VMworld 2017 NET1152BU - Introduction to VMware NSX

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

good afternoon everyone hope you're enjoying your day so far having a good show alright my name is Matt Devon cenis and I'm a group product marketing manager for the networking and security business unit here at VMware and I'm really super excited today to introduce you to VMware NSX now unless you've been living under a rock for the past three or four years I'm sure you've at least heard of NSX patgower singer our CEO certainly talks about it a lot but I'm going to assume no knowledge in this session so we're gonna start with the basics I'll cover why network virtualization is so important I'll talk about the problem that NSX solves with regards to the network I'll touch on how it works but I won't go too deep we have dozens dozens of other sessions that go into a lot of detail and and technical deep dives into how it works and the speeds and feeds and that sort of stuff but I'll cover how it works at least conceptually but mostly focus on why NSX is important why customers are deploying intersects and the value that they're getting out of it so hope that's okay with you guys just to level set there won't be any demos no architecture diagrams that sort of thing but will really prime you so you can start on your journey towards network virtualization just to give you some background about myself so I run product marketing for NSX at VMware globally but it wasn't always a marketing guy so actually started out my career as an engineer building and deploying data center infrastructure so back in the day it was physical servers physical storage a physical networking that's how I started out my career for a service provider up in Australia and you know these were the early days of server virtualization we weren't too sure at that point if server virtualization was the real deal well obviously it is now and we all understand the agility and the efficiency that server virtualization has bought us and the way it's transformed the way we do IT and really nsx is doing for the network what vSphere did for service and so hopefully I can show you throughout this presentation exactly how that's done so I started out my career deploying physical infrastructure and probably like many of you that then developed into you know a VI admin type of a role so I guess this is all to say that although I'm a marketing guy now I know exactly where you guys are coming from and the challenges that you face with regards to your infrastructure and hopefully I can demonstrate through this presentation how NSX can help you and your organizations but also you guys as individuals in terms of being able to you know build your careers and take that next step in your journey so standard disclaimer slide let me just skip that one all right let's get into it let's start with this quote from Marc Andreessen he said that in short software is eating the world now for those who don't know Marc he's a general partner at Andreessen Horowitz they're a Silicon Valley venture capital firm he was the co-founder of Netscape amongst other many other you know very successful ventures with in Silicon Valley and when he made this statement you know it was a slightly different context to how I'm going to use it today but he was basically saying that you know software is disrupting industries and software is fundamentally changing business models I'm gonna use it slightly differently you know because I think software is actually eating the world of data centers as well and this is a really good thing and here's why if you think about your data centers if you think about it fundamentally and you break it down to its most simplest form it's really three fundamental building blocks of infrastructure within the data center we've got a compute platform our storage platform and our network platform on top of which we run our applications and so there's been a lot of innovation and virtualization on the compute side obviously led by VMware over the past sort of 15 plus years like I was just talking about certainly kick-started my career and we you know understood long ago that agility and that efficiency that virtualization brings us on the server side likewise for storage you know we've been virtualizing storage for a long time even if you think you know just simply the fact that VMs you know hard disk is just a file on a storage array and we can move it seamlessly from one array to another without impacting you know the operation of a virtual machine we've had that abstraction between the physical hard and storage just like on compute for a long long time but it's the network that's been holding us back we haven't seen that same level of innovation that same level of virtualization on the network that we've enjoyed in compute and storage networking hasn't fundamentally changed in our data center for probably three decades we've made small incremental improvements you know if went from 10 megabits per second to 100 a gig and 10 gig and beyond certainly speeds and feeds have increased but we still haven't virtualized the network like we have with compute and storage even with software-defined networking Sdn it's still about software controlling physical hardware and we really make the distinction between Sdn and network virtualization with nsx nsx is fundamentally about running your network entirely in software it's not just software controlling hardware and ultimately what this means is it's holding us back in terms of our ability to keep up with the pace of business our business is a demanding of us to be able to deploy applications and deploy services quickly and so it's you know no longer you know appropriate or acceptable to be waiting weeks and weeks for network changes to occur we have to physically rack and stack things and plug them in with cables you know it's just that lead time in terms of getting networks up and running when we need them is just no longer acceptable with this pace of rapid pace of business that we now see it's holding us back in terms of our ability to secure our data centers this network security model this perimeter centric network security model where we're placing these big hunking physical firewalls of the perimeter of our network to try and stop attacks getting in you know again that's no longer acceptable in this world where applications could be anywhere and as we've learnt from data breaches over the past sort of three to five years attackers will figure out how to get either through or around our perimeter defenses they'll get inside the data center and once they're inside those perimeter firewalls are no good to us and those attackers will move laterally from system to system until I get the data that they need and likewise this lack of virtualization in the network is inhibiting our ability to control cost you know there's duplicate hardware there's redundancy that we have to build in we have to buy there's very specialized pieces of hardware equipment and not only that that's obviously the capital cost but the operating expense of manually configuring and deploying this stuff is holding back our ability to control copy back the cost on the OPEC side as well and then along comes public cloud and so public cloud helps us to solve some of our problems with our data center so we no longer have to you know physically install servers and install hypervisors and manage the physical stuff that it actually introduces a number of unique challenges on the network and so you know we recently did a survey at vmware where we surveyed our customers and 67% of them said that they were their cloud strategy will involve multiple clouds and so with these multiple clouds you know each cloud has their own you know network and security constructs and different tools and different policies and different ways of managing networking and security depending on the cloud they'll require different skill sets to manage so there's different API is for each of the different clouds and automation teams have to interact with very different infrastructure depending on the cloud and of course all of this is different from our private cloud and our private data centers and so the net result is why the public cloud has helped us in some respects and solve some of the challenges with their own Prem datacenters it introduces a number of unique challenges from a networking and security perspective network virtualization aims to solve all of these problems we aim to solve the problem within the data center by providing essentially the operating model of the virtual machine but for the network so we're all familiar with the virtual machine and the fact that we can you know create we can delete we can backup and we can store VMs well now we can do the same thing with network virtualization but for the network we can create entire Network constructs with multiple layers of switching and routing and load balancing and firewall in all of these virtual network functions we can create them we can delete them we can back them up we can restore them we get that operating model of the virtual machine but for the network so we're abstracting just like we did with server virtualization where we're reproducing the attributes of a server the CPU the memory the storage we reproduce those in software or now we're doing the same for the network we're reproducing you know the physical attributes of a network in software for the cloud helps us to solve our cloud networking problems as well by being able to provide this consistent networking and security layer these consistent policies and tools across all of our public public clouds as well as our private clouds it helps us to solve problems with networking in the branch office as well you know a lot of the customers that I talk to these days are talking about you know virtualizing their branch infrastructure and essentially creating miniature software-defined data centers in their branch with network virtualization we have this opportunity where we can extend our datacenter Network networking and security policies from our data centers all the way out to our branch offices as well and all of this is ultimately setting ups us up to be able to support you know any workload any endpoint that we may be asked to support in the future and so NSX is the product from VMware that delivers on that promise of network virtualization and so our vision for NSX is for it to not just be the network virtualization platform for the software-defined data center and for vSphere but to be the network and security platform that connects and secures all of those heterogeneous endpoints that you might have in your environment now while I say this is our vision this slide here represents exactly what's on the truck and in the product today so NSX supports not just vSphere and your on-premise environment but also KVM as a hypervisor if you choose to use a different hypervisor out in the public with the announcements that we made this morning around VMware cloud on AWS as well as NSX cloud we can now support the network and security and extend our network and security policies and tools out to public cloud environments too we are not only supporting virtual machines but also containers with integrations with these new application frameworks like kubernetes and pivotal so as you can see you know nsx we believe will be the network and security layer that connects and secures all of these different endpoints whether it's on prem in your data center out in the public cloud whether it's VMS whether it's bare metal servers whether it's containers nsx will connect and secure all of this so that is why network virtualization is important and the sort of problems that nsx solves now let's start to dig into exactly how nsx delivers on this promise and how nsx works like I mentioned in the start of the presentation I'm not going to go too deep this is mostly conceptual but I want to give you guys an understanding and a primer as to how we actually do this with NSX so nsx starts with the existing infrastructure that you already have in place so nothing needs to change so unlike Sdn where you need special types of switches that support these Sdn protocols NSX doesn't require any different network infrastructure in your datacenter it can run on top of your existing IP network the only real requirement is an IP network so as long as you have IP connectivity between your hosts in your data center which you already do have nsx will work so we have a lot of customers deploying in a sex in their brownfield environments on top of you know Cisco Catalyst 6500 series switches or Cisco Nexus you know 2k5 k9k sort of stuff that's totally fine we have customers deploying new greenfield data centers you know on on new Cisco you know nine case pine leaf fabrics that's totally fine too but like we had with server virtualization remember when we tracted the VMS from the underlying hardware that gave us choice now we could use whatever hardware we wanted as long as it was x86 we could run our VMs on top likewise with NSX as long as there's an IP network we can run NSX on top the network could be from any vendor any flavor of your choice so on top of this existing infrastructure we have the virtualization layer we have the hypervisor which for most of you I'm assuming given your at vmworld is going to be vSphere and whether you're conscious of it or not you're actually already doing some form of network virtualization already with the V switch the V switch is at least a rudimentary form but still a form of network virtualization and so you have that in place in your hypervisor already essentially what we do with NSX is take this V switch speed switch concept to a whole nother level and we insert a bunch of new networking security services directly into the hypervisor so routing switching firewalling load balancing and we're running these in the hypervisor so these are not running as guest VMs on top of the hypervisor but NSX is actually embedded as a module in the kernel in the cloud we run these network services as a service so if this is VMware cloud on AWS or NSX cloud you know this is a subscription type model this is consumed as a service where you don't have to worry about installing it into your hypervisor you consume it as a service in the cloud and so we're delivering these functions you know independent of the hardware platform in your data center or independent of the cloud out in the public cloud now at this point you know a question that I often get when I'm sort of talking one on one or two small groups of people you know someone often throws their hand up and is like wait wait wait you're installing all of these network and security functions in the hypervisor surely that's going to impact the performance of the hosts the reality is every single packet that goes through the hypervisor is already going through the V switch and what we found now doing this for four years is the impact on the host performance is minimal like it's single-digit CPU impact it's a it's very minimal because the hypervisor is already processing every packet that goes through it but what we do get is these network functions running in the hypervisor means it works like a distributed system so these network functions are running in every single hypervisor in your environment so let's take firewalling as an example every time we add a new host into our environment we're adding another 20 gigabits per second of firewall in capacity so as we scale our infrastructure we add more hosts to add vm capacity we're adding more firewall capacity more load balancing capacity more routing capacity and we can start to reduce the amount of traffic that's actually traversing the physical network so we can start to actually see performance increases and latency decreases because we can do this networking functions inside the hypervisor rather than out in physical boxes so then essentially what this gives us is you know the nsx platform works almost like a network hypervisor so as I mentioned earlier you can think of this conceptually like server virtualization with server virtualization we reproduce those attributes of the server CPU memory the disk and we assemble them in software well likewise with nsx we reproduce the physical attributes of the network the routing the switching firewall and load balancing and we run those in software and so we can create entire network constructs rapidly we can delete them just as quickly from a disaster recovery perspective we can back them up from one site restore them at another huge advantages in terms of the way we operate our data centers and the way we operate our networks then on top of this of course we run our workloads so these could be VMs like I mentioned now with our support for container platforms like kubernetes and pivot all these could be containers as well and now we know that applications are not these monolithic stacks they're distributed comprising of lots of different VMs and all these different elements of networking and security well now we can build these entire applications with all of the VMS the containers and the network elements that they need all in software running on top of NSX so that's how NSX works from a high level now I want to switch gears and talk about how customers are deploying intersects the reasons they're deploying intersects and the value that they get out of it and so we've been doing this for four years now we launched NSX back at VMworld in 2013 we're starting to get a really good understanding exactly why customers are choosing to adopt NSX and really it revolves around three key pillars security automation and application continuity or disaster recovery and I'll take you through each of these and then talk about some customer examples and exactly how they're using NSX to gain these values so let's start with security so as I mentioned with NSX we have a firewall in every single hypervisor this is a stateful firewall and what it means is we can start now to firewall every single workload from each other so getting a little bit tacky here but work with me you probably know the the issue we have right now where if you have two VMs sitting on the same subnet or the same VLAN there is no way to firewall them well with NSX because we have a firewall running in the hypervisor and every packet has to go through the hypervisor we can now firewall every single VM from each other even if they're sitting on the same VLAN or the same subnet and so the way we've been firewalling vm's in the past if we do want to firewall to VMS is they need to be sitting on separate subnets separate VLANs and we have to hairpin that traffic out through the physical network to a physical firewall hairpin it all the way back we can eliminate that happening now we can firewall every VM from each other and we can start to segment our network and we call this concept a micro segmentation the ability to segment and network down to the finest grain level down to the individual workload and what that allows us to do is really stop the lateral spread of threats so I was talking you know before about this perimeter centric network model network security model that we've been relying on for years where we place these big firewalls at the front end of our network and as these attacks have shown over the past few years attackers figure out how to get around those perimeter defenses and so with NSX we have another layer of defense where if they do manage to compromise an endpoint the microsegmentation can stop them from being able to move laterally from that system to other systems an analogy I like to use is a castle versus a hotel you know the way we protect the castle is to put a big wall around the outside or a moat and a heavy gate at the front but we know you know if you think about the Trojan horse or you know any other breach of a castle once you know the attacker gets in they've got free rein inside the castle microsegmentation is more like a hotel all right you've got a security guard at the front door but someone a bad guy that gets in can't move anywhere because every single door is locked so that's really the difference between perimeter centric network security and micro segmentation that we're doing with NSX now micro segmentation is not necessarily a new concept that's been around for you know quite a while Forrester the the industry analyst firm have talked about zero trust for a long time and you know we could achieve this micro segmentation with no physical firewalls we could deploy a firewall for every workload or or using you know lots and lots of VLANs but this is clearly operationally infeasible you know a firewall for every workload if it was physical or even if it was virtual would be hugely expensive and you know operationally infeasible to just manage its scale NSX we can apply this security down at the workload level but we have centralized management so it looks and operates like a single firewall but it's distributed pervasively throughout the whole environment so architecting security into the hypervisor itself and if you'd like to learn more about security with NSX we have an introduction to security session actually directly after this immediately after this so after this session I'd highly encourage you if you'd like to learn more about security with NSX please check out the introduction to security session so a customer of ours that's using you know NSX for security is interfaith medical center so interfaith medical center are a safety net Hospital based out of Brooklyn in New York and so for those who aren't familiar maybe if you're overseas and you're unfamiliar with how the health system in the United States works essentially a safety net Hospital provide services to people with a low income and people that don't have health insurance so they have no means of paying for their their medical services so they're entirely funded by the government which means they obviously have to be you know very careful with where they allocate their funding and how they you know spend their money in terms of their their infrastructure and so they need to be very efficient in what they do and so they've chosen to go with NSX and use micro segmentation to really you know help to bolster their security posture and Chris friends here is the director of infrastructure and he talks in this quote about you know that essentially using NSX and micro segmentation from stopping threats from moving laterally throughout the data center Chris is actually at VMworld he's presenting in a number of sessions around security is presenting in some NSX sessions he'll be in the transform Network and security showcase session tomorrow so please head along to that if you'd like to hear about interfaith he's also presenting in a session about app defense and new security product as well so a really interesting story it's a really great Hospital and we're really pleased to be working with interfaith so the next use case I'd like to talk about is automation and this might be an obvious one but once the network is running in software it becomes much easier to automate you know it's very hard to automate racking and stacking physical things and plugging cables in but once you run all of this network and security infrastructure in software we can start to blueprint it we can start to deploy all these network and security services automatically so that provides us with a number of benefits from an IT perspective we can start to use cloud management platforms like V realize automation or OpenStack to create blueprints of our applications and our networks so we're we're very familiar with you know printing VMs and deploying VMs automatically now we can start to build blueprints that include not just the VMS that make up an application but also the routing and the switching and the security and the firewall policies and the load balances so we can blueprint the entire application using a cloud management platform like V realized automation or OpenStack and deploy these things rapidly consistently avoid human errors and really accelerate the the time it takes for us to deploy applications and services then there's the benefit to our developers and so increasingly you know developers are consuming infrastructure as code you know this is the reason why they're going to public clouds because the fact that they can spin up infrastructure that they need to develop their applications very quickly and so with NSX they can interact directly with the API is exposed through NSX all the API is exposed through cloud management platforms like OpenStack and they can start to deploy their own infrastructure without having to involve IT so they can start to build infrastructure as part of the code that they deploy or they can you know set up parallel development and test and production environments and they can all be the same and consistent with consistent networking and security as well as the application code itself running networking software also makes multi-tenancy much much easier as well so multi-tenancy is often thought about as a service provider thing you're running multiple tenants on a single infrastructure but what we're seeing is enterprises are becoming more like service providers in the way they're delivering services to their internal organization and so now with something like NSX we can have a common hardware platform common compute storage and network and isolate whether it's our business units or our different teams or our projects or whatever it is we can isolate them completely in software rather than what we did in the past with separate physical infrastructure and it was a session I think we've missed it it was earlier today introducing NSX for automation I'd encourage you if you're interested in the automate aspects of network virtualization to watch the replay or this may be repeated later in the week so watch out for that one and a customer of ours really taking advantage of the automation capabilities and NSX is deluxe corporation so talk about an organization that's transforming themselves so Deluxe you may not have actually heard of them but they're actually the largest printer of checks so paper financial checks in the United States and they've been doing this for over a hundred years and I would expect they're very good out by now III didn't realize this until we started working with Deluxe but they actually print my personal checkbooks at home and they probably do to you guys to flip over your checkbook or have a look at the box and it probably says deluxe corporation on it but obviously as we know you know paper checks are going away with these new electronic forms of payments I'm sure deluxe won't be making paper checks forever so they're going through this organizational transformation right now and transforming themselves from a printer of checks to an organization that's delivering you know marketing services to the financial industry so this is everything from you know marketing brochures and collateral all the way through to hosting websites so with this transformation of their business they need to transform their infrastructure and as you can see from this quote it previously took them between 30 and 40 days to get new services online and so as they're you know maybe that's acceptable when your core business is printing checks but when your core businesses things like web hosting and some of these you know more rapid and fast-paced services clearly that's not acceptable so what they've done is they've embarked on a journey to transform their infrastructure they're using a combination of V realize automation and V realize Orchestrator with NSX to start to automate the delivery of they're not just compute but the network and all the other associated services with their applications so they've delivered a service catalog through ServiceNow so people within their organization can request new IT services goes through the you know proper approval processes and is automat we provisioned within 48 hours so huge transformation from something that used to take between 30 and 40 days shrinking that down to 48 hours with you know automation powering all this the third use case that I'd like to talk about is application continuity and this one's a little bit different and it might not be the first thing that you think about when it comes to nsx but if we think about how we you know do disaster recovery and business continuity right now it's you know oftentimes replicating storage replicating VMs from one data center to another and while that might have been okay in the past when applications were more of a monolithic stack and you know the primary thing that we needed to do when a disaster hit was you know turn VMs backup online but now applications as they become much more distributed it's no longer about simply recovering the VMS we also need to recover the network and the security associated with those VMs so when we run a networking software like with NSX as I mentioned earlier you get that operational model of the VM so we can essentially backup and restore the entire network in software and so when we move oh sorry in a disaster when we spin up our new VMs at our recovery site we can also spin up their network and security elements as well now we've tried lots of things as an industry to sort of get around this issue you know a lot of customers will have exact replicas of their infrastructure at their recovery site obviously hugely efficient when you've got an infrastructure especially networking security infrastructure sitting there you know doing nothing waiting for a disaster with NSX when the network runs in software you know as long as you have x86 capacity out at your recovery site you can recover the network along with the VMS in the case of a disaster we have customers then taking this disaster recovery and application continuity to the next level as well with a use case that we call multi datacenter pooling so what this is about is it's using the network overlay capabilities of NSX so NSX has this ability to run layer 2 network / layer three boundaries and customers are spanning the networks across multiple data centers so essentially these multiple data centers look and operate as if they're one so can deploy applications at any one of their data centers move them seamlessly between data centers it's really pulling the resources of multiple data centers to give them a true active active architecture and another shout-out to an introduction for in a succession there's an application continuity session that dives in a much more detail for this use case tomorrow at 4:00 p.m. so I'd encourage you to check that out aero data are a customer of NSX really taking advantage of the application continuity capabilities and you'll understand the reason why I want to talk about their business you may not know the brand but aero data offer aircraft performance data information they do weight and balance data and load planning services for the airline industry they actually support over 20,000 flights per day in the United States and have an application their flight deck app is actually the last app that a pilot uses when they push off from the gate and taxi out to the runway to takeoff in the United States and so obviously as I'm sure you could imagine the downtime of this application is just not acceptable at all and in fact they told us that five minutes of downtime to their app can cause the delay of over a hundred flights across the United States so availability is absolutely critical to era data so with their traditional data centers the way they had them Hardware defined in the past they were limited not only in terms of their agility and their scalability because it was mostly physical but it was their availability that they were most concerned about so they embarked on a transformation process a software-defined data center transformation with us with VMware they implemented vcn they implemented NSX and the data center architecture now is three data centers in an active active active configuration so they can now deploy applications in any one of these data centers move them around and in the case of a disaster automatically shift workloads from one to the other to ensure it's always available they've eliminated single points of failure that used to exist with their hardware and they now have a very highly available and resilient data center architecture in fact they're quoted as saying their architecture they believe now offers five nines of availability for the network so we're not doing this alone though so NSX is a platform we consider it a platform and we have a rich partner ecosystem that works with NSX now a lot of vendors and a lot of products will talk about an ecosystem of partners and normally all that means is you know partner software or systems that will work you know with whatever the vendors talking about but in our case these are you know partners that have true integrations with NSX as a product so if we look at network infrastructure as an example you know these providers here these vendors here you know they make physical switches that can integrate directly with NSX so the use case there the idea is you know you might still have physical servers in your environment we understand that with this integration those physical servers and that switch port can be mapped directly into an NSX virtual network so these vendors sell switches that have that ability to connect a physical switch port using what we call a hardware V tap into an NSX virtual network on the security side you know with the likes of palo alto networks or checkpoint or Fortinet their virtual firewall appliances can be deployed automatically with NSX so the use case there and what a lot of customers do is they use NSX to do their micro segmentation or segment their network to prevent the lateral spread of threats then when they have a compliance requirement like PCI for example where you need a IPS between your cardholder data environment your non cardholder data environment NSX can orchestrate the deployment of a Palo Alto Networks virtual firewall and insert it directly into the virtual network fabric with what we call service insertion it orchestrates all of that and does it automatically with the integration with our partner services so as I think you've seen nsx enables us to take a huge step forward in terms of IT and it's not just about the technology so I've spoken a lot about the technology you know why network virtualization is so important how intersects solves some of our problems on the network how it works and some of the use cases that that you can deploy and I think it's clear that you know nsx provides a lot of value from a technology perspective but nsx you know we also see organizations using nsx is the thing that you know helps to break down these traditional IT silos and create more cross-functional teams and really enables us to work together as different functional areas within IT to automate our processes to reduce complexity and to ultimately create a culture where IT becomes more agile and delivers more value to the business now let me be clear here when I talk about building cross-functional teams and working together there's a common misconception that you know if we're virtualizing the network because it's you know saying virtualization and the network's running in software that it means the networking guys hand over control of the network to the virtualization admins and that's not the case your nsx while it's running in software these are still networking concept we're still talking about routing protocols and layer two and firewalls and these sorts of things so it's hugely important that when we're building these cross-functional teams and we're coming together to start to automate our infrastructure that we have security folks and networking folks and virtualization folks working together to make this successful and the organizations that have been successful doing this have done exactly that they've built those cross-functional teams where all of these different areas are coming together to really deliver this common infrastructure and common experience and we've seen a lot of customers adopting this so the momentum that we're seeing in industry has been exponential so we've been doubling our customer count year-over-year since we launched back in 20 so we now have over 2800 to 2800 customers across all industries and all sizes using nsx this is not just in you know dev labs and I'm just testing it out we're actually seeing two new production deployments coming online each day with NSX now from an individual perspective we've also got now over 8800 certified NSX professionals so you know folks like myself and many of you who you know built our careers off the back of server virtualization we now have this opportunity to add network virtualization and make ourselves you know more employable and more valuable to our businesses through our vc p NV certification program as I mentioned these customers are across industries as well so this is not just something that's suitable for financial services or for healthcare we're seeing NSX deployed across all industry verticals all the way from small businesses with just three hosts up to our largest customers that have literally thousands of hosts running NSX in production supporting tens of thousands of workloads so extremely scalable from the very small end all the way up to the very large and so you're not alone we're here to support you all the way through this journey we have professional services we have training services and we have a very active v mug community who are there to help you along your journey towards network virtualization so know that you're not alone we're here to help you as you move forward now before I finish up I want to do something sort of fun if you guys are still with me for a couple of minutes we've still got a few minutes left we're running a little bit of a campaign at the moment called NSX in the wild where essentially if you take a picture of yourself in some NSX gear and tag it with hashtag NSX in the wild you could potentially win some pretty awesome prizes and so I've got a bunch of swag up the front here that I'm happy to give out after the presentation but if you guys are with me do you mind if I take a selfie of the crowd while we're finishing up is that okay can we let me see one get this go on can we do something fun can everyone throw their hands in the air let's do it throw your hands in the air yeah all right NSX in the wild thank you for that guys I'm not able to win the prize but I just want to kick off this campaign by posting this up on social all right let's bring this home where to get started there's a bunch of resources both here at VMworld and outside of VMworld online to help you get started like I said there's a vie mug community there's hands-on labs you can try them both here at VMworld or after the event online you can experience you know a bunch of different dozens of different NSX sessions go see our booth we've got experts in there who can answer any questions that you might have we'll also got the training and certification that I spoke about with the vcp env courses I'll leave this up for a minute so everyone can take their pitches hashtag in its NSX in the wild play all right and the standard you guys know about this please fill out the survey it's really important to us that we understand you know what you liked what you didn't like please give us that feedback and with that I'd like to thank you for your time really appreciate it thank you so I think we have about 15 minutes left the QA cyst on I think we have about 15 minutes left for Q&A so if you have any questions feel free to step up to the microphones and happy to answer those otherwise I will hang around after this if you want to have a one-on-one discussion as well [Music] do we have any questions here with Mike my question question so company I work for is bound by PCI and right now it's at a decision point of deciding what we want to create a to use the Superman turn a fortress of solitude for all of our cardholder data environment so right now it's a hard sell with security to say okay how can we mix our PCI workloads on the same hardware is all of our non cardholder data and their answer is don't just buy more set it up here and won't be in scope of PCI so our honest will be super easy yeah but we'd love to include it all for all the redundancy and being able to use and not have a complete separate environment that we now have technical debt associated yeah so not to trash-talk q essays or lawyers but q essays are kind of like lawyers where the default like answer is just no uh-huh so we've been working with a number of different q essays to validate using micro segmentation to be able to segment you can't hold a data environment from non on the same set of physical infrastructure and we've actually worked most closely with a company called coal fire and they've produced a report that's online and you should check it out or come and see me after this and I'll send it to you where they're validated they've actually like created a report and validated that yes you can use micro segmentation to separate cardholder data from non cardholder data on a common physical platform that's been done and validated and is absolutely okay now it obviously depends on York USA cuz York USA has to sign off on it but we absolutely have many customers doing exactly what you're talking about so what's the easy easy way to sell the sides in a this tacking that says it's okay what's the best way to attack that yes you'd have to work with York USA obviously they sign often would have to be comfortable with it but we have other customers that are absolutely doing it and there are cue SAS who validate it as a proprietary it can't be done and obviously you get you know a lot of efficiency in terms of the utilization of the hardware and agility rather than having to have separate pods of physical infrastructure it's just crazy so has been done absolutely it's a good look for it it's crazy time that's crazy talk you can tell them that said sir thanks good question as far as outside of the NSX the virtualization physical do you is our switches that run in a sex that you can say plug in physical hardware and kind of treat isolate the physical hardware yeah so we don't have switches that run NSX but the vendors that I had up on the slide they make switches that support like the termination of NSX tunnels the VX LAN tunnels so it doesn't run NSX as such but it supports the termination of the NSX protocol basically we get the same functionality as if you absolutely essentially anime in the use cases I mean you probably have just a few physical servers that you need to connect into your virtual networks you're right those people have gotten rid of most of their physical servers yes just a crook I guess if you try to split your endpoints you could always put them in groups yeah yeah absolutely kind of thing so there are switches that yes support that VX LAN tunnel termination you know many vendors are doing it okay thanks thank you had a quick question yes two actually one I'd saw where Cisco was a service provider but they were infrastructure providers that's still a true statement yeah so we're working with Cisco on the security side to integrate their security product into NSX so that's where the integration with Cisco is right now second question I assume the firewalls in NSX platform from the hypervisor software perspective that is a stateful firewall correct yep stateful you know layer 2 through 4 firewall yeah yeah I'd a quick question about the branches you mentioned overnight branch office networking stuff yeah yep work for a bank there's a thousand branches yeah and we recently introduced new equipment called SD Wham mm-hmm and that's supposed to be the software to find out work I just don't know how NSX would work on that given that it seems like all the VMware stuffs back in the datacenter yeah so we actually work with a number of Sdn partners I think we're solving different problems you know they're really solving the problem of you know getting rid of the expensive MPLS leased line links that sort of thing that's really where they play so where we play is more in the actual hosts that you have inside those branches so essentially virtualizing your branch with x86 servers and then using NSX as the network and security sort of policy layer for that so maybe I don't know if you're a bank maybe you do maybe don't have the need to in a segment some of the workloads within the branch where you can do that on top of just one host or you know a cluster of hosts without having to have physical separation so complementary bits solving different problems Thanks just checking is there a suite of tools to help debug this just not quite working right yeah so there are a number of tools built into NSX I mean it's still the fundamentals of networking so it's things like IP fix and syslog and you know all of those sorts of like troubleshooting tools that would use on the physical network are available in NSX as well ok great question thank you anyone else came to step up to the mic or prefer a one on one all right thanks very much guys appreciate it

Info

Channel: VMworld

Views: 10,613

Rating: 4.8064518 out of 5

Keywords: vmworld, vmware

Id: j0GUOODkCr8

Channel Id: undefined

Length: 48min 8sec (2888 seconds)

Published: Tue Aug 29 2017