NET1510 Introduction to NSX-T Architecture Dimitri Desmidt ddesmidt@vmware.com Andrew Voltmer avoltmer@vmware.com #VMworld #NET1510BU
Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitment from VMware to deliver these features in any generally available product. Features are subject to change, and must not be included in contracts, purchase orders, or sales agreements of any kind. Technical feasibility and market demand will affect final delivery. Pricing and packaging for any new technologies or features discussed or presented have not been determined. 2
NSX Vision: NSX Everywhere Managing Security and Connectivity for many Heterogeneous End Points Branch offices/edge computing/iot BARE METAL On-premise vcloud Air Network Cloud End users New app frameworks Security Inherently Secure Infrastructure Automation IT at the Speed of Business Application Continuity Data Center Anywhere
Agenda 1 NSX Architecture 2 NSX Network & Security Services 3 NSX Management & Operations Tools 4 NSX Use Cases 4
Agenda 1 NSX Architecture 2 NSX Network & Security Services 3 NSX Management & Operations Tools 4 NSX Use Cases 5
NSX Architecture and Components Cloud Consumption Management Plane Control Plane Data Plane NSX Manager Management Plane (MP) Node VM form factor Central Control Plane (CCP) Nodes- VM form factor VMworld 2017 ESXi (+ kernel modules) Hypervisors KVM (+ kernel modules) VPN NSX Controllers Transport Nodes NSX Edge (L3 + Adv Services) L2 Bridge (L2 Overlay- VLAN) Self Service Portal OpenStack, Custom Concurrent configuration portal REST API entry-point GUI Programs data Control-Plane Protocol Separation of Control and Data Plane Content: Not for publication High Performance Data Plane Scale-out Distributed Forwarding Model Physical Infrastructure 6
NSX Operations Workflow Configuration is persisted Configuration is pushed to Central Control Plane Configuration is realized by Local Control Plane Manager CCP Node CCP Node CCP Node MPA LCP Transport Node MPA X LCP Transport Node MPA User makes a configuration LCP Transport Node 7
NSX Architecture Quick Demo Physical View NSX Mgr NSX Ctrl Rack1 (ESXi) Rack2 (KVM) External Rack3 (Edges) Physical Router Tenant1-LS1 Logical View Tenant1-LS2 8
NSX Architecture Demo
Agenda 1 NSX Architecture 2 NSX Network & Security Services 3 NSX Management & Operations Tools 4 NSX Use Cases 10
NSX Network & Security Services Faithful Reproduction of Network & Security Services in Software Switching Routing Distributed Centralized Routing or distribution Load Balancing Firewall Bridging to Physical Firewall 11
NSX Network & Security Services Advanced Network and Security Topologies Load Balancing LB-Pool VM1 VM2 One-Arm LB In-Line LB NAT VM1 VM2 VM3 Switching NSX API & UI Routing VM4 Switching VM1 VM2 VM3 Firewalling VM1 VM2 VM1 VM2 L2 Overlay/VLAN Bridging 12
NSX Network & Security Services Quick Demo Physical View NSX Mgr NSX Ctrl Rack1 (ESXi) Rack2 (KVM) External Rack3 (Edges) Physical Router Note: One Cloud Management Platform (OpenStack) is used to create those different Network & Security Tenant1-LS1 10.1.1.0/24 Physical Router Tenant1-LR1 (Tier-1) VM.2.1.1 VM.3 VM.2 Logical View VM.3 Tenant1-LS2 10.1.2.0/24 13
NSX Network and Security Services Demo VMworld 2017 Content: Not for publication
NSX Network & Security Services More Information... NSX-T Advanced Architecture Concepts Session: NET1863BU Francois Tallet and Dimitri Desmidt Deep dive into NSX architecture including design, performance and high-availability capabilities. Wednesday, August 30 th 10:00 am to 11:00 am VMworld 2017 The Future of Networking and Security with NSX-T Session: NET1821BU Bruce Davie - CTO VMware Content: Not for publication A view into the future of NSX and how it can address a variety of modern use cases. Tuesday, August 29 th 11:30 am to 12:30 pm 15
Agenda 1 NSX Architecture 2 NSX Network & Security Services 3 NSX Management & Operations Tools 4 NSX Use Cases 16
Management Tools Visibility Statistics Upgrade Without visibility all features are useless! Backup / Restore
Troubleshooting Tools Capture specific traffic for deeper analysis Find quickly logical topology between virtual machines View logical and physical traffic paths between virtual machines In depth logging with support for logging analytic tools
NSX Management & Operations Tools Quick Demo Physical View NSX Mgr NSX Ctrl Rack1 (ESXi) Rack2 (KVM) External Rack3 (Edges) Physical Router Tenant1-LS1 10.1.1.0/24 Physical Router Tenant1-LR1 (Tier-1) VM.2.1.1 VM.3 VM.2 Logical View VM.3 Tenant1-LS2 10.1.2.0/24 19
NSX Management and Operations Tools Demo
Agenda 1 NSX Architecture 2 NSX Network & Security Services 3 NSX Management & Operations Tools 4 NSX Use Cases 21
NSX in the IaaS Stack Infrastructure as Code Web Portal APIs/SDKs CLI Tools ESXi & KVM DevOps Automation Continuous Delivery OpenStack Cloud Management Platform Infrastructure Components NSX Automated Deployment VMworld 2017 Content: Not for vsan Infrastructure treated as code and templated Singular interface for DevOps Automation publication Compute, storage, networking and security APIs APIs abstract underlying virtual infrastructure 22
NSX with OpenStack for IaaS
OpenStack and Hypervisor Ecosystem Open source VIO Redhat Mirantis Canonical SUSE / HPE The NSX Networking and Security Platform VMware Redhat Canonical ESXi 6.0u2 ESXi 6.5 RHEL 7.2 RHEL 7.3 Ubuntu 14.04 LTS Ubuntu 16.04 LTS 24
Next Generation Apps with Container Networking VMworld 2017 Content: Not for publication
Container Networking Challenges CaaS / PaaS platform Container Network Ramp Node (NAT) Micro-services are connected to Private Container network that only spans the PaaS platform Requires ramp nodes and NAT for integrating physical services e.g. Firewall, Load Balancer No means for a DevOps and security admin to define, implement & monitor security policy for Micro-services VMworld 2017 Content: Not for publication Not possible to apply policy for Micro-services database traffic due to NAT
The Benefits of NSX Container Networking CaaS / PaaS platform A single network fabric that connects VMs and containers across on-premise and public cloud Container Network integrates with data center network with BGP Layer 3 reachability between LB, FW and Containers simplifies integration of network services NSX enables both the DevOps admin and the security admin to define & monitor policy for Microservices Prioritizes security admin policy 27
Next Generation Application with Containers More Information... Container Networking with NSX-T Session: NET1521BU Sai Chatanya and Yves Fauser An overview of container networking with NSX. Monday, August 28 th 1:00 pm to 2:00 pm Kubernetes Networking with NSX-T Session: NET1522BU Yasen Simeonov and Yves Fauser A deep dive into NSX and Kubernetes. Monday, August 28 th 11:30 am to 12:30 pm One-Stop Container Networking Session: CNA1091BU Sai Chatanya Container networking with CloudFoundry, Kubernetes, Docker, and More Monday, August 28 th 5:00 pm to 6:00 pm 28
Public Cloud Networking and Security with NSX VMworld 2017 Content: Not for publication
VMware NSX Cloud with AWS Consistent networking and security for applications running natively in public clouds Managed Service Consumption Model Self-service portal for pre and post-pay options VMware takes over NSX lifecycle management Simplified GUI for policy-driven configuration and deployment Attributes based security policies Single pane of glass for management across VPCs and Cloud Accounts Seamless Integration with Cross-cloud Services Portfolio 30
VMware NSX Cloud with AWS More Information... Reference Design for SDDC with NSX Session: NET1535BU Nimish Desai An overview of container networking with NSX. Wednesday, August 30 th 11:30 am to 12:30 pm VMworld 2017 Using NSX for Enhanced Networking and Security for AWS Session: MMC1532BU Amol Tipnis and Percy Wadia Content: Not for publication Discover how NSX can provide enhanced networking and security in AWS. Tuesday, August 29 th 5:00 pm to 6:00 pm 31
Where to Get Started Engage and Learn Join VMUG for exclusive access to NSX vmug.com/vmug-join/vmug-advantage Connect with your peers communities.vmware.com Find NSX Resources vmware.com/products/nsx Network Virtualization Blog blogs.vmware.com/networkvirtualization Try VMworld 2017 Experience Dozens of Unique NSX Sessions Spotlights, breakouts, quick talks & group discussions Visit the VMware Booth Product overview, use-case demos Visit Technical Partner Booths Integration demos Infrastructure, security, operations, visibility, and more Content: Not for publication Meet the Experts Join our Experts in an intimate roundtable discussion Take Free Hands-on Labs Test drive NSX yourself with expert-led or self-paces hands-on labs labs.hol.vmware.com Training and Certification Several paths to professional certifications. Learn more at the Education & Certification Lounge. vmware.com/go/nsxtraining 32