20150311 NSX update 301

KevinGroat 408 views 22 slides Mar 14, 2016
Slide 1
Slide 1 of 22
Slide 1
1
Slide 2
2
Slide 3
3
Slide 4
4
Slide 5
5
Slide 6
6
Slide 7
7
Slide 8
8
Slide 9
9
Slide 10
10
Slide 11
11
Slide 12
12
Slide 13
13
Slide 14
14
Slide 15
15
Slide 16
16
Slide 17
17
Slide 18
18
Slide 19
19
Slide 20
20
Slide 21
21
Slide 22
22

About This Presentation

NSX Overview with microsegmentation. Watch the video here: https://goo.gl/Ugj5Ay

Size: 9.3 MB
Language: en
Added: Mar 14, 2016
Slides: 22 pages

Slide Content

“NSX will transform what’s possible for our IT team in terms of network and security operations.” NSX is the future

This is YOUR opportunity to be the thought leader for your customers. NSX is the network virtualization platform for the SDDC, transforming data center networking and making a new level of security possible.

OSI Layers & Platforms 1 Physical 2 Datalink 3 Network 4 Transport 5 Session 6 Presentation 7 Application 1 Physical 2 Datalink 3 Network 4 Transport 5 Session 6 Presentation 7 Application vCNS NSX

NSX is the Future Legacy Computing Model Zoning ( dpar / lpar ) Sun Solaris Sun Sparc Vendor-specific HW (Sun e10K) Any Applications Legacy Networking Model Proprietary Features Platform-dependent NOS Custom ASIC Vendor-specific HW Any Applications

NSX is the Future VSWITCH OS Hypervisor Network & Security Services Now in the Hypervisor L2 Switching L3 Routing Firewalling/ACLs Load Balancing Next Gen Networking Model Virtual Machines Virtual Networks Virtual Storage Data Center Virtualization Location Independence Software Hardware Pooled compute, network and storage capacity; Vendor independent, best price/ perf ; Simplified config and mgt. Compute Capacity Network Capacity Storage Capacity Software Any Applications

Data center micro-segmentation becomes operationally feasible East / West is now reality. This is the future of data center networking and security

Micro-Segmentation Self-Service IT NSX Across Data Centers

CONFIDENTIAL 8 Automated Policy Mgt & Operations, Distributed Enforcement Kernel-based Performance, Distributed Scale-out Capacity (20 Gbps /host) Distributed Firewalling Host VM VM VM Hypervisor Host VM VM VM Hypervisor Host VM VM VM Hypervisor Host VM VM VM Hypervisor Hypervisor Host VM VM VM Traditional Firewall Rule Mgt & Operations Physical Firewalls (2 – 100 Gbps ) Traditional Firewall Rule Mgt & Operations Virtual Firewalls (1 – 3 Gbps ) Virtual Firewalls Physical Firewalls There is a BIG difference…

Why NSX for MicroSegmentation ? Hypervisor-based, in kernel distributed firewalling High throughput rates on a per hypervisor basis Every hypervisor adds additional east-west firewalling capacity Native feature of the VMware NSX platform Platform-based automation Automated provisioning and workload adds/moves/changes Accurate firewall policies follow workloads as they move Centralized management of single logical, distributed firewall NSX vSwitch VM VM VM VM Hypervisor

So how do we fix this problem? #1. Assume everything is a threat: “Zero Trust Security” #2. Security Design Principle: Micro-segmentation Isolation and segmentation 1 VM VM VM Unit-level trust / least privilege 2 VM Ubiquity and centralized control 3 VM VM VM VM VM Ensure all resources are accessed securely regardless of location. Adopt a least privilege strategy and strictly enforce access control. Inspect and log all traffic. 1 2 3

So how do we fix this problem? Each VM can now be its own perimeter Policies align with logical groups Prevents threats from spreading Segmentation simplifies network security App DMZ Services DB Perimeter firewall AD NTP DHCP DNS CERT Inside firewall Finance Engineering VM VM VM VM VM VM HR VM VM VM VDI VDI VDI VDI VDI

Secure Micro-Segmentation with NSX 12 Logical Switching Web Tier App Tier DB Tier Distributed Firewalling

Micro-Segmentation Deployment Examples 13 Perimeter firewall DMZ/Web VM VM App VM VM DB VM VM HR Group VM VM App VM VM DMZ/Web VM VM DB Finance Group Services VM VM Mgmt Services/Management Group NSX Data Center Perimeter firewall DMZ/Web VM VM App VM VM DB VM VM HR Group VM VM App VM VM DMZ/Web VM VM DB Finance Group Services VM VM Mgmt Services/Management Group Perimeter firewall DMZ/Web VM VM App VM VM DB VM VM HR Group VM VM App VM VM DMZ/Web VM VM DB Finance Group Services VM VM Mgmt Services/Management Group Network Segmentation / DMZ Multi-Tenancy with Adv. Service Isolation Tenant 1 Tenant 2

Scale 100,000 Virtual Machines 30,000 Virtual Networks vSphere 5.5 vCenter limits 1,000 hosts, 15,000 VMs (registered), 10,000 VMs (concurrent), 10,000 networks Controller Controller Controller

Today’s VDI Security Challenges 15 A converged infrastructure means virtual desktops run on the same infrastructure as servers… Bringing desktops into the data center opens up new risks for attack. And a matrix of policies is needed on centralized, choke-point firewalls for the correct security posture. Desktops VDI VDI to VDI Desktop-to-desktop hacking inside the DC VDI to VM Desktop-to-server hacking inside the DC Servers Finance HR Engineering VDI VDI

Solving VDI Security with NSX Micro-Segmentation 16 VM VDI VDI VDI VDI VDI VDI VM VM VDI VDI VDI Enterprise Applications Virtual Desktops VM VM VM VM VM VM VM VM Shared Infrastructure Firewall based on Logical Grouping BENEFITS Distributed Firewall provides Isolation & Segmentation 3 rd Party Integration for AV, IPS/IDS, NGFW, etc. Programmable & Automated Application of Networking & Security

Self-Service IT with VMware NSX NSX vSwitch Hypervisor NSX vSwitch Hypervisor NSX vSwitch Hypervisor NSX vSwitch Hypervisor NSX vSwitch Hypervisor NSX vSwitch Hypervisor NSX vSwitch Hypervisor NSX vSwitch Hypervisor Logical Switching Logical Routing Load Balancing Physical to Virtual Firewalling & Security Cloud Management Platform

More to vCloud Air 18 The updated iteration of vCloud Air will now include NSX capabilities!

NSX for Data Center Multi-Site Extensions 19 L2 Extensions Data Center 2 NSX NSX Data Center 1 Logical Switch Extension L2 VPN vCloud Air Software-based solution with support for Logical Switching, Distributed Routing, Distributed Firewall

NSX for Data Center Multi-Site Extensions 20 Data Center 2 NSX NSX Data Center 1 SRM-based Disaster Recovery No Re- IPing , Instantaneous Availability of Apps upon Disaster Failover of Logical Switching, Routing & Firewall Rules

Visibility with vRealize Operations Manager

Thank you @ kgroat
Tags
microsegmentation vmware nsx
Categories
Technology
Download
Download Slideshow Get the original presentation file
Quick Actions
Statistics
  • Views 408
  • Slides 22
  • Favorites 1
  • Age 3549 days
Related Slideshows
8-top-ai-courses-for-customer-support-representatives-in-2025.pptx 11
8-top-ai-courses-for-customer-support-representatives-in-2025.pptx
JeroenErne2
44 views
7-essential-ai-courses-for-call-center-supervisors-in-2025.pptx 10
7-essential-ai-courses-for-call-center-supervisors-in-2025.pptx
JeroenErne2
45 views
25-essential-ai-courses-for-user-support-specialists-in-2025.pptx 13
25-essential-ai-courses-for-user-support-specialists-in-2025.pptx
JeroenErne2
36 views
8-essential-ai-courses-for-insurance-customer-service-representatives-in-2025.pptx 11
8-essential-ai-courses-for-insurance-customer-service-representatives-in-2025.pptx
JeroenErne2
33 views
Know for Certain 21
Know for Certain
DaveSinNM
19 views
PPT OPD LES 3ertt4t4tqqqe23e3e3rq2qq232.pptx 17
PPT OPD LES 3ertt4t4tqqqe23e3e3rq2qq232.pptx
novasedanayoga46
23 views
View More in This Category