vmworld 2013: datacenter transformation with network virtualization: today and tomorrow

Datacenter Transformation with Network

Virtualization: Today and Tomorrow

Allwyn Sequeira, VMware

SEC5828

#SEC5828

2

Agenda

Network & Security Virtualization – The Industry Context

The Problem Statement – Various Perspectives

• Application, CMP perspective

• VI admin / cloud operator perspective

VMware NSX Platform

VMware NSX Architecture

VMware NSX Use cases

3

Enterprise

Data Center

Networking

The Industry Context - Three Major Forces in Networking

- Separation of control, OpenFlow

- X86 programmability

- Centralized management

Research, GOOG, Telco, Nicira

- Interconnect heterogeneous

compute/storage pools

- COTS hybrid server/switch

- L3 to the rack, scale out PODs

AMZN, RAX, FB, Ebay, Nicira

- SDDC: beyond servers

- Net / sec virtualization

- Fast / flat / fat fabrics, UCS

VMW, CSCO, …

N + V = NV leadership!

4

Network Virtualization = SDN+

L2

L3 Virtual

Networks

L2

All the properties of SDN

• Separation of control, forwarding

• Software innovation

• Time to market

• Service extensibility

With the benefits of virtualization

• Agility, efficiency, mobility

• Non-disruptive deployment

• Decoupled from physical

• Hardware independence

Distributed

Forwarding

Manual

Configuration

Network virtualization will leverage the network fabric / SDN controller shift

5

Agenda

Network Virtualization – The Industry Context




VMware NSX Platform



6

Enterprise Data Center Security & Networking Today

vSphere

Users

Sites

Backend

Services

- VLANs, ACLs, Firewalls, IDS/IPS, monitoring

- Server A/V Agents, guest security

- App | data | identity aware security, compliance

- DMZ firewall, NAT, DDI

- Site and user VPNs

- Web load balancers, WAF

- Desktop A/V Agents

- DLP, FIM, white listing

DMZ

Web

View

Way too complicated, fragmented, manual! OUCH

7

SDDC & NSX – Enabling App-Cloud

APP

CLOUD

VIRTUAL

PHYSICAL

HYPERVISOR HYPERVISOR HYPERVISOR

SDDC = A better way to build clouds

NSX = Solves SDDC networking & security

8

What Applications and Cloud Consumers Want…

Bridge Physical

L2

L3

Firewall

WAN

Internet

Edge

Apps should be completely un-aware of the underlying infrastructure

That is someone else’s problem i.e. OUR problem

9

NSX: Closing the Gap Between Provider and Consumer

NSX

L2

CMP

Bridge

Physical

WAN

Internet

Edge L3

Firewall

Any Physical Infrastructure

Compute, Storage & Network Hardware Independent

10

On any network On any network

The NSX Requirements

INTERNET

WAN

On ramp, off ramp

& edge services

ESX, KVM, Xen

Non-vSphere

compute clusters

vSphere

vSphere (incl vCenter)

compute clusters

NSX needs to deliver:

L2-L3 Network Services

L4-L7 Network Services

On demand, at scale

Operators Partners

Common model for

provider provisioning,

fault, perf, stats, logs

Common model for

partner service insertion

LAN

Physical

vCloud Suites Open Stack

Consumers

Common consumption

Model for CMPs, apps

11

Agenda





VMware NSX Platform



12

VMware NSX – Networking & Security Capabilities

Any Application

(without modification)

Virtual Networks

VMware NSX Network Virtualization Platform

Logical L2

Any Network Hardware

Any Cloud Management Platform

Logical

Firewall

Logical

Load Balancer

Logical L3

Logical

VPN

Any Hypervisor

Logical Switching– Layer 2 over Layer 3, decoupled from the physical network

Logical Routing– Routing between virtual networks without exiting the software container

Logical Firewall – Distributed Firewall, Kernel Integrated, High Performance

Logical Load Balancer – Application Load Balancing in software

Logical VPN – Site-to-Site & Remote Access VPN in software

NSX API – RESTful API for integration into any Cloud Management Platform

Partner Eco-System

13

Server Virtualization Cloud Infrastructure vCloud

vCloud

VMware’s Network & Security Virtualization Journey

vSwitch

Host 1 Host 2

vSwitch vSwitch vSwitch

Host Y Host Z

Abstract: vSwitch started the network virtualization journey

Pool: NSX Switch with distributed routing & overlays extend diameter

Burst: NSX Edge provides on/off ramp to/from data center

Secure: NSX Firewall is the basis for security virtualization

Automate: NSX Manager, APIs and CMP plugins provide integration

NSX Switch NSX Switch

Overlay

NSX Edge

NSX Firewall

14

Agenda





VMware NSX Platform



15

VCNS

vSphere

vCloud Suites

Hardware and Location Independent

VMware: The Two Leading Network Virtualization Stacks

VMware Open stack

KVM, Xen

NVP

Open stack

NSX

16

Network & Security Virtualization – The Journey

1. Abstract

Physical

Virtual

Abstract network &

security functions

3. Automate

Cloud

Operations

Network/Security

Operations

Realize operational

benefits of virtualization

2. Pool

Distribute and allocate

to apps, on demand

Virtual

Physical

17

NSX Architecture and Design Pattern D

ATA

C

ON

TR

OL

MG

MT

CMP

CL

OU

D

PH

YS

ICA

L

VIR

TU

AL

OVERLAYS

Hypervisor

vSwitch

Hypervisor

NSX Switch

NSX Manager NSX Manager NSX Manager

NSX API

CMPs & apps consume logical services

The REST API abstracts underlying services

The Manager cluster maps services to controllers

Controller cluster: Manager + agents

Integrated switching, routing, firewalls in hypervisor

Overlays de-couple from physical

Physical: IP connectivity is the only requirement

18

L2-L

3

L4-L

7

Contr

ol

Mgm

t

Product Delivery Summary

VMW CMP Open Stack CLO

UD

P

HY

SIC

AL

VIR

TU

AL

Operations Partners

INTERNET

WAN

LAN

Physical

NSX Edge

Edge

Services

Router

ToR / OVSDB

NSX Controller Cluster

NSX Manager NSX Manager NSX Manager

NSX API

vCAC, Neutron Plugins

Consumption

ESX, KVM, Xen vSphere

NSX Firewall

DFW

NSX Switch

VDR

VDS

NSX Switch

OVS

19

Introducing NSX Partner Brocade

20

Brocade VCS Gateway for NSX — Centralized

© 2013 Brocade Communications

Systems, Inc. Proprietary Information

Easy initial deployment model—no rip and replace

Brocade VDX 6740 Fixed Switch with VCS Fabric Technology

• ASIC support for leading VTEP performance

• Simplicity and resiliency via logical gateway with redundant switches

VMware NSX Controller

LEAF LEAF

Spine

VM VM

VM VM

VM VM

VM VM

VM VM

VM VM

VM VM

VM VM

VM VM

SLB

FW

LEAF LEAF LEAF LEAF LEAF LEAF

Spine

Brocade VDX Brocade VDX

Non-VXLAN VXLAN

21

Brocade VCS Gateway for NSX — Distributed

VXLAN gateway a feature of every ToR Brocade VDX 6740 switch

Maximum flexibility for placement of virtual and physical endpoints

Single point of management via VMware NSX integration and Brocade VCS Logical Chassis

Brocade

VDX

Brocade VDX

VM VM

VM VM

VM VM

VM VM

VM VM

VM VM

Non-VXLAN VXLAN

VMware NSX Controller

Brocade

VDX

Brocade VDX Brocade VDX

VM VM

VM VM

VM VM

VM VM

VM VM

VM VM

Brocade VDX

© 2013 Brocade Communications

Systems, Inc. Proprietary Information

22

Security Virtualization –

The Next Frontier

23

Security Virtualization with NSX Firewall & Edge

Apps / DB Tier DMZ

Users

Sites

Web Servers

• NSX Firewall: Virtualize internal firewalls & endpoint security into the hypervisor

• NSX Edge: Virtualize perimeter networking & security services (per VDC or vApp)

24

Network & Security Virtualization: The App Perspective

App

Owner

Virtualization

Operations

Physical

Infrastructure

25

NSX API and Manager Cluster in Action

26

Agenda





VMware NSX Platform



27

VMware NSX – Network Virtualization

VMware NSX Transforms the Operational Model of the Network

• Network provisioning time reduced from days to minutes

Reduce network provisioning time from

days to seconds

Cost Savings

• Reduce opex by 80%

• Increase compute asset utilization upto 90%

• Reduce capex by 40-50%

Operational Automation

Simplified IP hardware

Choice

• Hypervisor: vSphere, KVM

• CMP: vCAC, Openstack

• Any Network Hardware

• Partner Ecosystem

Any hypervisor

Any CMP with Partner

28

Looking Forward: Interconnected SDDCs

• Any service, anywhere, any scale,

on any hardware

• Full API for implementing auto-scale

distributed services

• Leverage the power of virtualization

for next generation network services

Data Center

Data Center

Data Center

Logical Networks & Services

Consistent across multiple data centers

29

In Summary, NSX …

Transforms Networking and Security in the Software-

defined Data Center

Virtualizes networking and security to create efficient,

agile and extensible constructs

Increases operational efficiency and improves utilization

Simplifies operations and enables IT agility to drive business agility and protect business critical applications

Delivers the most extensible platform and broadest set of

ecosystem partners

START YOUR NETWORK & SECURITY VIRTUALIZATION JOURNEY TODAY!

30

Other VMware Activities Related to This Session

HOL:

HOL-SDC-1302

vSphere Distributed Switch from A to Z

HOL-SDC-1303

VMware NSX Network Virtualization Platform

SEC5828

THANK YOU

Datacenter Transformation with Network

Virtualization: Today and Tomorrow

allwyn sequeira, VMware

SEC5828

#SEC5828

vmworld 2013: datacenter transformation with network virtualization: today and tomorrow

Technology

sddc nsx

clouds nsx

nsx manager

agenda network virtualization

vmware sec5828

nsx requirements internet

xen nvp open stack nsx

software nsx api restful