NET2375BU Intelligent Operations for SDDC … Operations for ... VMWare NSX Virtualize your SDDC Network and Security ... troubleshooting capabilities that Arkin (vRNI)

Neelay Thaker, Product Marketing Manager

Waleed Akl, Lead Systems Engineer

NET2375BU

#VMworld #NET2375BU

Intelligent Operations for SDDC Network and Security with vRealizeNetwork Insight

VMworld 2017 Content: Not fo

r publication or distri

bution

• This presentation may contain product features that are currently under development.

• This overview of new technology represents no commitment from VMware to deliver these features in any generally available product.

• Features are subject to change, and must not be included in contracts, purchase orders, or sales agreements of any kind.

• Technical feasibility and market demand will affect final delivery.

• Pricing and packaging for any new technologies or features discussed or presented have not been determined.

Disclaimer

2#NET2375BU CONFIDENTIAL



bution

2017 Digital Transformation Agenda

Business Agility

and Innovation

Exceptional Mobile

Experiences

Protection of Brand

and Customer Trust

Empower

Digital

Workspaces

Transform

Security

Modernize

Data

Centers

Integrate

Public

Clouds

B U S I N E S S O U T C O M E S

S T R AT E G I C I T P R I O R I T I E S

3



bution

Networking & Security for the Software-Defined Data Center

4

VMWare NSXVirtualize your SDDC Network and Security

VMWare vRealize Network InsightIntelligent Operations for your SDDC Networking and Security

Use Cases:➢ Security: Architecting security as

an inherent part of the data center infrastructure

➢ Automation: Automating IT processes to deliver IT at the speed of business

➢ App Continuity: Enabling applications and data to reside and be accessible anywhere

Use Cases:➢ Micro-segmentation Planning: Identify

network segments and flows between them, get firewall rules recommendations

➢ 360 Visibility & Troubleshooting: Unify troubleshooting across the virtual and physical infrastructure

➢ Manage & Scale NSX: Scale across multiple NSX Managers with powerful visualizations for topology and health

➢ Secure Public Clouds

Benefits:➢ Typically 20%-40% better performance➢ Reduces time to value in the enterprise➢ Enables agility for better performance –

policies move with workloads

Benefits:➢ Accelerate micro-segmentation planning➢ Rapidly troubleshoot issues and identify

opportunities for optimization➢ Manage and scale NSX deployments

with confidence



bution

Challenges with Traditional Network Operations Tools

Traditional

network

management

tools are

inadequate for

modern virtual

networks like

NSX

5

Silo’ed, Complex Tools & People Skill Set Gap

New, Dynamic Environment

Operational visibility, control, and compliance

are challenging

Limited Visibility



bution

VMware Cloud Services1Intelligent Operations for SDDC

Cost Insight

Discovery

WavefrontNetwork Insight

vRealize Automation

vRealize Operations

vRealize Business for Cloud

vRealize Log Insight

vRealize Network Insight

Management

Packs

Deploy On-premises Delivered as a Service

ON PREMISES DATA

CENTER and CLOUD

VMware Cloud Management StrategyChoice of Delivery

1 – Includes other products or services not listed here

Multi-Cloud Management Platform

Secure Networking

AppDefense

Cloud Operations Services: Management, Governance and Security



bution

VMware Delivers: Intelligent Operations for Software-Defined Datacenter

7

1 vRealize Suite components2 Included with vRealize Suite and ships with NSX

vRealize Operations1

Compute Storage

Hybrid Cloud

Network

& Security

vRealize

Network

Insight

vRealize Log Insight2

Physical/ Virtual/ Cloud Environment

Application

vRealize Business for Cloud1

vRealize Network Insight Delivers Intelligent Operations for Software-Defined Networking and Security across

virtual, physical and multi-cloud environments



bution

Introducing vRealize Network Insight

8

Distributed, Scale Out

Software SolutionEasy to Try, Deploy and Use Vendor Agnostic and

Agentless

Best for SDDC Networking &

Security

Solution for Virtual Infra,

Network and Security ITBuilt For Multi-Cloud

Enterprise-grade efficient software

solution that enables “scale as you

grow”

Assessment provides quick actionable

insights, powerful search-based UI and

topology visualizations

Integrated with devices from leading

networking and security vendors. No end

point agents means no management

overhead

Deep integration with VMware NSX

Manager, VMware vCenter and other

SDDC components

Comprehensive networking and security

visibility and troubleshooting

capabilities across virtual and physical

infra

Integrated security planning, visibility

and troubleshooting experience across

SDDC and public clouds



bution

Customer Momentum and Industry Recognition

PANW Ignite Conference 2016 Panel Session:

CA-DWR, USAA & Columbia Sports

Case Study - NSX, PANW & vRNI

Case Study: CA Dept. of Water Rolls Out

Secure Cloud Using vRNI

9

“Arkin (vRNI) real-time flow analytics makes it

extremely easy to implement micro-

segmentation security. The visibility and

troubleshooting capabilities that Arkin (vRNI)

provides to our networking and operations

teams enables us to more quickly and

confidently scale our NSX deployment.”

Brian Lancaster, Executive Director of

Information Management

“I cannot say enough good things about #vRNI if

you want visibility into your #NSX overlay/firewall

and physical network. @vmwarensx”

Daniel Hertzberg, Enterprise Engineer

“I love the visibility into configuration/env changes

that vRNI provides me. So glad to finally get this

product into production.”

Justin Bias, Cloud Technologies Specialist

Proven Solution for Fortune 500 / Global 2000 Customers Across Verticals!

Government

Financials

Healthcare Retail

Education

Pharma

Airlines

Security

Manufacturing

Technology

“Unbelievable! This makes implementing firewall segments easier.”

Gartner Cool

Vendor for

Enterprise

Networking

April 2016

Cyber Defense

Magazine – Most

Innovative

Enterprise Security

Solution

February 2016

Winner Best of

VMworld Finalist Award

(Networking and

Virtualization)

August 2016

“Most community colleges are challenged to provide

stronger information security on a limited budget and

with a small IT team. The combination of VMware NSX

and vRealize Network Insight works very well for us. It

makes our environment more secure, and it’s saving

us time every week. I look forward to the new NSX

Edge Health Dashboard and third-party device

integrations in vRealize Network Insight 3.5 to help

drastically reduce the amount of effort and time

required to plan, deploy and scale SDDC networking

and security infrastructure.”Brandon Lovelace, Santa Barbara City College



bution

10

vRealize Network InsightIntelligent Operations for Network and Security Across Virtual, Physical and Multiple Clouds

Micro segmentation Planning,

Deployment and Compliance

• Plan and measure security impact

with micro segmentation

• Accelerate micro-segmentation

deployment with firewall rules

recommendations.

• Continuously monitor and audit

compliance postures over time.

360 Network Visibility and Troubleshooting

• Quickly troubleshoot connectivity issues

between VMs through powerful path

visualization

• Unify troubleshooting experience across the

virtual and physical infrastructure

• Rapidly identify issues through efficient event

and alert management

Manage and Scale NSX Deployments

• Scale across multiple NSX Managers

with powerful visualizations for

topology and health

• Avoid configuration issues through an

in-product best practices checklist

• Pinpoint and triage issues for quick

resolution with intuitive UI and search

Secure Public Cloud Infrastructure

• Extend micro-segmentation planning to

AWS security groups

• Analyze traffic flows in AWS and get visibility

into AWS Virtual Private Cloud (VPC)

• Troubleshoot firewall issues between VMs in

AWS

Across Virtual, Physical and Cloud



bution

11

Journey To SDDC Security with NSX & vRealize Network Insight

AssessGet Traffic Profile

Get Micro-segmentation recommendations

Understand NSX ROI

DeployMap App Connectivity

Model Security Groups and DFW Rules

Ensure Best Practices

Manage VXLAN/Virtual Networks

ManageEnable overlay-underlay virtual to physical visibility

Operationalize NSX

Rapidly troubleshoot

Ensure Audit and Compliance

Ensure security across private and public clouds

Quick time to value with

most customers getting

benefits within 1-2 week

deployment period!



bution

12

NSX Assessment Tool

• Analyze Customer Data Center Traffic (East-West, V-to-V, V-to-P, ..)

• Generate Risk Assessment and NSX Benefits Report

• Use “True” Traffic % from Customer Environment in NSX ROI Calculator

• Demo Speed and Ease of Micro-Segmentation Sample of SG and FW Rules

– Virtual Appliance Model

– Installs in Minutes, Get Results in Hours

– Requires Connection to vCenters and Hosts Only

– Analyzes IPFIX Data Continuously to Generate Traffic Profile and Reports for a 1-3 day period



bution

VMware

NSX Edge

VMware

NSX

Manager

Various

Network Vendor

Switches /

Routers

Cisco UCS /

Rackmount

VMware

vCenter

VMware

NSX

Controller

VMware

vSphere

(ESX)

HTTP: 443

SSH: 22

SNMP: 161SSH: 22SSH: 22

HTTPS: 443SSH: 22

SNMP: 161HTTPS: 443

Read-Only Credentials

IPFix: 2055

Data Sources

Network Insight Proxy VM (Collector)

Network Insight Platform VM

HTTPS: 443

UI Access

HTTPS: 443

Additional ports access

needed for appliance

debugging:

Port 22 (SSH)

Port 5480 (HTTP)

HTTP: 443Amazon

Web

Services

vRealize Network Insight ArchitectureVMware Cloud

(Upgrade,

Registration and

Support Server)

HTTP: 443

NSX IPFIX records are generated via NSX DFW

and sent from each ESXi host



bution

VMware

NSX Edge

VMware

NSX

Manager

Various

Network Vendor

Switches /

Routers

Cisco UCS /

Rackmount

VMware

vCenter

VMware

NSX

Controller

VMware

vSphere

(ESX)

HTTP: 443

SSH: 22

SNMP: 161SSH: 22SSH: 22

HTTPS: 443SSH: 22

SNMP: 161HTTPS: 443

Read-Only

IPFix: 2055

On-Premises

Data Sources

Proxy VM (Collector)

UI AccessHTTPS: 443

HTTP: 443

Amazon

Web

Services

Network Insight Service Architecture

VMware Cloud ServicesNetwork Insight

HTTP: 443Read-Only

Upgrade, Registration and

Support Services

NSX IPFIX records are generated via NSX DFW

and sent from each ESXi host



bution

Micro-segmentation Planning, Deployment and Compliance

15



bution

Application Traffic Analysis

16

• Understand need for micro-segmentation in your SDDC:

• East-West traffic shows portion of traffic unprotected by perimeter firewalls

• Understand opportunities for optimization:

• Proportion of Switched vs Routed traffic

• Proportion of VM to VM, Routed within host traffic

• Detailed flow information for on premises and AWS entities to understand traffic distribution

• Define and plan micro-segmentation for applications



bution

360° Network Visibility & Troubleshooting

17



bution

Data Paths Across Overlay And Underlay

18

NSX Firewall

PANW Virtual

FW

PANW Physical

Firewall

Physical Network

Switch, Router

VXLAN

VLAN

Converged

Infrastructure

(Ex: UCS)

Connectivity Graphs

• VM to VM, VM to Physical, VM to Internet

• Hop-by-Hop Path across Overlay (LDRs, Edge Gateways) and Underlay (Physical VDCs & VRFs). See V-To-P Boundary

• Correlated Problems And Performance Metrics Across Virtual and Physical

• See Effective Firewall Rules and Security Policies across NSX and PANW in Service-Chained Environment

• Support for NAT instance hops



bution

Manage and Scale NSX

19



bution

NSX Infrastructure Monitoring and Troubleshooting

20

NSX Manager Dashboards With Powerful Visualizations

• View NSX Manager Topology including NSX services and vCenteras well as underlay connections

• Topology view flags elements with issues, single click to view issues for any element in the topology

• Comprehensive information on alerts color coded by severity and includes recommendations for fix

• Archive important events

Indicates

Issues

Color

coded by

severity



bution

Secure Public Cloud Infrastructure

21



bution

AWS Visibility and Security

Add AWS

credentials

• AWS CloudWatch Flow Logs

• Support for VPC, firewall rules, security groups, VMs, flows, tags

• Entities searchable via standard searches

• Troubleshoot network flows and configuration issues

Leverage powerful

search capabilities

Analyze flows for

AWS VPCs and

Security Groups

Analyze flows for

AWS VPCs and

Security Groups



bution

AWS Visibility and Troubleshooting

• Support for VPC, firewall rules, security groups, VMs, flows, tags

• Comprehensive information for AWS VPC, Security Groups, VM Instances

• Troubleshoot connectivity between AWS instances using powerful search queries

• User defined events also work with AWS objects and tags

Comprehensive

information for AWS

elements



bution

Flow Visibility For On-Premises, AWS and Hybrid Apps

• Model application tiers across on-premises, AWS, or both.

• Visualize flows between app tiers that span across SDDC and AWS

• Use data to confirm/estimate AWS costs and/or streamline infrastructure

Build applications

using AWS VMs



bution

vRealize Network Insight 2017 Releases

March 2nd June 6th Sep 5th

vRealize Network Insight 3.5



Manage & Scale NSX NSX IPFIX integration: See flows

blocked by NSX firewall NSX Edge Health dashboard:

Enhanced visibility with Layer 3 topology view

PCI Compliance dashboard: Assess PCI compliance for NSX-V

Troubleshoot across virtual and physical infrastructure Support for Checkpoint firewall,

Brocade MLX, HP ONEView ECMP support for VM to VM path

Enterprise-grade platform Migrate data sources between proxies Enforce platform resource usage limits Support for multiple licenses

Manage & Scale NSX NSX 6.3 support Expanded support for NSX firewalls –

negation, direction, etc Support for 11 new NSX events

Troubleshoot across virtual and physical infra NAT visibility for VM to VM paths Support for user-defined “North-South”

IP addresses Support for Panorama 7.0-7.1

Enterprise-grade platform Expanded support for user-defined

events Detailed event descriptions, severity

and recommendations

Secure Public Clouds Micro-segmentation planning by AWS

VPC, Security Groups Visibility and troubleshooting for AWS

VPC, EC2, Security Groups Application modeling for hybrid and

AWS-based apps

Troubleshoot across virtual and physical infrastructure Layer 2 underlay visibility for VM to

VM paths Enhanced traffic and security analytics

with support for physical servers Support for vCenter tags, day 2 NSX

event reporting

Enterprise-grade platform Extended and configurable data

retention periods Export events as syslog messages for

integration with vRealize Log Insight Customization of alerts by object and

alert types



bution

Learn More

#NET2375BU CONFIDENTIAL 26

Try the Hands-on Lab. Nothing to download!

Visit the website for resources and

purchasing information.

https://www.vmware.com/products/vrealize-network-insight.html

http://Labs.hol.vmware.com

Website:

Hands-on Lab:



bution

https://www.vmware.com/products/vrealize-network-insight.html

http://labs.hol.vmware.com/

Popular vRealize Operations Sessions at VMWorld 2017

27

Monday, Aug 28 _________________________________________________________________________

• NET2375BU: Intelligent Operations for SDDC Network and Security with vRealize Network Insight 1:00 p.m. - 2:00 p.m.

Tuesday, Aug 29 _________________________________________________________________________

• NET2598PU: Customer Panel – NSX Micro-segmentation and vRealize Network Insight 1:00 a.m. – 2:00 p.m.

• NET2810BU: Feel the vRNI: Overcoming operational challenges with NSX and Underlay Networking 2:30 p.m. - 3:30 p.m.

• SAI2806PU: Operationalizing micro-segmentation customer panel 5:00 p.m. – 6:00 p.m.

• VIRT1397BU: Optimize and increase performance of business critical architectures using VMware NSX and vRealize Network Insight 5:30p.m.

Wednesday, Aug 30_______________________________________________________________________

• MGT1908PU: Panel: Day 2 operations using vRealize Network Insight 4:00 p.m. – 5:00 p.m.

• SAI2803BU: The road to micro-segmentation with VMware NSX 3:30 p.m. - 4:30 p.m.

Thursday, Aug 31 _________________________________________________________________________

• NET1069GE: A new tool in Network Admin’s Toolbox: VMware vRealize Network Insight 10:30 a.m. – 11.30 a.m.

• VIRT2550BU: Reducing latency in enterprise applications with VMWare NSX – 1:30 p.m.



bution



bution



bution

Documents

NET2375BU Intelligent Operations for SDDC … Operations for ... VMWare NSX Virtualize your SDDC Network and Security ... troubleshooting capabilities that Arkin (vRNI)