If vm-name contains “TRNG”, that VM belongs to TRNG zone

Source Destination Protocol Action
Zone=TRNG Zone=TRNG Any Permit
Any Zone=TRNG Any Permit
Zone=TRNG Any Any Drop


• Persistent virtual workspace for Server Zones
the doctor
Healthcare Portal Records Database Application

• Flexible workspace for Doctor’s
assistant
Virtual Security Gateway (VSG)
• Maintain compliance while
supporting IT consumerization HVD Zones

IT Admin Assistant Doctor Guest

Leverage VM context (eg VM-name)
to create VSG security policies
ASA

iT Admin Network
Reference Implementation: Guest

• Includes: 1000V and VSG Doctor
• Availablity: on CCO
Cisco AnyConnect

Web Client

Permit Only Port 80(HTTP) Permit Only Port 22 (SSH) Block All External Access
of Web Servers to Application Servers to Database Servers

Web-Zone Application-Zone Database-Zone
Web App DB
Server Web Server App Server DB
Server Server Server

Only Permit Web Servers Only Permit Application Servers
Access to Application Servers Access to Database Servers


Simple yet powerful VM security management

Scalable Multi Tenant
Different Customers, different needs
Stateless
Security Profiles
Expandable Simple, policy based security config

Partitionable XML API
3rd party integration ready
Integrated
Automated Role Based Access Controls
Different users, different privileges, LDAP/AD AuthN Virtual
Security
Nexus 1000V &vCenter Gateway
Port profiles refer to security profiles

Dynamic provisioning
One stop configuration of network & security

VNMC GUI

Virtual Network Management Center

Securing Tenant Edge
of Multi-tenant Cloud Data Center

• Proven Cisco Security…Virtualized vCenter

Physical – virtual consistency Virtual Network Management Center (VNMC)

• Tenant A Tenant B
Collaborative Security Model VDC VDC
vApp
VSG for intra-tenant secure zones
Virtual ASA for tenant edge controls VSG VSG VSG
vApp

• Seamless Integration
VSG
With Nexus 1000V & vPath
Virtual ASA Virtual ASA

• Scales with Cloud Demand vPath
Nexus 1000V

Multi-instance deployment for horizontal vSphere

scale-out deployment

*Technology previewed at VMWorld 2011

Secure, Scalable Segmentation for Cloud
VLAN VLAN
A B
Security GW
vApp1 vApp2 GW
Web Web
Isolation for every application VM VM
VXLAN VXLAN
11 21
App App
Scale VM VM

VXLAN VXLAN
16M LAN Segments DB 12 22 DB
VM VM

Scalable segmentation
Standards-based for multi-tenant cloud
Submitted to IETF with VMware, Citrix,
RedHat and others


VMW Cloud Orchestration
vCloud Director

vShield Manager

VMW Network Stack VMW – Cisco Network Cisco Network Stack
Stack (beta: Sept 2011) (future)
Overdrive
(Cisco Network Mgmt)
vShield Edge vShield Edge
(Security) (Security) Virtual ASA
(Security)
vSwitch Nexus 1000V Nexus 1000V

vSphere

Cisco Unified Computing System

Continue future innovations across virtual/hypervisor and physical security


Latest Releases
Product CCO Links
(August 2011)
• SW Download
Nexus 1000V 1.4a
• Documentation
www.cisco.com/go/1000v 4.2(1)SV1(4a)
• Screencasts
Nexus 1010 1.3 • SW Download
www.cisco.com/go/1010 4.2(1)SP1(3) • Documentation
Virtual Security Gateway • SW Download
1.2
(VSG) • Documentation
4.2(1)SV1(2)
www.cisco.com/go/vsg • Screencasts
Virtual Network • SW Download
Management Center
1.2.1 • Documentation
(VNMC)
• Screencasts
www.cisco.com/go/vnmc


13
Feature Description / Benefit
Now up to 6 Virtual Service Blades Can now host VSMs, VSGs, and NAM* in various
(VSBs) combinations; for example:
• Up to 6 VSMs
• Up to 6 VSGs
VSG 1.2 as a VSB on 1010 Decouples VSG VM from the production
workload environment
Virtual service blade export/import Simplifies management
VSM backup/restore Enables DR planning
Support for NAM v5.1 Diagnose VM-to-VM traffic
Multi-Gb/s throughput Greater performance; reduced packet loss
Redundant power supply Order w/ 1010 or as FRU
Long-distance (DC-to-DC) vMotion Span up to 100 km to another DC for load
support balancing and/or DR

*NAM can be instantiated only on one VSB 52

12
Expanded VM-attribute support for policy • Guest-OS Hostname (e.g. for firewall
controls enforcement based on VDI PC hostname)
• ResourcePool folder (e.g. for quarantining a mis-
behaving VM)
VSG as a virtual blade on Nexus 1010 • Ease of deployment ( Network admins don’t
have to rely on Server admins to deploy VSG)
vPath Ping (between VSG and VEM) • Ease of troubleshooting
TCP reset policy action for rules • Reset action, in addition to permit/deny/log
Long-distance (DC-to-DC) vMotion • Enable DRS (Dynamic Resource Scheduling)
support across distributed data centers


Single-page policy editor • Author entire security profile from one page

Expanded VM-attribute support for policy • Guest-OS Hostname (e.g. for firewall enforcement
controls based on VDI PC hostname)
• ResourcePool folder (e.g. for quarantining a mis-
behaving VM)
TCP reset policy action for rules • Reset action, in addition to permit/deny/log

Per-tenant dashboard • Show all the tenant VSGs in one window

Ability to export policy objects into a pdf/xls • Ease of operation. This is in addition to xml (text) export
document
Auto-populate of attribute values during • Ease of policy configuration
security policy rule creation
Configurable VNMC UI Time-out for login • Ease of operation

Fault drill-down for VSG • Ease of troubleshooting (Event, Fault & Alarm views for
error-handling)
Additional Usability Enhancements • Helpful tool-tips
• Multi-selection tables (to choose from multiple entries)
• Sorting option for tables
• Improved use of screen real-estate etc.

• CCO Links
1000V: www.cisco.com/go/1000v
1010: www.cisco.com/go/1010
VSG: www.cisco.com/go/vsg
VNMC: www.cisco.com/go/vnmc
vWAAS: www.cisco.com/go/waas
NAM on 1010: http://www.cisco.com/en/US/products/ps10846/index.html (or www.cisco.com/go/nam)

• My Cisco Community: www.cisco.com/go/1000vcommunity

• Deployment Guides
Nexus 1000V Deployment Guide
Nexus 1000V on UCS – Best Practices
Nexus 1010 Deployment Guide
VSG Deployment Guide

• White papers:
Nexus 1000V and vCloud Director
N1K on UCS Best Practices
Nexus 1000V QoS White paper (draft)
VSG and vCloud Director (draft)
vWAAS Technical Overview, vWAAS for Cloud-ready WAN Optimization


• vBlock with Nexus 1000V

• FlexPOD with Nexus 1000V and Nexus 1010

• Virtual Multi-tenant Data Center with Nexus 1000V

• Virtual Desktop
1000V and VMware View
1000V and Citrix XenDesktop
1000V and VSG in VXI Reference Architecture

• Virtual Workload Mobility (aka Long-distance vMotion)
Cisco, VMware and EMC (with 1000V and VSG)
Cisco, VMware and NetApp (with 1000V and VSG)

• PCI 2.0 with Nexus 1000V and VSG


Date Business Track Topics Webinar Preso Q&A Date Technical Track Topics Webinar Preso Q&A
Nexus 1000V/1010
3/22 Play PDF PDF Nexus 1000V v1.4 Features &
Overview and Update
Install Overview
3/29 Play PDF PDF
Virtual Network
(Installation Screencasts
Services: Virtual Service
Link)
Datapath (vPath), Network
4/05 Play PDF PDF
Analysis Module (NAM),
Virtual Application Nexus 1010 Overview & Best
4/12 Play PDF PDF
Acceleration (vWAAS) Practices

(VSG) Overview Virtual Security Gateway
4/19 Play PDF PDF 4/26 Play PDF PDF
(VSG) Technical Overview
(Installation Videos: Link)

Journey to the Cloud w/ Nexus 1000V Key Features
5/10 Play PDF PDF
5/03 N1KV: vCloud Director & Play PDF PDF Overview
Long Distance vMotion
5/24 Nexus 1000V Troubleshooting Play PDF PDF
Secure Virtual Desktop with
5/17 Play PDF PDF
Nexus 1000V & VSG Long Distance vMotion with
7/27 Play PDF
Nexus 1000V and VSG
PCI Reference Architecture
8/10 with Nexus 1000V and Play PDF
Webinar Link: www.cisco.com/go/1000vcommunity


Date Technical Track Topics Webinar Preso
Q&A

Nexus 1000V, VXLAN, and
10/05 Register
vCloud Director

Virtualized Multi-Tenant Data
10/12 Register
Center (VMDC)

Nexus 1010 v1.3 - What's
10/19 Register
New?

Virtualized Workload Mobility
10/26 Register
- Latest Design Guidance

UCS and Nexus 1000V -
11/02 Register
Best Practices

11/09 Register
(VSG) v1.2 - What's New?


• N1K Download and 60-day Eval: www.cisco.com/go/1000vdownload

• N1K Product Page: www.cisco.com/go/1000v

• N1K Community: www.cisco.com/go/1000vcommunity

• N1K Twitter www.twitter.com/official_1000V

• N1K Webinars: www.tinyurl.com/1000v-webinar

• N1K Case Studies: www.tinyurl.com/n1k-casestudy

• N1K Whitepapers www.tinyurl.com/n1k-whitepaper

• N1K Deployment Guide: www.tinyurl.com/N1k-Deploy-Guide

• VXI Reference Implementation: www.tinyurl.com/vxiconfigguide

• N1K on UCS Best Practices: www.tinyurl.com/N1k-On-UCS-Deploy-Guide


• Hands on labs available for Nexus
1000V and VSG in Cloud Lab
https://cloudlab.cisco.com
• Open to all Cisco employees

• Customers/Partners require
sponsorship from account team for
access via CCO LoginID
• Extended duration lab licenses for
1000V and VSG are available upon
request


Cisco Dec 6 Toronto VMUG

Recommandé

Recommandé

Contenu connexe

Tendances

Tendances (20)

Similaire à Cisco Dec 6 Toronto VMUG

Similaire à Cisco Dec 6 Toronto VMUG (20)

Plus de tovmug

Plus de tovmug (20)

Dernier

Dernier (20)

Cisco Dec 6 Toronto VMUG