NET1846

Introduction to NSX
Milin Desai, VMware, Inc
Kausum Kumar, VMware, Inc
Disclaimer
• This presentation may contain product features that are currently under development.
• This overview of new technology represents no commitment from VMware to deliver these
features in any generally available product.
• Features are subject to change, and must not be included in contracts, purchase orders, or
sales agreements of any kind.
• Technical feasibility and market demand will affect final delivery.
• Pricing and packaging for any new technologies or features discussed or presented have not
been determined.

CONFIDENTIAL 2
Agenda

1 Intro to NSX

2 NSX Momentum

3 NSX Use Cases

4 What’s New in NSX 2014

5 NSX Operations

6 In closing

CONFIDENTIAL 3
Agenda

1 Intro to NSX

2 NSX Momentum

3 NSX Use Cases

4 What’s New in NSX 2014

5 NSX Operations

6 In closing

CONFIDENTIAL 4
The Anatomy of the Most Agile and
Efficient Data Centers is SDDC

Google / Facebook /
Amazon Data Centers
Custom Application
Software / Hardware Abstraction

Custom Platform
Software / Hardware Abstraction

Any x86

Any Storage

Any IP network

CONFIDENTIAL 5
The Choice for “New IT” for “All Applications”

Google / Facebook / Software Defined

Amazon Data Centers Data Center (SDDC)
Custom Application
Software / Hardware Abstraction
Any Application

Custom Platform SDDC Platform

Software / Hardware Abstraction With NSX

Any x86 Any x86

Any Storage Any Storage

Any IP network Any IP network

CONFIDENTIAL 6
 Provides
A Faithful Reproduction of Network & Security Services in Software

Switching Routing Load Connectivity to

Balancing Physical Networks
Management
APIs, UI

Firewalling VPN Data Security Activity Monitoring

Policies,
Groups, Tags

CONFIDENTIAL 7
 Enables
Dynamic creation of complex application topologies in minutes

Network and Security Virtualization with NSX

Software

Hardware

CONFIDENTIAL 8
NSX Components
Cloud • Self Service Portal
Consumption • vCloud Automation Center, OpenStack,
Custom CMS
NSX Manager
Management • Single configuration portal
Plane • REST API entry-point

NSX Controller
• Manages Logical networks
Control Plane • Control-Plane Protocol
• Separation of Control and Data Plane

Distributed Services
NSX Edge • High – Performance Data Plane
• Scale-out Distributed Forwarding Model
Data Plane
Logical Distributed Firewall
Switch Logical Router

Hypervisor Kernel Modules

ESXi

CONFIDENTIAL 9
 NSX in a 3-Tier App Deployment NSX Manager

NSX Controller Cluster

vCenter

Hypervisor Hypervisor

Host 1 Host 2
Management Cluster

Web App Web App Web DB

Hypervisor Hypervisor Hypervisor Hypervisor Hypervisor

Host 3 Host 4 Host 5 Host 6 Host 7

Compute Clusters Edge Cluster

CONFIDENTIAL 10
Agenda

1 Intro to NSX

2 NSX Momentum

3 NSX Use Cases

4 What’s New in NSX 2014

5 NSX Operations

6 In closing

CONFIDENTIAL 11
 NET
VMware NSX Training & Certification: 1214
Making SDE Real in 2014

Certification
Certified Network

Training
Virtualization Expert

Certified Network
Virtualization Professional

Career Path
Certifications & Training Programs

CONFIDENTIAL 12
NSX Training and Certification Portfolio
• Training Courses (www.vmware.com/go/NSXtraining)
– VMware NSX Install, Configure, Manage
– VMware NSX Fast Track for Internetworking Experts (coming)
– VMware NSX Design and Deploy (coming)

• Certifications (www.vmware.com/certification)
– VMware Certified Professional – Network Virtualization (VCP-NV)
– VMware Certified Implementation Expert – Network Virtualization (VCIX-NV)
– VMware Certified Design Expert – Network Virtualization (VCDX-NV)

CONFIDENTIAL 13
 NET NET
Designing with NSX 1589 2318

NSX Partner NSX Partner SDDC NSX NSX

Whitepaper Reference Design Validated Guides Design Guides Hardening Guide

Reference Designs and Technical Papers on the NSX Portal:

http://www.vmware.com/products/nsx/resources.html

Reference Designs & Technical Papers on VMware Communities:

https://communities.vmware.com/docs CONFIDENTIAL 14
 NET
2225
New Service Categories and Partners
NSX Partner Extensions
Physical-to-Virtual Services Operations and Visibility Application Delivery Services Security Services

CONFIDENTIAL 15
 NET
2225
New Service Categories and Partners – GA Q32014
NSX Partner Extensions
Physical-to-Virtual Services Operations and Visibility Application Delivery Services Security Services

CONFIDENTIAL 16
VMware NSX Momentum: Over 150 Customers

top investment banks enterprises & service providers

CONFIDENTIAL 17
Agenda

1 Intro to NSX

2 NSX Momentum

3 NSX Use Cases

4 What’s New in NSX 2014

5 NSX Operations

6 In closing

CONFIDENTIAL 18
VMware NSX – Use Cases
Self-Service IT Data Center Public Clouds
Automation
Dev X

Test X
Acquisition A
Dev A

Examples Examples Examples

DevOps Cloud Micro-segmentation of App XaaS Clouds
On-boarding M&A Simplifying Compute Silos Vertical Clouds
DMZ Deployments

Key Capabilities Key Capabilities Key Capabilities

Application specific networking Programmatic Consumption Multi-tenant Deployment
Flexible IP Address Mgmt Full featured stack Programmatic L2, L3, Security
Simplified consumption Visibility and ops Overlapping IP Addressing
Any Hypervisor, Any CMP

CONFIDENTIAL 19
Consumer Experience vs. Corporate Experience

CONFIDENTIAL 20
Enterprise Business Leaders Want their IT to be like Amazon

Hybrid

New IT

or

No IT
Outsourced

CONFIDENTIAL 21
Today’s app, PAAS, Containers ---- I want it all NOW

Multi-Tier App, Multiple Networks Multi-Tier App, Single Flat

Network

WEB APP
WEB DATABASE

APP

DATABASE

CONFIDENTIAL 22
NSX Integrates with Cloud Automation Systems to Deliver MGMT
1969
Applications with Network and Security in Minutes
NET
2379
Consumption
Any

CONFIDENTIAL 23
Self Service IT journey End user drives any
End user instantiates topology
dynamic topologies
Cloud
Consumer

End user drops apps in

pre-created instances

Provider delivers
Provider
guard rails

Provider delivers
Templates for
Provider
Dynamic Instantiation
Provider delivers
Pre-Created instances

CONFIDENTIAL 24
VMware NSX –Use Cases
Self-Service IT Data Center Public Clouds
Automation
Dev X

Test X
Acquisition A
Dev A

Examples Examples Examples

DevOps Cloud Micro-segmentation of App XaaS Clouds
On-boarding M&A Simplifying Compute Silos Vertical Clouds
DMZ Deployments

Key Capabilities Key Capabilities Key Capabilities

Application specific networking Programmatic Consumption Multi-tenant Deployment
Flexible IP Address Mgmt Full featured stack Programmatic L2, L3, Security
Simplified consumption Visibility and ops Overlapping IP Addressing
Any Hypervisor, Any CMP

CONFIDENTIAL 25
 SEC
1959-S
Problem: Data Center Network Security
Perimeter-centric network security has proven insufficient, and micro-segmentation is operationally infeasible

Internet Internet

Little or no
lateral controls
inside perimeter

Insufficient Operationally
Infeasible CONFIDENTIAL 26
 SEC
NSX: Enabling a Needed Control Point in the Datacenter 1746
for Security

An NSX platform is made up of distributed enabling each VM/app to

elements embedded in each have its own security
hypervisor, policy

Security closest to the applications and aligned with application lifecycle.

CONFIDENTIAL 27

Security Partner Integrations
Partner Ecosystem
NSX is the platform for integrating
advanced security services.
Vulnerability Management
Automatic vulnerability risk assessment
Data Center wide real- time risk visibility
Auto segmentation of risky assets
Vulnerability prioritization for effective remediation
SEC
1958
NET
2225
Next-generation IPS Malware Protection
Granular protection of individual VM workloads with
customizable policy definitions
Data Center security with agentless anti-malware and
guest network threat protection
Automation of advanced malware interception Real-time, dynamic threat protection and response
for workloads moving between hosts and virtual data
Unified management for physical and virtual sensors centers
Next-Generation Firewall File and Malware Protection
Multiple threat prevention disciplines including firewall, IPS, Single virtual appliance provides agentless:
and antimalware Anti-malware with URL filtering
Safe application enablement with continuous content Vulnerability and software scanning
inspection for all threats
Detection of file changes
Granular user-based controls for apps, content, users,
Intrusion Detection & Prevention
CONFIDENTIAL 28
NSX Micro-Segmentation Journey
Deployed Applications on Apply NSX Security Full network and security
Physical Networks virtualization

New Deployments/
Deployed applications
CONFIDENTIAL 29
Demo
Demo
Agenda

1 Intro to NSX

2 NSX Momentum

3 NSX Use Cases

4 What’s New in NSX 2014

5 NSX Operations

6 In closing

CONFIDENTIAL 32
 NSX – The Network Virtualization Platform: What’s New
Consumption
Operations

NSX Edge Physical Device Integration

Services

Active-Active with Scale-Out (ECMP)

Data Plane

Open Virtual Switch

Flow optimization, multi-threading,
Hyper-V (alpha)

CONFIDENTIAL 33
 NSX – The Network Virtualization Platform: What’s New
Consumption
Operations

Distributed Firewall Firewall Ecosystem

Operations Improvements Enablement
Services

Multi-Site & LBaaS

Hybrid Cloud Enablement UDP support, ecosystem enablement
Layer 2 VPN , Active-Active DC,
SRM Validation
Data Plane

DDI
DHCP Relay

CONFIDENTIAL 34
 NSX – The Network Virtualization Platform: What’s New
Consumption

Operations Guides New NSX Partners &

& Best Practices Service Categories
Physical-to-Virtual Services
Operations

Integration with Existing Tools Operations & Visibility

Riverbed, Gigamon, NetScout, EMC Smarts Application Delivery Services
Security Services
Analytics
Services

VMware vCenter Ops, Log Insight

Firewall Operations
Tufin, Algosec
Data Plane

CONFIDENTIAL 35
 NSX – The Network Virtualization Platform: What’s New
Consumption

vCloud Automation Center OpenStack Juno

More topologies and on demand use cases Control plane scale & Docker integration
Operations
Services
Data Plane

CONFIDENTIAL 36
 NSX – The Network Virtualization Platform: What’s New
Consumption

• VMware vCloud Automation Center

• OpenStack Juno
Operations

Integration
Partner
• Operations Guides & Best Practices
• Integrations with existing tools • New NSX Partners & Service Categories
• Analytics, Firewall Ops

• Distributed Firewall Operations

Services

• Multi-site and hybrid enablement

• LBaaS: UDP support
• DDI: DHCP relay
Data Plane

• Continue advancements of Open Virtual Switch

• NSX Edge: A-A with scale-out
• Physical device integration

CONFIDENTIAL 37
Agenda

1 Intro to NSX

2 NSX Momentum

3 NSX Use Cases

4 What’s New in NSX 2014

5 NSX Operations

6 In closing

CONFIDENTIAL 38
Operationalizing NSX
 NET
1966
NSX Operations – Beyond Packet Visibility
Native NSX Ops for SDDC Operator
the Cloud Admins
Enable
• Flow monitoring Advanced
• Server access monitoring Analytics
• Tunnel healthcheck

Enable Existing Tools for

the Network Operator Plug into
• SPAN/RSPAN Existing Network
• Netflow/IPFIX Monitoring
• LLDP Systems
• Syslog Integration

CONFIDENTIAL 40
 NSX – The Network Virtualization Platform: What’s New
Consumption

Operations Guides New NSX Partners &

& Best Practices Service Categories
Physical-to-Virtual Services
Operations

Integration with Existing Tools Operations & Visibility

Riverbed, Gigamon, NetScout, EMC Smarts Application Delivery Services
Security Services
Analytics
Services

VMware vCenter Ops, Log Insight

Firewall Operations
Tufin, Algosec
Data Plane

CONFIDENTIAL 41
Demo
Demo
Integrating with Physical
NSX with physical workloads

Physical Workloads
x86-based bridge

VXLAN VLAN

Leverages x86 server

Physical Workloads
HW VTEP

VXLAN VLAN

Highest density but requires specific hardware

CONFIDENTIAL 45
NSX with physical workloads

x86 based Ecosystem with Native NSX

bridging OVSDB support for
containers

CONFIDENTIAL 46
NSX Performance
 NET
NSX Performance delivered by a Distributed, Scale-out 1883

Architecture 20

Send Throughput in
20
15
15
Send throughput

Gbps
10 Logical Routing
10 Logical Switching
in Gbps

5 5

0 0
64 512 1500 32k 64k 64 512 1500 32k 64k
TCP Message Size TCP Message Size
10
20

throughput in Gbps
Send Throughput in

15

TCP Send
Firewalling 5
Bridging
Gbps

10

5
0
0 64 512 1500 32k 64k
64 512 1500 32k 64k
TCP Message Size
TCP Messge Size
CONFIDENTIAL 48
Agenda

1 Intro to NSX

2 NSX Momentum

3 NSX Use Cases

4 What’s New in NSX 2014

5 NSX Operations

6 In closing

CONFIDENTIAL 49
 NSX – The Network Virtualization Platform
Consumption
Consumption

How an end user consumes NSX services via a Cloud Management Platform.
The operator interacts Any
with the system through UI or API.
Operations

Integration
Operations

Integration
Partner
Partner
Partner extensions
NSX operator uses tools (built-in and 3rd party) for Management, Control Software
& Datapartner
planeextensions
integration
troubleshooting, visibility of 3rd party services
vCOPs Hardware partner extensions
Services

NSX logical services and 3rd party extensions for networking and security (ex. Logical switch , Logical
router, Firewall, Load Balancer, VPN, DDI)
L2 Switch L3 Router Firewall Load Balancer VPN DDI

vSphere NSX Edge 3rd Party GW KVM XenServer Hyper-V

Data Plane

Provides workload connectivity & services processing

(ex. hypervisors, physical switches and appliances)

CONFIDENTIAL 50
SDDC Approach with NSX Enables Choice and Flexibility

Today’s
Application
PAAS < Any Application > Containers ...

2-Tier / 3-Tier < Any Network > Leaf / Spine

Build Hyper-
Converged < Any Infrastructure >
Your
Own
Systems Converged
Systems
...

CONFIDENTIAL
Thank You
What’s Next…
Play Learn Deploy

Explore, Engage, Evolve NSX Technical Resources

VMware NSX virtualizeyournetwork.com Reference Designs
Hands-on Labs Network Virtualization Blog vmware.com/products/nsx/resources
labs.hol.vmware.com blogs.vmware.com/networkvirtualization
NSX Product Page VMware NSX YouTube Channel
VMware Booth #1229 vmware.com/go/nsx youtube.com/user/vmwarensx
3 NSX Demo Stations
NSX Training & Certification VMware NSX Community
www.vmware.com/go/NVtraining communities.vmware.com/community/vmtn/nsx
CONFIDENTIAL 53
Business Solution
• NET1214 NSX Certification – the Next Step in your Networking Career
• NET1745 The Case for Network Virtualization: Customer Case Study
• NET1786 The Business Case for Network Virtualization
• NET2293 Bridging Enterprise Networks to Hybrid Cloud Using NSX

Hands-on Labs
• SDC-1402 vSphere Distributed Switch from A to Z
• SDC-1403 Introduction to VMware NSX
• SDC-1420 OpenStack with VMware vSphere and NSX
• SDC-1423 vCloud Suite Basic Networking
• SDC-1424 VMware NSX and SDDC
• SDC-1425 VMware NSX Advanced

CONFIDENTIAL 54
Technical Track - Networking
• NET1846 Introduction to NSX
• NET1743 VMware NSX – A Technical Deep Dive
• NET1957 NFV for Telco Infrastructure
• NET1468 A Tale of Two Perspectives: IT Operations with VMware NSX
• NET1586 Advanced Network Services with NSX
• NET1560 The NSX Guide to Horizon View
• NET1883 NSX Performance Overview
• NET1588 Load Balancer as a Service, using NSX or Partner Solutions
• NET1401 vSphere Distributed Switch Best Practices for NSX
• NET2318 Scale-Out NSX Deployments: With VMware-powered SDDC
• NET1581 Reference Design for SDDC with NSX for Multi-Hypervisors
• NET2379 Dynamically Configuring Application Specific Network Services for vCAC &NSX
• NET2225 NSX Platform: Enabling 3rd Party Network & Security Solutions

CONFIDENTIAL 55
Advanced Technical Track - Networking
• NET1949 VMware NSX for Docker, Containers & More
• NET1589 Reference Design for SDDC with NSX & vSphere
• NET1583 NSX for vSphere Logical Routing Deep Dive
• NET1974 Multi-Site Data Center Solutions with VMware NSX
• NET1674 Advanced Topics & Future Directions in Network Virtualization with NSX
• NET1966 Operational Best Practices for VMware NSX
• NET1592 Under the Hood: Network Virtualization with OpenStack Neutron & VMware NSX

Group Discussions - Networking

• NET3441-GD vSphere Distributed Switch
• NET3442-GD vCAC and NSX
• NET3443-GD NSX Routing Design Best Practices
• NET3445-GD NSX Multi Site Deployments
• NET3444-GD NSX Network Services

CONFIDENTIAL 56
Technical Track - Security
• SEC1196 Who Can You Trust? Strategies & Designs for Implementing Zero-Trust Model Leveraging NSX
• SEC2238 Security & Micro-Segmentation for the SDDC
• SEC1959-S The “Goldilocks Zone” for Security
• SEC1958 Automating Security Policy Enforcement with VMware NSX
• SEC1698 Optimize Security with Context & Isolation using NSX Guest Introspection
• SEC2567 Unleashing Collaborative Security with VMware NSX – Advanced Defense for Advanced Threats
Advanced Technical Track - Security
• SEC2421 VMware NSX Security Operations Best Practices
• SEC1746 NSX Distributed Firewall Deep Dive
Group Discussions - Security
• SEC3446-GD Security & Micro-segmentation
• SEC3449-GD Security Policy Automation using NSX Service Composer
• SEC3448-GD NSX Platform Extensibility
• SEC3447-GD Compliance Reference Architecture
CONFIDENTIAL 57
Technical Track – Management
• MGT1833 How to Perform Troubleshooting and Root Cause Analysis Using Log Insight
• MGT1878 Deep Dive into How vCenter Operations Simplifies NSX Operations
• MGT1969 vCloud Automation Center and NSX Integration Technical Deep Dive

CONFIDENTIAL 58
Fill out a survey
Every completed survey is entered
into a drawing for a $25 VMware
company store gift certificate
 NET1846

Introduction to NSX
Milin Desai, VMware, Inc