Microsoft delivers a complete datacenter solution with Windows Server 2012 R2 out-of-the-box Cloud OS Development Management Identity Virtualization.

Extend Datacenter Networking with Partner SolutionsBob Combs

DCIM-B314

Microsoft delivers a complete datacenter solution with Windows Server 2012 R2 out-of-the-box

Customer

ServiceProvider

MicrosoftConsistentPlatform

ONE

People-focused approach

Hybrid design

Enterprise-grade platform

Cloud OS

Development Management Identity Virtualization Data

Host NIC

Hyper-V extensible switch as the policy edge

Extension miniport

Extension protocol

Virtual switch

Capture extensions

Filtering extensions

Forwarding extension

VM NIC

Virtual Machine

Physical NIC

Rich Policies with ACLs, QoS, SLAs, isolation, DHCP guard, router guard

Extensible Switch extensions

Automated Using System Center VMM and PowerShell

Parent partition

Hyper-V Network Virtualization (HNV) for tenant network overlays

Physical server Physical network

Virtualization

Contoso virtual machine

Fabrikam virtual machine

Onboard customer networks (with overlapped addresses)

Live migrate VMs across subnets without touching the physical network

Support network isolation across millions of tenants

Contoso network Fabrikam network

Delivering networking without boundaries

And it is Extensible …

Virtualization

VM1 VM3VM2

Root Partition

3rd Party components

VMM Agent

VMM Service

SCVMM

Vendor network mgmt console

Policy database

VendorSCVMMPlugin

Capture Extension

Filtering Extension

Forwarding Extension

Physical NIC

• Hyper-V switch extensions and• SCVMM extensions from partners

5Nine will show how to configure security groups using Cloud Security for Hyper-VNEC will show how to configure their OpenFlow switch and Hyper-V Network Virtualization using Programmable Flow Virtual Switch PF1000Cisco will show how to configure the vSwitch and Hyper-V Network Virtualization using Nexus 1000V for Hyper-V

Agenda

Click icon to add picture

5NineCloud Security for Hyper-VKonstantin MalkovCTO

5Nine Cloud Security for Hyper-VEnterprise-grade

Aggregate security controlSimplified deployment

Agentless Anti-Virus/Anti-Malware

• Agentless: no degradation

• All versions of guest OS supported by Microsoft Hyper-V

• Fastest AV Scans available

• Orchestrate scans and set thresholds across VMs

• Staggered scanning

• Caching across VMs

• Centralized management

Agentless Intrusion Detection

• Industrial-strength

• Real-time threat monitoring

• Signature-based

• Block application-level attacks (WAF)

• Behavioral: build baseline for known attacks (WAF)

• Pro-active - detect, warn, block (WAF)

Agentless Virtual Firewall

• Isolate VMs: manage security programmatically per VM

• Control and protect inbound, outbound, intra-VM traffic

• Multi-Tenant protection and support of network virtualization

• Stateful, deep packet inspection

• Granular QoS

• Aggregate, analyze, audit logs

• Virtual Machine Security Groups

• User/Role - level access: support of Security and Auditor accounts

• Application-level protection against a wide range of exploits (WAF)

Security groups and VMs isolationVirtual Machine 1

Virtual Machine 2

Virtual Machine 3

Web ServersSecurity Group

DB ServersSecurityGroup

5Nine Cloud Security for Hyper-V

Intrusion Detection

Virtual Machine

Web Servers

Network Attack Emulation

Snor

t

Click icon to add picture

NECProgrammableFlow Virtual Switch PF1000Peter LeeAdvisory Software Engineer

What is ProgrammableFlow?ProgrammableFlow is a new networking solution that combines NEC’s unique functionalities and next generation network technology OpenFlow.The VTN network design enables deployment of virtual networks on top of any underlying physical network topology, reducing complexity of traditional network design and increasing service agility.

VTN2

ProgrammableFlow Controller

Independent and secure virtual networks

Control

Virtual Networks (VTNs)

Physical Network

Network Switch Pool

Server Pool

Network Appliance Pool

ProgrammableFlow Switch

VTN1

Demo EnvironmentVMM Setup: VMM 2012 R2 server with PF1000 VSEM Provider, managing 2 Hyper-V hostsProgrammableFlow Setup: PF6800(Controller), PF5240(Physical Switch), PF1000(Virtual Switch)

Each switch is redundantly connected to other switch

PF5240

Tenant Red

Tenant Red

VTN for OthersVTN for Others

PF5240

Path policy2

Hyper-V

HostHyper-V

Host

VMMVSEM Provider

PF1000PF1000

VTN for HNV tenantVTN for HNV tenant

VLAN: 200

Path policy1

PF6800

Demo OverviewFabric Operation

VMs and Services Operation

PF5240 PF5240

Hyper-V

HostHyper-V

HostLogical network

VM network

VM Subnet

Network site

VLAN-Subnet

Uplink port

VM

Virtual port

Configure HNV Logical NW

IP Pool

IP Pool

PF1000PF1000

Logical switch PF1000

Path-Control over Fabric Network

Add Network Service

Create IP Pool

Create Port Profile

Create Logical Switch

Configure Virtual Switches

Create Virtual Switches

Create VM Networks

Create IP Pools

Connect VMs to VM NWs

ProgrammableFlow Virtual Switch PF1000

DCIM-B315 Cloud Optimized Networking in Windows Server 2012 R2

Related content

DCIM-B378 Converged Networking for Windows Server 2012 R2 Hyper-V

DCIM-B344 Network Tuning for Specific Workloads

Find us at the TechExpo hall

Click icon to add picture

CiscoNexus 1000V for Hyper-VSujit KhaleTechnical Leader Cisco

Nexus 1000V Architecture Respects DC Operational Model for PV

Hypervisor Hypervisor Hypervisor

Modular Switch

…Linecard-N

Supervisor-1 (Active)

Supervisor-2 (StandBy)

Linecard-1

Linecard-2

Bac

k P

lane

VEM-NVEM-2

VSM: Virtual Supervisor ModuleVEM: Virtual Ethernet Module

VSM-1 (active)

VSM-2 (standby)

Virtual Appliance

NetworkAdmin

ServerAdmin

NX-OSControl Plane

NX-OSData Plane

Extensible Switch

CaptureFiltering

ForwardingNexus 1000V

VEM

Port Profiles, Network Segments and VMs

Database Network

Clients Guests# port-profile database-clientip port access-group dbclient inno shutstate enabled

# port-profile database-serverip port access-group dbserver inno shutstate enabled

# port-profile database-adminip port access-group dbadmin inno shutstate enabled

# network-segment database1switchport mode accessswitchport access vlan 10

Nexus 1000V Installation Workflow …

1. Download Cisco Package

2. Install SCVMM Components

3. Install & Configure VSM

4. Create Nexus 1000V Logical Switch4.2 Create Logical Switch

4.1 Add Switch Extension Manager

4.3 Create VM Networks

2.1 Install Cisco Provider MSI

2.2 Install Cisco VSM Template Files

2.3 Copy VEM to SCVMM Repository

2.4 Copy VSM ISO to SCVMM Library

3.2 Install VSM VM using VM Template

3.3 Configure VSM

3.1 Create Microsoft Switch for VSM Connectivity

Nexus 1000V Installation Workflow …

7. Connect VMs to Nexus 1000V Logical Switch

6. Create Nexus 1000V Logical Switch Instance on hosts

5. Prepare Hyper-V Hosts

5.2 Configure VMQ RSS Settings

5.1 Configure PNIC MTU Settings

6.2.1 Select Host

6.2.2 Select the MGMT PNIC

6.2.4 Deploy Logical Switch

6.2.5 Add Remaining PNICs to Logical Switch

6.1.1 Select Host

6.1.2 Select the PNICs except MGMT PNIC

6.1.3 Deploy Logical Switch

6.1.4 Add any Remaining PNICs to Logical Switch

Management PNIC WorkflowNon - Management PNIC Workflow

6.2.3 Create MGMT Host Virtual Network Adapter

7.1 Select VM Network Adapter

7.2 Connect the VM Network Adapter to Logical Switch

7.3 Select VM Network and Port Classification for the Network Adapter

Demo 1 – Nexus 1000V Installation

Both VXLAN and HNV are multi-tenant aware Network Virtualization overlay technologiesVXLAN more focused on Layer 2 (same service as a VLAN)HNV more focused on Layer 3 (same service as a router)Different Tenants can reuse the same network addressesNexus 1000V for Hyper-V is the first to support both

VXLAN and HNV Support

Demo 3 – Nexus 1000V & Network Virtualzation

Cisco Virtual Security GatewayContext-based, Multi-tenant, Workload Segmentation

Nexus 1000VDistributed Virtual Switch

VM VM VM

VM VM

VM

VM VM VM

VM

VM

VM VM VM

VM VM VMVM

VM

vPath

Cisco PNSC

Log/Audit

VSG(active)

Secure Segmentation(VLAN agnostic)

Efficient Deployment(secure multiple hosts)

Transparent Insertion(topology agnostic)

High Availability

Dynamic policy-based provisioning

Mobility aware(policies follow Migration)

Condition

Cisco Virtual Security Gateway Security Rules with VM & Custom attributes

VM Attributes

VM Name

Guest OS name

Port Profile Name

VM DNS Name

Network Attributes

IP Address

Network Port

Operator

eq

neq

gt

lt

range

Not-in-range

Prefix

Operator

member

Not-member

Contains

And (Global Level)

Or (Global Level)

Source

ConditionDestination Condition Action

Rule

Attribute Type

Network

VM

User Defined

vZone

Condition Match Criteria

Match All (And)

Match Any (Or)

VSG Workflow

5. Configure VSM

1. Install & Configure Microsoft Service Provider Foundation

2. Download Cisco PNSC & VSG Pacakges

3. Install & Configure PNSC

4. Configure Tenants and Security Profiles

7. Install VSG

6. Configure Hyper-V Hosts

8. Assign Firewall from PNSC

9. Apply Security Profile from SCVMM

Demo 2 – Nexus 1000V & Virtual Security Gateway (VSG)

Come Visit Us in the Microsoft Solutions Experience!

Look for Datacenter and Infrastructure ManagementTechExpo Level 1 Hall CD

For More InformationWindows Server 2012 R2http://technet.microsoft.com/en-US/evalcenter/dn205286

Windows Server

Microsoft Azure

Microsoft Azurehttp://azure.microsoft.com/en-us/

System Center

System Center 2012 R2http://technet.microsoft.com/en-US/evalcenter/dn205295

Azure PackAzure Packhttp://www.microsoft.com/en-us/server-cloud/products/windows-azure-pack

Resources

Learning

Microsoft Certification & Training Resources

www.microsoft.com/learning

msdn

Resources for Developers

http://microsoft.com/msdn

TechNet

Resources for IT Professionals

http://microsoft.com/technet

Sessions on Demand

http://channel9.msdn.com/Events/TechEd

Complete an evaluation and enter to win!

Evaluate this session

Scan this QR code to evaluate this session.

© 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.