Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
SlideShare a Scribd company logo

VMworld 2016: Advanced Network Services with NSX

Download as PPTX, PDF

NSX provides network virtualization and security services including distributed firewalling, load balancing, and VPN connectivity. It reproduces traditional network and security functions in software throughout the virtual infrastructure for improved performance, agility, and security compared to physical appliances. Over 1700 customers use NSX across various industries, with growth of 100% year-over-year. NSX services can be distributed across hypervisors for massive scalability. The platform also integrates with security and application delivery partners to enhance its native capabilities.

1 of 51

1

Advanced Network Services with NSX Romain Decker, VMware, Inc Dimitri Desmidt, Vmware, Inc NET7907 #NET7907

2

Growing NSX Momentum A rapid journey of customer adoption across industries 1700+ Customers 8 out of VMware’s top 10 deals in Q216 included NSX 100% YoY growth Consistent year-to-year Q216 CONFIDENTIAL

3

Security Inherently secure infrastructure Automation IT at the speed of business Application continuity Data center anywhere NSX customer use cases Micro-segmentation DMZ anywhere Secure end user IT automating IT Multi-tenant infrastructure Developer cloud Disaster recovery Cross cloud Multi data center pooling CONFIDENTIAL

4

• This presentation may contain product features that are currently under development. • This overview of new technology represents no commitment from VMware to deliver these features in any generally available product. • Features are subject to change, and must not be included in contracts, purchase orders, or sales agreements of any kind. • Technical feasibility and market demand will affect final delivery. • Pricing and packaging for any new technologies or features discussed or presented have not been determined. Disclaimer CONFIDENTIAL 4

5

Agenda 1 Set the Scene 2 Firewall / Security Services 3 Load Balancing Services 4 VPN Services 5 Key Takeaways 6 Q & A CONFIDENTIAL 5

6

What is NSX overall goal • NSX goal is to reproduce all Network and Security services in logical space: Switching DHCP Server or Relay, DNS Routing / NAT Distributed or centralized Firewall Distributed or centralized Load Balancing Inline or OneArm L2 & L3 VPN L2VPN, Site to Site, SSL VPN Application XYZ VMWEB APP DB WEB APP CONFIDENTIAL 6

7

Why services in logical space is key! • Services in logical space (hypervisor) versus "appliances" bring the following benefits: – Speed • Faster to deploy – Agility • Networks can be placed anywhere in your data center – Security • Deeper security with micro-segmentation – Performance • Power of distribution – Management and Troubleshooting • Central Management and Visibility of the entire Network & Security stack • Backup/Restore/Upgrade • Advanced tools like Traceflow (allow simulation of specific traffic and highlight if traffic is dropped in logical/physical space) CONFIDENTIAL 7

8

Let's focus now on the Advanced Network & Security Services Switching DHCP Server or Relay, DNS Routing / NAT Distributed or centralized Firewall Distributed or centralized Load Balancing Inline or OneArm L2 & L3 VPN L2VPN, Site to Site, SSL VPN Application XYZ VMWEB APP DB WEB APP CONFIDENTIAL 8

9

Agenda 1 Set the Scene 2 Firewall / Security Services 3 Load Balancing Services 4 VPN Services 5 Key Takeaways 6 Q & A CONFIDENTIAL 9

10

Firewall / Security Services i. NSX Security Services ii. Benefits iii. Performance iv. What's New v. Integration with 3rd party services More info on Security in VMworld 2016 session: SEC7836R - Introduction to Security with VMware NSX

11

What do we offer? Intra-Subnet Security Security Attached to the VMStateful L4 FirewallNative NSX Security Services Enhanced Security Services with 3rd party eco-system L7 Firewall Agentless Anti-Virus Malware Protection IPS/IDS CONFIDENTIAL 11

12

Firewall / Security Services i. NSX Security Services ii. Benefits iii. Performance iv. What's New v. Integration with 3rd party services

13

Pros Distributed, High Performance Security with NSX • Unified configuration for central and distributed firewalling • Hypervisor-based, in-kernel distributed firewalling • Independent of transport network – VXLAN or VLAN • Policy independent of location Web-LS1 App-LS1 Micro-segmentation Security between VMs in the same subnet CONFIDENTIAL 13

14

Firewall – Configuration • L2 MAC addresses and L3 IP addresses can be used • In addition any vCenter and NSX object names can be used • Port numbers and protocol names Note: ALG (Application-Level Gateway) support for TFTP, FTP, CIFS, ORACLE TNS, MS-RPC, and SUNRPC Pros Easy / Fast Learning Curve Simplicity, Ease-of-use  Virtual Machine  Datacenter  Cluster  Distributed Portgroup  Logical Switch  …  IP  Subnets  IP Range CONFIDENTIAL 14

15

Service Composer Distributed Firewall Rules Guest Introspection Rules Network Introspection Rules Security Policy  Anti-Malware / Anti-Virus  Data Security  Vulnerability Management  File Integrity Monitoring  L3 / L4 Firewall Rules  IDS / IPS Services  Firewall Services (L7) Security Group Dynamic Inclusion Static Inclusion Static Exclusion VM-Centric Infrastructure-Centric HOW you want to protect WHAT you want to protect Pros Agility, Service Compliance CONFIDENTIAL 15

16

Firewall / Security Services i. NSX Security Services ii. Benefits iii. Performance iv. What's New v. Integration with 3rd party services

17

Firewalling/Security – Performance The Power of Distribution 20Gbps Per Host of Firewall Performance with Negligible CPU Impact Throughput Measurement 10G 10G 10G 10G VM3 VM4VM1 VM2 10G Switch  Two Hypervisors with two VMs each  Two 10G Physical NICs per server  VM1 talks to VM3 & VM2 talks to VM4 PERFORMANCE TEST SCENARIO Check the NSX Performance Deep Dive (NET8030) session to learn more about NSX performancesCONFIDENTIAL 17

18

Firewall / Security Services i. NSX Security Services ii. Benefits iii. Performance iv. What's New v. Integration with 3rd party services

19

Security with NSX – What’s New?  Enhanced security  SYN Flood Protection  Serviceability Improvements  TFTP ALG  Increased Application Visibility  Copy Packet Support for Network Introspection  Simplified Operations & Troubleshooting  Distributed Firewall Granular Rule Filtering  Increased Compatibility  Windows 10 support for Guest Introspection CONFIDENTIAL 19

20

Firewall / Security Services i. NSX Security Services ii. Benefits iii. Performance iv. What's New v. Integration with 3rd party services

21

Advanced Firewall Integration with Partners Next-generation IPS Malware Protection Vulnerability Management Malware ProtectionNext-Generation Firewall NSX is the platform for integrating advanced security services. Next-Generation Firewall Next-Generation Firewall CONFIDENTIAL 21

22

Demo – Distributed Firewall Source Destination Service Action Any SG - Web HTTP Allow SG - Web SG - App HTTP Allow SG - App SG - DB MySQL Allow Any Any Any Block Web-LS1 App-LS1 SSH DB-LS1 Source Destination Service Action Admin-Laptop Cluster A SSH Allow Any SG - Web HTTP Allow SG - Web SG - App HTTP Allow SG - App SG - DB MySQL Allow Any Any Any Block SG-WEB SG-APP SG-DB CONFIDENTIAL 22

23

Agenda 1 Set the Scene 2 Firewall / Security Services 3 Load Balancing Services 4 VPN Services 5 Key Takeaways 6 Q & A CONFIDENTIAL 23

24

Load Balancing Services i. NSX Load Balancing Services ii. Benefits iii. Performance iv. What's New v. Integration with 3rd party services More info on LB in VMworld 2016 session: NET9029 - NSX Logical Load Balancing: From Basics to Fine Art

25

NSX Load Balancing Services • From Basic Load Balancing – Offers scale up of any UDP/TCP applications – Offers high-availability of applications CONFIDENTIAL 25

26

NSX Load Balancing Services • To Advanced Load Balancing – L7 Manipulation • HTTP/S request header • HTTP/S response header • Actions: Block, Rewrite, Add/Update/Remove headers app1.xyz.com = VIP1@ Pool1 Pool2 Pool3 app2.xyz.com = VIP1@app3.xyz.com = VIP1@ VIP1:443 using Application Rule: • If Host="app1.xyz.com" Use_Pool "Pool1" • If Host="app2.xyz.com" Use_Pool "Pool2" • If Host="app3.xyz.com" Use_Pool "Pool3" CONFIDENTIAL 26

27

NSX Load Balancing Services • To Advanced Load Balancing – Multiple SSL options • SSL Offload • SSL Passthrough • SSL End-to-End External Networks SSL Offload: • Edge terminates Client HTTPS (SSL sessions) • Edge load balances the clients on HTTP to the servers Note: L7 Application Rules can be applied. Edge Service Router https http SSL Passthrough: • Edge do NOT terminates Clients HTTPS (SSL sessions) • Edge load balances TCP sessions to the servers Note: Client SSL sessions are terminated to the servers (not the Edge). Note2: L7 Application Rules can NOT be applied. Edge Service Router https https SSL End-to-End: • Edge terminates Client HTTPS (SSL sessions) • Edge load balances the clients on NEW HTTPS to the servers Note: L7 Application Rules can be applied. Edge Service Router https https CONFIDENTIAL 27

28

Load Balancing Services i. NSX Load Balancing Services ii. Benefits iii. Performance iv. What's New v. Integration with 3rd party services

29

Benefits • NSX offers that service with the following benefits – Same place to configure all needed Networks & Security services – Very simple learning curve • Create a Pool, Healthchecks, VIP – Simpler configuration • Ability to use NSX and vCenter objects – Cost-effective CONFIDENTIAL 29

30

Load Balancing Services i. NSX Load Balancing Services ii. Benefits iii. Performance iv. What's New v. Integration with 3rd party services

31

Performance • NSX Load Balancing performance replies to most Enterprise needs L4 Throughput 9.2 Gbps # conc. sessions 1M # sessions/sec 88k cps HTTP Throughput 8.5 Gbps # conc. sessions 60k # sessions/sec 35.8k cps Reqs/sec 55.9k rps HTTPS Throughput 2.2 Gbps # conc. sessions 60k # sessions/sec 576 cps CONFIDENTIAL 31

32

Load Balancing Services i. NSX Load Balancing Services ii. Benefits iii. Performance iv. What's New v. Integration with 3rd party services

33

What’s New?  Increase number of supported LB applications  LB Port Range  Increase the number of VIP per logical load balancers  Up to 1024 Virtual IP  Increase security  Support of FIPS  Distributed Load Balancing (Tech Preview) CONFIDENTIAL 33

34

Goal of Distributed Load Balancing • Goal – Offer a very scalable and distributed load balancing service – Optimized packet flow Load Balancer .1 .1 .1 .1 web-01 web-02 app-01 db-01app-02 Web-Tier-01 10.0.1.0/24 App-Tier-01 10.0.2.0/24 DB -Tier-01 10.0.3.0/24 Logical View Classical View Web App DBWeb App CONFIDENTIAL 34

35

Goal of Distributed Load Balancing • Goal – Offer a very scalable and distributed load balancing service – Optimized packet flow Load Balancer .1 .1 .1 .1 web-01 web-02 app-01 db-01app-02 Web-Tier-01 10.0.1.0/24 App-Tier-01 10.0.2.0/24 DB -Tier-01 10.0.3.0/24 Logical View View Option2 Web App DBWeb App Service-Group_Web Service-Group_App CONFIDENTIAL 35

36

Demo – Distributed Load Balancing CONFIDENTIAL 36

37

Load Balancing Services i. NSX Load Balancing Services ii. Benefits iii. Performance iv. What's New v. Integration with 3rd party services

38

Enhancements with 3rd party LB vendors • Why supporting 3rd party LB vendors – Customers want to go to Network Virtualization in baby-steps – Customers has a specific load balancing requirement not currently supported by NSX LB CONFIDENTIAL 38

39

Agenda 1 Set the Scene 2 Firewall / Security Services 3 Load Balancing Services 4 VPN Services 5 Key Takeaways 6 Q & A CONFIDENTIAL 39

40

VPN Site-to-Site (IPSEC) CORPORATE NETWORK CRM FILE SERVER ROBO VPNVPN PARTNER Pros Interoperability Cost-effective Hardware independent, Software-only solution Features  Interoperable IPsec tested with major vendors  AES-NI H/W Offload  ESP Tunnel Mode, NAT Traversal, Dead Peer Detection Use Cases  Connect different entities (ROBO, etc.)  Cloud to Corporate CONFIDENTIAL 40

41

L2VPN CORPORATE NETWORK 172.16.10.0/24 172.16.20.0/24 CLOUD VPNVPN Pros Features  No specialized hardware required  Independent of vCenter Server boundaries Use Cases  Brownfield NSX deployments  Data Center Migrations  Cloud Bursting & Onboarding L2 EXTENSIONS 172.16.10.0/24 172.16.20.0/24 Cost-effective Hardware independent, Software-only solution SSL Secured L2 Extensions Over any IP network CONFIDENTIAL 41

42

Pros Secure & Cost-Effective Remote User Access over HTTPS NSX User Access VPN (SSL-VPN) Flexible, Software-only Solution Hardware independent VPN VPN CORPORATE NETWORK CRM FILE SERVER Features  Client based & Web based Access Mode  Support for Major OS (Windows, Mac OS, Linux)  Multiple Authentication Options (AD, Radius, LDAP, RSA)  AES-NI Acceleration (Hardware Offload)  Configuration via UI and API Use Cases  Access to servers running in private environment over VPN.  Remote access for administrators CONFIDENTIAL 42

43

Agenda 1 Set the Scene 2 Firewall / Security Services 3 Load Balancing Services 4 VPN Services 5 Key Takeaways 6 Q & A CONFIDENTIAL 43

44

Key Takeaways NSX reproduce all Network and Security services of Data Centers. All services are available in logical space for best speed, agility and deeper security. (Almost) NSX services are available in distributed mode for massive scale. A rich eco-system is available to enhance native services with partners. CONFIDENTIAL 44

45

Find Out More • Hands on Labs: – HOL-SDC-1603 – VMware NSX Introduction – HOL-SDC-1625 – VMware NSX Advanced – HOL-PRT-1672 – Deploying Palo Alto Networks Next-Generation Security Platform with VMware NSX – Check if others make sense • Other Sessions – Security: “Introduction to Security with VMware NSX”, [SEC7836R] / “Deploying Security in a Brownfield Environment”, [SEC8348] – Load Balancing: “NSX Logical Load Balancing: From Basics to Fine Art”, [NET9029] – Automation: “How to Easily Become a Cool Automation NSX Cloud Network Engineer”, [NET7701] • VMware Communities NSX: – https://communities.vmware.com/community/vmtn/nsx CONFIDENTIAL 45

46

Agenda 1 Set the Scene 2 Firewall / Security Services 3 Load Balancing Services 4 VPN Services 5 Key Takeaways 6 Q & A CONFIDENTIAL 46

47

Questions

48

NSX partner ecosystem Physical Infrastructure Security Application Delivery Operations and Visibility DYNAMIC INSERTION OF PARTNER SERVICES CONFIDENTIAL 48

49

Learn Connect & Engage communities.vmware.com NSX Product Page & Technical Resources vmware.com/products/nsx Network Virtualization Blog blogs.vmware.com/networkvirtualization VMware NSX on YouTube youtube.com/user/vmwarensx Where to get started Experience 70+ Unique NSX Sessions Spotlights, breakouts, quick talks & group discussions Visit the VMware Booth Use case demos, chat with NSX experts Visit NSX Technical Partner Booths Integration demos – EPSec & NetX, Hardware VTEP, Ops & Visibility Test Drive NSX with free Hands-on Labs Expert-led or Self-paced. labs.hol.vmware.com Use NSX Proactive Support Service Optimize performance based on data monitoring and analytics to help resolve problems, mitigate risk and improve operational efficiency. vmware.com/consulting Take Training and Certification Several paths to professional certifications. Learn more at the Education & Certification Lounge. vmware.com/go/nsxtraining CONFIDENTIAL 49

50

VMworld 2016: Advanced Network Services with NSX

51

VMworld 2016: Advanced Network Services with NSX

More Related Content

VMworld 2016: Advanced Network Services with NSX

  • 1. Advanced Network Services with NSX Romain Decker, VMware, Inc Dimitri Desmidt, Vmware, Inc NET7907 #NET7907
  • 2. Growing NSX Momentum A rapid journey of customer adoption across industries 1700+ Customers 8 out of VMware’s top 10 deals in Q216 included NSX 100% YoY growth Consistent year-to-year Q216 CONFIDENTIAL
  • 3. Security Inherently secure infrastructure Automation IT at the speed of business Application continuity Data center anywhere NSX customer use cases Micro-segmentation DMZ anywhere Secure end user IT automating IT Multi-tenant infrastructure Developer cloud Disaster recovery Cross cloud Multi data center pooling CONFIDENTIAL
  • 4. • This presentation may contain product features that are currently under development. • This overview of new technology represents no commitment from VMware to deliver these features in any generally available product. • Features are subject to change, and must not be included in contracts, purchase orders, or sales agreements of any kind. • Technical feasibility and market demand will affect final delivery. • Pricing and packaging for any new technologies or features discussed or presented have not been determined. Disclaimer CONFIDENTIAL 4
  • 5. Agenda 1 Set the Scene 2 Firewall / Security Services 3 Load Balancing Services 4 VPN Services 5 Key Takeaways 6 Q & A CONFIDENTIAL 5
  • 6. What is NSX overall goal • NSX goal is to reproduce all Network and Security services in logical space: Switching DHCP Server or Relay, DNS Routing / NAT Distributed or centralized Firewall Distributed or centralized Load Balancing Inline or OneArm L2 & L3 VPN L2VPN, Site to Site, SSL VPN Application XYZ VMWEB APP DB WEB APP CONFIDENTIAL 6
  • 7. Why services in logical space is key! • Services in logical space (hypervisor) versus "appliances" bring the following benefits: – Speed • Faster to deploy – Agility • Networks can be placed anywhere in your data center – Security • Deeper security with micro-segmentation – Performance • Power of distribution – Management and Troubleshooting • Central Management and Visibility of the entire Network & Security stack • Backup/Restore/Upgrade • Advanced tools like Traceflow (allow simulation of specific traffic and highlight if traffic is dropped in logical/physical space) CONFIDENTIAL 7
  • 8. Let's focus now on the Advanced Network & Security Services Switching DHCP Server or Relay, DNS Routing / NAT Distributed or centralized Firewall Distributed or centralized Load Balancing Inline or OneArm L2 & L3 VPN L2VPN, Site to Site, SSL VPN Application XYZ VMWEB APP DB WEB APP CONFIDENTIAL 8
  • 9. Agenda 1 Set the Scene 2 Firewall / Security Services 3 Load Balancing Services 4 VPN Services 5 Key Takeaways 6 Q & A CONFIDENTIAL 9
  • 10. Firewall / Security Services i. NSX Security Services ii. Benefits iii. Performance iv. What's New v. Integration with 3rd party services More info on Security in VMworld 2016 session: SEC7836R - Introduction to Security with VMware NSX
  • 11. What do we offer? Intra-Subnet Security Security Attached to the VMStateful L4 FirewallNative NSX Security Services Enhanced Security Services with 3rd party eco-system L7 Firewall Agentless Anti-Virus Malware Protection IPS/IDS CONFIDENTIAL 11
  • 12. Firewall / Security Services i. NSX Security Services ii. Benefits iii. Performance iv. What's New v. Integration with 3rd party services
  • 13. Pros Distributed, High Performance Security with NSX • Unified configuration for central and distributed firewalling • Hypervisor-based, in-kernel distributed firewalling • Independent of transport network – VXLAN or VLAN • Policy independent of location Web-LS1 App-LS1 Micro-segmentation Security between VMs in the same subnet CONFIDENTIAL 13
  • 14. Firewall – Configuration • L2 MAC addresses and L3 IP addresses can be used • In addition any vCenter and NSX object names can be used • Port numbers and protocol names Note: ALG (Application-Level Gateway) support for TFTP, FTP, CIFS, ORACLE TNS, MS-RPC, and SUNRPC Pros Easy / Fast Learning Curve Simplicity, Ease-of-use  Virtual Machine  Datacenter  Cluster  Distributed Portgroup  Logical Switch  …  IP  Subnets  IP Range CONFIDENTIAL 14
  • 15. Service Composer Distributed Firewall Rules Guest Introspection Rules Network Introspection Rules Security Policy  Anti-Malware / Anti-Virus  Data Security  Vulnerability Management  File Integrity Monitoring  L3 / L4 Firewall Rules  IDS / IPS Services  Firewall Services (L7) Security Group Dynamic Inclusion Static Inclusion Static Exclusion VM-Centric Infrastructure-Centric HOW you want to protect WHAT you want to protect Pros Agility, Service Compliance CONFIDENTIAL 15
  • 16. Firewall / Security Services i. NSX Security Services ii. Benefits iii. Performance iv. What's New v. Integration with 3rd party services
  • 17. Firewalling/Security – Performance The Power of Distribution 20Gbps Per Host of Firewall Performance with Negligible CPU Impact Throughput Measurement 10G 10G 10G 10G VM3 VM4VM1 VM2 10G Switch  Two Hypervisors with two VMs each  Two 10G Physical NICs per server  VM1 talks to VM3 & VM2 talks to VM4 PERFORMANCE TEST SCENARIO Check the NSX Performance Deep Dive (NET8030) session to learn more about NSX performancesCONFIDENTIAL 17
  • 18. Firewall / Security Services i. NSX Security Services ii. Benefits iii. Performance iv. What's New v. Integration with 3rd party services
  • 19. Security with NSX – What’s New?  Enhanced security  SYN Flood Protection  Serviceability Improvements  TFTP ALG  Increased Application Visibility  Copy Packet Support for Network Introspection  Simplified Operations & Troubleshooting  Distributed Firewall Granular Rule Filtering  Increased Compatibility  Windows 10 support for Guest Introspection CONFIDENTIAL 19
  • 20. Firewall / Security Services i. NSX Security Services ii. Benefits iii. Performance iv. What's New v. Integration with 3rd party services
  • 21. Advanced Firewall Integration with Partners Next-generation IPS Malware Protection Vulnerability Management Malware ProtectionNext-Generation Firewall NSX is the platform for integrating advanced security services. Next-Generation Firewall Next-Generation Firewall CONFIDENTIAL 21
  • 22. Demo – Distributed Firewall Source Destination Service Action Any SG - Web HTTP Allow SG - Web SG - App HTTP Allow SG - App SG - DB MySQL Allow Any Any Any Block Web-LS1 App-LS1 SSH DB-LS1 Source Destination Service Action Admin-Laptop Cluster A SSH Allow Any SG - Web HTTP Allow SG - Web SG - App HTTP Allow SG - App SG - DB MySQL Allow Any Any Any Block SG-WEB SG-APP SG-DB CONFIDENTIAL 22
  • 23. Agenda 1 Set the Scene 2 Firewall / Security Services 3 Load Balancing Services 4 VPN Services 5 Key Takeaways 6 Q & A CONFIDENTIAL 23
  • 24. Load Balancing Services i. NSX Load Balancing Services ii. Benefits iii. Performance iv. What's New v. Integration with 3rd party services More info on LB in VMworld 2016 session: NET9029 - NSX Logical Load Balancing: From Basics to Fine Art
  • 25. NSX Load Balancing Services • From Basic Load Balancing – Offers scale up of any UDP/TCP applications – Offers high-availability of applications CONFIDENTIAL 25
  • 26. NSX Load Balancing Services • To Advanced Load Balancing – L7 Manipulation • HTTP/S request header • HTTP/S response header • Actions: Block, Rewrite, Add/Update/Remove headers app1.xyz.com = VIP1@ Pool1 Pool2 Pool3 app2.xyz.com = VIP1@app3.xyz.com = VIP1@ VIP1:443 using Application Rule: • If Host="app1.xyz.com" Use_Pool "Pool1" • If Host="app2.xyz.com" Use_Pool "Pool2" • If Host="app3.xyz.com" Use_Pool "Pool3" CONFIDENTIAL 26
  • 27. NSX Load Balancing Services • To Advanced Load Balancing – Multiple SSL options • SSL Offload • SSL Passthrough • SSL End-to-End External Networks SSL Offload: • Edge terminates Client HTTPS (SSL sessions) • Edge load balances the clients on HTTP to the servers Note: L7 Application Rules can be applied. Edge Service Router https http SSL Passthrough: • Edge do NOT terminates Clients HTTPS (SSL sessions) • Edge load balances TCP sessions to the servers Note: Client SSL sessions are terminated to the servers (not the Edge). Note2: L7 Application Rules can NOT be applied. Edge Service Router https https SSL End-to-End: • Edge terminates Client HTTPS (SSL sessions) • Edge load balances the clients on NEW HTTPS to the servers Note: L7 Application Rules can be applied. Edge Service Router https https CONFIDENTIAL 27
  • 28. Load Balancing Services i. NSX Load Balancing Services ii. Benefits iii. Performance iv. What's New v. Integration with 3rd party services
  • 29. Benefits • NSX offers that service with the following benefits – Same place to configure all needed Networks & Security services – Very simple learning curve • Create a Pool, Healthchecks, VIP – Simpler configuration • Ability to use NSX and vCenter objects – Cost-effective CONFIDENTIAL 29
  • 30. Load Balancing Services i. NSX Load Balancing Services ii. Benefits iii. Performance iv. What's New v. Integration with 3rd party services
  • 31. Performance • NSX Load Balancing performance replies to most Enterprise needs L4 Throughput 9.2 Gbps # conc. sessions 1M # sessions/sec 88k cps HTTP Throughput 8.5 Gbps # conc. sessions 60k # sessions/sec 35.8k cps Reqs/sec 55.9k rps HTTPS Throughput 2.2 Gbps # conc. sessions 60k # sessions/sec 576 cps CONFIDENTIAL 31
  • 32. Load Balancing Services i. NSX Load Balancing Services ii. Benefits iii. Performance iv. What's New v. Integration with 3rd party services
  • 33. What’s New?  Increase number of supported LB applications  LB Port Range  Increase the number of VIP per logical load balancers  Up to 1024 Virtual IP  Increase security  Support of FIPS  Distributed Load Balancing (Tech Preview) CONFIDENTIAL 33
  • 34. Goal of Distributed Load Balancing • Goal – Offer a very scalable and distributed load balancing service – Optimized packet flow Load Balancer .1 .1 .1 .1 web-01 web-02 app-01 db-01app-02 Web-Tier-01 10.0.1.0/24 App-Tier-01 10.0.2.0/24 DB -Tier-01 10.0.3.0/24 Logical View Classical View Web App DBWeb App CONFIDENTIAL 34
  • 35. Goal of Distributed Load Balancing • Goal – Offer a very scalable and distributed load balancing service – Optimized packet flow Load Balancer .1 .1 .1 .1 web-01 web-02 app-01 db-01app-02 Web-Tier-01 10.0.1.0/24 App-Tier-01 10.0.2.0/24 DB -Tier-01 10.0.3.0/24 Logical View View Option2 Web App DBWeb App Service-Group_Web Service-Group_App CONFIDENTIAL 35
  • 36. Demo – Distributed Load Balancing CONFIDENTIAL 36
  • 37. Load Balancing Services i. NSX Load Balancing Services ii. Benefits iii. Performance iv. What's New v. Integration with 3rd party services
  • 38. Enhancements with 3rd party LB vendors • Why supporting 3rd party LB vendors – Customers want to go to Network Virtualization in baby-steps – Customers has a specific load balancing requirement not currently supported by NSX LB CONFIDENTIAL 38
  • 39. Agenda 1 Set the Scene 2 Firewall / Security Services 3 Load Balancing Services 4 VPN Services 5 Key Takeaways 6 Q & A CONFIDENTIAL 39
  • 40. VPN Site-to-Site (IPSEC) CORPORATE NETWORK CRM FILE SERVER ROBO VPNVPN PARTNER Pros Interoperability Cost-effective Hardware independent, Software-only solution Features  Interoperable IPsec tested with major vendors  AES-NI H/W Offload  ESP Tunnel Mode, NAT Traversal, Dead Peer Detection Use Cases  Connect different entities (ROBO, etc.)  Cloud to Corporate CONFIDENTIAL 40
  • 41. L2VPN CORPORATE NETWORK 172.16.10.0/24 172.16.20.0/24 CLOUD VPNVPN Pros Features  No specialized hardware required  Independent of vCenter Server boundaries Use Cases  Brownfield NSX deployments  Data Center Migrations  Cloud Bursting & Onboarding L2 EXTENSIONS 172.16.10.0/24 172.16.20.0/24 Cost-effective Hardware independent, Software-only solution SSL Secured L2 Extensions Over any IP network CONFIDENTIAL 41
  • 42. Pros Secure & Cost-Effective Remote User Access over HTTPS NSX User Access VPN (SSL-VPN) Flexible, Software-only Solution Hardware independent VPN VPN CORPORATE NETWORK CRM FILE SERVER Features  Client based & Web based Access Mode  Support for Major OS (Windows, Mac OS, Linux)  Multiple Authentication Options (AD, Radius, LDAP, RSA)  AES-NI Acceleration (Hardware Offload)  Configuration via UI and API Use Cases  Access to servers running in private environment over VPN.  Remote access for administrators CONFIDENTIAL 42
  • 43. Agenda 1 Set the Scene 2 Firewall / Security Services 3 Load Balancing Services 4 VPN Services 5 Key Takeaways 6 Q & A CONFIDENTIAL 43
  • 44. Key Takeaways NSX reproduce all Network and Security services of Data Centers. All services are available in logical space for best speed, agility and deeper security. (Almost) NSX services are available in distributed mode for massive scale. A rich eco-system is available to enhance native services with partners. CONFIDENTIAL 44
  • 45. Find Out More • Hands on Labs: – HOL-SDC-1603 – VMware NSX Introduction – HOL-SDC-1625 – VMware NSX Advanced – HOL-PRT-1672 – Deploying Palo Alto Networks Next-Generation Security Platform with VMware NSX – Check if others make sense • Other Sessions – Security: “Introduction to Security with VMware NSX”, [SEC7836R] / “Deploying Security in a Brownfield Environment”, [SEC8348] – Load Balancing: “NSX Logical Load Balancing: From Basics to Fine Art”, [NET9029] – Automation: “How to Easily Become a Cool Automation NSX Cloud Network Engineer”, [NET7701] • VMware Communities NSX: – https://communities.vmware.com/community/vmtn/nsx CONFIDENTIAL 45
  • 46. Agenda 1 Set the Scene 2 Firewall / Security Services 3 Load Balancing Services 4 VPN Services 5 Key Takeaways 6 Q & A CONFIDENTIAL 46
  • 48. NSX partner ecosystem Physical Infrastructure Security Application Delivery Operations and Visibility DYNAMIC INSERTION OF PARTNER SERVICES CONFIDENTIAL 48
  • 49. Learn Connect & Engage communities.vmware.com NSX Product Page & Technical Resources vmware.com/products/nsx Network Virtualization Blog blogs.vmware.com/networkvirtualization VMware NSX on YouTube youtube.com/user/vmwarensx Where to get started Experience 70+ Unique NSX Sessions Spotlights, breakouts, quick talks & group discussions Visit the VMware Booth Use case demos, chat with NSX experts Visit NSX Technical Partner Booths Integration demos – EPSec & NetX, Hardware VTEP, Ops & Visibility Test Drive NSX with free Hands-on Labs Expert-led or Self-paced. labs.hol.vmware.com Use NSX Proactive Support Service Optimize performance based on data monitoring and analytics to help resolve problems, mitigate risk and improve operational efficiency. vmware.com/consulting Take Training and Certification Several paths to professional certifications. Learn more at the Education & Certification Lounge. vmware.com/go/nsxtraining CONFIDENTIAL 49