Title slide with picture

Download Report

Transcript Title slide with picture

The next big shift in
your data center
VMware NSX with HPE
Transforming to a hybrid infrastructure enables IT to deliver a
new experience to the business
– Deliver new services faster and be a service
provider to my lines of business.
– Spend more time developing and improving
applications.
– Flexible application deployment options (offand on-premises).
Data center architectural approaches
SDDC/network virtualization enables a new operating model
Software-defined
– Intelligence in software (abstraction)
– Automated, VM-based operating
model
– Physical/virtual integration
Compute
virtualization
Storage
virtualization
Network
virtualization
Legacy networking operational
models have held customers back
Virtualization layer
Hardware-defined
– Intelligence in hardware (monolithic)
SDDC
visionary
alignment
OS-integrated
features
– Dedicated, vendor-specific infrastructure
Proprietary
OS
– Manual configuration (CLI) and
management
Proprietary
hardware
3
Network virtualization is at the core of an SDDC approach
Non-disruptive deployment
Network, storage, compute
Virtualization layer
Courtesy of VMware
4
Network virtualization is at the core of an SDDC approach
Non-disruptive deployment
Network, storage, compute
Virtualization layer
“Network hypervisor”
Virtual data centers
Courtesy of VMware
5
The NSX distributed service platform dynamically inserts and
orchestrates advanced networking and security services into
the SDDC
Moves networking to software
Lets you move workloads seamlessly
The NSX™ network virtualization platform is helping hundreds of
customers realize the full potential of a software-defined data
center (SDDC). NSX moves networking to software, creating
never-before-seen levels of flexibility. It fundamentally
transforms the data center’s network operational model like
server virtualization did 10 years ago.
NSX moves virtual machines and all of their associated
networks and security policies between data centers in just
minutes. It avoids any interruption to the running application,
enabling active-active data centers and immediate disaster
recovery options.
Enables network micro-segmentation
Integrates with third-party products
NSX brings security inside the data center with automated, finegrained policies tied to the virtual machines (VMs). It enables
micro-segmentation to significantly reduce the lateral spread of
threats inside the data center. By making network microsegmentation operationally feasible, NSX brings an inherently
better security model to the data center.
NSX provides a platform for bringing the industry’s leading
networking and security solutions into the SDDC. By taking
advantage of tight integration with the NSX platform, third-party
products can not only deploy automatically as needed, but also
adapt dynamically to changing conditions in the data center.
The equivalent of a network hypervisor transforms data center economics,
dramatically improving security and simplifying operations
6
Section 1
Why HPE and VMware NSX
7
Accelerating the customer journey to the software-defined
data center
HPE and VMware together revolutionized SDDC
economics and efficiencies
– HPE’s industry-leading position in servers for 15 years
– VMware’s game changing approach to virtualization
– HPE is the #1 global leader in server virtualization
solutions based on VMware with more than 500,000 users
– Largest global-authorized training center for VMware
– More than 90 training centers in over 30 countries
– First to train over 17,000 students with true 24/7 support
– Single point of support for VMware/SDDC, including more
than 1000 VMware-certified professionals
– Decades of networking, virtualization, and security
expertise
8
HPE-VMware NSX partnership
HPE VMware NSX OEM
Network certification
HPE-branded services
One partner capable of delivering
SDDC life cycle solutions
Differentiated through bridging
virtual/physical
Global end-to-end SDDC and
virtualization lifecycle services
The industry’s first NSX OEM
network virtualization lifecycle
partnership – simplifying the
customer experience
HPE FlexFabric Open
vSwitch Database (OVSDB)
certification with VMware NSX
The industry’s most complete
end-to-end services portfolio
with decades of networking
and VMware expertise
9
HPE-VMware networking solution
Direct (“native”) OVSDB
– Simple, transparent
NSX deployment option
Network virtualization
Application
(L4–7 Services)
Control
Infrastructure
– Underlay/overlay
network functions
separately
– Physical and virtual
network integration
– HPE FlexFabric
networking underlay
(spine/leaf)
HPE FlexFabric 5930
10
HPE takes the cloud infrastructure market lead
– HPE now leading the
market with 13% share of
the cloud infrastructure
equipment market
– $16 billion per quarter
(S/S/N)
– Growing at 25% year
over year
– Networking/virtualization
provides a foundational
prerequisite for the cloud
11
HPE Network Virtualization Technology Services
HPE consulting services for
VMware NSX
HPE software support
services for VMware NSX
– Strategy
– Integration
– Foundation Care
– Assessment
– Optimization
– Proactive Care
– Design
– Security
Technology Services
– Datacenter Care
The industry’s most
complete solution
SDN/NV, fabric underlay, VMware NSX, vSphere®, vCenter™, BC/DR
IPv6, MPLS/VPLS, CI, hybrid cloud, OpenStack®
HPE and third-party migration services
12
Mobile TeleSystems
Ukraine’s largest mobile provider relies on HPE to protect billing
and other business-critical systems
Long-distance
workload mobility
VM
Long-distance
data mobility
VM
Business
continuity
Disaster recovery
VM
VM
VM
VM
VM
VM
VM
VM
VM
VM
VM
VM
VM
VM
VM
Ethernet extension
any transport
Hypervisor
Hypervisor
Virtualized data center 1
Deploy over
existing network
No redesign
required
Virtualized data center 2
Five configuration
steps per site
Automatic fault
isolation
“HPE designed a solution that combines our
geographically distributed data centers into a
single IT infrastructure so that we have the
flexibility to move around our workloads and
resources as needed.
Going forward, we can use the solution to
combine up to eight more data centers and
grow quickly while protecting our investment
in technology.”
– Anatoly Starodubets, Head of IT Systems Operation
Department, MTS Ukraine
Case study, “MTS Ukraine upgrades to scalable, flexible HP network"
13
Mobile TeleSystems
HPE-VMware extended OEM partnership is significant to
MTS and supports their business
NSX OEM agreement is significant in that MTS is able to
partner with a single, trusted partner—HPE—capable of
delivering the full life cycle of data center, networking, and
virtualization services.
– Simplify operations, speed application
delivery, and lower cost
– Trusted partner with decades of networking,
virtualization, and data center experience and
comprehensive 24x7x365 life-cycle services
– Confidence to move forward with new technology
innovations that increase our competiveness and delight
customers
14
Section 2
VMware NSX momentum and use cases
15
NSX customer momentum
Service providers
Transportation
Global financials
Government
Retail
Education
Healthcare
Media and
communications
Integrators
16
VMware NSX in the data center
Application continuity
Disaster recovery with
NSX
Security
Micro segmentation
through NSX
IT automation
Integrating physical
workloads to NSX
17
DR today
Primary site
1
Recovery site
Snapshot VM
4
Change IP address
Reconfig security
10.0.20.21
10.0.10.21
3 Recover
the VM
SAN
Major
RTO
impact
SAN
Step 1&2
(e.g., VMware SRM)
10.0.10/24
Physical network infrastructure
2
10.0.20/24
Physical network infrastructure
Replicate
VM and storage
Courtesy of VMware
18
DR with NSX network virtualization
Primary site
Recovery site
Virtual network
10.0.30/24
Virtual network
10.0.30/24
1
10.0.30.21
2b
Snapshot VM
Network and security
already exists
Snapshot
network and
security
NSX controller
NSX controller
SAN
3
Recover
the VM
10.0.30.21
80%
RTO
SAN
Steps 1 and 2
(e.g VMware SRM)
10.0.10/24
Physical network infrastructure
2a
10.0.20/24
Physical network infrastructure
Replicate
VM and storage
Courtesy of VMware
19
Problem: Data center network security
Perimeter-centric network security has proven insufficient, and
micro-segmentation is operationally infeasible
Internet
Internet
Little or no
lateral controls
inside perimeter
Insufficient
Operationally infeasible
Courtesy of VMware
20
Why traditional approaches are operationally infeasible
– Create firewall rules
before provisioning
– Update firewall rules
when move or change
Internet
– Delete firewall rules
when app
decommissioned
– Problem increases
with more East-West
traffic
Perimeter
firewalls
Courtesy of VMware
21
VMware NSX makes micro-segmentation possible
Cloud
Management
Platform
Security policy
Internet
Perimeter
firewalls
Courtesy of VMware
22
Defining security policy for automation and audit compliance
10.0.2.34
10.0.4.72
Security policy
☐
Development workload
☐
Test workload
☐

Production workload
☐
Web tier
☐
App tier
☐

Data base tier
☐

Application type: Customer data
☐

Application type: PCI data
☐
Quarantine: If CVSS>5
production
src,dest,port,protocol
database tier
allow<=application tier>
customer Data
allow<appid=3456>
pci data
allow<appid=6789>
quarantine
cvss=2
production
src,dest,port,protocol
database tier
allow<=application tier>
customer Data
allow<appid=3456>
pci data
allow<appid=6789>
quarantine
cvss=2
Audit
Courtesy of VMware
23
Support for physical workloads and VLANs
Courtesy of VMware
24
Support for physical workloads and VLANs
Courtesy of VMware
25
Uses and benefits of a virtualized network approach
Security
Micro-segmentation
Value
Secure infrastructure
at 1/3 the cost
IT automation
IT automating IT
Reduce infrastructure
provisioning time from
weeks to minutes
Application continuity
Disaster recovery
Reduce RTO
by 80%
DMZ anywhere
Developer cloud
Metro pooling
Secure end user
Multi-tenant
infrastructure
Hybrid cloud
networking
26
HPE better together – the power of one
One vendor, one ref design, one
support contract for all your needs
Advise
Integrate
Transform
Support
Flex
HPE brings together decades of networking,
virtualization and security expertise that enables the
bridging of physical and virtual data center infrastructure
27
Thank you
28