이호석부장

Sr. NSX Specialist Engineer Networking & Security Business Unit

가상화네트워크와클라우드간협업

Virtual Network & CloudPositioning of Virtual Networks with Cloud platforms

3

We are in the 3rd fundamental structural transition in the history of IT

Cloud Computing

We are here

Mainframe

Mainframe

PC Revolution

Client/Server

Cloud

Cloud

• Mobile Devices & Clouds

(public & private)

• Software Defined

• Local Applications

• Minor role for networking

• Desktops & Servers

• Campus Networks

• Data Centers

4

Clouds are the New SilosIT Department Nightmare: Different teams, different technology stacks, different security & compliance

On-Premises Datacenter

5

Multi-Cloud NetworkingCompanies need to extend networks across public clouds

On-Premises Datacenter Multi-Cloud Networking

6

Web

Portal

Retail

App

Web

PortalBig Data Big Data

Tomorrow’s NetworkingConnect and Secure Applications across Private and Public Multiple Clouds

Connect & Secure

• Create private networks within

or across clouds

• Define logical switches routers

• Use firewalls to segment

applications

• Service Insertion

• Distributed Enterprise Edge

Internet

7

OpenStack Networking TodayPhysical and Virtual Networks connect Virtual Machines

Physical Network

Virtual Network

8

Tomorrow: Cross-Platform NetworkingYour network needs to manage many different types of endpoints

Physical Network

Virtual Network

Hyper-V

9

“NSX on Public Cloud”

NSX supported on major public cloud – AWS and Azure

– Hybrid Cloud and pure Public Cloud deployment options

– Support both Linux and Windows Guest VM

– Extend existing network and security services to Cloud

Product is sold and supported by VMware

– Purchasing through existing direct & indirect channels

– Licensing is based on VM count & socket to VM count

– Cloud Marketplace and usage based license

Extend integration with public cloud tools and APIs

– Support CloudFormation, OPSworks, Management Portal

– Co-existence with cloud provider native tools and products

Key Concepts

1

2

3

CONFIDENTIAL

9

…

NSX

10

Example: NSX for OpenStack and Amazon Web Services

1

0

Native support for AWS instances with coherent services and security posture for on and off-premise

10

AWS Cloud

Data Center

Web

Server

HR

Server

Developer

Launches instances

via Amazon console

Amazon Web

Services• Native AWS Server

instances (AMI’s)

• Added to NSX virtual

networks via policy

On-Premise NSX/vSphere

• AWS instances are added to logical switch

• Consistent security posture on-premise and in cloud

• AWS instances leverage services

…

IT Administrator

Defines network and

security policy

Internet

11CONFIDENTIAL

1

1

On-Prem Data Center(Today) Containers

(2016)

Public Clouds(2016)

Virtual Desktop(VDI)

Mobile Devices(Airwatch)

Internet of Things(Roadmap)

Branch Offices(Partner)

Networking is Evolving

• H/W networks no longer under IT control (e.g. mobile, IoT, public clouds)

• Challenge is security, compliance and QoS

NSX Everywhere

• An overlay to manage network policy

• Spans many types of underlying networks

• Transparent app-level security across clouds

Example: NSX for OpenStack and beyond…Managing Security and Connectivity for many Heterogeneous End Points

VMware NSXHow NSX make success with your business?

13

ProvidesA Faithful Reproduction of Network & Security Services in Software

Management APIs, UI

Switching Routing

Firewalling

LoadBalancing

VPN

Connectivity to Physical Networks

Policies, Groups, Tags

Data Security Activity Monitoring

14

Cloud Consumption

Data Plane

NSX Edge

ESXi Hypervisor Kernel Modules

Distributed Services

• High – Performance Data Plane

• Scale-out Distributed Forwarding Model

Management Plane

NSX Manager

Control Plane

NSX Controllers

FirewallDistributed

Logical RouterLogical

Switch

Lo

gic

al N

etw

ork

Ph

ys

ica

l

Ne

two

rk

DLR Control VM

netcp

a

vsfwd

VMware NSX Architecture and Components

vCenter Server

• Control-Plane Protocol

• Provides Separation of Control and Data

Plane

• L2, L3 Data Plane Programming (VXLAN, DLR)

• Single configuration portal

• REST API entry-point

• Provides Registration of 3rd Party Services

• OpenStack

…

…

15

• Provisioning and Management of

Network and Network services

• Cluster & ESXi Host Preparation

• Network Services Configuration

• Logical Services Consumption

NSX Manager

NSX Manager1:1

Management

Plane

VIO / vRA / Custom CMP

vCenter

Server

NSX REST APIsvSphere APIs

3rd Party

Management Console

NSX Manager

Plugin

Centralized

Configuration via

NSX Manager

vSphere Web Client

Plugin

VMware NSX – Management Plane Components

16

IT Process Automation

Management APIs, UI

Policies, Groups, Tags

Switching

Routing

LoadBalancing

Connectivity to Physical Networks

Firewalling

VPN

Data Security

Activity Monitoring

Automation for IT department

Multi-tenant environment

Business Value

Reduce the infrastructure provisioning time from weeks to minutes.

Cloud developers

The provision of IT environment that corresponds to the business speed.

17

SecurityProviding essential security infrastructure

Micro-segmentation

DMZ Anywhere

Secure end-user environment

Data center boundary

Internet

Business value

It provides inherent security

infrastructure with 1/3 costDMZ

18

Application continuityData Center – Anywhere

Data center #1

Disaster Recovery

Metro pooling

Hybrid CloudNetworking

Business Value

Up to 80 percent of the RTO reduction

Data center #2

Cloud

19

NSX – Hardware L2/L3 Network support

Amazon Web Services & OpenStackWhat is driving the success of AWS?

21

≈

SDDC

Nova

Cinder

Swift

Neutron

OpenStack provides basic IaaS “primitives” similar to AWS capabilities

EBS

EC2

S3

VPC

SDDC

Compute | Network | StorageCONFIDENTIAL

22

If AWS is Primarily Used for Infrastructure as Code

2

2

Tools app owners/developers use TODAY

vRA

W W

AA

R

WW

A A

R

Provision

Infrastructure

(with code)

Application

CodeApplication

CodeProvision

Infrastructure

(with code)

23CONFIDENTIAL

Application Owner/Developer-Centric IT

tools

Success

Easy Consumption - API

Ecosystem - Tools/Knowledge

Developer Autonomy

Production Workloads

Challenges

AWS Lock-in

Cost – Long-Lived VMs

Data Sovereignty

Differences Dev/Test/Prod

Success

Same as AWS +

Vendor Neutral API

Everything on premises

Dev = Test = Prod

Challenges

Perceived Stability

Choice/Snowflakes

Perceived Expertise Req’d

No Governance

24

VMware Integrated OpenStack

• OpenStack Distribution*

– Not a “proprietary distribution”

– OpenStack API compliant (DefCore**)

• Preconfigured drivers and plugins for VMware infrastructure technology

– vSphere

– NSX

– VMDK (VMFS, NFS, VSAN)

• Free license to use with vSphere Enterprise/Plus

*VIO 2.0 Based on Kilo Edition

**https://wiki.openstack.org/wiki/Governance/DefCoreCommittee

***Includes vSphere, NSX, VIO for one location

vSphere | NSX | VMDK

VIO

OpenStack APIs

VMware Plugins

25

Framework +

Infrastructure

OpenStack Stability Concerns

• Separate the OpenStack “framework” from the infrastructure

• Stability issues:

– OpenStack Framework Maturity

– Open Source Infrastructure Maturity and Skillset

– Four new technologies to learn

• Stability obtained through:

– VMware Infrastructure Technology (vSphere/NSX)

– Consistent Framework Deployment

Developer Tools

Framework

Compute | Network | Storage

OpenStack APIs

An OpenStack cloud is only as reliable as the infrastructure underneath it

vSphere | NSX | VMDK

VIO

OpenStack APIs

3,000 combinations of compute, network,

storage drivers…

26

NSX Customer and Business Momentum

NSX Customers

1200+

Production Deployments(adding 25-50 per QTR)

250+

Organizations have spent over US$1M on NSX

100+

Stats as of end of Q4 2015

27

NSX ECOSYSTEMS

감사합니다.