MMC1532BE Using VMware NSX Cloud for Enhanced Networking and Security for AWS Native Workloads Percy Wadia Amol Tipnis VMworld 2017 Content: Not for publication #VMworld #MMC1532BE
Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitment from VMware to deliver these features in any generally available product. Features are subject to change, and must not be included in contracts, purchase orders, or sales agreements of any kind. Technical feasibility and market demand will affect final delivery. Pricing and packaging for any new technologies or features discussed or presented have not been determined. 2
Agenda 1 VMware Cloud Services 2 Introducing NSX Cloud 3 Key Customer Challenges 4 NSX Cloud Service Approach 5 Next Steps 3
Existing Apps Reduce Costs Security Reliability Control VISIBILITY OPERATIONS AUTOMATION SECURITY GOVERNANCE VMware Cloud on AWS VMware Cloud Run, Manage, Connect, Secure Any App on Any Cloud to Any Device VIRTUAL MACHINES VMware Cloud Infrastructure for VMware VMware Cloud Services Cloud Management Cloud Native Apps Time to market Innovation Scale Differentiation CONTAINERS Public Cloud IaaS Consistent Infrastructure VM Infrastructure Container Infrastructure Consistent Operations Management and Operations Across Clouds 4
VMware Cloud Services Manage, Govern and Secure Public and Private Cloud Apps VMworld 2017 Discovery Visibility into apps and resources they consume. Analyze usage and utilization across clouds. Cost Insight Accounting and cost optimization for multiple clouds. Track and analyze your costs and trends. NSX Cloud Secure networks with micro-segmentation Create private networks within or across clouds. Network Insight Operational visibility, control, and compliance across clouds. Optimize performance, health, and availability. Wavefront Metrics-driven monitoring and real-time analytics. Content: Not for publication AppDefense Governance for running workloads. ON PREMISES DATA CENTER 5
Key Challenges In Public Clouds Extending enterprise network to cloud Lack of visibility in cloud traffic flows AWS Account 1 Cloud Network Admin VMworld 2017 Content: Not for Cloud Security Admin Security policy consistency across hybrid Dev-ops compliance to enterprise security policies publication Leverage enterprise operational tools DevOps / Developer Remain focused on Application development and deployment 6
VMware NSX Cloud Consistent networking and security for applications running natively in public clouds VNET VPC Web App DB Web App VMware NSX Cloud Visibility Security Networking DB Web Consistency VPC App DB Visibility across clouds Unified security policy Network Portability Consistent Operations 7
Visibility into your cloud environment becomes challenging DevOps 1 AWS Account 1 VPC Cloud Admin How do I consistently know what I am managing and securing Within my VPC? 8
With VPC Sprawl increasing the complexity DevOps 1 AWS Account 1 VPC A VPC B VPC C How do I consistently know what I am managing and securing VMworld 2017 Content: Not for publication Cloud Admin Across VPCs within an Account? 9
Adding the multiple cloud accounts exacerbates the challenge DevOps 3 DevOps 2 DevOps 1 AWS Account 1 VPC A AWS Account 2 AWS Account 3 VPC C VPC VPC B C Web App DB Web App DB A Web App DB Web App VPC DB VPC B C VPC A Web App DB Web App VPC B DB Web Web App App DB Web App DB Web App Web DB DB App DB Web App DB Web App Web DB App Web App Web DB Web App App DB DB Web App WebDB App DB Web App DB Web App Web Web App App DB Web App DB Web DB App Web DB App DB DB VMworld 2017 Content: Not for publication How do I consistently know what I am managing and securing Across multiple Accounts? 10
Demo: Visibility through VMware NSX Cloud Service Manager VMworld 2017 Content: Not for publication 11
1: A Single Pane of Glass across all VPCs, all accounts Single Inventory View across all accounts and all VPCs Operational network / security status of every VM enables Rapid Response 12
And eventually, across all clouds FUTURES Manage and Monitor your cloud across AWS and Azure from a single, consolidated inventory view in NSX Cloud 13
Cloud Security controls are different with their own limitations Cloud Admin AWS VPC 3 Security Groups AWS VPC 2 Security Groups AWS VPC 1 Security Groups VPC 1 AWS Account 1 VPC 2 VPC 3 Multiple VPCs create multiple security touch-points Cloud Security Resource Limitations inhibit consolidation Static Group membership and IP-address rules require coordination at deployment Cloud Operational framework Inconsistent from On-premise 14
2: A Single Security Posture Across your hybrid cloud VPC 1 VPC 2 Security Group 1 Cloud Admin Security Group 2 Security Policy VNET 1 Security Group 3 Single Security Policy Rich set of abstractions Dynamic security group membership No cloud-resource limitations 15
3: Real Time Operational Visibility Into Firewall Rule Invocations AWS Account 1 VPC Web App DB SYSLOG Route firewall logs to industry-standard syslog, leverage SIEM tool of your choice Real-time Operational visibility into your cloud security posture Operationally consistency with your on-premise security environment 16
Demo: Decoupling Application Deployment and Security VMworld 2017 Content: Not for publication 17
4: Defense in Depth through Default Quarantine NSX Managed Test and Dev NSX Unmanaged Multi-layered security through NSX and AWS security groups managed by NSX Fully Configurable to each VPC with exclusion lists + NSX Managed Production Quarantined Best of Both Worlds Greater agility for test&dev, higher structural integrity for production 18
Demo: Multi-layered Security through Default Quarantine 19
5: Extend Enterprise Network Policy to Cloud VPC A NSX Logical Network Topology VPC N Single network policy, deploy anywhere Full control of IP addresses Stretch subnets across public cloud availability zones Static VPC Network Topology 20
6: Network Trace and Visibility VMworld 2017 Content: Not for East-west traffic visibility within VPCs publication Trouble-shooting ease in cloud environments Consistency with onprem operational tools 21
Demo: Troubleshooting through NSX Traceflow VMworld 2017 Content: Not for publication 22
NSX on - premise and in the cloud NSX on-premises We give you bits You install On your servers / In your network You patch, upgrade Perpetual license (usually) NSX Cloud Just log in and use No installation Runs in cloud We take care of patches/ upgrades Pay per use Features are (mostly) the same 23
A Dedicated NSX instance for your Cloud Environment NSX CLOUD DASHBOARD CUSTOMER NSX MANAGERS CUSTOMER COMPUTE VPCs NSX Manager NSX cloud gateway CUSTOMER 1 CUSTOMER 2 Cloud Service Manager NSX cloud gateway NSX Manager NSX cloud gateway Cloud Service Manager NSX cloud gateway VPC -1 VPC -N VPC -1 VPC -N 24
VMware NSX Cloud Under the Covers Architecture NSX CLOUD DASHBOARD MANAGEMENT PLANE CONTROL PLANE CLOUD GATEWAY DATA PLANE NSX Manager Linux VM NSX Controller Cluster NSX Cloud Gateway Cloud Service Manager Windows VM VMware AWS Account Customer AWS Account Public cloud infrastructure with hypervisor (ex: AWS) 25
Operational Control Without Infrastructure Management NSX Operations VMware Customer NSX Cloud Deployment Onboard Compute VPCs Manage Security, Network policies NSX Maintenance / Upgrades 26
NSX Cloud Summary Defines Network Topology And IP Addressing Cloud Network Admin VMworld 2017 Content: Not for DevOps / Developer Cloud Security Admin Focuses on App Development and Deployment Mandates Security Policies and Ensures Compliance publication Decoupling maintains Agility Control Cloud Networking & Security 27
Getting Started with VMware NSX Cloud is Easy Request Access @ https://cloud.vmware.com 28
Learn more about VMware Cloud Services All 3 Days Solutions Exchange Talk to our experts and learn more about VMware Cloud Services Hands On Labs Self services Experience: Try out VMware Cloud Services yourself Tuesday MMC1532BE MMC3164BE Wednesday MMC2888GE MMC3074BE Thursday Continue the NSX Cloud journey! Using VMware NSX for Enhanced Networking and Security for AWS Native Workloads Take the Hands-on Lab for NSX Cloud HOL-1822-01-NET VMware NSX Cloud - Secure Native Workloads in AWS! How Data Science is Transforming Operations: Introduction to Wavefront by VMware How We ve Accelerated Innovation While Keeping Our Cloud Spending in Check Three Ways to Use New VMware Cross-Cloud Services to Efficiently Run Workloads Across AWS, Azure, and vsphere: VMware and Customer Technical Session MMC2820BE MMC3066BE Live Demo: 3 Best Practices for Deploying, Managing and Securing AWS EC2 Apps with VMware Cloud Services How Do You Use Network Insights' SaaS to Secure Multitier Hybrid Apps Running on vsphere, VMware Cloud on AWS, and AWS Native? 29