VMware NSX: A Customer’s Perspective Taruna Gandhi, VMware Jason Puig, Symantec Richard Sillito, WestJet NET5529 #NET5529
Jun 26, 2015
VMware NSX: A Customer’s Perspective
Taruna Gandhi, VMware
Jason Puig, Symantec
Richard Sillito, WestJet
NET5529
#NET5529
2
Agenda
VMware NSX Overview
Customer Deployments
• WestJet: Flight Path to a Better Network
• Symantec: Self Service Lab Cloud
Q&A
3
Software Defined Data Center
SOFTWARE-DEFINED
DATACENTER
All infrastructure is virtualized and delivered as a
service, and the control of this datacenter is
entirely automated by software.
4
WEEKS DAYS/
HOURS MINUTES/ SECONDS
Storage/ Availability Servers Networking Security
Management/
Monitoring
SOFTWARE-DEFINED DATACENTER SERVICES
VDC
Time to Provision New Services
2008 2012 2013
5
Compute
Network
DC Services
DB DB
App App
Web Web
Corpnet/Internet
• Provisioning is slow
• Placement is limited
• Mobility is limited
• Hardware dependent
• Operationally intensive
Current Network Operational Model is a Barrier to Software Defined
Data Center
6
Provisioning Network Virtualization with NSX
• Programmatic provisioning
• Place any workload anywhere
• Move any workload anywhere
• Decoupled from hardware
• Operationally efficient
Compute
Network
DC Services
7
Provisioning Network Virtualization with NSX
• Programmatic provisioning
• Place any workload anywhere
• Move any workload anywhere
• Decoupled from hardware
• Operationally efficient
Compute
Network
VMware NSX
DC Services
8
VMware NSX – Network and Security for SDDC
Public Clouds Private Clouds
Hybrid Cloud Seamlessly extend your data center to the public cloud
Virtual Workspace Manage access to services, applications and data for any device
The New Role for IT: IT as a Service
Software-Defined Data Center Virtualize the entire data center
Management and Automation
Storage and Availability Compute Network and Security Network and Security
Any Application (without modification)
Virtual Networks
VMware NSX Network Virtualization Platform
Logical L2 - Switch
Any Network Hardware
Any Cloud Management Platform
Logical
Firewall Logical
Load Balancer
Logical L3 - Router
Logical
VPN
Any Hypervisor
9
VMware NSX – Networking & Security Capabilities
Rich Networking & Security Services • Scalable Logical Switching
• Physical to Virtual L2 Bridging
• Dynamic L3 Routing: OSPF, BGP, IS-IS
• Logical Services:
Firewall, Identity-based Firewall, Load-
balancing, VPN (IPSec, SSL, L2VPN)
Automation & Operations • API Driven Integration
• Service Composer for Security Workflows
• Server Access Monitoring
• Troubleshooting & Visibility
Partner Extensibility • Physical ToR L2 Integration
• Security Services – IDS / IPS, AV,
Vulnerability Mgmt
• Network Services – Load Balancers, WAN
Optimization
Any Application (without modification)
Virtual Networks
VMware NSX Network Virtualization Platform
Logical L2
Any Network Hardware
Any Cloud Management Platform
Logical
Firewall
Logical
Load Balancer
Logical L3
Logical
VPN
Any Hypervisor
10
VMware NSX – Network Virtualization Benefits
VMware NSX Transforms the Operational Model of the Network
• Network provisioning time reduced from 7 days to 30 sec
Reduce network provisioning time from
days to seconds
Cost Savings
• Reduce operational costs by 80%
• Increase compute asset utilization upto 90%
• Reduce hardware costs by 40-50%
Operational Automation
Simplified IP hardware
Choice
• Any Hypervisor: vSphere, KVM, Xen, HyperV
• Any CMP: vCAC, Openstack
• Any Network Hardware
• Partner Ecosystem
Any hypervisor
Any CMP with Partner
11
Customers Deploying Network Virtualization Today!
Westjet: Flight Path to a Better Network
Symantec: Self Service Lab Cloud
Defy Convention
Fort Henry Ontario
Flight Plan
Let’s get our bearings
No
rth/So
uth
East/West
The Current State
Navigating in an Alternate Reality (aka “the future”)
• Automation, Continuous Delivery & Self Service
• Support low CASM through reduced TCO
• Commoditization hardware
• Leverage Virtualize network components
• Less complex information environments
• Enable the future workforce with service such as Mobile Workspace, Bring Your Own Device and Capacity on Demand
Flight Following
Security Architecture Made Simple (SAMS)
Security Architecture Made Simple (SAMS) SAMS - Infrastructure
Flight Following
SAMS Infrastructure using a VMware Solution
Gateway Firewall (Layer 3)
Connects the outside world
Simple firewall rules
Basic Functionality
High Availability – 4 nines
Embedded Firewalls (Layer 2)
Firewall distributed into each hypervisor
Central Management and reporting
Transparent Firewall
Networking occurs at hypervisor speed
Firewall has more visibility
Innovators
The Evolution
Flight Following
Physical Network
Virtual Network
Flight Following
Software Defined Datacenter
Flight Following
Summary
Defy Convention • Security
• Performance
• Simplicity
• Automation
Inspiration/Thanks
VMWare
• Vern Bolinius
• Ray Budavari
• Bruno germain
My Family
• Patrick, Brittney, Taz
Thanks VTeam
• Dominador DeLeon – Sr. TSA - Infrastructure Ops
• Justin Domshy – Manager of Environments
• Mike Gromek - Technical Architect III
• Darrell Lizotte – Technical Architect III
• Randy Seabrook – Manager Architecture
• Derek Sharman - Sr. Analyst-Config Management
• Nanda Weicker - Business Architect III
• Walter Wenzl - Sr Analyst-Config Management
• Dallas Young - Security Support Analyst III
Inspiration • Dump your DMZ by Joern Wettern
• BYOD and the Death of the DMZ by Lori MacVittie
• Zero Trust Model John Kindervag
32
Granite Labs - Symantec’s Self Service Lab Cloud
Real-World Experiences with a VMware Software-Defined Data Center
Jason Puig Symantec Manager, Cloud Services – Global Symantec Labs
Current Deployment Summary
• Symantec Granite Labs is a large scale implementation of a Software-Defined Data Center (SDDC)
– Based on VMware and Symantec technologies
– 250,000 VMs deployed, 27,000 under management today with 3,800 users
– 15-month implementation
– Have saved 32,000 Symantec staff hours
– While delivering better quality to end-users, in less time
IT Pressures – a Constant Over the Decades
“Are you getting the maximum efficiency out of your infrastructure?”
“How quickly can IT respond to LOB requests?”
• Legislative Compliance • Risk Reduction – SLAs & Business Continuity • Security – Corp Assets & IP
Why a Cloud Lab in an SDDC?
• Cost
– Single shared pool of networking, storage, and compute resources.
– Reduced administration
– Reduced integration costs
• Agility
– Data Centers available in minutes instead of days or weeks.
– Abstraction of hardware at all layers allows flexibility and reduced downtime.
– Faster turn around when implementing new solutions
– Reduce provisioning effort allowing employees to focus on their primary job - helping customers.
– Removing the burden of managing labs from engineers and trainers.
– Helps to break down barriers between departments and reduces silos
• Governance
– Secured within the Symantec Firewall / Private Enterprise Cloud
– Complete oversight into the datacenter topologies allow for improved control.
Cloud Based Labs: The ultimate challenge.
• Legacy Labs
Cloud Based Labs: The ultimate challenge.
• Legacy Labs
• Lab Complexity
• Dynamic Workloads
• “Hands On” / Self Service Required
• Scale
• Security / Protection
• Multiple Geographies
• Virtual on Virtual
• Hybrid Physical and Virtual Provisioning
• Cost
What we Deployed
• vCloud Suite
– vCloud Director
– vSphere
– vCloud Networking & Security
– vCenter Orchestrator
• NetBackup
• Endpoint Protection
• IT Management Suite
– Deployment Solution
– Asset Management Suite
– Service Desk
• 7xxx Core Switching
• UCS Blades
• FAS6240
• FAS6280
Demo
Metrics / Lessons Learned
• Cost
– Single shared pool of networking, storage, and compute resources.
• Explosive adoption, over 3,800 employees have used the solution since launch. Average over 2,000 active users every month.
• Over 250,000 virtual machines deployed since launch.
• Over 27,000 virtual machines under management
• Unified library of over 700 lab topologies within our Software Defined Data Center
– Reduced administration
• While fewer admins are needed, they need to be cross functional and understand the latest virtualization trends.
• Choosing the right vendors who understand cloud
– Reduced integration costs
• Cloud integration is complex, use as many integrated solutions as you can which are proven to work together. Symantec is seeing the savings in the ability to leverage integrations across the cloud.
• Agility
– Software Defined Data Centers available in minutes instead of weeks or months
• Average Provisioning Time: 14 Minutes, completely changes the way employees work.
– Abstraction of hardware at all layers allows flexibility and reduced downtime.
• Multiple hardware transitions since inception, zero user impact.
• Orchestration is a must
– Faster turn around when implementing new solutions
• Our entire cloud topology is actually stored in an SDDC vApp inside of the cloud, allowing for on the fly testing of new solutions even with the cloud itself.
– Reduce provisioning effort allowing employees to refocus their actual jobs - helping customers.
• Saved over 11,000 weeks of effort
– Removing the burden of managing labs from engineers and trainers.
• Transitioned to Cloud Operations
– Helps to break down barriers between departments and reduces silos
• Over 700 shared labs covering most Symantec product lines currently available
• Support Services, Training, and Engineering are finally able to share… everything.
Metrics / Lessons Learned
• Governance
– Secured within the Symantec Firewall / Private Enterprise Cloud
– Complete oversight into the datacenter topologies allow for improved control.
• Auditing of topologies to reduce human error.
• Ensure proper security is in place prior to allowing deployment.
Metrics / Lessons Learned
Future
• Unparalleled Cloud Integration with Symantec Products
• Incorporate enhancements to virtual networking (VMware NSX)
• Reference Architectures
Visit the VMware and Symantec booths.
Talk to us about how we can help your organization get to IT-as-a-Service, and a Software-Defined Data Center
45
Thoughts & Questions
Richard Sillito
Jason Puig
Taruna Gandhi
46
Other VMware Activities Related to This Session
HOL:
HOL-SDC-1303
VMware NSX Network Virtualization Platform
Group Discussions:
NET1001-GD
vCloud Networking and Security & NSX for VMware Environments with
Ray Budavari
NET5529
THANK YOU
VMware NSX: A Customer’s Perspective
Taruna Gandhi, VMware
Jason Puig, Symantec
Richard Sillito, WestJet
NET5529
#NET5529