The Vision for the Future of Network

Virtualization with VMware NSX

Scott Lowe

© 2014 VMware Inc. All rights reserved.

Agenda

•  Who is this guy?

•  Network virtualization with VMware NSX: the story so far
•  Where do we go from here?
•  Questions and answers
Who is this guy?

•  Engineering Architect in VMware’s Network & Security Business Unit (NSBU)

•  Author (7 books so far)
•  Blogger (10 years at http://blog.scottlowe.org)
•  Speaker (VMworld, Interop, VMUG events worldwide)
•  All-around geek

3
Network virtualization with
VMware NSX
The story so far
NSX customer and
business momentum

700+
NSX Customers

100+
production deployments
(adding 25-50 per quarter)

65+
organizations
have invested $1M+ in NSX
Networking is a
software industry
NSX in open source
environments

60
organizations contributing
to Open vSwitch

20%
of NSX production
deployments use OpenStack

100k+
KVM VMs in a single
NSX deployment
Network virtualization with VMware NSX today

Application demands Virtual machines

•  Many different applications

•  Different compliance and security needs Virtual Machines
•  Frequent change

NSX network virtualization Virtual infrastructure

•  Speed and automation
•  Agility
Physical Network Infrastructure
•  Security and policy

Physical network infrastructure

Hardware complexity
•  Multiple vendors
•  Different architectures Internet
•  Multiple locations

Internet
Major NSX use cases

Agility Security Application Continuity

IT Automating IT Intra-Datacenter Micro-Segmentation Disaster Recovery

Developer Clouds DMZ Anywhere Metro Pooling

Multi-tenant Infrastructure Secure User Environments Hybrid Cloud Networking

Where do we go
from here?
Physical networks and bare-
metal workloads
Overlay-to-VLAN gateway functionality
•  Overlays allow NSX to decouple logical networks from the physical network
•  The overlay-to-VLAN gateway allows communication between logical and physical networks

Physical Workload
VM

NSX Logical Network, Physical Network,

VXLAN/STT/Geneve VXLAN ßà VLAN VLAN-backed segments
tunnels gateway
Overlay-to-VLAN gateway form factors

Leverages x86 x86-based bridge

server
Physical
Workloads
VXLAN/STT/ VLAN
Geneve

Highest density HW VTEP

and throughput
with partner HW Physical
Workloads
VXLAN VLAN
Distributed network services
Why distributed network services?

Scale out of Apply services at Unprecedented

network services the vNIC for very visibility
granular control

15
Tech preview: Distributed load balancing
Logical View Physical View

Web Tier

Load
Balancer

App Servers

NSX NSX
vswitch vswitch
Load
Balancer

Database

16
Containers
 Website

Website
Internet

Website
Port 80

Website

Internal App
Container networking today
Internal
network

Internal App

Database
18
Tech preview: Containers with VMware NSX
NSX provides Internal
segmentation, Internet
network
visibility, and
integration Micro-
segmentation
Alert
Connection
to data center

HONEY POT

Internal App

Internal App

Data center
Database
Website

Website

Website

Website VULNERABILITY
SCANNER

Physical network infrastructure

19
Benefits of NSX and containers

Micro- Connection
segmentation
Alert to data center

Micro- Connection
segmentation
Alert
to data center

•  Micro-segmentation to •  Per-flow tracking •  Integration with the rest of

establish clear boundaries
•  Stop compromises at
container or application level
•  Central visibility into
connectivity across the data
center
•  Alerts for suspicious your IT infrastructure
behavior •  Monitoring, incident
•  Virtual taps at a per- response, forensics
container level •  Access to databases,
backup, system updates

20
Public clouds
Power of cloud: workload mobility
Lock-in through services

Load Load Load

Storage Firewall Storage Firewall Storage Firewall
balancing balancing balancing
service service service service service service
service service service
Cloud: just new silos?

Load Load Load

Storage Firewall Storage Firewall Storage Firewall
balancing balancing balancing
service service service service service service
service service service
Tech preview: VMware NSX on public clouds

NSX

Load Load Load

Storage Firewall Storage Firewall Storage Firewall
balancing balancing balancing
service service service service service service
service service service
NSX tomorrow: virtual networking for all platforms

Hyper-­‐V

Virtual infrastructure

Physical network
NSX tomorrow: virtual networking for all platforms
Speed
Provision connectivity for
any endpoint across
different domains.
Virtual desktop

Mobile devices

Agility
Automate provisioning
via templates and
rich APIs.
Hyper-­‐V
Public clouds

On-premise data
center
Security
Consistent security posture
and visibility across all
types of endpoints. Third-generation
apps

27
Some additional resources
•  Watch Bruce Davie’s VMworld US 2015 session NET4989, “The Future of Network
Virtualization with VMware NSX”
•  Watch Guido Appenzeller’s VMworld US 2015 spotlight session, “The Next Horizon for Cloud
Networking” (video recording available on YouTube at
http://www.youtube.com/watch?v=RBJ-KoAM-OQ)
•  Tons more VMware NSX content available from VMworld—VMUG Advantage members have
access to all this content!
•  Learn more about VMware NSX using the VMware Hands-On Labs at http://hol.vmware.com

28
Questions &
Answers
Thank You!
Scott Lowe
slowe@vmware.com
Twitter: @scott_lowe
Blog: http://blog.scottlowe.org
GitHub: https://github.com/lowescott