Beruflich Dokumente
Kultur Dokumente
Oliver Zängerle
Senior Systems Engineer
Agenda
1. Network Virtualization
2. Security
3. Automation
CONFIDENTIAL 2
What is a Software Defined Data Center (SDDC)?
Software
Data Center Virtualization Layer
Hardware Software
IntelligenceNetwork
Compute, in Hardware
and Storage Capacity
Operational
Dedicated,
Pooled, Model
Vendor
Vendor of VM forInfrastructure
Specific
Independent, Data
BestCenter
Price/Performance Infrastructure
Automated
Manual Configuration
Configuration
Simplified Configuration &&Management
Management
& Management
Taking what we have learned….
Programmatically Create,
Snapshot, Applications
Store, • Intelligence in the virtualization layer
Move, • Vendor independent x86 capacity
Delete, Virtual
Restore Machines • Transformative operational model
• Automated configuration & management
Software Server Virtualization
Intelligence in hardware
Dedicated, vendor specific infrastructure
Manual configuration & management
To deliver a Software Defined Data Center approach
Programmatically Create,
Snapshot, Applications
Store,
Move,
Delete, Virtual Virtual Virtual
Restore Machines Networks Storage
Location Independence
Provides
A Faithful Reproduction of Network & Security Services in Software
CONFIDENTIAL 6
VMware NSX: Virtualize the Network
CONFIDENTIAL 7
VMware NSX: Virtualize the Network
CONFIDENTIAL 8
VMware NSX: Virtualize the Network
CONFIDENTIAL 9
VMware NSX: Virtualize the Network
Logical
Switching
Logical
Routing
Load
Balancing
Physical
to Virtual
Firewalling
& Security
CONFIDENTIAL 10
VMware NSX: Virtualize the Network
Logical
Switching
Logical
Routing
Load
Balancing
Physical
to Virtual
Firewalling
& Security
Software Defined
Data Center
12
Agenda
1. Network Virtualization
2. Security
3. Automation
CONFIDENTIAL 16
Perimeter-Focused Security
Unconstrained Communication
Little or no lateral controls inside perimeter Sophisticated attackers
bypass perimeter defenses.
The system that is initially
compromised is often one of
low value.
Data Center
Perimeter
17
Micro-Segmentation
Why can’t we have individual firewalls for every VM? With traditional technology,
this is operationally infeasible.
Physical firewalls
Cost prohibitive with
complex configurations
Internet
Virtual firewalls
Slower performance,
costly, and complicated
Data Center
Perimeter
18
Secure Micro-Segmentation in the Data Center
Security Policy
Cloud
Management
Platform
Internet
Perimeter
Firewalls
19
There is a BIG difference…
20
Micro-segmentation in Detail
Isolation Segmentation Advanced services
No communication path between Controlled communication path within Advanced services: addition of 3rd
unrelated networks a single network party security, as needed by policy
• No cross-talk between networks • Fine-grained enforcement of security • Platform for including leading
• Overlay technology assures networks • Security policies based on logical security solutions
are separated by default groupings of VMs • Dynamic addition of advanced
security to adapt to changing
21
security conditions
NSX for Horizon
Horizon Infra
Internal Developer Pool Internal Developer Network
Micro-segmentation for • Allows for elasticity and agility • NSX services for horizon
– Desktop to Desktop control to spin up/down new pools or infrastructure
expand existing using logical
– Desktop to Enterprise App
control
switching, routing and
firewalling
– Quarantine infected (AV)
desktops
CONFIDENTIAL 22
SDDC Platform – Native Security Capabilities
Platform-based automation
• Automated provisioning and workload adds/moves/changes
• Accurate firewall policies follow workloads as they move
23
Agenda
1. Network Virtualization
2. Security
3. Automation
CONFIDENTIAL 24
Use Cases
25
Automation
Application Workloads
Virtual Infrastructure
Internet
26
Platform Services Enable Robust Ecosystem
We expect the vast majority of this functionality to come from partners
Virtual Infrastructure
Internet
27
Self Service IT: Driving IT Agility
Cloud
Consumer
Provider
CONFIDENTIAL 28
Software Defined Data Center Deployed
L3 Subnet
Internet
App Tier
NAT
L3 Subnet
DB Tier
L3 Subnet
Physical Network
Use Cases
31
Hardware Refresh
Virtual infrastructure decouples applications from hardware
Virtual Machines
Virtual Infrastructure
Isolation
Internet
Disaster Recovery
Network configuration becomes easily replicable once it is software defined
Internet Internet
33
NSX Packaging Summary
Enterprise Customer Service Provider
LICENSE
Perpetual Perpetual Term Perpetual Term Usage Usage
MODEL
METRIC per CPU per CPU per VM per CPU per VM Per VM per VM
Stand-alone
PACKAGE Stand-alone Suite Add-On Stand-alone Stand-alone Stand-alone Stand-alone
LICENSE MSRP $5,995 $3,495 $408/ Year $6,995 $480 / Year 20 Points / VM / Mo 25 Points / VM / Mo
(Commercial)
CONFIDENTIAL
35