nsx scenariji - beograd | coming computer...
TRANSCRIPT
NSX scenariji
Jelena Tatomirović, rež i i že jer
Mila Vujo ić, rež i i že jer
Virtualiza ija u da aš je data e tru
Applications
Compute Storage Networking
Zašto je virtualiza ija reže it a?
3
NSX komponente
Control Plane NSX Controller
Run-time state
• Decouples virtual networks
form physical topology
• Not in Data Path
• Highly Available
Data Plane
NSX Edge
VDS
Hypervisor Extension Modules
Firewall Distributed
Logical Router VXLAN
NSX vSwitch
• Highly Available VM form factor
• Data Plane for N-S traffic
• Routing and Advanced services
• Intelligent network edge
• Line Rate performance
Management
Plane
NSX Manager • Single point of configuration
• REST API and UI interface
CMP Consumption
• Self Service Portal
• vRealize Automation
• Etc.
4
NSX – rež i odel ove ge era ije
Switching
Routing
Firewalling/ACLs
Load Balancing
Šta se do ija uvođe je NSX-a?
Bezbednost
Automatizacija
Kontinuitet aplikacija (DR)
Bezbednost virtuelne infrastrukture
Web App DB
Mikrosegmentacija
Bezbednost krajnjih korisnika
DMZ bilo gde
Bezbednost i VDI
APP1
Web 1 App 1
APP2
Web 2 App 2
Engineering External
Contractor 1 External
Contractor 2
Eng Eng net 4
Exter al * Web 1 4
Exter al * Web 2 4
APP1
Web 1 App 1
APP2
Web 2 App 2
Engineering External
Contractor 1 External
Contractor 2
Traditional Data Center NSX Data Center
VLANs
Engineering
External Contractor 1
External Contractor 2
Eng Web 1 4
Eng App 1 4
Eng Web 2 4
Eng App 2 4
Ext1 Web 1 4
Ext1 App 1 5
Ext2 Web 2 4
Ext2 App 2 5
…
Inteligentno grupisanje epodrža ih OS
Smanjiti rizik koji nose operativni sistemi koji nisu
podrža i od stra e proiz ođača pr. Wi do s Ser er
Unsupported OS Group
Automatizovana sigurnost u SDDC-u
10
Security Group = Quarantine Zone
Members = {Tag = ‘ANTI_VIRUS.VirusFound’, L2 Isolated Network}
Security Group = Web
Tier Policy Definition
Standard Desktop VM Policy
Anti-Virus – Scan
Quarantined VM Policy
Firewall – Block all except security tools
Anti-Virus – Scan and remediate
Automatizacija
Web App DB BLUEPRINT
IT Automating IT
Developer Cloud
Multi-tenant Cloud
Brzo kreiranje aplikacija iz template-a
12
• Dynamic Configuration and Deployment of templated application (NSX and vRealize Automation)
Logical Switch
Logical Router
NSX
Logical Firewall
Logical Load Balancer
On Demand Application Delivery vRealize Automation
Resource Reservation
Multi-Machine
Blueprint
Service Catalog
Cloud
Management
Platform
Network Profiles
Security Policies
Security Groups
Web
App
Database
VM VM
VM VM VM
VM
Kontinuitet aplikacije
Disaster recovery
Multi DC pooling
Cross Cloud
Data Center 1
Data Center 2
VM VM
VM VM
VM VM
VM VM
VM VM
VM VM
VM VM
VM VM
VM
VM VM VM
VM VM
VM
VM VM VM
VM VM
VM VM
VM VM VM VM
VM VM
VM VM
VM VM VM VM
VM VM
VM VM
VM VM
VM VM
VM VM
Multisite networking and security
14
vCenter-A vCenter-B
<150ms
Local Storage Local Storage
Universal Distributed Logical Router
App Web D
B
App Web D
B
Secure, High Availability, Distributed, Virtualized Resource Pool
Site-A Site-B
Disaster recovery
APP APP APP
15
Data Center 2 Data Center 1
Disaster Recovery
APP APP APP APP APP APP APP APP APP
Network Storage Compute Network Storage Compute
Recover
Always Synchronized
No IP change, Instantaneous Availability of Apps upon Disaster Failover of Logical Switching, Routing & Firewall Rules
Implementacija NSX-a u ali okruže ji a
NSX bez overlay reže
• NSX e adžer
• vCenter server
• Bez VXLAN-ova
• Bez izmene MTU vrednosti
NSX sa overlay režo (Full stack NSX)
• NSX e adžer
• vCenter server
• 1600 byte MTU
• 3 NSX kontrolera
• 2 NSX EDGE-a (HA/ECMP)
Pitanja?
NSX – monitoring i upravljanje
• NSX Flow monitoring
• NSX Traceflow
• vRealize Log Insight
• VRNI – vRealize Network Insight
vRealize Network Insight
9
Transformative Operations for NSX based Software-Defined Data Center
Optimize Network
Performance with
3600 Visibility &
Analytics
Ensure Best Practices,
Health and Availability
of NSX Deployment
Plan Micro-
segmentation
Deployment and
Ensure Compliance
Across Virtual, Physical and Cloud
vRealize Network Insight
21
• A aliza sao raćaja data e tra: East-West, VM-to-VM, VM-to-Physical, Switched, Routed..
• Detalj i statistički poda i o s i tipo i a sao raćaja
Hvala na paž ji! Pitanja?