NET1188BU Disaster Recovery Solutions with NSX Humair Ahmed, VMware NSBU, @Humair_Ahmed Ian Allie, EMC EHC, @Ian_Allie Justin Giardina, iland, @jgiardina #VMworld #NET1188BU
Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitment from VMware to deliver these features in any generally available product. Features are subject to change, and must not be included in contracts, purchase orders, or sales agreements of any kind. Technical feasibility and market demand will affect final delivery. Pricing and packaging for any new technologies or features discussed or presented have not been determined. CONFIDENTIAL 2
Agenda 1 The Need for Better DR with NSX 2 NSX Features for DR 3 NSX DR Solutions with Examples 4 Demo 5 Customer Example: EMC Enterprise Hybrid Cloud (EHC) 6 Customer Example: iland 7 Summary and Q&A NET1190BU NET1191BU Multisite Networking and Security with Cross-VC NSX: Part 1 Multisite Networking and Security with Cross-VC NSX: Part 2 3
NSX Traditional Networking Challenges and Security for DR Solutions for DR Solutions What s needed is a software based approach which Traditional can provide: Solutions:: Change application IP addresses Re-create/Re-configure Decoupling from physical physical hardware network Ex: for Ease L2-L3 of connectivity deployment requirements L2 Over Dark Fiber Re-create Ease of use security policies Better security with micro-segmentation VPLS Over MPLS Back Bone Update other physical device configuration Leverage higher-level security constructs Hardware-Based Solution (OTV) Ex: load balancer Additional Flexibilityupdate/re-configuration (ACLs, DNS, High Application degree of automation IP Dependencies, etc.) Expensive, hardware-based, complex, operationally Rapid deployment/recovery and productivity challenging, and/or long lead times required Ease of testing DR Plan Site 2: King s Landing Extensive partner ecosystem for services Not Integration holistic solutions with other only Winter DR focused & SDDC is coming. on components the network (SRM, and per-device vsphere hypervisor, configuration vrealize and lack Suite, etc.) automation and flexibility Protect the workloads! Site 1: Winterfell 4
Agenda 1 The Need for Better DR with NSX 2 NSX Features for DR 3 NSX DR Solutions with Examples 4 Demo 5 Customer Example: EMC Enterprise Hybrid Cloud (EHC) 6 Customer Example: iland 7 Summary and Q&A 5
Leveraging Cross-VC NSX for DR DR to another data center WEB DB Site 1 Site 2 UDLR ULS - VNI 7000 ULS - VNI 8000 ULS - VNI 9000 UDFW Active Active - stand-by model Stand-by 6
Flexibility for DR Solutions DR to another data center Site 1 Site 2 WEB DB WEB DB Active Stand-by UDLR UDLR UDFW Active - stand-by model Stand-by Active 7
NSX Control Plane Resiliency: CDO Mode Site 1 Site 2 Universal Controller Cluster No CDO Mode No CDO Mode Host 1 Host 2 Successful PingPing Fails Universal App Logical Switch: VNI 90000 Universal Transport Zone VDS VDS Cluster Cluster 8
NSX Control Plane Resiliency: CDO Mode Site 1 Site 2 Universal Controller Cluster CDO CDO Host 1 BUM Host 2 Successful Ping Universal App Logical Switch: VNI 90000 Universal Transport Zone VDS VDS Cluster Cluster No issues when powering on a VM on Host 2 or vmotioning a VM to Host 2 9
NSX Security: Leveraging Higher-Level Security Constructs On Primary NSX Manager --configure create Universal Unique Security ID Selection Tag Criteria Synchronization of Security Tags between Primary/Secondary NSX Managers On Primary NSX Manager Statically attach security Ex: tag(s) Universal to respective Security VM(s) Tags VMworld 2017 On Secondary NSX Manager - Security Tags attached to respective VMs based on Unique Selection criteria Content: Not for publication 10
Leveraging NSX for DR to Cloud DR to a cloud environment Active WEB DB L2 over L3 via Cross-VC NSX Active - stand-by model Direct Connectivity VMware Cloud Provider Site 1 Site 2 Stand-by 11
Leveraging NSX for DR to Cloud DR to a cloud environment WEB DB Active L2VPN IPSEC Active - stand-by model VMware Cloud Provider Site 1 Site 2 WEB DB Stand-by 12
Agenda 1 The Need for Better DR with NSX 2 NSX Features for DR 3 NSX DR Solutions with Examples 4 Demo 5 Customer Example: EMC Enterprise Hybrid Cloud (EHC) 6 Customer Example: iland 7 Summary and Q&A 13
NSX Enhanced DR Solutions Compute and Networking DR Orchestration Storage Replication vsphere 6.0+ NSX 6.2+ SRM Dell EMC RP4VM vsphere/array Replication Replication RP4VM Other DR Vendors VRA VM-Level Replication VRA 14
Cross-VC NSX + SRM for DR Compute vcenter Server Virtual Machines VMware vsphere Part of vsphere platform Source and destination networks Servers are automatically mapped with Storage Policy Protection Group (SPPG) Replicates virtual machines between vsphere clusters Storage Networking? Required at both protected and recovery sites Storage Site Recovery Manager Site Recovery Manager Manages recovery plans Automates failovers and failbacks Tightly integrated with vcenter and replication Replication Options vsphere Replication Storage-Based Replication (3 rd party) Provided by replication vendor Integrated via replication adapters created, certified and supported by replication vendor 15
Palo Alto Networks SRM SRM Palo Alto Networks Active Application.1.1.1 2 Standby Application 3 1 Protection Group Priorities/Dependencies or distribution vsphere Replication vsphere Replication 16
SRM Web App DB Site 1 Palo Alto, CA VMworld 2017 UDLR ULS Web: 172.20.1.0/24 ULS App: 172.20.2.0/24 ULS DB: 172.20.3.0/24 Test UDLR Test ULS Web: 172.20.1.0/24 Test ULS App: 172.20.2.0/24 Test ULS DB: 172.20.3.0/24 UDFW Site 2 San Jose, CA Content: Not for publication Web App DB Run on Isolated Test Network 17
Cross-VC NSX + RP4VM for DR VMworld 2017 Content: Not for Recover Point Manager Manages recovery plans Automates failovers and failbacks Tightly integrated with vcenter publication Hypervisor Based Replication Protect VMs with VM level granularity Replicates virtual machines between vsphere clusters Orchestrated DR test, failover, failback to any point in time 18
Cross-VC NSX + Zerto for DR 19
Agenda 1 The Need for Better DR with NSX 2 NSX Features for DR 3 NSX DR Solutions with Examples 4 Demo 5 Customer Example: EMC Enterprise Hybrid Cloud (EHC) 6 Customer Example: iland 7 Summary and Q&A 20
21
Agenda 1 The Need for Better DR with NSX 2 NSX Features for DR 3 NSX DR Solutions with Examples 4 Demo 5 Customer Example: EMC Enterprise Hybrid Cloud (EHC) 6 Customer Example: iland 7 Summary and Q&A 22
DR Solutions with NSX Dell EMC Enterprise Hybrid Cloud Ian Allie Consultant Solutions Engineer Dell EMC Enterprise Hybrid Cloud 23
Enterprise Hybrid Cloud Enterprise Hybrid Cloud Cloud Software Self-service Management Defined and and automated Infrastructure Operations IaaS CI / HCI Platform Engineered Modular Add-ons Continuous Availability Disaster Recovery Data Protection Encryption Services 24
Business value NSX with EHC delivered to our customers 25% time saved from operational activities Provisioning time reduced from days to minutes Increased resource utilization Reduced provisioning times from 2 3 weeks to minutes Decreased total IT spend by 60% Reduced time to market for new business services by 65% 4X faster provisioning time 90% reduction in downtime 50% reduction in data center costs Consolidated data centers by 71% Reduced resource provisioning time from months to hours Unification of entire IT department vs. siloed teams 25
NSX Simplifies EHC DR add-on VMworld 2017 Content: Not for RecoverPoint for Virtual Machines (RP4VM) publication VM-level disaster recovery granularity Virtual Appliance Replication vsphere web client integration 26
1 2 Sites, 2 vcenters 4 2 Active workloads Use Case: Requirements 5 6 3 Bi-directional DR Consistent security Consistent networks and traffic engineering DR Consumption through CMP 27
Controller Cluster Building the Network Site 1 Site 2 vcenter NSX Manager Cross vcenter NSX 1 Blue_uDLR VMworld 2017 Content: Not for vcenter Web App DB Blue App01 NSX Manager publication 5 2 Green_uDLR Web App DB Green App01 28
Controller Cluster Replicating the VMs Site 1 Site 2 vcenter NSX Manager Web App DB Blue App01 RP4VM vrpa Cross vcenter NSX Recoverpoint for VM Blue_uDLR Green_uDLR RP4VM vrpa vcenter Web App DB Blue App01 RP4VM CG NSX Manager 3 Web App DB Green App01 RP4VM CG Web App DB Green App01 29
Universal Security Groups, tags and DFW rules Controller Cluster Securing the Applications Site 1 Site 2 vcenter NSX Manager Web App DB Blue App01 RP4VM vrpa Cross vcenter NSX Recoverpoint for VM Universal Security Groups Blue_uDLR Green_uDLR Static Inclusion RP4VM vrpa 192.168.0.100 00:50:56:XX:YY:ZZ Dynamic Inclusion vcenter Web App DB Blue App01 RP4VM CG NSX Manager 4 6 Web App DB Green App01 RP4VM CG Web App DB Green App01 30
Agenda 1 The Need for Better DR with NSX 2 NSX Features for DR 3 NSX DR Solutions with Examples 4 Demo 5 Customer Example: EMC Enterprise Hybrid Cloud (EHC) 6 Customer Example: iland 7 Summary and Q&A 31
VMworld 2017 justin giardina CTO Content: Not for publication iland Secure Cloud http://iland.com jg@iland.com 32
Began my journey with iland in 2008 about Started in technology in early 90 s - vmware technical advisory board member - content creator for vmware certifications Network and sysadmin at heart 33
20 Years delivering IT Services 8 ISO 27001 & SSAE16 global data centers A Leader in Gartner Magic Quadrant for DRaaS, 2017 10 Years cloud & disaster recovery expertise The Forrester Wave : Disaster-Recovery-As-A-Service Providers, 2017 VMworld 2017 Content: Not for publication
iland delivers a breadth of secure cloud services Enterprise Cloud Services - Advanced Security Public and Private Cloud Disaster Recovery as a Service Fast and reliable DRaaS Cloud Backup Global backup for on-premise All iland services are delivered with our industry-leading customer support 35
Global cloud locations to support your growing business US Headquarters Houston, TX EMEA Headquarters London, UK Tier III and IV data centers Connected directly to 500 IP providers worldwide Clear data location for data sovereignty Local support in each region Standard global contract, SLA, and service catalog Datacenters: Los Angeles, Dallas, Washington, D.C., London, Manchester, Amsterdam, Singapore, Sydney Ongoing global customer-driven expansion 36
global nsx footprint across 8 data centers vcd and vcni 2010 and NSX vcloud networking and security 10,000 networks deployed relying on public and private nsx functionality nsx 2017 over ten thousand leveraging vxlan primarily small percentage of vlan leveraging the nsx api extensively or distribution 37
multi-tenant draas use case one or multiple edges per customer Production VM Production VM complete replica of customer network segments to iland cloud Firewall or distribution ability to pre-configure security rules firewalling, load balancing, routing, vpn, etc. stretch layer-2 with our without customer nsx, partial and full failover complete control prior and during dr event 38
multi-tenant draas use case (partial) Production VM Production VM Firewall Customer Data Center Replicated VM Replicated VM NSX Edge - Firewall - L2VPN - Load Balancing - BGP 39
multi-tenant draas use case (full) Production VM Production VM Firewall Customer Data Center Replicated VM Replicated VM NSX Edge - Firewall - L2VPN - Load Balancing - BGP 40
iland secure cloud nsx api integrations 41
iland secure cloud console draas integrations 42
Agenda 1 The Need for Better DR with NSX 2 NSX Features for DR 3 NSX DR Solutions with Examples 4 Demo 5 Customer Example: EMC Enterprise Hybrid Cloud (EHC) 6 Customer Example: iland 7 Summary and Q&A 43
Humair Ahmed, VMware NSBU, hahmed@vmware.com, @Humair_Ahmed Ian Allie, EMC EHC, Ian.Allie@emc.com, @Ian_Allie Justin Giardina, iland jgiardina@iland.com, @jgiardina