mmc1532be using vmware nsx cloud for … vmware nsx cloud for enhanced ... how do you use network...

Percy WadiaAmol Tipnis

MMC1532BE

#VMworld #MMC1532BE

Using VMware NSX Cloud for Enhanced Networking and Security for AWS Native Workloads

VMworld 2017 Content: Not fo

r publication or distri

bution

• This presentation may contain product features that are currently under development.

• This overview of new technology represents no commitment from VMware to deliver these features in any generally available product.

• Features are subject to change, and must not be included in contracts, purchase orders, or sales agreements of any kind.

• Technical feasibility and market demand will affect final delivery.

• Pricing and packaging for any new technologies or features discussed or presented have not been determined.

Disclaimer

2#MMC1532BE CONFIDENTIAL



bution

Agenda

1 VMware Cloud Services

2 Introducing NSX Cloud

3 Key Customer Challenges

4 NSX Cloud Service Approach

5 Next Steps




bution

Consistent InfrastructureVM Infrastructure • Container Infrastructure

Consistent OperationsManagement and Operations • Across Clouds

VMware Cloud Infrastructure Public Cloud IaaS

VISIBILITY OPERATIONS AUTOMATION SECURITY GOVERNANCE

Cloud Management

VMware Cloud Services

Cloud Native AppsTime to market • Innovation • Scale • Differentiation

Existing AppsReduce Costs • Security • Reliability • Control

CONTAINERSVIRTUAL MACHINES

VMware CloudRun, Manage, Connect, Secure Any App on Any Cloud to Any Device

VMware Cloud on AWSfor VMware




bution

VMware Cloud ServicesManage, Govern and Secure Public and Private Cloud Apps

Discovery

Cost Insight

NSX Cloud

Network Insight

AppDefense

Wavefront

ON PREMISES DATA CENTER

Visibility into apps and resources they consume. Analyze usage and utilization across clouds.

Accounting and cost optimization for multiple clouds. Track and analyze your costs and trends.

Secure networks with micro-segmentationCreate private networks within or across clouds.

Operational visibility, control, and compliance across clouds. Optimize performance, health, and availability.

Metrics-driven monitoring and real-time analytics.

Governance for running workloads.




bution

Key Challenges In Public Clouds

6

AWS Account 1

Cloud Network Admin Cloud Security Admin

DevOps / Developer

Extending enterprise network to cloud

Lack of visibility in cloud traffic flows

Remain focused on Application development and deployment

Security policy consistency across hybrid

Dev-ops compliance to enterprise security policies

Leverage enterprise operational tools

#MMC1532BE CONFIDENTIAL



bution

VMware NSX Cloud

7

Visibility across clouds

Unified security policy

Network Portability

Consistent Operations VPC

AppWeb DB AppWeb DB

VNET

VMware NSX Cloud

ConsistencyVisibility Security Networking

AppWeb DB

VPC

Consistent networking and security for applications running natively in public clouds




bution

Visibility into your cloud environment becomes challenging ...

8

DevOps – 1

Cloud Admin

AWS Account 1

How do I consistently know what I am managing and securing...

Within my VPC?

Web App DB Web App DB

...


...

VPC




bution

... With VPC Sprawl increasing the complexity ...

9

DevOps – 1


Across VPCs within an Account?


...


...

VPC C


...


...

VPC B

AWS Account 1


...


...

VPC A

Cloud Admin




bution

... Adding the multiple cloud accounts exacerbates the challenge

10

DevOps – 1

DevOps – 2

DevOps – 3


Across multiple Accounts?


...


...

VPC C


...


...

VPC B

AWS Account 3


...


...

VPC A Web App DB Web App DB

...


...

VPC C


...


...

VPC B

AWS Account 2


...


...

VPC A Web App DB Web App DB

...


...

VPC C


...


...

VPC B

AWS Account 1


...


...

VPC A




bution

Demo: Visibility through VMware NSX Cloud Service Manager

11



bution

12

Single Inventory View across all

accounts and all VPCs

Operational network / security status of

every VM enables Rapid Response

1: A Single Pane of Glass across all VPCs, all accounts ...




bution

... And eventually, across all clouds

13

FUTURES

Manage and Monitor your cloud across AWS and Azure from a

single, consolidated inventory view in NSX Cloud




bution

AWS VPC 3 Security Groups



VPC 3

...Web App DB Web App DB

VPC 2

...

Cloud Security controls are different... with their own limitations

14

• Multiple VPCs create multiple security touch-points

• Cloud Security Resource Limitations inhibit consolidation

• Static Group membership and IP-address rules require coordination at deployment

• Cloud Operational framework Inconsistent from On-premise

AWS Account 1

Cloud Admin


VPC 1

...





bution

2: A Single Security Posture Across your hybrid cloud

15

✓ Single Security Policy

✓ Rich set of abstractions

✓ Dynamic security group membership

✓ No cloud-resource limitations

VPC 1 VPC 2

Security Group 2

Security Policy

VNET 1

Security Group 3

Security Group 1

Cloud Admin




bution

3: Real Time Operational Visibility Into Firewall Rule Invocations

16

SYSLOG

• Route firewall logs to industry-standard syslog, leverage SIEM tool of your choice

• Real-time Operational visibility into your cloud security posture

• Operationally consistency with your on-premise security environment

AWS Account 1

Web App DB

VPC




bution

Demo: Decoupling Application Deployment and Security

17



bution

4: Defense in Depth through Default Quarantine

18

• Multi-layered security through NSX and AWS security groups managed by NSX

• Fully Configurable to each VPC with exclusion lists

• Best of Both Worlds – Greater agility for test&dev, higher structural integrity for production

Test and Dev

NSX Managed

...

NSX Unmanaged

...

Production

✘QuarantinedNSX Managed

...

+




bution

Demo: Multi-layered Security through Default Quarantine

19



bution

5: Extend Enterprise Network Policy to Cloud

20

✓ Single network policy, deploy anywhere

✓ Full control of IP addresses

✓ Stretch subnets across public cloud availability zones

Static VPC Network Topology

...

VPC A

NSX Logical Network Topology


...

...

VPC N

...




bution

6: Network Trace and Visibility

21

✓ East-west traffic visibility within VPCs

✓ Trouble-shooting ease in cloud environments

✓ Consistency with on-prem operational tools




bution

Demo: Troubleshooting through NSX Traceflow

22



bution

NSX on - premise and in the cloud

23

NSX on-premises NSX Cloud

We give you bits

You install

You patch, upgrade

Perpetual license (usually)

Features are (mostly) the same

On your servers / In your network

Just log in and use

No installation

We take care of patches/ upgrades

Pay per use

Runs in cloud




bution

A Dedicated NSX instance for your Cloud Environment

24

CUSTOMER NSX MANAGERS

NSX CLOUDDASHBOARD

NSX Manager Cloud Service Manager

VPC -N VPC -1

NSX cloud gateway NSX cloud gateway

...

VPC -N VPC -1

NSX cloud gateway NSX cloud gateway

...

CUSTOMER COMPUTE VPCs


CUSTOMER 1 CUSTOMER 2




bution

VMware NSX Cloud – Under the Covers Architecture

25

Customer AWS Account

CONTROLPLANE

DATAPLANE

MANAGEMENT PLANE

CLOUDGATEWAY

Linux VM Windows VM

NSX Cloud Gateway

NSX CLOUDDASHBOARD

Public cloud infrastructure

with hypervisor (ex: AWS)

VMware AWS Account

NSX Controller Cluster





bution

Operational Control Without Infrastructure Management

26

NSX Operations VMware Customer

NSX Cloud Deployment ✓

Onboard Compute VPCs ✓

Manage Security, Network policies ✓

NSX Maintenance / Upgrades ✓




bution


NSX Cloud Summary

27

Cloud Network Admin Cloud Security Admin

DevOps / Developer

Defines Network Topology And IP Addressing

Focuses on App Development and Deployment

Mandates Security Policies and Ensures Compliance

Decoupling maintains Agility Control Cloud Networking & Security



bution

Getting Started with VMware NSX Cloud is Easy

28Request Access @ https://cloud.vmware.com



bution

All 3 Days

Solutions Exchange Talk to our experts and learn more about VMware Cloud Services

Hands On Labs Self services Experience: Try out VMware Cloud Services yourself

Tuesday

MMC1532BE Using VMware NSX for Enhanced Networking and Security for AWS Native Workloads

MMC3164BE How Data Science is Transforming Operations: Introduction to Wavefront by VMware

Wednesday

MMC2888GE How We’ve Accelerated Innovation While Keeping Our Cloud Spending in Check

MMC3074BEThree Ways to Use New VMware Cross-Cloud Services to Efficiently Run Workloads Across AWS, Azure, and

vSphere: VMware and Customer Technical Session

Thursday

MMC2820BE Live Demo: 3 Best Practices for Deploying, Managing and Securing AWS EC2 Apps with VMware Cloud Services

MMC3066BEHow Do You Use Network Insights' SaaS to Secure Multitier Hybrid Apps Running on vSphere, VMware Cloud on

AWS, and AWS Native?

29

Continue the NSX Cloud journey!

Take the Hands-on Lab for NSX Cloud HOL-1822-01-NET

VMware NSX Cloud - Secure Native Workloads in AWS!

Learn more about VMware Cloud Services




bution



bution

mmc1532be using vmware nsx cloud for … vmware nsx cloud for enhanced ... how do you use network...

Documents