ewolucja sieci w data center - veeam software · ewolucja sieci w data center. ... architecting...
TRANSCRIPT
© 2016 VMware Inc. All rights reserved.
Sławomir SłowińskiAccount ExecutiveVMware Networking and Security
Ewolucja sieci w Data CenterCzas na wirtualizację sieci za pomocąVMware NSX
2
The goals haven’t changed…
Security of Applications and Data
Speed of Delivery
Application Availability
Security of Applications and Data
Speed of Delivery
Application Availability
Changes to InfrastructureVirtualization | Convergence
Changes in Threats and User Behavior
Changes in Application Architectures
APP
…But everything else has
Focus on the App
Complex Goals Tied to the Network…
3
Availability of ApplicationsInability to move or access apps across domains because of inconsistencies in IP and security configurations
Security of the ApplicationInadequate internal security controls, dependent on static network topologies to define policy
Speed of App DeliveryError-prone, repetitive manual processes and scripts for physical networking infrastructure
…Forced Compromises
4
FIXED LIMITATIONSDefined by infrastructure
and resources
IT CAPACITY
Compromised SpeedError-prone manual configurations
Provisioning / configuration delays
Time to market delays
Compromised SecurityThreat response delays
Significant security vulnerabilities
Business and intellectual property risk
SPEED / FLEXIBILITY SECURITY / RISK
Lines of Businessstakeholders
Networking and Security teams
Network
Hardware ConstraintsThe network, still defined by hardware, limits a virtualized environment
5
VIRTUALIZATION PLATFORM PROGRESS
SDDC
StorageCompute
Compute Storage Network
VMVM
VMVM
APP
VMVM
VMVM
APP VMVM
VMVM
APP
VMVM
VMVM
APP VMVM
VMVM
APP
VMVM
VMVM
APP VMVM
VMVM
APP
VMVM
VMVM
APP
Compute Storage Network
VIRTUALIZATION PLATFORM PROGRESS
SDDC
Hardware ConstraintsThe network, still defined by hardware, limits a virtualized environment
6
VMVM
VMVM
APP
VMVM
VMVM
APP VMVM
VMVM
APP
VMVM
VMVM
APP VMVM
VMVM
APP
VMVM
VMVM
APP VMVM
VMVM
APP
VMVM
VMVM
APP
Virtualizing the NetworkRemoving the final data center constraint
7
Hypervisor
vSwitch
Hypervisor
vSwitch
Hypervisor
vSwitch
Hypervisor
vSwitch
Hypervisor
vSwitch
FirewallingLoad BalancingSwitchingRouting
Virtualizing the NetworkRemoving the final data center constraint
8
Hypervisor
vSwitch
Hypervisor
vSwitch
Hypervisor
vSwitch
Hypervisor
vSwitch
Hypervisor
vSwitch
Hypervisor
vSwitch
Network Virtualization Platform
Topology Independence
Pooled Data Center Capacity
VMVM
VMVM
APPVMVM
VMVM
APPVMVM
VMVM
APP
9
Drive business value today without compromise
STRATEGIC DECISION
10
SECURITYArchitecting security as an inherent part of the data center infrastructure
Network VirtualizationHow is it being applied today
AUTOMATIONAutomating IT processes to deliver IT at the speed of business
APPLICATION CONTINUITYEnabling applications and data to reside and be accessible anywhere
11
Web App DB
APPVMVM
VMVM
APP
VMVM
VMVM
APP VMVM
VMVM
APP
VMVM
VMVM
APP VMVM
VMVM
APP
VMVM
VMVM
APP VMVM
VMVM
APP
VMVM
VMVM
APP
VMware NSX SecurityMicro-segmentation | DMZ Anywhere | Secure User Environments
Alignment of Policy ControlsSecurity and networking policy that travels with the workload independent of physical network topology
Granular Policy EnforcementEnabling least privilege security with policy enforced at every workload
Web App DB
12
Rapid and Repeatable Application DeploymentsAutomating Networking and Security for IT and Developers
VMware NSX AutomationIT Automating IT | Multi-tenant Infrastructure
VMVM
VMVM
APP
VMVM
VMVM
APP VMVM
VMVM
APP
VMVM
VMVM
APP VMVM
VMVM
APP
VMVM
VMVM
APP VMVM
VMVM
APP
VMVM
VMVM
APPBLUEPRINT
Data Center 1
Data Center 2 13
Data Centers AnywhereEnabling applications and data to exist
between data centers for disaster recovery or pooling of data center resources
VMware NSX Application ContinuityDisaster Recovery | DC Pooling
VMVM
VMVM
APPVMVM
VMVM
APPVMVM
VMVM
APP
VMVM
VMVM
APPVM
VM
AVMM
VMM
APP
VM
VM
P VMVM
VMVM
APP
VMVM
VMVM
APP VMVM
VMVM
APP
VMVM
VMVM
APP VMVM
VMVM
APP
VMVM
VMVM
APPVMVM
VMVM
APP
14
“I now have the ability to deploy networking and security at the
speed it takes to deploy a VM.” CIO
SECURITY AUTOMATION APP CONTINUITY
From Months to MinutesAccelerating deployment while strengthening security
VMV
MVM
VMV
MVM
VMV
MVM
VMV
MVM
VMV
MVM
VMV
MVM
15
VMV
MVM
VMV
MVM
VMV
MVM
VMV
MVM
VMV
MVM
VMV
MVM
Production PCI
Non-production Shared services
Data Center 1
Data Center 2
Customer Challenges Customer business and technical concerns
Lack of granular segmentation for security of virtual machines
Complex access to shared services for new apps
Manual and time consuming app deployment with inconsistent security policy
Solution RequirementsCustomer demands for NSX
16
Virtualization and mobility awareCompute virtualization-aware and deployable at the speed of a VM
Automate shared services accessAutomate access to shared services on a per app basis without manual intervention
Works at scale across two sitesCentral management across two sites that can operate at scale
Compliance and AuditingPCI compatibility for compliance and auditing
Choice and ExtensibilityService insertion with third party especially IPS for E-W
17
Production PCI
Non-production Shared services
Data Center 1
Data Center 2
Plan ExecutionImmediate realization of business benefits
Critical Segmentation of workloadsProduction | Non-production | PCI
Automated Access to Shared Services Security group and policy set for access to shared IT
services Custom monitoring dashboards using NSX APIs (e.g. list
all FW rules for a VM)
VM
VMV
M
VMV
M
VMV
M
VMV
M
VMV
M
VMV
M
VMV
M
VMV
M
VM
VM
VM
VMV
MVM
VM
VMV
M
VMV
M
VMV
M
VMV
M
VMV
M
VMV
M
VMV
M
VMV
M
VM
VM
VM
VMV
MVM
VM
SDDC Automation NSX security policy model
to simplify and automate Leveraged tagging to classify
workloads into security groups Overlay networking
VM+
Public CloudStrategy
Next ProjectsLeveraging current successes to align future goals
18
New DC Design Strategies
Remote Office Protection
More 3rd Party Appliances Implementation
Micro-segmentationProduction | Non-production | PCI
Automated Access to Shared Services
SDDC Automation
Public CloudStrategy
New DC Design Strategies
Remote Office Protection
More 3rd Party AppliancesImplementation
Micro-segmentationProduction | Non-production | PCI ✓
Automated Access to Shared Services ✓
SDDC Automation ✓
NSX Vision: Driving NSX Everywhere Managing Security and Connectivity for many Heterogeneous End Points
19
Automation
IT at the Speed of Business
Security
Inherently Secure Infrastructure
Application Continuity
Data Center Anywhere
On-Premise Data Center
New app frameworks
Mobile Devices(Airwatch)
Virtual Desktop(VDI)
Branch offices (Partner)
Internet of things
Public clouds
© 2016 VMware Inc. All rights reserved.
Sławomir SłowińskiAccount ExecutiveNetworking and Security+48 609 997 [email protected]