Embed Size (px)
Citation preview
© 2015 VMware Inc. All rights reserved.
Síťová virtualizace s VMware
NSX Intro / May 2015Tomas Michaeli, Senior SEVMware, [email protected]
2
Cíle nových datových center• Obchodní požadavky nedefinuje IT ale obchodník a zákazník
• Konkurenceschopnost Opex / Capex
• Agilita a jednoduchost
• Bezpečnost
• Flexibilita
• Škálování
The next generation networking model
VS
WITC
H
OS
Hypervisor
Network & Security Services Now in the Hypervisor
L2 Switching
L3 Routing
Firewalling/ACLs
Load Balancing
Software
Hardware
Softw
are
Applications
Virtual Machines
Virtual Networks
Virtual Storage
Data Center Virtualization
Location Independence
ComputeCapacity
NetworkCapacity
Storage Capacity
Software Defined Data Center
Virtual Network
Non-Disruptive Deployment
NSX vSwitchHypervisor
NSX vSwitchHypervisor
VM
User Space
VMVM
Physical Network
VM
User Space
VMVM
5
Micro-segmentation simplifies network security
Each VM inside own perimeter Policies align with logical groups Prevents threats from spreading VM Data Compliance – PCI, HIPPA Security Tagging concept Firewall automation
App
DMZ
Services
DB
Perimeterfirewall
AD NTP DHCP DNS CERT
Insidefirewall
Finance Engineering
VM
VM
VM
VM
VM
VM
HR
VM
VM
VM
VM VM VM VM VM
Automated Policy Mgt & Operations, Distributed EnforcementKernel-based Performance, Distributed Scale-out Capacity (20 Gbps/host)
There is a BIG difference…
6
Hypervisor
Host
VM VM
VM
Traditional Firewall Rule Mgt & OperationsPhysical Firewalls (2 – 100 Gbps)
Traditional Firewall Rule Mgt & OperationsVirtual Firewalls (1 – 3 Gbps)
Virtual Firewalls
Physical Firewalls
Distributed Firewalling
Host
VM VMVM
Hypervisor
Host
VM VMVM
Hypervisor
Host
VM VMVM
Hypervisor
Host
VM VMVM
Hypervisor
NSX for vSphere Deployment Use Cases
Self-Service IT
Dev X
Dev A
Test XAcquisition A
DevOps CloudOn-boarding M&A
Usecases
Data CenterAutomation
Micro-segmentation of AppSimplifying Compute SilosDMZ DeploymentsMigration
Usecases
Public Clouds
XaaS CloudsMigration
Usecases
ON-PREMISES
VIRTUALMACHINE
VIRTUALMACHINE
VIRTUALMACHINE
vCLOUD AIR
Production Network(192.168.50.0/24)
NSX EDGE GATEWAYNSX EDGE GATEWAY
INTERNET
App 1 Firewall Container
Corporate Network(192.168.50.0/24)
Firewall Container
INTERNET
To vCloud Air
To On-Premises
NSX and vCloud Air Deployment Use Case
NSX – The Network Virtualization Platform
9
Con
sum
ptio
n
How an end user consumes NSX services via a Cloud Management Platform.The operator interacts with the system through UI or API.
Ser
vice
s
NSX logical services and 3rd party extensions for networking and security (ex. Logical switch , Logical router, Firewall, Load Balancer, VPN, DDI)
Dat
a P
lane
Provides workload connectivity & services processing (ex. hypervisors, physical switches and appliances)
Ope
ratio
ns Partne
r Integration
NSX operator uses tools (built-in and 3rd party) for troubleshooting, visibility
Management, Control & Data plane integration of 3rd party services
Dat
a P
lane
XenServerNSX Edge Hyper-VvSphere KVM3rd Party GW
Ser
vice
sS
ervi
ces
L2 Switch Firewall Load BalancerL3 Router VPN DDI
Ope
ratio
ns Partne
r Integration
Software partner extensions
Hardware partner extensions
Partner extensions
vCOPs
Con
sum
ptio
n
Any
CONFIDENTIAL 10
NSX | The Strategic Platform for the Next-Gen DC
Micro-Segmentatio
nSecurity
DisasterRecovery
ITAutomation
DeveloperCloud
Data Center Migration /Refresh
Iaas
NSX
Distributed firewalling makes network security inside data center perimeter operationally feasible
Reduce RTO by 80%
Reduce infrastructure provisioning time from weeks to minutes
Self Service Cloud (vRealize Automation or Openstack
SDDC)
Live migrate workloads to new data center without changing IP
addresses.
Best price / performance choice for new network hardware
Provision or repurpose generic physical capacity on
demand
CONFIDENTIAL 11
Demo Time
Prod_Logical_Switch.11 .12
ICMP
App-Tier-01
DB-Tier-01
