Professional Documents
Culture Documents
• This overview of new technology represents no commitment from VMware to deliver these
features in any generally available product.
• Features are subject to change, and must not be included in contracts, purchase orders, or
sales agreements of any kind.
• Technical feasibility and market demand will affect final delivery.
• Pricing and packaging for any new technologies or features discussed or presented have not
been determined.
5 NSX operations
6 Close
3
NSX is growing in momentum
2,400+ customers
100% YoY growth
License Bookings
>50% YoY growth in Q4
Q416
Broad adoption
Small, mid- and large enterprises
across all verticals
NSX customer use cases
Security Automation Application continuity
Inherently secure infrastructure Apps at the speed of business Data center anywhere
Any
compute
platform
Any
infrastructure
Converged Hyper-converged
Build-your-own
infrastructure infrastructure
6
NSX Architecture and Components
• Self-service portal
Cloud • vRealize Automation, OpenStack,
consumptio vCloud Director, Custom CMP
n
Distributed Services
VDS • High-performance data plane
Data plane • Scale-out distributed forwarding model
HW VTEP • Flexibility for connecting logical networks
Logical Distributed Firewall
Switch Logical Router
to physical
Hypervisor
HV Kernel Modules
Physical
network
7
How do I get started with NSX ?
12
Start Small with Specific Use Case
WAN
Internet
WAN Management
L3
L2
Internet &
L3 Edge Clusters
L2
Host 1
Host 1
Host 2
Host 2
Host 3
Host 3
Host x
Host x
Compute
Cluster Host y
Host y
Host 32
Host 32
Single Cluster with NSX Separate Compute. Common Edge and Management Cluster
VDI microsegmentation –Security only - NSX Mgr Multi-workload & VDI
DEV/QA Services/Security– ESG – LB/Security Multi-rack QA/DEV
Satellite/ROBO one or two rack Grow to large DC
13
Flexible, Scalable, Secure & Multi-use
• Flexibility – DLR, Stand-alone, Services & • Secure
Isolation • DFW and Edge FW
• DLR for production workload External • Multi-vendor integration
• DevOps & QA isolation Networks • Automation – Blueprints and Security
• Per app services • Multi-use topology
• Automated DevOps segments
Dynamic Routing
• Scalability (OSPF, BGP) • VDI Segments
• ECMP BW as needed • Enterprise work load
• Edge-HA based on use case
• In line routed LB segment ECMP
• In line NAT & private segment Edges
In-line In-line LB
LB NAT &
Distributed Logical Routed Private
Router
DB Logical Web Logical Web Logical
Web Logical App LS
Switch Switch (Routed) App LS (Routed) DB LS (Routed) Switch (NAT) App LS (Private) DB LS (Private)
Switch (Routed)
(Routed)
(Routed)
5 NSX operations
6 Close
15
NSX customer use cases – Security
Security Automation Application continuity
Inherently secure infrastructure Apps at the speed of business Data center anywhere
17
NSX Micro-segmentation
Isolation Segmentation Advanced Services
No communication path between Controlled communication path within Addition of third-party security from
unrelated networks a single network NSX Ecosystem, as needed by
policy
Each VM can now be its own
perimeter Compliance (PCI, HIPPA)
Policies align with logical groups
18
Prevents threats from spreading
Securing east-west traffic within VDI environments
With VDI your data center has a much larger security surface area
VDI
Data center
perimeter
19
NSX for VDI environments
VDI VDI
VDI VDI
20
Secure DMZ
Delivering inherently secure infrastructure Secure user
environments
Business value
Threats contained
Data center
perimeter 21
Micro-segmentation simplifies network security
Finance HR Engineering
Perimeter
firewall
DMZ
Inside
firewall
• Each VM can now be its own perimeter
App
• Policies align with logical groups
• Prevents threats from spreading
DB
Services
22
Security Evaluation Workflow
Identify
Group/Ap
1. Prepare Infrastructure for NSX ps/Zone
2. Create Default Rules to allow all and log traffic Decide
E-W Intra- Default
3. Create Shared Services Rules App Allow or
Rules Deny &
4. On-board new application or start with an existing Log
application
5. Use NSX toolset to dynamically determine
required ruleset
a) Syslog Shared
On-Board
Services
b) IPFIX New Apps
Rules
c) vRealize Network Insight
Monitor
6. Create E-W Intra-Application or Intra-Zone Rules Logs to
R/Define
7. Continue for other applications or workloads Rules
23
Customer Story: Secure Datacenter connectivity
• The problem statement
CHALLENGES
Data center 2
Perimeter 1. Need to provide
Internet
granular segmentation
and reduce risk
2. Simplify access to
Production shared services for new
apps
Non-production
3. Automate app
PCI deployment with security
Shared services
Data center 1
Perimeter
24
Customer Story: Secure Datacenter connectivity
• NSX solution
IMPLEMENTATION
Data center 2
Perimeter 1. Start on existing
Internet
brownfield network
25
Security partners
NSX Customer References –
Security
5 NSX operations
6 Close
28
NSX customer use cases – Automation
Security Automation Application continuity
Inherently secure infrastructure Apps at the speed of business Data center anywhere
Routing/NAT
Activity
monitoring Developer cloud
Switching
Data security
VPN
Management Business value
APIs, UI
Firewalling
Reduce infrastructure
provisioning time from
weeks to minutes
Policies,
groups, tags
30
Traditional infrastructure provisioning with networking
Days - weeks Infrastructure
service
Manual efforts
Network
32
Github Repo - https://powernsx.github.io/ & https://github.com/vmware/powernsx
Customer Story: Automate IT Delivery
The problem statement
Cloud
Line of
Business
CHALLENGES
Inconsistent results
Physical Devices
Data center
33
Customer Story: Automate IT Delivery
NSX solution
Automated Manual
application network
deployment configuration
Weeks or days
34
Automation Topology • QA/DevOps Topology
• Pre-created Construct • Provider Edge HA
• Provider ECMP for scale • Common transit VXLAN segment
• DLR e.g. production traffic • Allows provider Edge in Edge Cluster
• All app segments can be dynamically created • QA/DevOps Tenant Edge/Segments
and attached to DLR with security group • Resides in compute for growth and agility
• NAT with In line LB
• Create as many Edge with NAT
ToR • No need to advertise subnets of each
NATed QA segments
ToR
ECM
P
Edge Edge - HA
s
Distributed Logical Router
In-line LB
DB Logical NAT
In-line NAT
Web Logical App LS DB Logical
Switch Web Logical App LS
Switch (Routed) Switch
(Routed) Switch (Routed)
(Routed) (Routed)
(Routed)
5 NSX operations
6 Close
37
NSX customer use cases – Application Continuity
Security Automation Application continuity
Inherently secure infrastructure Apps at the speed of business Data center anywhere
Active Active
Hybrid cloud
networking
Business value
Reduce RTO
new availability
model
Data center #1 Data center #2 Cloud
Multisite networking and security (Cross-vCenter NSX)
Site-A Site-B
vCenter-A vCenter-B
VMw are
Connect at
layer 2 or layer 3
VMw are
Secure L2/L3 connectivity between on-premises and providers enabling hybrid cloud
41
Customer Story: Simplified Disaster Recovery
The problem statement
CHALLENGES
Primary Site Recovery Site
Major
10.0.20/24 RTO
10.0.10/24 2 Impact
Physical Network Infrastructure Replicate Physical Network Infrastructure
VM & Storage
42
Customer Story: Simplified Disaster Recovery
NSX solution
BENEFITS
Primary site Recovery site
Virtual network Virtual network
10.0.10/24 10.0.10/24
Protect VM VM mobility and granular
Disaster Recovery
1 2b
Consistent Networking and
Synchronize Network & security Security across sites
already exists
network &
security
3 Integration with Site
10.0.10.21 Recover 10.0.10.21 Recovery Manager
NSX Manager NSX Manager the VM
(Primary) (Secondary) Significantly reduced
complexity
vSphere vSphere
SAN SAN
Step 1&2
(e.g VMware SRM)
Reduce
10.0.20.0/24 10.0.30.0/24 RTO
Extend
Co-existing
Solutions Cloud Management & Operations
Manage
Engineered Self-service portal with a catalog, orchestration engine,
Automation operations management & cost transparency
VMware
Public Cloud
Integrated IaaS Providers
OpenStack
Software-Defined Infrastructure
VMware vRealize
Code Stream Elastic, automated & software-controlled infrastructure
5 NSX operations
6 Close
46
More than 850+ enterprises have
operationalized NSX
Cross-domain Leaf-spine
Blended Automated Modern Virtual
and discipline fabric
People
Organization
(Roles & Processes Tooling Architecture Infrastructure
(Structure)
Responsibilities)
48
Networking and Security Operations Requirements
Native
Capabilities NSX API IPFIX SNMP And more…
• P+V Topologies
Integration with Impact Analysis
Partner Ecosystem • Tunnel Visibility
Bandwidth Utilization
• Distributed Monitoring
Application Performance Monitoring
• Log Monitoring and Analytics
Session Agenda
5 NSX operations
6 Close
51
NSX is Mainstream
1 2 3
52
Next steps on the path to NSX
Understand your key Start with a small project NSX Design Guides
challenges and how and add functionality in
NSX can help phases VVD
vCloud Air
Network
Cloud
Branch offices/Edge
Computing/IOT
New app frameworks
BARE METAL
End Users
On-prem
54
Where to get started
Learn Experience
Join the NSX VMUG Community Visit the VMware Booth
vmug.com/nsx Use case demos, chat with SDDC Expert
NSX Product Page & Technical
Resources Test Drive NSX with free Hands-on Labs
vmware.com/products/nsx Expert-led or Self-paced. labs.hol.vmware.com
Network Virtualization Blog Join the VMUG Advantage Program access a 1-
blogs.vmware.com/networkvirtualization year NSX Eval and exclusive trainings and certs
VMware NSX on YouTube vmug.com/VMUG-Join/VMUG-Advantage
youtube.com/user/vmwarensx
Use Take
NSX Proactive Support Service Training and Certification
Optimize performance based on data monitoring Several paths to professional certifications. Learn
and analytics to help resolve problems, mitigate more at the Education & Certification Lounge.
risk and improve operational efficiency. vmware.com/go/nsxtraining
vmware.com/consulting
55
Questions?
56