NET1846

Introduction to NSX
Milin Desai, VMware, Inc
Kausum Kumar, Vmware, Inc

Disclaimer
This presentation may contain product features that are currently under development.
This overview of new technology represents no commitment from VMware to deliver these

features in any generally available product.

Features are subject to change, and must not be included in contracts, purchase orders, or

sales agreements of any kind.

Technical feasibility and market demand will affect final delivery.

Pricing and packaging for any new technologies or features discussed or presented have not

been determined.

CONFIDENTIAL

Agenda
1

Intro to NSX

NSX Momentum

NSX Use Cases

Whats New in NSX 2014

NSX Operations

In closing

CONFIDENTIAL

Agenda
1

Intro to NSX

NSX Momentum

NSX Use Cases

Whats New in NSX 2014

NSX Operations

In closing

CONFIDENTIAL

The Anatomy of the Most Agile and

Efficient Data Centers is SDDC
Google / Facebook /
Amazon Data Centers
Custom Application
Software / Hardware Abstraction

Custom Platform
Software / Hardware Abstraction

Any x86

Any Storage

Any IP network

The Choice for New IT for All Applications

Google / Facebook /
Amazon Data Centers
Custom Application
Software / Hardware Abstraction

Custom Platform
Software / Hardware Abstraction

Software Defined
Data Center (SDDC)
Any Application
SDDC Platform
With NSX

Any x86

Any x86

Any Storage

Any Storage

Any IP network

Any IP network

Provides

A Faithful Reproduction of Network & Security Services in Software

Switching

Routing

Load
Balancing

VPN

Data Security

Connectivity to
Physical Networks

Management
APIs, UI

Policies,
Groups, Tags

Firewalling

Activity Monitoring

Enables

Dynamic creation of complex application topologies in minutes

Network and Security Virtualization with NSX

Software
Hardware

NSX Components
Cloud
Consumption

Self Service Portal

vCloud Automation Center, OpenStack,
Custom CMS

Single configuration portal

REST API entry-point

Manages Logical networks

Control-Plane Protocol
Separation of Control and Data Plane

High Performance Data Plane

Scale-out Distributed Forwarding Model

NSX Manager

Management
Plane

NSX Controller

Control Plane

Distributed Services

NSX Edge

Data Plane
Logical
Switch

ESXi

Distributed
Logical Router

Firewall

Hypervisor Kernel Modules

NSX in a 3-Tier App Deployment

NSX Manager
NSX Controller Cluster

vCenter

Hypervisor

Hypervisor

Host 1

Host 2

Management Cluster

Web

App

Web

App

DB

Web

Hypervisor

Hypervisor

Hypervisor

Hypervisor

Hypervisor

Host 3

Host 4

Host 5

Host 6

Host 7

Compute Clusters

Edge Cluster
10

Agenda
1

Intro to NSX

NSX Momentum

NSX Use Cases

Whats New in NSX 2014

NSX Operations

In closing

CONFIDENTIAL

11

NET
1214

Certified Network
Virtualization Expert

Certified Network
Virtualization Professional

Certification

Training

VMware NSX Training & Certification:

Making SDE Real in 2014

Career Path
Certifications & Training Programs
12

NSX Training and Certification Portfolio

Training Courses (www.vmware.com/go/NSXtraining)
VMware NSX Install, Configure, Manage
VMware NSX Fast Track for Internetworking Experts (coming)
VMware NSX Design and Deploy (coming)

Certifications (www.vmware.com/certification)
VMware Certified Professional Network Virtualization (VCP-NV)
VMware Certified Implementation Expert Network Virtualization (VCIX-NV)
VMware Certified Design Expert Network Virtualization (VCDX-NV)

CONFIDENTIAL

13

NET
1589

Designing with NSX

NSX Partner
Whitepaper

NSX Partner
Reference Design

SDDC
Validated Guides

NSX
Design Guides

NET
2318

NSX
Hardening Guide

Reference Designs and Technical Papers on the NSX Portal:

http://www.vmware.com/products/nsx/resources.html
Reference Designs & Technical Papers on VMware Communities:
https://communities.vmware.com/docs

14

New Service Categories and Partners

NET
2225

NSX Partner Extensions

Physical-to-Virtual Services

Operations and Visibility

Application Delivery Services

Security Services

New Service Categories and Partners GA Q32014

NET
2225

NSX Partner Extensions

Physical-to-Virtual Services

Operations and Visibility

Application Delivery Services

Security Services

VMware NSX Momentum: Over 150 Customers

top investment banks

enterprises & service providers

17

Agenda
1

Intro to NSX

NSX Momentum

NSX Use Cases

Whats New in NSX 2014

NSX Operations

In closing

CONFIDENTIAL

18

VMware NSX Use Cases

Self-Service IT

Data Center
Automation

Public Clouds

Dev X
Test X
Acquisition A

Dev A

Examples

Examples

Examples

DevOps Cloud
On-boarding M&A

Micro-segmentation of App
Simplifying Compute Silos
DMZ Deployments

XaaS Clouds
Vertical Clouds

Key Capabilities

Key Capabilities

Key Capabilities

Application specific networking

Flexible IP Address Mgmt
Simplified consumption

Programmatic Consumption
Full featured stack
Visibility and ops

Multi-tenant Deployment
Programmatic L2, L3, Security
Overlapping IP Addressing
Any Hypervisor, Any CMP

Consumer Experience vs. Corporate Experience

CONFIDENTIAL

20

Enterprise Business Leaders Want their IT to be like Amazon

Hybrid

New IT

or

No IT

Outsourced
21

Todays app, PAAS, Containers ---- I want it all NOW

Multi-Tier App, Multiple Networks

WEB

APP

DATABASE

Multi-Tier App, Single Flat

Network

WEB

APP

DATABASE

Consumption

NSX Integrates with Cloud Automation Systems to Deliver

Applications with Network and Security in Minutes

MGMT
1969
NET
2379

Any

CONFIDENTIAL

23

Self Service IT journey

End user instantiates
dynamic topologies

End user drives any

topology

Cloud
Consumer

End user drops apps in

pre-created instances

Provider

Provider

Provider delivers
Pre-Created instances

Provider delivers
guard rails

Provider delivers
Templates for
Dynamic Instantiation

CONFIDENTIAL

24

VMware NSX Use Cases

Self-Service IT

Data Center
Automation

Public Clouds

Dev X
Test X
Acquisition A

Dev A

Examples

Examples

Examples

DevOps Cloud
On-boarding M&A

Micro-segmentation of App
Simplifying Compute Silos
DMZ Deployments

XaaS Clouds
Vertical Clouds

Key Capabilities

Key Capabilities

Key Capabilities

Application specific networking

Flexible IP Address Mgmt
Simplified consumption

Programmatic Consumption
Full featured stack
Visibility and ops

Multi-tenant Deployment
Programmatic L2, L3, Security
Overlapping IP Addressing
Any Hypervisor, Any CMP

SEC
1959-S

Problem: Data Center Network Security

Perimeter-centric network security has proven insufficient, and micro-segmentation is operationally infeasible

Internet

Internet

Little or no
lateral controls
inside perimeter

Insufficient

Operationally
Infeasible

NSX: Enabling a Needed Control Point in the Datacenter

for Security

An NSX platform

is made up of distributed
elements embedded in each
hypervisor,

SEC
1746

enabling each VM/app to

have its own security
policy

Security closest to the applications and aligned with application lifecycle.

CONFIDENTIAL

27

SEC
1958

Security Partner Integrations

NET
2225

Partner Ecosystem
Next-generation IPS

Malware Protection

Granular protection of individual VM workloads with

customizable policy definitions

Data Center security with agentless anti-malware and

guest network threat protection

Automation of advanced malware interception

Unified management for physical and virtual sensors

Real-time, dynamic threat protection and response

for workloads moving between hosts and virtual data
centers

Vulnerability Management

Next-Generation Firewall

File and Malware Protection

Automatic vulnerability risk assessment

Multiple threat prevention disciplines including firewall, IPS,

and antimalware

Single virtual appliance provides agentless:

Auto segmentation of risky assets

Safe application enablement with continuous content

inspection for all threats

Vulnerability and software scanning

Vulnerability prioritization for effective remediation

Granular user-based controls for apps, content, users,

NSX is the platform for integrating

advanced security services.

Data Center wide real- time risk visibility

Anti-malware with URL filtering

Detection of file changes
Intrusion Detection & Prevention

CONFIDENTIAL

28

NSX Micro-Segmentation Journey

Deployed Applications on
Physical Networks

Apply NSX Security

Full network and security

virtualization

New Deployments/
Deployed applications
29

Demo

CONFIDENTIAL
30

Demo

CONFIDENTIAL
31

Agenda
1

Intro to NSX

NSX Momentum

NSX Use Cases

Whats New in NSX 2014

NSX Operations

In closing

CONFIDENTIAL

32

Data Plane

Services

Operations

Consumption

NSX The Network Virtualization Platform: Whats New

NSX Edge
Active-Active with Scale-Out (ECMP)

Physical Device Integration

Open Virtual Switch

Flow optimization, multi-threading,
Hyper-V (alpha)
33

Data Plane

Services

Operations

Consumption

NSX The Network Virtualization Platform: Whats New

Distributed Firewall
Operations Improvements
Multi-Site &
Hybrid Cloud Enablement
Layer 2 VPN , Active-Active DC,
SRM Validation

Firewall Ecosystem
Enablement
LBaaS
UDP support, ecosystem enablement

DDI
DHCP Relay
34

Operations

Consumption

NSX The Network Virtualization Platform: Whats New

Operations Guides
& Best Practices
Integration with Existing Tools
Riverbed, Gigamon, NetScout, EMC Smarts

Data Plane

Services

Analytics

New NSX Partners &

Service Categories
Physical-to-Virtual Services
Operations & Visibility
Application Delivery Services
Security Services

VMware vCenter Ops, Log Insight

Firewall Operations
Tufin, Algosec

35

vCloud Automation Center

OpenStack Juno

More topologies and on demand use cases

Control plane scale & Docker integration

Data Plane

Services

Operations

Consumption

NSX The Network Virtualization Platform: Whats New

36

Services
Data Plane

Operations Guides & Best Practices

Integrations with existing tools
Analytics, Firewall Ops

Distributed Firewall Operations

LBaaS: UDP support
DDI: DHCP relay

Continue advancements of Open Virtual Switch

NSX Edge: A-A with scale-out
Physical device integration

VMware vCloud Automation Center

OpenStack Juno

New NSX Partners & Service Categories

Multi-site and hybrid enablement

Partner
Integration

Operations

Consumption

NSX The Network Virtualization Platform: Whats New

37

Agenda
1

Intro to NSX

NSX Momentum

NSX Use Cases

Whats New in NSX 2014

NSX Operations

In closing

CONFIDENTIAL

38

Operationalizing NSX

CONFIDENTIAL
39

NET
1966

NSX Operations Beyond Packet Visibility

Native NSX Ops for
the Cloud Admins
Flow monitoring
Server access monitoring
Tunnel healthcheck

Enable Existing Tools for

the Network Operator
SPAN/RSPAN
Netflow/IPFIX
LLDP

SDDC Operator

Enable
Advanced
Analytics

Plug into
Existing Network
Monitoring
Systems

Syslog Integration

40

Operations

Consumption

NSX The Network Virtualization Platform: Whats New

Operations Guides
& Best Practices
Integration with Existing Tools
Riverbed, Gigamon, NetScout, EMC Smarts

Data Plane

Services

Analytics

New NSX Partners &

Service Categories
Physical-to-Virtual Services
Operations & Visibility
Application Delivery Services
Security Services

VMware vCenter Ops, Log Insight

Firewall Operations
Tufin, Algosec

41

Demo

CONFIDENTIAL
42

Demo

CONFIDENTIAL
43

Integrating with Physical

CONFIDENTIAL
44

NSX with physical workloads

Physical Workloads

x86-based bridge

VXLAN

VLAN

Leverages x86 server

Physical Workloads

HW VTEP

VXLAN

VLAN

Highest density but requires specific hardware

NSX with physical workloads

x86 based
bridging

Ecosystem with
OVSDB

Native NSX
support for
containers

NSX Performance

CONFIDENTIAL
47

NET
1883

Send Throughput in
Gbps

NSX Performance delivered by a Distributed, Scale-out

Architecture
20
20

Logical Switching

10
5
0

Send Throughput in
Gbps

64

512
1500
32k
TCP Message Size

64k

15

Firewalling

5
0
64

512

1500

32k

TCP Messge Size

Logical Routing

5
0
64

512

1500

32k

64k

TCP Message Size

20

10

10

64k

TCP Send throughput

in Gbps

Send throughput
in Gbps

15

15

10

Bridging

0
64

512

1500

32k

64k

TCP Message Size

CONFIDENTIAL

48

Agenda
1

Intro to NSX

NSX Momentum

NSX Use Cases

Whats New in NSX 2014

NSX Operations

In closing

CONFIDENTIAL

49

Services
Data Plane

How an end user consumes NSX services via a Cloud Management Platform.
The operator interacts Any
with the system through UI or API.

Partner extensions

NSX operator uses tools (built-in and 3rd party) for

troubleshooting, visibility
vCOPs

Management, Control Software

& Datapartner
planeextensions
integration
rd
of 3 party services
Hardware partner extensions

Partner
Partner
Integration
Integration

Operations
Operations

Consumption
Consumption

NSX The Network Virtualization Platform

NSX logical services and 3rd party extensions for networking and security (ex. Logical switch , Logical
router, Firewall, Load Balancer, VPN, DDI)
L2 Switch

vSphere

Firewall

L3 Router

NSX Edge

Load Balancer

3rd Party GW

KVM

XenServer

VPN

DDI

Hyper-V

Provides workload connectivity & services processing

(ex. hypervisors, physical switches and appliances)

50

SDDC Approach with NSX Enables Choice and Flexibility

Todays
Application

PAAS

2-Tier / 3-Tier

Build
Your
Own

Converged
Systems

< Any Application >

< Any Network >

< Any Infrastructure >

Containers

...

Leaf / Spine

HyperConverged
Systems

...

Thank You

Whats Next

Play

VMware NSX
Hands-on Labs
labs.hol.vmware.com
VMware Booth #1229
3 NSX Demo Stations

Learn

Explore, Engage, Evolve

virtualizeyournetwork.com
Network Virtualization Blog
blogs.vmware.com/networkvirtualization

Deploy

NSX Technical Resources

Reference Designs
vmware.com/products/nsx/resources

NSX Product Page

vmware.com/go/nsx

VMware NSX YouTube Channel

youtube.com/user/vmwarensx

NSX Training & Certification

www.vmware.com/go/NVtraining

VMware NSX Community

communities.vmware.com/community/vmtn/nsx
53

Business Solution
NET1214
NET1745

NSX Certification the Next Step in your Networking Career

The Case for Network Virtualization: Customer Case Study

NET1786

The Business Case for Network Virtualization

NET2293

Bridging Enterprise Networks to Hybrid Cloud Using NSX

Hands-on Labs
SDC-1402

vSphere Distributed Switch from A to Z

SDC-1403
SDC-1420

Introduction to VMware NSX

OpenStack with VMware vSphere and NSX

SDC-1423

vCloud Suite Basic Networking

SDC-1424

VMware NSX and SDDC

VMware NSX Advanced

SDC-1425

CONFIDENTIAL

54

Technical Track - Networking

NET1846
NET1743

Introduction to NSX
VMware NSX A Technical Deep Dive

NET1957

NFV for Telco Infrastructure

NET1468
NET1586

A Tale of Two Perspectives: IT Operations with VMware NSX

Advanced Network Services with NSX

NET1560

The NSX Guide to Horizon View

NET1883
NET1588

NSX Performance Overview

Load Balancer as a Service, using NSX or Partner Solutions

NET1401

vSphere Distributed Switch Best Practices for NSX

NET2318
NET1581

Scale-Out NSX Deployments: With VMware-powered SDDC

Reference Design for SDDC with NSX for Multi-Hypervisors

NET2379

Dynamically Configuring Application Specific Network Services for vCAC &NSX

NET2225

NSX Platform: Enabling 3rd Party Network & Security Solutions

CONFIDENTIAL

55

Advanced Technical Track - Networking

NET1949
NET1589

VMware NSX for Docker, Containers & More

Reference Design for SDDC with NSX & vSphere

NET1583

NSX for vSphere Logical Routing Deep Dive

NET1974

Multi-Site Data Center Solutions with VMware NSX

Advanced Topics & Future Directions in Network Virtualization with NSX

NET1674
NET1966
NET1592

Operational Best Practices for VMware NSX

Under the Hood: Network Virtualization with OpenStack Neutron & VMware NSX

Group Discussions - Networking

NET3441-GD

vSphere Distributed Switch

NET3442-GD vCAC and NSX
NET3443-GD NSX Routing Design Best Practices
NET3445-GD

NSX Multi Site Deployments

NET3444-GD

NSX Network Services

CONFIDENTIAL

56

Technical Track - Security

SEC1196
SEC2238

Who Can You Trust? Strategies & Designs for Implementing Zero-Trust Model Leveraging NSX
Security & Micro-Segmentation for the SDDC

SEC1959-S

The Goldilocks Zone for Security

SEC1958
SEC1698

Automating Security Policy Enforcement with VMware NSX

Optimize Security with Context & Isolation using NSX Guest Introspection

SEC2567

Unleashing Collaborative Security with VMware NSX Advanced Defense for Advanced Threats

Advanced Technical Track - Security

SEC2421

VMware NSX Security Operations Best Practices

SEC1746

NSX Distributed Firewall Deep Dive

Group Discussions - Security

SEC3446-GD Security & Micro-segmentation
SEC3449-GD Security Policy Automation using NSX Service Composer
SEC3448-GD NSX Platform Extensibility
SEC3447-GD Compliance Reference Architecture
CONFIDENTIAL

57

Technical Track Management

MGT1833
MGT1878

How to Perform Troubleshooting and Root Cause Analysis Using Log Insight
Deep Dive into How vCenter Operations Simplifies NSX Operations

MGT1969

vCloud Automation Center and NSX Integration Technical Deep Dive

CONFIDENTIAL

58

Fill out a survey

Every completed survey is entered into a
drawing for a $25 VMware company store
gift certificate

NET1846

Introduction to NSX
Milin Desai, VMware, Inc