Sep 18

Introduction to NSX Data Center for Security (SAI2026BU)

This session will focus on how VMware NSX Data Center helps to answer the question, “How do you secure applications that are widely distributed and constantly changing?” By making network security an intrinsic part of the environment on top of which applications and data live, NSX Data Center delivers security policies and controls that are as ubiquitous and agile as applications themselves, no matter where they live. Find out about context-aware micro-segmentation and other key capabilities of NSX Data Center that shrink the application attack surface and improve your overall security posture.

Speakers Alex Berger, Product Marketing, Networking and Security, VMware: Alex Berger is a Product Marketer with VMware’s Networking and Security business unit. His focus is on security products and their use cases, including VMware NSX and VMware AppDefense. Prior to joining VMware, Alex worked on enterprise security products addressing a range of security issues including data access governance, identity and access management, privileged identity management, and threat detection and response. Christopher Frenz, AVP of Information Security, Interfaith Medical Center:

Christopher Frenz is the Director of IT Infrastructure at Interfaith Medical Center and is an expert on healthcare security and privacy. He the author of the books “Visual Basic and Visual Basic .NET for Scientists and Engineers” and “Pro Perl Parsing”, as well as the author of numerous articles. Frenz holds many industry standard certifications, including CISSP, HCISPP, CISM, CISA, FIP, CIPP, CIPM, CIPT, and CCSK.

Rating: 5/5


Sep 01

NSX Design Guide for Small Data Centers

Executive Summary

VMware NSX is the network virtualization technology that decouples the networking services from the underlying physical infrastructure. VMware NSX allows for a new software based approach to networking that provides the same operational model as a virtual machines (VM). Virtual networks can easily be created, modified, backed-up and deleted within minutes.

By providing the physical networking constructs in software, VMware NSX provides similar benefits as server virtualization did with VMs. Businesses can see the impact in terms of increased efficiency, effective resources utilization, productivity, flexibility, agility and cost savings.

Document Structure

This document will present the audience with the NSX introduction, business use-cases and overview of design in Large and Medium data centers. The beginning of the document serves as a refresher to those who are already familiar with the NSX design and deployment aspects.
The document goes on to present a NSX for small data center, its relevance, and what are the main building blocks of designing NSX in small data centers.

The document talks about popular NSX deployment models in small data centers, gives details around protecting and designing based on the individual NSX components, like NSX ESG and DLR Control VM etc.
Towards the end of the document, it talks about the growth option to take NSX even further and grow it into the medium and large scale deployment.

Introduction

NSX has emerged as the leading software platform to virtualize network and networking services. Many customers have deployed NSX to run their production and non-production workload to get the benefits that
comes with virtual networks and software defined network approaches. NSX has been deployed from small to medium to large sizes of data centers to enable a wide-range of use-cases.

There are situations where large enterprises have also deployed NSX in their small data centers islands within the overall large environment. There are also situations where small and medium businesses (SMBs) are deploying NSX with small number of hosts to take advantage of network virtualization. Regardless of the size of the enterprise, small data center is a viable option and relevant for all type of customers, enterprises and businesses.

The NSX Reference Design Guide discusses design aspects to deploy NSX in all data center sizes. This document uses the NSX Reference Design Guide as a baseline and provides additional and/or supportive guidance to successfully run NSX in SMB Data Centers. It is assumed that readers have gone through the concepts and design options discussed in NSX reference design guide.

In addition, readers are highly encouraged to take a look at Software Defined Data Center (SDDC) VMware
Validated Design Guide (VVD) that provides most comprehensive and extensively tested blueprint to build and operated SDDC.

NSX Customer Use Cases

NSX has been widely accepted and deployed in production by many customers. Figure 1 lists some of the most important use cases that customers are deploying NSX for.

Packet-Header

Figure 1. – NSX Use Cases

Security

NSX can be used to create a secure infrastructure, which can create a zero-trust security model. Every virtualized workload can be protected with a full stateful firewall engine at a very granular level. Security can be based on constructs such as MAC, IP, ports, vCenter objects, security tags, active directory groups, etc. Intelligent dynamic security grouping can drive the self-adaptive security posture within the infrastructure.

Automation

VMware NSX provides a full RESTful API to consume networking, security and services, which can be used to drive automation within the infrastructure. In small data centers, automation tools like REST API and PowerNSX can be useful to programmatically configure network and security services, or to pull the information from VMware NSX deployments for simple operations tasks.

Application Continuity

NSX provides a way to easily extend networking and security up to eight vCenters either within or across data centers. NSX can extend or stretch L2 and L3 networks across data centers in distributed fashion. NSX also ensure that the security policies are consistent across those stretched networks and hence provide a seamless, distributed and available Network and Security overlay. All of it is done using software based technologies, without requiring expensive hardware.

NSX for vSphere Components

vSphere is the foundation for NSX for vSphere (referred to as NSX throughout this document) deployment. It is important to have good understanding of what vSphere and NSX components are involved into the design. For a successful NSX deployment, it is imperative to have a good vSphere deployment in place with proper vSphere clustering, compute, network and storage. For detailed discussions on these topics, the reader can refer to the NSX Reference Design Guide.

Figure 2 shows various layers of NSX for vSphere architecture based on the role being performed by each NSX components. From a very high level, the NSX solution architecture can be seen as divided between management, control and data planes. In the traditional networking model, the control and data plane is combined together.
NSX and other software defined networking architectures follow an approach where the data plane is separated from the control plane. This approach provides the advantage of decoupling from hardware dependencies, and allows all networking services to be virtualized following the same operational model that compute and storage virtualization has been providing for years.

Packet-Header

NSX layers for vSphere Architecture

NSX in Small Data Center Use-Cases

One must understand that Small Data Center (DC) does not mean that it is only relevant for small customers. Many large enterprises deploy NSX with small footprint or small number of ESXi resources in the beginning and then they expand to larger footprint. This could be due to number of different reasons for example budget, staffing or simply because of small scale deployment that they would have in the beginning. The advantage is that even if NSX is deployed in small footprint, it can easily grow into a medium or large size deployment.
On a broad scale, Small Data Center use-cases can be divided based on business function and application that are being deployed.

Functional Level Use Cases

Organizations deploy NSX with small footprint in specific functional areas or groups that they have. For instance

  • Disaster recovery and/or avoidance
  • Pre-Prod vs Test environments
  • Compliance / DMZ
  • Business units with their own operational model
  • Etc.

Application Level Use Cases

Many customers deploy NSX in small DCs to tackle one or more application level use-cases that they have. For instance

  • VDI
  • Load Balancer
  • Agentless Antivirus (AV)
  • Etc.

NSX Advantage for Small Data Centers

Organizations adopt NSX not just because of its technical strength and advantages that they gain while deploying networking services in software. They also get the advantage in terms of its simplicity, ease of use and operational flexibility. Some of these advantages are highlighted here.

Simplicity and Modularity

Small customers like the idea of its simplicity and modularity, where they have peace of mind to grow and add more features as they increase the capacity or user base. They do not need to purchase all the networking hardware upfront with lots of unknown down the road. NSX provides those customers software based networking services that they can spin up anytime they want without incurring additional hardware cost.

Procurement

Customer are also thrilled because all the networking and security services are bundled within the same product and platform, so they do not need to worry about contacting multiple vendors not just for purchase but also for support agreement and licenses procurement and cost. Customer are getting everything with the NSX under one roof.

Ease of Operations

Majority of the customers are already familiar with the operational model vSphere has provided them for years. NSX is seamlessly integrated within the same model. It enhances their operational model and sits nicely on top of it. Hence the learning curve to adopt the new technology is minimal.

Download NSX Design Guide for Small Data Centers.

Rating: 5/5


Sep 20

VMware NSX Design: Reference Design for SDDC with NSX and vSphere: Part 2

VMworld 2017 NET1345BU – VMware NSX in Small Data Centers for Small and Medium Businesses.

NOTE: This video is roughly 60 minutes in length so it would be worth blocking out some time to watch it!

Rating: 5/5


Sep 20

VMware NSX Design: Reference Design for SDDC with NSX and vSphere: Part 1

VMworld 2017 NET1535BE – VMware NSX Design: Reference Design for SDDC with NSX and vSphere: Part 1.

NOTE: This video is roughly 60 minutes in length so it would be worth blocking out some time to watch it!

Rating: 5/5


Sep 12

Advanced VMware NSX: Demystifying the VTEP, MAC, and ARP Tables

VMworld 2017 NET1152BU – Introduction to VMware NSX.

NOTE: This video is roughly 55 minutes in length so it would be worth blocking out some time to watch it!

Rating: 5/5


Sep 07

NSX Everywhere – The Foundation for the Digital Era

In this video, you’ll learn how NSX, VMware’s Network & Security Platform, is at the heart of accelerating digital business transformation. We’ll discuss how NSX drives four key strategic IT priorities:

1. It delivers agility, security, and scalability Modern Data Centers, supporting innovation & growth
2. It extends security from the data center to the Digital Workspace, supporting secure access to applications from anywhere on any device
3. It allows you to Integrate Public Clouds consistently manage, connect, and secure applications across multiple private and public clouds
4. Most critically, it Transforms Security so that data, apps, devices, data centers, and clouds are compliant and secure.

And we’ll discuss how these IT priorities are directly linked to business outcomes around o accelerating business agility and innovation. o delivering exceptional mobile experiences. o protecting brand and customer trust VMware NSX is the Network Virtualization & Security platform that helps our customers make the transition to the Digital Era. Get the NSX Mindset!

Rating: 5/5


Sep 05

Desktop Security with NSX

Most organisations continue to spend most of their security budget on securing their server infrastructure, implementing things like firewalls, intrusion prevention/detection systems and SIEM solutions. The reason for this is that’s where they consider their most prized possession to be, their data. But is that the correct stance? More and more cyber-attacks now start with phishing attacks on end users, using end user devices as the entry point of the attack. In this video we take a look at some typical desktop configurations, their possible vulnerabilities and where we can reduce the chance of attack by employing some simple changes without impacting desktop performance with NSX.

NOTE: This video is roughly 20 minutes in length so it would be worth blocking out some time to watch it!

Rating: 5/5


Aug 30

VMware NSX in Small Data Centers for Small and Medium Businesses

VMworld 2017 NET1345BU – VMware NSX in Small Data Centers for Small and Medium Businesses.

NOTE: This video is roughly 60 minutes in length so it would be worth blocking out some time to watch it!

Rating: 5/5


Jul 26

NSX – How do I know if I need it or not?

Not all data centers are created equal. Oh sure we believe NSX is the greatest thing since cornbread and chicken. The reality is any product that goes into your data center must be able to increase your efficiency while decreasing your overhead. Join Jimmy Ray Purser as he explains how the NSX Pre-Assessment tool works and how you can justify the need or not for moving towards a Software Defined Data Center. All without having to purchase a single thing! Free is good right?

Rating: 5/5


Jul 12

VMware NSX and the Data Center Network Evolution

Watch this short video from Gustavo Santana (author, VCIX-NV, triple-CCIE, and NSX SE Manager for Latin America) to understand how VMware NSX can positively influence on the architecture of physical data center networks. Here are some of the topics addressed by Santana:

* The evolution of data center networks from the 1990s to the 2010s
* Benefits and challenges of each evolution phase (STP-based, Multi-chassis, fabrics)
* An architectural perspective of VMware NSX
* A new proposed architecture for data center networks

The network virtualization revolution continues!

Rating: 5/5